From 4295461830d8b0922bd33799901bc845b10ae001 Mon Sep 17 00:00:00 2001
From: Rob Winch <rwinch@users.noreply.github.com>
Date: Mon, 30 Oct 2017 00:45:26 -0500
Subject: [PATCH] ServerHttpSecurity extracts WebFilter from OrderedWebFilter

Fixes gh-4736
---
 .../security/config/web/server/ServerHttpSecurity.java   | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
index 00b165d33c..a13b9975a0 100644
--- a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
@@ -249,7 +249,14 @@ public class ServerHttpSecurity {
 			this.authorizeExchangeBuilder.configure(this);
 		}
 		AnnotationAwareOrderComparator.sort(this.webFilters);
-		return new MatcherSecurityWebFilterChain(getSecurityMatcher(), this.webFilters);
+		List<WebFilter> sortedWebFilters = new ArrayList<>();
+		this.webFilters.forEach( f -> {
+			if(f instanceof OrderedWebFilter) {
+				f = ((OrderedWebFilter)f).webFilter;
+			}
+			sortedWebFilters.add(f);
+		});
+		return new MatcherSecurityWebFilterChain(getSecurityMatcher(), sortedWebFilters);
 	}
 
 	private String buildToString() {