Minor changes to make filter chain validation more robust with custom request matchers.

config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java

@@ -119,9 +119,17 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
         }
 
         String loginPage = ((LoginUrlAuthenticationEntryPoint)etf.getAuthenticationEntryPoint()).getLoginFormUrl();
-        FilterInvocation loginRequest = new FilterInvocation(loginPage, "POST");
-        List<Filter> filters = fcp.getFilters(loginPage);
         logger.info("Checking whether login URL '" + loginPage + "' is accessible with your configuration");
+        FilterInvocation loginRequest = new FilterInvocation(loginPage, "POST");
+        List<Filter> filters = null;
+
+        try {
+            filters = fcp.getFilters(loginPage);
+        } catch (Exception e) {
+            // May happen legitimately if a filter-chain request matcher requires more request data than that provided
+            // by the dummy request used when creating the filter invocation.
+            logger.info("Failed to obtain filter chain information for the login page. Unable to complete check.");
+        }
 
         if (filters == null || filters.isEmpty()) {
             logger.debug("Filter chain is empty for the login page");

web/src/main/java/org/springframework/security/web/DefaultSecurityFilterChain.java

@@ -1,5 +1,7 @@
 package org.springframework.security.web;
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 import org.springframework.security.web.util.RequestMatcher;
 
 import javax.servlet.Filter;
@@ -14,6 +16,7 @@ import java.util.*;
  * @since 3.1
  */
 public final class DefaultSecurityFilterChain implements SecurityFilterChain {
+    private static final Log logger = LogFactory.getLog(DefaultSecurityFilterChain.class);
     private final RequestMatcher requestMatcher;
     private final List<Filter> filters;
 
@@ -22,6 +25,7 @@ public final class DefaultSecurityFilterChain implements SecurityFilterChain {
     }
 
     public DefaultSecurityFilterChain(RequestMatcher requestMatcher, List<Filter> filters) {
+        logger.info("Creating filter chain: " + requestMatcher + ", " + filters);
         this.requestMatcher = requestMatcher;
         this.filters = new ArrayList<Filter>(filters);
     }

web/src/main/java/org/springframework/security/web/FilterChainProxy.java

@@ -20,7 +20,6 @@ import org.apache.commons.logging.LogFactory;
 import org.springframework.security.web.firewall.DefaultHttpFirewall;
 import org.springframework.security.web.firewall.FirewalledRequest;
 import org.springframework.security.web.firewall.HttpFirewall;
-import org.springframework.security.web.util.AnyRequestMatcher;
 import org.springframework.security.web.util.RequestMatcher;
 import org.springframework.security.web.util.UrlUtils;
 import org.springframework.web.filter.DelegatingFilterProxy;

web/src/main/java/org/springframework/security/web/FilterInvocation.java

@@ -92,6 +92,7 @@ public class FilterInvocation {
         }
         request.setContextPath(contextPath);
         request.setServletPath(servletPath);
+        request.setRequestURI(contextPath + servletPath + (pathInfo == null ? "" : pathInfo));
         request.setPathInfo(pathInfo);
         request.setQueryString(query);
         request.setMethod(method);