2e48b5a81d26c7a4d62c21247d98ce2dd66d3cbe,extensions/spring/stormpath-spring-security-webmvc/src/main/java/com/stormpath/spring/config/StormpathWebSecurityConfigurer.java,StormpathWebSecurityConfigurer,init,#HttpSecurity#,267

Before Change


            http.addFilterBefore(contentNegotiationSpringSecurityAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);

            //Fix for redirection loop when Cookie is present but WebApp is restarted and '/' is locked down to authenticated users (Bare Bones example)
            http.addFilterBefore(stormpathSecurityContextPersistenceFilter, UsernamePasswordAuthenticationFilter.class);
        }

        if (corsEnabled) {

After Change


     *             if an error occurs
     */
    @Override
    public void init(HttpSecurity http) throws Exception {

        // autowire this bean
        ApplicationContext context = http.getSharedObject(ApplicationContext.class);
        context.getAutowireCapableBeanFactory().autowireBean(this);
        http.servletApi().rolePrefix(""); //Fix for https://github.com/stormpath/stormpath-sdk-java/issues/325

        if (loginEnabled) {

            http.addFilterBefore(stormpathWrapperFilter, SecurityContextPersistenceFilter.class);

            // We need to add the springSecurityResolvedAccountFilter whenever we have our login enabled in order to
            // fix https://github.com/stormpath/stormpath-sdk-java/issues/450
            http.addFilterBefore(springSecurityResolvedAccountFilter, LogoutFilter.class);

            //Fix for redirection loop when Cookie is present but WebApp is restarted and '/' is locked down to authenticated users (Bare Bones example)
            http.addFilterBefore(stormpathSecurityContextPersistenceFilter, UsernamePasswordAuthenticationFilter.class);

            http.addFilterBefore(socialCallbackSpringSecurityProcessingFilter, UsernamePasswordAuthenticationFilter.class);