Restore High precedence for auto-configured client filter-chains

README.MD

@@ -1,6 +1,6 @@
 7.0.0 is a break through in usability: all 6 `spring-addons` Boot starters are merged into a single one: [`com.c4-soft.springaddons:spring-addons-starter-oidc`](https://repo1.maven.org/maven2/com/c4-soft/springaddons/spring-addons-starter-oidc/), and so are 4 of the test libs: [`com.c4-soft.springaddons:spring-addons-starter-oidc-test`](https://repo1.maven.org/maven2/com/c4-soft/springaddons/spring-addons-starter-oidc-test/). To use the test annotations without the starter, the dependency id unchanged: [`com.c4-soft.springaddons:spring-addons-oauth2-test`](https://repo1.maven.org/maven2/com/c4-soft/springaddons/spring-addons-oauth2-test/).
 
-Please follow the [migration guide](https://github.com/ch4mpy/spring-addons/blob/master/7.0.0-migration-guide.md) to move from `6.x` to `7.0.2`. There is no urge to do so on existing projects as 6.2.x patches should be published untill the end of 2023.
+Please follow the [migration guide](https://github.com/ch4mpy/spring-addons/blob/master/7.0.0-migration-guide.md) to move from `6.x` to `7.0.3`. There is no urge to do so on existing projects as 6.2.x patches should be published untill the end of 2023.
 
 All samples and tutorials sources are migrated to latest starter and test annotations, but some READMEs might still need a refresh. Please make sure you refer to source code for up to date configuration.
 
@@ -395,7 +395,7 @@ In case your access-control uses more than just name and authorities, you'll pro
 I could forget to update README before releasing, so please refer to [maven central](https://repo1.maven.org/maven2/com/c4-soft/springaddons/spring-addons/) to pick latest available release
 ```xml
     <properties>
-        <springaddons.version>7.0.2</springaddons.version>
+        <springaddons.version>7.0.3</springaddons.version>
     </properties>
     <dependencies>
 
@@ -447,7 +447,7 @@ Using such libs is dead simple: just declare depedency on one of those libs and
 
 2.0 comes with a noticeable amount of breaking changes. So lets start tracking features.
 
-### 7.0.2
+### 7.0.3
 - Fix the condition to add a filter inserting CSRF protection cookie to responses
 
 ### 7.0.0

spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/SpringAddonsOidcClientProperties.java

@@ -12,10 +12,11 @@
 import lombok.Data;
 
 /**
- * Auto-configuration for an OAuth2 client (secured with session, not access token) Security(Web)FilterChain with @Order(LOWEST_PRECEDENCE - 1). Typical
- * use-cases are spring-cloud-gateway used as BFF and applications with Thymeleaf or another server-side rendering framework. Default configuration includes:
- * enabled sessions, CSRF protection, "oauth2Login", "logout". securityMatchers must be set for this filter-chain @Bean and its dependencies to be defined.
- * <b>Properties defined here are a complement for spring.security.oauth2.client.*</b> (which are required when enabling spring-addons client filter-chain).
+ * Auto-configuration for an OAuth2 client (secured with session, not access token) Security(Web)FilterChain with &#64;Order(Ordered.HIGHEST_PRECEDENCE + 1).
+ * Typical use-cases are spring-cloud-gateway used as BFF and applications with Thymeleaf or another server-side rendering framework. Default configuration
+ * includes: enabled sessions, CSRF protection, "oauth2Login", "logout". securityMatchers must be set for this filter-chain &#64;Bean and its dependencies to be
+ * defined. <b>Properties defined here are a complement for spring.security.oauth2.client.*</b> (which are required when enabling spring-addons client
+ * filter-chain).
  *
  * @author Jerome Wacongne ch4mp&#64;c4-soft.com
  */

spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/properties/SpringAddonsOidcProperties.java

@@ -40,11 +40,11 @@ public class SpringAddonsOidcProperties {
 	private OpenidProviderProperties[] ops = {};
 
 	/**
-	 * Auto-configuration for an OAuth2 client (secured with session, not access token) Security(Web)FilterChain with @Order(LOWEST_PRECEDENCE - 1). Typical
-	 * use-cases are spring-cloud-gateway used as BFF and applications with Thymeleaf or another server-side rendering framework. Default configuration
-	 * includes: enabled sessions, CSRF protection, "oauth2Login", "logout". securityMatchers must be set for this filter-chain @Bean and its dependencies
-	 * to be defined. <b>Properties defined here are a complement for spring.security.oauth2.client.*</b> (which are required when enabling spring-addons client
-	 * filter-chain).
+	 * Auto-configuration for an OAuth2 client (secured with session, not access token) Security(Web)FilterChain with &#64;Order(Ordered.HIGHEST_PRECEDENCE +
+	 * 1). Typical use-cases are spring-cloud-gateway used as BFF and applications with Thymeleaf or another server-side rendering framework. Default
+	 * configuration includes: enabled sessions, CSRF protection, "oauth2Login", "logout". securityMatchers must be set for this filter-chain &#64;Bean and its
+	 * dependencies to be defined. <b>Properties defined here are a complement for spring.security.oauth2.client.*</b> (which are required when enabling
+	 * spring-addons client filter-chain).
 	 */
 	@NestedConfigurationProperty
 	private SpringAddonsOidcClientProperties client = new SpringAddonsOidcClientProperties();

spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/reactive/client/ReactiveSpringAddonsOidcClientBeans.java

@@ -115,7 +115,7 @@ public class ReactiveSpringAddonsOidcClientBeans {
 	 * @return                              a security filter-chain scoped to specified security-matchers and adapted to OAuth2 clients
 	 * @throws Exception                    in case of miss-configuration
 	 */
-	@Order(Ordered.LOWEST_PRECEDENCE - 1)
+	@Order(Ordered.HIGHEST_PRECEDENCE + 1)
 	@Bean
 	SecurityWebFilterChain clientFilterChain(
 			ServerHttpSecurity http,

spring-addons-starter-oidc/src/main/java/com/c4_soft/springaddons/security/oidc/starter/synchronised/client/SpringAddonsOidcClientBeans.java

@@ -97,7 +97,7 @@ public class SpringAddonsOidcClientBeans {
 	 * @return                              a security filter-chain scoped to specified security-matchers and adapted to OAuth2 clients
 	 * @throws Exception                    in case of miss-configuration
 	 */
-	@Order(Ordered.LOWEST_PRECEDENCE - 1)
+	@Order(Ordered.HIGHEST_PRECEDENCE + 1)
 	@Bean
 	SecurityFilterChain springAddonsClientFilterChain(
 			HttpSecurity http,