Describe the bug org.springframework.security.web.FilterChainProxy.getFilters(String) throws NPE in Spring Security 6.5.6. It used to work in Spring Security 5.8.12.

java.lang.NullPointerException
    at java.base/java.util.concurrent.ConcurrentHashMap.computeIfAbsent(ConcurrentHashMap.java:1693)
    at org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry$DeferredRequestMatcher.lambda$new$0(AbstractRequestMatcherRegistry.java:420)
    at org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry$DeferredRequestMatcher.matches(AbstractRequestMatcherRegistry.java:430)
    at org.springframework.security.web.DefaultSecurityFilterChain.matches(DefaultSecurityFilterChain.java:89)
    at org.springframework.security.web.FilterChainProxy.getFilters(FilterChainProxy.java:248)
    at org.springframework.security.web.FilterChainProxy.getFilters(FilterChainProxy.java:261)
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$CompositeFilterChainProxy.getFilters(WebSecurityConfiguration.java:324)
    at org.springframework.security.config.annotation.web.configuration.WebMvcSecurityConfiguration$CompositeFilterChainProxy.getFilters(WebMvcSecurityConfiguration.java:245)

To Reproduce Execute the method above with some argument like `/'

Expected behavior List of filters available should be loaded instead of NPE.

Sample

@Controller
public class MainController {

    @Autowired
    private FilterChainProxy filterChainProxy;
    @GetMapping("/")
    public void mainPage() {
        List<Filter> filters = filterChainProxy.getFilters("/"); // NPE here
    }

Same issue is easily reproduced in a @SpringBootTest.

Comment From: ngocnhan-tran1996

I'm using Spring Boot 3.5.7 and Spring Security 6.5.6, it doesn't throw NPE. May I miss something?

Image

spring-security-gh-18157.zip