Applied some missing beans to config-security-openidconnect.xml (#9040)

The changes were applied to config-security-openidconnectbearer.xml in the following PR. But seems to have missed applying the changes in config-security-openidconnect.xml
#8875
#8761

Co-authored-by: Ian Allen <ianwallen@hotmail.com>

Author: geonetworkbuild

web/src/main/webapp/WEB-INF/config-security/config-security-openidconnect.xml

@@ -1,5 +1,5 @@
 <!--
-  ~ Copyright (C) 2022 Food and Agriculture Organization of the
+  ~ Copyright (C) 2025 Food and Agriculture Organization of the
   ~ United Nations (FAO-UN), United Nations World Food Programme (WFP)
   ~ and United Nations Environment Programme (UNEP)
   ~
@@ -65,7 +65,7 @@
 
   <bean id="openidconnectOAuth2AuthorizationRequestRedirectFilter" class="org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter">
     <constructor-arg ref ="openidconnectAuthorizationRequestResolver" />
-   </bean>
+  </bean>
 
 
   <bean id ="openidconnectInMemoryOAuth2AuthorizedClientService" class="org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService">
@@ -118,18 +118,6 @@
     <constructor-arg ref="openidconnectLogoutSuccessHandlerBase"/>
   </bean>
 
-  <bean id="oidcSessionRegistry" class="org.fao.geonet.kernel.security.openidconnect.oidclogout.InMemoryOidcSessionRegistry"/>
-  <bean id="sessionAuthenticationStrategy"
-        class="org.fao.geonet.kernel.security.openidconnect.oidclogout.OidcSessionRegistryAuthenticationStrategy"/>
-
-  <bean id="sessionMgmtFilter"
-        class="org.springframework.security.web.session.SessionManagementFilter">
-    <constructor-arg ref="securityContextRepository"/>
-    <constructor-arg ref="sessionAuthenticationStrategy"/>
-  </bean>
-  <bean id="backchannellogoutFilter"
-        class="org.fao.geonet.kernel.security.openidconnect.oidclogout.OidcBackchannelLogoutFilter"/>
-
   <bean id="logoutFilter"
         class="org.springframework.security.web.authentication.logout.LogoutFilter">
     <constructor-arg ref="openidconnectLogoutSuccessHandler"/>
@@ -152,28 +140,74 @@
     <property name="filterProcessesUrl" value="/signout"/>
   </bean>
 
+  <bean id="sessionExpirationFilter" class="org.fao.geonet.kernel.security.openidconnect.SessionExpirationFilter"/>
+
+  <bean id="geonetworkOidcPreAuthActionsLoginFilter" class="org.fao.geonet.kernel.security.openidconnect.GeonetworkOidcPreAuthActionsLoginFilter"/>
+
+  <bean id="oAuth2Configuration" class="org.fao.geonet.kernel.security.openidconnect.OAuth2Configuration"/>
 
   <bean id="filterChainFilters" class="java.util.ArrayList">
-    <constructor-arg>
-      <list>
-        <ref bean="securityContextPersistenceFilter"/>
-        <!-- To disable csrf security (not recommended) comment the following line -->
-        <ref bean="csrfFilter" />
-        <!-- To disable csrf security (not recommended) comment the upper line -->
-
-        <ref bean="openidconnectOAuth2AuthorizationRequestRedirectFilter"/>
-        <ref bean="openidconnectOAuth2LoginAuthenticationFilter"/>
-        <ref bean="backchannellogoutFilter"/>
-        <ref bean="logoutFilter"/>
-
-
-        <ref bean="requestCacheFilter"/>
-        <ref bean="anonymousFilter"/>
-        <ref bean="sessionMgmtFilter"/>
-        <ref bean="exceptionTranslationFilter"/>
-        <ref bean="filterSecurityInterceptor"/>
-      </list>
+    <constructor-arg
+      ref="#{ openidconnectConfiguration.loginType == 'autologin' ? 'openidConnectFilterChanFiltersInclusive' : 'openidConnectFilterChanFiltersExclusive' }">
+
     </constructor-arg>
   </bean>
 
+  <bean id="oidcSessionRegistry" class="org.fao.geonet.kernel.security.openidconnect.oidclogout.InMemoryOidcSessionRegistry"/>
+  <bean id="sessionAuthenticationStrategy"
+        class="org.fao.geonet.kernel.security.openidconnect.oidclogout.OidcSessionRegistryAuthenticationStrategy"/>
+
+  <bean id="sessionMgmtFilter"
+        class="org.springframework.security.web.session.SessionManagementFilter">
+    <constructor-arg ref="securityContextRepository"/>
+    <constructor-arg ref="sessionAuthenticationStrategy"/>
+  </bean>
+
+  <bean id="backchannellogoutFilter"
+        class="org.fao.geonet.kernel.security.openidconnect.oidclogout.OidcBackchannelLogoutFilter">
+    <constructor-arg ref="csrfFilter" />
+    <constructor-arg ref="geonetworkCsrfSecurityRequestMatcher" />
+  </bean>
+
+  <util:list id="openidConnectFilterChanFiltersExclusive">
+
+    <ref bean="securityContextPersistenceFilter"/>
+    <!-- To disable csrf security (not recommended) comment the following line -->
+    <ref bean="csrfFilter" />
+    <!-- To disable csrf security (not recommended) comment the upper line -->
+
+    <ref bean="openidconnectOAuth2AuthorizationRequestRedirectFilter"/>
+    <ref bean="openidconnectOAuth2LoginAuthenticationFilter"/>
+    <ref bean="backchannellogoutFilter"/>
+    <ref bean="logoutFilter"/>
+
+
+    <ref bean="requestCacheFilter"/>
+    <ref bean="anonymousFilter"/>
+    <ref bean="sessionMgmtFilter"/>
+    <ref bean="exceptionTranslationFilter"/>
+    <ref bean="filterSecurityInterceptor"/>
+
+  </util:list>
+
+  <util:list id="openidConnectFilterChanFiltersInclusive">
+
+    <ref bean="securityContextPersistenceFilter"/>
+    <ref bean="csrfFilter" />
+
+    <ref bean="openidconnectOAuth2AuthorizationRequestRedirectFilter"/>
+    <ref bean="openidconnectOAuth2LoginAuthenticationFilter"/>
+    <ref bean="backchannellogoutFilter"/>
+    <ref bean="logoutFilter"/>
+    <ref bean="sessionExpirationFilter"/>
+    <!--     include a pre login filter-->
+    <ref bean="geonetworkOidcPreAuthActionsLoginFilter"/>
+
+    <ref bean="requestCacheFilter"/>
+    <ref bean="anonymousFilter"/>
+    <ref bean="sessionMgmtFilter"/>
+    <ref bean="exceptionTranslationFilter"/>
+    <ref bean="filterSecurityInterceptor"/>
+
+  </util:list>
 </beans>