Move OAuth2ClientContextFilter back before the main security filter

It sometimes has to catch an exception from the security filter so
it needs to be before, and somehow this hasn't been a problem up to
now, but probably only by some fluke.

Fixes gh-5792

Author: Dave Syer

spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2RestOperationsConfiguration.java

@@ -26,6 +26,7 @@
 import org.springframework.boot.autoconfigure.condition.ConditionalOnNotWebApplication;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
 import org.springframework.boot.autoconfigure.condition.SpringBootCondition;
+import org.springframework.boot.autoconfigure.security.SecurityProperties;
 import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2RestOperationsConfiguration.OAuth2ClientIdCondition;
 import org.springframework.boot.bind.RelaxedPropertyResolver;
 import org.springframework.boot.context.embedded.FilterRegistrationBean;
@@ -116,10 +117,10 @@ protected static class SessionScopedConfiguration extends BaseConfiguration {
 
 		@Bean
 		public FilterRegistrationBean oauth2ClientFilterRegistration(
-				OAuth2ClientContextFilter filter) {
+				OAuth2ClientContextFilter filter, SecurityProperties security) {
 			FilterRegistrationBean registration = new FilterRegistrationBean();
 			registration.setFilter(filter);
-			registration.setOrder(-100);
+			registration.setOrder(security.getFilterOrder() - 10);
 			return registration;
 		}