Ensure that CharacterEncodingFilter is ordered first

This commit makes sure that `CharacterEncodingFilter` is ordered with
the `Ordered.HIGHEST_PRECEDENCE` and that other filters, potentially
reading the request body, are ordered after.

In this particular case, both `WebMvcMetricsFilter` and
`ErrorPageFilter` are now ordered at `Ordered.HIGHEST_PRECEDENCE + 1` to
avoid cases where the request body is read before the encoding
configuration is taken into account.

Closes gh-11607

spring-boot-project/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/metrics/web/servlet/WebMvcMetricsFilter.java

@@ -43,7 +43,7 @@ import org.springframework.web.util.NestedServletException;
  * @author Jon Schneider
  * @since 2.0.0
  */
-@Order(Ordered.HIGHEST_PRECEDENCE)
+@Order(Ordered.HIGHEST_PRECEDENCE + 1)
 public class WebMvcMetricsFilter extends OncePerRequestFilter {
 
 	private static final Logger logger = LoggerFactory

spring-boot-project/spring-boot-docs/src/main/asciidoc/howto.adoc

@@ -613,6 +613,11 @@ If no `dispatcherType` is specified on a filter registration, `REQUEST` is used.
 aligns with the Servlet Specification's default dispatcher type.
 ====
 
+Like any other Spring bean, you can define the order of Servlet filter beans; please
+make sure to check the
+"`<<spring-boot-features.adoc#boot-features-embedded-container-servlets-filters-listeners-beans>>`"
+section.
+
 
 [[howto-disable-registration-of-a-servlet-or-filter]]
 ===== Disable Registration of a Servlet or Filter

spring-boot-project/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc

@@ -2755,6 +2755,37 @@ If convention-based mapping is not flexible enough, you can use the
 `ServletRegistrationBean`, `FilterRegistrationBean`, and
 `ServletListenerRegistrationBean` classes for complete control.
 
+Spring Boot ships with many auto-configurations that can define Servlet filter beans.
+Depending on the outcome of these auto-configuration conditions, Spring Boot
+can configure predefined Servlet filters in in your application.
+
+Here are a few examples of Servlet filters and their respective order (lower order
+value means higher precedence):
+
+|===
+| Servlet Filter | Order
+
+|`OrderedCharacterEncodingFilter`
+|`Ordered.HIGHEST_PRECEDENCE`
+
+|`WebMvcMetricsFilter`
+|`Ordered.HIGHEST_PRECEDENCE + 1`
+
+|`ErrorPageFilter`
+|`Ordered.HIGHEST_PRECEDENCE + 1`
+
+|`WebRequestTraceFilter`
+|`Ordered.LOWEST_PRECEDENCE - 10`
+|===
+
+It is usually safe to leave filter beans unordered.
+
+If a specific order is required, you should avoid
+configuring a Servlet filter that reads the request body at
+`Ordered.HIGHEST_PRECEDENCE`, since it might go against the character encoding
+configuration of your application. Servlet filters should be configured
+at less or equal than `FilterRegistrationBean.REQUEST_WRAPPER_FILTER_MAX_ORDER`
+if they wrap the servlet request.
 
 
 [[boot-features-embedded-container-context-initializer]]

spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/servlet/support/ErrorPageFilter.java

@@ -55,7 +55,7 @@ import org.springframework.web.util.NestedServletException;
  * @author Andy Wilkinson
  * @since 2.0.0
  */
-@Order(Ordered.HIGHEST_PRECEDENCE)
+@Order(Ordered.HIGHEST_PRECEDENCE + 1)
 public class ErrorPageFilter implements Filter, ErrorPageRegistry {
 
 	private static final Log logger = LogFactory.getLog(ErrorPageFilter.class);