Thanks to @AndyWilkinson comment, I understood the reason for the error. There were 2 errors:

1. In my external security library, the Spring config structure was as follows:

   
   @AutoConfiguration
   @Import({BasicAndFormAuthConfig.class, OAuth2Config.class})
   public class SecuritySupportAutoConfiguration{}
   

   @Order(1)
   @Configuration
   public class BasicAndFormAuthConfig {}
   

   @Order(2)
   @Configuration
   public class OAuth2Config {}
   

   With the help of this issue. I realized that using @Order for @Configuration classes is incorrect, you need to use @AutoConfigureOrder. And also that you need to specify @AutoConfigureOrder for the main configuration class with @AutoConfiguration in the external library. To create a custom configuration instead of the default one.

   Corrected code:

   @AutoConfigureOrder(Ordered.HIGHEST_PRECEDENCE)
   @AutoConfiguration
   @Import({BasicAndFormAuthConfig.class, OAuth2Config.class})
   public class SecuritySupportAutoConfiguration{}
   

   @Configuration
   public class BasicAndFormAuthConfig {}
   

   @Configuration
   public class OAuth2Config {}
   

   2. Starting with Spring Boot 3.4, a check for duplicate .anyRequest() in different SecurityFilterChain was introduced https://github.com/spring-projects/spring-security/issues/15220

   In my case it was necessary to explicitly specify in one SecurityFilterChain add .securityMatcher("/**")