spring security3替换默认过滤器，报错，求助?报错

public class AuthorizationSecurityInterceptor extends AbstractSecurityInterceptor implements Filter

<beans:bean id="securityInterceptor" class="com.demo.subsystem.authentication.service.impl.AuthorizationSecurityInterceptor">
<beans:property name="accessDecisionManager" ref="authorizationAccessDecisionManager" />
<beans:property name="authenticationManager" ref="authenticationManager" />
<beans:property name="securityMetadataSource" ref="authorizationSecurityMetadataSource" />
</beans:bean>

<http use-expressions="true" access-denied-page="/denied" entry-point-ref="authenticationProcessingFilterEntryPoint">
<logout invalidate-session="true" logout-success-url="/login" logout-url="/logout" delete-cookies="JSESSIONID"/>
<custom-filter ref="loginAuthenticationFilter" before="FORM_LOGIN_FILTER"/>
<custom-filter ref="securityInterceptor" position="FILTER_SECURITY_INTERCEPTOR" />
 
<session-management invalid-session-url="/timeout">
<concurrency-control session-registry-ref="sessionRegistry" max-sessions="1" error-if-maximum-exceeded="false" expired-url="/timeout"/>
</session-management>
</http>

我要替换FILTER_SECURITY_INTERCEPTOR拦截器

启动时报错Configuration problem: Filter beans '<authorizationSecurityInterceptor>' and '<org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0>' have the same 'order' value. When using custom filters, please make sure the positions do not conflict with default filters. Alternatively you can disable the default filters by removing the corresponding child elements from <http> and avoiding the use of <http auto-config='true'>.