@EnableMethodSecurity, and more specifically MethodSecurityAdvisorRegistrar registers each Spring Security method interceptor separately as an advisor. Currently, though, it duplicates the bean definition of each one, causing two instances of each AuthorizationAdvisor in the application context.
This causes some unexpected behavior for beans that would like to depend on the list of AuthorizationAdvisor instances, for example in the case of AuthorizationProxyConfiguration.
@EnableMethodSecurity, and more specificallyMethodSecurityAdvisorRegistrarregisters each Spring Security method interceptor separately as an advisor. Currently, though, it duplicates the bean definition of each one, causing two instances of eachAuthorizationAdvisorin the application context.This causes some unexpected behavior for beans that would like to depend on the list of
AuthorizationAdvisorinstances, for example in the case ofAuthorizationProxyConfiguration.