Describe the bug I get info logs during application startup, that a couple of Beans are not eligible for getting processed by all BeanPostProcessors. I am using Spring Boot 2.2.6.RELEASE.
2020-04-17 12:42:56.720 INFO 9051 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.security.config.annotation.configuration.ObjectPostProcessorConfiguration' of type [org.springframework.security.config.annotation.configuration.ObjectPostProcessorConfiguration] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2020-04-17 12:42:56.726 INFO 9051 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'objectPostProcessor' of type [org.springframework.security.config.annotation.configuration.AutowireBeanFactoryObjectPostProcessor] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2020-04-17 12:42:56.729 INFO 9051 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler@55b8dbda' of type [org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2020-04-17 12:42:56.736 INFO 9051 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration' of type [org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2020-04-17 12:42:56.743 INFO 9051 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.security.config.annotation.method.configuration.Jsr250MetadataSourceConfiguration' of type [org.springframework.security.config.annotation.method.configuration.Jsr250MetadataSourceConfiguration] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2020-04-17 12:42:56.744 INFO 9051 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'jsr250MethodSecurityMetadataSource' of type [org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2020-04-17 12:42:56.746 INFO 9051 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'methodSecurityMetadataSource' of type [org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
Since this leads to proxying problems, some method level security annotations are being ignored, which leads to unsecured endpoints at runtime. However I think that seeing this logs messages at application start is already a bug, since there shouldn't be any problems with BeanPostProcessors, because nothing custom is defined.
To Reproduce
Use @EnableGloabeMethodSecurity and have spring-data-jpa in the project. When you then start your web applications, you get the before mentioned log messages.
Expected behavior I expect none of the before mentioned log messages at application start.
Sample
I created this minimal, reproducible sample which basically consists of nothing, but the @EnableGlobalMethodSecurity annotation and the needed dependencies.
Comment From: snicoll
@Lyannic thanks for the report and the sample, this is very useful. I can see that this early init is triggered from Spring Security. Unfortunately, I don't have the rights to move that issue. Could you please create one there? Feel free to reference this issue so that we can follow along.