Spring @AuthenticationPrincipal resolves to null when spring security is also included

Followup to #26117.

When using boot 2.4.1 with managed spring and spring security dependencies @AuthenticationPrincipal is no longer bound. Brief debugging appears to indicate that AuthenticationPrincipalArgumentResolver 'supports' the argument and resolves it to null before PrincipalMethodArgumentResolver has a chance to resolve it.

Sample project: https://github.com/krm1312/spring-auth-principal.

Toggle boot version in pom.xml to see difference.

Comment From: rstoyanchev

Thanks for the sample.

That looks like expected behavior to me. According to the Javadoc @AuthenticationPrincipal, it resolves Authentication#getPrincipal() which in this case is org.springframework.security.core.userdetails.User and that is not a Principal. It happened to work before because Principal was resolved ahead of @AuthenticaionPrincipal prior to 5.3 but in that case the annotation was simply ignored. So it seems like you need to remove the annotation if you want Principal resolved through the request.

Comment From: krm1312

Thank you. I can confirm removing the annotation fixes it in our real application as well.

Feel free to close if you want to keep the more strict behavior.