I found a warning in my logs, so I created a issue: https://github.com/spring-projects/spring-security/issues/10211
jgrandja closed my issue with this explanation: This issue should be logged in Spring Framework since GenericTypeAwarePropertyDescriptor exists there and is the one logging the warning message. However, I don't see this as an issue. If you want to suppress this warning message you could configure the logging framework to suppress that specific message or all logs in that class.
I think this should be fixed in spring-security, since your GenericTypeAwarePropertyDescriptor just logs similar looking methods, which could be a problem. In this case it is no problem since both methods with the name setLogoutHandlers have similar parameters, but doing the same, at least now.
11:54:01,463 WARN org.springframework.beans.GenericTypeAwarePropertyDescriptor [GenericTypeAwarePropertyDescriptor.java:141] - Invalid JavaBean property 'logoutHandlers' being accessed! Ambiguous write methods found next to actually used [public void org.springframework.security.web.session.ConcurrentSessionFilter.setLogoutHandlers(org.springframework.security.web.authentication.logout.LogoutHandler[])]: [public void org.springframework.security.web.session.ConcurrentSessionFilter.setLogoutHandlers(java.util.List)]
Affects: Spring: 5.3.6 Spring-Security: 5.4.6
Comment From: jhoeller
I suppose we could lower the log level there (and possibly rephrase the message to sound less scary), assuming that each of the setters would do the same job for our injection purposes. If such a multi-setter arrangement is actually inconsistent at runtime, it'll eventually fail with an argument conversion exception or the like anyway... just possibly at a later point of execution.
Generally speaking, JavaBean properties are only allowed to have a single setter method per property name. However, we handle other bean conventions in a rather relaxed way, so we could relax this here as well.