Spring Security Some classes should implement MessageSourceAware

Describe the bug The javadoc of org.springframework.security.core.SpringSecurityMessageSource says

• The default MessageSource used by Spring Security.

  All Spring Security classes requiring message localization will by default use this class. However, all such classes will also implement MessageSourceAware so that the application context can inject an alternative message source. Therefore this class is only used when the deployment environment has not specified an alternative message source.

but specifying an alternative message source is not working everywhere in spring security because some classes are not implementing MessageSourceAware. I found 4 classes using SpringSecurityMessageSource without implementing MessageSourceAware:

• org.springframework.security.authentication.AbstractUserDetailsReactiveAuthenticationManager

• org.springframework.security.web.access.ExceptionTranslationFilter

• org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor

• org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices

These should probably implement MessageSourceAware, all others seems to be good.

Comment From: amergey

Would it help if I start a PR for this ?

Comment From: rwinch

Thanks for the report an offer to create a PR! We'd love to get a PR from you.