Spring Security Missing BeanResolver when using SpEL with Pre/PostAuthorizeAuthorizationManager

Describe the bug

When enabling method security with the new @EnableMethodSecurity, the DefaultMethodSecurityExpressionHandlerused in Pre/PostAuthorizeAuthorizationManager is missing a BeanResolver. Referencing beans inside a SpEL throws the following exception:

Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1057E: No bean resolver registered in the context to resolve access to bean 'customAuthorizer'
    at org.springframework.expression.spel.ast.BeanReference.getValueInternal(BeanReference.java:51)
    at org.springframework.expression.spel.ast.CompoundExpression.getValueRef(CompoundExpression.java:55)
    at org.springframework.expression.spel.ast.CompoundExpression.getValueInternal(CompoundExpression.java:91)
    at org.springframework.expression.spel.ast.SpelNodeImpl.getTypedValue(SpelNodeImpl.java:117)
    at org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:308)
    at org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:30)
    ... 90 more

Expected behavior

@Pre/PostAuthorize should work consistently when enabling method security with either @EnableGlobalMethodSecurity(prePostEnabled = true)or @EnableMethodSecurity

Sample

Here's a test that shows the behavior: https://github.com/salmar/spring-security-method-missing-beanresolver/blob/main/src/test/java/com/example/demo/SpringSecurityMethodMissingBeanResolverApplicationTests.java

Comment From: jzheaux

Thanks for the report, @salmar! This is now resolved in main.