Expected Behavior Spring Security default ResourceBundle org.springframework.security.messages always as fallback.

Current Behavior It overridden by MessageSourceAware::setMessageSource. for example, If we are using spring boot, we must append org.springframework.security.messages to spring.messages.basename

Comment From: eleftherias

Thanks for reaching out @quaff. Have you tried registering a MessageSource bean in your application?

@Bean
public MessageSource messageSource() {
    ReloadableResourceBundleMessageSource messageSource = new ReloadableResourceBundleMessageSource();
    messageSource.addBasenames("classpath:org/springframework/security/messages");
    return messageSource;
}

Comment From: Hccake

This looks like the same problem #10227 .

Comment From: quaff

Thanks for reaching out @quaff. Have you tried registering a MessageSource bean in your application?

@Bean public MessageSource messageSource() { ReloadableResourceBundleMessageSource messageSource = new ReloadableResourceBundleMessageSource(); messageSource.addBasenames("classpath:org/springframework/security/messages"); return messageSource; }

We don't create MessageSource or only add our own basenames, your advice is a bit invasive.

Comment From: eleftherias

I'm going to close this as a duplicate of gh-10227.

As mentioned in that issue, the message source is necessary to distinguish between the localization that is provided by Spring Security and any custom messages that you have added. If you feel that we are missing any language, we are happy to accept a PR directly in Spring Security with the internationalized messages.