Currently Spring Security goes through the class white list in the TypeIdResolver
This may or may not be simplified using a PolymorphicTypeValidator
In the current code structure, the validator is invoked when the type is resolved, thus the white list from the mixins is never evaluated.