Spring Security Kotlin reactive apps using coroutines broken after upgrade to 3.0.4

Describe the bug I faced an error after upgrade spring boot from 3.0.1 to 3.0.4 on @PreAuthorize("hasRole('USER'").

To Reproduce

    @GetMapping("")
    @ResponseStatus(HttpStatus.OK)
    @PreAuthorize("hasRole('USER')")
    suspend fun something(): String {
        return "Hello"
    }

Error is.. The returnType class java.lang.Object on public java.lang.Object xxxx.xxxx.xxxx.xxxx.controller.XXXController.something(kotlin.coroutines.Continuation) must return an instance of org.reactivestreams.Publisher (for example, a Mono or Flux) in order to support Reactor Context

But if I change the code like this, works fine.

    @GetMapping("")
    @ResponseStatus(HttpStatus.OK)
    @PreAuthorize("hasRole('USER')")
    fun something(): Mono<String> {
        return Mono.just("Hello")
    }

Expected behavior When I use spring boot 3.0.1, that any codes works fine. But after I upgrade to 3.0.4, kotlin coroutines not work.

Comment From: und3rs

I thinks the 'invoke' method in org.springframework.security.authorization.method.AuthorizationManagerBeforeReactiveMethodInterceptor should allow coroutine suspend function.

       @Override
    public Object invoke(MethodInvocation mi) throws Throwable {
        Method method = mi.getMethod();
        Class<?> type = method.getReturnType();
        Assert.state(Publisher.class.isAssignableFrom(type),
                () -> String.format("The returnType %s on %s must return an instance of org.reactivestreams.Publisher "
                        + "(for example, a Mono or Flux) in order to support Reactor Context", type, method));

Comment From: marcusdacoregio

Hi @und3rs, I'm marking this as a duplicate of https://github.com/spring-projects/spring-security/issues/12080, but feel free to correct me if it appears to be a different issue.