Given #15816, it may be easier to make Spring Security's bean resolution policy more consistent.
Reports like #15751 and #15538 make it clear that the existing behavior in some parts of Spring Security is surprising. To alleviate that, we can favor ObjectProvider#getIfAvailable. This is already an improvement over getBeanOrNull since it also supports the @Primary annotation, simplifying the remediation for duplicate beans.
Because getIfAvailable throws an exception when there are multiple candidate beans and getIfUnique does not, this is not a passive change, so it would need to happen in Spring Security 7 or later.