Spring Security @RolesAllowed annotation is not working in multi module gradle project

I upgraded my multi module gradle(v8.2) project from spring 5.3.34 to spring 6.1.18 In "core" module I have SpringWebSecurityConfigurer file -

@Configuration
@EnableWebSecurity
@EnableMethodSecurity(jsr250Enabled=true)
public class SpringWebSecurityConfigurer{
      @Bean
      public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
             http.authorizeHttpRequests(authorize -> authorize
                .anyRequest().authenticated()
             );
            return http.build();
      }
}

I have another module "configuration" for which I have mentioned dependency on "core" module in its build.gradle file - implementation project(":core")

Both these modules have RestController class with get/put/post mappings annotated with @RolesAllowed annotation. Issue is that for "core" module @RolesAllowed annotation is working fine and I get Access Denied 403 with not allowed role. But in case of "configuration" module, in its RestController class the @RolesAllowed annotation is not working fine and I don't get 403. I tried to use @PreAuthorize but same issue.

This issue started to come in Spring Security 6, earlier in version 5 @RolesAllowed was working fine for "configuration" module.

Comment From: jzheaux

Thanks for getting in touch, @arjun1607! It feels like this is a question that would be better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add a reproducer if you feel this is a genuine bug.