Spring Security Improve error messaging when use-authorization-manager and access-decision-manager-ref conflict

Current Behavior

The user has a project with Spring Security utilizing Access Decision Manager classes. They have the following in their security.xml:

<http use-expressions="true" access-decision-manager-ref="affirmativeBasedAccessDecisionManager">

The project is based on Spring 5.x and they migrate to Spring 6.x. The user would get an error

org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: AuthorizationManager cannot be used in conjunction with `access-decision-manager-ref`

without having any AuthorizationManager beans configured.

This error message is confusing because it makes the user look for AuthorizationManager usages in the project.

Expected Behavior

If the error message pointed the user at the right attribute, it would save investigation time for users who perform the migration. It already gives a specific attribute name for access-decision-manager-ref. It should also give a reference to use-authorization-manager and highlight that it's true by default.

Context

The solution if the user doesn't want to migrate onto the new AuthorizationManager yet is to specify

<http use-expressions="true" access-decision-manager-ref="affirmativeBasedAccessDecisionManager" use-authorization-manager="false">

Comment From: jzheaux

Good idea, @Spikhalskiy. I think the message could be improved to suggest a remediation:

AuthorizationManager cannot be used in conjunction with `access-decision-manager-ref`; either remove the reference to AccessDecisionManager or add `use-authorization-manager="false"` to your `<http>` block

Are you able to submit a PR that imrpoves the message?

Comment From: Spikhalskiy

@jzheaux I definitely can adjust it this way. But I am concerned that this makes the message too focused on XML-based configuration, specifically "your <http> block" part. Without it, it's useful and relevant to both the annotation and XML-based configurations (as XML property names are close to setter names). Are you sure about this specific wording?

Comment From: jzheaux

My apologies, I overlooked your existing PR. I'll add any additional comments over there.

Closing in favor of https://github.com/spring-projects/spring-security/pull/16194