Spring Security Issue when using @AuthenticationPrincipal on interfaces

In the current version of Spring Security (version 6.4), a changed behavior occurs when using the @AuthenticationPrincipal annotation on an interface. If the annotation is applied directly to the concrete implementation, everything works as expected and the UserDetails object is passed correctly. However, if the annotation is applied to an interface, the implementation receives a new or empty UserDetails object.

Reproduction of the problem: The problem can be reproduced with the example project: K-e-l-v-i-n-12/spring-security

Steps to reproduce: - Start the application. - Call http://localhost:8080/userByInterface (any username/password). The response is: Hello, null. - Call http://localhost:8080/userByImplementation (any username/password). The response is: Hello, test.

Actual behaviour: If @AuthenticationPrincipal is applied to an interface, the implementation receives an empty UserDetails object.

Expected behaviour: The UserDetails object should be passed correctly even when an interface is used.

Proposed solution: Extend support for @AuthenticationPrincipal to interfaces.

Comment From: jzheaux

Apologies. https://github.com/spring-projects/spring-security/commit/87de6cea1bff2e8700400f68186b014c1b75d32f was linked to the incorrect issue; it should be #16072