Spring Security Method Security does not switch to Interface Proxies for final Classes

If Spring Security's method security is used on a final class that implements an interface it fails. Instead it should create an interface based proxy

For example:

public interface BankAccountService {
    BankAccount findById(int id);
}

@Service
public final class BankAccountServiceImpl implements BankAccountService {
    @PostAuthorize("returnObject?.owner == authentication?.name")
    @Override
    public BankAccount findById(int id) {
        return null;
    }
}

@SpringBootApplication
@EnableMethodSecurity
public class BankAccountApplication {

    public static void main(String[] args) {
        SpringApplication.run(BankAccountApplication.class, args);
    }

}

// fails due to final class being proxied as class based proxy instead of interface based proxy
@SpringBootTest
class BankAccountServiceTest {
    @Autowired
    BankAccountService accounts;

    @Test
    void loads() {}
}

Comment From: rwinch

cc @jzheaux