springboot Spring Security multiple AuthenticationProviders causing default provider configured

I have configured spring security using:

@Import(SecurityProblemSupport.class)
@EnableWebSecurity
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private RestAuthenticationProvider authenticationProvider;

    @Autowired
    private CustomUserDetailService customUserDetailService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(authenticationProvider);
        auth.userDetailsService(customUserDetailService);
        super.configure(auth);
    }

Everything work as expected. The Rest authentication provider is a Component which implements AuthenticationProvider:

@Component
public class RestAuthenticationProvider implements AuthenticationProvider  {

The problem is that, if I ADD in the classpath another @Component which extends AbstractUserDetailAuthenticationProvider, the RestAuthenticationProvider is not used anymore; instead spring uses one default provider, using the UserDetailService specified in configuration. There are no other links to this CustomAuthenticationProvider. It's just in the same package. The same thing happens if I use in configuration the CustomProvider but the Rest one is annotated with component and not used anywere else.

@Component // <- if I remove this, everything works fine. 
public class CustomUserAuthenticationProvider extends
   AbstractUserDetailsAuthenticationProvider {

Using :

```java @ConditionalOnProperty(name = "authprovider", havingValue = "custom") public class CustomUserAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider { ````

on both beans, and injecting one or the other in the config bean an then set it in the configure method, will cause a strange behaviour:

None of them will be registered as providers, causing spring to use a "default" DaoAuthentication provider.

I've also reported this issue on stackoverflow and I've bypassed the problem as stated in the accepted answer:

https://stackoverflow.com/questions/60027878/spring-security-multiple-authenticationproviders/60187088#60187088

Comment From: wilkinsona

Thanks for the report. As you are using @EnableWebSecurity, Spring Boot will not be involved in the configuration of Spring Security. If you believe you have a found a problem with Spring Security's configuration behaviour, please open a Spring Security issue.