SpringBoot Startup failure with Spring Security and aspect before method

This issue feels related to https://github.com/spring-projects/spring-boot/issues/19010 but it's possible that it just has similar symptoms. The root issue is using Spring security, WebFlux and an aspect causes the Spring application to fail to start. The actual stack trace can be found below along with a sample application that reproduces the problem. If I remove the aspect from the app everything starts up just fine.

Version Info: Spring Boot: 3.0.6 Spring Dependency Management: 1.1.0 Kotlin: 1.7.22 Java Version: 17

Sample App: https://github.com/btkelly/spring-security-aspect-bug

Aspect Class Causing Issue:

@Aspect
@Component
class AspectTest {

    @Before(
        "execution(public * org.springframework.security.config.web.server.ServerHttpSecurity.authorizeExchange()) " +
            "&& target(serverHttpSecurity)"
    )
    fun updateServerHttpSecurity(serverHttpSecurity: ServerHttpSecurity) {
        println("We are here $serverHttpSecurity")
    }
}

Stacktrace

Caused by: java.lang.IllegalArgumentException: No visible constructors in class org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfiguration$ContextAwareServerHttpSecurity
    at org.springframework.cglib.core.ClassLoaderAwareGeneratorStrategy.generate(ClassLoaderAwareGeneratorStrategy.java:57) ~[spring-core-6.0.8.jar:6.0.8]
    at org.springframework.cglib.core.AbstractClassGenerator.generate(AbstractClassGenerator.java:362) ~[spring-core-6.0.8.jar:6.0.8]
    at org.springframework.cglib.proxy.Enhancer.generate(Enhancer.java:575) ~[spring-core-6.0.8.jar:6.0.8]
    at org.springframework.cglib.core.AbstractClassGenerator$ClassLoaderData.lambda$new$1(AbstractClassGenerator.java:103) ~[spring-core-6.0.8.jar:6.0.8]
    at org.springframework.cglib.core.internal.LoadingCache.lambda$createEntry$1(LoadingCache.java:52) ~[spring-core-6.0.8.jar:6.0.8]
    at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[na:na]
    at org.springframework.cglib.core.internal.LoadingCache.createEntry(LoadingCache.java:57) ~[spring-core-6.0.8.jar:6.0.8]
    at org.springframework.cglib.core.internal.LoadingCache.get(LoadingCache.java:34) ~[spring-core-6.0.8.jar:6.0.8]
    at org.springframework.cglib.core.AbstractClassGenerator$ClassLoaderData.get(AbstractClassGenerator.java:126) ~[spring-core-6.0.8.jar:6.0.8]
    at org.springframework.cglib.core.AbstractClassGenerator.create(AbstractClassGenerator.java:313) ~[spring-core-6.0.8.jar:6.0.8]
    at org.springframework.cglib.proxy.Enhancer.createHelper(Enhancer.java:562) ~[spring-core-6.0.8.jar:6.0.8]
    at org.springframework.cglib.proxy.Enhancer.createClass(Enhancer.java:407) ~[spring-core-6.0.8.jar:6.0.8]
    at org.springframework.aop.framework.ObjenesisCglibAopProxy.createProxyClassAndInstance(ObjenesisCglibAopProxy.java:62) ~[spring-aop-6.0.8.jar:6.0.8]
    at org.springframework.aop.framework.CglibAopProxy.buildProxy(CglibAopProxy.java:213) ~[spring-aop-6.0.8.jar:6.0.8]
    ... 36 common frames omitted

Comment From: wilkinsona

The visibility of ContextAwareServerHttpSecurity prevents it from being proxied. Proxying is required as the class is a target of your aspect. ContextAwareSeverHttpSecurity is part of Spring Security so there's nothing we can do about this in Spring Boot I'm afraid. You may want to raise this with the Spring Security team.