Restore Deprecated ObjectPostProcessor constructors for binary compatibility

[okohub]

Describe the bug

With 6.4.0, especially with this commit: ee9a887

ObjectPostProcessor is moved to parent folder and current implementation is marked as deprecated. To ensure compatibility, deprecated ObjectPostProcessor is also extends new one.

The AuthenticationManagerBuilder (org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder) has a constructor with new ObjectProcessor as follows:

public AuthenticationManagerBuilder(ObjectPostProcessor<Object> objectPostProcessor) {
  super(objectPostProcessor, true);
}

We have a NoObjectPostProcessor (like identity function in new one, thanks for that),

import c.c.c.Lazy;
import org.springframework.security.config.annotation.ObjectPostProcessor;

public class NoOpObjectPostProcessor<T> implements ObjectPostProcessor<T> {

  private static final Lazy<ObjectPostProcessor> INSTANCE = Lazy.of(NoOpObjectPostProcessor::new);

  public static <T> ObjectPostProcessor<T> getInstance() {
    return (ObjectPostProcessor<T>) INSTANCE.get();
  }

  @Override
  public <O extends T> O postProcess(O object) {
    return object;
  }
}

And using this processor like that:

AuthenticationManagerBuilder builder = new AuthenticationManagerBuilder(NoOpObjectPostProcessor.getInstance());

This usage now throws exception:

Caused by: java.lang.NoSuchMethodError: 'void org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder.<init>(org.springframework.security.config.annotation.ObjectPostProcessor)'
	at x.x.x.x.x.x.build(x.java:23)  --> calls builder constructor
	at a.a.a.a.a.a(a.java:54)
	at java.base/java.lang.reflect.Method.invoke(Method.java:580)
	at org.springframework.beans.factory.support.SimpleInstantiationStrategy.lambda$instantiate$0(SimpleInstantiationStrategy.java:171)
	... 48 more

To Reproduce
Steps to reproduce the behavior.

Expected behavior
In first, I expected that compatibility trick can work because it also gives no error when compiling. It explodes in runtime.

I should resolve problem on my own codebase with some workarounds, but I thought this should be also discussed.

Thanks.

[ngocnhan-tran1996]

With version 6.4.1

I run without error and org.springframework.security.config.annotation.ObjectPostProcessor extends org.springframework.security.config.ObjectPostProcessor

spring-security/config/src/main/java/org/springframework/security/config/annotation/ObjectPostProcessor.java

Lines 34 to 35 in 59b7b55

	@Deprecated
	public interface ObjectPostProcessor<T> extends org.springframework.security.config.ObjectPostProcessor<T> {

[jzheaux]

Hi, @okohub, thanks for the report.

This may be a binary compatibility issue. As such it may be appropriate to reintroduce the deprecated constructors to make the upgrade passive.

I'm targeting a fix for this in the next maintenance release.

[ngocnhan-tran1996]

@jzheaux

May I work on this?

[jzheaux]

@okohub a fix has been pushed and should be available in 6.4.2-SNAPSHOT. Can you please try it out and let me know if your issue is resolved?