DingHao

It was fixed by [commit](https://github.com/spring-projects/spring-security/commit/be11812fe4da55fe2d27228e917f1de47c37b2cd) and #14407

This is a bit like the EnableFeignClients annotation, if clients are not provided, use package scanning, otherwise use the provided ones

已修复 #617

把security设置到每个path里就可以了 ``` @Bean public GlobalOpenApiCustomizer globalOpenApiCustomizer() { return openApi -> openApi.getPaths().values().stream().flatMap(pathItem -> pathItem.readOperations().stream()).forEach(operation -> operation.security(openApi.getSecurity())); } ```

@franticticktick Is this what you want? ``` ConfigurableListableBeanFactory beanFactory = applicationContext.getBeanFactory(); String[] beanNames = applicationContext.getBeanNamesForType(Customizer.class); for (String bean: beanNames) { Customizer customizer = applicationContext.getBean(bean, Customizer.class); BeanDefinition bd = beanFactory.getMergedBeanDefinition(bean); Class...

@franticticktick If so, maybe applying Customizer beans in add configuration is a small change `AbstractConfiguredSecurityBuilder` ``` @SuppressWarnings("unchecked") private void add(C configurer) { Assert.notNull(configurer, "configurer cannot be null"); Class

@jzheaux I have been updated

Thanks a lot, @jzheaux. Everything is done as you expected.

According to the [Spring Security documentation](https://docs.spring.io/spring-security/reference/reactive/authorization/method.html) , the return type of the method must be a org.reactivestreams.Publisher (that is, a Mono or a Flux).

> I just checked against all the supported branches and that doesn't work in any of them. This bug maybe exist in all branches. When an exception occurs, the `ExceptionHandler...