Description
Expected Behavior
AuthorizationAnnotationUtils may be very useful if you plan to implement your own security annotation and corresponding authorization manager, because it adds additional security behaviour to the classic AnnotationUtils in Spring Framework.
Hence, it would be useful if custom extensions could use it.
Current Behavior
AuthorizationAnnotationUtils is package-private, so can't be used by custom implementations. You either need to copy its code (running the risk to lose fixes in newer versions of Spring Security) or to just use AnnotationUtils (running the risk to process duplicate contradictory annotations in an unsafe way).
Context
I needed to create a custom annotation very similar to Secured, which however works with our role enumeration instead of with plain strings. So I created an Advisor for it as described at https://docs.spring.io/spring-security/reference/5.8/servlet/authorization/method-security.html#jc-method-security-custom-authorization-manager, but I also needed to write a proper AuthorizationManager to extract my annotation value from the target method/class and use it to compute AuthorizationDecisions.
Working with Spring Security 5.8.13.