This looks like a bug to me. Line 386 of the file GlobalMethodSecurityBeanDefinitionParser.java that raises the error is
delegate = beanFactory.getBean(authMgrBean, ProviderManager.class);
It asks the bean factory for an bean with the concrete implementation ProviderManager
, but it should only request a bean with the interface AuthenticationManager
like:
delegate = beanFactory.getBean(authMgrBean, AuthenticationManager.class);
You may want to raise a ticket in Spring Security's Jira.
BTW: We are also exporting the authenticationManager as an OSGI service and consume it in other bundles, which works really well.