Following on from the extremely useful answer by Jay Paulynice above, my build.gradle
file contains this (Spring versions are managed by our own BOM elsewhere) :-
dependencies {
// Handle spring-aop conflict affecting AopInfrastructureBean (used by spring-security-core PermissionEvaluator).
// Only use spring-aop from spring-security-core, and exclude any other instances of it.
def withoutSpringAop = {
exclude group: 'org.springframework', module: 'spring-aop'
}
implementation group: 'org.springframework.security', name: 'spring-security-core'
implementation group: 'org.flywaydb', name: 'flyway-core', version: '5.1.4', withoutSpringAop
implementation group: 'org.springframework.security', name: 'spring-security-web', withoutSpringAop
implementation group: 'org.springframework.boot', name: 'spring-boot-starter-data-jpa', withoutSpringAop
...
}
This simple answer belies a lot of pain; I found it useful/necessary to search for 'aop' in the (fully expanded) dependency tree in my Intellij gradle window.