Description
Summary
We're using Spring Security on Google App Engine. The class java.util.ResourceBundle$Control is a restricted class on GAE, which makes our application fail when using Spring Security's AbstractRememberMeServices, which internally uses the AccountStatusUserDetailsChecker.
The AccountStatusUserDetailsChecker uses a SpringSecurityMessageSource, whose javadoc states that all such classes [using SpringSecurityMessageSource] will also implement <code>MessageSourceAware</code>.
Actual Behavior
AccountStatusUserDetailsChecker uses SpringSecurityMessageSource, but doesn't implement MessageSourceAware.
Consequently, we cannot inject our own MessageSource into the default UserDetailsChecker, so that we would be forced to sub-class or implement a UserDetailsChecker with a GAE-compatible MessageSource.
Expected Behavior
AccountStatusUserDetailsChecker should implement MessageSourceAware.
Alternatively it could help to configure the SpringSecurityMessageSource to use a custom MessageSource?
Version
We're using Spring Security 4.0.3.RELEASE. The current master seems to have the same issue, though.