From e3438aa36a47f41858c29f9142d5b363578b6397 Mon Sep 17 00:00:00 2001
From: Josh Cummings <josh.cummings@gmail.com>
Date: Wed, 17 Jul 2024 12:22:15 -0600
Subject: [PATCH] Support AliasFor

Closes gh-15436
---
 .../authorization/method/AuthorizationAnnotationUtils.java  | 6 +-----
 .../method/AuthorizationAnnotationUtilsTests.java           | 6 +-----
 2 files changed, 2 insertions(+), 10 deletions(-)

diff --git a/core/src/main/java/org/springframework/security/authorization/method/AuthorizationAnnotationUtils.java b/core/src/main/java/org/springframework/security/authorization/method/AuthorizationAnnotationUtils.java
index de0e9c9111..2722df98cd 100644
--- a/core/src/main/java/org/springframework/security/authorization/method/AuthorizationAnnotationUtils.java
+++ b/core/src/main/java/org/springframework/security/authorization/method/AuthorizationAnnotationUtils.java
@@ -136,11 +136,7 @@ final class AuthorizationAnnotationUtils {
 			Class<A> annotationType, Function<MergedAnnotation<A>, A> map) {
 		MergedAnnotations mergedAnnotations = MergedAnnotations.from(annotatedElement, SearchStrategy.TYPE_HIERARCHY,
 				RepeatableContainers.none());
-		List<A> annotations = mergedAnnotations.stream(annotationType)
-			.map(MergedAnnotation::withNonMergedAttributes)
-			.map(map)
-			.distinct()
-			.toList();
+		List<A> annotations = mergedAnnotations.stream(annotationType).map(map).distinct().toList();
 
 		return switch (annotations.size()) {
 			case 0 -> null;
diff --git a/core/src/test/java/org/springframework/security/authorization/method/AuthorizationAnnotationUtilsTests.java b/core/src/test/java/org/springframework/security/authorization/method/AuthorizationAnnotationUtilsTests.java
index 3dfc24a9e3..f6bf450afd 100644
--- a/core/src/test/java/org/springframework/security/authorization/method/AuthorizationAnnotationUtilsTests.java
+++ b/core/src/test/java/org/springframework/security/authorization/method/AuthorizationAnnotationUtilsTests.java
@@ -90,11 +90,7 @@ class AuthorizationAnnotationUtilsTests {
 	void composedMergedAnnotationsAreNotSupported() {
 		Class<?> clazz = ComposedPreAuthAnnotationOnClass.class;
 		PreAuthorize preAuthorize = AuthorizationAnnotationUtils.findUniqueAnnotation(clazz, PreAuthorize.class);
-
-		// If you comment out .map(MergedAnnotation::withNonMergedAttributes) in
-		// AuthorizationAnnotationUtils.findDistinctAnnotation(), the value of
-		// the merged annotation would be "hasRole('composedRole')".
-		assertThat(preAuthorize.value()).isEqualTo("hasRole('metaRole')");
+		assertThat(preAuthorize.value()).isEqualTo("hasRole('composedRole')");
 	}
 
 	private interface BaseRepository<T> {