SEC-1830: Use constructor injection in namespace parsing code for creation of ProviderManager

config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java

@@ -83,7 +83,7 @@ public class AuthenticationManagerBeanDefinitionParser implements BeanDefinition
             providers.add(new RootBeanDefinition(NullAuthenticationProvider.class));
         }
 
-        providerManagerBldr.addPropertyValue("providers", providers);
+        providerManagerBldr.addConstructorArgValue(providers);
 
         if ("false".equals(element.getAttribute(ATT_ERASE_CREDENTIALS))) {
             providerManagerBldr.addPropertyValue("eraseCredentialsAfterAuthentication", false);

config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java

@@ -471,7 +471,7 @@ class HttpConfigurationBuilder {
             voters.add(new RootBeanDefinition(AuthenticatedVoter.class));
         }
         accessDecisionMgr = new RootBeanDefinition(AffirmativeBased.class);
-        accessDecisionMgr.getPropertyValues().addPropertyValue("decisionVoters", voters);
+        accessDecisionMgr.getConstructorArgumentValues().addGenericArgumentValue(voters);
         accessDecisionMgr.setSource(pc.extractSource(httpElt));
 
         // Set up the access manager reference for http

config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java

@@ -187,8 +187,9 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
     private BeanReference createAuthenticationManager(Element element, ParserContext pc,
             ManagedList<BeanReference> authenticationProviders) {
         BeanDefinitionBuilder authManager = BeanDefinitionBuilder.rootBeanDefinition(ProviderManager.class);
-        authManager.addPropertyValue("parent", new RootBeanDefinition(AuthenticationManagerFactoryBean.class));
-        authManager.addPropertyValue("providers", authenticationProviders);
+        authManager.addConstructorArgValue(authenticationProviders);
+        authManager.addConstructorArgValue(new RootBeanDefinition(AuthenticationManagerFactoryBean.class));
+
         RootBeanDefinition clearCredentials = new RootBeanDefinition(MethodInvokingFactoryBean.class);
         clearCredentials.getPropertyValues().addPropertyValue("targetObject", new RootBeanDefinition(AuthenticationManagerFactoryBean.class));
         clearCredentials.getPropertyValues().addPropertyValue("targetMethod", "isEraseCredentialsAfterAuthentication");

config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java

@@ -247,7 +247,7 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP
             voters.add(new RootBeanDefinition(Jsr250Voter.class));
         }
 
-        accessMgrBuilder.addPropertyValue("decisionVoters", voters);
+        accessMgrBuilder.addConstructorArgValue(voters);
 
         BeanDefinition accessManager = accessMgrBuilder.getBeanDefinition();
         String id = pc.getReaderContext().generateBeanName(accessManager);