SpringBoot WebSecurityCustomizer beans are excluded by WebMvcTest

Expected behaviour

Beans of type WebSecurityCustomizer are created during test execution when using @WebMvcTest.

Context

In Spring Security there are two ways to customize WebSecurity.

1st - use WebSecurityConfigurer, which was previously implemented by already deprecated and removed WebSecurityConfigurerAdapter.

2nd - since Spring Security 5.4 we can use WebSecurityCustomizer instead of WebSecurityConfigurerAdapter.

Beans of type WebSecurityCustomizer are used by WebSecurityConfiguration to execute actual customization.

When I use @WebMvcTest I want my custom WebSecurityCustomizer to be picked up by the framework automatically during test execution.

However, since WebMvcTypeExcludeFilter doesn't include such beans - they are ignored/filtered out:

https://github.com/spring-projects/spring-boot/blob/4be3dc22625456334f6643eeeebc50cc9eda03ea/module/spring-boot-test-autoconfigure/src/main/java/org/springframework/boot/test/autoconfigure/web/servlet/WebMvcTypeExcludeFilter.java#L54-L56

Should beans of type WebSecurityCustomizer be included in the OPTIONAL_INCLUDES array similar to WebSecurityConfigurer?

Comment From: ahrytsiuk

I've created a small example https://github.com/ahrytsiuk/spring-boot-gh47255. It's a bit artificial, but I hope I can demonstrate the point well.

If you run tests you can see that FavIconWebMvcTest fails, but if I import WebSecurityCustomizer configuration explicitly - the test passes (see FavIconWebMvcFixedTest).