Spring Security Java Configuration: Configuring AuthenticationManagerBuilder with GlobalAuthenticationConfigurerAdapter fails

I'm not sure how to implement the GlobalAuthenticationConfigurerAdapter subclasses. According to the SecurityConfigurer interface documentation, the init (SecurityBuilder) implementation should NOT set properties on the passed SecurityBuilder object. Instead, it should be done in the configure (SecurityBuilder) method. So I tried the following implementation:

@Configuration
protected static class AuthenticationConfiguration extends GlobalAuthenticationConfigurerAdapter {

    @Autowired
    private WebUserDetailsService userDetailsService;

    @Autowired
    private WebUserPasswordEncoder passwordEncoder;

    @Override
    public void configure (AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(this.userDetailsService).passwordEncoder(this.passwordEncoder);
    }

}

      

        
        
        
      

    

This configuration fails at startup due to the following check within the AbstractConfiguredSecurityBuilder Framework:

if(buildState.isConfigured()) {
            throw new IllegalStateException("Cannot apply "+configurer+" to already built object");
        }

      

        
        
        
      

    

BuildState.isConfigured () has the following (enhancement) implementation:

public boolean isConfigured() {
        return order >= CONFIGURING.order;
}

      

        
        
        
      

    

It checks to see if the assembly is actually in the CONFIG phase (as stated in the javadoc), but not if it is already configured (which I assume is BUILT state) as the method name suggests.

So my question is, is this expected behavior or is it a bug in Java configuration? All other examples I find on the internet usually set up a constructor in the init () method, so maybe I just don't understand the documentation correctly?

Edit: With Spring Security 3.2.6

Thank!