SEC-2031: PreInvocationAuthorizationAdviceVoter supports subclasses

core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java

@@ -35,7 +35,7 @@ public class PreInvocationAuthorizationAdviceVoter implements AccessDecisionVote
     }
 
     public boolean supports(Class<?> clazz) {
-        return clazz.isAssignableFrom(MethodInvocation.class);
+        return MethodInvocation.class.isAssignableFrom(clazz);
     }
 
     public int vote(Authentication authentication, MethodInvocation method, Collection<ConfigAttribute> attributes) {

core/src/test/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoterTests.java

@@ -0,0 +1,41 @@
+package org.springframework.security.access.prepost;
+
+import static org.junit.Assert.assertTrue;
+
+import org.aopalliance.intercept.MethodInvocation;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.runners.MockitoJUnitRunner;
+import org.springframework.aop.ProxyMethodInvocation;
+import org.springframework.security.access.intercept.aspectj.MethodInvocationAdapter;
+
+
+@RunWith(MockitoJUnitRunner.class)
+public class PreInvocationAuthorizationAdviceVoterTests {
+    @Mock
+    private PreInvocationAuthorizationAdvice authorizationAdvice;
+    private PreInvocationAuthorizationAdviceVoter voter;
+
+    @Before
+    public void setUp() {
+        voter = new PreInvocationAuthorizationAdviceVoter(authorizationAdvice);
+    }
+
+    @Test
+    public void supportsMethodInvocation() {
+        assertTrue(voter.supports(MethodInvocation.class));
+    }
+
+    // SEC-2031
+    @Test
+    public void supportsProxyMethodInvocation() {
+        assertTrue(voter.supports(ProxyMethodInvocation.class));
+    }
+
+    @Test
+    public void supportsMethodInvocationAdapter() {
+        assertTrue(voter.supports(MethodInvocationAdapter.class));
+    }
+}