Circular dependencies with VaadinWebSecurity and NavigationAccessControl

[ILikePhysics]

Description of the bug

I understand that the documentation (https://vaadin.com/docs/latest/security/advanced-topics/navigation-access-control) suggests to expose a NavigationAccessControlConfigurer bean using a static block so that it produces a configured NavigationAccessControl bean before it eagerly inject it in VaadinWebSecurity when that NavigationAccessControlConfigurer is put in a class extending VaadinWebSecurity. The problem is by doing so, you are no longer able to inject other beans in your NavigationAccessControlConfigurer object if you want, for instance, pass it on some application properties.

Expected behavior

Not having to have to expose a bean in a static method within a class extending VaadinWebSecurity.

Would it be better to inject that NavigationAccessControl bean as a ObjectProvider or ObjectFactory, as suggested in the following post: #18458 (comment)?

Minimal reproducible example

None

Versions

Using Vaadin Flow 24.3.3

[mcollovati]

#18463 introduced the usage of ObjectProvider to inject NavigationAccessControl.

The fix has been released in Flow 24.3.4

[ILikePhysics]

oh, I completely missed 24.3.4. Should have better read that other post I guess... Thanks @mcollovati. I will wait for the official 24.3.4 release.

[mcollovati]

I'm not sure that ObjectProvider will allow using non static methods to define beans required by NavigationAccessControl.
Please reopen the issue if you still encounter errors after upgrading