From 27ce5936cf3325a53da480871c1d8f02cca8deda Mon Sep 17 00:00:00 2001
From: Josh Cummings <josh.cummings@gmail.com>
Date: Thu, 25 Aug 2022 10:53:26 -0600
Subject: [PATCH] Add Caveat about Spring Security's co-routine support

Closes gh-10920
---
 .../ROOT/pages/reactive/authorization/method.adoc        | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/docs/modules/ROOT/pages/reactive/authorization/method.adoc b/docs/modules/ROOT/pages/reactive/authorization/method.adoc
index dc04d46be6..8c64598dfa 100644
--- a/docs/modules/ROOT/pages/reactive/authorization/method.adoc
+++ b/docs/modules/ROOT/pages/reactive/authorization/method.adoc
@@ -6,10 +6,17 @@ For example, this demonstrates how to retrieve the currently logged in user's me
 
 [NOTE]
 ====
-For this to work the return type of the method must be a `org.reactivestreams.Publisher` (i.e. `Mono`/`Flux`) or the function must be a Kotlin coroutine function.
+For this to work the return type of the method must be a `org.reactivestreams.Publisher` (for example, `Mono`/`Flux`).
 This is necessary to integrate with Reactor's `Context`.
 ====
 
+[WARNING]
+====
+Method Security also supports Kotlin coroutines, though only to a limited degree.
+When intercepting coroutines, only the first interceptor participates.
+If any other interceptors are present and come after Spring Security's method security interceptor, they will be skipped.
+====
+
 ====
 .Java
 [source,java,role="primary"]