Update: This will not work with Spring 3.1. This is due to the ServletRequestMethodArgumentResolver being added by default prior to custom argument resolvers in a private method in the RequestMappingHandlerAdapter (getDefaultArgumentResolvers).
When using Spring Security, the CommonsMultipartResolver will not work. Why? Because the MultipartHttpServletRequest will be wrapped in a SecurityContextHolderAwareRequestWrapper, and will not be matched.
Of course, we don't want to fall back to just taking an HttpServletRequest as a parameter in our RequestMapping and parsing it out, we need to work smarter than that!
The best solution I could come up with is registering a custom WebArgumentResolver (below). But any readers out there have a better solution, please share!