I have SPRING METHOD security fully configured for my web application. (with PRE/POST annotations enabled).
However recently I encountered a strange issue with them. Summary as follows:
Summary of POJOS
// User Class
public class User {
    int id;
    String name;
    // getters and setters
}
// Group Class
public class Group {
    int id;
    String name;
    // getters and setters
}
// GroupMembership class
public class GroupMembership {
    private int id;
    private User user;
    private Group group;
    // getters and setters
}
PreAuthorise filter on method .
@PreAuthorize("canIEditGroupProfile(#membership.group.id)")
public int updateGroupMembership(GroupMembership membership)
    throws GroupsServiceException;
Upon passing a fully populated GroupMembership object (proper user and group compositions present), the security filter throws following exception:
errorMessage: "Failed to evaluate expression
    canIEditGroupProfile(#membership.group.id)'"
Upon digging into the exception:
The cause is found to be:
org.springframework.expression.spel.SpelEvaluationException:
    EL1007E:(pos 33): Field or property 'group' cannot be found on null
Please provide pointers to address the same.
getter/setters seems fine... also no case of null.
However a interesting observation; this one gives me an error:
@PreAuthorize("canIEditGroupProfile(#membership.group.id)")
public int updateGroupMembership(GroupMembership membership)
    throws GroupsServiceException; 
This works fine:
@PreAuthorize("canIEditGroupProfile(#groupmembership.group.id)")
public int updateGroupMembership(GroupMembership groupmembership)
    throws GroupsServiceException;
Further I observed, the parameter name was mismatching in case of first (i.e Service and ServiceImpl both had different parameter names).
Now maintaining the uniformity, the issue seems to be fixed.
I got the same issue in my Spring Boot application. It turned out that I was compiling without my debug symbols information, as it is mentioned in a comment above. I would like to remark that I could fix the issue in two ways:
1.(My favourite one): Just include this in your pom.xml --> plugins
<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-compiler-plugin</artifactId>
    <configuration>
       <compilerArgument>-parameters</compilerArgument>
       <testCompilerArgument>-parameters</testCompilerArgument>
    </configuration>
</plugin>
I found really interesting this link to know more about the issue.
Hope it helps!
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With