SpelEvaluationException: EL1004E:(pos 0): Method call: Method hasPermission(java.lang.String) cannot be found on MethodSecurityExpressionRoot type

Question

I add to my project a class CustomPermissionEvaluator, configured by a configuration class MethodSecurityConfig, but when I try run my application, after I inform my login c

Answer 1

Ok, finally I get to work done this part of my project. The final code for the CustomPermissionEvaluator is:

@Component
public class CustomPermissionEvaluator implements PermissionEvaluator {

    public CustomPermissionEvaluator() {
    }

    public boolean hasPermission(Authentication arg0, Object arg1) {
        System.out.println("CustomPermissionEvaluator.hasPermission");
        System.out.println("arg0 = "+arg0);
        System.out.println("arg1 = "+arg1);

        if (arg0 == null || !arg0.isAuthenticated()) {
            System.out.println("false");
            return false;
        }
        else {
            System.out.println("true");
            for(GrantedAuthority authority: arg0.getAuthorities()) {
                if(authority.getAuthority().equals(arg1))
                    return true;
            }
            return false;
        }
    }

    @Override
    public boolean hasPermission(Authentication arg0, Object arg1, Object arg2) {
        System.out.println("CustomPermissionEvaluator.hasPermission");
        System.out.println("arg0 = "+arg0);
        System.out.println("arg1 = "+arg1);
        System.out.println("arg2 = "+arg2);

        if (arg0 == null || !arg0.isAuthenticated()) {
            System.out.println("false");
            return false;
        }
        else {
            System.out.println("true");
            for(GrantedAuthority authority: arg0.getAuthorities()) {
                if(authority.getAuthority().equals(arg2))
                    return true;
            }
            return false;
        }
    }

    @Override
    public boolean hasPermission(Authentication arg0, Serializable arg1, String arg2, Object arg3) {
        throw new RuntimeException("Id-based permission evaluation not currently supported.");
    }

}

Answer 2

Then I solve the problem presented here changing the call for hasPermission in the methods from my controller. The final code for them are:

@Controller
@RequestMapping(value="privado")
public class PrivadoController {

    @RequestMapping(value="admin")
    @PreAuthorize("hasPermission(#usuario, 'admin_main')")
    public ModelAndView admin() {
        ModelAndView mav = new ModelAndView();
        mav.setViewName("privado/admin");
        return mav;
    }

    @RequestMapping(value="customer")
    @PreAuthorize("hasPermission(#usuario, 'customer_main')")
    public ModelAndView customer() {
        ModelAndView mav = new ModelAndView();
        mav.setViewName("privado/customer");
        return mav;
    }

}

(Now I am trying find the correct argument for replace #usuario, which is returning a null value, but this is subject for another topic).

Answer 3

... Method hasPermission(java.lang.String) cannot be found ...

The method hasPermission() is called at any time with only one argument, but you provide it with 3 and 4 arguments:

public boolean hasPermission(Authentication arg0, Object arg1, Object arg2)
public boolean hasPermission(Authentication arg0, Serializable arg1, String arg2, Object arg3)

Add the method public boolean hasPermission(String permission) and try again.

Answer 4

You don't show the code where you use hasPermission('admin_main').

Although it is wrong anyway: your CustomPermissionEvaluator doesn't have a method with single argument. Or in terms of Spring Security like this:

boolean hasPermission(Authentication authentication, Object permission);

Maybe do you want to use hasRole('admin_main') ?..

The main your problem that you don't provide enough arguments for method implementations.