Spring - SpEL evaluates entity argument as null reference in @PreAuthorize(“hasPermission”)

Question

I\'ve got problem that SpEL is evaluating entity argument as null reference in the second method of this repository. This first method works well and id is correctly evaluat

Answer 1

When referencing method parameters from spel in interfaces it pays to annotate them with Spring Data's @Param to explicitly name them:

@PreAuthorize("hasPermission(#entity, 'owner')")
void delete(@Param("entity") T entity);

If the parameters aren't annotated Spring has to use reflection to discover the parameter names. This is only possible for interface methods if

• You're running Spring 4+
• You're running Java 8
• The interface was compiled with JDK 8 and the -parameters flag was specified

For class methods Spring has another option—it can use debug information. This works in Spring 3 and earlier versions of Java, but again it relies on a compile time flag to work (i.e. -g).

For portability it's better to annotate all the parameters you need to reference.

Reference: Access Control using @PreAuthorize and @PostAuthorize.