I have SPRING METHOD security fully configured for my web application. (with PRE/POST annotations enabled).
However recently I encountered a strange issue with them. Summary as follows:
Summary of POJOS
// User Class public class User { int id; String name; // getters and setters } // Group Class public class Group { int id; String name; // getters and setters } // GroupMembership class public class GroupMembership { private int id; private User user; private Group group; // getters and setters }
PreAuthorise filter on method .
@PreAuthorize("canIEditGroupProfile(#membership.group.id)") public int updateGroupMembership(GroupMembership membership) throws GroupsServiceException;
Upon passing a fully populated GroupMembership
object (proper user and group compositions present), the security filter throws following exception:
errorMessage: "Failed to evaluate expression
canIEditGroupProfile(#membership.group.id)'"
Upon digging into the exception:
The cause is found to be:
org.springframework.expression.spel.SpelEvaluationException:
EL1007E:(pos 33): Field or property 'group' cannot be found on null
Please provide pointers to address the same.
getter/setters seems fine... also no case of null
.
However a interesting observation; this one gives me an error:
@PreAuthorize("canIEditGroupProfile(#membership.group.id)")
public int updateGroupMembership(GroupMembership membership)
throws GroupsServiceException;
This works fine:
@PreAuthorize("canIEditGroupProfile(#groupmembership.group.id)")
public int updateGroupMembership(GroupMembership groupmembership)
throws GroupsServiceException;
Further I observed, the parameter name was mismatching in case of first (i.e Service and ServiceImpl both had different parameter names).
Now maintaining the uniformity, the issue seems to be fixed.
I got the same issue in my Spring Boot application. It turned out that I was compiling without my debug symbols information, as it is mentioned in a comment above. I would like to remark that I could fix the issue in two ways:
1.(My favourite one): Just include this in your pom.xml --> plugins
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<compilerArgument>-parameters</compilerArgument>
<testCompilerArgument>-parameters</testCompilerArgument>
</configuration>
</plugin>
- If you are using Java 1.8 and Eclipse as an IDE, go to your Project Properties --> Java Compile --> check "Store information about method parameters (usable via reflection)".
I found really interesting this link to know more about the issue.
Hope it helps!
As @zeroflagL asked: Are you compiling without debug information? This is likely the same issue as spring @Cacheable with Ehcache, spel find null for valid object and Spring @Cacheable with SpEL key: always evaluates to null – check your POM (or Eclipse configuration or whatever) for your debug configuration, for instance <debug>false</debug>
in the maven-compiler-plugin
.
来源:https://stackoverflow.com/questions/22959459/spelevaluationexception-el1007epos-43-field-or-property-group-cannot-be-f