Spring security annotations with EL -- requires debug information compiled in?

Question

I am considering using Spring Security annotations for my application, with the EL (expression language) feature. For example:

@PreAuthorize("hasPermission(#contact, 'admin')")
public void deletePermission(Contact contact, Sid recipient, Permission permission);

I need the EL capability because I have built my own ACL implementation. However, to use this capability with the "#contact" type arguments, the Spring documentation says this:

You can access any of the method arguments by name as expression variables, provided your code has debug information compiled in.

This begs two questions:

1. It is acceptable to have a production application commercially distributed with debug info in it?
2. If not, is there any way around this?

Thanks for any guidance on this!

Answer 1

I guess this wasn´t an option when you approached the problem the first time, but now you can do this

@PreAuthorize("hasPermission(#contact, 'admin')")
public void deletePermission(@P("contact") Contact contact, Sid recipient, Permission permission);

http://docs.spring.io/spring-security/site/docs/current/reference/html/el-access.html#access-control-using-preauthorize-and-postauthorize