I have a CRUD repository from this example of Spring Data. I'm trying to add custom permission evaluation, but in my implementation of PermissionEvalutor
, targetDomainObject
is always null
.
ItemRepository
@PreAuthorize("hasRole('ROLE_USER')")
public interface ItemRepository extends CrudRepository<Item, Long> {
@PreAuthorize("hasPermission(#entity, 'DELETE')")
<S extends Item> S save(S entity);
@PreAuthorize("hasRole('ROLE_ADMIN')")
void delete(Long id);
}
Following the suggestions in the answers to this question of making the interface and implementation parameter names to match, I've tried changing entity
by item
in both the expression and the method parameter. I'm not sure what implementation should match against what interface here, so I'm guessing is SimpleJpaRepository
against ItemRepository
/CrudRepository
. Anyway, it doesn't work, targetDomainObject
is always null. Same for targetId
in the other method.
Debugging MethodSecurityEvaluationContext.lookupVariable
shows that args.length = 0
, inside the method addArgumentsAsVariables()
, that then logs Unable to resolve method parameter names for method: public abstract xx.xxx.Item xx.xxx.ItemRepository.save(xx.xxx.Item). Debug symbol information is required if you are using parameter names in expressions.
. At lookupVariable
, everything is null.
Is the debug symbol not #
? What am I doing wrong?
Haven't looked in the actual code, but judging from what you write about the debug information, Spring isn't able to find the parameter names, probably since the come from interfaces and those aren't included in the bytecode by default.
Try adding a -parameters
compiler flag. Also see this answer for a probably similar problem: https://stackoverflow.com/a/40787280