SpelEvaluationException: EL1007E:(pos 43): Field or property 'group' cannot be found on null
I have SPRING METHOD security fully configured for my web application. (with PRE/POST annotations enabled).
However recently I encountered a strange issue with them. Summary as follows:
Summary of POJOS
// User Class public class User { int id; String name; // getters and setters } // Group Class public class Group { int id; String name; // getters and setters } // GroupMembership class public class GroupMembership { private int id; private User user; private Group group; // getters and setters }PreAuthorise filter on method .
@PreAuthorize("canIEditGroupProfile(#membership.group.id)") public int updateGroupMembership(GroupMembership membership) throws GroupsServiceException;
Upon passing a fully populated GroupMembership object (proper user and group compositions present), the security filter throws following exception:
errorMessage: "Failed to evaluate expression
canIEditGroupProfile(#membership.group.id)'"
Upon digging into the exception:
The cause is found to be:
org.springframework.expression.spel.SpelEvaluationException:
EL1007E:(pos 33): Field or property 'group' cannot be found on null
Please provide pointers to address the same.
Answer
getter/setters seems fine... also no case of null.
However a interesting observation; this one gives me an error:
@PreAuthorize("canIEditGroupProfile(#membership.group.id)")
public int updateGroupMembership(GroupMembership membership)
throws GroupsServiceException;
This works fine:
@PreAuthorize("canIEditGroupProfile(#groupmembership.group.id)")
public int updateGroupMembership(GroupMembership groupmembership)
throws GroupsServiceException;
Further I observed, the parameter name was mismatching in case of first (i.e Service and ServiceImpl both had different parameter names).
Now maintaining the uniformity, the issue seems to be fixed.