If @PreAuthorize
is used on interface, parameter name (id
) in SpEL must match parameter name in implementation (not required on interface – fileId
).
@Transactional public interface FileService { @PreAuthorize("@securityService.canAccessFile(#id)") File getFile(Long fileId); } /** * GOOD */ @Service public class FileServiceImpl implements FileService { @Override public File getFile(Long id) { /* ... */ } } /** * WRONG * In SecurityService `id` will be null !!! */ @Service public class FileServiceImpl implements FileService { @Override public File getFile(Long fileId) { /* ... */ } } |