Describe the bug
When I define method to provide currently authenticated user within repository, I get NullPointerException.
EL1022E: The function 'isAuthenticated' mapped to an object of type 'class org.springframework.security.access.expression.SecurityExpressionRoot' which cannot be invoked
org.springframework.expression.spel.SpelEvaluationException: EL1022E: The function 'isAuthenticated' mapped to an object of type 'class org.springframework.security.access.expression.SecurityExpressionRoot' which cannot be invoked
...
Caused by: java.lang.NullPointerException: Cannot invoke "org.springframework.security.authentication.AuthenticationTrustResolver.isAnonymous(org.springframework.security.core.Authentication)" because "this.trustResolver" is null
According to the docs you can use all of the Common Security Expressions within the Query.
To Reproduce
Use isAuthenticated(), or isAnonymous() inside @Query, i.e.:
@Query("SELECT u FROM User u WHERE u.username = :#{authentication.name} AND 1=:#{isAuthenticated()? 1:0}")
Optional<User> findCurrentUser();
You can run tests from sample repository.
Tested with Spring Boot 2.6.7 and 2.7.0-RC1
Expected behavior
No NPE exception
Sample
https://github.com/slawekludwiczak/spring-data-security-bug
Reports that include a sample will take priority over reports that do not.
At times, we may require a sample, so it is good to try and include a sample up front.
Describe the bug
When I define method to provide currently authenticated user within repository, I get NullPointerException.
According to the docs you can use all of the Common Security Expressions within the Query.
To Reproduce
Use
isAuthenticated(), orisAnonymous()inside@Query, i.e.:You can run tests from sample repository.
Tested with Spring Boot 2.6.7 and 2.7.0-RC1
Expected behavior
No NPE exception
Sample
https://github.com/slawekludwiczak/spring-data-security-bug
Reports that include a sample will take priority over reports that do not.
At times, we may require a sample, so it is good to try and include a sample up front.