'Why is @AuthenticationPrincipal null in spring-native image?
I'm injecting @AuthenticationPrincipal in a @RestController method. It works as expected in the JVM, but I get a NPE at security SpEL evaluation when running native image.
Here is the method:
@PutMapping("/{proxiedUserSubject}/proxies/{grantedUserSubject}")
@PreAuthorize("#token.subject == #proxiedUserSubject")
public ResponseEntity<?> editUserProxy(
@PathVariable(name = "proxiedUserSubject") @NotEmpty String proxiedUserSubject,
@PathVariable(name = "grantedUserSubject") @NotEmpty String grantedUserSubject,
@RequestBody Collection<Long> grantIds,
@AuthenticationPrincipal Object token) {
final var proxiedUser = getOrCreateUser(proxiedUserSubject);
final var grantedUser = getOrCreateUser(grantedUserSubject);
final var grants = grantRepo.findAllById(grantIds);
grantedUser.setGrantsOn(proxiedUser, grants);
userRepo.save(grantedUser);
return ResponseEntity.accepted().build();
}
Any idea why token is null in native image only?
I suspect something with AOT plugin configuration, but could not isolate the issue yet.
Solution 1:[1]
If your principal is a custom type you will need to add a reflection hint so that it can be used in a SpEL expression.
@TypeHint(types = CustomToken.class)
The default Spring Security types already have reflection hints as part of Spring Native.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Eleftheria Stein-Kousathana |