Spring Expression Failed to Evaluate

Question

I have the following controller:

@PreAuthorize("authentication.principal.userId == #userId") @GetMapping(value = {"/{userId}", "/{userId}/"}, produces = MediaType.APPLICATION_JSON_VALUE)....

I have enabled method security as well:

@EnableMethodSecurity public class SecurityConfig ....{

When ever I try to call the controller I get this error: [java.lang.IllegalArgumentException: Failed to evaluate expression 'authentication.principal.userId == #userId']

I have checked the Spring security docs but was unable to resolve my issue.

I made some checks and I see where the Principal in the authentication context is of type org.springframework.security.oauth2.jwt. That's the reason why the @PreAuthorize annotation wasn't working. How can i make it so that the JWT Principal is automatically converted to my UserEntity class which implements the UserDetails interface?

I've tried making this utility class:

@Service
public class UserJwtUtil {

    private final UserService userService;

    public UserJwtUtil(UserService userService) {
        this.userService = userService;
    }

    public Long findUserIdFromJwtPrincipal(Jwt principal) {

        String username = principal.getClaim("sub");

        return this.userService.findUserEntityByUsername(username).get().getUserId();
    }
}
'''

and then tried using it in an annotation like this: 

```@PreAuthorize("userJwtUtil.findUserIdFromJwtPrincipal(principal) == #userId")
ublic ResponseEntity<UserEntityResponseDto> findUserById(@PathVariable("userId") Long userId) { ...

but the issue persists.

Answer 1

Reference beans require @ symbol as below

@PreAuthorize("@userJwtUtil.findUserIdFromJwtPrincipal(principal) == #userId")