Exception "Attempted to call method hasScope(java.lang.String) on null context object" when using @PreAuthorize with #oauth2

See original GitHub issue

In a @ResourceServer application I have the following rest controller :

@RestController
public class TestApi {
    @RequestMapping("/testScope1")
    @ResponseBody
    @PreAuthorize("#oauth2.hasScope('scope1')")
    public String testScope1() {
        return "You have the scope1 scope!";
    }
}

At runtime, when accessing this endpoint you have the following error : org.springframework.expression.spel.SpelEvaluationException: EL1011E:(pos 8): Method call: Attempted to call method hasScope(java.lang.String) on null context object

In my setup PreAuthorize works otherwise : PreAuthorize(“hasRole(‘ROLE_ADMIN’)”) works for example

The same thing works well if I specify the access in my ResourceServerConfiguration instead of @Controllers’ methods

@Configuration
@EnableResourceServer
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
    @Override
    public void configure(HttpSecurity http) throws Exception {       
        http.authorizeRequests().
            antMatchers("/testScope1").access("#oauth2.hasScope('scope1')").
            anyRequest().authenticated();
    }
}

There is a similar issue discribed here : http://stackoverflow.com/questions/29797721/oauth2-security-expressions-on-method-level

Issue Analytics

  • State:closed
  • Created 8 years ago
  • Reactions:1
  • Comments:7 (4 by maintainers)

github_iconTop GitHub Comments

1reaction
snussbaumercommented, Sep 7, 2015

Hello @wilkinsona. I understand perfectly, but it seems to me this is really an issue, as the code is not working as expected… Also a similar question has been asked on stackoverflow in April, with no answer… Can I please ask for a second look on this problem ?

0reactions
mbhavecommented, Aug 2, 2019

@g1patil As @wilkinsona mentioned above, the question was answered and the problem had nothing to do with Spring Boot. If you think you’ve found a bug in Spring Boot, please raise a new issue.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Use @PreAuthorize("#oauth2.hasScope('internal')") with ...
What I uderstand is that I haven't got OAuth2SecurityExpressionMethods instance or it's created with null value. The full stack tracke below:
Read more >
spring-projects/spring-security-oauth - Gitter
SpelEvaluationException : EL1011E: Method call: Attempted to call method hasScope(java.lang.String) on null context object.
Read more >
Implementing OAuth2 in Spring: using scopes (part 2)
I am using Okta as authorization server. Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1011E: Method call: Attempted ...
Read more >
Spring Method Security with PreAuthorize - Okta Developer
This tutorial will explore two ways to configure authentication and authorization in Spring Boot using Spring Security. One method is to ...
Read more >
12. OAuth2 - Spring
To use Google's OAuth 2.0 authentication system for login, ... @Override public Map<String, Object> getAttributes() { if (this.attributes == null) ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found