Spring After upgrading to Spring Boot 3.2, WebDataBinder does not work as intended

Affects: Spring Boot 3.2.0+

When attempting to upgrade our Spring Boot + Spring Web based REST API from Spring Boot 3.1.12 to 3.2.0, I encountered an unexpected change of behavior in data binding of query parameters.

I am using AOP to inject principal information into the object when a request is made to the API end-point.

@Getter
@Setter
@ToString
public class UserSearch extends BaseSearch<QUser> {
    @PrincipalGroup
    private String groupId;
    private String username;
    private String userid;
    private String email;
}

    @GetMapping("/users")
    @PreAuthorize("isAuthenticated()")
    public List<UserResponse> getUsers(UserSearch search) {
        return userService.findAllList(search, pageable).stream().map(UserMapper.INSTANCE::toResponse)
                .collect(Collectors.toList());
    }

    @InitBinder
    public void setPrincipal(WebDataBinder binder) {
        helper.setPrincipal(binder);
    }

    public void setPrincipal(WebDataBinder binder) {
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
        String userId = (String) auth.getPrincipal();

        if (StringUtils.isBlank(userId)) {
            return;
        }

        Object object = binder.getTarget();

        if (object == null) {
            return;
        }

        try {
            if (object instanceof List) {
                List<?> objectList = (List<?>) object;
                for (int i = 0; i < objectList.size(); i++) {
                    injectValueWhereAnnotaion(objectList.get(i), objectList.get(i).getClass(), userId, MAX_DEPTH);
                }
            } else {
                injectValueWhereAnnotaion(object, object.getClass(), userId, MAX_DEPTH);
            }
        } catch (SecurityException | IllegalAccessException e) {
            throw new RuntimeException(e);
        }
    }

Assuming that a GET request is received from /users as above, a problem occurs when WebDataBinder binds data to the object.

When a GET request is received, webdatabinder.getTarget() = null and webdatabinder.getTargetType != null. It looks like WebDataBinder's target is not being instantiated through the constructor.

Because the target is null, no value can be set on the object.

I also tried using @ModelAttribute in front of the object, but it didn't help.

Has anyone else encountered similar problems, or did we miss something from the docs or upgrade guides?

Right now, this seems like a bug to us, because it can lead to tricky bugs due to changed runtime behavior.

Comment From: sbrannen

Hi @cafroxia,

Congratulations on submitting your first issue for the Spring Framework! 👍

If you would like us to look into this, please provide a minimal standalone project that demonstrates the behavior you've described (including the URL used for the GET request).

The project should be something that we can run locally -- for example a project in a public Git repository that we can clone or a ZIP file attached to this issue.

Thanks

Comment From: spring-projects-issues

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

Comment From: spring-projects-issues

Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.