Spring Security @PreAuthorize #parameters null in Spring Security 6.1.x (Spring Boot 3.2.x)

Describe the bug In Spring Boot 3.2.x (Spring Security 6.1.x) my @Components used in @PreAuthorize annotations receive all null values for #parameters. This behavior is not present in Spring Boot 3.1.x (Spring Security 6.0.x) or Spring Boot 3.0.x or Spring Boot 2.7.

Upgrading or downgrading using the Spring Boot BOM: org.springframework.boot:spring-boot-dependencies

Update:

javac -parameters fixes this, but the docs say that is only necessary for Interfaces, not Classes

Sample

    @Service
    public class GroupService {
        @PreAuthorize("@securityEvaluator.canManageGroup(#parentGroupId)")
        public GroupDTO createGroup( Long parentGroupId, String name ) {
        }
    }

    @Component("securityEvaluator")
    public class SecurityEvaluator {

        public boolean canManageGroup( Long groupId ) {
            // groupId is null here in 3.2.x       
        }
    }

Comment From: marcusdacoregio

Hi, @sotg-duncan-idaho. A tiny correction is that Spring Boot 3.2 uses Spring Security 6.2.

The documentation says that you need to compile with -parameters, I don't see where it says it is only necessary for interfaces.

Since that is expected, I'm closing this.