Describe the bug
When adding an @PreAuthorize annotation to my repository interface that checks certain entity fields the following error occurs even when the entity is not null :
org.springframework.expression.spel.SpelEvaluationException: EL1007E: Property or field '*fieldName*' cannot be found on null
To Reproduce
Create repository with @PreAuthorize annotation and perform check on any entity field.
Expected behavior Authorization on fields is possible and throws the AccessDeniedException when pre authorize fails
Sample Demo project with 2 tests that execute an authorization that should fail and an authorization that should work https://github.com/Jef-VDD/spel-demo
Extra info This appears to be working when running with versions of org.springframework:spring-aop of 6.1.2 or lower. If this is not an issue with spring-security feel free to close this ticket and I will try to move my issue to the correct project (I assume either spring-expression or spring-aop)
If related to Spring AOP does not propagate arguments for dynamic prototype-scoped advice I will upgrade when possible!
Comment From: kse-music
It looks like this issue has been fixed by this commit
Comment From: jzheaux
Thanks for the report, @Jef-VDD! This appears to have been fixed already in Spring Framework, as you and @kse-music indicated. When I update your application to use <spring-framework.version>6.1.4</spring-framework.version>, the tests pass again.
As I check against future issues, I've added a test in https://github.com/spring-projects/spring-security/commit/c639d0a5143f99ea541e351800069cb807f42c0f