Java 在SpringSecurity 5.4.5中使用@PreAuthorize（"；oauth2.hasScope（&x27；internal&&x27；）"；）

我仍在学习并试图理解春季使用的安全主题

我正在开发microservices应用程序，在启动时，每个服务都连接到OAuth服务，并获得他的

承载令牌。每个服务都有索赔
“范围”：[“内部”]


当服务相互通信时，每个端点都受到
@PreAuthorize
注释的保护

重要的是——目前我将所有项目从SpringBoot版本1.5.9迁移到2.4.4，因此我花了大量时间来管理迁移使用该版本所需的所有依赖项。
此时，我使用SpringSecurity 5.4.5。


当某个服务调用另一个服务时，出现错误：

原因：org.springframework.expression.spel.SpelEvaluationException:EL1011E:方法调用：试图调用空上下文对象上的方法hasScope（java.lang.String）

我所能理解的是，我没有
OAuth2SecurityExpressionMethods
实例，或者它是用
null
值创建的

完整堆栈轨迹如下所示：

java.lang.IllegalArgumentException: Failed to evaluate expression '#oauth2.hasScope('internal')'
at org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:33)
at org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice.before(ExpressionBasedPreInvocationAdvice.java:51)
at org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter.vote(PreInvocationAuthorizationAdviceVoter.java:71)
at org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter.vote(PreInvocationAuthorizationAdviceVoter.java:42)
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:60)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.attemptAuthorization(AbstractSecurityInterceptor.java:238)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:208)
at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:58)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:750)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:750)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:692)
at pl.company.management.controller.v4.Internal_ControllerV4$$EnhancerBySpringCGLIB$$c7901e5a.getSomeObjectToLoad(<generated>)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:197)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:141)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:106)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:894)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:808)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1060)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:962)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:626)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:733)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:327)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:81)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:126)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:81)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:149)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter.doFilter(OAuth2AuthenticationProcessingFilter.java:182)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:103)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:89)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:110)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:55)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:211)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.springframework.cloud.sleuth.instrument.web.servlet.TracingFilter.doFilter(TracingFilter.java:89)
at org.springframework.cloud.sleuth.autoconfig.instrument.web.LazyTracingFilter.doFilter(TraceWebServletConfiguration.java:114)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:93)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at pl.company.common.configuration.SimpleCorsFilter.doFilter(SimpleCorsFilter.java:32)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:374)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:893)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1707)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1011E: Method call: Attempted to call method hasScope(java.lang.String) on null context object
at org.springframework.expression.spel.ast.MethodReference.throwIfNotNullSafe(MethodReference.java:154)
at org.springframework.expression.spel.ast.MethodReference.getValueRef(MethodReference.java:83)
at org.springframework.expression.spel.ast.CompoundExpression.getValueRef(CompoundExpression.java:70)
at org.springframework.expression.spel.ast.CompoundExpression.getValueInternal(CompoundExpression.java:91)
at org.springframework.expression.spel.ast.SpelNodeImpl.getTypedValue(SpelNodeImpl.java:117)
at org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:308)
at org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:30)
... 104 common frames omitted

java.lang.IllegalArgumentException:未能计算表达式“#oauth2.hasScope（'internal'）”
位于org.springframework.security.access.expression.ExpressionUtils.evaluatesBoolean（ExpressionUtils.java:33）
位于org.springframework.security.access.expression.method.ExpressionBaseDpreInLocationAdvice.before（expressionBaseDpreInLocationAdvice.java:51）
位于org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter.vote（PreInvocationAuthorizationAdviceVoter.java:71）
位于org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter.vote（PreInvocationAuthorizationAdviceVoter.java:42）
位于org.springframework.security.access.vote.AffirmativeBased.decise（AffirmativeBased.java:60）
位于org.springframework.security.access.intercept.AbstractSecurityInterceptor.attemptAuthorization（AbstractSecurityInterceptor.java:238）
位于org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation（AbstractSecurityInterceptor.java:208）
位于org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke（MethodSecurityInterceptor.java:58）
位于org.springframework.aop.framework.ReflectiveMethodInvocation.procedue（ReflectiveMethodInvocation.java:186）
位于org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.procedue（CglibAopProxy.java:750）
位于org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke（ExposeInvocationInterceptor.java:97）
位于org.springframework.aop.framework.ReflectiveMethodInvocation.procedue（ReflectiveMethodInvocation.java:186）
位于org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.procedue（CglibAopProxy.java:750）
位于org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept（CglibAopProxy.java:692）
位于pl.company.management.controller.v4.Internal_ControllerV4$$EnhancerBySpringCGLIB$$c7901e5a.getSomeObjectToLoad（）
在sun.reflect.NativeMethodAccessorImpl.invoke0（本机方法）处
位于sun.reflect.NativeMethodAccessorImpl.invoke（NativeMethodAccessorImpl.java:62）
在sun.reflect.DelegatingMethodAccessorImpl.invoke（DelegatingMethodAccessorImpl.java:43）中
位于java.lang.reflect.Method.invoke（Method.java:498）
位于org.springframework.web.method.support.InvocableHandlerMethod.doInvoke（InvocableHandlerMethod.java:197）
位于org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest（InvocableHandlerMethod.java:141）
位于org.springframework.web.servlet.mvc.method.annotation.ServletinVaccableHandlerMethod.invokeAndHandle（ServletinVaccableHandlerMethod.java:106）
位于org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod（RequestMappingHandlerAdapter.java:894）
位于org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal（RequestMappingHandlerAdapter.java:808）
位于org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle（AbstractHandlerMethodAdapter.java:87）
位于org.springframework.web.servlet.DispatcherServlet.doDispatch（DispatcherServlet.java:1060）
位于org.springframework.web.servlet.DispatcherServlet.doService（DispatcherServlet.java:962）
位于org.springframework.web.servlet.FrameworkServlet.processRequest（FrameworkServlet.java:1006）
位于org.springframework.web.servlet.FrameworkServlet.doGet（FrameworkServlet.java:898）
位于javax.servlet.http.HttpServlet.service（HttpServlet.java:626）
位于org.springframework.web.servlet.FrameworkServlet.service（FrameworkServlet.java:883）
位于javax.servlet.http.HttpServlet.service（HttpServlet.java:733）
位于org.apache.catalina.core.ApplicationFilterChain.internalDoFilter（ApplicationFilterChain.java:227）
位于org.apache.catalina.core.ApplicationFilterChain.doFilter（ApplicationFilterChain.java:162）
位于org.apache.tomcat.websocket.server.WsFilter.doFilter（WsFilter.java:53）
位于org.apache.catalina.core.ApplicationFilterChain.internalDoFilter（ApplicationFilterChain.java:189）
位于org.apache.catalina.core.ApplicationFilterChain.doFilter（ApplicationFilterChain.java:162）
位于org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter（FilterChainProxy.java:327）
位于org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke（FilterSecurityInterceptor.java:115）
位于org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter（FilterSecurityInterceptor.java:81）
位于org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter（FilterChainProxy.java:336）
位于org.springframework.security.web.access.ExceptionTranslationFilter.doFilter（ExceptionTranslationFilter.java:119）
位于org.springframework.security.web.access.ExceptionTranslationFilter.doFilter（ExceptionTranslationFilter.java:113）
位于org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter（FilterChainProxy.java:336）
在org.spr