this is probably not spring specific, more like how kotlin delegation works, but I have a weird problem with custom security expression. given a custom expression root

class CustomFilterSecurityExpressionRoot(
  webSecurityExpressionRoot: SecurityExpressionOperations
) : SecurityExpressionOperations by webSecurityExpressionRoot {
  fun isAuthenticatedUser() = !isClient() && isAuthenticated

  fun isClaimClient() = isClient()

  private fun isClient() = authentication.name.contains("@")
}

and a security configuration like

http.authorizeRequests()
  .expressionHandler(CustomFilterSecurityExpressionHandler())
  .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
  .anyRequest().access("claimClient || authenticatedUser")

when I try to

GET myservice/actuator

I get

Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1008E: Property or field 'permitAll' cannot be found on object of type 'com.iptiq.claim.distribution.config.CustomFilterSecurityExpressionRoot' - maybe not public or not valid?

in fact, I can solve the issue by adding

val permitAll = permitAll()

to

CustomFilterSecurityExpressionRoot

, but it seems cumbersome. is there a more elegant way (also because if this is only approach I would need to create a field for basically every method I want to delegate, which defeats the goal of delegation). I understand (probably wrongly) that if the method in

org.springframework.security.access.expression.SecurityExpressionOperations

would be call

getPermitAll()

instead of

permitAll

my delegation would work, am I right?