Spring security doesnt work as expected in UserService

We use preauthorize tags in the userservice functions such as editUser, that dictate that the function should be executed if the user is admin, or if the user's username corresponds to the username provided as argument to the function. The code for that is 'authentication.name==#username'. This mechanism is not working, as it seems to be that #username resolves to null, for no apparent good reason. As a workaround, the pre-authorize has been set to isAuthenticated() and this check is taking place within the body of the function now, with an exception thrown for if theres a security issue. This is inelegant, and should be fixed, even if the user should never see this unless they are a hacker, or if the developer is making a very serious mistake.