spring - Spring Security (java.lang.NullPointerException: null at org.springframework.security.authentication.ProviderManager.authenticate)
问题描述
我有弹簧安全问题。我是新手,所以不明白为什么它有时会起作用。(主类的每 2 次或第 3 次重启我都会从 ProviderManager 获得空指针)。因为我认为我的 UserDetailsService 实现的 loadUserByUsername 方法当时不会在 spring 调用。
错误堆栈跟踪
2018-06-27 05:07:39.180 INFO 5556 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization completed in 15 ms
2018-06-27 05:07:40.984 WARN 5556 --- [nio-8080-exec-2] o.a.c.util.SessionIdGeneratorBase : Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [101] milliseconds.
2018-06-27 05:07:42.285 ERROR 5556 --- [nio-8080-exec-4] o.a.c.c.C.[.[.[/].[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception
java.lang.NullPointerException: null
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:164) ~[spring-security-core-5.0.5.RELEASE.jar:5.0.5.RELEASE]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199) ~[spring-security-core-5.0.5.RELEASE.jar:5.0.5.RELEASE]
at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94) ~[spring-security-web-5.0.5.RELEASE.jar:5.0.5.RELEASE]
我的配置
@Configuration
@ComponentScan("hello")
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
Logger log = LoggerFactory.getLogger(WebSecurityConfig1.class);
@Autowired
public PasswordEncoder passwordEncoder;
private AuthenticationProvider authenticationProvider;
@Autowired
@Qualifier("daoAuthenticationProvider")
public void setAuthenticationProvider(AuthenticationProvider authenticationProvider) {
this.authenticationProvider = authenticationProvider;
}
@Bean
public DaoAuthenticationProvider daoAuthenticationProvider(PasswordEncoder passwordEncoder,
UserDetailsService userDetailsService){
DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
daoAuthenticationProvider.setPasswordEncoder(passwordEncoder);
daoAuthenticationProvider.setUserDetailsService(userDetailsService);
return daoAuthenticationProvider;
}
@Autowired
public void configureAuthManager(AuthenticationManagerBuilder authenticationManagerBuilder){
authenticationManagerBuilder.authenticationProvider(authenticationProvider);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/", "/home").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
}
}
用户详情服务
@Service("userDetailsService")
public class UDservice implements UserDetailsService {
Logger log = LoggerFactory.getLogger(UDservice1.class);
@Autowired
UserRepository repository;
public UserDetails converter(User user) {
UserDetailsImpl userDetails = new UserDetailsImpl();
userDetails.setUsername(user.getUsername());
userDetails.setPassword(user.getPwd());
userDetails.setEnabled(user.getEnabled());
Collection<SimpleGrantedAuthority> authorities = new ArrayList<>();
authorities.add(new SimpleGrantedAuthority(user.getRole()));
userDetails.setAuthorities(authorities);
return userDetails;
}
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
if (username != null){
return converter(repository.findByUsername(username));
}
else
throw new UsernameNotFoundException("null at name");
}
}
解决方案
我也有这个例外。如果您没有通过任何身份验证提供程序,您将收到此异常。
如果您没有提供身份验证提供程序 或者 您通过 null
- 在我的情况和 OP 的情况下Missed
@Autowired
(我配置了授权和身份验证,但 null 已通过)
//Missed autowired annotation
private CustomAuthenticationProvider customAuthenticationProvider;
并尝试注入 null
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception
{
auth.authenticationProvider(customAuthenticationProvider); // Null passed here
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/**").hasRole("ADMIN")
.anyRequest()
.authenticated()
.and()
.formLogin();
}
- 您可能错过了注入 authenticationProvider 依赖
.authenticationProvider(customAuthenticationProvider)
项或
注释行
//.authenticationProvider(customAuthenticationProvider)
推荐阅读
- c# - 工作后的 VOID 代码。使用 Ajax 的字符串返回不起作用。(检查 PayPal 详细信息)
- python - 我正在使用 Python Django,我想验证一个 NVarchar 变量
- php - Apeend jQuery 元素,其中包含动态 PHP 代码
- java - Java Hibernate:无法创建请求的服务 [org.hibernate.engine.jdbc.env.spi.JdbcEnvironment]
- go - 在两个不同函数中具有两个相似变量的指针
- flutter - Flutter:暂停代码执行以在启动时初始化 SharedPreferences
- javascript - Javascript 对象 | 分组 | 本机函数
- django - 为什么我的 Django Ajax 表单提交不起作用?
- flutter - 如何获得间隔不均匀的飞镖流?
- flutter - 为什么 showModalBottomSheet 覆盖bottomNavigationBar,而showBottomSheet 按位置显示在其顶部?