java - spring security上的用户名随机未设置
问题描述
我有一个 spring boot 应用程序,它使用 spring 安全/基本身份验证来开发 api 接口。
该应用程序没有数据库,因此我为存储在 application.yml 文件中的密码设置了编码器,并在属性中进行了编码。
有时,当我使用 mvn spring-boot:run 启动应用程序时,应用程序不会从 yml 文件中读取用户名属性,而是有时会正确获取数据。
这很奇怪,因为我只是重新运行应用程序并且该属性不起作用。
有人对此有想法吗?
这是 yml 文件:
security:
username: myuser
password: xxxxxxx-the-encoded-password
strenght: 8
这是 Spring @Configuration 文件:
@EnableWebSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private Integer passwordStrenght;
@Value("${security.strenght:8}")
public void setPasswordStrenght(Integer passwordStrenght) {
this.passwordStrenght = passwordStrenght;
}
private String username;
@Value("${security.username}")
public void setUsername(String username) {
this.username = username;
}
private String password;
@Value("${security.password}")
public void setPassword(String password) {
this.password = password;
}
@Autowired
private ApplicationBasicAuthenticationEntryPoint authenticationEntryPoint;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser(
User.builder()
.username(username)
.password(password)
.authorities("USER")
);
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder(passwordStrenght);
}
@Autowired
private AccessDeniedHandler accessDeniedHandler;
@Bean
public AccessDeniedHandler accessDeniedHandler() {
return new AccessDeniedHandlerImpl();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers(
"/",
"/dashboard" // will stores web pages
).permitAll()
.antMatchers("/api/**").hasAnyRole("USER")
.anyRequest().authenticated()
.and()
.httpBasic()
.authenticationEntryPoint(authenticationEntryPoint)
.and().cors()
.and()
.exceptionHandling()
.accessDeniedHandler(accessDeniedHandler);
http.addFilterAfter(new SecurityFilter(), BasicAuthenticationFilter.class);
}
}
强文本
2018-07-27 19:19:34.833 WARN 10809 --- [ restartedMain] ConfigServletWebServerApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'securityConfig': Injection of autowired dependencies failed; nested exception is java.lang.IllegalArgumentException: username cannot be null
2018-07-27 19:19:34.862 ERROR 10809 --- [ restartedMain] o.s.boot.SpringApplication : Application run failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'securityConfig': Injection of autowired dependencies failed; nested exception is java.lang.IllegalArgumentException: username cannot be null
at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:379) ~[spring-beans-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1348) ~[spring-beans-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:578) ~[spring-beans-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:501) ~[spring-beans-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:317) ~[spring-beans-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:228) ~[spring-beans-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:315) ~[spring-beans-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199) ~[spring-beans-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:760) ~[spring-beans-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:869) ~[spring-context-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:550) ~[spring-context-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:140) ~[spring-boot-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:759) [spring-boot-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:395) [spring-boot-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:327) [spring-boot-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1255) [spring-boot-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1243) [spring-boot-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at com.my.app.MyApplication.main(MyApplication.java:10) [classes/:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_171]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_171]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_171]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_171]
at org.springframework.boot.devtools.restart.RestartLauncher.run(RestartLauncher.java:49) [spring-boot-devtools-2.0.2.RELEASE.jar:2.0.2.RELEASE]
Caused by: java.lang.IllegalArgumentException: username cannot be null
at org.springframework.util.Assert.notNull(Assert.java:193) ~[spring-core-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.core.userdetails.User$UserBuilder.username(User.java:377) ~[spring-security-core-5.0.5.RELEASE.jar:5.0.5.RELEASE]
at com.my.app.config.SecurityConfig.configureGlobal(SecurityConfig.java:52) ~[classes/:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_171]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_171]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_171]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_171]
at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:699) ~[spring-beans-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:91) ~[spring-beans-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:373) ~[spring-beans-5.0.6.RELEASE.jar:5.0.6.RELEASE]
... 22 common frames omitted
谢谢,戴维德。
解决方案
我遇到了类似的问题。通过使用属性类解决。您可以在此处注入 @ConfgiruationProperties 类。然后您从属性中获取用户名 && 密码。
@Scope(value = "singleton")
@ConfigurationProperties("com.custom")
@Configuration
@EnableConfigurationProperties
@Data
public class AppProperties {
private String userName;
private String password;
}
然后yml:
com:
custom:
userName:
password:
@autowired 应用程序属性:
@EnableWebSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
AppProperties appProperties;
}
推荐阅读
- angular - iOS WKWebview 上的 Ionic 3 i18n 翻译
- c++ - C ++:将一行读为:'string string;int'
- formatjs - 如何将 format.js 与 node.js 一起使用
- excel - 如何使用 SUMPRODUCT 和 MAX 函数对多张工作表上的数据求和?
- javascript - 如何以角度触发主机组件上的动画?
- git - 我可以创建一个从开源存储库克隆的存储库,并且仍然能够将他们的新更新合并到我的存储库中吗?
- java - 以编程方式创建的下划线微调器
- css - 静态 CSS 文件不适用于路由器 Express
- android - Android:从在活动上扩展的 AbstractActivity 类调用变量时出现问题
- sql - 如何比较两个表?