时间戳

首页 > 解决方案 > Spring Boot 为不安全的端点抛出 NotificationBroadcasterSupport::sendNotification NullPointerException

java - Spring Boot 为不安全的端点抛出 NotificationBroadcasterSupport::sendNotification NullPointerException

问题描述

我有一个基于 Spring Boot 的后端(从 JHipster 进行了大量修改)。每当对不安全的路径发出任何请求时,我都会看到以下错误。寻找可能导致它的原因以及如何减轻错误的想法。谢谢!

我几乎使用 jhipster SecurityConfigurator 并稍作修改。请参阅下面的代码。

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
@Import(SecurityProblemSupport::class)
class SecurityConfiguration(private val userDetailsService: UserDetailsService,
                            private val authenticationManagerBuilder: AuthenticationManagerBuilder,
                            private val tokenProvider: TokenProvider,
                            private val jHipsterProperties: JHipsterProperties,
                            private val corsFilter: CorsFilter,
                            private val problemSupport: SecurityProblemSupport) : WebSecurityConfigurerAdapter() {

  private val log = LoggerFactory.getLogger(SecurityConfiguration::class.java)

  @PostConstruct
  fun init() {
    try {
      authenticationManagerBuilder
          .userDetailsService(userDetailsService)
          .passwordEncoder(passwordEncoder())
    } catch (e: Exception) {
      throw BeanInitializationException("Security configuration failed", e)
    }

  }

  @Bean
  @Override
  @Throws(Exception::class)
  override fun authenticationManagerBean(): AuthenticationManager {
    return super.authenticationManagerBean()
  }

  @Bean
  fun passwordEncoder(): PasswordEncoder {
    return BCryptPasswordEncoder()
  }

  @Bean
  fun grantedAuthorityDefaults(): GrantedAuthorityDefaults {
    return GrantedAuthorityDefaults("") // Remove the ROLE_ prefix
  }


  @Throws(Exception::class)
  override fun configure(web: WebSecurity) {
    web.ignoring()
        .antMatchers(HttpMethod.OPTIONS, "/**")
        .antMatchers("/app/**/*.{js,html}")
        .antMatchers("/i18n/**")
        .antMatchers("/content/**")
        .antMatchers("/test/**")
  }

  @Throws(Exception::class)
  override fun configure(http: HttpSecurity) {
    http
        .csrf()
        .disable()
        .addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter::class.java)
        .exceptionHandling()
        .authenticationEntryPoint(problemSupport)
        .accessDeniedHandler(problemSupport)
        .and()
        .headers()
        .frameOptions()
        .disable()
        .and()
        .sessionManagement()
        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        .and()
        .authorizeRequests()
        .antMatchers("/api/register").permitAll()
        .antMatchers("/api/activate").permitAll()
        .antMatchers("/api/authenticate").permitAll()
        .antMatchers("/api/account/reset-password/init").permitAll()
        .antMatchers("/api/account/reset-password/finish").permitAll()
        .antMatchers("/api/counties").permitAll()
        .antMatchers("/api/**").authenticated()
        .antMatchers("/websocket/**").permitAll()
        .antMatchers("/webhooks/stripe").permitAll()
        .antMatchers("/admin").hasRole("ADMIN")
        .and()
        .apply(securityConfigurerAdapter())
  }

  private fun securityConfigurerAdapter(): JWTConfigurer {
    return JWTConfigurer(tokenProvider)
  }
}

每当我的角度站点到达/api/authenticate端点时,我都会收到以下错误:

2019-06-07 17:46:37.014 DEBUG 22072 --- [nio-8080-exec-2] javax.management                         : NotificationBroadcasterSupport::sendNotification

java.lang.NullPointerException: null
    at io.micrometer.core.instrument.binder.tomcat.TomcatMetrics.lambda$registerMetricsEventually$aa4da135$1(TomcatMetrics.java:260)
    at java.management/javax.management.NotificationBroadcasterSupport.sendNotification(NotificationBroadcasterSupport.java:238)
    at java.management/javax.management.MBeanServerDelegate.sendNotification(MBeanServerDelegate.java:211)
    at java.management/com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.sendNotification(DefaultMBeanServerInterceptor.java:1473)
    at java.management/com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.registerWithRepository(DefaultMBeanServerInterceptor.java:1867)
    at java.management/com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.registerDynamicMBean(DefaultMBeanServerInterceptor.java:955)
    at java.management/com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.registerObject(DefaultMBeanServerInterceptor.java:890)
    at java.management/com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.registerMBean(DefaultMBeanServerInterceptor.java:320)
    at java.management/com.sun.jmx.mbeanserver.JmxMBeanServer.registerMBean(JmxMBeanServer.java:522)
    at org.apache.tomcat.util.modeler.Registry.registerComponent(Registry.java:639)
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.register(AbstractProtocol.java:1061)
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:825)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1747)
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.base/java.lang.Thread.run(Thread.java:835)

注意:它实际上不会影响应用程序的功能,但我不想让我的应用程序在每次有人尝试点击登录页面时都抛出错误......

标签: javaspring-boot

解决方案

推荐阅读