spring - spring security - jwt 请求过滤器验证和验证会话,但主体为空
问题描述
从某种方式更新我的弹簧启动后,我的2.0.3
配置停止工作。设置如下 - 我希望我的所有请求都由请求过滤器处理,其中验证并创建了令牌。所以配置很简单:2.2.1
Spring Security
JWT
UserDetails
@Configuration
@EnableWebSecurity
public class NoAuthConfigurationAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/**").permitAll()
.anyRequest().authenticated();
}
}
和过滤器类
@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class JwtRequestFilter extends OncePerRequestFilter {
private static final Logger log = LoggerFactory.getLogger(JwtRequestFilter.class);
@Autowired
private JwtUserDetailsService jwtUserDetailsService;
@Autowired
private JwtUtils jwtTokenUtil;
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws ServletException, IOException {
String requestTokenHeader = "";
try{
requestTokenHeader = WebUtils.getCookie(request, "token").getValue();
} catch (NullPointerException ex ){}
if (requestTokenHeader != null && requestTokenHeader.contains(".")) {
jwtToken = requestTokenHeader;
try {
username = jwtTokenUtil.getUsernameFromToken(jwtToken);
} catch (IllegalArgumentException e) {
log.error("Unable to get JWT Token");
} catch (ExpiredJwtException e) {
log.error("JWT Token has expired");
}
}
if (username != null ) {
UserDetails userDetails = null;
userDetails = this.jwtUserDetailsService.loadUserByUsername(username);
if (jwtTokenUtil.validateToken(jwtToken, userDetails)) {
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(
userDetails, null, userDetails.getAuthorities());
usernamePasswordAuthenticationToken
.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
}
} else {
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
return;
}
chain.doFilter(request, response);
}
@Override
protected boolean shouldNotFilter(HttpServletRequest request) {
String[] AUTH_WHITELIST = {
"/v2/auth/",
"/api/packetdiscovery"
};
String path = request.getServletPath();
return (StringUtils.startsWithAny(path, AUTH_WHITELIST));
}
}
通过调试,我可以看到一切顺利,直到请求到达NullPointerException
被抛出的控制器Principal
@PreAuthorize("hasAuthority('ROLE_USER')")
@GetMapping(value = "/userinfo")
public ResponseEntity<SessionOwner> getSesstionOwner(Principal user) {
return dashboardService.getSessionOwner(user.getName());
}
谁能给我建议如何处理它?
解决方案
推荐阅读
- python - 无法安装flask-mysqldb
- php - PHP组合多个对象数组并改变数组结构
- javascript - Webpack Encore Jquery 最大调用栈大小
- mysql - 带比较的案例陈述
- cassandra - 没有列的 DSE 5.1.10 表.. 重新启动错误
- python - 如何以编程方式传递关键字以在 python 中运行?
- linker - 构建用于 Nordic SDK 程序的静态 rust 库时的“memset”的多重定义
- docker - 如果在 Docker 下运行的 .NET Core 单元测试的代码覆盖率低于 90%,则破坏 TeamCity 中的构建
- ios - 在目标 c 中使用 jsonModel 映射时将默认值设置为空字段
- android - 为特定活动实现广播接收器