AuthenticationManager.authenticates 给我 StackOverflowError
AuthenticationManager.authenticates gives me StackOverflowError
今天早上我用 Spring-Security JWT 实现了我自己的登录控制器,它工作得很好。
现在我在不更改代码的情况下尝试了相同的方法(这就是 git 存储库所说的)并且当 AuthenticationManager.authenticate 用户时我收到 java.lang.WhosebugError: null。
这是代码:
安全配置:
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
RestAuthenticationEntryPoint restAuthenticationEntryPoint;
@Autowired
UserRepository userRepository;
@Bean
public PasswordEncoder encoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
super.configure(auth);
}
@Bean(name = BeanIds.AUTHENTICATION_MANAGER)
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.sessionManagement().sessionCreationPolicy( SessionCreationPolicy.STATELESS )
.and()
.addFilter( new JwtAuthorizationFilter( authenticationManager(),restAuthenticationEntryPoint,userRepository ) );
http.exceptionHandling().authenticationEntryPoint( restAuthenticationEntryPoint );
http.authorizeRequests()
.antMatchers( HttpMethod.POST,"/Auth/login" ).permitAll()
.antMatchers( HttpMethod.POST,"/Auth/signup" ).permitAll()
.anyRequest().authenticated();
}
}
登录控制器:
@RestController
@RequestMapping("/Auth")
public class AuthController {
@Autowired
private AuthService authService;
@RequestMapping(value = "/signup", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
public SignUpDTO signUp(@RequestBody SignUpDTO signUpDTO){
return authService.signUp( signUpDTO );
}
@RequestMapping(value = "/login", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
public LogedUserDTO login(@RequestBody LoginDTO loginDTO){
return authService.login( loginDTO );
}
}
身份验证服务:
@Service
@Transactional
public class AuthServiceImpl implements AuthService {
private static final String EMAIL_PATTERN =
"^[_A-Za-z0-9-+]+(.[_A-Za-z0-9-]+)*@" + "[A-Za-z0-9-]+(.[A-Za-z0-9]+)*(.[A-Za-z]{2,})$";
@Autowired
private UserRepository userRepository;
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
@Qualifier(BeanIds.AUTHENTICATION_MANAGER)
private AuthenticationManager authenticationManagerBean;
@Override
public SignUpDTO signUp(SignUpDTO signUpDTO) {
validateSignUpRequest( signUpDTO );
User newUser = mapUserFromSignUp( signUpDTO );
userRepository.save( newUser );
return signUpDTO;
}
public LogedUserDTO login(LoginDTO loginDTO) {
User user = userRepository.findByEmail( loginDTO.getEmail() );
if (user == null) {
throw new LoginSignUpException( AuthErrorCodes.LOGIN_ERROR_USER_NOT_FOUND );
} else if (user.getPassword() == null) {
throw new LoginSignUpException( AuthErrorCodes.LOGIN_ERROR_NULL_PASSWORD );
} else if (!validPassword( loginDTO.getPassword(), user.getPassword() )) {
throw new LoginSignUpException( AuthErrorCodes.LOGIN_ERROR_WRONG_PASSWORD );
}
UsernamePasswordAuthenticationToken authenticationWithToken =
new UsernamePasswordAuthenticationToken( loginDTO.getEmail(), loginDTO.getPassword(), null );
Authentication authentication = authenticationManagerBean.authenticate( authenticationWithToken );
String token = generateToken( user.getEmail() );
LogedUserDTO logedUserDTO =
new LogedUserDTO( user.getEmail(), TokenProperties.PREFIX + token, TokenProperties.EXPIRATION_TIME,
null );
return logedUserDTO;
}
这里失败了:Authentication authentication = authenticationManagerBean.authenticate( authenticationWithToken );
我发誓它工作正常但突然:
java.lang.WhosebugError: null
at org.springframework.aop.framework.AdvisedSupport$MethodCacheKey.equals(AdvisedSupport.java:596) ~[spring-aop-5.1.8.RELEASE.jar:5.1.8.RELEASE]
at java.util.concurrent.ConcurrentHashMap.get(ConcurrentHashMap.java:940) ~[na:1.8.0_161]
at org.springframework.aop.framework.AdvisedSupport.getInterceptorsAndDynamicInterceptionAdvice(AdvisedSupport.java:481) ~[spring-aop-5.1.8.RELEASE.jar:5.1.8.RELEASE]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:196) ~[spring-aop-5.1.8.RELEASE.jar:5.1.8.RELEASE]
at com.sun.proxy.$Proxy110.authenticate(Unknown Source) ~[na:na]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:200) ~[spring-security-core-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:503) ~[spring-security-config-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at sun.reflect.GeneratedMethodAccessor57.invoke(Unknown Source) ~[na:na]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_161]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_161]
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343) ~[spring-aop-5.1.8.RELEASE.jar:5.1.8.RELEASE]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:205) ~[spring-aop-5.1.8.RELEASE.jar:5.1.8.RELEASE]
at com.sun.proxy.$Proxy110.authenticate(Unknown Source) ~[na:na]
AND SO ON
我记得把令牌还给我是完美的,很奇怪现在 return 这个错误。
如果有人能帮助我,我将不胜感激,因为我无法继续完成任务
提前致谢
我已经尝试了很多东西,但我找不到解决方案。
已经晚了,但我仍然建议使用这个简单的解决方案来避免使用 UserDetailService,正如 Gabriel García Garrido 所问的那样。只需创建 AuthenticationManager 的最小实现并使用它而不是你的 bean,如你在 Spring documentation:
中所见
import org.springframework.security.authentication.*;
import org.springframework.security.core.*;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
public class AuthenticationExample {
private static AuthenticationManager am = new SampleAuthenticationManager();
public static void main(String[] args) throws Exception {
BufferedReader in = new BufferedReader(new InputStreamReader(System.in));
while(true) {
System.out.println("Please enter your username:");
String name = in.readLine();
System.out.println("Please enter your password:");
String password = in.readLine();
try {
Authentication request = new UsernamePasswordAuthenticationToken(name, password);
Authentication result = am.authenticate(request);
//to save user into the session
SecurityContext sc = SecurityContextHolder.getContext();
sc.setAuthentication(result);
HttpSession session = req.getSession(true);
session.setAttribute("SPRING_SECURITY_CONTEXT_KEY", sc);
break;
} catch(AuthenticationException e) {
System.out.println("Authentication failed: " + e.getMessage());
}
}
System.out.println("Successfully authenticated. Security context contains: " +
SecurityContextHolder.getContext().getAuthentication());
}
}
public class SampleAuthenticationManager implements AuthenticationManager {
static final List<GrantedAuthority> AUTHORITIES = new ArrayList<GrantedAuthority>();
static {
AUTHORITIES.add(new SimpleGrantedAuthority("ROLE_USER"));
}
public Authentication authenticate(Authentication auth) throws AuthenticationException {
if (auth.getName().equals(auth.getCredentials())) {
return new UsernamePasswordAuthenticationToken(auth.getName(),
auth.getCredentials(), AUTHORITIES);
}
throw new BadCredentialsException("Bad Credentials");
}
}
当您使用自定义 AuthenticationProvider 时,从配置文件中删除 UserDetailsService bean 创建。
今天早上我用 Spring-Security JWT 实现了我自己的登录控制器,它工作得很好。
现在我在不更改代码的情况下尝试了相同的方法(这就是 git 存储库所说的)并且当 AuthenticationManager.authenticate 用户时我收到 java.lang.WhosebugError: null。
这是代码:
安全配置:
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
RestAuthenticationEntryPoint restAuthenticationEntryPoint;
@Autowired
UserRepository userRepository;
@Bean
public PasswordEncoder encoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
super.configure(auth);
}
@Bean(name = BeanIds.AUTHENTICATION_MANAGER)
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.sessionManagement().sessionCreationPolicy( SessionCreationPolicy.STATELESS )
.and()
.addFilter( new JwtAuthorizationFilter( authenticationManager(),restAuthenticationEntryPoint,userRepository ) );
http.exceptionHandling().authenticationEntryPoint( restAuthenticationEntryPoint );
http.authorizeRequests()
.antMatchers( HttpMethod.POST,"/Auth/login" ).permitAll()
.antMatchers( HttpMethod.POST,"/Auth/signup" ).permitAll()
.anyRequest().authenticated();
}
}
登录控制器:
@RestController
@RequestMapping("/Auth")
public class AuthController {
@Autowired
private AuthService authService;
@RequestMapping(value = "/signup", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
public SignUpDTO signUp(@RequestBody SignUpDTO signUpDTO){
return authService.signUp( signUpDTO );
}
@RequestMapping(value = "/login", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
public LogedUserDTO login(@RequestBody LoginDTO loginDTO){
return authService.login( loginDTO );
}
}
身份验证服务:
@Service
@Transactional
public class AuthServiceImpl implements AuthService {
private static final String EMAIL_PATTERN =
"^[_A-Za-z0-9-+]+(.[_A-Za-z0-9-]+)*@" + "[A-Za-z0-9-]+(.[A-Za-z0-9]+)*(.[A-Za-z]{2,})$";
@Autowired
private UserRepository userRepository;
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
@Qualifier(BeanIds.AUTHENTICATION_MANAGER)
private AuthenticationManager authenticationManagerBean;
@Override
public SignUpDTO signUp(SignUpDTO signUpDTO) {
validateSignUpRequest( signUpDTO );
User newUser = mapUserFromSignUp( signUpDTO );
userRepository.save( newUser );
return signUpDTO;
}
public LogedUserDTO login(LoginDTO loginDTO) {
User user = userRepository.findByEmail( loginDTO.getEmail() );
if (user == null) {
throw new LoginSignUpException( AuthErrorCodes.LOGIN_ERROR_USER_NOT_FOUND );
} else if (user.getPassword() == null) {
throw new LoginSignUpException( AuthErrorCodes.LOGIN_ERROR_NULL_PASSWORD );
} else if (!validPassword( loginDTO.getPassword(), user.getPassword() )) {
throw new LoginSignUpException( AuthErrorCodes.LOGIN_ERROR_WRONG_PASSWORD );
}
UsernamePasswordAuthenticationToken authenticationWithToken =
new UsernamePasswordAuthenticationToken( loginDTO.getEmail(), loginDTO.getPassword(), null );
Authentication authentication = authenticationManagerBean.authenticate( authenticationWithToken );
String token = generateToken( user.getEmail() );
LogedUserDTO logedUserDTO =
new LogedUserDTO( user.getEmail(), TokenProperties.PREFIX + token, TokenProperties.EXPIRATION_TIME,
null );
return logedUserDTO;
}
这里失败了:Authentication authentication = authenticationManagerBean.authenticate( authenticationWithToken );
我发誓它工作正常但突然:
java.lang.WhosebugError: null
at org.springframework.aop.framework.AdvisedSupport$MethodCacheKey.equals(AdvisedSupport.java:596) ~[spring-aop-5.1.8.RELEASE.jar:5.1.8.RELEASE]
at java.util.concurrent.ConcurrentHashMap.get(ConcurrentHashMap.java:940) ~[na:1.8.0_161]
at org.springframework.aop.framework.AdvisedSupport.getInterceptorsAndDynamicInterceptionAdvice(AdvisedSupport.java:481) ~[spring-aop-5.1.8.RELEASE.jar:5.1.8.RELEASE]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:196) ~[spring-aop-5.1.8.RELEASE.jar:5.1.8.RELEASE]
at com.sun.proxy.$Proxy110.authenticate(Unknown Source) ~[na:na]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:200) ~[spring-security-core-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:503) ~[spring-security-config-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at sun.reflect.GeneratedMethodAccessor57.invoke(Unknown Source) ~[na:na]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_161]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_161]
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343) ~[spring-aop-5.1.8.RELEASE.jar:5.1.8.RELEASE]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:205) ~[spring-aop-5.1.8.RELEASE.jar:5.1.8.RELEASE]
at com.sun.proxy.$Proxy110.authenticate(Unknown Source) ~[na:na]
AND SO ON
我记得把令牌还给我是完美的,很奇怪现在 return 这个错误。
如果有人能帮助我,我将不胜感激,因为我无法继续完成任务
提前致谢
我已经尝试了很多东西,但我找不到解决方案。
已经晚了,但我仍然建议使用这个简单的解决方案来避免使用 UserDetailService,正如 Gabriel García Garrido 所问的那样。只需创建 AuthenticationManager 的最小实现并使用它而不是你的 bean,如你在 Spring documentation:
中所见 import org.springframework.security.authentication.*;
import org.springframework.security.core.*;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
public class AuthenticationExample {
private static AuthenticationManager am = new SampleAuthenticationManager();
public static void main(String[] args) throws Exception {
BufferedReader in = new BufferedReader(new InputStreamReader(System.in));
while(true) {
System.out.println("Please enter your username:");
String name = in.readLine();
System.out.println("Please enter your password:");
String password = in.readLine();
try {
Authentication request = new UsernamePasswordAuthenticationToken(name, password);
Authentication result = am.authenticate(request);
//to save user into the session
SecurityContext sc = SecurityContextHolder.getContext();
sc.setAuthentication(result);
HttpSession session = req.getSession(true);
session.setAttribute("SPRING_SECURITY_CONTEXT_KEY", sc);
break;
} catch(AuthenticationException e) {
System.out.println("Authentication failed: " + e.getMessage());
}
}
System.out.println("Successfully authenticated. Security context contains: " +
SecurityContextHolder.getContext().getAuthentication());
}
}
public class SampleAuthenticationManager implements AuthenticationManager {
static final List<GrantedAuthority> AUTHORITIES = new ArrayList<GrantedAuthority>();
static {
AUTHORITIES.add(new SimpleGrantedAuthority("ROLE_USER"));
}
public Authentication authenticate(Authentication auth) throws AuthenticationException {
if (auth.getName().equals(auth.getCredentials())) {
return new UsernamePasswordAuthenticationToken(auth.getName(),
auth.getCredentials(), AUTHORITIES);
}
throw new BadCredentialsException("Bad Credentials");
}
}
当您使用自定义 AuthenticationProvider 时,从配置文件中删除 UserDetailsService bean 创建。