Question

这是来自here的Spring安全登录示例。我将注释配置更改为XML，并且对应该指向的URL进行了一些更改。我能够成功登录db中的凭据。如果我输入错误的密码我收到无效的消息。但是如果我输入一个不在db中的用户名或只是提交没有值的用户名，我会得到nullpointerexception。

java.lang.NullPointerException
    com.xxxx.service.CustomUserDetailsService.loadUserByUsername(CustomUserDetailsService.java:37)
    sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    java.lang.reflect.Method.invoke(Method.java:606)

CustomUserDetailsService.java

@Service
@Transactional(readOnly=true)
public class CustomUserDetailsService implements UserDetailsService {

    @Autowired
    private LoginDAO loginDAO;

    public UserDetails loadUserByUsername(String userName)
            throws UsernameNotFoundException {

        com.xxxx.model.Login domainUser = loginDAO.getUser(userName);

        boolean enabled = true;
        boolean accountNonExpired = true;
        boolean credentialsNonExpired = true;
        boolean accountNonLocked = true;

        return new User(
                domainUser.getUserName(), // line 37
                domainUser.getPassword(),
                enabled,
                accountNonExpired,
                credentialsNonExpired,
                accountNonLocked,
                getAuthorities(domainUser.getRole().getId())
                ); 

            }

            public Collection<? extends GrantedAuthority> getAuthorities(Integer role) {
            List<GrantedAuthority> authList = getGrantedAuthorities(getRoles(role));
            return authList;
            }

            public List<String> getRoles(Integer role) {

                List<String> roles = new ArrayList<String>();

                if (role.intValue() == 1) {
                roles.add("ROLE_MODERATOR");
                roles.add("ROLE_ADMIN");
                } else if (role.intValue() == 2) {
                roles.add("ROLE_MODERATOR");
                }
                return roles;
                }
            public static List<GrantedAuthority> getGrantedAuthorities(List<String> roles) {
                List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();

                for (String role : roles) {
                authorities.add(new GrantedAuthorityImpl (role));
                }
                return authorities;
                }
}

弹簧security.xml文件

<http auto-config="true">

<intercept-url pattern="/success" access="ROLE_MODERATOR" />
<intercept-url pattern="/success" access="ROLE_ADMIN" />

<form-login login-page="/login.html"
default-target-url="/success.html"
authentication-failure-url="/error.html" />
<logout logout-success-url="/login.html" />

</http>

<authentication-manager>
<authentication-provider user-service-ref="customUserDetailsService">
<password-encoder hash="plaintext" />
</authentication-provider>
</authentication-manager>

</beans:beans>

请有人指出我做错了。

编辑： LoginDAOImpl.java

@Repository
public class LoginDAOImpl implements LoginDAO {

    @Autowired
    private SessionFactory sessionFactory;

    private Session openSession() {
        return sessionFactory.getCurrentSession();
    }

    public Login getUser(String userName) {
        List<Login> loginList = new ArrayList<Login>();
        Query query = openSession().createQuery(
                "from Login l where l.userName = :userName");
        query.setParameter("userName", userName);
        loginList = query.list();
        if (loginList.size() > 0)
            return loginList.get(0);
        else
            return null;    
    }
}

Answer 1

问题是您正在尝试访问userName null个对象的Login字段。

正如我所看到的，如果用户名不在数据库中，那么您将从DAO返回null，但您没有在服务中检查返回值。

因此，在创建新的User实例之前，请检查返回Login 是否为空。如果是null，您应该抛出UsernameNotFoundException。

Answer 2

在您的应用程序上下文（app-context.xml文件）中尝试此操作或尝试其他xml文件。

<context:annotation-config/>

使用loadUserByUsername时出现NullPointerException

2 个答案: