我们使用spring oauth2(版本1.0.4)设置了oAuth服务器。 在尝试检索客户端凭据授予类型的访问令牌时,我们在发出多个并发请求时会收到空指针错误。
包括堆栈跟踪的片段:
java.lang.NullPointerException
org.springframework.security.oauth2.provider.token.DefaultAuthenticationKeyGenerator.extractKey(DefaultAuthenticationKeyGenerator.java:43)
org.springframework.security.oauth2.provider.token.JdbcTokenStore.getAccessToken(JdbcTokenStore.java:121)
org.springframework.security.oauth2.provider.token.DefaultTokenServices.createAccessToken(DefaultTokenServices.java:75)
com.marketo.identity.data.impl.IdentityDefaultTokenServices.createAccessToken(IdentityDefaultTokenServices.java:45)
org.springframework.security.oauth2.provider.token.AbstractTokenGranter.getAccessToken(AbstractTokenGranter.java:68)
org.springframework.security.oauth2.provider.token.AbstractTokenGranter.grant(AbstractTokenGranter.java:60)
org.springframework.security.oauth2.provider.client.ClientCredentialsTokenGranter.grant(ClientCredentialsTokenGranter.java:41)
org.springframework.security.oauth2.provider.CompositeTokenGranter.grant(CompositeTokenGranter.java:38)
org.springframework.security.oauth2.provider.endpoint.TokenEndpoint.getAccessToken(TokenEndpoint.java:100)
sun.reflect.GeneratedMethodAccessor167.invoke(Unknown Source)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
java.lang.reflect.Method.invoke(Method.java:601)
请求是这样的:
http://oauth-server-name/oauth/token?client_id={client_id}&client_secret={client_secret}&grant_type=client_credentials
当发出单个请求(或者发出少量并发请求)时,不会发生此问题。 某种竞争条件?
答案 0 :(得分:1)
以下是我正在寻找的示例(XML格式):
<tx:advice id="tokenAdvice">
<tx:attributes>
<tx:method name="*" isolation="REPEATABLE_READ" />
</tx:attributes>
</tx:advice>
<aop:config>
<aop:pointcut id="tokenServicesExecutions" expression="execution(* org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices.*(..))" />
<aop:advisor advice-ref="tokenAdvice" pointcut-ref="tokenServicesExecutions"/>
</aop:config>