自Spring boot 1.4发布以来,我遇到了以下问题 我有一个自定义身份验证提供程序,用于管理Spring Security的JWT令牌解析。基本上,当令牌无效或过期时,我会抛出BadCredentialsException。我还有一个AutenticationEntryPoint,它使用JSON中的Unauthorized HttpServlet响应重新格式化消息
Col_1 cannot be NULL
Col_2 cannot be NULL
...
以下是管理身份验证提供程序
例外的过滤器@Override
public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException
{
httpServletResponse.setContentType("application/json");
httpServletResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
httpServletResponse.getOutputStream().println("{ \"error\": \"" + e.getMessage() + "\" }");
}
这在Spring Boot 1.3.6中运行良好 现在我收到以下错误
java.lang.IllegalArgumentException:Principal不能为null 堆栈跟踪:
@Override
protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException
{
String authToken = httpServletRequest.getHeader("Authorization");
JwtToken token = new JwtToken(authToken);
try
{
Authentication auth = authenticationManager.authenticate(token);
SecurityContextHolder.getContext().setAuthentication(auth);
filterChain.doFilter(httpServletRequest, httpServletResponse);
}
catch(AuthenticationException ae)
{
SecurityContextHolder.clearContext();
unauthorizedHandler.commence(httpServletRequest, httpServletResponse, ae);
}
这是来自Spring Boot Actuator。如果我删除它,它像以前一样工作?!?
这里似乎有一个错误,虽然不一样: https://github.com/spring-projects/spring-boot/issues/6447
我想让Actuator投入生产,我可以使用哪种解决方法?
谢谢
答案 0 :(得分:7)
确保getName()接口中的Principal方法在JwtToken类中返回非空值。