在我的应用程序中,我只想验证两个访问令牌,一个位于我的授权签名标题中'和其他来自自定义标题。 我刚刚实现了相同的自定义验证器/过滤器,但由于依赖注入失败而由于空指针而运行失败。
代码段在下面给出
private XOauth2Authenticationfilter customAuthenticator=new XOauth2Authenticationfilter();
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.resourceId(resourceId);
resources.authenticationEntryPoint(authenticationEntryPoint);
resources.authenticationManager(customAuthenticator);
//super.configure(resources);
}
@Override
public void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.csrf().disable();
httpSecurity.authorizeRequests().anyRequest().authenticated().and().addFilterAfter(customAuthenticator,SecurityContextPersistenceFilter.class);
httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
//super.configure(httpSecurity);
}
我的自定义身份验证器下面给出了filter()
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
List<Authentication> authList = tokenExtractor.extract((HttpServletRequest) req);
if(authList!=null)
{
for (Authentication authenticate : authList) {
authenticate(authenticate,(HttpServletRequest) req);
}
}
chain.doFilter(req, res);
}
private void authenticate(Authentication authentication,HttpServletRequest request ) {
final boolean debug = logger.isDebugEnabled();
if (authentication == null) {
if (stateless && isAuthenticated()) {
if (debug) {
logger.debug("Clearing security context.");
}
SecurityContextHolder.clearContext();
}
if (debug) {
logger.debug("No token in request, will continue chain.");
}
}
else {
request.setAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_VALUE, authentication.getPrincipal());
if (authentication instanceof AbstractAuthenticationToken) {
AbstractAuthenticationToken needsDetails = (AbstractAuthenticationToken) authentication;
needsDetails.setDetails(authenticationDetailsSource.buildDetails(request));
}
Authentication authResult = authenticationManager.authenticate(authentication);
if (debug) {
logger.debug("Authentication success: " + authResult);
}
eventPublisher.publishAuthenticationSuccess(authResult);
SecurityContextHolder.getContext().setAuthentication(authResult);
}
}
但是在执行时我在
处得到一个空指针Authentication authResult = authenticationManager.authenticate(authentication);
我可以做些什么来实现自定义身份验证器?