Spring OAuth2自定义身份验证实现失败

时间:2017-05-11 02:36:46

标签: java spring spring-security spring-oauth2

在我的应用程序中,我只想验证两个访问令牌,一个位于我的授权签名标题中'和其他来自自定义标题。 我刚刚实现了相同的自定义验证器/过滤器,但由于依赖注入失败而由于空指针而运行失败。

代码段在下面给出

  private XOauth2Authenticationfilter customAuthenticator=new XOauth2Authenticationfilter();
        @Override
        public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
            resources.resourceId(resourceId);
            resources.authenticationEntryPoint(authenticationEntryPoint);
            resources.authenticationManager(customAuthenticator);

            //super.configure(resources);
        }

        @Override
        public void configure(HttpSecurity httpSecurity) throws Exception {
            httpSecurity.csrf().disable();
            httpSecurity.authorizeRequests().anyRequest().authenticated().and().addFilterAfter(customAuthenticator,SecurityContextPersistenceFilter.class);
            httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);


            //super.configure(httpSecurity);
        }

我的自定义身份验证器下面给出了filter()

public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
            throws IOException, ServletException {

        List<Authentication> authList = tokenExtractor.extract((HttpServletRequest) req);

        if(authList!=null)
        {
            for (Authentication authenticate : authList) {

                authenticate(authenticate,(HttpServletRequest) req);
            }
        }
        chain.doFilter(req, res);
    }

    private void authenticate(Authentication authentication,HttpServletRequest request ) {
        final boolean debug = logger.isDebugEnabled();
        if (authentication == null) {
            if (stateless && isAuthenticated()) {
                if (debug) {
                    logger.debug("Clearing security context.");
                }
                SecurityContextHolder.clearContext();
            }
            if (debug) {
                logger.debug("No token in request, will continue chain.");
            }
        }
        else {
            request.setAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_VALUE, authentication.getPrincipal());
            if (authentication instanceof AbstractAuthenticationToken) {
                AbstractAuthenticationToken needsDetails = (AbstractAuthenticationToken) authentication;
                needsDetails.setDetails(authenticationDetailsSource.buildDetails(request));
            }
            Authentication authResult = authenticationManager.authenticate(authentication);

            if (debug) {
                logger.debug("Authentication success: " + authResult);
            }

            eventPublisher.publishAuthenticationSuccess(authResult);
            SecurityContextHolder.getContext().setAuthentication(authResult);

        }

    }

但是在执行时我在

处得到一个空指针
Authentication authResult = authenticationManager.authenticate(authentication);

我可以做些什么来实现自定义身份验证器?

0 个答案:

没有答案