我一直在尝试通过本教程实现身份验证
https://auth0.com/blog/implementing-jwt-authentication-on-spring-boot/
我有一个非常基本的服务器,允许用户注册和登录。这个基本服务器已经工作。我想用spring安全框架实现安全性。
服务器使用Kotlin编程。
问题是:当我尝试通过http://hosturl/login登录时,我得到一个例外,杰克逊无法为org.springframework.security.core.userdetails.User找到合适的构造函数
是堆栈跟踪:
2018-02-22T14:32:54.028674+00:00 app[web.1]: java.lang.RuntimeException: com.fasterxml.jackson.databind.JsonMappingException: Can not construct instance of org.springframework.security.core.userdetails.User: no suitable constructor found, can not deserialize from Object value (missing d
efault constructor or creator, or perhaps need to add/enable type information?)
2018-02-22T14:32:54.028676+00:00 app[web.1]: at [Source: org.apache.catalina.connector.CoyoteInputStream@6c612a11; line: 2, column: 2]
2018-02-22T14:32:54.028679+00:00 app[web.1]: at www.REDACTED.de.SpringTestKotlin.security.JWTAuthenticationFilter.attemptAuthentication(AuthenticationFilter.kt:42) ~[classes!/:na]
2018-02-22T14:32:54.028683+00:00 app[web.1]: at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212) ~[spring-security-web-4.2.4.RELEASE.jar!/:4.2.4.RELEASE]
2018-02-22T14:32:54.028685+00:00 app[web.1]: at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.4.RELEASE.jar!/:4.2.4.RELEASE]
2018-02-22T14:32:54.028686+00:00 app[web.1]: at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) ~[spring-security-web-4.2.4.RELEASE.jar!/:4.2.4.RELEASE]
2018-02-22T14:32:54.028688+00:00 app[web.1]: at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.4.RELEASE.jar!/:4.2.4.RELEASE]
2018-02-22T14:32:54.028690+00:00 app[web.1]: at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:96) ~[spring-web-4.3.14.RELEASE.jar!/:4.3.14.RELEASE]
2018-02-22T14:32:54.028691+00:00 app[web.1]: at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.14.RELEASE.jar!/:4.3.14.RELEASE]
2018-02-22T14:32:54.028693+00:00 app[web.1]: at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.4.RELEASE.jar!/:4.2.4.RELEASE]
2018-02-22T14:32:54.028694+00:00 app[web.1]: at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64) ~[spring-security-web-4.2.4.RELEASE.jar!/:4.2.4.RELEASE]
2018-02-22T14:32:54.028695+00:00 app[web.1]: at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.14.RELEASE.jar!/:4.3.14.RELEASE]
2018-02-22T14:32:54.028697+00:00 app[web.1]: at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.4.RELEASE.jar!/:4.2.4.RELEASE]
2018-02-22T14:32:54.028698+00:00 app[web.1]: at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) ~[spring-security-web-4.2.4.RELEASE.jar!/:4.2.4.RELEASE]
2018-02-22T14:32:54.028700+00:00 app[web.1]: at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.4.RELEASE.jar!/:4.2.4.RELEASE]
2018-02-22T14:32:54.028701+00:00 app[web.1]: at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) ~[spring-security-web-4.2.4.RELEASE.jar!/:4.2.4.RELEASE]
2018-02-22T14:32:54.028702+00:00 app[web.1]: at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.14.RELEASE.jar!/:4.3.14.RELEASE]
2018-02-22T14:32:54.028704+00:00 app[web.1]: at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) ~[spring-security-web-4.2.4.RELEASE.jar!/:4.2.4.RELEASE]
2018-02-22T14:32:54.028705+00:00 app[web.1]: at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214) ~[spring-security-web-4.2.4.RELEASE.jar!/:4.2.4.RELEASE]
2018-02-22T14:32:54.028707+00:00 app[web.1]: at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177) ~[spring-security-web-4.2.4.RELEASE.jar!/:4.2.4.RELEASE]
2018-02-22T14:32:54.028708+00:00 app[web.1]: at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:347) ~[spring-web-4.3.14.RELEASE.jar!/:4.3.14.RELEASE]
2018-02-22T14:32:54.028710+00:00 app[web.1]: at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:263) ~[spring-web-4.3.14.RELEASE.jar!/:4.3.14.RELEASE]
2018-02-22T14:32:54.028711+00:00 app[web.1]: at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
2018-02-22T14:32:54.028719+00:00 app[web.1]: at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
2018-02-22T14:32:54.028721+00:00 app[web.1]: at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) ~[spring-web-4.3.14.RELEASE.jar!/:4.3.14.RELEASE]
2018-02-22T14:32:54.028722+00:00 app[web.1]: at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.14.RELEASE.jar!/:4.3.14.RELEASE]
2018-02-22T14:32:54.028724+00:00 app[web.1]: at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
2018-02-22T14:32:54.028725+00:00 app[web.1]: at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
2018-02-22T14:32:54.028726+00:00 app[web.1]: at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:108) ~[spring-web-4.3.14.RELEASE.jar!/:4.3.14.RELEASE]
2018-02-22T14:32:54.028728+00:00 app[web.1]: at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.14.RELEASE.jar!/:4.3.14.RELEASE]
2018-02-22T14:32:54.028729+00:00 app[web.1]: at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
2018-02-22T14:32:54.028731+00:00 app[web.1]: at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
2018-02-22T14:32:54.028732+00:00 app[web.1]: at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81) ~[spring-web-4.3.14.RELEASE.jar!/:4.3.14.RELEASE]
2018-02-22T14:32:54.028733+00:00 app[web.1]: at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.14.RELEASE.jar!/:4.3.14.RELEASE]
2018-02-22T14:32:54.028735+00:00 app[web.1]: at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
2018-02-22T14:32:54.028737+00:00 app[web.1]: at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
2018-02-22T14:32:54.028738+00:00 app[web.1]: at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197) ~[spring-web-4.3.14.RELEASE.jar!/:4.3.14.RELEASE]
2018-02-22T14:32:54.028740+00:00 app[web.1]: at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.3.14.RELEASE.jar!/:4.3.14.RELEASE]
2018-02-22T14:32:54.028741+00:00 app[web.1]: at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
2018-02-22T14:32:54.028742+00:00 app[web.1]: at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
2018-02-22T14:32:54.028744+00:00 app[web.1]: at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199) ~[tomcat-embed-core-8.5.27.jar!/:8.5.27]
2018-02-22T14:32:54.028747+00:00 app[web.1]: at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [tomcat-embed-core-8.5.27.jar!/:8.5.27]
2018-02-22T14:32:54.028748+00:00 app[web.1]: at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504) [tomcat-embed-core-8.5.27.jar!/:8.5.27]
2018-02-22T14:32:54.028749+00:00 app[web.1]: at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) [tomcat-embed-core-8.5.27.jar!/:8.5.27]
2018-02-22T14:32:54.028751+00:00 app[web.1]: at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) [tomcat-embed-core-8.5.27.jar!/:8.5.27]
2018-02-22T14:32:54.028752+00:00 app[web.1]: at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) [tomcat-embed-core-8.5.27.jar!/:8.5.27]
2018-02-22T14:32:54.028754+00:00 app[web.1]: at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:677) [tomcat-embed-core-8.5.27.jar!/:8.5.27]
2018-02-22T14:32:54.028755+00:00 app[web.1]: at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) [tomcat-embed-core-8.5.27.jar!/:8.5.27]
2018-02-22T14:32:54.028756+00:00 app[web.1]: at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803) [tomcat-embed-core-8.5.27.jar!/:8.5.27]
2018-02-22T14:32:54.028758+00:00 app[web.1]: at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-embed-core-8.5.27.jar!/:8.5.27]
2018-02-22T14:32:54.028759+00:00 app[web.1]: at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:790) [tomcat-embed-core-8.5.27.jar!/:8.5.27]
2018-02-22T14:32:54.028760+00:00 app[web.1]: at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459) [tomcat-embed-core-8.5.27.jar!/:8.5.27]
2018-02-22T14:32:54.028762+00:00 app[web.1]: at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-8.5.27.jar!/:8.5.27]
2018-02-22T14:32:54.028769+00:00 app[web.1]: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_161-heroku]
2018-02-22T14:32:54.028770+00:00 app[web.1]: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_161-heroku]
2018-02-22T14:32:54.028771+00:00 app[web.1]: at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-8.5.27.jar!/:8.5.27]
2018-02-22T14:32:54.028773+00:00 app[web.1]: at java.lang.Thread.run(Thread.java:748) [na:1.8.0_161-heroku]
2018-02-22T14:32:54.028776+00:00 app[web.1]: Caused by: com.fasterxml.jackson.databind.JsonMappingException: Can not construct instance of org.springframework.security.core.userdetails.User: no suitable constructor found, can not deserialize from Object value (missing default constructo
r or creator, or perhaps need to add/enable type information?)
2018-02-22T14:32:54.028777+00:00 app[web.1]: at [Source: org.apache.catalina.connector.CoyoteInputStream@6c612a11; line: 2, column: 2]
2018-02-22T14:32:54.028779+00:00 app[web.1]: at com.fasterxml.jackson.databind.JsonMappingException.from(JsonMappingException.java:270) ~[jackson-databind-2.8.10.jar!/:2.8.10]
2018-02-22T14:32:54.028780+00:00 app[web.1]: at com.fasterxml.jackson.databind.DeserializationContext.instantiationException(DeserializationContext.java:1456) ~[jackson-databind-2.8.10.jar!/:2.8.10]
2018-02-22T14:32:54.028782+00:00 app[web.1]: at com.fasterxml.jackson.databind.DeserializationContext.handleMissingInstantiator(DeserializationContext.java:1012) ~[jackson-databind-2.8.10.jar!/:2.8.10]
2018-02-22T14:32:54.028783+00:00 app[web.1]: at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.deserializeFromObjectUsingNonDefault(BeanDeserializerBase.java:1206) ~[jackson-databind-2.8.10.jar!/:2.8.10]
2018-02-22T14:32:54.028785+00:00 app[web.1]: at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserializeFromObject(BeanDeserializer.java:314) ~[jackson-databind-2.8.10.jar!/:2.8.10]
2018-02-22T14:32:54.028786+00:00 app[web.1]: at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:148) ~[jackson-databind-2.8.10.jar!/:2.8.10]
2018-02-22T14:32:54.028788+00:00 app[web.1]: at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:3814) ~[jackson-databind-2.8.10.jar!/:2.8.10]
2018-02-22T14:32:54.028790+00:00 app[web.1]: at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:2924) ~[jackson-databind-2.8.10.jar!/:2.8.10]
2018-02-22T14:32:54.028791+00:00 app[web.1]: at www.REDACTED.de.SpringTestKotlin.security.JWTAuthenticationFilter.attemptAuthentication(AuthenticationFilter.kt:33) ~[classes!/:na]
2018-02-22T14:32:54.028793+00:00 app[web.1]: ... 54 common frames omitted
答案 0 :(得分:0)
问题出在我的JWTAuthenticationFilter上。它扩展了UsernamePasswordAuthenticationFilter()。
功能
override fun attemptAuthentication(req: HttpServletRequest, res: HttpServletResponse?): Authentication导致了这个问题。在函数的开头,我试图用jackson从输入创建一个User对象。这导致错误,因为Jackson无法找到默认构造函数。
我现在使用Gson并且工作正常
// The old way that cause the error
val credsOldWay: User = jacksonObjectMapper().readValue(req.inputStream)
// the new way that works just fine
val credsNewWay: User = Gson().fromJson(req.inputStream.reader(), User::class.java)
答案 1 :(得分:0)
Reader reader = new InputStreamReader(request.getInputStream(), StandardCharsets.UTF_8);
User user = new Gson().fromJson(reader, User.class);
存储库: https://mvnrepository.com/artifact/com.google.code.gson/gson