Spring Security（java.lang.NullPointerException：在org.springframework.security.authentication.ProviderManager.authenticate为null）

Question

我对弹簧安全性有疑问。 我是新手，所以不明白为什么它会不时起作用。 （主类的第2次或第3次重新启动都会从ProviderManager中获取空指针）。我认为我的UserDetailsS​​ervice的实现中的loadUserByUsername方法那时不会在春季被调用。

错误StackTrace

2018-06-27 05:07:39.180  INFO 5556 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet        : FrameworkServlet 'dispatcherServlet': initialization completed in 15 ms
2018-06-27 05:07:40.984  WARN 5556 --- [nio-8080-exec-2] o.a.c.util.SessionIdGeneratorBase        : Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [101] milliseconds.
2018-06-27 05:07:42.285 ERROR 5556 --- [nio-8080-exec-4] o.a.c.c.C.[.[.[/].[dispatcherServlet]    : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception
java.lang.NullPointerException: null
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:164) ~[spring-security-core-5.0.5.RELEASE.jar:5.0.5.RELEASE]
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199) ~[spring-security-core-5.0.5.RELEASE.jar:5.0.5.RELEASE]
    at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94) ~[spring-security-web-5.0.5.RELEASE.jar:5.0.5.RELEASE]

MyConfig

@Configuration
@ComponentScan("hello")
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    Logger log = LoggerFactory.getLogger(WebSecurityConfig1.class);

    @Autowired
    public PasswordEncoder passwordEncoder;

    private AuthenticationProvider authenticationProvider;

    @Autowired
    @Qualifier("daoAuthenticationProvider")
    public void setAuthenticationProvider(AuthenticationProvider authenticationProvider) {
        this.authenticationProvider = authenticationProvider;

    }


    @Bean
    public DaoAuthenticationProvider daoAuthenticationProvider(PasswordEncoder passwordEncoder,
                                                               UserDetailsService userDetailsService){ 
        DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
        daoAuthenticationProvider.setPasswordEncoder(passwordEncoder);
        daoAuthenticationProvider.setUserDetailsService(userDetailsService);
        return daoAuthenticationProvider;
    }

    @Autowired
    public void configureAuthManager(AuthenticationManagerBuilder authenticationManagerBuilder){
        authenticationManagerBuilder.authenticationProvider(authenticationProvider);
    }


    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers("/", "/home").permitAll()
                .anyRequest().authenticated()
                .and()
                .formLogin()
                .loginPage("/login")
                .permitAll()
                .and()
                .logout()
                .permitAll();
    }
}

UserDetailsS​​ervice

@Service("userDetailsService")
public class UDservice implements UserDetailsService {

    Logger log = LoggerFactory.getLogger(UDservice1.class);

    @Autowired
    UserRepository repository;

    public UserDetails converter(User user) {
        UserDetailsImpl userDetails = new UserDetailsImpl();
        userDetails.setUsername(user.getUsername());
        userDetails.setPassword(user.getPwd());
        userDetails.setEnabled(user.getEnabled());
        Collection<SimpleGrantedAuthority> authorities = new ArrayList<>();
        authorities.add(new SimpleGrantedAuthority(user.getRole()));
        userDetails.setAuthorities(authorities);
        return userDetails;
    }


    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        if (username != null){
         return  converter(repository.findByUsername(username));
        }
        else
            throw new UsernameNotFoundException("null at name");
    }
}

Answer 1

您无法控制何时创建Spring bean。

因此，如果先执行setAuthenticationProvider()，然后再执行configureAuthManager()，那么您就初始化了authenticationProvider

但是，如果先执行configureAuthManager()，然后再执行setAuthenticationProvider()，则authenticationProvider不会初始化，并且您有NullPointerException

Answer 2

我也有这个例外。 如果未通过任何身份验证提供程序，则会得到此异常。

如果您不提供身份验证提供程序 或 如果您传递空值

1. 在我的情况下和在OP的情况下缺少@Autowired
   （我既配置了授权，也配置了身份验证，但通过了null）

//Missed autowired annotation
private CustomAuthenticationProvider customAuthenticationProvider;

并尝试注入null

  @Override
  protected void configure(AuthenticationManagerBuilder auth) throws Exception 
  {
      auth.authenticationProvider(customAuthenticationProvider); // Null passed here
  }

  @Override
  protected void configure(HttpSecurity http) throws Exception {
      http.authorizeRequests()
          .antMatchers("/**").hasRole("ADMIN")
          .anyRequest()
          .authenticated()
          .and()
          .formLogin();
  }

1. 您可能会错过注入authenticationProvider依赖项
   .authenticationProvider(customAuthenticationProvider)
   或
   评论行
   //.authenticationProvider(customAuthenticationProvider)