JHipster WebFilter不重用RememberMeServices

时间:2019-02-12 07:28:34

标签: java spring-boot spring-security jhipster

我正在将SecurityConfiguration从JHipster 4.14应用程序复制到新的5.7应用程序中,但我并不希望它们都能统一运行,但是我发现自己对如何正确地将重写的RememberMeServices连接到Web感到困惑过滤堆栈。

AbstractAuthenticationProcessingFilter实例化带有空“ parameter”的NullRememberMeServices(),该参数是“记住我”字符串。抽象类具有将其设置为新类的方法,但是我似乎找不到任何文档或教程来说明应在何处完成。 Baeldung的指南就是我一直在做的事情,但是无论我做什么,我都会遇到相同的e3xception,好像过滤器是针对每个请求而不是每个会话一次创建的。

调试和堆栈跟踪:

Hibernate: insert into jhi_persistent_audit_event (event_date, event_type, principal, event_id) values (?, ?, ?, ?)
Hibernate: insert into jhi_persistent_audit_evt_data (event_id, name, value) values (?, ?, ?)
Hibernate: insert into jhi_persistent_audit_evt_data (event_id, name, value) values (?, ?, ?)
2019-02-12 17:10:42.990 ERROR 38052 --- [  XNIO-2 task-1] io.undertow.request                      : UT005023: Exception handling request to /api/authentication


java.lang.NullPointerException: null
    at java.util.TreeMap.getEntry(TreeMap.java:347)
    at java.util.TreeMap.get(TreeMap.java:278)
    at io.undertow.servlet.spec.HttpServletRequestImpl.getParameter(HttpServletRequestImpl.java:663)
    at javax.servlet.ServletRequestWrapper.getParameter(ServletRequestWrapper.java:194)
    at javax.servlet.ServletRequestWrapper.getParameter(ServletRequestWrapper.java:194)
    at org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices.rememberMeRequested(AbstractRememberMeServices.java:343)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:197)
    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:749)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
    at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:688)
    at com.app.my.let.security.PersistentTokenRememberMeServices$$EnhancerBySpringCGLIB$$e1ef8f9a.rememberMeRequested(<generated>)

SecurityConfiguration.configure()

@Override
    protected void configure(HttpSecurity http) throws Exception {
        if(jHipsterProperties.getSecurity().getRememberMe().getKey() == null) {
            throw new Exception("Remember me key is null at startup.");

        }
        http
            .csrf()
            .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
        .and()
            .addFilterBefore(corsFilter, CsrfFilter.class)
            .exceptionHandling()
            .authenticationEntryPoint(problemSupport)
            .accessDeniedHandler(problemSupport)
        .and()
            .rememberMe()
            .rememberMeServices(rememberMeServices)
            .rememberMeParameter("remember-me")
            .key(jHipsterProperties.getSecurity().getRememberMe().getKey())
        .and()
            .formLogin()
            .loginProcessingUrl("/api/authentication")
            .successHandler(ajaxAuthenticationSuccessHandler())
            .failureHandler(ajaxAuthenticationFailureHandler())
            .usernameParameter("j_username")
            .passwordParameter("j_password")
            .permitAll()
        .and()
            .logout()
            .logoutUrl("/api/logout")
            .logoutSuccessHandler(ajaxLogoutSuccessHandler())
            .permitAll()
        .and()
            .headers()
            .frameOptions()
            .disable()
        .and()
            .authorizeRequests()
            .antMatchers("/api/register").permitAll()
            .antMatchers("/api/activate").permitAll()
            .antMatchers("/api/people-hub/**").permitAll()
            .antMatchers("/api/matrices/**").permitAll()
            .antMatchers("/api/learning-contents/**").permitAll()
            .antMatchers("/api/authenticate").permitAll()
            .antMatchers("/api/account/reset-password/init").permitAll()
            .antMatchers("/api/account/reset-password/finish").permitAll()
            .antMatchers("/api/profile-info").permitAll()
            .antMatchers("/api/**").authenticated()
            .antMatchers("/management/health").permitAll()
            .antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN)
            .antMatchers("/v2/api-docs/**").permitAll()
            .antMatchers("/swagger-resources/configuration/ui").permitAll()
            .antMatchers("/swagger-ui/index.html").hasAuthority(AuthoritiesConstants.ADMIN);

    }

此安全配置的身份验证提供程序。

@Bean
    public CustomLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
        CustomLdapAuthenticationProvider provider = new CustomLdapAuthenticationProvider(
            myConfig.getLdap().getDomain(),
            myConfig.getLdap().getUrl(),
            myConfig.getLdap().getRootDN());
        provider.setConvertSubErrorCodesToExceptions(true);
        provider.setUseAuthenticationRequestCredentials(true);
        provider.setUserDetailsContextMapper(userDetailsContextMapper());
        return provider;
    }

0 个答案:

没有答案
相关问题
最新问题