尝试验证用户身份时发生内部错误

时间:2019-03-13 11:30:23

标签: java spring security login

我已经创建了UserDetailsS​​erviceImpl。在这里,我获得了用户名和该用户的角色。但是我不明白是什么问题。我已经尝试了数据库中的sql查询。

SecurityConfig.java 

@EnableWebSecurity
@ComponentScan("com")
public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired
private UserDetailsService userDetailsService;

@Bean
public BCryptPasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder();
};

@Autowired
protected void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
    auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}


@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/login", "/", "/veteriner").permitAll().antMatchers("/**")
            .hasRole("ADMIN").and().formLogin().loginPage("/login").defaultSuccessUrl("/login/login-status-success")
            .failureUrl("/login/login-status-error").permitAll().usernameParameter("username")
            .passwordParameter("password").and().logout().logoutSuccessUrl("/logout-success")
            .invalidateHttpSession(true).permitAll().and().csrf();
}

LoginController.java 

 @Controller
 @RequestMapping(value = "/login", method = RequestMethod.GET)
 public class LoginController {

 @GetMapping
 public ModelAndView home() throws Exception {
    ModelAndView mv = new ModelAndView();
    mv.setViewName("login");
    return mv;
}

@RequestMapping(path="/login-status-error",method = RequestMethod.GET)
@ResponseBody
public ModelAndView erorLogin() throws Exception {
    ModelAndView mv = new ModelAndView();
    mv.setViewName("main");
    return mv;
}

@RequestMapping(path="/login-status-succes",method = RequestMethod.GET)
@ResponseBody
public ModelAndView succesLogin() throws Exception {
    ModelAndView mv = new ModelAndView();
    mv.setViewName("veteriner");
    return mv;
}

} 

@Service("userDetailsService")
public class UserDetailsServiceImpl implements UserDetailsService {

@Autowired
private UserService userService;

@Transactional(readOnly = true)
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {

    com.model.User user = userService.findByUsername(username);
    if (user == null) {
        throw new UsernameNotFoundException("User not found.");
    }

    User securityUser = new User(user.getUsername(), user.getPassword(), true, true, true, true,
            buildUserAuthority(user.getUserRoles()));
    return securityUser;
}

private List<GrantedAuthority> buildUserAuthority(List<User_role> userRoles) {
    Set<GrantedAuthority> setAuths = new HashSet<GrantedAuthority>();

    for (User_role userRole : userRoles) {
        setAuths.add(new SimpleGrantedAuthority(userRole.getRole().getRoleName()));
    }

    List<GrantedAuthority> results = new ArrayList<GrantedAuthority>(setAuths);
    return results;
}
  

从public上选择user0_.id作为id1_6_,user0_.email作为email2_6_,user0_.password作为password3_6_,user0_.username作为username4_6_。   16:37:16.930 [http-nio-8186-exec-12]错误org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter-尝试对用户进行身份验证时发生内部错误。   org.springframework.security.authentication.InternalAuthenticationServiceException:无法将java.util.ArrayList强制转换为com.model.User       在org.springframework.security.authentication.dao.DaoAuthenticationProvider.retrieveUser(DaoAuthenticationProvider.java:123)〜[spring-security-core-5.1.4.RELEASE.jar:5.1.4.RELEASE]       在org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:144)〜[spring-security-core-5.1.4.RELEASE.jar:5.1.4.RELEASE]       在org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:175)〜[spring-security-core-5.1.4.RELEASE.jar:5.1.4.RELEASE]       在org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:200)〜[spring-security-core-5.1.4.RELEASE.jar:5.1.4.RELEASE]       在org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94)〜[spring-security-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]       在org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)[spring-security-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]       在org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:334)[spring-security-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]       在org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)[spring-security-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]       在org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:334)[spring-security-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]       在org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:124)[spring-security-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]       在org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)[spring-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]       在org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:334)[spring-security-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]       在org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:74)上[spring-security-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]       在org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)[spring-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]       在org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:334)[spring-security-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]       在org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)[spring-security-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]       在org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:334)[spring-security-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]       在org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)[spring-security-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]       在org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)[spring-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]       在org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:334)[spring-security-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]       在org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)[spring-security-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]       在org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)[spring-security-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]       在org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357)[spring-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]       在org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270)[spring-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]       在org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)[catalina.jar:9.0.16]       在org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)[catalina.jar:9.0.16]       在org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71)[log4j-web-2.11.1.jar:2.11.1]       在org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)[catalina.jar:9.0.16]       在org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)[catalina.jar:9.0.16]       在org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:200)[catalina.jar:9.0.16]       在org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)[catalina.jar:9.0.16]       在org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)[catalina.jar:9.0.16]       在org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)[catalina.jar:9.0.16]       在org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)[catalina.jar:9.0.16]       在org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668)[catalina.jar:9.0.16]       在org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)[catalina.jar:9.0.16]       在org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)[catalina.jar:9.0.16]       在org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)[tomcat-coyote.jar:9.0.16]       在org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)[tomcat-coyote.jar:9.0.16]       在org.apache.coyote.AbstractProtocol $ ConnectionHandler.process(AbstractProtocol.java:834)[tomcat-coyote.jar:9.0.16]       在org.apache.tomcat.util.net.NioEndpoint $ SocketProcessor.doRun(NioEndpoint.java:1415)[tomcat-coyote.jar:9.0.16]       在org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)[tomcat-coyote.jar:9.0.16]       在java.util.concurrent.ThreadPoolExecutor.runWorker(未知来源)[?: 1.8.0_202]       在java.util.concurrent.ThreadPoolExecutor $ Worker.run(未知来源)[?: 1.8.0_202]       在org.apache.tomcat.util.threads.TaskThread $ WrappingRunnable.run(TaskThread.java:61)[tomcat-util.jar:9.0.16]       在java.lang.Thread.run(未知来源)[?: 1.8.0_202]   原因:java.lang.ClassCastException:无法将java.util.ArrayList强制转换为com.model.User       在com.dao.UserDaoImpl.findByUsername(UserDaoImpl.java:23)〜[classes / :?]       在com.service.UserServiceImpl.findByUsername(UserServiceImpl.java:26)〜[classes / :?]       在sun.reflect.NativeMethodAccessorImpl.invoke0(本机方法)〜[?:1.8.0_202]       在sun.reflect.NativeMethodAccessorImpl.invoke(未知来源)〜[?:1.8.0_202]       在sun.reflect.DelegatingMethodAccessorImpl.invoke(未知来源)〜[?:1.8.0_202]       在java.lang.reflect.Method.invoke(未知来源)〜[?:1.8.0_202]       在org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343)〜[spring-aop-5.1.4.RELEASE.jar:5.1.4.RELEASE]       在org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198)〜[spring-aop-5.1.4.RELEASE.jar:5.1.4.RELEASE]       在org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)〜[spring-aop-5.1.4.RELEASE.jar:5.1.4.RELEASE]       在org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:294)〜[spring-tx-5.1.4.RELEASE.jar:5.1.4.RELEASE]       在org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:98)〜[spring-tx-5.1.4.RELEASE.jar:5.1.4.RELEASE]       在org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)〜[spring-aop-5.1.4.RELEASE.jar:5.1.4.RELEASE]       在org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)〜[spring-aop-5.1.4.RELEASE.jar:5.1.4.RELEASE]       在com.sun.proxy。$ Proxy238.findByUsername(未知来源)〜[?:?]       在com.service.UserDetailsS​​erviceImpl.loadUserByUsername(UserDetailsS​​erviceImpl.java:29)〜[classes / :?]       在sun.reflect.NativeMethodAccessorImpl.invoke0(本机方法)〜[?:1.8.0_202]       在sun.reflect.NativeMethodAccessorImpl.invoke(未知来源)〜[?:1.8.0_202]       在sun.reflect.DelegatingMethodAccessorImpl.invoke(未知来源)〜[?:1.8.0_202]       在java.lang.reflect.Method.invoke(未知来源)〜[?:1.8.0_202]       在org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343)〜[spring-aop-5.1.4.RELEASE.jar:5.1.4.RELEASE]       在org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198)〜[spring-aop-5.1.4.RELEASE.jar:5.1.4.RELEASE]       在org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)〜[spring-aop-5.1.4.RELEASE.jar:5.1.4.RELEASE]       在org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:294)〜[spring-tx-5.1.4.RELEASE.jar:5.1.4.RELEASE]       在org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:98)〜[spring-tx-5.1.4.RELEASE.jar:5.1.4.RELEASE]       在org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)〜[spring-aop-5.1.4.RELEASE.jar:5.1.4.RELEASE]       在org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)〜[spring-aop-5.1.4.RELEASE.jar:5.1.4.RELEASE]       在com.sun.proxy。$ Proxy239.loadUserByUsername(未知来源)〜[?:?]       在org.springframework.security.authentication.dao.DaoAuthenticationProvider.retrieveUser(DaoAuthenticationProvider.java:108)〜[spring-security-core-5.1.4.RELEASE.jar:5.1.4.RELEASE]       ...另外45个

1 个答案:

答案 0 :(得分:0)

有太多事情要我去做,但是我认为这是简单的情况,您不能在同一个类中同时创建和注入相同的bean。

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private UserDetailsService userDetailsService;

    @Bean
    public UserDetailsService userDetailsService() {...}
}

不起作用。试想一下,您需要UserDetailsService来创建应该创建UserDetailsService的类。那怎么办?

您可以改为:

@EnableWebSecurity
@ComponentScan("com")
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean
    public UserDetailsService userDetailsService() {
        return super.userDetailsService();
    }

    @Bean
    public DaoAuthenticationProvider getDaoAuthenticationProvider() {
        DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
        //call the userDetailsService() method here
        authProvider.setUserDetailsService(userDetailsService());
        authProvider.setPasswordEncoder(this.passwordEncoder());
        return authProvider;
    }

    ...

}

虽然看起来很奇怪,但它做对了。 Spring代理所有方法调用,因此,当您看似直接调用userDetailsService()时,实际上会注入适当的bean。

相关问题
最新问题