今天早上,我使用Spring-Security JWT实现了自己的登录控制器,并且运行良好。
现在,我在不更改代码的情况下尝试了相同的操作(这就是git存储库所说的内容),并且在AuthenticationManager.authentication用户时,我正在接收java.lang.StackOverflowError:null。
这是代码:
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
RestAuthenticationEntryPoint restAuthenticationEntryPoint;
@Autowired
UserRepository userRepository;
@Bean
public PasswordEncoder encoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
super.configure(auth);
}
@Bean(name = BeanIds.AUTHENTICATION_MANAGER)
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.sessionManagement().sessionCreationPolicy( SessionCreationPolicy.STATELESS )
.and()
.addFilter( new JwtAuthorizationFilter( authenticationManager(),restAuthenticationEntryPoint,userRepository ) );
http.exceptionHandling().authenticationEntryPoint( restAuthenticationEntryPoint );
http.authorizeRequests()
.antMatchers( HttpMethod.POST,"/Auth/login" ).permitAll()
.antMatchers( HttpMethod.POST,"/Auth/signup" ).permitAll()
.anyRequest().authenticated();
}
}
@RestController
@RequestMapping("/Auth")
public class AuthController {
@Autowired
private AuthService authService;
@RequestMapping(value = "/signup", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
public SignUpDTO signUp(@RequestBody SignUpDTO signUpDTO){
return authService.signUp( signUpDTO );
}
@RequestMapping(value = "/login", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
public LogedUserDTO login(@RequestBody LoginDTO loginDTO){
return authService.login( loginDTO );
}
}
@Service
@Transactional
public class AuthServiceImpl implements AuthService {
private static final String EMAIL_PATTERN =
"^[_A-Za-z0-9-+]+(.[_A-Za-z0-9-]+)*@" + "[A-Za-z0-9-]+(.[A-Za-z0-9]+)*(.[A-Za-z]{2,})$";
@Autowired
private UserRepository userRepository;
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
@Qualifier(BeanIds.AUTHENTICATION_MANAGER)
private AuthenticationManager authenticationManagerBean;
@Override
public SignUpDTO signUp(SignUpDTO signUpDTO) {
validateSignUpRequest( signUpDTO );
User newUser = mapUserFromSignUp( signUpDTO );
userRepository.save( newUser );
return signUpDTO;
}
public LogedUserDTO login(LoginDTO loginDTO) {
User user = userRepository.findByEmail( loginDTO.getEmail() );
if (user == null) {
throw new LoginSignUpException( AuthErrorCodes.LOGIN_ERROR_USER_NOT_FOUND );
} else if (user.getPassword() == null) {
throw new LoginSignUpException( AuthErrorCodes.LOGIN_ERROR_NULL_PASSWORD );
} else if (!validPassword( loginDTO.getPassword(), user.getPassword() )) {
throw new LoginSignUpException( AuthErrorCodes.LOGIN_ERROR_WRONG_PASSWORD );
}
UsernamePasswordAuthenticationToken authenticationWithToken =
new UsernamePasswordAuthenticationToken( loginDTO.getEmail(), loginDTO.getPassword(), null );
Authentication authentication = authenticationManagerBean.authenticate( authenticationWithToken );
String token = generateToken( user.getEmail() );
LogedUserDTO logedUserDTO =
new LogedUserDTO( user.getEmail(), TokenProperties.PREFIX + token, TokenProperties.EXPIRATION_TIME,
null );
return logedUserDTO;
}
此处失败:身份验证身份验证= authenticationManagerBean.authenticate(authenticationWithToken);
我发誓它工作正常,但突然之间:
java.lang.StackOverflowError: null
at org.springframework.aop.framework.AdvisedSupport$MethodCacheKey.equals(AdvisedSupport.java:596) ~[spring-aop-5.1.8.RELEASE.jar:5.1.8.RELEASE]
at java.util.concurrent.ConcurrentHashMap.get(ConcurrentHashMap.java:940) ~[na:1.8.0_161]
at org.springframework.aop.framework.AdvisedSupport.getInterceptorsAndDynamicInterceptionAdvice(AdvisedSupport.java:481) ~[spring-aop-5.1.8.RELEASE.jar:5.1.8.RELEASE]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:196) ~[spring-aop-5.1.8.RELEASE.jar:5.1.8.RELEASE]
at com.sun.proxy.$Proxy110.authenticate(Unknown Source) ~[na:na]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:200) ~[spring-security-core-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:503) ~[spring-security-config-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at sun.reflect.GeneratedMethodAccessor57.invoke(Unknown Source) ~[na:na]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_161]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_161]
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343) ~[spring-aop-5.1.8.RELEASE.jar:5.1.8.RELEASE]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:205) ~[spring-aop-5.1.8.RELEASE.jar:5.1.8.RELEASE]
at com.sun.proxy.$Proxy110.authenticate(Unknown Source) ~[na:na]
AND SO ON
我记得把令牌还给我真是太完美了,现在很奇怪,它返回了这个错误。
如果有人可以帮助我,我将非常感谢,因为我无法继续执行任务
预先感谢
我已经尝试了很多事情,但是找不到解决方法。
答案 0 :(得分:1)
已经很晚了,但是正如GabrielGarcíaGarrido所说,我还是建议使用这种简单的解决方案来避免使用UserDetailService。只需创建您的AuthenticationManager的最小实现,然后使用它而不是您的bean,就可以在Spring documentation中看到:
import org.springframework.security.authentication.*;
import org.springframework.security.core.*;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
public class AuthenticationExample {
private static AuthenticationManager am = new SampleAuthenticationManager();
public static void main(String[] args) throws Exception {
BufferedReader in = new BufferedReader(new InputStreamReader(System.in));
while(true) {
System.out.println("Please enter your username:");
String name = in.readLine();
System.out.println("Please enter your password:");
String password = in.readLine();
try {
Authentication request = new UsernamePasswordAuthenticationToken(name, password);
Authentication result = am.authenticate(request);
//to save user into the session
SecurityContext sc = SecurityContextHolder.getContext();
sc.setAuthentication(result);
HttpSession session = req.getSession(true);
session.setAttribute("SPRING_SECURITY_CONTEXT_KEY", sc);
break;
} catch(AuthenticationException e) {
System.out.println("Authentication failed: " + e.getMessage());
}
}
System.out.println("Successfully authenticated. Security context contains: " +
SecurityContextHolder.getContext().getAuthentication());
}
}
public class SampleAuthenticationManager implements AuthenticationManager {
static final List<GrantedAuthority> AUTHORITIES = new ArrayList<GrantedAuthority>();
static {
AUTHORITIES.add(new SimpleGrantedAuthority("ROLE_USER"));
}
public Authentication authenticate(Authentication auth) throws AuthenticationException {
if (auth.getName().equals(auth.getCredentials())) {
return new UsernamePasswordAuthenticationToken(auth.getName(),
auth.getCredentials(), AUTHORITIES);
}
throw new BadCredentialsException("Bad Credentials");
}
}
答案 1 :(得分:0)
我找到了解决方案。 必须添加AuthenticationProvider bean来配置AuthenticationManagerBuilder。 因此,我必须创建UserDetailService(我想避免的事情)并像这样添加它:
package com.mashosoft.backEndTest.security.config;
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
RestAuthenticationEntryPoint restAuthenticationEntryPoint;
@Autowired
UserRepository userRepository;
@Autowired
UserDetailsService userDetailsService;
@Bean
public PasswordEncoder encoder() {
return new BCryptPasswordEncoder();
}
@Bean(name = BeanIds.AUTHENTICATION_MANAGER)
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
DaoAuthenticationProvider authenticationProvider(){
DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
daoAuthenticationProvider.setPasswordEncoder( encoder() );
daoAuthenticationProvider.setUserDetailsService( userDetailsService );
return daoAuthenticationProvider;
}
@Override
protected void configure(AuthenticationManagerBuilder authManagerBuilder) {
authManagerBuilder.authenticationProvider( authenticationProvider() );
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.sessionManagement().sessionCreationPolicy( SessionCreationPolicy.STATELESS )
.and()
.addFilter( new JwtAuthorizationFilter( authenticationManager(),restAuthenticationEntryPoint,userRepository ) );
http.exceptionHandling().authenticationEntryPoint( restAuthenticationEntryPoint );
http.authorizeRequests()
.antMatchers( HttpMethod.POST,"/Auth/login**" ).permitAll()
.antMatchers( HttpMethod.POST,"/Auth/signup**" ).permitAll()
.anyRequest().authenticated();
}
}
如果有人知道如何避免将UserDetailService声明为具有更好的控件,将不胜感激。
答案 2 :(得分:0)
当您使用自定义 AuthenticationProvider 时,从配置文件中删除 UserDetailsService bean 创建。