AuthenticationManager.authenticates给我StackOverflowError

时间:2019-07-13 16:12:57

标签: java authentication spring-security stack-overflow

今天早上,我使用Spring-Security JWT实现了自己的登录控制器,并且运行良好。

现在,我在不更改代码的情况下尝试了相同的操作(这就是git存储库所说的内容),并且在AuthenticationManager.authentication用户时,我正在接收java.lang.StackOverflowError:null。

这是代码:

安全配置:

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    RestAuthenticationEntryPoint restAuthenticationEntryPoint;

    @Autowired
    UserRepository userRepository;

    @Bean
    public PasswordEncoder encoder() {
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        super.configure(auth);
    }

    @Bean(name = BeanIds.AUTHENTICATION_MANAGER)
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
            .sessionManagement().sessionCreationPolicy( SessionCreationPolicy.STATELESS )
        .and()
        .addFilter( new JwtAuthorizationFilter( authenticationManager(),restAuthenticationEntryPoint,userRepository ) );
        http.exceptionHandling().authenticationEntryPoint( restAuthenticationEntryPoint );
        http.authorizeRequests()
            .antMatchers( HttpMethod.POST,"/Auth/login" ).permitAll()
            .antMatchers( HttpMethod.POST,"/Auth/signup" ).permitAll()
            .anyRequest().authenticated();
    }
}

LoginConroller:

@RestController
@RequestMapping("/Auth")
public class AuthController {

    @Autowired
    private AuthService authService;


    @RequestMapping(value = "/signup", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
    public SignUpDTO signUp(@RequestBody SignUpDTO signUpDTO){
        return authService.signUp( signUpDTO );
    }

    @RequestMapping(value = "/login", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
    public LogedUserDTO login(@RequestBody LoginDTO loginDTO){
        return authService.login( loginDTO );
    }
}

身份验证服务:

@Service
@Transactional
public class AuthServiceImpl implements AuthService {

    private static final String EMAIL_PATTERN =
        "^[_A-Za-z0-9-+]+(.[_A-Za-z0-9-]+)*@" + "[A-Za-z0-9-]+(.[A-Za-z0-9]+)*(.[A-Za-z]{2,})$";

    @Autowired
    private UserRepository userRepository;

    @Autowired
    private PasswordEncoder passwordEncoder;

    @Autowired
    @Qualifier(BeanIds.AUTHENTICATION_MANAGER)
    private AuthenticationManager authenticationManagerBean;

    @Override
    public SignUpDTO signUp(SignUpDTO signUpDTO) {

        validateSignUpRequest( signUpDTO );
        User newUser = mapUserFromSignUp( signUpDTO );
        userRepository.save( newUser );
        return signUpDTO;
    }

    public LogedUserDTO login(LoginDTO loginDTO) {

        User user = userRepository.findByEmail( loginDTO.getEmail() );

        if (user == null) {
            throw new LoginSignUpException( AuthErrorCodes.LOGIN_ERROR_USER_NOT_FOUND );
        } else if (user.getPassword() == null) {
            throw new LoginSignUpException( AuthErrorCodes.LOGIN_ERROR_NULL_PASSWORD );
        } else if (!validPassword( loginDTO.getPassword(), user.getPassword() )) {
            throw new LoginSignUpException( AuthErrorCodes.LOGIN_ERROR_WRONG_PASSWORD );
        }

        UsernamePasswordAuthenticationToken authenticationWithToken =
            new UsernamePasswordAuthenticationToken( loginDTO.getEmail(), loginDTO.getPassword(), null );
        Authentication authentication = authenticationManagerBean.authenticate( authenticationWithToken );

        String token = generateToken( user.getEmail() );

        LogedUserDTO logedUserDTO =
            new LogedUserDTO( user.getEmail(), TokenProperties.PREFIX + token, TokenProperties.EXPIRATION_TIME,
                null );

        return logedUserDTO;
    }

此处失败:身份验证身份验证= authenticationManagerBean.authenticate(authenticationWithToken);

我发誓它工作正常,但突然之间:

java.lang.StackOverflowError: null
   at org.springframework.aop.framework.AdvisedSupport$MethodCacheKey.equals(AdvisedSupport.java:596) ~[spring-aop-5.1.8.RELEASE.jar:5.1.8.RELEASE]
   at java.util.concurrent.ConcurrentHashMap.get(ConcurrentHashMap.java:940) ~[na:1.8.0_161]
   at org.springframework.aop.framework.AdvisedSupport.getInterceptorsAndDynamicInterceptionAdvice(AdvisedSupport.java:481) ~[spring-aop-5.1.8.RELEASE.jar:5.1.8.RELEASE]
   at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:196) ~[spring-aop-5.1.8.RELEASE.jar:5.1.8.RELEASE]
   at com.sun.proxy.$Proxy110.authenticate(Unknown Source) ~[na:na]
   at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:200) ~[spring-security-core-5.1.5.RELEASE.jar:5.1.5.RELEASE]
   at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:503) ~[spring-security-config-5.1.5.RELEASE.jar:5.1.5.RELEASE]
   at sun.reflect.GeneratedMethodAccessor57.invoke(Unknown Source) ~[na:na]
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_161]
   at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_161]
   at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343) ~[spring-aop-5.1.8.RELEASE.jar:5.1.8.RELEASE]
   at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:205) ~[spring-aop-5.1.8.RELEASE.jar:5.1.8.RELEASE]
   at com.sun.proxy.$Proxy110.authenticate(Unknown Source) ~[na:na]
AND SO ON

我记得把令牌还给我真是太完美了,现在很奇怪,它返回了这个错误。

如果有人可以帮助我,我将非常感谢,因为我无法继续执行任务

预先感谢

我已经尝试了很多事情,但是找不到解决方法。

3 个答案:

答案 0 :(得分:1)

已经很晚了,但是正如GabrielGarcíaGarrido所说,我还是建议使用这种简单的解决方案来避免使用UserDetailService。只需创建您的AuthenticationManager的最小实现,然后使用它而不是您的bean,就可以在Spring documentation中看到:

    import org.springframework.security.authentication.*;        
    import org.springframework.security.core.*;
    import org.springframework.security.core.authority.SimpleGrantedAuthority;
    import org.springframework.security.core.context.SecurityContextHolder;
        
    public class AuthenticationExample {
          private static AuthenticationManager am = new SampleAuthenticationManager();
        
          public static void main(String[] args) throws Exception {
            BufferedReader in = new BufferedReader(new InputStreamReader(System.in));
        
            while(true) {
              System.out.println("Please enter your username:");
              String name = in.readLine();
              System.out.println("Please enter your password:");
              String password = in.readLine();
              try {
                Authentication request = new UsernamePasswordAuthenticationToken(name, password);
                Authentication result = am.authenticate(request);
                //to save user into the session
               SecurityContext sc =  SecurityContextHolder.getContext();
               sc.setAuthentication(result);
               HttpSession session = req.getSession(true);
               session.setAttribute("SPRING_SECURITY_CONTEXT_KEY", sc);
                break;
              } catch(AuthenticationException e) {
                System.out.println("Authentication failed: " + e.getMessage());
              }
            }
            System.out.println("Successfully authenticated. Security context contains: " +
                      SecurityContextHolder.getContext().getAuthentication());
          }
        }
    

public class SampleAuthenticationManager implements AuthenticationManager {
      static final List<GrantedAuthority> AUTHORITIES = new ArrayList<GrantedAuthority>();
    
      static {
        AUTHORITIES.add(new SimpleGrantedAuthority("ROLE_USER"));
      }
    
      public Authentication authenticate(Authentication auth) throws AuthenticationException {
        if (auth.getName().equals(auth.getCredentials())) {
          return new UsernamePasswordAuthenticationToken(auth.getName(),
            auth.getCredentials(), AUTHORITIES);
          }
          throw new BadCredentialsException("Bad Credentials");
      }
    }

答案 1 :(得分:0)

我找到了解决方案。 必须添加AuthenticationProvider bean来配置AuthenticationManagerBuilder。 因此,我必须创建UserDetailService(我想避免的事情)并像这样添加它:

package com.mashosoft.backEndTest.security.config;

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    RestAuthenticationEntryPoint restAuthenticationEntryPoint;

    @Autowired
    UserRepository userRepository;

    @Autowired
    UserDetailsService userDetailsService;

    @Bean
    public PasswordEncoder encoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean(name = BeanIds.AUTHENTICATION_MANAGER)
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    DaoAuthenticationProvider authenticationProvider(){
        DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
        daoAuthenticationProvider.setPasswordEncoder( encoder() );
        daoAuthenticationProvider.setUserDetailsService( userDetailsService );
        return  daoAuthenticationProvider;
    }

    @Override
    protected void configure(AuthenticationManagerBuilder authManagerBuilder) {
        authManagerBuilder.authenticationProvider( authenticationProvider() );
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
            .sessionManagement().sessionCreationPolicy( SessionCreationPolicy.STATELESS )
        .and()
        .addFilter( new JwtAuthorizationFilter( authenticationManager(),restAuthenticationEntryPoint,userRepository ) );
        http.exceptionHandling().authenticationEntryPoint( restAuthenticationEntryPoint );
        http.authorizeRequests()
            .antMatchers( HttpMethod.POST,"/Auth/login**" ).permitAll()
            .antMatchers( HttpMethod.POST,"/Auth/signup**" ).permitAll()
            .anyRequest().authenticated();
    }
}

如果有人知道如何避免将UserDetailService声明为具有更好的控件,将不胜感激。

答案 2 :(得分:0)

当您使用自定义 AuthenticationProvider 时,从配置文件中删除 UserDetailsS​​ervice bean 创建。