为什么AuthenticationManager抛出StackOverflowError?

时间:2019-10-28 21:08:46

标签: spring spring-boot spring-security jwt

我在致电StackOverflowError时得到authenticationManger.authenticate()

  

java.lang.StackOverflowError:在为null   org.apache.commons.logging.LogAdapter $ Slf4jLog.isDebugEnabled(LogAdapter.java:300)   〜[spring-jcl-5.1.10.RELEASE.jar:5.1.10.RELEASE]在   org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:162)   〜[spring-security-core-5.1.6.RELEASE.jar:5.1.6.RELEASE]在   org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter $ AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:503)   〜[spring-security-config-5.1.6.RELEASE.jar:5.1.6.RELEASE]

我正在尝试在我的应用程序中实现JWT。我创建了JWTTOkenUtil,过滤器,控制器。但是只有身份验证管理器不起作用。我也尝试过CustomAuthenticationManger,但有同样的错误。

文件AppConfig.java 

    @Configuration
    @EnableWebSecurity
    @EnableGlobalMethodSecurity(prePostEnabled = true)
    public class AppConfig  extends WebSecurityConfigurerAdapter{

    @Autowired
    private JwtUserDetailService jwtUserDetailService;

    @Autowired
    private JwtAuthenticationProvider jwtAuthenticationProvider;

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(jwtAuthenticationProvider);

     //auth.userDetailsService(jwtUserDetailService).passwordEncoder(passwordEncoder());
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManager() throws Exception {
        return super.authenticationManagerBean();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
            .authorizeRequests().antMatchers("/version").permitAll()
            .anyRequest().authenticated()
            .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        http.addFilterBefore(jwtRequestFilter(), UsernamePasswordAuthenticationFilter.class);
    }

    @Bean
    public JwtRequestFilter jwtRequestFilter() {
            return new JwtRequestFilter();
    }
}

3 个答案:

答案 0 :(得分:1)

authenticationManager()

authenticationManagerBean()WebSecurityConfigurerAdapter是两种不同的方法,并且您正在调用超类的authenticationManagerBean()方法,据我所知,该方法取决于{{ 1}}方法。反过来,这会创建方法的循环调用,最终导致authenticationManager()异常。

您可以尝试不重写StackOverflowError方法,或在这样做时返回可靠的实现。

答案 1 :(得分:0)

您覆盖了错误的方法 authenticationManager(),应该改为 authenticationManagerBean()。

答案 2 :(得分:0)

您需要重写 WebSecurityConfigurerAdapter 类的 authenticationManagerBean() 方法,而不是重写 authenticationManager() 方法。

这对我来说是一个有效的配置。

@RequiredArgsConstructor
@EnableWebSecurity
public class SecurityConfigurer extends WebSecurityConfigurerAdapter {

    private final CustomUserDetailsService customUserDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(customUserDetailsService);
    }

    @Override
    protected void configure (HttpSecurity http) throws Exception{
        http
                .csrf()
                .disable()
                .authorizeRequests()
                .antMatchers("/authenticate").permitAll()
                .anyRequest().authenticated();
    }

    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception{
        return super.authenticationManagerBean();
    }


    @Bean
    public PasswordEncoder passwordEncoder(){
        return NoOpPasswordEncoder.getInstance();
    }
}
相关问题
最新问题