今天早上,我用Spring-Security JWT实现了我自己的登录控制器,它运行良好。
现在我尝试了相同的操作而不更改代码(这就是git存储库所说的),并且在AuthenticationManager.authentication用户时,我正在接收java.lang.StackOverflowError:null。
这是代码:
安全配置:
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
RestAuthenticationEntryPoint restAuthenticationEntryPoint;
@Autowired
UserRepository userRepository;
@Bean
public PasswordEncoder encoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
super.configure(auth);
}
@Bean(name = BeanIds.AUTHENTICATION_MANAGER)
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.sessionManagement().sessionCreationPolicy( SessionCreationPolicy.STATELESS )
.and()
.addFilter( new JwtAuthorizationFilter( authenticationManager(),restAuthenticationEntryPoint,userRepository ) );
http.exceptionHandling().authenticationEntryPoint( restAuthenticationEntryPoint );
http.authorizeRequests()
.antMatchers( HttpMethod.POST,"/Auth/login" ).permitAll()
.antMatchers( HttpMethod.POST,"/Auth/signup" ).permitAll()
.anyRequest().authenticated();
}
}
LoginConroller:
@RestController
@RequestMapping("/Auth")
public class AuthController {
@Autowired
private AuthService authService;
@RequestMapping(value = "/signup", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
public SignUpDTO signUp(@RequestBody SignUpDTO signUpDTO){
return authService.signUp( signUpDTO );
}
@RequestMapping(value = "/login", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
public LogedUserDTO login(@RequestBody LoginDTO loginDTO){
return authService.login( loginDTO );
}
}
验证服务:
@Service
@Transactional
public class AuthServiceImpl implements AuthService {
private static final String EMAIL_PATTERN =
"^[_A-Za-z0-9-+]+(.[_A-Za-z0-9-]+)*@" + "[A-Za-z0-9-]+(.[A-Za-z0-9]+)*(.[A-Za-z]{2,})$";
@Autowired
private UserRepository userRepository;
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
@Qualifier(BeanIds.AUTHENTICATION_MANAGER)
private AuthenticationManager authenticationManagerBean;
@Override
public SignUpDTO signUp(SignUpDTO signUpDTO) {
validateSignUpRequest( signUpDTO );
User newUser = mapUserFromSignUp( signUpDTO );
userRepository.save( newUser );
return signUpDTO;
}
public LogedUserDTO login(LoginDTO loginDTO) {
User user = userRepository.findByEmail( loginDTO.getEmail() );
if (user == null) {
throw new LoginSignUpException( AuthErrorCodes.LOGIN_ERROR_USER_NOT_FOUND );
} else if (user.getPassword() == null) {
throw new LoginSignUpException( AuthErrorCodes.LOGIN_ERROR_NULL_PASSWORD );
} else if (!validPassword( loginDTO.getPassword(), user.getPassword() )) {
throw new LoginSignUpException( AuthErrorCodes.LOGIN_ERROR_WRONG_PASSWORD );
}
UsernamePasswordAuthenticationToken authenticationWithToken =
new UsernamePasswordAuthenticationToken( loginDTO.getEmail(), loginDTO.getPassword(), null );
Authentication authentication = authenticationManagerBean.authenticate( authenticationWithToken );
String token = generateToken( user.getEmail() );
LogedUserDTO logedUserDTO =
new LogedUserDTO( user.getEmail(), TokenProperties.PREFIX + token, TokenProperties.EXPIRATION_TIME,
null );
return logedUserDTO;
}
它在这里失败:身份验证身份验证= authenticationManagerBean.authenticate(authenticationWithToken);
我发誓它工作正常,但突然之间:
java.lang.StackOverflowError: null
at org.springframework.aop.framework.AdvisedSupport$MethodCacheKey.equals(AdvisedSupport.java:596) ~[spring-aop-5.1.8.RELEASE.jar:5.1.8.RELEASE]
at java.util.concurrent.ConcurrentHashMap.get(ConcurrentHashMap.java:940) ~[na:1.8.0_161]
at org.springframework.aop.framework.AdvisedSupport.getInterceptorsAndDynamicInterceptionAdvice(AdvisedSupport.java:481) ~[spring-aop-5.1.8.RELEASE.jar:5.1.8.RELEASE]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:196) ~[spring-aop-5.1.8.RELEASE.jar:5.1.8.RELEASE]
at com.sun.proxy.$Proxy110.authenticate(Unknown Source) ~[na:na]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:200) ~[spring-security-core-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:503) ~[spring-security-config-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at sun.reflect.GeneratedMethodAccessor57.invoke(Unknown Source) ~[na:na]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_161]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_161]
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343) ~[spring-aop-5.1.8.RELEASE.jar:5.1.8.RELEASE]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:205) ~[spring-aop-5.1.8.RELEASE.jar:5.1.8.RELEASE]
at com.sun.proxy.$Proxy110.authenticate(Unknown Source) ~[na:na]
AND SO ON
我记得把令牌还给我真是太完美了,现在返回此错误很奇怪。
如果有人可以帮助我,我将不胜感激,因为我无法继续执行任务
提前致谢
我已经尝试了很多东西,但是找不到解决方案。
最佳答案
我找到了解决方案。
必须添加AuthenticationProvider bean来配置AuthenticationManagerBuilder。
所以我不得不创建UserDetailService(我想避免的事情)并像这样添加它:
package com.mashosoft.backEndTest.security.config;
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
RestAuthenticationEntryPoint restAuthenticationEntryPoint;
@Autowired
UserRepository userRepository;
@Autowired
UserDetailsService userDetailsService;
@Bean
public PasswordEncoder encoder() {
return new BCryptPasswordEncoder();
}
@Bean(name = BeanIds.AUTHENTICATION_MANAGER)
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
DaoAuthenticationProvider authenticationProvider(){
DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
daoAuthenticationProvider.setPasswordEncoder( encoder() );
daoAuthenticationProvider.setUserDetailsService( userDetailsService );
return daoAuthenticationProvider;
}
@Override
protected void configure(AuthenticationManagerBuilder authManagerBuilder) {
authManagerBuilder.authenticationProvider( authenticationProvider() );
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.sessionManagement().sessionCreationPolicy( SessionCreationPolicy.STATELESS )
.and()
.addFilter( new JwtAuthorizationFilter( authenticationManager(),restAuthenticationEntryPoint,userRepository ) );
http.exceptionHandling().authenticationEntryPoint( restAuthenticationEntryPoint );
http.authorizeRequests()
.antMatchers( HttpMethod.POST,"/Auth/login**" ).permitAll()
.antMatchers( HttpMethod.POST,"/Auth/signup**" ).permitAll()
.anyRequest().authenticated();
}
}
如果有人知道如何避免将UserDetailService声明为具有更好的控件,将不胜感激。