今天早上,我用Spring-Security JWT实现了我自己的登录控制器,它运行良好。

现在我尝试了相同的操作而不更改代码(这就是git存储库所说的),并且在AuthenticationManager.authentication用户时,我正在接收java.lang.StackOverflowError:null。

这是代码:

安全配置:

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    RestAuthenticationEntryPoint restAuthenticationEntryPoint;

    @Autowired
    UserRepository userRepository;

    @Bean
    public PasswordEncoder encoder() {
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        super.configure(auth);
    }

    @Bean(name = BeanIds.AUTHENTICATION_MANAGER)
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
            .sessionManagement().sessionCreationPolicy( SessionCreationPolicy.STATELESS )
        .and()
        .addFilter( new JwtAuthorizationFilter( authenticationManager(),restAuthenticationEntryPoint,userRepository ) );
        http.exceptionHandling().authenticationEntryPoint( restAuthenticationEntryPoint );
        http.authorizeRequests()
            .antMatchers( HttpMethod.POST,"/Auth/login" ).permitAll()
            .antMatchers( HttpMethod.POST,"/Auth/signup" ).permitAll()
            .anyRequest().authenticated();
    }
}


LoginConroller:

@RestController
@RequestMapping("/Auth")
public class AuthController {

    @Autowired
    private AuthService authService;


    @RequestMapping(value = "/signup", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
    public SignUpDTO signUp(@RequestBody SignUpDTO signUpDTO){
        return authService.signUp( signUpDTO );
    }

    @RequestMapping(value = "/login", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
    public LogedUserDTO login(@RequestBody LoginDTO loginDTO){
        return authService.login( loginDTO );
    }
}


验证服务:

@Service
@Transactional
public class AuthServiceImpl implements AuthService {

    private static final String EMAIL_PATTERN =
        "^[_A-Za-z0-9-+]+(.[_A-Za-z0-9-]+)*@" + "[A-Za-z0-9-]+(.[A-Za-z0-9]+)*(.[A-Za-z]{2,})$";

    @Autowired
    private UserRepository userRepository;

    @Autowired
    private PasswordEncoder passwordEncoder;

    @Autowired
    @Qualifier(BeanIds.AUTHENTICATION_MANAGER)
    private AuthenticationManager authenticationManagerBean;

    @Override
    public SignUpDTO signUp(SignUpDTO signUpDTO) {

        validateSignUpRequest( signUpDTO );
        User newUser = mapUserFromSignUp( signUpDTO );
        userRepository.save( newUser );
        return signUpDTO;
    }

    public LogedUserDTO login(LoginDTO loginDTO) {

        User user = userRepository.findByEmail( loginDTO.getEmail() );

        if (user == null) {
            throw new LoginSignUpException( AuthErrorCodes.LOGIN_ERROR_USER_NOT_FOUND );
        } else if (user.getPassword() == null) {
            throw new LoginSignUpException( AuthErrorCodes.LOGIN_ERROR_NULL_PASSWORD );
        } else if (!validPassword( loginDTO.getPassword(), user.getPassword() )) {
            throw new LoginSignUpException( AuthErrorCodes.LOGIN_ERROR_WRONG_PASSWORD );
        }

        UsernamePasswordAuthenticationToken authenticationWithToken =
            new UsernamePasswordAuthenticationToken( loginDTO.getEmail(), loginDTO.getPassword(), null );
        Authentication authentication = authenticationManagerBean.authenticate( authenticationWithToken );

        String token = generateToken( user.getEmail() );

        LogedUserDTO logedUserDTO =
            new LogedUserDTO( user.getEmail(), TokenProperties.PREFIX + token, TokenProperties.EXPIRATION_TIME,
                null );

        return logedUserDTO;
    }


它在这里失败:身份验证身份验证= authenticationManagerBean.authenticate(authenticationWithToken);

我发誓它工作正常,但突然之间:

java.lang.StackOverflowError: null
   at org.springframework.aop.framework.AdvisedSupport$MethodCacheKey.equals(AdvisedSupport.java:596) ~[spring-aop-5.1.8.RELEASE.jar:5.1.8.RELEASE]
   at java.util.concurrent.ConcurrentHashMap.get(ConcurrentHashMap.java:940) ~[na:1.8.0_161]
   at org.springframework.aop.framework.AdvisedSupport.getInterceptorsAndDynamicInterceptionAdvice(AdvisedSupport.java:481) ~[spring-aop-5.1.8.RELEASE.jar:5.1.8.RELEASE]
   at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:196) ~[spring-aop-5.1.8.RELEASE.jar:5.1.8.RELEASE]
   at com.sun.proxy.$Proxy110.authenticate(Unknown Source) ~[na:na]
   at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:200) ~[spring-security-core-5.1.5.RELEASE.jar:5.1.5.RELEASE]
   at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:503) ~[spring-security-config-5.1.5.RELEASE.jar:5.1.5.RELEASE]
   at sun.reflect.GeneratedMethodAccessor57.invoke(Unknown Source) ~[na:na]
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_161]
   at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_161]
   at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343) ~[spring-aop-5.1.8.RELEASE.jar:5.1.8.RELEASE]
   at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:205) ~[spring-aop-5.1.8.RELEASE.jar:5.1.8.RELEASE]
   at com.sun.proxy.$Proxy110.authenticate(Unknown Source) ~[na:na]
AND SO ON


我记得把令牌还给我真是太完美了,现在返回此错误很奇怪。

如果有人可以帮助我,我将不胜感激,因为我无法继续执行任务

提前致谢

我已经尝试了很多东西,但是找不到解决方案。

最佳答案

我找到了解决方案。
必须添加AuthenticationProvider bean来配置AuthenticationManagerBuilder。
所以我不得不创建UserDetailService(我想避免的事情)并像这样添加它:

package com.mashosoft.backEndTest.security.config;

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    RestAuthenticationEntryPoint restAuthenticationEntryPoint;

    @Autowired
    UserRepository userRepository;

    @Autowired
    UserDetailsService userDetailsService;

    @Bean
    public PasswordEncoder encoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean(name = BeanIds.AUTHENTICATION_MANAGER)
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    DaoAuthenticationProvider authenticationProvider(){
        DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
        daoAuthenticationProvider.setPasswordEncoder( encoder() );
        daoAuthenticationProvider.setUserDetailsService( userDetailsService );
        return  daoAuthenticationProvider;
    }

    @Override
    protected void configure(AuthenticationManagerBuilder authManagerBuilder) {
        authManagerBuilder.authenticationProvider( authenticationProvider() );
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
            .sessionManagement().sessionCreationPolicy( SessionCreationPolicy.STATELESS )
        .and()
        .addFilter( new JwtAuthorizationFilter( authenticationManager(),restAuthenticationEntryPoint,userRepository ) );
        http.exceptionHandling().authenticationEntryPoint( restAuthenticationEntryPoint );
        http.authorizeRequests()
            .antMatchers( HttpMethod.POST,"/Auth/login**" ).permitAll()
            .antMatchers( HttpMethod.POST,"/Auth/signup**" ).permitAll()
            .anyRequest().authenticated();
    }
}


如果有人知道如何避免将UserDetailService声明为具有更好的控件,将不胜感激。

09-26 16:50