![](/img/trans.png)
[英]How can I implement Basic Authentication with JWT authentication in Spring Boot?
[英]I can't Persist data within Spring boot Authentication Provider
我无法在AuthenticationProvider
保留数据, cashierRepo.save(cashierDAO)
正在抛出nullPointerException
。
@Component
public class TACoreAuthProvider implements AuthenticationProvider {
UsernamePasswordAuthenticationToken userToken;
@Autowired
CashierDAOServiceImpl cashierRepo;
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String username = authentication.getPrincipal().toString();
String password = authentication.getCredentials().toString();
Mono<LoginResponseDAO> loginResponseDAO = tacoreAuth(username, password);
loginResponseDAO.subscribe(responseDAO->{
System.out.print(responseDAO.toString());
if(!responseDAO.getStatus().equalsIgnoreCase("success")){
throw new BadCredentialsException("External system authentication failed");
}
responseDAO.getData().setUserName(username);
CashierDAO cashierDAO = responseDAO.getData();
cashierRepo.save(cashierDAO);
Set<GrantedAuthority> grantedAuthorities = new HashSet<>();
grantedAuthorities.add(new SimpleGrantedAuthority(responseDAO.getData().getUser_category()));
userToken = new UsernamePasswordAuthenticationToken(username, password, grantedAuthorities);
});
感谢大家,我已经能够弄清楚问题是什么。
@Bean
public static TACoreAuthProvider getAuthProvider(CashierDAOServiceImpl cashierDAOService){
return new TACoreAuthProvider(cashierDAOService);
}
由于“TACoreAuthProvider”实例为空,因此在要实现它的静态类“ApiWebSecurityConfigurationAdapter”之外声明。
@EnableWebSecurity
public class SecurityConfig {
@Bean
public static TACoreAuthProvider getAuthProvider(CashierDAOServiceImpl cashierDAOService){
return new TACoreAuthProvider(cashierDAOService);
}
@Configuration
@Order(1)
public static class ApiWebSecurityConfigurationAdapter extends
WebSecurityConfigurerAdapter{
@Bean
public CustomBasicAuthenticationEntryPoint getBasicAuthEntryPoint(){
return new CustomBasicAuthenticationEntryPoint();
}
@Override
protected void configure(HttpSecurity http)throws Exception{
http.csrf().disable()
//.addFilterAfter(new JWTAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
.antMatcher("/api/**")
.authorizeRequests().anyRequest().authenticated()
.and()
.httpBasic().authenticationEntryPoint(getBasicAuthEntryPoint())
.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception
{
auth.authenticationProvider(getAuthProvider(cashierDAOService));
}
}
下面的代码是工作版本
@EnableWebSecurity
public class SecurityConfig {
@Configuration
@Order(1)
public static class ApiWebSecurityConfigurationAdapter extends
WebSecurityConfigurerAdapter{
@Bean
public static TACoreAuthProvider getAuthProvider(CashierDAOServiceImpl cashierDAOService){
return new TACoreAuthProvider(cashierDAOService);
}
@Bean
public CustomBasicAuthenticationEntryPoint getBasicAuthEntryPoint(){
return new CustomBasicAuthenticationEntryPoint();
}
@Override
protected void configure(HttpSecurity http)throws Exception{
http.csrf().disable()
//.addFilterAfter(new JWTAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
.antMatcher("/api/**")
.authorizeRequests().anyRequest().authenticated()
.and()
.httpBasic().authenticationEntryPoint(getBasicAuthEntryPoint())
.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception
{
auth.authenticationProvider(getAuthProvider(cashierDAOService));
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.