[英]Spring Boot user is null in @AuthenticationPrincipal in Logout
我在从经过身份验证的过程中获取用户实体值时遇到问题。 登录后,我想注销。
我在获取经过身份验证的用户值时遇到问题,因为它是 null。
注销时出现此错误
java.lang.NullPointerException: Cannot invoke "com.app.modal.User.getId()" because "this.user" is null
我该如何解决?
这是我的 CurrentUser class,如下所示。
@Target({ElementType.PARAMETER, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
@Documented
@AuthenticationPrincipal
public @interface CurrentUser {
}
这是我的 AuthController class,如下所示。
@RestController
@RequestMapping("/api/auth")
public class AuthController {
UserService userService;
RoleService roleService;
RefreshTokenService refreshTokenService;
AuthenticationManager authenticationManager;
PasswordEncoder encoder;
JwtUtils jwtUtils;
@Autowired
public AuthController(UserService userService, RoleService roleService, RefreshTokenService refreshTokenService,
AuthenticationManager authenticationManager, PasswordEncoder encoder, JwtUtils jwtUtils) {
this.userService = userService;
this.roleService = roleService;
this.refreshTokenService = refreshTokenService;
this.authenticationManager = authenticationManager;
this.encoder = encoder;
this.jwtUtils = jwtUtils;
}
@PostMapping("/signin")
public ResponseEntity<?> authenticateUser(@RequestBody LoginRequest loginRequest) {
LOGGER.info("AuthController | authenticateUser is started");
String username = loginRequest.getUsername();
String password = loginRequest.getPassword();
LOGGER.info("AuthController | authenticateUser | username : " + username);
LOGGER.info("AuthController | authenticateUser | password : " + password);
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(username,password);
LOGGER.info("AuthController | authenticateUser | usernamePasswordAuthenticationToken : " + usernamePasswordAuthenticationToken.toString());
Authentication authentication = authenticationManager.authenticate(usernamePasswordAuthenticationToken);
SecurityContextHolder.getContext().setAuthentication(authentication);
CustomUserDetails userDetails = (CustomUserDetails) authentication.getPrincipal();
String jwt = jwtUtils.generateJwtToken(userDetails);
LOGGER.info("AuthController | authenticateUser | jwt : " + jwt);
List<String> roles = userDetails.getAuthorities().stream().map(item -> item.getAuthority())
.collect(Collectors.toList());
LOGGER.info("AuthController | authenticateUser | roles : " + roles.toString());
RefreshToken refreshToken = refreshTokenService.createRefreshToken(userDetails.getId());
LOGGER.info("AuthController | authenticateUser | refreshToken : " + refreshToken.toString());
JWTResponse jwtResponse = new JWTResponse();
jwtResponse.setEmail(userDetails.getEmail());
jwtResponse.setUsername(userDetails.getUsername());
jwtResponse.setId(userDetails.getId());
jwtResponse.setToken(jwt);
jwtResponse.setRefreshToken(refreshToken.getToken());
jwtResponse.setRoles(roles);
LOGGER.info("AuthController | authenticateUser | jwtResponse : " + jwtResponse.toString());
return ResponseEntity.ok(jwtResponse);
}
@PostMapping("/logout")
public ResponseEntity<?> logoutUser(@CurrentUser CustomUserDetails user) {
LOGGER.info("AuthController | logoutUser is started");
int userId = user.getId();
int deletedValue = refreshTokenService.deleteByUserId(userId);
if(deletedValue == 1){
return ResponseEntity.ok(new MessageResponse("Log out successful!"));
}else{
return ResponseEntity.ok(new MessageResponse("You're already logout"));
}
}
}
这是我的 CustomDetails class,如下所示。
public class CustomUserDetails implements UserDetails {
private User user;
public CustomUserDetails(User user) {
this.user = user;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
Set<Role> roles = user.getRoles();
List<SimpleGrantedAuthority> authories = new ArrayList<>();
for (Role role : roles) {
authories.add(new SimpleGrantedAuthority(role.getName().name()));
}
return authories;
}
@Override
public String getPassword() {
return user.getPassword();
}
@Override
public String getUsername() {
return user.getUsername();
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
public int getId(){
return user.getId();
}
public String getEmail(){
return user.getEmail();
}
}
这是我的 CustomUserDetailsService class,如下所示。
@Service
public class CustomUserDetailsService implements UserDetailsService {
@Autowired
UserService userService;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user = userService.findByUsername(username)
.orElseThrow(() -> new UserNotFoundException("User Name " + username + " not found"));
return new CustomUserDetails(user);
}
}
这是我的 WebSecurityConfig class,如下所示。
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(
prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
CustomUserDetailsService customUserDetailsService;;
private AuthEntryPointJwt unauthorizedHandler;
JwtUtils jwtUtils;
@Autowired
public WebSecurityConfig(CustomUserDetailsService customUserDetailsService, AuthEntryPointJwt unauthorizedHandler,JwtUtils jwtUtils) {
this.customUserDetailsService = customUserDetailsService;
this.unauthorizedHandler = unauthorizedHandler;
this.jwtUtils = jwtUtils;
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
public void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
authenticationManagerBuilder.userDetailsService(customUserDetailsService).passwordEncoder(passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and()
.csrf().disable()
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests().antMatchers("/api/auth/**").permitAll()
.antMatchers("/api/pages/**").permitAll()
.anyRequest().authenticated();
http.addFilterBefore(authenticationJwtTokenFilter(jwtUtils,customUserDetailsService), UsernamePasswordAuthenticationFilter.class);
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
public AuthTokenFilter authenticationJwtTokenFilter(JwtUtils jwtUtils, CustomUserDetailsService customUserDetailsService) {
return new AuthTokenFilter(jwtUtils, customUserDetailsService);
}
}
根据您的回购协议进行一项更改: https://github.com/Rapter1990/SpringBootRefreshTokenJWT
import java.security.Principal;
import springfox.documentation.annotations.ApiIgnore;
...
@PostMapping("/logout")
public ResponseEntity<?> logoutUser(@ApiIgnore Principal principalUser) {
LOGGER.info("AuthController | logoutUser is started");
//Since in AuthFilter You are setting UsernamePasswordAuthenticationToken, we will retrieve and cast
Object principal = ((UsernamePasswordAuthenticationToken) principalUser).getPrincipal();
CustomUserDetails user = (CustomUserDetails) principal;
int userId = user.getId();
int deletedValue = refreshTokenService.deleteByUserId(userId);
if(deletedValue == 1){
return ResponseEntity.ok(new MessageResponse("Log out successful!"));
}else{
return ResponseEntity.ok(new MessageResponse("You're already logout"));
}
}
Azure Active Directory Spring 引导@AuthenticationPrincipal
[英]Azure Active Directory Spring Boot @AuthenticationPrincipal
当发送登录请求时,@AuthenticationPrincipal 的用户为空
[英]When send login request user be null for @AuthenticationPrincipal
@AuthenticationPrincipal UserModel 用户始终为 Null。 我尝试了很多解决方法
[英]@AuthenticationPrincipal UserModel user is always Null. I tried many solution methods
Spring Security 4 @AuthenticationPrincipal 为空,core.annotation.AuthenticationPrincipal 但不是 web.bind.annotation.AuthenticationPrincipal
[英]Spring Security 4 @AuthenticationPrincipal empty with core.annotation.AuthenticationPrincipal but not web.bind.annotation.AuthenticationPrincipal
HIbernate - Spring 启动 / Null 在发布用户时引用 FK
[英]HIbernate - Spring boot / Null references FK when posting an User
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.