[英]Spring Cloud OAuth2Authentication returns NullPointerException
我正在慢慢了解Spring Cloud Security。 我已經創建了授權服務,它在授權和返回令牌時有效,但在使用該令牌時,從OAuth2Authentication獲取這些令牌時,不會返回任何當前用戶詳細信息。 這兩行返回NPE:
userInfo.put("user", user.getUserAuthentication().getPrincipal());
userInfo.put("authorities", AuthorityUtils.authorityListToSet(user.getUserAuthentication().getAuthorities()));
OAuth2Authentication user未實例化並且為null,而我理解它應該默認情況下由Spring Security實例化。 也許我錯過了一些配置bean? 提前致謝!
Application.class
@SpringBootApplication
@RestController
@EnableResourceServer
@EnableAuthorizationServer
public class AuthorizationServiceApplication {
@RequestMapping(value = {"/user"}, produces = "application/json")
public Map <String, Object> user (OAuth2Authentication user) {
Map <String, Object> userInfo = new HashMap <>();
userInfo.put("user", user.getUserAuthentication().getPrincipal());
userInfo.put("authorities", AuthorityUtils.authorityListToSet(user.getUserAuthentication().getAuthorities()));
return userInfo;
}
public static void main (String[] args) {
SpringApplication.run(AuthorizationServiceApplication.class, args);
}
}
OAuth2Config.class
@Configuration
public class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Value("${token.secret}")
private String secret;
private AuthenticationManager authenticationManager;
private UserDetailsService userDetailsService;
public OAuth2Config (AuthenticationManager authenticationManager, UserDetailsService userDetailsService) {
this.authenticationManager = authenticationManager;
this.userDetailsService = userDetailsService;
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("eagleeye")
.secret(secret)
.authorizedGrantTypes("refresh_token", "password", "client_credentials")
.scopes("webclient", "mobileclient");
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.authenticationManager(authenticationManager)
.userDetailsService(userDetailsService);
}
}
WebSecurityConfigurer.class
@Configuration
public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
@Override
@Bean
public AuthenticationManager authenticationManagerBean () throws Exception {
return super.authenticationManagerBean();
}
@Override
@Bean
public UserDetailsService userDetailsServiceBean() throws Exception {
return super.userDetailsServiceBean();
}
// TODO: implemented DB stuff
@Override
protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
authenticationManagerBuilder
.inMemoryAuthentication()
.withUser("deniss").password("deniss1").roles("USER")
.and()
.withUser("oksana").password("oksana").roles("USER, ADMIN");
}
private CsrfTokenRepository csrfTokenRepository() {
HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
repository.setSessionAttributeName("_csrf");
return repository;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().csrfTokenRepository(csrfTokenRepository());
}
}
最后我得到了這樣的工作:
Application.class
@SpringBootApplication
@RestController
@EnableResourceServer
public class AuthorizationServiceApplication {
private final Logger log = LoggerFactory.getLogger(this.getClass());
@RequestMapping("/user")
public Principal user(Principal user) {
log.info("User information display for User: " + user.getName());
return user;
}
@Bean
UserDetailsService userDetailsService() {
InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
manager.createUser(User.withUsername("deniss").password("deniss").roles("USER").build());
return manager;
}
public static void main (String[] args) {
SpringApplication.run(AuthorizationServiceApplication.class, args);
}
}
OAuth2Config.java
@Configuration
@EnableAuthorizationServer
public class OAuth2Config extends AuthorizationServerConfigurerAdapter {
//TODO: refactor to recieve this info from config server
@Value("${token.secret}")
private String secret;
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("eagleeye")
.secret(secret)
.authorizedGrantTypes("refresh_token", "password", "client_credentials")
.scopes("webclient", "mobileclient");
}
}
SecurityConfigurer.class
@Configuration
@EnableGlobalAuthentication
public class SecurityConfigurer extends GlobalAuthenticationConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
// TODO: implemented DB stuff
@Override
public void init(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
authenticationManagerBuilder.userDetailsService(this.userDetailsService);
}
}
我遇到了同樣的問題,似乎是新版本的bug。 我更改了Spring Boot 1.5.9.RELEASE,Spring Cloud Edgware.RELEASE支持Spring Boot 1.4.4.RELEASE,Spring Cloud Camden.SR5,問題消失了。
設置security.oauth2.resource.filter-order=3配置屬性以恢復先前版本中使用的排序。 有關詳細信息,請參閱此處輸入鏈接說明
Spring Security OAuth2 - 如何使用 OAuth2Authentication 對象?
[英]Spring Security OAuth2 - How to use OAuth2Authentication object?
使用 mongoDB 的 Spring Boot 返回 NullPointerException
[英]Spring boot with mongoDB returns NullPointerException
Spring Cloud OAuth2:經過身份驗證后,再次將AGAIN重定向到登錄頁面,就像使用表單登錄時未經身份驗證一樣
[英]Spring Cloud OAuth2: Redirected AGAIN to login page after authentication as if unauthenticated when form login is used
在Spring中模擬身份驗證:提供程序列表拋出NullPointerException
[英]Mocking authentication in Spring: List of providers throws NullPointerException
Spring 在單元測試中啟動 @Autowired 返回 NullPointerException
[英]Spring Boot @Autowired in unit test returns NullPointerException
gdata oauth2授權NullPointerException:沒有身份驗證標頭信息
[英]gdata oauth2 authorization NullPointerException: No authentication header information
Spring Boot URL請求映射返回NullPointerException
[英]Spring Boot URL Request Mapping Returns NullPointerException
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.