那些遇到过的问题

Spring Boot 1.4:Principal不能为null异常

Ali*_*our 4 spring-security spring-boot spring-boot-actuator

自Spring boot 1.4发布以来,我遇到了以下问题.我有一个自定义身份验证提供程序,用于管理Spring Security的JWT令牌解析.基本上,当令牌无效或过期时,我会抛出BadCredentialsException.我还有一个AutenticationEntryPoint,它使用JSON中的Unauthorized HttpServlet响应重新格式化消息

@Override
public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException
{
    httpServletResponse.setContentType("application/json");
    httpServletResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
    httpServletResponse.getOutputStream().println("{ \"error\": \"" + e.getMessage() + "\" }");

}
Run Code Online (Sandbox Code Playgroud)

以下是管理身份验证提供程序例外的过滤器

@Override
protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException

{

    String authToken = httpServletRequest.getHeader("Authorization");



    JwtToken token = new JwtToken(authToken);
    try
    {
        Authentication auth = authenticationManager.authenticate(token);
        SecurityContextHolder.getContext().setAuthentication(auth);
        filterChain.doFilter(httpServletRequest, httpServletResponse);

    }
    catch(AuthenticationException ae)
    {
        SecurityContextHolder.clearContext();
        unauthorizedHandler.commence(httpServletRequest, httpServletResponse, ae);
    }
Run Code Online (Sandbox Code Playgroud)

这在Spring Boot 1.3.6中工作正常现在我收到以下错误

java.lang.IllegalArgumentException:Principal不能为null堆栈跟踪:

java.lang.IllegalArgumentException: Principal must not be null
at org.springframework.util.Assert.notNull(Assert.java:115) ~[spring-core-4.3.2.RELEASE.jar:4.3.2.RELEASE]
at org.springframework.boot.actuate.audit.AuditEvent.<init>(AuditEvent.java:83) ~[spring-boot-actuator-1.4.0.RELEASE.jar:1.4.0.RELEASE]
at org.springframework.boot.actuate.audit.AuditEvent.<init>(AuditEvent.java:59) ~[spring-boot-actuator-1.4.0.RELEASE.jar:1.4.0.RELEASE]
at org.springframework.boot.actuate.security.AuthenticationAuditListener.onAuthenticationFailureEvent(AuthenticationAuditListener.java:67) ~[spring-boot-actuator-1.4.0.RELEASE.jar:1.4.0.RELEASE]
at org.springframework.boot.actuate.security.AuthenticationAuditListener.onApplicationEvent(AuthenticationAuditListener.java:50) ~[spring-boot-actuator-1.4.0.RELEASE.jar:1.4.0.RELEASE]
at org.springframework.boot.actuate.security.AuthenticationAuditListener.onApplicationEvent(AuthenticationAuditListener.java:34) ~[spring-boot-actuator-1.4.0.RELEASE.jar:1.4.0.RELEASE]
at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:166) ~[spring-context-4.3.2.RELEASE.jar:4.3.2.RELEASE]
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:138) ~[spring-context-4.3.2.RELEASE.jar:4.3.2.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:382) ~[spring-context-4.3.2.RELEASE.jar:4.3.2.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:336) ~[spring-context-4.3.2.RELEASE.jar:4.3.2.RELEASE]
at org.springframework.security.authentication.DefaultAuthenticationEventPublisher.publishAuthenticationFailure(DefaultAuthenticationEventPublisher.java:124) ~[spring-security-core-4.1.1.RELEASE.jar:4.1.1.RELEASE]
at org.springframework.security.authentication.ProviderManager.prepareException(ProviderManager.java:240) ~[spring-security-core-4.1.1.RELEASE.jar:4.1.1.RELEASE]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:233) ~[spring-security-core-4.1.1.RELEASE.jar:4.1.1.RELEASE]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199) ~[spring-security-core-4.1.1.RELEASE.jar:4.1.1.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:454) ~[spring-security-config-4.1.1.RELEASE.jar:4.1.1.RELEASE]
at com.icentia.tracking.security.JwtFilter.doFilterInternal(JwtFilter.java:49) ~[classes/:na]
Run Code Online (Sandbox Code Playgroud)

这是来自Spring Boot Actuator.如果我删除它,它像以前一样工作?!?

这里似乎有一个错误,虽然不一样:https: //github.com/spring-projects/spring-boot/issues/6447

我想在生产中使用Actuator,我可以使用任何解决方法吗?

谢谢

小智 7

确保接口中的getName()方法PrincipalJwtToken类中返回非null值.

归档时间:

查看次数:

3554 次

最近记录:

9 年,1 月 前
相关归档
如何使用Spring安全性有条件地向登录用户显示jsp内容 43
如何用spring-rabbit配置RabbitMQ连接? 19
Spring Boot中application.properties可用的属性列表? 7
由于 bean 命名冲突,Spring Boot 应用程序无法运行 7
内存数据库H2中的Spring Boot在初始化时不从文件加载数据 6
Spring-boot:注册 mongodb 自定义转换器 6
如何告诉 springdoc-openapi-maven-plugin 生成 YAML 而不是 JSON? 6
在 Spring Boot 中读取 yml 值时无法解析占位符 6
java.lang.IllegalArgumentException:parseAlgParameters失败:ObjectIdentifier()--数据不是对象ID(标签= 48) 5
如何从Spring Security中的java代码登录用户? 2
难疑归档
在CSS中设置cellpadding和cellspacing? 3210
比较Git中的两个分支? 2149
垂直对齐图像旁边的文字? 1881
动态创建元素的事件绑定? 1677
什么是TypeScript,为什么我会用它代替JavaScript? 1637
单击div到底层元素 1500
如何将包含历史记录的SVN存储库迁移到新的Git存储库? 1486
有效地使用Git和Dropbox? 1117
如何在Node.js上的Express.js中获取GET(查询字符串)变量? 1115
我如何修剪空白? 1035