那些遇到过的问题

具有索引问题的弹簧安全数据

jay*_*jay 5 spring-security spring-data spring-data-mongodb spring-boot

尝试使用具有 Spring 数据安全性的方法级安全性。

我创建了一个示例 repo https://github.com/jayasai470/spring-data-security-sample/

当@Indexed 被评论时一切正常,我可以在 mongo 调试日志中看到,对于 spel 查询 @Query("{tenantId: ?#{principal.tenantId}}") tenantId 被正确注入

但是当我尝试包含 @Indexed 注释服务器时无法启动。Mongo 模板抛出异常,身份验证对象为空

 // my entity class
@Data
@Document(collection = "userprofiles")
public class UserProfile {

@Id
@Field("_id")
private String id;

@Email(message = "not a valid email")
@Indexed(unique = true, name = "email_1", background = true)
private String email;

private String tenantId;
}

 //repository
@Repository
public interface UserProfileRepository extends 
  PagingAndSortingRepository<UserProfile, String> {

UserProfile findOneByEmail(String email);

@Query("{tenantId: ?#{principal.tenantId}}")
List<UserProfile> findAllByTenantId();
}

// registered a bean of SecurityEvaluationContextExtension
public class MongoSecurityEvaluationContextExtension extends 
 SecurityEvaluationContextExtension {

@Override
public String getExtensionId() {
 return "security";
}

@Override
public Map<String, Object> getProperties() {
 return Collections.singletonMap("principal", (UserProfile) 
SecurityContextHolder.getContext().getAuthentication().getPrincipal());
 }
}

//web security config
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

@Bean
public SecurityEvaluationContextExtension 
 securityEvaluationContextExtension() {
    return new MongoSecurityEvaluationContextExtension();
 }

}
Run Code Online (Sandbox Code Playgroud)

如果我们删除 @indexed 注释,上面的代码工作正常。如果启用索引,则服务器无法启动

下面是堆栈跟踪

    Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.data.mongodb.core.MongoTemplate]: Factory method 'mongoTemplate' threw exception; nested exception is java.lang.IllegalArgumentException: Authentication object cannot be null
    at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185) ~[spring-beans-5.2.2.RELEASE.jar:5.2.2.RELEASE]
    at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:651) ~[spring-beans-5.2.2.RELEASE.jar:5.2.2.RELEASE]
    ... 67 common frames omitted
    Caused by: java.lang.IllegalArgumentException: Authentication object cannot be null
    at org.springframework.security.access.expression.SecurityExpressionRoot.<init>(SecurityExpressionRoot.java:61) ~[spring-security-core-5.2.1.RELEASE.jar:5.2.1.RELEASE]
    at org.springframework.security.data.repository.query.SecurityEvaluationContextExtension$1.<init>(SecurityEvaluationContextExtension.java:108) ~[spring-security-data-5.2.1.RELEASE.jar:5.2.1.RELEASE]
    at org.springframework.security.data.repository.query.SecurityEvaluationContextExtension.getRootObject(SecurityEvaluationContextExtension.java:108) ~[spring-security-data-5.2.1.RELEASE.jar:5.2.1.RELEASE]
    at org.springframework.data.spel.ExtensionAwareEvaluationContextProvider$EvaluationContextExtensionAdapter.<init>(ExtensionAwareEvaluationContextProvider.java:369) ~[spring-data-commons-2.2.3.RELEASE.jar:2.2.3.RELEASE]
    at org.springframework.data.spel.ExtensionAwareEvaluationContextProvider.lambda$toAdapters$2(ExtensionAwareEvaluationContextProvider.java:159) ~[spring-data-commons-2.2.3.RELEASE.jar:2.2.3.RELEASE]
    at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193) ~[na:1.8.0_221]
    at java.util.stream.SortedOps$SizedRefSortingSink.end(SortedOps.java:352) ~[na:1.8.0_221]
    at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:483) ~[na:1.8.0_221]
    at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:472) ~[na:1.8.0_221]
    at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708) ~[na:1.8.0_221]
    at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[na:1.8.0_221]
    at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:499) ~[na:1.8.0_221]
    at org.springframework.data.spel.ExtensionAwareEvaluationContextProvider.toAdapters(ExtensionAwareEvaluationContextProvider.java:160) ~[spring-data-commons-2.2.3.RELEASE.jar:2.2.3.RELEASE]
    at org.springframework.data.spel.ExtensionAwareEvaluationContextProvider.access$000(ExtensionAwareEvaluationContextProvider.java:65) ~[spring-data-commons-2.2.3.RELEASE.jar:2.2.3.RELEASE]
    at org.springframework.data.spel.ExtensionAwareEvaluationContextProvider$ExtensionAwarePropertyAccessor.<init>(ExtensionAwareEvaluationContextProvider.java:182) ~[spring-data-commons-2.2.3.RELEASE.jar:2.2.3.RELEASE]
    at org.springframework.data.spel.ExtensionAwareEvaluationContextProvider.getEvaluationContext(ExtensionAwareEvaluationContextProvider.java:110) ~[spring-data-commons-2.2.3.RELEASE.jar:2.2.3.RELEASE]
    at org.springframework.data.spel.ExtensionAwareEvaluationContextProvider.getEvaluationContext(ExtensionAwareEvaluationContextProvider.java:64) ~[spring-data-commons-2.2.3.RELEASE.jar:2.2.3.RELEASE]
    at org.springframework.data.mapping.model.BasicPersistentEntity.getEvaluationContext(BasicPersistentEntity.java:528) ~[spring-data-commons-2.2.3.RELEASE.jar:2.2.3.RELEASE]
    at org.springframework.data.mongodb.core.mapping.BasicMongoPersistentEntity.getEvaluationContext(BasicMongoPersistentEntity.java:182) ~[spring-data-mongodb-2.2.3.RELEASE.jar:2.2.3.RELEASE]
    at org.springframework.data.mongodb.core.index.MongoPersistentEntityIndexResolver.getEvaluationContextForProperty(MongoPersistentEntityIndexResolver.java:525) ~[spring-data-mongodb-2.2.3.RELEASE.jar:2.2.3.RELEASE]
    at org.springframework.data.mongodb.core.index.MongoPersistentEntityIndexResolver.pathAwareIndexName(MongoPersistentEntityIndexResolver.java:584) ~[spring-data-mongodb-2.2.3.RELEASE.jar:2.2.3.RELEASE]
    at org.springframework.data.mongodb.core.index.MongoPersistentEntityIndexResolver.createIndexDefinition(MongoPersistentEntityIndexResolver.java:443) ~[spring-data-mongodb-2.2.3.RELEASE.jar:2.2.3.RELEASE]
    at org.springframework.data.mongodb.core.index.MongoPersistentEntityIndexResolver.createIndexDefinitionHolderForProperty(MongoPersistentEntityIndexResolver.java:213) ~[spring-data-mongodb-2.2.3.RELEASE.jar:2.2.3.RELEASE]
    at org.springframework.data.mongodb.core.index.MongoPersistentEntityIndexResolver.potentiallyAddIndexForProperty(MongoPersistentEntityIndexResolver.java:145) ~[spring-data-mongodb-2.2.3.RELEASE.jar:2.2.3.RELEASE]
    at org.springframework.data.mongodb.core.index.MongoPersistentEntityIndexResolver.lambda$resolveIndexForEntity$1(MongoPersistentEntityIndexResolver.java:129) ~[spring-data-mongodb-2.2.3.RELEASE.jar:2.2.3.RELEASE]
    at org.springframework.data.mapping.model.BasicPersistentEntity.doWithProperties(BasicPersistentEntity.java:355) ~[spring-data-commons-2.2.3.RELEASE.jar:2.2.3.RELEASE]
    at org.springframework.data.mongodb.core.index.MongoPersistentEntityIndexResolver.resolveIndexForEntity(MongoPersistentEntityIndexResolver.java:128) ~[spring-data-mongodb-2.2.3.RELEASE.jar:2.2.3.RELEASE]
    at org.springframework.data.mongodb.core.index.MongoPersistentEntityIndexResolver.resolveIndexFor(MongoPersistentEntityIndexResolver.java:104) ~[spring-data-mongodb-2.2.3.RELEASE.jar:2.2.3.RELEASE]
    at org.springframework.data.mongodb.core.index.MongoPersistentEntityIndexCreator.checkForAndCreateIndexes(MongoPersistentEntityIndexCreator.java:140) ~[spring-data-mongodb-2.2.3.RELEASE.jar:2.2.3.RELEASE]
    at org.springframework.data.mongodb.core.index.MongoPersistentEntityIndexCreator.checkForIndexes(MongoPersistentEntityIndexCreator.java:130) ~[spring-data-mongodb-2.2.3.RELEASE.jar:2.2.3.RELEASE]
    at org.springframework.data.mongodb.core.index.MongoPersistentEntityIndexCreator.<init>(MongoPersistentEntityIndexCreator.java:95) ~[spring-data-mongodb-2.2.3.RELEASE.jar:2.2.3.RELEASE]
    at org.springframework.data.mongodb.core.index.MongoPersistentEntityIndexCreator.<init>(MongoPersistentEntityIndexCreator.java:72) ~[spring-data-mongodb-2.2.3.RELEASE.jar:2.2.3.RELEASE]
    at org.springframework.data.mongodb.core.MongoTemplate.<init>(MongoTemplate.java:275) ~[spring-data-mongodb-2.2.3.RELEASE.jar:2.2.3.RELEASE]
    at org.springframework.boot.autoconfigure.data.mongo.MongoDbFactoryDependentConfiguration.mongoTemplate(MongoDbFactoryDependentConfiguration.java:63) ~[spring-boot-autoconfigure-2.2.2.RELEASE.jar:2.2.2.RELEASE]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_221]
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_221]
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_221]
    at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_221]
    at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154) ~[spring-beans-5.2.2.RELEASE.jar:5.2.2.RELEASE]
    ... 68 common frames omitted


    Process finished with exit code 1
Run Code Online (Sandbox Code Playgroud)

归档时间:

查看次数:

541 次

最近记录:

5 年,10 月 前
相关归档
Intellij maven项目致命错误编译:无效标志: - release 23
防止在couchbase连接错误时Spring Boot启动失败 9
Spring JpaRepository尚未保存嵌套对象 8
Maven / Spring boot 项目 - 如何跳过@SpringBootTest 8
Spring安全注销转到j_spring_security_logout 7
规范中没有定义任何操作!带弹簧靴 7
Java 应用程序在 Amazon AWS 中运行一段时间后停止运行 6
Spring Security 默认使用 AuthenticationProvider 和 UserDetailsS​​ervice 5
Spring Security Logout重定向到注销成功,然后立即重定向到无效的会话页面 3
如何将csrf标记添加到angular 2应用程序 3
难疑归档
如何在特定索引(JavaScript)的数组中插入项? 2709
检查字典中是否已存在给定键 2683
如何在Python中连接两个列表? 2250
显示两个修订版之间已更改的文件 2041
如何生成随机字母数字字符串? 1679
<button>与<input type ="button"/>.哪个用? 1588
在Visual Studio中使用Git 1452
你如何存放未跟踪的文件? 1287
AngularJS中指令范围内的'@'和'='有什么区别? 1053
返回IEnumerable <T>与IQueryable <T> 1051