StackOverflowError我在使用时得到authenticationManger.authenticate()。我看到这里已经回答了问题:Why AuthenticationManager is throwing StackOverflowError? ,但我没有扩展 deprecated WebSecurityConfigurerAdapter,所以我的配置如下所示:
@Configuration
@EnableWebSecurity
public class SecurityConfig{
@Bean
public UserDetailsService userDetailsService() {
return new CustomUserDetailsService();
}
@Bean
@Order(1)
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.httpBasic().disable().csrf().disable().sessionManagement()
.and().authorizeRequests()
.antMatchers("/**").permitAll()
.anyRequest().authenticated().and().csrf().disable();
http
.logout()
.invalidateHttpSession(true)
.logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler(HttpStatus.OK));
return http.build();
}
@Bean
@Order(0)
public SecurityFilterChain resources(HttpSecurity http) throws Exception {
http.requestMatchers((matchers) -> matchers.antMatchers("*.bundle.*"))
.authorizeHttpRequests((authorize) -> authorize.anyRequest().permitAll())
.requestCache().disable()
.securityContext().disable()
.sessionManagement().disable();
return http.build();
}
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
return authenticationConfiguration.getAuthenticationManager();
} …在我的项目中,我有两个不同的身份验证路径:第一个用于普通用户登录,第二个用于雇主登录。因此,我首先使用 AuthenticationProvider 为用户创建一个身份验证过滤器,并且它工作正常。对于第二次身份验证,我创建了其身份验证过滤器,当我为雇主创建另一个身份验证提供程序时,这就是问题所在。当我尝试使用authenticationmanager.authenticate(userPassAuthToken) .\xc2\xa0中的AuthenticationManager实例来验证用户的用户名和密码时,出现java.lang.StackOverflowError: null
\n我不明白当我创建另一个身份验证提供程序时发生了什么,也不明白为什么身份验证管理器会抛出此异常。我认为身份验证管理器对使用哪个提供程序感到困惑。
\n首先,我使用其过滤器和身份验证提供程序为普通用户创建第一个身份验证,如以下代码所示:
\n@Component\npublic class UserPassAuthFilter extends OncePerRequestFilter {\n\n @Autowired\n @Lazy\n private AuthenticationManager authManager;\n @Autowired\n private AuthPath authPath;\n @Autowired\n AuthFilterUtil authFilterUtil;\n @Autowired\n private UserMapper userMapper;\n\n @Override\n protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {\n\n char[] username=request.getHeader("username").toCharArray();\n char[] password=request.getHeader("password").toCharArray();\n\n UserPassAuthToken authentication= new UserPassAuthToken(String.valueOf(username),String.valueOf(password));\n UserPassAuthToken currentAuth =(UserPassAuthToken)authManager.authenticate(authentication);\n if (!currentAuth.isAuthenticated()){\n authFilterUtil.onFailureAuth(response,request,null);\n }\n else {\n SecurityContextHolder.getContext().setAuthentication(currentAuth);\n if(request.getServletPath().equals(authPath.getUserPasswordFilter_pathShouldDo().get(0))) {\n UserDto responseBody = userMapper.mapUserToDto(currentAuth.getUsersDetails().getUsers());\n responseBody.setToken(authFilterUtil.prepareTokenToAuthResponse(\n currentAuth.getAuthorities(),\n currentAuth.getName().toCharArray()\n …