Apache Shiro 与 Spring MVC AuthorizingRealm @Autowired java.lang.NullPointerException

Question

我正在使用 Spring 版本 4 处理基于 Spring MVC 的应用程序。我正在尝试使用 Apache Shiro 作为安全框架。我已经在我的应用程序中实现了 AuthorizingRealm，但是当我尝试登录时，我得到了 java.lang.NullPointerException 错误。我的代码如下：

@组件

公共类 CustomSecurCustomSecurityRealmityRealm 扩展 AuthorizingRealm {

@Autowired
UserService userService;

@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {

    Set<String> roles = new HashSet<>();
    Collection<org.apache.shiro.authz.Permission> permissions = new HashSet<>();

    String username = (String) principals.getPrimaryPrincipal();

    User user = userService.findByEmail(username);

    if (user == null)
        throw new UnknownAccountException();

    for (Role role : user.getRole()) {
        roles.add(role.getName());
        for (Iterator<Permission> iterator = role.getPermissions().iterator(); iterator.hasNext();) {
            Permission permission = iterator.next();
            permissions.add(new WildcardPermission(permission.getName()));
        }
    }

    SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
    authorizationInfo.setRoles(roles);
    authorizationInfo.addObjectPermissions(permissions);
    return authorizationInfo;
}

@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

    UsernamePasswordToken upat = (UsernamePasswordToken) token;
    User user = userService.findByEmail(upat.getUsername());
    if (user != null && user.getPasswordHash().equals(new String(upat.getPassword()))) {
        return new SimpleAuthenticationInfo(user, user.getPasswordHash(), getName());
    } else {
        throw new AuthenticationException("Invalid username/password!");
    }
}

}

@配置如下：

@Bean
public WebSecurityManager securityManager() {
    DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
    securityManager.setRealm(new CustomSecurityRealm());
    return securityManager;
}

@Bean
public static LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
    return new LifecycleBeanPostProcessor();
}

@Bean
public MethodInvokingFactoryBean methodInvokingFactoryBean() {
    MethodInvokingFactoryBean methodInvokingFactoryBean = new MethodInvokingFactoryBean();
    methodInvokingFactoryBean.setStaticMethod("org.apache.shiro.SecurityUtils.setSecurityManager");
    methodInvokingFactoryBean.setArguments(new Object[] { securityManager() });
    return methodInvokingFactoryBean;
}

@Bean
@DependsOn(value = "lifecycleBeanPostProcessor")
public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
    return new DefaultAdvisorAutoProxyCreator();
}

@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor() {
    AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
    authorizationAttributeSourceAdvisor.setSecurityManager(securityManager());
    return authorizationAttributeSourceAdvisor;
}

@Bean
public ShiroFilterFactoryBean shiroFilterBean() {
    ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
    Map<String, String> definitionsMap = new HashMap<>();
    definitionsMap.put("/auth/signIn", DefaultFilter.anon.name());
    definitionsMap.put("/auth/login", DefaultFilter.anon.name());
    definitionsMap.put("/home/index", "authc");
    shiroFilter.setFilterChainDefinitionMap(definitionsMap);
    shiroFilter.setLoginUrl("/auth/login");
    shiroFilter.setSuccessUrl("/home/index");
    shiroFilter.setSecurityManager(securityManager());
    return shiroFilter;
}

任何人请帮我解释为什么 UserService userService 得到 null 并抛出 NullPointerException

Answer 1

看看 Shiro spring-boot 模块：https://github.com/apache/shiro/tree/master/support/spring-boot/spring-boot-starter/src/main/java/org/apache/shiro/spring/boot/autoconfigure