@AuthenticationPrincipal 返回空用户

【问题标题】:@AuthenticationPrincipal return empty User@AuthenticationPrincipal 返回空用户
【发布时间】:2017-04-24 07:15:33
【问题描述】:

我有这个控制器,用于保存与当前经过身份验证的用户相关的帖子信息:

@PostMapping("/create")
    public String processPost(
            @CurrentUser User activeUser,
            @ModelAttribute @Valid Post post, 
            Errors errors){
        if(errors.hasErrors()){
            return "admin/post/create";
        }
        User user2 = (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        logger.info("Información del usuario mediate @CurrentUser: " + activeUser.toString());
        logger.info("Información del usuario mediate SecurityContextHolder: " + user2.toString());
        post.setAuthor(activeUser);
        postService.create(post);
        return "redirect:/admin/posts/all";
    }

@CurrentUser 定义在这里:

package services.security;

import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import org.springframework.security.core.annotation.AuthenticationPrincipal;

/**
 *
 * @author sergio
 */
@Target({ElementType.PARAMETER, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
@Documented
@AuthenticationPrincipal
public @interface CurrentUser {}

控制器执行时@AuthenticationPrincipal获取的用户为空,SecurityContextHolder获取的用户包含所有信息:

2016-12-10 19:37:52 INFO  PostController:62 - Información del usuario mediate @CurrentUser: User{id=null, username=null, passwordClear=null, confirmPassword=null, password=null, email=null, enabled=true, fullName=null, posts=[]}
2016-12-10 19:37:52 INFO  PostController:63 - Información del usuario mediate SecurityContextHolder: User{id=1, username=sergio11, passwordClear=null, confirmPassword=null, password=$2a$10$LJvYTNacIvqZWDQWjF7xaeheK1MrF.FkXxovb2QgcF2CMudA1mM/., email=sss4esob@gmail.com, enabled=true, fullName=Sergio Sánchez Sánchez, posts=[]}

据我了解,使用 @EnableWebSecurity 已经在上下文中启用了 @AuthenticationPrincipal 的解析器参数

我的 Spring 安全配置是这样的:

package config.security;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import services.security.CustomUserDetailsService;
/**
 *
 * @author sergio
 */
@Configuration
@EnableWebSecurity
@ComponentScan(basePackageClasses = CustomUserDetailsService.class)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;
    @Autowired
    private DefaultAuthenticationEventPublisher defaultAuthenticationEventPublisher;

    @Bean
    public PasswordEncoder passwordEncoder() {
        PasswordEncoder encoder = new BCryptPasswordEncoder();
        return encoder;
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
         auth
            .authenticationEventPublisher(defaultAuthenticationEventPublisher)
            .userDetailsService(userDetailsService)
            .passwordEncoder(passwordEncoder());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/admin/signup").anonymous()
                .antMatchers("/admin/**").authenticated()
                .anyRequest().permitAll()
                .and()
                .formLogin().loginPage("/admin/login").permitAll()
                .usernameParameter("username").passwordParameter("password")
                .and()
                .logout()
                    .logoutRequestMatcher(new AntPathRequestMatcher("/admin/logout"))
                    .logoutSuccessUrl("/admin/login?logout")
                .and()
                .exceptionHandling().accessDeniedPage("/403")
                .and()
                .csrf();
    }

    @Bean
    public DefaultAuthenticationEventPublisher authenticationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
        return new DefaultAuthenticationEventPublisher(applicationEventPublisher);
    }
}

我正在使用 Spring Security 4.2.0.RELEASE

谢谢:)

【问题讨论】:

    标签: java spring spring-mvc spring-security


    【解决方案1】:

    错误信息很清楚。您的 CustomerUserDetails 对象听起来是一个实体对象。在其中添加一个默认构造函数:

    public class CustomUserDetails extends User implements UserDetails {
//..
   public CustomUserDetails(){}
//..
}

    【讨论】:

    • 谢谢,我已经尝试过了并出现了这个错误:在组的持续时间内,类 [services.security.CustomUserDetails] 的验证失败。换句话说,JPA Bean 验证失败。
    • 看起来对象是空的,因为所有验证都失败了。
    【解决方案2】:

    此问题是因为 CustomFlashMessagesConfigurer 中的 DelegatingFlashMessagesConfiguration 急切地初始化了 handlerExceptionResolver,这会阻止 AuthenticationPrincipalArgumentResolver 在 Spring MVC 构建 DispatcherServlets 自定义参数解析器之前被注册。

    所以我变了:

    @Configuration
@EnableWebMvc
@ComponentScan(value = { "controllers", "services", "listeners" })
@Import(value = { ThymeleafConfig.class, i18nConfig.class, CustomFlashMessagesConfigurer.class })
public class WebConfig extends WebMvcConfigurerAdapter

    对于这个另一个:

    @Configuration
@ComponentScan(value = { "controllers", "services", "listeners" })
@Import(value = { ThymeleafConfig.class, i18nConfig.class, CustomFlashMessagesConfigurer.class })
@EnableWebMvc
public class WebConfig extends WebMvcConfigurerAdapter

    这样就解决了问题。

    【讨论】:

      猜你喜欢
      • 2020-03-10
      • 2023-02-09
      • 1970-01-01
      • 2014-12-18
      • 2015-06-21
      • 1970-01-01
      • 2018-12-21
      • 1970-01-01
      • 2020-08-18
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode