我已经使用 Spring Security 管理了我的应用程序中的登录功能。我使用两个默认参数(用户名和密码)来执行此操作,并且工作正常。 但是,我需要在登录函数中添加一个额外的参数,但我在执行此操作时遇到了问题。
在 SecurityConfig.java 中,我添加了过滤器,并在按下提交按钮时调用它。
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/","/index","/login","/work", "/css/**","/out/**", "/js/**","/images/**","/fonts/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login").defaultSuccessUrl("/home")
.permitAll()
.and().logout().permitAll().and()
.csrf().disable();
http.addFilterBefore(new ExUsernamePasswordAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
}
}
然后是我自己的过滤器。我正在正确获取新参数(公司)值:
@Override
public Authentication attemptAuthentication(HttpServletRequest request,
HttpServletResponse response) throws AuthenticationException {
String dbValue = request.getParameter("Company");
request.getSession().setAttribute("dbValue", dbValue);
return super.attemptAuthentication(request, response);
}
我在 super.attemptAuthentication(request, response); 时遇到问题被调用,我得到空指针。
Error:
java.lang.NullPointerException org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:93)
es.smt.startrekweb.filter.ExUsernamePasswordAuthenticationFilter.attemptAuthentication(ExUsernamePasswordAuthenticationFilter.java:35)
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:120)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
这是我在 UsernamePasswordAuthenticationFilter.java 中拥有空指针的代码
return this.getAuthenticationManager().authenticate(authRequest);
此外,我可以在调试器中看到下一个信息
contextBeforeChainExecution = {SecurityContextImpl@5989} "org.springframework.security.core.context.SecurityContextImpl@ffffffff: Null authentication"
authentication = null
有人知道我做错了什么吗?谢谢!!
最佳答案
您已使用 new 添加了过滤器:
new ExUsernamePasswordAuthenticationFilter()
所以它没有任何 Autowiring 的东西。 这使得 this.getAuthenticationManager() 返回 null。
如果您需要的只是将请求参数传递给属性 - 您不需要扩展 UsernamePasswordAuthenticationFilter。
请注意,您仅添加了过滤器,并未替换它。
关于java - Spring Security Login 中的附加参数,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/45796157/