我无法将 bean 注入(inject)到我的 OncePerRequestFilter 中。这是XHeaderAuthenticationFilter:
@Component
public class XHeaderAuthenticationFilter extends OncePerRequestFilter {
public XHeaderAuthenticationFilter() {
SpringBeanAutowiringSupport.processInjectionBasedOnCurrentContext(this);
}
@Autowired private JwtUtils jwtUtils; // null
@Autowired private UserService userService; // null
@Override
@SneakyThrows
protected void doFilterInternal(
HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) {
String path = request.getRequestURI();
if (new AntPathMatcher().match("/getToken", path)
|| HttpMethod.OPTIONS.name().equalsIgnoreCase(request.getMethod())) {
filterChain.doFilter(request, response);
return;
}
String jwt = parseJwt(request);
jwtUtils.validateJwtToken(jwt); // NullPointerException here
// ...
filterChain.doFilter(request, response);
}
}
这里是注册部分:
@Bean
public FilterRegistrationBean filterRegistrationBean() {
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
registrationBean.setFilter(new XHeaderAuthenticationFilter());
registrationBean.setEnabled(false);
return registrationBean;
}
我将 enabled 设置为 false,因为过滤器被多次调用。我是 SpringSecurity 的新手,需要更多地了解这个概念。我还想添加配置部分,以防万一我在那里做错了什么:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors()
.and()
.csrf()
.disable()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/getToken")
.permitAll()
.anyRequest()
.authenticated()
.and()
.exceptionHandling()
.authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED))
.and()
.addFilterBefore(
new XHeaderAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
}
针对此问题有很多修复方法,但没有一个对我有用。我不知道我哪里错了。
更新 1
包括 JwtUtils:
@Component
public class JwtUtils {
@Value("${security.jwtSecret}")
private String jwtSecret;
@Value("${security.jwtExpirationMs}")
private int jwtExpirationMs;
public String getJWTToken(String username) {}
public boolean validateJwtToken(String authToken) {}
public Claims getAllClaimsFromToken(String token) {}
}
和用户服务:
@Service
public class UserServiceImpl implements UserService {
@Autowired private UserRepository userRepository;
@Override
public User saveUser(UserModel userModel) {}
@Override
public UserModel findUserByEmail(String email) {}
@Override
public UserListViewResponse findAllUsers(Specification<User> userSpecification, Pageable paging) {}
@Override
public UserModel deleteUser(String email) {}
private UserListViewResponse populateUserListViewResponse(Page<User> pagedResult) {}
private List<User> filterAdmins(List<User> userEntityList) {}
最佳答案
您在 FilterRegistrationBean 中注册 XHeaderAuthenticationFilter 的方式会导致问题,因为您自己使用 new 创建 XHeaderAuthenticationFilter 而不是Spring 包含所有解析 DI 的内容。更改您的代码,例如:
@Autowired
XHeaderAuthenticationFilter xHeaderAuthenticationFilter;
@Bean
public FilterRegistrationBean filterRegistrationBean() {
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
registrationBean.setFilter(xHeaderAuthenticationFilter);
return registrationBean;
}
如果您想使用 addFilterBefore 注册 XHeaderAuthenticationFilter,同样适用
关于java - 无法在 OncePerRequestFilter 中注入(inject) bean,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/71813844/