尝试验证用户时发生内部错误

问题描述 投票:0回答:1

我创建了UserDetailsS​​erviceImpl。在这里,我获得了该用户的用户名和角色。但我无法理解问题所在。我在数据库中尝试过sql查询。

security config.Java

@EnableWebSecurity
@ComponentScan("com")
public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired
private UserDetailsService userDetailsService;

@Bean
public BCryptPasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder();
};

@Autowired
protected void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
    auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}


@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/login", "/", "/veteriner").permitAll().antMatchers("/**")
            .hasRole("ADMIN").and().formLogin().loginPage("/login").defaultSuccessUrl("/login/login-status-success")
            .failureUrl("/login/login-status-error").permitAll().usernameParameter("username")
            .passwordParameter("password").and().logout().logoutSuccessUrl("/logout-success")
            .invalidateHttpSession(true).permitAll().and().csrf();
}

login controller.Java

 @Controller
 @RequestMapping(value = "/login", method = RequestMethod.GET)
 public class LoginController {

 @GetMapping
 public ModelAndView home() throws Exception {
    ModelAndView mv = new ModelAndView();
    mv.setViewName("login");
    return mv;
}

@RequestMapping(path="/login-status-error",method = RequestMethod.GET)
@ResponseBody
public ModelAndView erorLogin() throws Exception {
    ModelAndView mv = new ModelAndView();
    mv.setViewName("main");
    return mv;
}

@RequestMapping(path="/login-status-succes",method = RequestMethod.GET)
@ResponseBody
public ModelAndView succesLogin() throws Exception {
    ModelAndView mv = new ModelAndView();
    mv.setViewName("veteriner");
    return mv;
}

}

@Service("userDetailsService")
public class UserDetailsServiceImpl implements UserDetailsService {

@Autowired
private UserService userService;

@Transactional(readOnly = true)
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {

    com.model.User user = userService.findByUsername(username);
    if (user == null) {
        throw new UsernameNotFoundException("User not found.");
    }

    User securityUser = new User(user.getUsername(), user.getPassword(), true, true, true, true,
            buildUserAuthority(user.getUserRoles()));
    return securityUser;
}

private List<GrantedAuthority> buildUserAuthority(List<User_role> userRoles) {
    Set<GrantedAuthority> setAuths = new HashSet<GrantedAuthority>();

    for (User_role userRole : userRoles) {
        setAuths.add(new SimpleGrantedAuthority(userRole.getRole().getRoleName()));
    }

    List<GrantedAuthority> results = new ArrayList<GrantedAuthority>(setAuths);
    return results;
}

选择user0_.id为id1_6_,user0_.email为email2_6_,user0_.password为password3_6_,user0_.username为username4_6_ from public。“User”user0_ where user0_.username =? 16:37:16.930 [http-nio-8186-exec-12]错误org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - 尝试验证用户时发生内部错误。 org.springframework.security.authentication.InternalAuthenticationServiceException:java.util.ArrayList无法在org.springframework.security.authentication.dao.DaoAuthenticationProvider.retrieveUser(DaoAuthenticationProvider.java:123)〜[spring-security]中强制转换为com.model.User -core-5.1.4.RELEASE.jar:5.1.4.RELEASE]在org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:144)〜[spring-security-core-5.1.4。 RELEASE.jar:5.1.4.RELEASE]在org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:175)〜[spring-security-core-5.1.4.RELEASE.jar:5.1.4.RELEASE在org.springframework.security.wecurity.web上的org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:200)〜[spring-security-core-5.1.4.RELEASE.jar:5.1.4.RELEASE] .authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java :94)〜[spring-security-web-5.1.4.RELEASE.jar:5.1.4.RELEASE] org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)[spring-security] -web-5.1.4.RELEASE.jar:5.1.4.RELEASE] at org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:334)[spring-security-web-5.1.4.RELEASE .jar:5.1.4.RELEASE]在org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)[spring-security-web-5.1.4.RELEASE.jar:5.1.4 .RELEASE] org.springframework上的org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:334)[spring-security-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]。 security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:124)[spring-security-web-5.1.4.RELEASE.jar:5.1.4.RELEASE] org.springframework.web.filter.OncePerRequestFilter.doFilter( OncePerRequestFilter.java:107)[spring-web-5.1.4。 RELEASE.jar:5.1.4.RELEASE]在org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:334)[spring-security-web-5.1.4.RELEASE.jar:5.1.4。发布org.springframework.web上的org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:74)[spring-security-web-5.1.4.RELEASE.jar:5.1.4.RELEASE] .filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)[spring-web-5.1.4.RELEASE.jar:5.1.4.RELEASE] org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java) :334)[spring-security-web-5.1.4.RELEASE.jar:5.1.4.RELEASE] org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)[spring-security- web-5.1.4.RELEASE.jar:5.1.4.RELEASE]在org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:334)[spring-security-web-5.1.4.RELEASE。 jar:5.1.4.RELEASE] at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)org.springframework上的[spring-security-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]。 web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)[spring-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]在org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy。 java:334)[org.springframework.security.web.FilterChainProxy.doFilterInternal([...] Spring- security-web -5.1.4.RELEASE.jar:5.1.4.RELEASE]在org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)[spring-security-web-5.1.4.RELEASE.jar:5.1 .4.RELEASE]在org.springframework.web的org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357)[spring-web-5.1.4.RELEASE.jar:5.1.4.RELEASE]。 filter.DelegatingFilterProxy .doFilter(DelegatingFilterProxy.java:270)[spring-web-5.1.4.RELEASE.jar:5.1.4.RELEASE] org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)[catalina。 jar:9.0.16] org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)[catalina.jar:9.0.16] at org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter .java:71)[log4j-web-2.11.1.jar:2.11.1] org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)[catalina.jar:9.0.16] at org .apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)[catalina.jar:9.0.16] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:200)[catalina.jar: 9.0.16] org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)[catalina.jar:9.0.16] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490 )[catalina.ja r:9.0.16] org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)[catalina.jar:9.0.16] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java :92)[catalina.jar:9.0.16] org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:668)[catalina.jar:9.0.16] at org.apache.catalina.core.StandardEngineValve .invoke(StandardEngineValve.java:74)[catalina.jar:9.0.16]在org.apache的org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)[catalina.jar:9.0.16] .coyote.http11.Http11Processor.service(Http11Processor.java:408)[tomcat-coyote.jar:9.0.16] at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)[tomcat-coyote.jar: 9.0.16] org.apache.coyote.AbstractProtocol $ ConnectionHandler.process(AbstractProtocol.java:834)[tomcat-coyote.jar:9.0.16] at org.apache.tomcat.util.net.NioEndpoint $ SocketProcessor.doRun (NioEndpoint.java:1415)[tomcat-coyote.jar:9.0.16] org.apache.t omcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)[tomcat-coyote.jar:9.0.16] at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)[?:1.8.0_202] at java .util.concurrent.ThreadPoolExecutor $ Worker.run(未知来源)[?:1.8.0_202] at org.apache.tomcat.util.threads.TaskThread $ WrappingRunnable.run(TaskThread.java:61)[tomcat-util.jar java.lang.Thread.run上的:9.0.16](未知来源)[?:1.8.0_202]引起:java.lang.ClassCastException:java.util.ArrayList无法在com处转换为com.model.User。 dao.UserDaoImpl.findByUsername(UserDaoImpl.java:23)〜[classes /:?] at com.service.UserServiceImpl.findByUsername(UserServiceImpl.java:26)〜[classes /:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(本地方法)〜[?:1.8.0_202] at sun.reflect.NativeMethodAccessorImpl.invoke(未知来源)〜[?:1.8.0_202] at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)〜[?:1.8.0_202在org.springfram的java.lang.reflect.Method.invoke(未知来源)〜[?:1.8.0_202] org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation)中的ework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343)〜[spring-aop-5.1.4.RELEASE.jar:5.1.4.RELEASE] .java:198)〜[spring-aop-5.1.4.RELEASE.jar:5.1.4.RELEASE] org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)〜[spring-aop- 5.1.4.RELEASE.jar:5.1.4.RELEASE]在org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:294)〜[spring-tx-5.1.4.RELEASE.jar:5.1.4 .RELEASE] org.springframework.aop.framework上的org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:98)〜[spring-tx-5.1.4.RELEASE.jar:5.1.4.RELEASE] .ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)〜[spring-aop-5.1.4.RELEASE.jar:5.1.4.RELEASE] org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicA) com.com。在com.sun.proxy上的#Prompxy.java:212)〜[spring-aop-5.1.4.RELEASE.jar:5.1.4.RELEASE]。$ Proxy238.findByUsername(未知来源)〜[?:?]在com。 service.UserDetailsS​​erviceImpl.loadUserByUsername(UserDetailsS​​erviceImpl.java:29)〜[classes /:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)〜[?:1.8.0_202] at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source )〜[?:1.8.0_202] at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)〜[?:1.8.0_202] at java.lang.reflect.Method.invoke(Unknown Source)〜[?:1.8.0_202 ] org.springframework.aop.uop.frame.ReoplectiveMethodInvocation org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343)〜[spring-aop-5.1.4.RELEASE.jar:5.1.4.RELEASE] orin.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)〜[在组织中的spring-aop-5.1.4.RELEASE.jar:5.1.4.RELEASE] .springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:294)〜[spring-tx-5.1.4.RELEASE.jar:5.1.4.RELEASE] org.springframework.transaction.interceptor.TransactionInterceptor.invoke(在Org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)〜[spring-aop]的TransactionInterceptor.java:98)〜[spring-tx-5.1.4.RELEASE.jar:5.1.4.RELEASE] -5.1.4.RELEASE.jar:5.1.4.RELEASE]在org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)〜[spring-aop-5.1.4.RELEASE.jar:5.1。 4.RELEASE] at com.sun.proxy。$ Proxy239.loadUserByUsername(Unknown Source)〜[?:?] org.springframework.security.authentication.dao.DaoAuthenticationProvider.retrieveUser(DaoAuthenticationProvider.java:108)~ [spring- security-core-5.1.4.RELEASE.jar:5.1.4.RELEASE] ......还有45个

java spring security login
1个回答
0
投票

对我来说有太多关注,但我认为只是你不能在同一个类中创建和注入相同的bean。

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private UserDetailsService userDetailsService;

    @Bean
    public UserDetailsService userDetailsService() {...}
}

不行。想想看,你需要UserDetailsService创建一个应该创建UserDetailsService的类。那会怎么样?

你可以这样做:

@EnableWebSecurity
@ComponentScan("com")
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean
    public UserDetailsService userDetailsService() {
        return super.userDetailsService();
    }

    @Bean
    public DaoAuthenticationProvider getDaoAuthenticationProvider() {
        DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
        //call the userDetailsService() method here
        authProvider.setUserDetailsService(userDetailsService());
        authProvider.setPasswordEncoder(this.passwordEncoder());
        return authProvider;
    }

    ...

}

虽然这看起来很奇怪,但它做得对。 Spring代理所有方法调用,所以当你看似直接调用userDetailsService()时,它实际上会注入相应的bean。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.