我在Kotlin与Spring上的应用程序有SecurityConfig。因此,当我尝试验证时,我得到java.lang.StackOverflowError: null。我发现当运行以下命令时它会返回:
authenticationManager.authenticate(new
UsernamePasswordAuthenticationToken(authRequest.getUsername(), authRequest.getPassword()));
这是我的配置。
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
class SecurityConfig() : WebSecurityConfigurerAdapter() {
@Override
override fun configure(http: HttpSecurity) {
http
.csrf().disable()
}
@Bean
fun passwordEncoder(): BCryptPasswordEncoder? = BCryptPasswordEncoder()
@Override
@Bean
override fun authenticationManagerBean(): AuthenticationManager =
super.authenticationManagerBean()
}
java.lang.StackOverflowError: null
at java.base/java.lang.String.equals(String.java:1827) ~[na:na]
at org.springframework.util.ReflectionUtils.isEqualsMethod(ReflectionUtils.java:514) ~[spring-core-5.3.12.jar:5.3.12]
at org.springframework.aop.support.AopUtils.isEqualsMethod(AopUtils.java:151) ~[spring-aop-5.3.12.jar:5.3.12]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:167) ~[spring-aop-5.3.12.jar:5.3.12]
at jdk.proxy2/jdk.proxy2.$Proxy99.authenticate(Unknown Source) ~[na:na]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:201) ~[spring-security-core-5.5.3.jar:5.5.3]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:510) ~[spring-security-config-5.5.3.jar:5.5.3]
at jdk.internal.reflect.GeneratedMethodAccessor50.invoke(Unknown Source) ~[na:na]
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
at java.base/java.lang.reflect.Method.invoke(Method.java:568) ~[na:na]
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344) ~[spring-aop-5.3.12.jar:5.3.12]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:208) ~[spring-aop-5.3.12.jar:5.3.12]
at jdk.proxy2/jdk.proxy2.$Proxy99.authenticate(Unknown Source) ~[na:na]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:201) ~[spring-security-core-5.5.3.jar:5.5.3]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:510) ~[spring-security-config-5.5.3.jar:5.5.3]
at jdk.internal.reflect.GeneratedMethodAccessor50.invoke(Unknown Source) ~[na:na]
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
at java.base/java.lang.reflect.Method.invoke(Method.java:568) ~[na:na]
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344) ~[spring-aop-5.3.12.jar:5.3.12]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:208) ~[spring-aop-5.3.12.jar:5.3.12]
at jdk.proxy2/jdk.proxy2.$Proxy99.authenticate(Unknown Source) ~[na:na]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:201) ~[spring-security-core-5.5.3.jar:5.5.3]
我发现了很多同样的问题,但没有一个对我有帮助。问题在哪里?相同的配置在Java上可以正常工作
所以,我的问题解决了。基本的authenticationManager检查用户名和密码
fun createAuthToken(@RequestBody authRequest: JwtRequest): ResponseEntity<Any?> {
try {
authenticationManager.authenticate(
UsernamePasswordAuthenticationToken(
authRequest.username,
authRequest.password
))
所以authenticationManager必须知道如何检查用户名和密码。我们应该在UserService中重写特殊方法loadUserByUsername,让UserService像这样扩展UserDetailsService/
enter code here
@Override
@Transactional
override fun loadUserByUsername(username: String): UserDetails {
val user: User = findByUsername(username) ?: throw
UsernameNotFoundException(("User ${username} not found"))
return org.springframework.security.core.userdetails.User(
user.userName,
user.password,
mapRolesToAuthorities(user.getRoles())
)}