我正在使用Spring版本4的基于Spring MVC的应用程序。我正在尝试使用Apache Shiro作为安全框架。我已经在我的应用程序中实现了授权领域,但是当我尝试登录时,我得到了java.lang.NullPointerException错误。我的代码如下:
@Component
public class CustomSecurCustomSecurityRealmityRealm extensions AuthorizingRealm {
@Autowired
UserService userService;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
Set<String> roles = new HashSet<>();
Collection<org.apache.shiro.authz.Permission> permissions = new HashSet<>();
String username = (String) principals.getPrimaryPrincipal();
User user = userService.findByEmail(username);
if (user == null)
throw new UnknownAccountException();
for (Role role : user.getRole()) {
roles.add(role.getName());
for (Iterator<Permission> iterator = role.getPermissions().iterator(); iterator.hasNext();) {
Permission permission = iterator.next();
permissions.add(new WildcardPermission(permission.getName()));
}
}
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
authorizationInfo.setRoles(roles);
authorizationInfo.addObjectPermissions(permissions);
return authorizationInfo;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
UsernamePasswordToken upat = (UsernamePasswordToken) token;
User user = userService.findByEmail(upat.getUsername());
if (user != null && user.getPasswordHash().equals(new String(upat.getPassword()))) {
return new SimpleAuthenticationInfo(user, user.getPasswordHash(), getName());
} else {
throw new AuthenticationException("Invalid username/password!");
}
}
}
@Configuration如下:
@Bean
public WebSecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(new CustomSecurityRealm());
return securityManager;
}
@Bean
public static LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
@Bean
public MethodInvokingFactoryBean methodInvokingFactoryBean() {
MethodInvokingFactoryBean methodInvokingFactoryBean = new MethodInvokingFactoryBean();
methodInvokingFactoryBean.setStaticMethod("org.apache.shiro.SecurityUtils.setSecurityManager");
methodInvokingFactoryBean.setArguments(new Object[] { securityManager() });
return methodInvokingFactoryBean;
}
@Bean
@DependsOn(value = "lifecycleBeanPostProcessor")
public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
return new DefaultAdvisorAutoProxyCreator();
}
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor() {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager());
return authorizationAttributeSourceAdvisor;
}
@Bean
public ShiroFilterFactoryBean shiroFilterBean() {
ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
Map<String, String> definitionsMap = new HashMap<>();
definitionsMap.put("/auth/signIn", DefaultFilter.anon.name());
definitionsMap.put("/auth/login", DefaultFilter.anon.name());
definitionsMap.put("/home/index", "authc");
shiroFilter.setFilterChainDefinitionMap(definitionsMap);
shiroFilter.setLoginUrl("/auth/login");
shiroFilter.setSuccessUrl("/home/index");
shiroFilter.setSecurityManager(securityManager());
return shiroFilter;
}
任何人请帮助我,为什么用户服务用户服务得到空并抛出空指针异常
看看 Shiro 弹簧引导模块: https://github.com/apache/shiro/tree/master/support/spring-boot/spring-boot-starter/src/main/java/org/apache/shiro/spring/boot/autoconfigure