我不知道为什么这个应用程序没有开始显示这个错误。我试着使用Spring Security和JWT。
2020-Feb-17 12:29:07 PM [main] INFO org.springframework.aop.framework.CglibAopProxy - Unable to proxy interface-implementing method [public final void org.springframework.web.filter.OncePerRequestFilter.doFilter(javax.servlet.ServletRequest,javax.servlet.ServletResponse,javax.servlet.FilterChain) throws javax.servlet.ServletException,java.io.IOException] because it is marked as final: Consider using interface-based JDK proxies instead!
2020-Feb-17 12:29:07 PM [main] INFO org.springframework.aop.framework.CglibAopProxy - Unable to proxy interface-implementing method [public final void org.springframework.web.filter.GenericFilterBean.init(javax.servlet.FilterConfig) throws javax.servlet.ServletException] because it is marked as final: Consider using interface-based JDK proxies instead!
2020-Feb-17 12:29:07 PM [main] ERROR org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/] - Exception starting filter [jwtRequestFilter]
java.lang.NullPointerException: null
at org.springframework.web.filter.GenericFilterBean.init(GenericFilterBean.java:241) ~[spring-web-5.2.2.RELEASE.jar:5.2.2.RELEASE]
at org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:270) ~[tomcat-embed-core-9.0.29.jar:9.0.29]
at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:106) ~[tomcat-embed-core-9.0.29.jar:9.0.29]
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4533) [tomcat-embed-core-9.0.29.jar:9.0.29]
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5172) [tomcat-embed-core-9.0.29.jar:9.0.29]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) [tomcat-embed-core-9.0.29.jar:9.0.29]
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1384) [tomcat-embed-core-9.0.29.jar:9.0.29]
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1374) [tomcat-embed-core-9.0.29.jar:9.0.29]
at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) [tomcat-embed-core-9.0.29.jar:9.0.29]
at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:140) [?:?]
at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:909) [tomcat-embed-core-9.0.29.jar:9.0.29]
at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:841) [tomcat-embed-core-9.0.29.jar:9.0.29]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) [tomcat-embed-core-9.0.29.jar:9.0.29]
这是筛选代码。我不明白它出了什么问题。应用程序在加载时出现了与安全过滤器相关的空指针异常。
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
final String requestTokenHeader = request.getHeader("Authorization");
String email = null;
String jwtToken = null;
if (requestTokenHeader != null && requestTokenHeader.startsWith("FC ")) {
jwtToken = requestTokenHeader.replace("FC ", "");
try {
email = jwtTokenUtil.getEmailFromToken(jwtToken);
} catch (IllegalArgumentException e) {
System.out.println("Unable to get JWT Token");
} catch (ExpiredJwtException e) {
System.out.println("JWT Token has expired");
}
} else {
logger.warn("JWT Token does not begin with FC String");
}
if (email != null && SecurityContextHolder.getContext().getAuthentication() == null) {
UserDetails userDetails = this.jwtUserDetailsService.loadUserByUsername(email);
if (jwtTokenUtil.validateToken(jwtToken, userDetails)) {
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(
userDetails, null, userDetails.getAuthorities());
usernamePasswordAuthenticationToken
.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
}
}
chain.doFilter(request, response);
}
@更新
添加了添加过滤器的方法。
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.csrf().disable()
.authorizeRequests().antMatchers("/service/**").permitAll()
.anyRequest().authenticated().and()
.exceptionHandling().authenticationEntryPoint(jwtAuthenticationEntryPoint)
.and().sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
httpSecurity.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
}
我面临着完全相同的问题,那就是我的应用程序中的spring-aop配置。我添加了一个切入点来排除GenricFilterBean类的实现,一切似乎都很好。
我遇到了同样的问题,我用这种方式解决了它:
1-创建自定义注释:
@Target(ElementType.METHOD)
public @interface NoLogging
{
}
2-注释doFilterInternal
@Override
@NoLogging
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
3-从AOP中排除使用此注释注释的方法:
@Before(value = "execution(* com.company..*..*(..)) && !@annotation(com.company.aop.NoLogging)")
public void logEntry(JoinPoint joinPoint)
这里的游戏有点晚,但我只是遇到了同样的例外。线索是位于空指针和Generic Filter异常上方的INFO中的CGLIB代理。你这里有@Transactional吗?您是否围绕这些方法定义了任何事务功能?我的doFilterInternal上有@Transactional。删除@Transactional解决了我的问题。
我遇到这个问题是因为没有用FilterRegistrationBean注册Filter。在这个错误消失之后。https://www.techiedelight.com/how-to-define-custom-filters-spring-boot-application/第二种情况
我在这里可能有点晚了,但我也遇到了这个问题,并且能够调试它发生的实际原因。Spring AOP通过扩展创建代理,我们在GenericFilterBean 中定义了init()
public final void init(FilterConfig filterConfig) throws ServletException {
...
}
由于init方法被定义为final,并且final方法和类不能扩展,这是创建代理的必要条件。因此,SpringAOP无法为该方法创建适当的代理,并且从代理对象到目标对象的方法调用委派失败,并且它从代理对象返回null值。
简而言之,当您使用SpringAOP时,所有在java中定义为final的类或方法都会出现问题。
因此,像其他用户提到的那样,解决方案是使用AOP切入点排除GenericFilterBean。