我想强制执行一个自定义的“/login”endpoint,该endpoint检查oauth-Access令牌并在令牌经过验证后启动会话。
这是我的登录控制器:
@Autowired
private AuthenticationManager authManager;
private final CsrfTokenRepository csrfTokenRepository;
public LoginController() {
this.csrfTokenRepository = new HttpSessionCsrfTokenRepository();
}
@PostMapping("/login")
public String login(HttpServletRequest req, @RequestBody String accessToken) {
System.out.println("login");
try {
NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri("http://myauthserver/auth/realms/infraserv/protocol/openid-connect/certs").build();
Jwt jwt = jwtDecoder.decode(accessToken);
JwtAuthenticationToken authReq = new JwtAuthenticationToken(jwt);
System.out.println("authManager = " + authManager.getClass());
Authentication auth = authManager.authenticate(authReq);
SecurityContext sc = SecurityContextHolder.getContext();
sc.setAuthentication(auth);
HttpSession session = req.getSession(true);
session.setAttribute(SPRING_SECURITY_CONTEXT_KEY, sc);
return "Authenticated :-)";
} catch (IllegalArgumentException e) {
// TODO log
System.err.println(e.getMessage());
return "Not Authenticated!!";
}
}
这是我的WebSecurityConfig:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
HttpSessionCsrfTokenRepository csrfTokenRepository = new HttpSessionCsrfTokenRepository();
http
.csrf().csrfTokenRepository(csrfTokenRepository)
.and()
.authorizeRequests()
.antMatchers(HttpMethod.POST,"/login").permitAll()
.antMatchers(HttpMethod.GET,"/csrf").permitAll()
.anyRequest().authenticated();
}
@Bean
@Override
public AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManagerBean();
}
}
问题是如果我调用“/login/方法,我会得到一个StackOverflow Error。
java.lang.StackOverflowError: null
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:166) ~[spring-security-core-5.5.1.jar:5.5.1]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:524) ~[spring-security-config-5.3.4.RELEASE.jar:5.3.4.RELEASE]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:201) ~[spring-security-core-5.5.1.jar:5.5.1]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:524) ~[spring-security-config-5.3.4.RELEASE.jar:5.3.4.RELEASE]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:201) ~[spring-security-core-5.5.1.jar:5.5.1]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:524) ~[spring-security-config-5.3.4.RELEASE.jar:5.3.4.RELEASE]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:201) ~[spring-security-core-5.5.1.jar:5.5.1]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:524) ~[spring-security-config-5.3.4.RELEASE.jar:5.3.4.RELEASE]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:201) ~[spring-security-core-5.5.1.jar:5.5.1]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:524) ~[spring-security-config-5.3.4.RELEASE.jar:5.3.4.RELEASE]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:201) ~[spring-security-core-5.5.1.jar:5.5.1]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:524) ~[spring-security-config-5.3.4.RELEASE.jar:5.3.4.RELEASE]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:201) ~[spring-security-core-5.5.1.jar:5.5.1]
我已经找到了这一点,并尝试了authenticationManager和authenticationManagerBean的所有组合,但结果都是一样的。
缩短的调试日志:
2021-07-26 14:07:15.050 DEBUG 221222 --- [nio-8080-exec-2] w.c.HttpSessionSecurityContextRepository : Did not store anonymous SecurityContext
2021-07-26 14:07:15.050 DEBUG 221222 --- [io-8080-exec-10] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2021-07-26 14:07:15.045 DEBUG 221222 --- [nio-8080-exec-9] w.c.HttpSessionSecurityContextRepository : Did not store anonymous SecurityContext
2021-07-26 14:07:15.049 DEBUG 221222 --- [nio-8080-exec-1] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2021-07-26 14:07:15.055 DEBUG 221222 --- [nio-8080-exec-9] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2021-07-26 14:07:15.055 DEBUG 221222 --- [nio-8080-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2021-07-26 14:07:15.055 DEBUG 221222 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Secured GET /error
2021-07-26 14:07:15.056 DEBUG 221222 --- [nio-8080-exec-2] w.c.HttpSessionSecurityContextRepository : Did not store anonymous SecurityContext
2021-07-26 14:07:15.056 DEBUG 221222 --- [nio-8080-exec-2] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2021-07-26 14:07:15.057 DEBUG 221222 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : Did not store anonymous SecurityContext
2021-07-26 14:07:15.058 DEBUG 221222 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : Did not store anonymous SecurityContext
2021-07-26 14:07:15.058 DEBUG 221222 --- [nio-8080-exec-1] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2021-07-26 14:07:21.362 DEBUG 221222 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy : Securing POST /login
2021-07-26 14:07:21.362 DEBUG 221222 --- [nio-8080-exec-4] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2021-07-26 14:07:21.363 DEBUG 221222 --- [nio-8080-exec-4] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2021-07-26 14:07:21.364 DEBUG 221222 --- [nio-8080-exec-4] o.s.s.w.a.i.FilterSecurityInterceptor : Authorized filter invocation [POST /login] with attributes [permitAll]
2021-07-26 14:07:21.364 DEBUG 221222 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy : Secured POST /login
login
accessToken = xxxx
authManager = class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator
2021-07-26 14:07:21.672 DEBUG 221222 --- [nio-8080-exec-4] w.c.HttpSessionSecurityContextRepository : Did not store anonymous SecurityContext
2021-07-26 14:07:21.672 DEBUG 221222 --- [nio-8080-exec-4] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2021-07-26 14:07:21.680 ERROR 221222 --- [nio-8080-exec-4] o.a.c.c.C.[.[.[/].[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Handler dispatch failed; nested exception is java.lang.StackOverflowError] with root cause
2021-07-26 14:07:21.695 DEBUG 221222 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy : Securing POST /error
2021-07-26 14:07:21.695 DEBUG 221222 --- [nio-8080-exec-4] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2021-07-26 14:07:21.695 DEBUG 221222 --- [nio-8080-exec-4] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2021-07-26 14:07:21.696 DEBUG 221222 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy : Secured POST /error
2021-07-26 14:07:21.698 DEBUG 221222 --- [nio-8080-exec-4] w.c.HttpSessionSecurityContextRepository : Did not store anonymous SecurityContext
2021-07-26 14:07:21.700 DEBUG 221222 --- [nio-8080-exec-4] w.c.HttpSessionSecurityContextRepository : Did not store anonymous SecurityContext
2021-07-26 14:07:21.700 DEBUG 221222 --- [nio-8080-exec-4] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
这就对了
问题内容: 非常奇怪的错误。我使用的是http://developers.facebook.com/docs/authentication/。所以我创建了对fb的请求并传递redirect_uri。我在本地主机上使用测试站点。所以如果我通过 redirect_uri = http://localhost/test_blog/index.php 它工作正常,但如果我通过 redirect_uri =
我在java中使用play框架(ebean是我的ORM),我有这个类: 我正在尝试使用Gson库对其进行序列化。我试着这么做 但我总是会犯这样的错误: 我读了很多关于这方面的书,我知道在序列化Reservation对象时,可能会在某个地方发生无限循环,但由于该对象与任何其他类没有任何关系,我不明白为什么会发生这种情况。
我正在开发一个混合了传统JSP servlet代码和较新的JSF代码的应用程序。我遇到了一个我无法解决的StackOverlow错误。有没有人见过或经历过类似的事情,可以帮助我在这种混合JSP/JSF应用程序上找到正确的方向? 我很确定JSF框架正在尝试在非JSF页面上做一些事情,并且在JSF框架中陷入了递归循环。我正在集群WebLogic 12.1.3环境中使用JSF 2.1.20。我没有在EA
问题内容: 我是Java的新手。我正在编写一个类,其中构造函数必须检查price参数并确保它不是负数。如果它是负数,则必须将价格设置为零。我检查价格时收到stackoverflow错误。我可以为我做错的事寻求帮助吗? 问题答案: 您的方法将自行调用而不是进行检查。在这种情况下,这导致无限递归。
尝试使用@SpringBootTest注释来运行单元测试时,我从Hibernate得到了这个错误。我能在网上找到的所有信息都说要将“hibernate.id.new_generator_mappings”设置为false,但这并不能解决我的问题。 2017-11-17 13:20:28.885警告11396--[main]O.s.w.cs.GenericWebApplicationContext: