无法在 OncePerRequestFilter 中注入 bean
Unable to inject bean in OncePerRequestFilter
我无法将 bean 注入我的 OncePerRequestFilter。这是 XHeaderAuthenticationFilter:
@Component
public class XHeaderAuthenticationFilter extends OncePerRequestFilter {
public XHeaderAuthenticationFilter() {
SpringBeanAutowiringSupport.processInjectionBasedOnCurrentContext(this);
}
@Autowired private JwtUtils jwtUtils; // null
@Autowired private UserService userService; // null
@Override
@SneakyThrows
protected void doFilterInternal(
HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) {
String path = request.getRequestURI();
if (new AntPathMatcher().match("/getToken", path)
|| HttpMethod.OPTIONS.name().equalsIgnoreCase(request.getMethod())) {
filterChain.doFilter(request, response);
return;
}
String jwt = parseJwt(request);
jwtUtils.validateJwtToken(jwt); // NullPointerException here
// ...
filterChain.doFilter(request, response);
}
}
这里是注册部分:
@Bean
public FilterRegistrationBean filterRegistrationBean() {
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
registrationBean.setFilter(new XHeaderAuthenticationFilter());
registrationBean.setEnabled(false);
return registrationBean;
}
我将 enabled 设置为 false,因为过滤器被多次调用。我是 SpringSecurity 的新手,需要深入了解这个概念。我还想添加配置部分,以防万一我在那里做错了什么:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors()
.and()
.csrf()
.disable()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/getToken")
.permitAll()
.anyRequest()
.authenticated()
.and()
.exceptionHandling()
.authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED))
.and()
.addFilterBefore(
new XHeaderAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
}
这个问题有很多修复方法,但 none 对我有用。我不知道我哪里错了。
更新 1
包括 JwtUtils:
@Component
public class JwtUtils {
@Value("${security.jwtSecret}")
private String jwtSecret;
@Value("${security.jwtExpirationMs}")
private int jwtExpirationMs;
public String getJWTToken(String username) {}
public boolean validateJwtToken(String authToken) {}
public Claims getAllClaimsFromToken(String token) {}
}
和用户服务:
@Service
public class UserServiceImpl implements UserService {
@Autowired private UserRepository userRepository;
@Override
public User saveUser(UserModel userModel) {}
@Override
public UserModel findUserByEmail(String email) {}
@Override
public UserListViewResponse findAllUsers(Specification<User> userSpecification, Pageable paging) {}
@Override
public UserModel deleteUser(String email) {}
private UserListViewResponse populateUserListViewResponse(Page<User> pagedResult) {}
private List<User> filterAdmins(List<User> userEntityList) {}
你在 FilterRegistrationBean 中注册 XHeaderAuthenticationFilter 的方式导致了问题,因为你自己创建了 XHeaderAuthenticationFilter 与 new 而不是 Spring 与所有解析 DI 东西.像这样更改您的代码:
@Autowired
XHeaderAuthenticationFilter xHeaderAuthenticationFilter;
@Bean
public FilterRegistrationBean filterRegistrationBean() {
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
registrationBean.setFilter(xHeaderAuthenticationFilter);
return registrationBean;
}
如果您想使用 addFilterBefore
注册 XHeaderAuthenticationFilter,同样适用
我无法将 bean 注入我的 OncePerRequestFilter。这是 XHeaderAuthenticationFilter:
@Component
public class XHeaderAuthenticationFilter extends OncePerRequestFilter {
public XHeaderAuthenticationFilter() {
SpringBeanAutowiringSupport.processInjectionBasedOnCurrentContext(this);
}
@Autowired private JwtUtils jwtUtils; // null
@Autowired private UserService userService; // null
@Override
@SneakyThrows
protected void doFilterInternal(
HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) {
String path = request.getRequestURI();
if (new AntPathMatcher().match("/getToken", path)
|| HttpMethod.OPTIONS.name().equalsIgnoreCase(request.getMethod())) {
filterChain.doFilter(request, response);
return;
}
String jwt = parseJwt(request);
jwtUtils.validateJwtToken(jwt); // NullPointerException here
// ...
filterChain.doFilter(request, response);
}
}
这里是注册部分:
@Bean
public FilterRegistrationBean filterRegistrationBean() {
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
registrationBean.setFilter(new XHeaderAuthenticationFilter());
registrationBean.setEnabled(false);
return registrationBean;
}
我将 enabled 设置为 false,因为过滤器被多次调用。我是 SpringSecurity 的新手,需要深入了解这个概念。我还想添加配置部分,以防万一我在那里做错了什么:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors()
.and()
.csrf()
.disable()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/getToken")
.permitAll()
.anyRequest()
.authenticated()
.and()
.exceptionHandling()
.authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED))
.and()
.addFilterBefore(
new XHeaderAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
}
这个问题有很多修复方法,但 none 对我有用。我不知道我哪里错了。
更新 1
包括 JwtUtils:
@Component
public class JwtUtils {
@Value("${security.jwtSecret}")
private String jwtSecret;
@Value("${security.jwtExpirationMs}")
private int jwtExpirationMs;
public String getJWTToken(String username) {}
public boolean validateJwtToken(String authToken) {}
public Claims getAllClaimsFromToken(String token) {}
}
和用户服务:
@Service
public class UserServiceImpl implements UserService {
@Autowired private UserRepository userRepository;
@Override
public User saveUser(UserModel userModel) {}
@Override
public UserModel findUserByEmail(String email) {}
@Override
public UserListViewResponse findAllUsers(Specification<User> userSpecification, Pageable paging) {}
@Override
public UserModel deleteUser(String email) {}
private UserListViewResponse populateUserListViewResponse(Page<User> pagedResult) {}
private List<User> filterAdmins(List<User> userEntityList) {}
你在 FilterRegistrationBean 中注册 XHeaderAuthenticationFilter 的方式导致了问题,因为你自己创建了 XHeaderAuthenticationFilter 与 new 而不是 Spring 与所有解析 DI 东西.像这样更改您的代码:
@Autowired
XHeaderAuthenticationFilter xHeaderAuthenticationFilter;
@Bean
public FilterRegistrationBean filterRegistrationBean() {
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
registrationBean.setFilter(xHeaderAuthenticationFilter);
return registrationBean;
}
如果您想使用 addFilterBefore
XHeaderAuthenticationFilter,同样适用