Java Spring security userdetails:org.springframework.security.authentication.DisabledException
我尝试使用spring引导、oauth2和spring安全性执行登录过程。我实现了一个定制的userdetails服务 代码如下:Java Spring security userdetails:org.springframework.security.authentication.DisabledException,java,spring,spring-security,spring-boot,spring-oauth2,Java,Spring,Spring Security,Spring Boot,Spring Oauth2,我尝试使用spring引导、oauth2和spring安全性执行登录过程。我实现了一个定制的userdetails服务 代码如下: @Service("customUserDetailsService") public class CustomUserDetailsService implements UserDetailsService { private final UserService userService; @Autowired public Custom
@Service("customUserDetailsService")
public class CustomUserDetailsService implements UserDetailsService {
private final UserService userService;
@Autowired
public CustomUserDetailsService(UserService userService) {
this.userService = userService;
}
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user = userService.findByUsername(username);
if (user == null)
throw new UsernameNotFoundException(String.format("User %s does not exist!", username));
return new UserRepositoryUserDetails(user);
}
private final static class UserRepositoryUserDetails extends User implements UserDetails {
private static final long serialVersionUID = 1L;
private UserRepositoryUserDetails(User user) {
super(user);
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return getRoles();
}
// another methods
@Override
public boolean isEnabled() { return super.isEnabled(); }
}
}
安全配置:
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private CustomUserDetailsService customUserDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(customUserDetailsService);
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
@Configuration
@EnableAuthorizationServer
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
@Bean(name = "tokenStore")
public TokenStore tokenStore() {
return new InMemoryTokenStore();
}
@Autowired
private CustomUserDetailsService customUserDetailsService;
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.tokenStore(tokenStore())
.authenticationManager(authenticationManager)
.userDetailsService(customUserDetailsService);
}
以及authorizationserver配置的一部分:
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private CustomUserDetailsService customUserDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(customUserDetailsService);
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
@Configuration
@EnableAuthorizationServer
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
@Bean(name = "tokenStore")
public TokenStore tokenStore() {
return new InMemoryTokenStore();
}
@Autowired
private CustomUserDetailsService customUserDetailsService;
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.tokenStore(tokenStore())
.authenticationManager(authenticationManager)
.userDetailsService(customUserDetailsService);
}
下面是错误日志:
type=AUTHENTICATION_FAILURE, data={type=org.springframework.security.authentication.DisabledException, message=User is disabled}]
[2016-08-25 09:23:17.774] boot - 21158 INFO [http-nio-8443-exec-1] --- TokenEndpoint: Handling error: InvalidGrantException, User is disabled
[2016-08-25 09:23:17.832] boot - 21158 DEBUG [http-nio-8443-exec-1] --- OrderedRequestContextFilter: Cleared thread-bound request context: org.apache.catalina.connector.RequestFacade@6ea0e0af
[2016-08-25 09:23:17.837] boot - 21158 ERROR [http-nio-8443-exec-4] --- EndpointsAuthentification: org.springframework.web.client.HttpClientErrorException: 400 Bad Request
[2016-08-25 09:23:17.839] boot - 21158 DEBUG [http-nio-8443-exec-4] --- OrderedRequestContextFilter: Cleared thread-bound request context: org.apache.catalina.connector.RequestFacade@4afe7f7
[2016-08-25 09:23:17.840] boot - 21158 ERROR [http-nio-8443-exec-4] --- [dispatcherServlet]: Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is java.lang.NullPointerException] with root cause
java.lang.NullPointerException
at com.x.server.controller.LoginController.login(LoginController.java:76)
但我确信,用户帐户已启用。对user.isEnabled的调用返回true,但框架无法检测到它
有什么想法吗?
欢呼当
UserDetails
的isEnabled()方法返回false
时,数据库中的enabled字段可能是null或false当org.springframework.security.authentication.DisabledException
时抛出
在您的实现中,User User=userService.findByUsername(用户名)customuserdetails服务中的code>正在从数据库中获取一个用户,该用户的已启用
属性为false
。
找到一种方法将其更改为true
在userdetailsiml
类中,isEnabled
必须返回true
@Override
public boolean isEnabled() {
return true;
}
你能发布用户代码吗?