Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/java/352.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181

Warning: file_get_contents(/data/phpspider/zhask/data//catemap/4/powerbi/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java Spring-security@PreAuthorize-NullPointerException。为什么?_Java_Spring_Spring Security_Nullpointerexception - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java Spring-security@PreAuthorize-NullPointerException。为什么?

Java Spring-security@PreAuthorize-NullPointerException。为什么?

java spring spring-security

Java Spring-security@PreAuthorize-NullPointerException。为什么?,java,spring,spring-security,nullpointerexception,Java,Spring,Spring Security,Nullpointerexception,我试图实现对用户在控制器中角色的检查,这样当用户调用特定的web地址时,他就可以访问(或不访问)页面 因此,我将@PreAuthorize(“hasPermission…”)放在控制器的一个方法中,并创建了自定义的*PermissionEvaluator*。它将两个字符串作为参数(实体名称-字符串,权限名称-字符串),稍后我将从用户的角色对象中获取这些参数。出于测试目的,它总是返回true 问题:在放置@PreAuthorize时,我总是得到一个NullPointerException。您能解释

我试图实现对用户在控制器中角色的检查,这样当用户调用特定的web地址时,他就可以访问(或不访问)页面

因此,我将@PreAuthorize(“hasPermission…”)放在控制器的一个方法中,并创建了自定义的*PermissionEvaluator*。它将两个字符串作为参数(实体名称-字符串,权限名称-字符串),稍后我将从用户的角色对象中获取这些参数。出于测试目的,它总是返回true

问题:在放置@PreAuthorize时,我总是得到一个NullPointerException。您能解释一下我做错了什么吗

控制器

@RequestMapping(value = "goal/new", method = RequestMethod.GET)
@PreAuthorize("hasPermission('GOAL', 'WRITE')")
public String add (Model model,  RedirectAttributes redirect) {
   User user = AuthUtils.getCurrentUser();
   Goal goal = new Goal();
   Set<Unit> units = unitService.getUnitsByRole(user.getRoles());
   model.addAttribute("goal", goal);
   model.addAttribute("units", units);
return WEB_FORM_URL;
}

@Component
public class CustomPermissionEvaluator implements PermissionEvaluator {
    @Override
    public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) {
        System.out.println("Permission eveluator: called");
        boolean permissionGranted = true;
        return permissionGranted;
    }

    @Override
    public boolean hasPermission(Authentication authentication, Serializable serializable, String targetType,
                                 Object permission) {
        return false;
    }
}
全局方法安全配置

@Configuration
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true, jsr250Enabled = true, proxyTargetClass = true)
public class CustomMethodSecurityConfig extends GlobalMethodSecurityConfiguration {

    @Autowired
    CustomPermissionEvaluator permissionEvaluator;

    @Bean
    public MethodSecurityExpressionHandler methodSecurityExpressionHandler() {
        DefaultMethodSecurityExpressionHandler handler = new DefaultMethodSecurityExpressionHandler();
        handler.setPermissionEvaluator(permissionEvaluator);
        return handler;
    }
}
Errorstack

java.lang.NullPointerException: null
    at org.springframework.security.access.expression.SecurityExpressionRoot.hasPermission(SecurityExpressionRoot.java:177) ~[spring-security-core-5.1.4.RELEASE.jar:5.1.4.RELEASE]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_201]
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_201]
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_201]
    at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_201]
    at org.springframework.expression.spel.support.ReflectiveMethodExecutor.execute(ReflectiveMethodExecutor.java:130) ~[spring-expression-5.1.5.RELEASE.jar:5.1.5.RELEASE]
    at org.springframework.expression.spel.ast.MethodReference.getValueInternal(MethodReference.java:138) ~[spring-expression-5.1.5.RELEASE.jar:5.1.5.RELEASE]
    at org.springframework.expression.spel.ast.MethodReference.getValueInternal(MethodReference.java:94) ~[spring-expression-5.1.5.RELEASE.jar:5.1.5.RELEASE]
    at org.springframework.expression.spel.ast.SpelNodeImpl.getTypedValue(SpelNodeImpl.java:114) ~[spring-expression-5.1.5.RELEASE.jar:5.1.5.RELEASE]
    at org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:300) ~[spring-expression-5.1.5.RELEASE.jar:5.1.5.RELEASE]
    at org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:26) ~[spring-security-core-5.1.4.RELEASE.jar:5.1.4.RELEASE]
    at org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice.before(ExpressionBasedPreInvocationAdvice.java:59) ~[spring-security-core-5.1.4.RELEASE.jar:5.1.4.RELEASE]
我不是100%确定,但是您能否更改CustomMethodSecurityConfig中的方法签名,以实际覆盖GlobalMethodSecurityConfiguration中的正确方法

所以

而不是

  @Bean
    public MethodSecurityExpressionHandler methodSecurityExpressionHandler() {
将“@Override”添加到public MethodSecurityExpressionHandler而不是“@Bean”。现在我得到一个错误“method不重写或实现来自超类型的方法”。是的,因为您还需要更改方法名称以匹配。请确保将其称为“createExpressionHandler”有效。谢谢! 
  @Bean
    public MethodSecurityExpressionHandler methodSecurityExpressionHandler() {