Spring boot 从Application.Property中定义的属性使用Spring引导筛选器实现在类文件中获取NULL

我正在尝试为application.property中定义的变量执行rest模板和属性注入的一个示例。为此，我创建了一个过滤器实现，如下所示。但是当我访问这个属性时，我得到了如下错误

java.lang.IllegalArgumentException: URI must not be null

我创建了我的过滤器实现代码，如下所示

@Component
public class  CustomSecurityFilter  extends  OncePerRequestFilter implements Filter{

@Value ("${securityTriggerServiceApiUrl}" )
public String triggerUrl;


 @Override
    protected void doFilterInternal(final HttpServletRequest request, final HttpServletResponse response, final FilterChain filterChain) throws ServletException, IOException {

        String authHeaderToken = request.getHeader("authToken");
        System.out.println("token :"+authHeaderToken);
        if(checkAuthenticationByAuthToken(authHeaderToken)) 
            {
                filterChain.doFilter(request, response);
            }
        else
            {
                response.sendError(HttpServletResponse.SC_BAD_REQUEST);
            }
    }
 private static HttpHeaders getApiHeaders(){
        String plainCredentials="${seccurityTriggerEncodingCredential}";
        String base64Credentials = new String(Base64.encodeBase64(plainCredentials.getBytes()));

        HttpHeaders headers = new HttpHeaders();
        headers.add("Authorization", "Basic " + base64Credentials);
        headers.setContentType(MediaType.APPLICATION_JSON);
        return headers;
    }

    public Boolean checkAuthenticationByAuthToken(String authTokenRequest) {

        AuthorizationRequest authApiRequestObj = new AuthorizationRequest();
        authApiRequestObj.auth_token = authTokenRequest;

        RestTemplate restTemplate = new RestTemplate(); 
        HttpEntity<Object> request = new HttpEntity<Object>(authApiRequestObj, getApiHeaders());
        AuthorizationResponse authorizationResponseObj = restTemplate.postForObject(getApiTriggerStringUrl(), request, AuthorizationResponse.class);

        System.out.println("RoleId is :"+authorizationResponseObj.role_id);
        if(authorizationResponseObj.role_id >= 0 ) {
            return true;
        }
        return false;
    }

    public String getApiTriggerStringUrl() {
        return this.triggerUrl;
    }
}

seccurityTriggerEncodingCredential=test:test
securityTriggerServiceApiUrl=http://localhost:8065/test/security/authorizeUser

我的安全配置文件包含如下内容：

@EnableWebSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
       http
        .csrf()
        .disable()
        .addFilterAfter(new CustomSecurityFilter(), BasicAuthenticationFilter.class);
    }

}

---

为什么会出现这样的错误？

问题是在注册筛选器时，您已使用

new

创建了一个新筛选器。因此，配置并不是选择Spring创建的配置。您可以执行以下任一操作-

1） 自动连接配置类中现有的Springbean-

@EnableWebSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private CustomSecurityFilter customSecurityFilter;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
       http
        .csrf()
        .disable()
        .addFilterAfter(customSecurityFilter, BasicAuthenticationFilter.class);
    }

}

您可以直接通过

@Autowired

或通过构造函数以任何方式进行自动布线

2） 第二种方法是自己创建CustomSecurityFilter bean。示例代码与您的代码一致-

a） 不要用

@组件

注释过滤器。删除

@Value

并为您的属性创建一个setter

public class  CustomSecurityFilter  extends  OncePerRequestFilter implements Filter{


public String triggerUrl;

public void setTriggerUrl(String triggerUrl) {
    this.triggerUrl = triggerUrl;
}

 @Override
    protected void doFilterInternal(final HttpServletRequest request, final HttpServletResponse response, final FilterChain filterChain) throws ServletException, IOException {

        String authHeaderToken = request.getHeader("authToken");
        System.out.println("token :"+authHeaderToken);
        if(checkAuthenticationByAuthToken(authHeaderToken)) 
            {
                filterChain.doFilter(request, response);
            }
        else
            {
                response.sendError(HttpServletResponse.SC_BAD_REQUEST);
            }
    }
 private static HttpHeaders getApiHeaders(){
        String plainCredentials="${seccurityTriggerEncodingCredential}";
        String base64Credentials = new String(Base64.encodeBase64(plainCredentials.getBytes()));

        HttpHeaders headers = new HttpHeaders();
        headers.add("Authorization", "Basic " + base64Credentials);
        headers.setContentType(MediaType.APPLICATION_JSON);
        return headers;
    }

    public Boolean checkAuthenticationByAuthToken(String authTokenRequest) {

        AuthorizationRequest authApiRequestObj = new AuthorizationRequest();
        authApiRequestObj.auth_token = authTokenRequest;

        RestTemplate restTemplate = new RestTemplate(); 
        HttpEntity<Object> request = new HttpEntity<Object>(authApiRequestObj, getApiHeaders());
        AuthorizationResponse authorizationResponseObj = restTemplate.postForObject(getApiTriggerStringUrl(), request, AuthorizationResponse.class);

        System.out.println("RoleId is :"+authorizationResponseObj.role_id);
        if(authorizationResponseObj.role_id >= 0 ) {
            return true;
        }
        return false;
    }

    public String getApiTriggerStringUrl() {
        return this.triggerUrl;
    }
}

公共类CustomSecurityFilter扩展OncePerRequestFilter实现筛选器{
公共字符串触发器URL；
公共void setTriggerUrl（字符串triggerUrl）{
this.triggerUrl=triggerUrl；
}
@凌驾
受保护的void doFilterInternal（最终HttpServletRequest请求、最终HttpServletResponse响应、最终FilterChain FilterChain）抛出ServletException、IOException{
字符串authHeaderToken=request.getHeader（“authToken”）；
System.out.println（“令牌：+authHeaderToken”）；
if（检查AuthenticationByAuthToken（authHeaderToken））
{
filterChain.doFilter（请求、响应）；
}
其他的
{
senderError（HttpServletResponse.SC\u BAD\u请求）；
}
}
私有静态HttpHeaders getApiHeaders（）{
字符串plainCredentials=“${seccurityTriggerEncodingCredential}”；
String base64Credentials=新字符串（Base64.encodeBase64（plainCredentials.getBytes（））；
HttpHeaders=新的HttpHeaders（）；
添加（“授权”、“基本”+base64凭证）；
headers.setContentType（MediaType.APPLICATION_JSON）；
返回标题；
}
公共布尔checkAuthenticationByAuthToken（字符串authTokenRequest）{
AuthorizationRequest authApiRequestObj=新的AuthorizationRequest（）；
authApiRequestObj.auth_token=authTokenRequest；
RestTemplate RestTemplate=新RestTemplate（）；
HttpEntity请求=新的HttpEntity（authApiRequestObj，getApiHeaders（））；
AuthorizationResponse authorizationResponseObj=restTemplate.postForObject（getApiTriggerStringUrl（），请求，AuthorizationResponse.class）；
System.out.println（“RoleId是：“+authorizationResponseObj.role\u id”）；
if（authorizationResponseObj.role_id>=0）{
返回true；
}
返回false；
}
公共字符串getApiTriggerStringUrl（）{
返回this.triggerUrl；
}
}

b） 然后，您的配置类将被删除-

@EnableWebSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
       http
        .csrf()
        .disable()
        .addFilterAfter(customSecurityFilter(), BasicAuthenticationFilter.class);
    }

   @Bean
   public CustomSecurityFilter customSecurityFilter() {
       CustomSecurityFilter customSecurityFilter = new CustomSecurityFilter();
       customSecurityFilter.setTriggerUrl(<property value>);
       return customSecurityFilter;
   }

}

@EnableWebSecurity
@配置
公共类SecurityConfig扩展了WebSecurity配置适配器{
@凌驾
受保护的无效配置（HttpSecurity http）引发异常{
http
.csrf（）
.disable（）
.addFilterAfter（customSecurityFilter（），BasicAuthenticationFilter.class）；
}
@豆子
公共CustomSecurityFilter CustomSecurityFilter（）{
CustomSecurityFilter CustomSecurityFilter=新建CustomSecurityFilter（）；
customSecurityFilter.setTriggerUrl（）；
返回customSecurityFilter；
}
}

如果值为

null

则您的筛选器未注册为abean，而只是使用

new

而不是从

@Bean

方法创建。您能否确认您的筛选器是如何在配置中注册的？@Akash-我使用了addFilterAfter方法。我更新了我的问题。这是我的配置文件，如@M.Deinum所述，这就是问题所在。注册筛选器时，您已经创建了一个新筛选器。配置未拾取spring创建的筛选器。有两种方法可以解决这个问题。请检查下面我的答案。谢谢您的回复。这个答案是完美的。我试过这种方法，现在它起作用了。