authenticationmanager.authenticate上的stackoverflow错误

von4xj4u  于 2021-09-29  发布在  Java
关注(0)|答案(0)|浏览(1179)

我想弹出一个自定义“/login”端点,该端点检查oauth访问令牌,如果该令牌已验证,则启动会话。
这是我的登录控制器:

@Autowired
private AuthenticationManager authManager;

private final CsrfTokenRepository csrfTokenRepository;

public LoginController() {
    this.csrfTokenRepository = new HttpSessionCsrfTokenRepository();
}

@PostMapping("/login")
public String login(HttpServletRequest req, @RequestBody String accessToken) {
    System.out.println("login");
    try {

        NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri("http://myauthserver/auth/realms/infraserv/protocol/openid-connect/certs").build();
        Jwt jwt = jwtDecoder.decode(accessToken);
        JwtAuthenticationToken authReq = new JwtAuthenticationToken(jwt);
        System.out.println("authManager = " + authManager.getClass());
        Authentication auth = authManager.authenticate(authReq);
        SecurityContext sc = SecurityContextHolder.getContext();
        sc.setAuthentication(auth);
        HttpSession session = req.getSession(true);
        session.setAttribute(SPRING_SECURITY_CONTEXT_KEY, sc);
        return "Authenticated :-)";
    } catch (IllegalArgumentException e) {
        // TODO log
        System.err.println(e.getMessage());
        return "Not Authenticated!!";
    }
}

这是我的网站安全配置:

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        HttpSessionCsrfTokenRepository csrfTokenRepository = new HttpSessionCsrfTokenRepository();
        http
                .csrf().csrfTokenRepository(csrfTokenRepository)
                .and()
                .authorizeRequests()
                .antMatchers(HttpMethod.POST,"/login").permitAll()
                .antMatchers(HttpMethod.GET,"/csrf").permitAll()
                .anyRequest().authenticated();
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManager() throws Exception {
        return super.authenticationManagerBean();
    }
}

问题是,如果调用“/login/method,就会得到一个StackOverflower错误。

java.lang.StackOverflowError: null
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:166) ~[spring-security-core-5.5.1.jar:5.5.1]
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:524) ~[spring-security-config-5.3.4.RELEASE.jar:5.3.4.RELEASE]
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:201) ~[spring-security-core-5.5.1.jar:5.5.1]
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:524) ~[spring-security-config-5.3.4.RELEASE.jar:5.3.4.RELEASE]
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:201) ~[spring-security-core-5.5.1.jar:5.5.1]
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:524) ~[spring-security-config-5.3.4.RELEASE.jar:5.3.4.RELEASE]
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:201) ~[spring-security-core-5.5.1.jar:5.5.1]
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:524) ~[spring-security-config-5.3.4.RELEASE.jar:5.3.4.RELEASE]
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:201) ~[spring-security-core-5.5.1.jar:5.5.1]
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:524) ~[spring-security-config-5.3.4.RELEASE.jar:5.3.4.RELEASE]
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:201) ~[spring-security-core-5.5.1.jar:5.5.1]
    at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:524) ~[spring-security-config-5.3.4.RELEASE.jar:5.3.4.RELEASE]
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:201) ~[spring-security-core-5.5.1.jar:5.5.1]

我已经找到了这个,并尝试了所有的组合 authenticationManagerauthenticationManagerBean 但结果都是一样的。
缩短的调试日志:

2021-07-26 14:07:15.050 DEBUG 221222 --- [nio-8080-exec-2] w.c.HttpSessionSecurityContextRepository : Did not store anonymous SecurityContext
2021-07-26 14:07:15.050 DEBUG 221222 --- [io-8080-exec-10] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2021-07-26 14:07:15.045 DEBUG 221222 --- [nio-8080-exec-9] w.c.HttpSessionSecurityContextRepository : Did not store anonymous SecurityContext
2021-07-26 14:07:15.049 DEBUG 221222 --- [nio-8080-exec-1] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2021-07-26 14:07:15.055 DEBUG 221222 --- [nio-8080-exec-9] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2021-07-26 14:07:15.055 DEBUG 221222 --- [nio-8080-exec-1] o.s.s.w.a.AnonymousAuthenticationFilter  : Set SecurityContextHolder to anonymous SecurityContext
2021-07-26 14:07:15.055 DEBUG 221222 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy        : Secured GET /error
2021-07-26 14:07:15.056 DEBUG 221222 --- [nio-8080-exec-2] w.c.HttpSessionSecurityContextRepository : Did not store anonymous SecurityContext
2021-07-26 14:07:15.056 DEBUG 221222 --- [nio-8080-exec-2] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2021-07-26 14:07:15.057 DEBUG 221222 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : Did not store anonymous SecurityContext
2021-07-26 14:07:15.058 DEBUG 221222 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : Did not store anonymous SecurityContext
2021-07-26 14:07:15.058 DEBUG 221222 --- [nio-8080-exec-1] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2021-07-26 14:07:21.362 DEBUG 221222 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : Securing POST /login
2021-07-26 14:07:21.362 DEBUG 221222 --- [nio-8080-exec-4] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2021-07-26 14:07:21.363 DEBUG 221222 --- [nio-8080-exec-4] o.s.s.w.a.AnonymousAuthenticationFilter  : Set SecurityContextHolder to anonymous SecurityContext
2021-07-26 14:07:21.364 DEBUG 221222 --- [nio-8080-exec-4] o.s.s.w.a.i.FilterSecurityInterceptor    : Authorized filter invocation [POST /login] with attributes [permitAll]
2021-07-26 14:07:21.364 DEBUG 221222 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : Secured POST /login
login
accessToken = xxxx
authManager = class org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator
2021-07-26 14:07:21.672 DEBUG 221222 --- [nio-8080-exec-4] w.c.HttpSessionSecurityContextRepository : Did not store anonymous SecurityContext
2021-07-26 14:07:21.672 DEBUG 221222 --- [nio-8080-exec-4] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2021-07-26 14:07:21.680 ERROR 221222 --- [nio-8080-exec-4] o.a.c.c.C.[.[.[/].[dispatcherServlet]    : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Handler dispatch failed; nested exception is java.lang.StackOverflowError] with root cause
2021-07-26 14:07:21.695 DEBUG 221222 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : Securing POST /error
2021-07-26 14:07:21.695 DEBUG 221222 --- [nio-8080-exec-4] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2021-07-26 14:07:21.695 DEBUG 221222 --- [nio-8080-exec-4] o.s.s.w.a.AnonymousAuthenticationFilter  : Set SecurityContextHolder to anonymous SecurityContext
2021-07-26 14:07:21.696 DEBUG 221222 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy        : Secured POST /error
2021-07-26 14:07:21.698 DEBUG 221222 --- [nio-8080-exec-4] w.c.HttpSessionSecurityContextRepository : Did not store anonymous SecurityContext
2021-07-26 14:07:21.700 DEBUG 221222 --- [nio-8080-exec-4] w.c.HttpSessionSecurityContextRepository : Did not store anonymous SecurityContext
2021-07-26 14:07:21.700 DEBUG 221222 --- [nio-8080-exec-4] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
spring-securityspring-session

暂无答案!

目前还没有任何答案,快来回答吧!

我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com