使用Spring Boot的@AuthenticationPrincipal不起作用 [英] @AuthenticationPrincipal with Spring Boot not working
问题描述
使用Spring Boot 1.3.1,我在 @AuthenticationPrincipal
上遇到问题.
Using Spring Boot 1.3.1, I am having problems with @AuthenticationPrincipal
.
这是我的控制者:
@RestController
@RequestMapping("/api/user")
public class UserController {
@RequestMapping("/")
public UserDto user(@AuthenticationPrincipal(errorOnInvalidType = true) User user) {
return UserDto.fromUser(user);
}
}
这是我的自定义用户类:
This is my custom User class:
@Entity()
@Table(name = "app_user")
public class User extends AbstractEntity<UserId> implements Serializable {
// ------------------------------ FIELDS ------------------------------
@NotNull
@Column(unique = true)
@Pattern(regexp = "[a-zA-Z_\\-\\.0-9]+")
@Size(min = 1, max = 20)
private String username;
private String password;
@Column(unique = true)
@Email
private String emailAddress;
@Enumerated(EnumType.STRING)
@NotNull
private UserRole role;
}
我还创建了一个类以确认Spring Security的 UserDetails
接口:
I also created a class to confirm to the UserDetails
interface of Spring Security:
public class CustomUserDetails extends User implements UserDetails {
public CustomUserDetails(User user) {
super(user);
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return Sets.newHashSet(new SimpleGrantedAuthority("ROLE_" + getRole().name()));
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
}
然后在我的 UserDetailsService
中:
@Override
public CustomUserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
com.company.app.domain.account.User user = userRepository.findByUsername(username);
if (user != null) {
return new CustomUserDetails(user);
} else {
throw new UsernameNotFoundException(format("User %s does not exist!", username));
}
}
我有一个完美的集成测试.但是,无法运行应用程序本身(从IntelliJ IDEA).我有一个例外:
I have an integration test that works perfectly. However, running the application itself (from IntelliJ IDEA), does not work. I get an exception:
"CustomUserDetails{id=UserId{id=401868de-99ff-4bae-bcb6-225e3062ed33}} is not assignable to class com.company.app.domain.account.User"
但这不是真的,因为 CustomUserDetails
是我的自定义 User
类的子类.
But this is not true, since CustomUserDetails
is a subclass of my custom User
class.
通过调试器检查,我发现 AuthenticationPrincipalArgumentResolver
中的此代码失败:
Checking with the debugger, I see that this code in AuthenticationPrincipalArgumentResolver
fails:
if (principal != null
&& !parameter.getParameterType().isAssignableFrom(principal.getClass())) {
parameter.getParameterType()的类加载器是 RestartClassloader
的实例,而 principal.getClass()
的类加载器是 Launcher $ AppClassLoader
的实例.
The classloader of parameter.getParameterType()
is an instance of RestartClassloader
, while principal.getClass()
has a classloader that is an instance of Launcher$AppClassLoader
.
这是Spring Boot或Spring Security中的错误,还是我做错了什么?
Is this a bug in Spring Boot or Spring Security or am I doing something wrong?
更新:
我可以确认禁用Spring Boot的devtools可以使其工作:
I can confirm that disabling devtools of Spring Boot makes it work:
public static void main(String[] args) {
System.setProperty("spring.devtools.restart.enabled", "false");
SpringApplication.run(MyApplication.class, args);
}
推荐答案
为帮助遇到相同问题的其他任何人,这是Spring Boot DevTools和Spring Security OAuth中的一个限制.在此问题中对此进行了跟踪: https://github.com/spring-projects/spring-boot/issues/5071
To help anyone else who hits the same problem, this is a limitation in Spring Boot DevTools and Spring Security OAuth. It's being tracked in this issue: https://github.com/spring-projects/spring-boot/issues/5071
这篇关于使用Spring Boot的@AuthenticationPrincipal不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!