org.springframework.security.web.FilterChainProxy.getFilters 处的 NullPointerException [英] NullPointerException at org.springframework.security.web.FilterChainProxy.getFilters
问题描述
我尝试使用 spring-security,但出现此错误.
I tried to use spring-security, and get this error.
java.lang.NullPointerException
at org.springframework.security.web.FilterChainProxy.getFilters(FilterChainProxy.java:223)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:196)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Unknown Source)
我在 web.xml 中包含过滤器
I include filter in web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
version="3.1">
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>encoding-filter</filter-name>
<filter-class>
org.springframework.web.filter.CharacterEncodingFilter
</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encoding-filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<display-name>Spring MVC Application</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:applicationContext.xml</param-value>
</context-param>
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>0</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
并在 applicationContext 文件中为此过滤器创建一个 bean:
And create a bean for this filter in applicationContext file:
<bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy"> </bean>
在我在 applicationContext 文件中注册这个 bean 之前,我有一个错误 没有定义名为 'springSecurityFilterChain' 的 bean
Before I register this bean in applicationContext file I Have an error no bean named 'springSecurityFilterChain' is defined
我不使用 spring-security.xml 进行配置,而是在 SecurityConfig 类中配置安全性.
I don't use spring-security.xml for configuration, and configure security in a SecurityConfig class.
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsServiceImpl userDetailsService;
@Autowired
public void registerGlobalAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(userDetailsService);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf()
.disable()
.authorizeRequests()
.antMatchers("/resources/**", "/**").permitAll()
.anyRequest().permitAll()
.and();
http.formLogin()
.loginPage("/login")
.loginProcessingUrl("/j_spring_security_check")
.failureUrl("/login?error")
.usernameParameter("j_username")
.passwordParameter("j_password")
.permitAll();
http.logout()
.permitAll()
.logoutUrl("/logout")
.logoutSuccessUrl("/login?logout")
.invalidateHttpSession(true);
}
}
我认为是 spring-security 文件的配置有问题,但我不明白哪里出了问题.
I think that is some problems with configuration of spring-security file, but I can't understand what is wrong.
推荐答案
我已经弄清楚这里发生了什么,但我认为您最好只坚持使用 Java Config 或 XML 配置,而不是将它们混合和匹配与集成 Spring MVC 和 Security 的关系.
I have figured out what is going on here, but I think you are much better off sticking to only Java Config or XML config rather than mixing and matching them in relation to integration Spring MVC and Security.
在 XML 配置中,springSecurityFilterChain 由 spring-security.xml 中的 http
命名空间创建.请参阅此处.由于您已切换到 java 配置,因此没有创建 springSecurityFilterChain,这正是应用程序所抱怨的.
In XML Configuration, The springSecurityFilterChain is created by the http
namespace in your spring-security.xml. Refer here. Since you have switched to java config there is no springSecurityFilterChain created which is exactly what the application is complaining about.
要在其中创建 springSecurityFilterChain,您需要执行以下 2 个步骤.
To Create the springSecurityFilterChain in you need to do the following 2 steps.
第一步
从您的 web.xml 中删除以下内容
Remove the following from your web.xml
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
第 2 步
创建一个 AbstractSecurityWebApplicationInitializer
,它将为您创建 springsecurityfilterchain.
Create a AbstractSecurityWebApplicationInitializer
which will create the springsecurityfilterchain for you.
public class SpringSecurityInitializer extends
AbstractSecurityWebApplicationInitializer {
}
现在 AbstractSecurityWebApplicationInitializer
documentation 说当与 AbstractSecurityWebApplicationInitializer() 一起使用时,该类通常与 AbstractContextLoaderInitializer 的子类一起使用.
所以现在你必须自己创建 AbstractContextLoaderInitializer.为此,我进行了 2 个更改
So now you have to create AbstractContextLoaderInitializer yourself. For this I have made 2 changes
步骤 1 :- 从 web.xml 中删除以下内容
Step 1 :- Remove below from web.xml
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext.xml
</param-value>
第 2 步:- 创建一个类 SpringAnnotationWebInitializer
和 ApplicationContextSpring
,它们将具有以下内容
Step 2:- Create a Class SpringAnnotationWebInitializer
and ApplicationContextSpring
which will have the following content
public class SpringAnnotationWebInitializer extends
AbstractContextLoaderInitializer {
@Override
protected WebApplicationContext createRootApplicationContext() {
AnnotationConfigWebApplicationContext applicationContext = new AnnotationConfigWebApplicationContext();
applicationContext.register(ApplicationContextSpring.class);
return applicationContext;
}
}
和 ApplicationContextSpring
将是
@Configuration
@ImportResource("classpath:applicationContext.xml")
@Import(SecurityConfig.class)
public class ApplicationContextSpring {
}
就像我说的,你最好创建 java 或 xml 配置.
Like I said, you are much better of creating either java or xml config.
这篇关于org.springframework.security.web.FilterChainProxy.getFilters 处的 NullPointerException的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!