spring-security自定义User抛出java.lang.IllegalArgumentException异常

最新推荐文章于 2024-06-29 22:25:20 发布
最新推荐文章于 2024-06-29 22:25:20 发布
阅读量3k 收藏 5
点赞数 7
分类专栏: Spring Authorization Server Spring Security Spring Boot 文章标签: java spring spring boot
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/m13012606980/article/details/125291005
版权

spring-security自定义User抛出java.lang.IllegalArgumentException异常

具体异常

	java.lang.IllegalArgumentException: The class with com.xxxx.CustomUser and name of com.xxxx.CustomUser is not in the allowlist. If you believe this class is safe to deserialize, please provide an explicit mapping using Jackson annotations or by providing a Mixin. If the serialization is only done by a trusted source, you can also enable default typing. See https://github.com/spring-projects/spring-security/issues/4370 for details
	at org.springframework.security.oauth2.server.authorization.JdbcOAuth2AuthorizationService$OAuth2AuthorizationRowMapper.parseMap(JdbcOAuth2AuthorizationService.java:462) ~[spring-security-oauth2-authorization-server-0.3.0.jar:0.3.0]
	at org.springframework.security.oauth2.server.authorization.JdbcOAuth2AuthorizationService$OAuth2AuthorizationRowMapper.mapRow(JdbcOAuth2AuthorizationService.java:347) ~[spring-security-oauth2-authorization-server-0.3.0.jar:0.3.0]
	at org.springframework.security.oauth2.server.authorization.JdbcOAuth2AuthorizationService$OAuth2AuthorizationRowMapper.mapRow(JdbcOAuth2AuthorizationService.java:318) ~[spring-security-oauth2-authorization-server-0.3.0.jar:0.3.0]
	at org.springframework.jdbc.core.RowMapperResultSetExtractor.extractData(RowMapperResultSetExtractor.java:94) ~[spring-jdbc-5.3.15.jar:5.3.15]
	at org.springframework.jdbc.core.RowMapperResultSetExtractor.extractData(RowMapperResultSetExtractor.java:61) ~[spring-jdbc-5.3.15.jar:5.3.15]
	at org.springframework.jdbc.core.JdbcTemplate$1.doInPreparedStatement(JdbcTemplate.java:723) ~[spring-jdbc-5.3.15.jar:5.3.15]
	at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:651) ~[spring-jdbc-5.3.15.jar:5.3.15]
	at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:713) ~[spring-jdbc-5.3.15.jar:5.3.15]
	at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:744) ~[spring-jdbc-5.3.15.jar:5.3.15]
	at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:799) ~[spring-jdbc-5.3.15.jar:5.3.15]
	at org.springframework.security.oauth2.server.authorization.JdbcOAuth2AuthorizationService.findBy(JdbcOAuth2AuthorizationService.java:266) ~[spring-security-oauth2-authorization-server-0.3.0.jar:0.3.0]
	at org.springframework.security.oauth2.server.authorization.JdbcOAuth2AuthorizationService.findByToken(JdbcOAuth2AuthorizationService.java:251) ~[spring-security-oauth2-authorization-server-0.3.0.jar:0.3.0]
	at org.springframework.security.oauth2.server.authorization.authentication.CodeVerifierAuthenticator.authenticate(CodeVerifierAuthenticator.java:77) ~[spring-security-oauth2-authorization-server-0.3.0.jar:0.3.0]
	at org.springframework.security.oauth2.server.authorization.authentication.CodeVerifierAuthenticator.authenticateIfAvailable(CodeVerifierAuthenticator.java:66) ~[spring-security-oauth2-authorization-server-0.3.0.jar:0.3.0]
	at org.springframework.security.oauth2.server.authorization.authentication.ClientSecretAuthenticationProvider.authenticate(ClientSecretAuthenticationProvider.java:111) ~[spring-security-oauth2-authorization-server-0.3.0.jar:0.3.0]
	at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:182) ~[spring-security-core-5.6.1.jar:5.6.1]
	at org.springframework.security.oauth2.server.authorization.web.OAuth2ClientAuthenticationFilter.doFilterInternal(OAuth2ClientAuthenticationFilter.java:120) ~[spring-security-oauth2-authorization-server-0.3.0.jar:0.3.0]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.15.jar:5.3.15]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.1.jar:5.6.1]
	at org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationServerMetadataEndpointFilter.doFilterInternal(OAuth2AuthorizationServerMetadataEndpointFilter.java:77) ~[spring-security-oauth2-authorization-server-0.3.0.jar:0.3.0]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.15.jar:5.3.15]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.1.jar:5.6.1]
	at org.springframework.security.oauth2.server.authorization.web.NimbusJwkSetEndpointFilter.doFilterInternal(NimbusJwkSetEndpointFilter.java:85) ~[spring-security-oauth2-authorization-server-0.3.0.jar:0.3.0]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.15.jar:5.3.15]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.1.jar:5.6.1]
	at org.springframework.security.oauth2.server.authorization.oidc.web.OidcProviderConfigurationEndpointFilter.doFilterInternal(OidcProviderConfigurationEndpointFilter.java:79) ~[spring-security-oauth2-authorization-server-0.3.0.jar:0.3.0]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.15.jar:5.3.15]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.1.jar:5.6.1]
	at org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationEndpointFilter.doFilterInternal(OAuth2AuthorizationEndpointFilter.java:140) ~[spring-security-oauth2-authorization-server-0.3.0.jar:0.3.0]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.15.jar:5.3.15]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.1.jar:5.6.1]
	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:103) ~[spring-security-web-5.6.1.jar:5.6.1]
	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:89) ~[spring-security-web-5.6.1.jar:5.6.1]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.1.jar:5.6.1]
	at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117) ~[spring-security-web-5.6.1.jar:5.6.1]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.15.jar:5.3.15]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.1.jar:5.6.1]
	at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) ~[spring-security-web-5.6.1.jar:5.6.1]
	at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) ~[spring-security-web-5.6.1.jar:5.6.1]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.15.jar:5.3.15]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.1.jar:5.6.1]
	at org.springframework.security.oauth2.server.authorization.web.ProviderContextFilter.doFilterInternal(ProviderContextFilter.java:63) ~[spring-security-oauth2-authorization-server-0.3.0.jar:0.3.0]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.15.jar:5.3.15]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.1.jar:5.6.1]
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:110) ~[spring-security-web-5.6.1.jar:5.6.1]
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80) ~[spring-security-web-5.6.1.jar:5.6.1]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.1.jar:5.6.1]
	at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:55) ~[spring-security-web-5.6.1.jar:5.6.1]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.15.jar:5.3.15]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.1.jar:5.6.1]
	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:211) ~[spring-security-web-5.6.1.jar:5.6.1]
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183) ~[spring-security-web-5.6.1.jar:5.6.1]
	at org.springframework.security.web.debug.DebugFilter.invokeWithWrappedRequest(DebugFilter.java:90) ~[spring-security-web-5.6.1.jar:5.6.1]
	at org.springframework.security.web.debug.DebugFilter.doFilter(DebugFilter.java:78) ~[spring-security-web-5.6.1.jar:5.6.1]
	at org.springframework.security.web.debug.DebugFilter.doFilter(DebugFilter.java:67) ~[spring-security-web-5.6.1.jar:5.6.1]
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354) ~[spring-web-5.3.15.jar:5.3.15]
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267) ~[spring-web-5.3.15.jar:5.3.15]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-5.3.15.jar:5.3.15]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.15.jar:5.3.15]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
	at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-5.3.15.jar:5.3.15]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.15.jar:5.3.15]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-5.3.15.jar:5.3.15]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.15.jar:5.3.15]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:382) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:895) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1732) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
	at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-9.0.56.jar:9.0.56]
	at java.base/java.lang.Thread.run(Thread.java:834) ~[na:na]

抛出异常的原因

背景是我使用了Spring Authorization Server 0.3.0的OAuth2的authorization_code授权类型,需要对资源所有者进行身份验证。但我对org.springframework.security.core.userdetails.User类进行扩展com.xxxx.CustomUser,导致在资源所有者登录成功后,在根据authorization_code获取token时的执行期间查询数据库表oauth2_authorization信息后再转化为具体对象抛出异常。
具体查看异常位置,在JdbcOAuth2AuthorizationService的内部类OAuth2AuthorizationRowMapper的mapRow方法中

public OAuth2Authorization mapRow(ResultSet rs, int rowNum) throws SQLException {
	// ......
	Map<String, Object> attributes = parseMap(getLobValue(rs, "attributes"));
	// ......
}

分析发现getLobValue(rs, “attributes”)方法获取的是对应表oauth2_authorization的attributes字段,oauth2_authorization表结构如下:

CREATE TABLE `oauth2_authorization` (
  `id` varchar(100) NOT NULL,
  `registered_client_id` varchar(100) NOT NULL,
  `principal_name` varchar(200) NOT NULL,
  `authorization_grant_type` varchar(100) NOT NULL,
  `attributes` blob,
  `state` varchar(500) DEFAULT NULL,
  `authorization_code_value` blob,
  `authorization_code_issued_at` timestamp NULL DEFAULT CURRENT_TIMESTAMP,
  `authorization_code_expires_at` timestamp NULL DEFAULT CURRENT_TIMESTAMP,
  `authorization_code_metadata` blob,
  `access_token_value` blob,
  `access_token_issued_at` timestamp NULL DEFAULT CURRENT_TIMESTAMP,
  `access_token_expires_at` timestamp NULL DEFAULT CURRENT_TIMESTAMP,
  `access_token_metadata` blob,
  `access_token_type` varchar(100) DEFAULT NULL,
  `access_token_scopes` varchar(1000) DEFAULT NULL,
  `oidc_id_token_value` blob,
  `oidc_id_token_issued_at` timestamp NULL DEFAULT CURRENT_TIMESTAMP,
  `oidc_id_token_expires_at` timestamp NULL DEFAULT CURRENT_TIMESTAMP,
  `oidc_id_token_metadata` blob,
  `refresh_token_value` blob,
  `refresh_token_issued_at` timestamp NULL DEFAULT CURRENT_TIMESTAMP,
  `refresh_token_expires_at` timestamp NULL DEFAULT CURRENT_TIMESTAMP,
  `refresh_token_metadata` blob,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;

attributes存储的是一个json数据,类似如下:

{
	"@class": "java.util.Collections$UnmodifiableMap",
	"java.security.Principal": {
		"@class": "org.springframework.security.authentication.UsernamePasswordAuthenticationToken",
		"authorities": [
			"java.util.Collections$UnmodifiableRandomAccessList",
			[
				{
					"@class": "org.springframework.security.core.authority.SimpleGrantedAuthority",
					"authority": "ROLE_common"
				}
			]
		],
		"details": {
			"@class": "org.springframework.security.web.authentication.WebAuthenticationDetails",
			"remoteAddress": "127.0.0.1",
			"sessionId": "C79A07F205A263A7423C8645D6A37BBC"
		},
		"authenticated": true,
		"principal": {
			"@class": "com.xxxx.CustomUser",
			"password": null,
			"username": "admin",
			"authorities": [
				"java.util.Collections$UnmodifiableSet",
				[
					{
						"@class": "org.springframework.security.core.authority.SimpleGrantedAuthority",
						"authority": "ROLE_common"
					}
				]
			],
			"accountNonExpired": true,
			"accountNonLocked": true,
			"credentialsNonExpired": true,
			"enabled": true,
			"permissions": [
				"java.util.ArrayList",
				[
					{
						"@class": "com.bulv.security.authorization.config.login.PermissionGrantedAuthority",
						"targetDomain": "system/user/index",
						"authority": "system:user:list"
					}
				]
			]
		},
		"credentials": null
	},
	"org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest": {
		"@class": "org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest",
		"authorizationUri": "http://127.0.0.1:9200/oauth2/authorize",
		"authorizationGrantType": {
			"value": "authorization_code"
		},
		"responseType": {
			"value": "code"
		},
		"clientId": "bulv-app",
		"redirectUri": "http://127.0.0.1/oauth2/code",
		"scopes": [
			"java.util.Collections$UnmodifiableSet",
			[
				"user_info",
				"openid",
				"client.create"
			]
		],
		"state": "wWxnPj3KQeJYjFZIWZ1e_KvHpZOvlyp8DK9tQczrg6E=",
		"additionalParameters": {
			"@class": "java.util.Collections$UnmodifiableMap",
			"nonce": "-CyFrwZsxGOzu67cdN80FV1V893gRcprFy7DKDfTkg4"
		},
		"authorizationRequestUri": "http://127.0.0.1:9200/oauth2/authorize?response_type=code&client_id=bulv-app&scope=user_info%20openid%20client.create&state=wWxnPj3KQeJYjFZIWZ1e_KvHpZOvlyp8DK9tQczrg6E%3D&redirect_uri=http://127.0.0.1/oauth2/code&nonce=-CyFrwZsxGOzu67cdN80FV1V893gRcprFy7DKDfTkg4",
		"attributes": {
			"@class": "java.util.Collections$UnmodifiableMap"
		}
	},
	"org.springframework.security.oauth2.server.authorization.OAuth2Authorization.AUTHORIZED_SCOPE": [
		"java.util.Collections$UnmodifiableSet",
		[
			"user_info",
			"openid",
			"client.create"
		]
	]
}

异常翻译过来告诉我CustomUser类不在允许列表中。如果您认为此类可以安全地反序列化,请使用Jackson注释或提供 Mixin提供显式映射。如果序列化仅由受信任的来源完成,您还可以启用默认类型。详见 https://github.com/spring-projects/spring-security/issues/4370。说实话没看懂什么意思。但我大概明白和Jackson 有关系。后来在查看源码我发现在创建JdbcOAuth2AuthorizationService对象时属性authorizationParametersMapper实例化时,对authorizationParametersMapper的属性objectMapper默认设置了一些属性,而这些属性中正有被我覆盖的默认的org.springframework.security.core.userdetails.User类

public static class OAuth2AuthorizationParametersMapper implements Function<OAuth2Authorization, List<SqlParameterValue>> {
		private ObjectMapper objectMapper = new ObjectMapper();

		public OAuth2AuthorizationParametersMapper() {
			ClassLoader classLoader = JdbcOAuth2AuthorizationService.class.getClassLoader();
			List<Module> securityModules = SecurityJackson2Modules.getModules(classLoader);
			this.objectMapper.registerModules(securityModules);
			this.objectMapper.registerModule(new OAuth2AuthorizationServerJackson2Module());
		}
		
	// ...省略...
}

public final class SecurityJackson2Modules {
	// ...省略...
	
	/**
	 * @param loader the ClassLoader to use
	 * @return List of available security modules in classpath.
	 */
	public static List<Module> getModules(ClassLoader loader) {
		List<Module> modules = new ArrayList<>();
		for (String className : securityJackson2ModuleClasses) {
			addToModulesList(loader, modules, className);
		}
		if (ClassUtils.isPresent("javax.servlet.http.Cookie", loader)) {
			addToModulesList(loader, modules, webServletJackson2ModuleClass);
		}
		if (ClassUtils.isPresent("org.springframework.security.oauth2.client.OAuth2AuthorizedClient", loader)) {
			addToModulesList(loader, modules, oauth2ClientJackson2ModuleClass);
		}
		if (ClassUtils.isPresent(javaTimeJackson2ModuleClass, loader)) {
			addToModulesList(loader, modules, javaTimeJackson2ModuleClass);
		}
		return modules;
	}
	
	// ...省略...
}

public final class SecurityJackson2Modules {
	private static final Log logger = LogFactory.getLog(SecurityJackson2Modules.class);

	private static final List<String> securityJackson2ModuleClasses = Arrays.asList(
			"org.springframework.security.jackson2.CoreJackson2Module",
			"org.springframework.security.cas.jackson2.CasJackson2Module",
			"org.springframework.security.web.jackson2.WebJackson2Module",
			"org.springframework.security.web.server.jackson2.WebServerJackson2Module");

	private static final String webServletJackson2ModuleClass = "org.springframework.security.web.jackson2.WebServletJackson2Module";

	private static final String oauth2ClientJackson2ModuleClass = "org.springframework.security.oauth2.client.jackson2.OAuth2ClientJackson2Module";

	private static final String javaTimeJackson2ModuleClass = "com.fasterxml.jackson.datatype.jsr310.JavaTimeModule";
// ...省略...
}

public class CoreJackson2Module extends SimpleModule{

	public CoreJackson2Module() {
		super(CoreJackson2Module.class.getName(), new Version(1, 0, 0, null, null, null));
	}

	@Override
	public void setupModule(SetupContext context) {
		SecurityJackson2Modules.enableDefaultTyping(context.getOwner());
		context.setMixInAnnotations(AnonymousAuthenticationToken.class, AnonymousAuthenticationTokenMixin.class);
		context.setMixInAnnotations(RememberMeAuthenticationToken.class, RememberMeAuthenticationTokenMixin.class);
		context.setMixInAnnotations(SimpleGrantedAuthority.class, SimpleGrantedAuthorityMixin.class);
		context.setMixInAnnotations(Collections.<Object>unmodifiableSet(Collections.emptySet()).getClass(),
				UnmodifiableSetMixin.class);
		context.setMixInAnnotations(Collections.<Object>unmodifiableList(Collections.emptyList()).getClass(),
				UnmodifiableListMixin.class);
		context.setMixInAnnotations(User.class, UserMixin.class);
		context.setMixInAnnotations(UsernamePasswordAuthenticationToken.class,
				UsernamePasswordAuthenticationTokenMixin.class);
		context.setMixInAnnotations(BadCredentialsException.class, BadCredentialsExceptionMixin.class);
	}
}

顺着List securityModules = SecurityJackson2Modules.getModules(classLoader);这行代码我们一层一层向内跟进发现在CoreJackson2Module中存在context.setMixInAnnotations(User.class, UserMixin.class);这么一行代码,也就是被自定义CustomUser类替换的User。现在我们大体应该明白了异常的意思了,它是让我们为CustomUser设置一个类可以安全地反序列化它,使用Jackson注释或提供Mixin提供显式映射,就像UserMixin.class类似。

解决问题

我们需要对JdbcOAuth2AuthorizationService的属性authorizationParametersMapper在原来的基础上把CustomUser对应反序列化加入authorizationParametersMapper的objectMapper属性中,代码如下,CustomUserMixin可参考UserMixin相关内容我这里照着负责了一份,实际上要根据自己的实际要求来修改,我这里图方便,这样就可以解决异常问题了。

@Bean
	public OAuth2AuthorizationService authorizationService(JdbcTemplate jdbcTemplate,
			RegisteredClientRepository registeredClientRepository) {
		JdbcOAuth2AuthorizationService service = new JdbcOAuth2AuthorizationService(jdbcTemplate,
				registeredClientRepository);
		JdbcOAuth2AuthorizationService.OAuth2AuthorizationRowMapper authorizationRowMapper = new JdbcOAuth2AuthorizationService.OAuth2AuthorizationRowMapper(
				registeredClientRepository);
		authorizationRowMapper.setLobHandler(new DefaultLobHandler());

		ObjectMapper objectMapper = new ObjectMapper();
		ClassLoader classLoader = JdbcOAuth2AuthorizationService.class.getClassLoader();
		List<Module> securityModules = SecurityJackson2Modules.getModules(classLoader);
		objectMapper.registerModules(securityModules);
		objectMapper.registerModule(new OAuth2AuthorizationServerJackson2Module());
		objectMapper.addMixIn(CustomUser.class, CustomUserMixin.class);
		authorizationRowMapper.setObjectMapper(objectMapper);

		service.setAuthorizationRowMapper(authorizationRowMapper);
		return service;
	}

@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
@JsonDeserialize(using = CustomUserDeserializer.class)
@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE, isGetterVisibility = JsonAutoDetect.Visibility.NONE)
@JsonIgnoreProperties(ignoreUnknown = true)
public interface CustomUserMixin {
}

public class CustomUserDeserializer extends JsonDeserializer<User> {

	private static final TypeReference<Set<SimpleGrantedAuthority>> SIMPLE_GRANTED_AUTHORITY_SET = new TypeReference<Set<SimpleGrantedAuthority>>() {
	};

	/**
	 * This method will create {@link User} object. It will ensure successful object
	 * creation even if password key is null in serialized json, because credentials
	 * may be removed from the {@link User} by invoking
	 * {@link User#eraseCredentials()}. In that case there won't be any password key
	 * in serialized json.
	 *
	 * @param jp   the JsonParser
	 * @param ctxt the DeserializationContext
	 * @return the user
	 * @throws IOException             if a exception during IO occurs
	 * @throws JsonProcessingException if an error during JSON processing occurs
	 */
	@Override
	public User deserialize(JsonParser jp, DeserializationContext ctxt) throws IOException, JsonProcessingException {
		ObjectMapper mapper = (ObjectMapper) jp.getCodec();
		JsonNode jsonNode = mapper.readTree(jp);
		Set<? extends GrantedAuthority> authorities = mapper.convertValue(jsonNode.get("authorities"),
				SIMPLE_GRANTED_AUTHORITY_SET);
		JsonNode passwordNode = readJsonNode(jsonNode, "password");
		String username = readJsonNode(jsonNode, "username").asText();
		String password = passwordNode.asText("");
		boolean enabled = readJsonNode(jsonNode, "enabled").asBoolean();
		boolean accountNonExpired = readJsonNode(jsonNode, "accountNonExpired").asBoolean();
		boolean credentialsNonExpired = readJsonNode(jsonNode, "credentialsNonExpired").asBoolean();
		boolean accountNonLocked = readJsonNode(jsonNode, "accountNonLocked").asBoolean();
		User result = new User(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked,
				authorities);
		if (passwordNode.asText(null) == null) {
			result.eraseCredentials();
		}
		return result;
	}

	private JsonNode readJsonNode(JsonNode jsonNode, String field) {
		return jsonNode.has(field) ? jsonNode.get(field) : MissingNode.getInstance();
	}
}

遇到这个问题简单粗略的记录下,希望对遇见类似问题的小伙伴能有一点点的帮助。

zhaoll98k
关注
  • 7
    点赞
  • 5
    收藏
    觉得还不错? 一键收藏
  • 10
    评论
专栏目录
Javademo源码-398.java.lang.IllegalArgumentException-:398.java.lang.Illega
05-19
Java demo源码 398.java.lang.IllegalArgumentException- 398.java.lang.IllegalArgumentException 复现bug demo 源码
如何解决Mybatis--java.lang.IllegalArgumentException: Result Maps collection already contains value for X
08-31
在整合Spring、Struts2和Mybatis的过程中,可能会遇到各种问题,其中之一就是`java.lang.IllegalArgumentException: Result Maps collection already contains value for X`。这个问题通常出现在Mybatis配置文件中,...
Spring Security + Session Redis——JSON序列化错误[The class xxx and name of xxx is not whitelisted. ]解决方案
无限迭代中......
03-17 3702
前置 Spring Security + Spring Session + Redis——【SecurityContext】和【AuthenticationToken】JSON反序列化问题解决方案 问题描述 Caused by: java.lang.IllegalArgumentException: The class with com.hailiu.model.Role and name of com.hailiu.model.Role is not whitelisted. If you bel
spring security抛出自定义异常
绅士jiejie的博客
08-11 2566
首先抛出自定义异常这个思路是没啥问题的,至少比抛出UsernameNotFoundException来的自由些,因为在hideUserNotFoundExceptions属性默认为true的情况下,UsernameNotFoundException会被转换成BadCredentialsException,同时连异常信息都会被写成固定的Bad credentials了,部分源码参考如下: 首先我们要先定义一个自定义异常类,参考如下: /** 1. @Author:jiejie 2. @Desc: 自
spring-security-oauth2-authorization-server(三)自定义登录页 + JDBC模式获取用户信息
最新发布
weixin_42229668的博客
06-29 726
获取数据库用户登录,自定义登录页面,解决用户对象反序列化白名单问题
docker常用命令
choujulong7459的博客
02-14 106
如下红色的为容器ID 1.进入docker容器内部执行如下命令: docker exec -it 29371247b5fc /bin/bash 2.删除指定容器 docker rm 784fd3b294d7 3.导出容器 docker export red_panda > latest....
Spring IllegalArgumentException 异常
better_mouse的博客
04-15 525
Spring3+Jdk8   IllegalArgumentException  异常 不知不觉中,已经开始用JDK8了,然后它却不能和spring3兼容。 解决办法:1     spring4                  2     jdk7
spring security:IllegalArgumentException
weixin_34005042的博客
06-23 132
为什么80%的码农都做不了架构师?>>> ...
Spring 报错 java.lang.IllegalArgumentException
蜡笔小达新的博客
09-02 1987
在使用Spring3.2.0开发项目的过程中,在如下两个场景下遇到了报错java.lang.IllegalArgumentException的情况。 Spring 3.2.0 + jdk1.8 注解注入,如 (a)初始化 @PostConstruct public void init() { //initialization } (b)applcaitonContext.xml &...
IDEA 中使用 ECJ 编译出现 java.lang.IllegalArgumentException的错误问题
08-19
"IDEA 中使用 ECJ 编译出现 java.lang.IllegalArgumentException 的错误问题解决方案" IDEA 是一个功能强大且功能丰富的集成开发环境,支持多种编程语言,包括 Java、Python、Ruby 等。ECJ(Eclipse Compiler for ...
java.lang.IllegalArgumentException:Input == null的异常处理
01-08
Caused by: java.lang.IllegalArgumentException: input == null! at javax.imageio.ImageIO.read(ImageIO.java:1388) at com.pleanwar.fiying.FlyingObject.loadImage(FlyingObject.java:52) at ...
Java java.lang.ExceptionInInitializerError 错误如何解决
08-30
当类的静态初始化过程遇到无法正常处理的异常时,Java虚拟机(JVM)不会直接抛出异常的原始类型,而是包装成 `ExceptionInInitializerError` 并在后续尝试使用该类时抛出。这是为了确保类的初始化过程不会因为一个...
已解决 Spring Error: `IllegalArgumentException: Validation failed for argument at index 0 in method` 问题
深入 IT 各领域的角落,分享前沿技术见解与实践心得。与我一起,探索技术的无限可能!
09-24 314
在日常的后端开发过程中,遭遇 Bug 是家常便饭。尤其在使用 Spring 框架时,由于其庞大的体系和复杂的功能,我们常常会遇到一些让人头疼的问题。。经过一番查找和尝试,我成功解决了这个问题。本文旨在分享这个问题的解决过程,包括问题的分析、解决方案和如何避免此类问题,希望对遇到类似问题的开发者有所帮助。???通过深入分析和解决这个问题,我对 Spring 的参数验证机制有了更深入的理解。遇到问题不可怕,关键是要有解决问题的勇气和能力。希望本文的分享能对你有所帮助,让我们在编程的道路上越走越稳。??
SpringSecurity自定义异常处理
Twilight blog
09-01 1万+
以下为SpringSecurity默认自带的异常处理机制 两个重要的异常类 1. AccessDeniedException 该异常实现了很多子类。子类都是涉及到权限校验问题的。 2. AuthenticationEntryPoint 同样该异常类也实现了很多子类。springSecurity把异常划分的很细。概括来说都是身份校验问题。 自定异常处理类 public class My...
java序列化错误
小草的博客
04-08 781
1.在BaseEntity中添加一个瞬时态属性,启动访问首页保错 解决方案: redis的问题,我把信息放到redis里面,重启项目后就出现了这样的情况。 把redis服务关闭或者清空后再登录就好了。(清空redis缓存就好了) ...
Caused by: java.lang.IllegalStateException: Serialized class cn.bloghut.dto.ProducterDto must implem
闲言
06-06 646
Caused by: java.lang.IllegalStateException: Serialized class cn.bloghut.dto.ProducterDto must implement java.io.Serializable
java.lang.IllegalArgumentException: SimpleMessageConverter only supports String, byte[] and Serializ
Tomatoes的博客
02-21 441
实现Serializable 接口后定义private static final long serialVersionUID = 1L;的意义,在jvm反序列化时会校验该值是否变化,有变化则抛出异常程序不兼容,倘若认为定义了该值,类修改了则不会自动修改serialVersionUID值,则会默认版本兼容。
解决Dubbo在反序列化时报错
GUILTYxc的博客
03-15 2484
STRICT参考官网关于类检查机制的说明我使用的版本默认的检查模式为STRICT,禁止反序列化所有不在允许序列化列表(白名单)中的类。共有三个模式:STRICT 严格检查,WARN 告警,DISABLE 禁用。
深入理解java.lang.IllegalArgumentException异常
热门推荐
博客
08-02 4万+
IllegalArgumentExceptionJava的一个标准异常类,继承自RuntimeException类。当方法接收到一个非法或不合理的参数时,就会抛出异常。本篇博客深入探讨了java.lang.IllegalArgumentException异常的相关知识。我们了解了异常的概念和分类,以及异常处理机制。然后,重点介绍了IllegalArgumentException异常的定义、继承关系和触发条件。接着,我们讨论了该异常在方法参数校验、构造方法参数校验和API调用参数校验等常见场景中的应用。
xxl-job异常java.lang.IllegalArgumentException
09-20
引用:Caused by: java.lang.IllegalArgumentException: input == null! at javax.imageio.ImageIO.read(ImageIO.java:1388) at com.pleanwar.fiying.FlyingObject.loadImage(FlyingObject.java:52) at ...。 引用:新导入的项目springboot启动报错 java.lang.IllegalArgumentException: Invalid character found in method name. HTTP method names must be tokens at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:422) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:683) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) 。 引用:如果在项目中使用了Maven,则需要加入以下两个依赖,否则会报错 <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc</artifactId> <version>4.3.14.RELEASE</version> </dependency> <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-core</artifactId> <version>2.6.7</version> </dependency> 对于xxl-job异常java.lang.IllegalArgumentException,这个异常通常是由于参数不符合方法要求而引起的。根据提供的引用内容,我无法直接确定具体的错误原因。然而,根据异常信息,你可以尝试检查以下几个方面以解决问题: 1. 检查参数是否为空:请确保传递给相关方法的参数不为空。如果参数为空,可能会导致IllegalArgumentException异常。 2. 检查方法名是否有效:如果你遇到类似于"Invalid character found in method name"这样的异常消息,请确保方法名是有效的HTTP方法名。它们应该是令牌(tokens)。 3. 检查项目中的依赖:如果项目中使用了Maven,请确保添加了所需的依赖项。特别是,检查是否包含了org.springframework:spring-webmvc和com.fasterxml.jackson.core:jackson-core这两个依赖项。 请按照上述步骤逐一检查并排除可能的问题,以解决xxl-job异常java.lang.IllegalArgumentException
评论 10
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值