今天在做springboot和shiro整合练习的时候出现了一个错误,希望对初学者遇到同样问题有所帮助

于 2023-05-30 17:27:37 发布
阅读量440 收藏
点赞数 1
文章标签: java spring mybatis
原文链接:https://www.cnblogs.com/Z-share/p/11758176.html
版权
文章描述了一个在使用ApacheShiro进行用户认证时遇到的NullPointerException问题,原因是userService未成功注入到自定义Realm中。解决方案是将Realm作为Bean创建,确保在Shiro初始化时已完成依赖注入。
摘要由CSDN通过智能技术生成

错误信息如下: 

WARN 14092 --- [nio-8083-exec-2] o.a.shiro.authc.AbstractAuthenticator    : Authentication failed for token submission [org.apache.shiro.authc.UsernamePasswordToken - lin, rememberMe=false].  Possible unexpected error? (Typical or expected login exceptions should extend from AuthenticationException).

java.lang.NullPointerException: null
    at com.lin.utils.ApplicationContextUtil.getBean(ApplicationContextUtil.java:16) ~[classes/:na]
    at com.lin.utils.redis.RedisCache.getRedisTemplate(RedisCache.java:60) ~[classes/:na]
    at com.lin.utils.redis.RedisCache.get(RedisCache.java:23) ~[classes/:na]
    at org.apache.shiro.realm.AuthenticatingRealm.getCachedAuthenticationInfo(AuthenticatingRealm.java:488) ~[shiro-core-1.7.1.jar:1.7.1]
    at org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:568) ~[shiro-core-1.7.1.jar:1.7.1]
    at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180) ~[shiro-core-1.7.1.jar:1.7.1]
    at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:273) ~[shiro-core-1.7.1.jar:1.7.1]
    at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198) ~[shiro-core-1.7.1.jar:1.7.1]
    at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106) [shiro-core-1.7.1.jar:1.7.1]
    at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:275) [shiro-core-1.7.1.jar:1.7.1]
    at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:260) [shiro-core-1.7.1.jar:1.7.1]
    at com.lin.controller.LoginController.login(LoginController.java:41) [classes/:na]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_191]
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_191]
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_191]
    at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_191]
    at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205) [spring-web-5.3.27.jar:5.3.27]
    at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:150) [spring-web-5.3.27.jar:5.3.27]
    at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:117) [spring-webmvc-5.3.27.jar:5.3.27]
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895) [spring-webmvc-5.3.27.jar:5.3.27]
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:808) [spring-webmvc-5.3.27.jar:5.3.27]
    at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87) [spring-webmvc-5.3.27.jar:5.3.27]
    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1072) [spring-webmvc-5.3.27.jar:5.3.27]
    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:965) [spring-webmvc-5.3.27.jar:5.3.27]
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006) [spring-webmvc-5.3.27.jar:5.3.27]
    at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:909) [spring-webmvc-5.3.27.jar:5.3.27]
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:555) [tomcat-embed-core-9.0.75.jar:4.0.FR]
    at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883) [spring-webmvc-5.3.27.jar:5.3.27]
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:623) [tomcat-embed-core-9.0.75.jar:4.0.FR]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:209) [tomcat-embed-core-9.0.75.jar:9.0.75]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [tomcat-embed-core-9.0.75.jar:9.0.75]
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51) [tomcat-embed-websocket-9.0.75.jar:9.0.75]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [tomcat-embed-core-9.0.75.jar:9.0.75]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [tomcat-embed-core-9.0.75.jar:9.0.75]
    at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61) [shiro-web-1.7.1.jar:1.7.1]
    at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108) [shiro-web-1.7.1.jar:1.7.1]
    at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137) [shiro-web-1.7.1.jar:1.7.1]
    at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [shiro-web-1.7.1.jar:1.7.1]
    at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) [shiro-web-1.7.1.jar:1.7.1]
    at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108) [shiro-web-1.7.1.jar:1.7.1]
    at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137) [shiro-web-1.7.1.jar:1.7.1]
    at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [shiro-web-1.7.1.jar:1.7.1]
    at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) [shiro-web-1.7.1.jar:1.7.1]
    at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:450) [shiro-web-1.7.1.jar:1.7.1]
    at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) [shiro-web-1.7.1.jar:1.7.1]
    at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) [shiro-core-1.7.1.jar:1.7.1]
    at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) [shiro-core-1.7.1.jar:1.7.1]
    at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:387) [shiro-core-1.7.1.jar:1.7.1]
    at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362) [shiro-web-1.7.1.jar:1.7.1]
    at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [shiro-web-1.7.1.jar:1.7.1]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [tomcat-embed-core-9.0.75.jar:9.0.75]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [tomcat-embed-core-9.0.75.jar:9.0.75]
    at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) [spring-web-5.3.27.jar:5.3.27]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) [spring-web-5.3.27.jar:5.3.27]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [tomcat-embed-core-9.0.75.jar:9.0.75]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [tomcat-embed-core-9.0.75.jar:9.0.75]
    at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) [spring-web-5.3.27.jar:5.3.27]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) [spring-web-5.3.27.jar:5.3.27]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [tomcat-embed-core-9.0.75.jar:9.0.75]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [tomcat-embed-core-9.0.75.jar:9.0.75]
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) [spring-web-5.3.27.jar:5.3.27]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) [spring-web-5.3.27.jar:5.3.27]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) [tomcat-embed-core-9.0.75.jar:9.0.75]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) [tomcat-embed-core-9.0.75.jar:9.0.75]
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167) [tomcat-embed-core-9.0.75.jar:9.0.75]
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) [tomcat-embed-core-9.0.75.jar:9.0.75]
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:481) [tomcat-embed-core-9.0.75.jar:9.0.75]
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130) [tomcat-embed-core-9.0.75.jar:9.0.75]
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) [tomcat-embed-core-9.0.75.jar:9.0.75]
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) [tomcat-embed-core-9.0.75.jar:9.0.75]
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [tomcat-embed-core-9.0.75.jar:9.0.75]
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:390) [tomcat-embed-core-9.0.75.jar:9.0.75]
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) [tomcat-embed-core-9.0.75.jar:9.0.75]
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:926) [tomcat-embed-core-9.0.75.jar:9.0.75]
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1791) [tomcat-embed-core-9.0.75.jar:9.0.75]
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) [tomcat-embed-core-9.0.75.jar:9.0.75]
    at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) [tomcat-embed-core-9.0.75.jar:9.0.75]
    at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) [tomcat-embed-core-9.0.75.jar:9.0.75]
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-9.0.75.jar:9.0.75]
    at java.lang.Thread.run(Thread.java:748) [na:1.8.0_191]

2、realm源代码

public class CustomRealm extends AuthorizingRealm {
    @Autowired
    private RoleService roleService;
    @Autowired
    private RolePermissionService rolePermissionService;
    @Autowired
    private UserService userService;

 //认证
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        //从主体传过来的认证信息中,获取用户名
        String userName = (String)authenticationToken.getPrincipal();

        //通过用户名去到数据库中获取凭证
        String password = userService.getPasswordByUsername(userName);
        if (StringUtils.isEmpty(password)) {
            return null;
        }
        SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(userName, password, "costomRealm");
        //设置盐salt
        simpleAuthenticationInfo.setCredentialsSalt(ByteSource.Util.bytes("pyy"));

        return simpleAuthenticationInfo;
    }
}

3、shiro配置类代码

 @Bean
    public SecurityManager securityManager() {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();

        CustomRealm customRealm = new CustomRealm();

        //加密配置
        HashedCredentialsMatcher matcher = new HashedCredentialsMatcher();
        //设置加密算法名称
        matcher.setHashAlgorithmName("md5");
        //设置加密次数
        matcher.setHashIterations(1);
        customRealm.setCredentialsMatcher(matcher);

        //设置Realm
        securityManager.setRealm(customRealm);

        return securityManager;
    }

4.debug时的现象

 

 

报NPE, 说明userService没有注入进来,为什么?

因为shiro 的realm本身相当于过滤器,而在登录访问时会先走过滤器,再执行service注入,这就会出现还没有进行service注入,已经再realm中调用注入的对象,所以就会出现上述现象

 

解决办法:

  将realm已bean的形式生成,那么再生成时就会强制注入service对象,这样就避免了上述问题,具体代码如下, 

 @Bean
    public SecurityManager securityManager() {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();

        //设置Realm
        securityManager.setRealm(customRealm());

        return securityManager;
    }

    @Bean
    public CustomRealm customRealm() {
        CustomRealm customRealm = new CustomRealm();

        //加密配置
        HashedCredentialsMatcher matcher = new HashedCredentialsMatcher();
        //设置加密算法名称
        matcher.setHashAlgorithmName("md5");
        //设置加密次数
        matcher.setHashIterations(1);
        customRealm.setCredentialsMatcher(matcher);

        return customRealm;
    }

 

程博衍336
关注
  • 1
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 1
    评论
shiro-core-1.7.1 jar
07-12
shiro shiro-core-1.7.1 jar shiro漏洞
shiro 权限框架,登陆报以下错误Authentication failed for token submission
豪华的博客
12-04 3804
Authentication failed for token submission [org.apache.shiro.authc.UsernamePasswordToken - admin, rememberMe=false]. Possible unexpected error? (Typical or expected login exceptions should extend from AuthenticationException). 原因: 我今天遇到了这个错误,并不是密码验证错误, 我用
mybatis-Typical or expected login exceptions should extend from AuthenticationException
qq_36015612的博客
07-29 3180
典型或预期的登录异常 一般是mapper的resultMap或parameterType配置错误 1.resultMap=".Mapper.BaseResultMap" resultType=".model." 2.parameterType=“map” -->对应参数record,即对象 paramterType=“java.lang.Integer”(java.lang.String)...
Shiro身份验证抛出AuthenticationException异常,解决方案
weixin_34033624的博客
02-01 9806
问题 在学习Shiro的时候,遇到Shiro抛出org.apache.shiro.authc.AuthenticationException异常,完整异常如下: org.apache.shiro.authc.AuthenticationException: Authentication failed for token submission [org.apache.shiro.authc.Use...
解决shiro报Possible unexpected error错误信息
PickRecalled
11-15 7811
学习shiro,采用了.ini初始化配置文件来充当数据库角色.在学习shiro使用ini过程报如下错误信息: SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder". SLF4J: Defaulting to no-operation (NOP) logger implementation SLF4J: See htt...
SpringBoot_Shiro_JWT_Redis:SpringBoot整合Shiro、JWT和Redis实现token登录授权验证以及token刷新
05-14
SpringBoot整合Shiro、JWT和Redis实现token登录授权验证以及token刷新 前端代码为一个博客页面,使用了Semantic UI框架结合thymeleaf模板 SpringBoot结合JWT+Shiro+Redis实现token无状态登录授权 [TOC] 一、引言 ​ ...
springboot-shiro一个简洁优美的Springboot集成Shiro的权限管理系统:非常具有参考与学习价值,推荐给SpringBootShiro初学者
02-02
非常适合进阶学习SpringBootShiro的同学,是一个非常具有参考与学习价值的权限管理项目啦〜开发环境工具版本或描述OS Windows 7/10 JDK 1.7+ / 11+ IDE IntelliJ IDEA 2017.3 / 2019.1 Maven 3.3.1 / 3.6.0 MySQL ...
Springboot整合Shiro的代码实例
08-25
Springboot 整合 Shiro 的代码实例 Springboot 整合 Shiro 的代码实例是指在 Springboot 项目...Springboot 整合 Shiro 的代码实例提供了一个基本的身份验证和授权管理示例,开发者可以根据实际需求进行修改和扩展。
基于SpringBootShiro整合实现的一个简单权限管理系统源码+项目说明.zip
最新发布
12-18
基于SpringBootShiro整合实现的一个简单权限管理系统源码+项目说明.zip Subject : 用户主体(把操作交给 SecurityManager) SecurityManager : 安全管理器(关联 Realm) Realm :Shiro 连接数据的桥梁 【备注】 ...
SpringBoot整合Shiro+JWT
05-15
在本文,我们将深入探讨如何将SpringBoot与Apache Shiro及JSON Web Tokens(JWT)进行集成,以构建一个安全的用户认证系统。首先,我们来理解这三个关键组件: 1. **SpringBoot**:SpringBootSpring框架的一个...
shiro1.7.1.zip
04-12
最新版shiro1.7.1.jar包,安全升级专用
新!Shiro自定义异常无法被捕获总是抛出AuthenticationException解决方案
qq_34168515的博客
01-09 5575
文章目录一、出现原因二、当我们创建全局拦截失败三、最终方案 一、出现原因 在 AuthorizingRealm doGetAuthenticationInfo 抛出异常 案例: @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken){ String token = (String) authenticationToken.g
Authentication failed for token submission
qq_39157951的博客
03-05 6682
控制台报错: Authentication failed for token submission [org.apache.shiro.authc.UsernamePasswordToken - admin, rememberMe=false]. Possible unexpected error? (Typical or expected login exceptions should ext...
shiro登录认证以及未知错误:Authentication failed for token submission
m0_37127742的博客
08-14 4334
前面一篇博客有在提到在配置里面配置了shiro的登录认证授权,感觉挺强大的,将登录授权封装这样减少了很多代码,只要在web.xml里面加入application-shiro的有关引入和配置shiro的过滤器,然后在application-shiro里面配置shiro、如下 <beans xmlns="http://www.springframework.org/schema/beans"
shiro: Odd number of characters.
ITHomeZSL的博客
10-21 1688
java.lang.IllegalArgumentException: Odd number of characters. at org.apache.shiro.codec.Hex.decode(Hex.java:128) at org.apache.shiro.codec.Hex.decode(Hex.java:107) at org.apache.shiro.code...
使用shiro框架进行用户登录认证报错(HTTP Status 500 - Authentication failed for token submission )解决
fareality的博客
01-25 1万+
报错: root cause java.lang.NullPointerException org.apache.shiro.authc.credential.SimpleCredentialsMatcher.equals(SimpleCredentialsMatcher.java:95 HTTP Status 500 - Authentication failed for
springboot集成shiro时认证出现报错Submitted credentials for token [org.apache.shiro.authc.UsernamePasswordToke
苏顺的博客
05-09 1万+
shiro密码验证的大致流程: 1. controllerlogin的时候 UsernamePasswordToken token = new UsernamePasswordToken(account, password); try { SecurityUtils.getSubject().login(token); } 2. realm调用doGetAuthenticationInfo @Override
shiro出现Authentication failed for token submission(认证失败)异常
热门推荐
hans的博客
04-24 4万+
配置shiro框架,使用模拟信息登录成功。使用数据库信息就报错,找半天有点烦。好在最后解决了,这里记录一下。多的不说,上bug[org.apache.shiro.authc.AbstractAuthenticator] - Authentication failed for token submission [org.apache.shiro.authc.UsernamePasswordToken...
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值