在spring security dofilter身份验证方法中使用@Autowired注释时出现Nullpointer异常[关闭]

Posted 2023-02-27

【中文标题】在spring security dofilter身份验证方法中使用@Autowired注释时出现Nullpointer异常[关闭]

【英文标题】：Nullpointer Exception for @Autowired annotation while using that in spring security dofilter method of authentication [closed]

【发布时间】：2021-11-02 21:27:42

【问题描述】：

我的服务类使用@Service 注释，如下所示：

@Service
public class SimpleApplicationSettingManager implements ApplicationSettingManager 
  
    @Autowired
    ApplicationSettingsDao applicationSettingsDao;

    //Method to Fetch value from the database
    @Override
    public boolean isConfigValue() 
         return applicationSettingsDao.getSettingsByKey(Constants.CONFIG_VALUE)
                .getValue().equalsIgnoreCase("true")?true:false;
    

DAO 类

public interface ApplicationSettingsDao extends GenericDao<ApplicationSettings, Long> 

    /**
     * @param key of the setting to retrive value
     * @return the value mapped against the key.
     */
    @Transactional
    ApplicationSettings getSettingsByKey(String key);

下面我尝试在 Spring Security 中自动装配以保持会话

public class AuthenticationProcessingFilter extends AbstractAuthenticationProcessingFilter 
   
    private static final Log LOG = LogFactory.getLog(AuthenticationProcessingFilter.class);

    @Autowired
    private ApplicationSettingManager applicationSettingManager;

    public AuthenticationProcessingFilter(String filterProcessesUrl)
      super(filterProcessesUrl);
    

    @Override
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException 

      if (req instanceof HttpServletRequest) 
        HttpServletRequest httpRequest = (HttpServletRequest) req;
        HttpSession httpSession = httpRequest.getSession();
        isCIAMEnabled= **applicationSettingManager**.isConfigValue();
        httpSession.setAttribute(Constants.SESSION_ATTR_CIAM_ENABLED, isCIAMEnabled);
      
      super.doFilter(req, res, chain);
    

它会产生一个NullPointerException，如下所示：

java.lang.NullPointerException
at service.SimpleApplicationSettingManager.isConfigValue(SimpleApplicationSettingManager.java:20)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:302)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:281)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:208)
at com.sun.proxy.$Proxy124.isConfigValue(Unknown Source)
at web.filter.security.ciam.AuthenticationProcessingFilter.doFilter(AuthenticationProcessingFilter.java:85)

【问题讨论】：

异常表示 NPE 在 SimpleApplicationSettingManager.isEnabledConfigValue 中，但该方法未出现在您显示的代码中。

那是 public boolean isConfigValue() 而不是 isEnabledConfigValue。

拥有ApplicationSettingsDao 的代码或至少知道getSettingsByKey 方法的返回类型会有所帮助。

【参考方案1】：

在我看来有两个可能的原因：

getSettingsByKey(Constants.CONFIG_VALUE) 返回null; getSettingsByKey(Constants.CONFIG_VALUE) 实际上返回一个有效的非空 ApplicationSettings 但随后调用它的 getValue() 方法返回 null。