Apache Shiro 与 Spring MVC AuthorizingRealm @Autowired java.lang.NullPointerException
Posted
技术标签:
【中文标题】Apache Shiro 与 Spring MVC AuthorizingRealm @Autowired java.lang.NullPointerException【英文标题】:Apache Shiro with Spring MVC AuthorizingRealm @Autowired java.lang.NullPointerException 【发布时间】:2017-11-24 17:21:52 【问题描述】:我正在使用 Spring 版本 4 处理基于 Spring MVC 的应用程序。我正在尝试使用 Apache Shiro 作为安全框架。我已经在我的应用程序中实现了 AuthorizingRealm,但是当我尝试登录时,我得到了 java.lang.NullPointerException 错误。我的代码如下:
@组件
公共类 CustomSecurCustomSecurityRealmityRealm 扩展 AuthorizingRealm
@Autowired
UserService userService;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals)
Set<String> roles = new HashSet<>();
Collection<org.apache.shiro.authz.Permission> permissions = new HashSet<>();
String username = (String) principals.getPrimaryPrincipal();
User user = userService.findByEmail(username);
if (user == null)
throw new UnknownAccountException();
for (Role role : user.getRole())
roles.add(role.getName());
for (Iterator<Permission> iterator = role.getPermissions().iterator(); iterator.hasNext();)
Permission permission = iterator.next();
permissions.add(new WildcardPermission(permission.getName()));
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
authorizationInfo.setRoles(roles);
authorizationInfo.addObjectPermissions(permissions);
return authorizationInfo;
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException
UsernamePasswordToken upat = (UsernamePasswordToken) token;
User user = userService.findByEmail(upat.getUsername());
if (user != null && user.getPasswordHash().equals(new String(upat.getPassword())))
return new SimpleAuthenticationInfo(user, user.getPasswordHash(), getName());
else
throw new AuthenticationException("Invalid username/password!");
@配置如下:
@Bean
public WebSecurityManager securityManager()
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(new CustomSecurityRealm());
return securityManager;
@Bean
public static LifecycleBeanPostProcessor lifecycleBeanPostProcessor()
return new LifecycleBeanPostProcessor();
@Bean
public MethodInvokingFactoryBean methodInvokingFactoryBean()
MethodInvokingFactoryBean methodInvokingFactoryBean = new MethodInvokingFactoryBean();
methodInvokingFactoryBean.setStaticMethod("org.apache.shiro.SecurityUtils.setSecurityManager");
methodInvokingFactoryBean.setArguments(new Object[] securityManager() );
return methodInvokingFactoryBean;
@Bean
@DependsOn(value = "lifecycleBeanPostProcessor")
public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator()
return new DefaultAdvisorAutoProxyCreator();
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor()
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager());
return authorizationAttributeSourceAdvisor;
@Bean
public ShiroFilterFactoryBean shiroFilterBean()
ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
Map<String, String> definitionsMap = new HashMap<>();
definitionsMap.put("/auth/signIn", DefaultFilter.anon.name());
definitionsMap.put("/auth/login", DefaultFilter.anon.name());
definitionsMap.put("/home/index", "authc");
shiroFilter.setFilterChainDefinitionMap(definitionsMap);
shiroFilter.setLoginUrl("/auth/login");
shiroFilter.setSuccessUrl("/home/index");
shiroFilter.setSecurityManager(securityManager());
return shiroFilter;
任何人请帮我解释为什么 UserService userService 得到 null 并抛出 NullPointerException
【问题讨论】:
你的配置类是用@ComponentScan注解的吗?
是的。 @Configuration 类是使用 @ComponentScan("my package") 扫描的
【参考方案1】:
看看 Shiro spring-boot 模块:https://github.com/apache/shiro/tree/master/support/spring-boot/spring-boot-starter/src/main/java/org/apache/shiro/spring/boot/autoconfigure
【讨论】:
以上是关于Apache Shiro 与 Spring MVC AuthorizingRealm @Autowired java.lang.NullPointerException的主要内容,如果未能解决你的问题,请参考以下文章
apache-shiro 的怪事通过 spring-boot 集成到 spring-mvc 中
在Spring MVC中使用Apache Shiro安全框架
Java快速开发平台,基于(Spring Boot、Spring MVC、Apache Shiro、MyBatis、Beetl、Bootstrap、AdminLTE),在线代码生成,包括组织、角色用户