Spring Security 3.1 + JPA - 空指针异常

Posted 2023-02-27

【中文标题】Spring Security 3.1 + JPA - 空指针异常

【英文标题】：Spring Security 3.1 + JPA - Null pointer exception

【发布时间】：2012-09-30 03:43:50

【问题描述】：

我是 Spring 新手，面临 Spring Security 的问题。

我正在尝试实现自定义 UserDetailsS​​ervice 以进行用户检索，并在访问 UserService 对象时获取空指针异常。我正在自动装配这个对象。在其他 Controller 和 Service 方法上完成时，自动装配工作正常，但由于某种原因，它在这里不起作用，因此当访问自动装配对象（UserService）时，我得到空指针异常。

非常感谢您对此的帮助。

异常堆栈跟踪：

java.lang.NullPointerException
java.lang.NullPointerException
at com.contact.list.service.CustomUserDetailsService.loadUserByUsername(CustomUserDetailsService.java:37)
at org.springframework.security.authentication.dao.DaoAuthenticationProvider.retrieveUser(DaoAuthenticationProvider.java:81)
at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:132)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:194)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at com.springsource.insight.collection.tcserver.request.HttpRequestOperationCollectionValve.invoke(HttpRequestOperationCollectionValve.java:88)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1001)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:722)

CustomUserDetailsS​​ervice 类：

    package com.contact.list.service;

import java.util.ArrayList;
import java.util.Collection;
import java.util.List;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Configurable;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.context.support.GenericXmlApplicationContext;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Repository;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

import com.contact.list.form.Role;
import com.contact.list.repository.UserRepository;

@Service
@Transactional(readOnly = true)
public class CustomUserDetailsService implements UserDetailsService 

@Autowired
private UserService userService;


public UserDetails loadUserByUsername(String username)
        throws UsernameNotFoundException 

    try
        com.contact.list.form.User domainuser =     userService.findByUsername(username);


        boolean enabled = true;
        boolean accountNonExpired = true;
        boolean credentialsNonExpired = true;
        boolean accountNonLocked = true;

        return new User(domainuser.getUsername(),
                        domainuser.getPassword().toLowerCase(),
                        enabled,accountNonExpired,
                        credentialsNonExpired,
                        accountNonLocked,
                        getAuthorities(domainuser.getRoles())
                );


    catch (Exception e)
        System.out.println(e);
        e.printStackTrace();
        throw new RuntimeException(e);
    




public Collection<? extends GrantedAuthority> getAuthorities(List<Role> roles)

    List<GrantedAuthority> authList = getGrantedAuthorities(getroles(roles));
    return authList;


public static List<GrantedAuthority> getGrantedAuthorities(List<String> userroles)

    List<GrantedAuthority> authorities  = new ArrayList<GrantedAuthority>();
    for(String userrole:userroles)
        authorities.add(new SimpleGrantedAuthority(userrole));
    
    return authorities;


public List<String> getroles(List<Role> roles)

    List<String> userroles = new ArrayList<String>();

    for (Role role : roles)

     if(role.getRole() == 1)
         userroles.add("ROLE_USER");
     
     if(role.getRole() == 2)
         userroles.add("ROLE_ADMIN");
     

    

    return userroles;

用户服务接口：

    package com.contact.list.service;

import java.util.List;

import com.contact.list.form.Contact;
import com.contact.list.form.User;

public interface UserService 

public List<User> findAll();

public void save(User user);

public User findByUsername(String username);

UserService 实现类：

    package com.contact.list.service;

    import java.util.List;

    import org.springframework.beans.factory.annotation.Autowired;
    import org.springframework.stereotype.Repository;
    import org.springframework.stereotype.Service;
    import org.springframework.transaction.annotation.Transactional;

    import com.contact.list.form.Contact;
    import com.contact.list.form.User;
    import com.contact.list.repository.UserRepository;
    import com.google.common.collect.Lists;


    @Service
    @Repository
    @Transactional
    public class UserServiceImpl implements UserService 

@Autowired
private UserRepository userrepository;

public void save(User user) 

    userrepository.save(user);


@Transactional(readOnly=true)
public List<User> findAll() 
    return Lists.newArrayList(userrepository.findAll());


public User findByUsername(String username)

    return userrepository.findByUsername(username);



    

用户存储库：

    package com.contact.list.repository;

import org.springframework.data.repository.CrudRepository;

import com.contact.list.form.User;

public interface UserRepository extends CrudRepository<User, Long> 

User findByUsername(String username);

用户类别：

    package com.contact.list.form;

import java.util.ArrayList;
import java.util.List;

import javax.persistence.CascadeType;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.Id;
import javax.persistence.OneToMany;
import javax.persistence.Table;


@Entity
@Table(name = "USER_TBL")
public class User 



@Column(name = "FIRST_NAME")
private String firstName;

@Column(name = "LAST_NAME")
private String lastName;

@Column(name = "EMAIL")
private String email;

@Id
@Column(name = "USERID")
private String username;

@Column(name = "PASSWORD")
private String password;

@OneToMany(mappedBy = "user", cascade = CascadeType.ALL)
private List<Role> roles = new ArrayList<Role>();


public String getFirstName() 
    return firstName;

public void setFirstName(String firstName) 
    this.firstName = firstName;

public String getLastName() 
    return lastName;

public void setLastName(String lastName) 
    this.lastName = lastName;

public String getUsername() 
    return username;

public void setUsername(String username) 
    this.username = username;

public String getPassword() 
    return password;

public void setPassword(String password) 
    this.password = password;

public String getEmail() 
    return email;

public void setEmail(String email) 
    this.email = email;

public List<Role> getRoles() 
    return roles;

public void setRoles(List<Role> roles) 
    this.roles = roles;

web.xml：

<!-- Spring Security Configuration --> 
<filter>
  <filter-name>springSecurityFilterChain</filter-name>
  <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
  <filter-name>springSecurityFilterChain</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

<!-- The definition of the Root Spring Container shared by all Servlets and Filters -->
<context-param>
   <param-name>contextConfigLocation</param-name>
   <param-value>
     /WEB-INF/spring/root-context.xml
     /WEB-INF/spring-security.xml
   </param-value>
</context-param>


<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<!-- Processes application requests -->
<servlet>
    <servlet-name>appServlet</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
       <init-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
           /WEB-INF/spring/appServlet/servlet-context.xml
        </param-value>
       </init-param>
    <load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>appServlet</servlet-name>
    <url-pattern>/</url-pattern>
</servlet-mapping>

servlet-context.xml：

<!-- DispatcherServlet Context: defines this servlet's request-processing infrastructure -->

<!-- Enables the Spring MVC @Controller programming model -->
<annotation-driven />

<!-- Handles HTTP GET requests for /resources/** by efficiently serving up static resources in the $webappRoot/resources directory -->
<resources mapping="/resources/**" location="/resources/" />

<interceptors>
    <beans:bean class="org.springframework.web.servlet.theme.ThemeChangeInterceptor"/>
</interceptors>

<beans:bean id="themeSource" class="org.springframework.ui.context.support.ResourceBundleThemeSource"/>

<beans:bean id="themeResolver" class="org.springframework.web.servlet.theme.CookieThemeResolver"/>




<!-- Resolves views selected for rendering by @Controllers to .jsp resources in the /WEB-INF/views directory -->
<beans:bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
    <beans:property name="prefix" value="/WEB-INF/views/" />
    <beans:property name="suffix" value=".jsp" />
    <beans:property name="requestContextAttribute" value="requestContext"/>
</beans:bean>

<context:component-scan base-package="com.contact.list" />

<beans:bean id = "myDataSource" class = "org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
    <beans:property name="driverClassName" value = "org.postgresql.Driver"/>
    <beans:property name="url" value = "jdbc:postgresql://localhost:5432/hibernatedb"/>
    <beans:property name="username" value = "postgres"/>
    <beans:property name="password" value = "password"/>
</beans:bean>


 <!-- JPA Config -->

 <beans:bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager">
    <beans:property name="entityManagerFactory" ref="emf"/>
 </beans:bean>

 <tx:annotation-driven transaction-manager="transactionManager" />

 <beans:bean id = "emf" class = "org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
   <beans:property name = "dataSource" ref = "myDataSource"/>
   <beans:property name = "jpaVendorAdapter">
     <beans:bean class = "org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter"/>
   </beans:property>
   <beans:property name = "packagesToScan" value = "com.contact.list.form" />
   <beans:property name="jpaProperties">
     <beans:props>
      <beans:prop key="hibernate.dialect">org.hibernate.dialect.PostgreSQLDialect</beans:prop>
      <beans:prop key = "hibernate.show_sql">true</beans:prop>
      <beans:prop key="hibernate.hbm2ddl.auto">update</beans:prop>
     </beans:props>
   </beans:property>
 </beans:bean>

 <beans:bean id = "passwordEncoder" class = "org.springframework.security.authentication.encoding.Md5PasswordEncoder"/>



 <context:annotation-config/>

 <!-- JPA Config -->

 <!-- JPA Repository Abstraction Config -->

 <jpa:repositories base-package="com.contact.list.repository"  entity-manager-factory-ref="emf" transaction-manager-ref="transactionManager"/>

spring-security.xml

 <http auto-config="true" use-expressions="true">
 <intercept-url pattern="/home*" access="hasRole('ROLE_USER')"/>
     <form-login login-page="/login" default-target-url="/home" authentication-failure-url="/loginfailed" />
     <logout logout-success-url="/logout" />
     </http>


     <authentication-manager>
     <authentication-provider user-service-ref = "customUserDetailsService">
     <password-encoder ref = "passwordEncoder"/>
     </authentication-provider>
     </authentication-manager>

     <beans:bean id="customUserDetailsService" class="com.contact.list.service.CustomUserDetailsService"/>

     <beans:bean id = "passwordEncoder" class = "org.springframework.security.authentication.encoding.Md5PasswordEncoder"/>

     </beans:beans>

【问题讨论】：

@Autowired 是否在您的应用程序的任何其他部分工作？您的 XML 中有 <context:component-scan/> 或 <context:annotation-config/> 吗？

也许您的“UserService”bean 是在子 ApplicationContext (servlet-context.xml) 中定义的，而 spring-security.xml 是在父 ApplicationContext 中加载的（又名根上下文，由 ContextLoaderListener 加载）跨度>

@Tomasz Nurkiewicz：是的，Autowire 正在应用程序的其他部分工作。我的 xml 中确实有以下内容： -> 所有 mypackages 都在其中。是的，我的 xml 中也有 。

@Luciano：这就是我在 web.xml 中定义的方式：appServletorg.springframework.web.servlet .DispatcherServletcontextConfigLocation /WEB-INF/spring/appServlet/servlet-context.xml 1 所以我假设一切都来自 servlet-context.xml。正如我所说，我是春天的新手，所以如果我错了，请纠正我。谢谢。

如果将所有内容从 及以下，从 servlet-context.xml 移动到 root-context.xml 的想法是您的根上下文定义了数据源、jpa 和服务的 bean，而 servlet 上下文处理控制器和视图。 servlet 上下文可以访问在根上下文中创建的 bean。

【参考方案1】：

所以，把它写成一个答案，这里发生的事情是，在一个典型的 Spring Web 应用程序中，你有属于Spring MVC Servlet。

这个在web.xml中定义为/WEB-INF/spring/appServlet/servlet-context.xml。

另一方面，Spring Security Filter 不能访问这样的上下文，它只能访问根上下文。 根上下文加载了 ContextLoaderListener 和定义在以下位置的 bean：

<param-value>
     /WEB-INF/spring/root-context.xml
     /WEB-INF/spring-security.xml
</param-value>

定义了根上下文后，Servlet 上下文被构建为根上下文的子级。这使得 Servlet 上下文能够访问位于其父级中的 bean，但其他方式是不可能的。

然后，作为数据源的基本 bean、持久性系统 (JPA) 和服务在 Servlet 上下文中定义。安全系统试图访问服务 bean（用户服务）但没有成功，因为该服务位于 Servlet 上下文而不是根上下文（Spring Security 所在的位置）中，因此出现空指针异常。

解决方案：将 Datasource、JPA 和 Services bean 移动到根上下文，并将 Servlet 上下文留给 Spring MVC 控制器和视图。

【讨论】：

评论：在 Servlet 3.0 中，您可以使用 Java 而不是 web.xml 文件来定义您的 Servlet 和过滤器，您可以将所有内容放在一个应用程序上下文中。

【参考方案2】：

您应该从 UserServiceImpl 类中删除 @Repository 注释。否则 Spring 会尝试两次实例化 bean（因为 @Service 和 @Repository 注释）...

@Service
@Repository
@Transactional
public class UserServiceImpl implements UserService