代码之家 › 专栏 › 技术社区 › Christian Vincenzo Traina

被动Spring安全性:身份验证成功后AuthenticationCredentialsNotFoundException

spring-webflux spring-security spring-boot spring java

Christian Vincenzo Traina · 技术社区 · 3 年前

也许我的问题的答案很简单,我遗漏了一些简单的东西,但我已经在互联网上搜索了好几个星期,试图调试这个错误,没有任何进展。

我已经在reactivespring安全配置中注册了一个过滤器,该过滤器在身份验证级别执行,其目的是验证身份验证头中存在的JWT令牌。这就是典型的JWT认证模式。

JWT验证本身工作正常。它能够验证JWT令牌,检查它是否过期、错误、有效等等。这通过打印SecurityContext对象可见:

SecurityContextImpl[Authentication=UsernamePasswordAuthenticationToken[Principal=UserDetailsTo(id=2,username=peppe2,password=null,电子邮件=peppe2@yopmail.com,角色=[ADMIN],isEnabled=true,isLocked=false),凭据=[PROTECTED],Authenticated=true,Details=null,授予的权限=[ADMIN]]

UsernamePasswordAuthenticationToken[Principal=UserDetailsTo(id=2,username=peppe2,password=null,电子邮件=peppe2@yopmail.com,角色=[ADMIN],isEnabled=true,isLocked=false),凭据=[PROTECTED],Authenticated=true,Details=null,授予的权限=[ADMIN]]

但是,无论我在身份验证过滤器之后做什么,我都会收到 AuthenticationCredentialsNotFoundException 在 ServerHttpSecurity

目录svc | 2021-09-13 13:52:41.753错误1---[并行-3] a、 w.r.e.AbstractErrorWebExceptionHandler:[8415b576-2]500 HTTP修补程序的服务器错误“/用户/1” 目录svc| 目录svc | org.springframework.security.authentication.AuthenticationCredentialsNotFoundException:未经验证目录svc |位于org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter.CommercialAuthentication(ExceptionTranslationWebFilter.java:70)~[spring-security-web-5.5.1.jar!/:5.5.1] 目录svc |抑制:reactor.core.publisher.FluxOnAssembly$OnAssemblyException: 在以下地点发现目录svc错误: 目录svc | | |检查点org.springframework.security.web.server.authentication.logout.LogoutWebFilter[DefaultWebFilterChain] 目录svc | | |检查点org.springframework.security.web.server.savedrequest.ServerRequestCacheWebFilter[DefaultWebFilterChain] catalog svc | | |检查点it.polito.ecommerce.catalogservice.security.JwtAuthenticationTokenFilter[DefaultWebFilterChain] 目录svc | | |检查点org.springframework.security.web.server.context.ReactorContextWebFilter[DefaultWebFilterChain] 目录svc | | |检查点org.springframework.security.web.server.header.HttpHeaderWriterWebFilter[DefaultWebFilterChain] 目录svc | | |检查点org.springframework.security.config.web.server.ServerHttpSecurity$ServerWebExchangeActorContextWebFilter[DefaultWebFilterChain] 目录svc | | |检查点org.springframework.security.web.server.WebFilterChainProxy[DefaultWebFilterChain] 目录svc | | |检查点HTTP修补程序“/api/v1/users/1”[例外处理WebHandler] 目录svc |位于org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter.CommercialAuthentication(ExceptionTranslationWebFilter.java:70)~[spring-security-web-5.5.1.jar!/:5.5.1] 目录svc |位于org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter.lambda$filter$1(ExceptionTranslationWebFilter.java:45)~[spring-security-web-5.5.1.jar!/:5.5.1] 目录svc | at reactor.core.publisher.Mono.lambda$onErrorResume$32(Mono.java:3564)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxOnErrorResume$ResumeSubscriber.onError(FluxOnErrorResume.java:94)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.Operators$MultiSubscriptionSubscriber.onError(Operators.java:2062)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.MonoPeekTerminal$MonoTerminalPeekSubscriber.onError(MonoPeekTerminal.java:258)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.MonoPeekTerminal$MonoTerminalPeekSubscriber.onError(MonoPeekTerminal.java:258)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.MonoFlatMap$FlatMapMain.onError(MonoFlatMap.java:172)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.Operators$MultiSubscriptionSubscriber.onError(Operators.java:2062)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.Operators.error(Operators.java:197)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.monoder.subscribe(monoder.java:52)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxSwitchIfEmpty$SwitchIfEmptySubscriber.onComplete(FluxSwitchIfEmpty.java:81)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxFilter$FilterSubscriber.onComplete(FluxFilter.java:166)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.fluxDefaultifEmptySubscriber.onComplete(FluxDefaultIfEmpty.java:106)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.MonoNext$NextSubscriber.onComplete(MonoNext.java:102)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.MonoNext$NextSubscriber.onNext(MonoNext.java:83)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxConcatMap$ConcatMapImmediate.innenext(FluxConcatMap.java:281)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.Operators$MonoSubscriber.complete(Operators.java:1815)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.MonoFlatMap$flatmainner.onNext(MonoFlatMap.java:249)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.Operators$MonoSubscriber.complete(Operators.java:1815)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.fluxDefaultifEmptySubscriber.onComplete(FluxDefaultIfEmpty.java:108)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxFilterFuseable$FilterFuseableSubscriber.onComplete(FluxFilterFuseable.java:171)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.fluxmapfusable$MapFuseableConditionalSubscriber.onComplete(fluxmapfusable.java:344)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxFilterFuseable$FilterFuseTableConditionalSubscriber.onComplete(FluxFilterFuseable.java:391)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.MonoFlatMap$FlatMapMain.onNext(MonoFlatMap.java:148)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxFilterFuseable$FilterFuseableSubscriber.onNext(FluxFilterFuseable.java:118)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.Operators$ScalarSubscription.request(Operators.java:2397)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxFilterFuseable$FilterFuseTableSubscriber.request(FluxFilterFuseable.java:191)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.MonoFlatMap$FlatMapMain.onSubscribe(MonoFlatMap.java:110)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxFilterFuseable$FilterFuseableSubscriber.onSubscribe(FluxFilterFuseable.java:87)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.MonoCurrentContext.subscribe(MonoCurrentContext.java:36)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:64)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.MonoFlatMap$FlatMapMain.onNext(MonoFlatMap.java:157)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxFilterFuseable$FilterFuseableSubscriber.onNext(FluxFilterFuseable.java:118)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.Operators$ScalarSubscription.request(Operators.java:2397)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxFilterFuseable$FilterFuseTableSubscriber.request(FluxFilterFuseable.java:191)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.fluxmapfusable$MapFuseableSubscriber.request(fluxmapfusable.java:169)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.MonoFlatMap$FlatMapMain.onSubscribe(MonoFlatMap.java:110)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.fluxmapfusable$MapFuseableSubscriber.onSubscribe(fluxmapfusable.java:96)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxFilterFuseable$FilterFuseableSubscriber.onSubscribe(FluxFilterFuseable.java:87)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.MonoJust.subscribe(MonoJust.java:54)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.Mono.subscribe(Mono.java:4150)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxConcatMap$ConcatMapImmediate.onSubscribe(FluxConcatMap.java:218)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.fluxitable.subscribe(fluxitable.java:164)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.fluxitable.subscribe(fluxitable.java:86)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.monoder.subscribe(monoder.java:52)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:64)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.monoder.subscribe(monoder.java:52)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.Mono.subscribe(Mono.java:4150)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.MonoIgnoreThen.subscribe(MonoIgnoreThen.java:51)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.Mono.subscribe(Mono.java:4150)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxSwitchIfEmpty$SwitchIfEmptySubscriber.onComplete(FluxSwitchIfEmpty.java:81)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxFilter$FilterSubscriber.onComplete(FluxFilter.java:166)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxPeekFuseable$peek条件subscriber.onComplete(FluxPeekFuseable.java:940)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxSwitchIfEmpty$SwitchIfEmptySubscriber.onComplete(FluxSwitchIfEmpty.java:84)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.Operators$ScalarSubscription.request(Operators.java:2399)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.Operators$MultiSubscriptionSubscriber.set(Operators.java:2193)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.Operators$MultiSubscriptionSubscriber.onSubscribe(Operators.java:2067)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.Mono.subscribe(Mono.java:4150)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxSwitchIfEmpty$SwitchIfEmptySubscriber.onComplete(FluxSwitchIfEmpty.java:81)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.MonoNext$NextSubscriber.onComplete(MonoNext.java:102)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxFilter$FilterSubscriber.onComplete(FluxFilter.java:166)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.FluxFlatMap$FlatMapMain.checkTerminated(FluxFlatMap.java:846)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.FluxFlatMap$FlatMapMain.drainLoop(FluxFlatMap.java:608)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.FluxFlatMap$FlatMapMain.drain(FluxFlatMap.java:588)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxFlatMap$FlatMapMain.onComplete(FluxFlatMap.java:465)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxPeekFuseable$PeekFuseableSubscriber.onComplete(FluxPeekFuseable.java:277)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.fluxitable$IterableSubscription.request(fluxitable.java:228)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxPeekFuseable$PeekFuseableSubscriber.request(FluxPeekFuseable.java:144)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxFlatMap$FlatMapMain.onSubscribe(FluxFlatMap.java:371)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxPeekFuseable$PeekFuseableSubscriber.onSubscribe(FluxPeekFuseable.java:178)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.fluxitable.subscribe(fluxitable.java:164)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:64)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.MonoFlatMap$FlatMapMain.onNext(MonoFlatMap.java:157)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.Operators$MonoSubscriber.complete(Operators.java:1815)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.fluxDefaultifEmptySubscriber.onComplete(FluxDefaultIfEmpty.java:108)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxMap$MapSubscriber.onComplete(FluxMap.java:142)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxMap$MapSubscriber.onComplete(FluxMap.java:142)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxFilter$FilterSubscriber.onComplete(FluxFilter.java:166)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxMap$MapConditionalSubscriber.onComplete(FluxMap.java:269)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.Operators$MonoSubscriber.complete(Operators.java:1816)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.MonoCacheTime$CoordinatorSubscriber.signalCached(MonoCacheTime.java:337)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.MonoCacheTime$CoordinatorSubscriber.onNext(MonoCacheTime.java:354)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.FluxPeek$PeekSubscriber.onNext(FluxPeek.java:199)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.MonoPublishOn$PublishOnSubscriber.run(MonoPublishOn.java:181)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.scheduler.SchedulerTask.call(SchedulerTask.java:68)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.scheduler.SchedulerTask.call(SchedulerTask.java:28)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于java.base/java.util.concurrent.FutureTask.run(未知源)~[na:na] 目录svc |位于java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(未知源)~[na:na] 目录svc |位于java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(未知源)~[na:na] 目录svc |位于java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(未知源)~[na:na] 目录svc |位于java.base/java.lang.Thread.run(未知源)~[na:na] 目录svc |位于org.springframework.security.authorization.ReactiveAuthorizationManager.lambda$verify$0(ReactiveAuthorizationManager.java:53)~[spring-security-core-5.5.1.jar!/:5.5.1] 目录svc |抑制:reactor.core.publisher.FluxOnAssembly$OnAssemblyException: 在以下地点发现目录svc错误: 目录svc |堆栈跟踪: 目录svc |位于org.springframework.security.authorization.ReactiveAuthorizationManager.lambda$verify$0(ReactiveAuthorizationManager.java:53)~[spring-security-core-5.5.1.jar!/:5.5.1] 目录svc位于reactor.core.publisher.monoder.subscribe(monoder.java:44)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxFilter$FilterSubscriber.onComplete(FluxFilter.java:166)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.fluxDefaultifEmptySubscriber.onComplete(FluxDefaultIfEmpty.java:106)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.MonoNext$NextSubscriber.onComplete(MonoNext.java:102)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxConcatMap$ConcatMapImmediate.innenext(FluxConcatMap.java:281)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxConcatMap$ConcatMapInner.onNext(FluxConcatMap.java:860)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.Operators$MonoSubscriber.complete(Operators.java:1815)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.MonoFlatMap$flatmainner.onNext(MonoFlatMap.java:249)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.Operators$MonoSubscriber.complete(Operators.java:1815)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.fluxDefaultifEmptySubscriber.onComplete(FluxDefaultIfEmpty.java:108)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.fluxmapfusable$MapFuseableSubscriber.onComplete(fluxmapfusable.java:150)~[reactor-core-3.4.7.jar!/:3.4.7]

以下是SecurityConfig:

@Bean
    fun springSecurityFilterChain(
        http: ServerHttpSecurity,
        authManager: ReactiveAuthenticationManager?
    ): SecurityWebFilterChain {

        return http
            .exceptionHandling()
            .authenticationEntryPoint { swe, e ->
                // The error is caught here
                Mono.fromRunnable {
                    swe.response.statusCode = HttpStatus.UNAUTHORIZED
                    throw e
                }
            }.accessDeniedHandler { swe, e ->
                Mono.fromRunnable {
                    swe.response.statusCode = HttpStatus.FORBIDDEN
                    throw e
                }
            }.and()
            .addFilterBefore(
                jwtAuthenticationTokenFilter,
                SecurityWebFiltersOrder.AUTHENTICATION)
            .cors()
            .and()
            .csrf().disable()
            .securityContextRepository(NoOpServerSecurityContextRepository.getInstance())
            .authorizeExchange()
            .pathMatchers("/auth/**").permitAll()
            .anyExchange().authenticated()
            .and().build()
}

最后,jwt过滤器:

@Component
class JwtAuthenticationTokenFilter(
    private val jwtUtils: JwtUtils,
    @Value("\${application.jwt.jwtHeader}") private val jwtHeader: String,
    @Value("\${application.jwt.jwtHeaderStart}") private val jwtHeaderStart: String
) : WebFilter {

    override fun filter(exchange: ServerWebExchange, chain: WebFilterChain): Mono<Void> {
        val authorizationHeader= exchange.request.headers[jwtHeader]?.get(0)
        if (authorizationHeader != null) {
            val jwt = authorizationHeader.removePrefix("$jwtHeaderStart ")

            if (jwtUtils.validateJwtToken(jwt)) {
                val detailsFromJwtToken = jwtUtils.getDetailsFromJwtToken(jwt)
                val authentication = UsernamePasswordAuthenticationToken(
                    detailsFromJwtToken,
                    null,
                    detailsFromJwtToken.authorities
                )
                ReactiveSecurityContextHolder.withAuthentication(authentication)
            }
        }
        return chain.filter(exchange)
    }
}

我的问题是:我如何解决这个问题?如果你不能帮我解决这个问题,你知道有什么方法可以改进Spring中的stacktrace吗?因为我没有得到任何调试的提示。

0 回复 | 直到 3 年前