代码之家  ›  专栏  ›  技术社区  ›  Christian Vincenzo Traina

被动Spring安全性:身份验证成功后AuthenticationCredentialsNotFoundException

  •  0
  • Christian Vincenzo Traina  · 技术社区  · 3 年前

    也许我的问题的答案很简单,我遗漏了一些简单的东西,但我已经在互联网上搜索了好几个星期,试图调试这个错误,没有任何进展。

    我已经在reactivespring安全配置中注册了一个过滤器,该过滤器在身份验证级别执行,其目的是验证身份验证头中存在的JWT令牌。这就是典型的JWT认证模式。

    JWT验证本身工作正常。它能够验证JWT令牌,检查它是否过期、错误、有效等等。这通过打印SecurityContext对象可见:

    SecurityContextImpl[Authentication=UsernamePasswordAuthenticationToken[Principal=UserDetailsTo(id=2,username=peppe2,password=null,电子邮件=peppe2@yopmail.com,角色=[ADMIN],isEnabled=true,isLocked=false),凭据=[PROTECTED],Authenticated=true,Details=null,授予的权限=[ADMIN]]

    UsernamePasswordAuthenticationToken[Principal=UserDetailsTo(id=2,username=peppe2,password=null,电子邮件=peppe2@yopmail.com,角色=[ADMIN],isEnabled=true,isLocked=false),凭据=[PROTECTED],Authenticated=true,Details=null,授予的权限=[ADMIN]]

    但是,无论我在身份验证过滤器之后做什么,我都会收到 AuthenticationCredentialsNotFoundException ServerHttpSecurity

    目录svc | 2021-09-13 13:52:41.753错误1---[并行-3] a、 w.r.e.AbstractErrorWebExceptionHandler:[8415b576-2]500 HTTP修补程序的服务器错误“/用户/1” 目录svc| 目录svc | org.springframework.security.authentication.AuthenticationCredentialsNotFoundException:未经验证 目录svc |位于org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter.CommercialAuthentication(ExceptionTranslationWebFilter.java:70)~[spring-security-web-5.5.1.jar!/:5.5.1] 目录svc |抑制:reactor.core.publisher.FluxOnAssembly$OnAssemblyException: 在以下地点发现目录svc错误: 目录svc | | |检查点org.springframework.security.web.server.authentication.logout.LogoutWebFilter[DefaultWebFilterChain] 目录svc | | |检查点org.springframework.security.web.server.savedrequest.ServerRequestCacheWebFilter[DefaultWebFilterChain] catalog svc | | |检查点it.polito.ecommerce.catalogservice.security.JwtAuthenticationTokenFilter[DefaultWebFilterChain] 目录svc | | |检查点org.springframework.security.web.server.context.ReactorContextWebFilter[DefaultWebFilterChain] 目录svc | | |检查点‡org.springframework.security.web.server.header.HttpHeaderWriterWebFilter[DefaultWebFilterChain] 目录svc | | |检查点org.springframework.security.config.web.server.ServerHttpSecurity$ServerWebExchangeActorContextWebFilter[DefaultWebFilterChain] 目录svc | | |检查点org.springframework.security.web.server.WebFilterChainProxy[DefaultWebFilterChain] 目录svc | | |检查点HTTP修补程序“/api/v1/users/1”[例外处理WebHandler] 目录svc |位于org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter.CommercialAuthentication(ExceptionTranslationWebFilter.java:70)~[spring-security-web-5.5.1.jar!/:5.5.1] 目录svc |位于org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter.lambda$filter$1(ExceptionTranslationWebFilter.java:45)~[spring-security-web-5.5.1.jar!/:5.5.1] 目录svc | at reactor.core.publisher.Mono.lambda$onErrorResume$32(Mono.java:3564)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxOnErrorResume$ResumeSubscriber.onError(FluxOnErrorResume.java:94)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.Operators$MultiSubscriptionSubscriber.onError(Operators.java:2062)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.MonoPeekTerminal$MonoTerminalPeekSubscriber.onError(MonoPeekTerminal.java:258)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.MonoPeekTerminal$MonoTerminalPeekSubscriber.onError(MonoPeekTerminal.java:258)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.MonoFlatMap$FlatMapMain.onError(MonoFlatMap.java:172)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.Operators$MultiSubscriptionSubscriber.onError(Operators.java:2062)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.Operators.error(Operators.java:197)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.monoder.subscribe(monoder.java:52)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxSwitchIfEmpty$SwitchIfEmptySubscriber.onComplete(FluxSwitchIfEmpty.java:81)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxFilter$FilterSubscriber.onComplete(FluxFilter.java:166)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.fluxDefaultifEmptySubscriber.onComplete(FluxDefaultIfEmpty.java:106)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.MonoNext$NextSubscriber.onComplete(MonoNext.java:102)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.MonoNext$NextSubscriber.onNext(MonoNext.java:83)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxConcatMap$ConcatMapImmediate.innenext(FluxConcatMap.java:281)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.Operators$MonoSubscriber.complete(Operators.java:1815)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.MonoFlatMap$flatmainner.onNext(MonoFlatMap.java:249)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.Operators$MonoSubscriber.complete(Operators.java:1815)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.fluxDefaultifEmptySubscriber.onComplete(FluxDefaultIfEmpty.java:108)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxFilterFuseable$FilterFuseableSubscriber.onComplete(FluxFilterFuseable.java:171)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.fluxmapfusable$MapFuseableConditionalSubscriber.onComplete(fluxmapfusable.java:344)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxFilterFuseable$FilterFuseTableConditionalSubscriber.onComplete(FluxFilterFuseable.java:391)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.MonoFlatMap$FlatMapMain.onNext(MonoFlatMap.java:148)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxFilterFuseable$FilterFuseableSubscriber.onNext(FluxFilterFuseable.java:118)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.Operators$ScalarSubscription.request(Operators.java:2397)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxFilterFuseable$FilterFuseTableSubscriber.request(FluxFilterFuseable.java:191)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.MonoFlatMap$FlatMapMain.onSubscribe(MonoFlatMap.java:110)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxFilterFuseable$FilterFuseableSubscriber.onSubscribe(FluxFilterFuseable.java:87)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.MonoCurrentContext.subscribe(MonoCurrentContext.java:36)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:64)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.MonoFlatMap$FlatMapMain.onNext(MonoFlatMap.java:157)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxFilterFuseable$FilterFuseableSubscriber.onNext(FluxFilterFuseable.java:118)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.Operators$ScalarSubscription.request(Operators.java:2397)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxFilterFuseable$FilterFuseTableSubscriber.request(FluxFilterFuseable.java:191)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.fluxmapfusable$MapFuseableSubscriber.request(fluxmapfusable.java:169)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.MonoFlatMap$FlatMapMain.onSubscribe(MonoFlatMap.java:110)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.fluxmapfusable$MapFuseableSubscriber.onSubscribe(fluxmapfusable.java:96)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxFilterFuseable$FilterFuseableSubscriber.onSubscribe(FluxFilterFuseable.java:87)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.MonoJust.subscribe(MonoJust.java:54)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.Mono.subscribe(Mono.java:4150)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxConcatMap$ConcatMapImmediate.onSubscribe(FluxConcatMap.java:218)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.fluxitable.subscribe(fluxitable.java:164)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.fluxitable.subscribe(fluxitable.java:86)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.monoder.subscribe(monoder.java:52)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:64)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.monoder.subscribe(monoder.java:52)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.Mono.subscribe(Mono.java:4150)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.MonoIgnoreThen.subscribe(MonoIgnoreThen.java:51)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.Mono.subscribe(Mono.java:4150)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxSwitchIfEmpty$SwitchIfEmptySubscriber.onComplete(FluxSwitchIfEmpty.java:81)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxFilter$FilterSubscriber.onComplete(FluxFilter.java:166)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxPeekFuseable$peek条件subscriber.onComplete(FluxPeekFuseable.java:940)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxSwitchIfEmpty$SwitchIfEmptySubscriber.onComplete(FluxSwitchIfEmpty.java:84)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.Operators$ScalarSubscription.request(Operators.java:2399)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.Operators$MultiSubscriptionSubscriber.set(Operators.java:2193)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.Operators$MultiSubscriptionSubscriber.onSubscribe(Operators.java:2067)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.Mono.subscribe(Mono.java:4150)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxSwitchIfEmpty$SwitchIfEmptySubscriber.onComplete(FluxSwitchIfEmpty.java:81)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.MonoNext$NextSubscriber.onComplete(MonoNext.java:102)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxFilter$FilterSubscriber.onComplete(FluxFilter.java:166)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.FluxFlatMap$FlatMapMain.checkTerminated(FluxFlatMap.java:846)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.FluxFlatMap$FlatMapMain.drainLoop(FluxFlatMap.java:608)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.FluxFlatMap$FlatMapMain.drain(FluxFlatMap.java:588)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxFlatMap$FlatMapMain.onComplete(FluxFlatMap.java:465)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxPeekFuseable$PeekFuseableSubscriber.onComplete(FluxPeekFuseable.java:277)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.fluxitable$IterableSubscription.request(fluxitable.java:228)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxPeekFuseable$PeekFuseableSubscriber.request(FluxPeekFuseable.java:144)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxFlatMap$FlatMapMain.onSubscribe(FluxFlatMap.java:371)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxPeekFuseable$PeekFuseableSubscriber.onSubscribe(FluxPeekFuseable.java:178)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.fluxitable.subscribe(fluxitable.java:164)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:64)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.MonoFlatMap$FlatMapMain.onNext(MonoFlatMap.java:157)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.Operators$MonoSubscriber.complete(Operators.java:1815)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.fluxDefaultifEmptySubscriber.onComplete(FluxDefaultIfEmpty.java:108)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxMap$MapSubscriber.onComplete(FluxMap.java:142)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxMap$MapSubscriber.onComplete(FluxMap.java:142)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxFilter$FilterSubscriber.onComplete(FluxFilter.java:166)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxMap$MapConditionalSubscriber.onComplete(FluxMap.java:269)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.Operators$MonoSubscriber.complete(Operators.java:1816)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.MonoCacheTime$CoordinatorSubscriber.signalCached(MonoCacheTime.java:337)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.MonoCacheTime$CoordinatorSubscriber.onNext(MonoCacheTime.java:354)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.FluxPeek$PeekSubscriber.onNext(FluxPeek.java:199)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.MonoPublishOn$PublishOnSubscriber.run(MonoPublishOn.java:181)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.scheduler.SchedulerTask.call(SchedulerTask.java:68)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.scheduler.SchedulerTask.call(SchedulerTask.java:28)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于java.base/java.util.concurrent.FutureTask.run(未知源)~[na:na] 目录svc |位于java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(未知源)~[na:na] 目录svc |位于java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(未知源)~[na:na] 目录svc |位于java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(未知源)~[na:na] 目录svc |位于java.base/java.lang.Thread.run(未知源)~[na:na] 目录svc |位于org.springframework.security.authorization.ReactiveAuthorizationManager.lambda$verify$0(ReactiveAuthorizationManager.java:53)~[spring-security-core-5.5.1.jar!/:5.5.1] 目录svc |抑制:reactor.core.publisher.FluxOnAssembly$OnAssemblyException: 在以下地点发现目录svc错误: 目录svc |堆栈跟踪: 目录svc |位于org.springframework.security.authorization.ReactiveAuthorizationManager.lambda$verify$0(ReactiveAuthorizationManager.java:53)~[spring-security-core-5.5.1.jar!/:5.5.1] 目录svc位于reactor.core.publisher.monoder.subscribe(monoder.java:44)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxFilter$FilterSubscriber.onComplete(FluxFilter.java:166)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.fluxDefaultifEmptySubscriber.onComplete(FluxDefaultIfEmpty.java:106)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.MonoNext$NextSubscriber.onComplete(MonoNext.java:102)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxConcatMap$ConcatMapImmediate.innenext(FluxConcatMap.java:281)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.FluxConcatMap$ConcatMapInner.onNext(FluxConcatMap.java:860)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.Operators$MonoSubscriber.complete(Operators.java:1815)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc位于reactor.core.publisher.MonoFlatMap$flatmainner.onNext(MonoFlatMap.java:249)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc | at reactor.core.publisher.Operators$MonoSubscriber.complete(Operators.java:1815)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.fluxDefaultifEmptySubscriber.onComplete(FluxDefaultIfEmpty.java:108)~[reactor-core-3.4.7.jar!/:3.4.7] 目录svc |位于reactor.core.publisher.fluxmapfusable$MapFuseableSubscriber.onComplete(fluxmapfusable.java:150)~[reactor-core-3.4.7.jar!/:3.4.7]

    以下是SecurityConfig:

    @Bean
        fun springSecurityFilterChain(
            http: ServerHttpSecurity,
            authManager: ReactiveAuthenticationManager?
        ): SecurityWebFilterChain {
    
            return http
                .exceptionHandling()
                .authenticationEntryPoint { swe, e ->
                    // The error is caught here
                    Mono.fromRunnable {
                        swe.response.statusCode = HttpStatus.UNAUTHORIZED
                        throw e
                    }
                }.accessDeniedHandler { swe, e ->
                    Mono.fromRunnable {
                        swe.response.statusCode = HttpStatus.FORBIDDEN
                        throw e
                    }
                }.and()
                .addFilterBefore(
                    jwtAuthenticationTokenFilter,
                    SecurityWebFiltersOrder.AUTHENTICATION)
                .cors()
                .and()
                .csrf().disable()
                .securityContextRepository(NoOpServerSecurityContextRepository.getInstance())
                .authorizeExchange()
                .pathMatchers("/auth/**").permitAll()
                .anyExchange().authenticated()
                .and().build()
    }
    

    最后,jwt过滤器:

    @Component
    class JwtAuthenticationTokenFilter(
        private val jwtUtils: JwtUtils,
        @Value("\${application.jwt.jwtHeader}") private val jwtHeader: String,
        @Value("\${application.jwt.jwtHeaderStart}") private val jwtHeaderStart: String
    ) : WebFilter {
    
        override fun filter(exchange: ServerWebExchange, chain: WebFilterChain): Mono<Void> {
            val authorizationHeader= exchange.request.headers[jwtHeader]?.get(0)
            if (authorizationHeader != null) {
                val jwt = authorizationHeader.removePrefix("$jwtHeaderStart ")
    
                if (jwtUtils.validateJwtToken(jwt)) {
                    val detailsFromJwtToken = jwtUtils.getDetailsFromJwtToken(jwt)
                    val authentication = UsernamePasswordAuthenticationToken(
                        detailsFromJwtToken,
                        null,
                        detailsFromJwtToken.authorities
                    )
                    ReactiveSecurityContextHolder.withAuthentication(authentication)
                }
            }
            return chain.filter(exchange)
        }
    }
    

    我的问题是:我如何解决这个问题?如果你不能帮我解决这个问题,你知道有什么方法可以改进Spring中的stacktrace吗?因为我没有得到任何调试的提示。

    0 回复  |  直到 3 年前