也许我的问题的答案很简单,我遗漏了一些简单的东西,但我已经在互联网上搜索了好几个星期,试图调试这个错误,没有任何进展。
我已经在reactivespring安全配置中注册了一个过滤器,该过滤器在身份验证级别执行,其目的是验证身份验证头中存在的JWT令牌。这就是典型的JWT认证模式。
JWT验证本身工作正常。它能够验证JWT令牌,检查它是否过期、错误、有效等等。这通过打印SecurityContext对象可见:
SecurityContextImpl[Authentication=UsernamePasswordAuthenticationToken[Principal=UserDetailsTo(id=2,username=peppe2,password=null,电子邮件=peppe2@yopmail.com,角色=[ADMIN],isEnabled=true,isLocked=false),凭据=[PROTECTED],Authenticated=true,Details=null,授予的权限=[ADMIN]]
UsernamePasswordAuthenticationToken[Principal=UserDetailsTo(id=2,username=peppe2,password=null,电子邮件=peppe2@yopmail.com,角色=[ADMIN],isEnabled=true,isLocked=false),凭据=[PROTECTED],Authenticated=true,Details=null,授予的权限=[ADMIN]]
但是,无论我在身份验证过滤器之后做什么,我都会收到
AuthenticationCredentialsNotFoundException
在
ServerHttpSecurity
目录svc | 2021-09-13 13:52:41.753错误1---[并行-3]
a、 w.r.e.AbstractErrorWebExceptionHandler:[8415b576-2]500 HTTP修补程序的服务器错误“/用户/1”
目录svc|
目录svc | org.springframework.security.authentication.AuthenticationCredentialsNotFoundException:未经验证
目录svc |位于org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter.CommercialAuthentication(ExceptionTranslationWebFilter.java:70)~[spring-security-web-5.5.1.jar!/:5.5.1]
目录svc |抑制:reactor.core.publisher.FluxOnAssembly$OnAssemblyException:
在以下地点发现目录svc错误:
目录svc | | |检查点org.springframework.security.web.server.authentication.logout.LogoutWebFilter[DefaultWebFilterChain]
目录svc | | |检查点org.springframework.security.web.server.savedrequest.ServerRequestCacheWebFilter[DefaultWebFilterChain]
catalog svc | | |检查点it.polito.ecommerce.catalogservice.security.JwtAuthenticationTokenFilter[DefaultWebFilterChain]
目录svc | | |检查点org.springframework.security.web.server.context.ReactorContextWebFilter[DefaultWebFilterChain]
目录svc | | |检查点org.springframework.security.web.server.header.HttpHeaderWriterWebFilter[DefaultWebFilterChain]
目录svc | | |检查点org.springframework.security.config.web.server.ServerHttpSecurity$ServerWebExchangeActorContextWebFilter[DefaultWebFilterChain]
目录svc | | |检查点org.springframework.security.web.server.WebFilterChainProxy[DefaultWebFilterChain]
目录svc | | |检查点HTTP修补程序“/api/v1/users/1”[例外处理WebHandler]
目录svc |位于org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter.CommercialAuthentication(ExceptionTranslationWebFilter.java:70)~[spring-security-web-5.5.1.jar!/:5.5.1]
目录svc |位于org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter.lambda$filter$1(ExceptionTranslationWebFilter.java:45)~[spring-security-web-5.5.1.jar!/:5.5.1]
目录svc | at reactor.core.publisher.Mono.lambda$onErrorResume$32(Mono.java:3564)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.FluxOnErrorResume$ResumeSubscriber.onError(FluxOnErrorResume.java:94)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc位于reactor.core.publisher.Operators$MultiSubscriptionSubscriber.onError(Operators.java:2062)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc | at reactor.core.publisher.MonoPeekTerminal$MonoTerminalPeekSubscriber.onError(MonoPeekTerminal.java:258)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc | at reactor.core.publisher.MonoPeekTerminal$MonoTerminalPeekSubscriber.onError(MonoPeekTerminal.java:258)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc | at reactor.core.publisher.MonoFlatMap$FlatMapMain.onError(MonoFlatMap.java:172)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc位于reactor.core.publisher.Operators$MultiSubscriptionSubscriber.onError(Operators.java:2062)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc | at reactor.core.publisher.Operators.error(Operators.java:197)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc位于reactor.core.publisher.monoder.subscribe(monoder.java:52)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.FluxSwitchIfEmpty$SwitchIfEmptySubscriber.onComplete(FluxSwitchIfEmpty.java:81)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.FluxFilter$FilterSubscriber.onComplete(FluxFilter.java:166)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.fluxDefaultifEmptySubscriber.onComplete(FluxDefaultIfEmpty.java:106)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.MonoNext$NextSubscriber.onComplete(MonoNext.java:102)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.MonoNext$NextSubscriber.onNext(MonoNext.java:83)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.FluxConcatMap$ConcatMapImmediate.innenext(FluxConcatMap.java:281)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc | at reactor.core.publisher.Operators$MonoSubscriber.complete(Operators.java:1815)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc位于reactor.core.publisher.MonoFlatMap$flatmainner.onNext(MonoFlatMap.java:249)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc | at reactor.core.publisher.Operators$MonoSubscriber.complete(Operators.java:1815)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.fluxDefaultifEmptySubscriber.onComplete(FluxDefaultIfEmpty.java:108)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.FluxFilterFuseable$FilterFuseableSubscriber.onComplete(FluxFilterFuseable.java:171)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.fluxmapfusable$MapFuseableConditionalSubscriber.onComplete(fluxmapfusable.java:344)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.FluxFilterFuseable$FilterFuseTableConditionalSubscriber.onComplete(FluxFilterFuseable.java:391)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc | at reactor.core.publisher.MonoFlatMap$FlatMapMain.onNext(MonoFlatMap.java:148)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.FluxFilterFuseable$FilterFuseableSubscriber.onNext(FluxFilterFuseable.java:118)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc位于reactor.core.publisher.Operators$ScalarSubscription.request(Operators.java:2397)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.FluxFilterFuseable$FilterFuseTableSubscriber.request(FluxFilterFuseable.java:191)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc | at reactor.core.publisher.MonoFlatMap$FlatMapMain.onSubscribe(MonoFlatMap.java:110)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.FluxFilterFuseable$FilterFuseableSubscriber.onSubscribe(FluxFilterFuseable.java:87)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc位于reactor.core.publisher.MonoCurrentContext.subscribe(MonoCurrentContext.java:36)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc位于reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:64)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc | at reactor.core.publisher.MonoFlatMap$FlatMapMain.onNext(MonoFlatMap.java:157)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.FluxFilterFuseable$FilterFuseableSubscriber.onNext(FluxFilterFuseable.java:118)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc位于reactor.core.publisher.Operators$ScalarSubscription.request(Operators.java:2397)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.FluxFilterFuseable$FilterFuseTableSubscriber.request(FluxFilterFuseable.java:191)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.fluxmapfusable$MapFuseableSubscriber.request(fluxmapfusable.java:169)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc | at reactor.core.publisher.MonoFlatMap$FlatMapMain.onSubscribe(MonoFlatMap.java:110)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.fluxmapfusable$MapFuseableSubscriber.onSubscribe(fluxmapfusable.java:96)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.FluxFilterFuseable$FilterFuseableSubscriber.onSubscribe(FluxFilterFuseable.java:87)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc位于reactor.core.publisher.MonoJust.subscribe(MonoJust.java:54)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc位于reactor.core.publisher.Mono.subscribe(Mono.java:4150)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.FluxConcatMap$ConcatMapImmediate.onSubscribe(FluxConcatMap.java:218)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc | at reactor.core.publisher.fluxitable.subscribe(fluxitable.java:164)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc | at reactor.core.publisher.fluxitable.subscribe(fluxitable.java:86)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc位于reactor.core.publisher.monoder.subscribe(monoder.java:52)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc位于reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:64)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc位于reactor.core.publisher.monoder.subscribe(monoder.java:52)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc位于reactor.core.publisher.Mono.subscribe(Mono.java:4150)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc | at reactor.core.publisher.MonoIgnoreThen.subscribe(MonoIgnoreThen.java:51)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc位于reactor.core.publisher.Mono.subscribe(Mono.java:4150)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.FluxSwitchIfEmpty$SwitchIfEmptySubscriber.onComplete(FluxSwitchIfEmpty.java:81)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.FluxFilter$FilterSubscriber.onComplete(FluxFilter.java:166)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.FluxPeekFuseable$peek条件subscriber.onComplete(FluxPeekFuseable.java:940)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.FluxSwitchIfEmpty$SwitchIfEmptySubscriber.onComplete(FluxSwitchIfEmpty.java:84)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.Operators$ScalarSubscription.request(Operators.java:2399)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc位于reactor.core.publisher.Operators$MultiSubscriptionSubscriber.set(Operators.java:2193)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc位于reactor.core.publisher.Operators$MultiSubscriptionSubscriber.onSubscribe(Operators.java:2067)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc位于reactor.core.publisher.Mono.subscribe(Mono.java:4150)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.FluxSwitchIfEmpty$SwitchIfEmptySubscriber.onComplete(FluxSwitchIfEmpty.java:81)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.MonoNext$NextSubscriber.onComplete(MonoNext.java:102)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.FluxFilter$FilterSubscriber.onComplete(FluxFilter.java:166)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc | at reactor.core.publisher.FluxFlatMap$FlatMapMain.checkTerminated(FluxFlatMap.java:846)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc | at reactor.core.publisher.FluxFlatMap$FlatMapMain.drainLoop(FluxFlatMap.java:608)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc | at reactor.core.publisher.FluxFlatMap$FlatMapMain.drain(FluxFlatMap.java:588)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.FluxFlatMap$FlatMapMain.onComplete(FluxFlatMap.java:465)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.FluxPeekFuseable$PeekFuseableSubscriber.onComplete(FluxPeekFuseable.java:277)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.fluxitable$IterableSubscription.request(fluxitable.java:228)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.FluxPeekFuseable$PeekFuseableSubscriber.request(FluxPeekFuseable.java:144)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.FluxFlatMap$FlatMapMain.onSubscribe(FluxFlatMap.java:371)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.FluxPeekFuseable$PeekFuseableSubscriber.onSubscribe(FluxPeekFuseable.java:178)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc | at reactor.core.publisher.fluxitable.subscribe(fluxitable.java:164)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc位于reactor.core.publisher.InternalMonoOperator.subscribe(InternalMonoOperator.java:64)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc | at reactor.core.publisher.MonoFlatMap$FlatMapMain.onNext(MonoFlatMap.java:157)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc | at reactor.core.publisher.Operators$MonoSubscriber.complete(Operators.java:1815)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.fluxDefaultifEmptySubscriber.onComplete(FluxDefaultIfEmpty.java:108)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.FluxMap$MapSubscriber.onComplete(FluxMap.java:142)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.FluxMap$MapSubscriber.onComplete(FluxMap.java:142)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.FluxFilter$FilterSubscriber.onComplete(FluxFilter.java:166)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.FluxMap$MapConditionalSubscriber.onComplete(FluxMap.java:269)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc | at reactor.core.publisher.Operators$MonoSubscriber.complete(Operators.java:1816)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc位于reactor.core.publisher.MonoCacheTime$CoordinatorSubscriber.signalCached(MonoCacheTime.java:337)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc位于reactor.core.publisher.MonoCacheTime$CoordinatorSubscriber.onNext(MonoCacheTime.java:354)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc位于reactor.core.publisher.FluxPeek$PeekSubscriber.onNext(FluxPeek.java:199)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.MonoPublishOn$PublishOnSubscriber.run(MonoPublishOn.java:181)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc | at reactor.core.scheduler.SchedulerTask.call(SchedulerTask.java:68)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc | at reactor.core.scheduler.SchedulerTask.call(SchedulerTask.java:28)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于java.base/java.util.concurrent.FutureTask.run(未知源)~[na:na]
目录svc |位于java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(未知源)~[na:na]
目录svc |位于java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(未知源)~[na:na]
目录svc |位于java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(未知源)~[na:na]
目录svc |位于java.base/java.lang.Thread.run(未知源)~[na:na]
目录svc |位于org.springframework.security.authorization.ReactiveAuthorizationManager.lambda$verify$0(ReactiveAuthorizationManager.java:53)~[spring-security-core-5.5.1.jar!/:5.5.1]
目录svc |抑制:reactor.core.publisher.FluxOnAssembly$OnAssemblyException:
在以下地点发现目录svc错误:
目录svc |堆栈跟踪:
目录svc |位于org.springframework.security.authorization.ReactiveAuthorizationManager.lambda$verify$0(ReactiveAuthorizationManager.java:53)~[spring-security-core-5.5.1.jar!/:5.5.1]
目录svc位于reactor.core.publisher.monoder.subscribe(monoder.java:44)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.FluxFilter$FilterSubscriber.onComplete(FluxFilter.java:166)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.fluxDefaultifEmptySubscriber.onComplete(FluxDefaultIfEmpty.java:106)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.MonoNext$NextSubscriber.onComplete(MonoNext.java:102)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.FluxConcatMap$ConcatMapImmediate.innenext(FluxConcatMap.java:281)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.FluxConcatMap$ConcatMapInner.onNext(FluxConcatMap.java:860)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc | at reactor.core.publisher.Operators$MonoSubscriber.complete(Operators.java:1815)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc位于reactor.core.publisher.MonoFlatMap$flatmainner.onNext(MonoFlatMap.java:249)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc | at reactor.core.publisher.Operators$MonoSubscriber.complete(Operators.java:1815)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.fluxDefaultifEmptySubscriber.onComplete(FluxDefaultIfEmpty.java:108)~[reactor-core-3.4.7.jar!/:3.4.7]
目录svc |位于reactor.core.publisher.fluxmapfusable$MapFuseableSubscriber.onComplete(fluxmapfusable.java:150)~[reactor-core-3.4.7.jar!/:3.4.7]
以下是SecurityConfig:
@Bean
fun springSecurityFilterChain(
http: ServerHttpSecurity,
authManager: ReactiveAuthenticationManager?
): SecurityWebFilterChain {
return http
.exceptionHandling()
.authenticationEntryPoint { swe, e ->
// The error is caught here
Mono.fromRunnable {
swe.response.statusCode = HttpStatus.UNAUTHORIZED
throw e
}
}.accessDeniedHandler { swe, e ->
Mono.fromRunnable {
swe.response.statusCode = HttpStatus.FORBIDDEN
throw e
}
}.and()
.addFilterBefore(
jwtAuthenticationTokenFilter,
SecurityWebFiltersOrder.AUTHENTICATION)
.cors()
.and()
.csrf().disable()
.securityContextRepository(NoOpServerSecurityContextRepository.getInstance())
.authorizeExchange()
.pathMatchers("/auth/**").permitAll()
.anyExchange().authenticated()
.and().build()
}
最后,jwt过滤器:
@Component
class JwtAuthenticationTokenFilter(
private val jwtUtils: JwtUtils,
@Value("\${application.jwt.jwtHeader}") private val jwtHeader: String,
@Value("\${application.jwt.jwtHeaderStart}") private val jwtHeaderStart: String
) : WebFilter {
override fun filter(exchange: ServerWebExchange, chain: WebFilterChain): Mono<Void> {
val authorizationHeader= exchange.request.headers[jwtHeader]?.get(0)
if (authorizationHeader != null) {
val jwt = authorizationHeader.removePrefix("$jwtHeaderStart ")
if (jwtUtils.validateJwtToken(jwt)) {
val detailsFromJwtToken = jwtUtils.getDetailsFromJwtToken(jwt)
val authentication = UsernamePasswordAuthenticationToken(
detailsFromJwtToken,
null,
detailsFromJwtToken.authorities
)
ReactiveSecurityContextHolder.withAuthentication(authentication)
}
}
return chain.filter(exchange)
}
}
我的问题是:我如何解决这个问题?如果你不能帮我解决这个问题,你知道有什么方法可以改进Spring中的stacktrace吗?因为我没有得到任何调试的提示。