一尘不染

使用Spring Boot的@AuthenticationPrincipal不起作用

spring-boot

使用Spring Boot 1.3.1,我在遇到问题@AuthenticationPrincipal

这是我的控制器:

@RestController
@RequestMapping("/api/user")
public class UserController {

    @RequestMapping("/")
    public UserDto user(@AuthenticationPrincipal(errorOnInvalidType = true) User user) {
        return UserDto.fromUser(user);
    }
}

这是我的自定义User类:

@Entity()
@Table(name = "app_user")
public class User extends AbstractEntity<UserId> implements Serializable {
// ------------------------------ FIELDS ------------------------------

    @NotNull
    @Column(unique = true)
    @Pattern(regexp = "[a-zA-Z_\\-\\.0-9]+")
    @Size(min = 1, max = 20)
    private String username;
    private String password;
    @Column(unique = true)
    @Email
    private String emailAddress;
    @Enumerated(EnumType.STRING)
    @NotNull
    private UserRole role;
}

我还创建了一个类来确认UserDetailsSpring Security 的接口:

public class CustomUserDetails extends User implements UserDetails {

    public CustomUserDetails(User user) {
        super(user);
    }

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        return Sets.newHashSet(new SimpleGrantedAuthority("ROLE_" + getRole().name()));
    }

    @Override
    public boolean isAccountNonExpired() {
        return true;
    }

    @Override
    public boolean isAccountNonLocked() {
        return true;
    }

    @Override
    public boolean isCredentialsNonExpired() {
        return true;
    }

    @Override
    public boolean isEnabled() {
        return true;
    }
}

然后在我的UserDetailsService

@Override
public CustomUserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
    com.company.app.domain.account.User user = userRepository.findByUsername(username);

    if (user != null) {
        return new CustomUserDetails(user);
    } else {
        throw new UsernameNotFoundException(format("User %s does not exist!", username));
    }
}

我有一个完美的集成测试。但是,无法运行应用程序本身(从IntelliJ IDEA)。我有一个例外:

"CustomUserDetails{id=UserId{id=401868de-99ff-4bae-bcb6-225e3062ed33}} is not assignable to class com.company.app.domain.account.User"

但这是不正确的,因为这是CustomUserDetails我的自定义User类的子类。

通过调试器检查,我发现此代码AuthenticationPrincipalArgumentResolver失败:

if (principal != null
            && !parameter.getParameterType().isAssignableFrom(principal.getClass())) {

的类加载器parameter.getParameterType()是的实例RestartClassloader,而principal.getClass()具有的类加载器是的实例Launcher$AppClassLoader

这是Spring Boot或Spring Security中的错误,还是我做错了什么?

更新:

我可以确认禁用Spring Boot的devtools可以使其工作:

public static void main(String[] args) {
    System.setProperty("spring.devtools.restart.enabled", "false");
    SpringApplication.run(MyApplication.class, args);
}

阅读 983

收藏
2020-05-30

共1个答案

一尘不染

为了帮助遇到相同问题的其他任何人,这是Spring Boot DevTools和Spring Security
OAuth中的一个限制。在本期中对此进行了跟踪:https : //github.com/spring-projects/spring-
boot/issues/5071

2020-05-30