【问题标题】:Spring REST API - Service Call from Filter gives Null Pointer ExceptionSpring REST API - 来自过滤器的服务调用给出空指针异常
【发布时间】:2023-04-02 21:26:01
【问题描述】:

我有基于 Spring 的 REST API,我正在尝试在其中添加自定义过滤器。此过滤器将用于基于令牌的验证。但是,服务调用给出了空指针异常。过滤器也添加在web.xml下进行注册。

下面的服务调用给出了空指针。请注意,我没有使用 Spring 安全性进行身份验证。

boolean flag = authTokenService.validateRESTAccessRequest(authToken);

其余代码工作正常。我尝试使用扩展 OncePerRequestfilter 而不是 GenericFilter bean 来编辑过滤器。但同样的问题仍然存在。需要做什么?

package org.application.web.filter;

  import java.io.IOException;
  import javax.servlet.FilterChain;
  import javax.servlet.ServletException;
  import javax.servlet.ServletOutputStream;
  import javax.servlet.ServletRequest;
  import javax.servlet.ServletResponse;
  import javax.servlet.http.HttpServletRequest;
  import javax.servlet.http.HttpServletResponse;

  import org.application.services.AuthTokenService;
  import org.springframework.beans.factory.annotation.Autowired;
  import org.springframework.stereotype.Component;
  import org.springframework.web.filter.GenericFilterBean;

  @Component
  public class RestApiAuthFilter extends GenericFilterBean {
    @Autowired
    AuthTokenService authTokenService;

    @Override
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain filterChain)
            throws IOException, ServletException {

         final HttpServletRequest request = (HttpServletRequest) req;
         final HttpServletResponse response = (HttpServletResponse) res;
         final String authHeader = request.getHeader("Authorization");

        if ("OPTIONS".equals(request.getMethod())) {
            response.setStatus(HttpServletResponse.SC_OK);

            filterChain.doFilter(request, response);
        } else {

            if (authHeader == null || !authHeader.startsWith("Bearer ")) {
                response.setStatus(HttpServletResponse.SC_FORBIDDEN);
                ServletOutputStream os = response.getOutputStream();
                os.write("INVALID AUTHNETICATION TOKEN".getBytes());
                os.close();

                return;
            }

            final String authToken = authHeader.substring(7);
            boolean flag = authTokenService.validateRESTAccessRequest(authToken);

            if (flag == false) {
                response.setStatus(HttpServletResponse.SC_FORBIDDEN);
                ServletOutputStream os = response.getOutputStream();
                os.write("INVALID AUTHNETICATION TOKEN".getBytes());
                os.close();

                return;
            } else {
                filterChain.doFilter(request, response);
            }
        }

    }
    }

web.xml 有以下过滤器条目,

<filter>
        <filter-name>restApiAuthFilter</filter-name>
        <filter-class>org.application.web.filter.RestApiAuthFilter</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>restApiAuthFilter</filter-name>
        <url-pattern>/secure/*</url-pattern>
    </filter-mapping>

错误的堆栈跟踪如下,

java.lang.NullPointerException
    at org.application.web.filter.RestApiAuthFilter.doFilter(RestApiAuthFilter.java:46)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.application.web.filter.CORSFilter.doFilterInternal(CORSFilter.java:27)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)

【问题讨论】:

  • authTokenService 可能不会自动装配。这个类是被组件扫描扫描的吗?您可以将您的弹簧配置添加到您的问题中吗?
  • 请添加堆栈跟踪。
  • 请查看我的原帖。我正在编辑那个机智的堆栈跟踪。
  • 什么是 AuthTokenService..??它是第三方库还是您的身份验证自定义服务?
  • AuthTokenService 是我用 Spring 编写的用于身份验证的自定义服务。

标签: spring rest authentication filter


【解决方案1】:

我可以解决这个问题。下面的链接来救援...

Access to spring beans from OncePerRequestFilter

我做了以下改动

web.xml

<filter>
    <filter-name>RestApiAuthFilter</filter-name>
    <filter-class>
        org.springframework.web.filter.DelegatingFilterProxy
    </filter-class>
</filter>

<filter-mapping>
    <filter-name>RestApiAuthFilter</filter-name>
    <url-pattern>/secure/*</url-pattern>
</filter-mapping>

弹簧上下文 xml

<bean name="RestApiAuthFilter" class="org.application.web.filter.RestApiAuthFilter">
       <property name="authTokenService" ref="authTokenService"/>
    </bean>

    <bean id="authTokenService"
        class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
        <property name="transactionManager" ref="transactionManager" />
        <property name="target" ref="authTokenServiceTarget" />
        <property name="proxyInterfaces">
            <value>org.application.services.AuthTokenService</value>
        </property>
        <property name="transactionAttributes">
            <props>
                <prop key="*">PROPAGATION_NOT_SUPPORTED, readOnly</prop>
            </props>
        </property>
    </bean>
    <bean id="authTokenServiceTarget"
        class="org.application.services.impl.AuthTokenServiceImpl">
    </bean>

RestApiAuthFilter.java

package org.application.web.filter;

import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.application.services.AuthTokenService;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;

@Component
public class RestApiAuthFilter extends OncePerRequestFilter {

    AuthTokenService authTokenService;

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
            throws ServletException, IOException {

        final String authHeader = request.getHeader("Authorization");

        if ("OPTIONS".equals(request.getMethod())) {
            response.setStatus(HttpServletResponse.SC_OK);

            filterChain.doFilter(request, response);
        } else {

            if (authHeader == null || !authHeader.startsWith("Bearer ")) {
                response.setStatus(HttpServletResponse.SC_FORBIDDEN);
                ServletOutputStream os = response.getOutputStream();
                os.write("INVALID AUTHNETICATION TOKEN".getBytes());
                os.close();

                return;
            }

            boolean flag = authTokenService.validateRESTAccessRequest(request);

            if (flag == false) {
                response.setStatus(HttpServletResponse.SC_FORBIDDEN);
                ServletOutputStream os = response.getOutputStream();
                os.write("INVALID AUTHNETICATION TOKEN".getBytes());
                os.close();

                return;
            } else {
                filterChain.doFilter(request, response);
            }
        }
    }

    public AuthTokenService getAuthTokenService() {
        return authTokenService;
    }

    public void setAuthTokenService(AuthTokenService authTokenService) {
        this.authTokenService = authTokenService;
    }
}

【讨论】:

    猜你喜欢
    • 2018-04-16
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2020-06-01
    • 2018-07-05
    • 1970-01-01
    • 1970-01-01
    相关资源
    最近更新 更多