Spring Security NullPointerException при выходе из приложения - PullRequest
0 голосов
/ 04 декабря 2018

В приложении Spring mvc я получаю исключение при выходе из системы.Но после исключения я обнаружил, что процесс выхода завершился успешно.Я использую сервер приложений wildfly 14.0.1.

spring-security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:security="http://www.springframework.org/schema/security"
       xmlns:util="http://www.springframework.org/schema/util"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans.xsd
       http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
    <security:http pattern="/api/**" security="none"/>
    <security:http auto-config="true" use-expressions="true" entry-point-ref="authenticationEntryPoint" authentication-manager-ref="authenticationManager">
        <security:custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrentSessionFilter"/>
        <security:custom-filter before="FORM_LOGIN_FILTER" ref="authenticationFilter"/>
        <security:custom-filter after="EXCEPTION_TRANSLATION_FILTER" ref="ajaxTimeoutRedirectFilter"/>
        <security:form-login always-use-default-target="false" authentication-failure-url="/login?error"
                             default-target-url="/" login-page="/login" login-processing-url="/auth"
                             username-parameter="username" password-parameter="password"
                             authentication-success-handler-ref="loginSuccessHandler"
                             authentication-failure-handler-ref="loginFailureHandler"/>
        <security:logout logout-url="/logout" success-handler-ref="logoutSuccessHandler"
                         invalidate-session="true" delete-cookies="JESSIONID"/>
        <security:session-management session-authentication-strategy-ref="compositeSessionAuthenticationStrategy"
                                     invalid-session-url="/login"/>
        <security:access-denied-handler ref="accessDeniedHandler"/>
        <security:http-basic />
        <security:csrf/>
    </security:http>
    <security:authentication-manager alias="authenticationManager" erase-credentials="true">
        <security:authentication-provider ref="authenticationProvider"></security:authentication-provider>
    </security:authentication-manager>
    <bean id="authenticationEntryPoint" class="com.springapp.mvc.web.security.AuthenticationEntryPoint"></bean>
    <bean id="authenticationProvider" class="com.springapp.mvc.web.security.WebAuthenticationProvider">
        <property name="passwordEncoder" ref="passwordEncoder"/>
        <property name="userProfileService" ref="userProfileService"/>
    </bean>
    <bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl"></bean>
    <bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"></bean>

    <bean id="authenticationDetailsSource" class="com.springapp.mvc.web.security.WebAuthenticationDetailsSource"></bean>
    <bean id="ajaxTimeoutRedirectFilter" class="com.springapp.mvc.web.security.AjaxTimeoutRedirectFilter"></bean>
    <bean id="customSecurityExpression" class="com.springapp.mvc.web.security.CustomSecurityExpression"></bean>
    <bean id="accessDeniedHandler" class="com.springapp.mvc.web.security.WebAccessDeniedHandler">
        <property name="accessDeniedUrl" value="403"/>
    </bean>
    <bean id="loginSuccessHandler" class="com.springapp.mvc.web.security.LoginSuccessHandler">
        <property name="defaultTargetUrl" value="/home/"/>
    </bean>
    <bean id="loginFailureHandler" class="com.springapp.mvc.web.security.LoginFailureHandler">
        <property name="defaultFailureUrl" value="/login?error"/>
    </bean>

    <bean id="logoutSuccessHandler" class="com.springapp.mvc.web.security.LogoutSuccessHandler">
        <property name="defaultTargetUrl" value="/login/"/>
    </bean>
    <bean id="logoutFailureHandler" class="com.springapp.mvc.web.security.LogoutFailureHandler">

    </bean>
    <bean id="concurrentSessionFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter">
        <constructor-arg name="sessionRegistry" ref="sessionRegistry"/>
        <constructor-arg name="expiredUrl" value="/login"/>
    </bean>
    <bean id="authenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
        <property name="sessionAuthenticationStrategy" ref="compositeSessionAuthenticationStrategy"/>
        <property name="authenticationManager" ref="authenticationManager"/>
    </bean>
    <bean id="compositeSessionAuthenticationStrategy" class="org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy">
        <constructor-arg>
            <list>
                <bean class="org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy">
                    <constructor-arg ref="sessionRegistry"/>
                    <property name="maximumSessions" value="30"/>
                    <property name="exceptionIfMaximumExceeded" value="true"/>
                </bean>
                <bean class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy"/>
                <bean class="org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy">
                    <constructor-arg ref="sessionRegistry"/>
                </bean>
            </list>
        </constructor-arg>
    </bean>
</beans>

LogoutSuccessHandler.java

public class LogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler {

    public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {

        String path = request.getSession().getServletContext().getRealPath("/resources/reports/");

        File folder = new File(path);
        File[] listOfFiles = folder.listFiles();

        for (int i = 0; i < listOfFiles.length; i++) {
            if (listOfFiles[i].isFile()) {
                UserProfileDTO userProfileDTO = (UserProfileDTO) authentication.getPrincipal();
                String username = userProfileDTO.getUsername();
                if(listOfFiles[i].getName().contains(username)){
                    listOfFiles[i].delete();
                }
            }
        }

        super.onLogoutSuccess(request, response, authentication);


    }
}

stacktrace:

2018-12-04 14:47:57,587 ERROR [io.undertow.request] (default task-5) UT005023: Exception handling request to /UtilityMasterSatkhira/logout: java.lang.NullPointerException
        at com.springapp.mvc.web.security.LogoutSuccessHandler.onLogoutSuccess(LogoutSuccessHandler.java:25)
        at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
        at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:105)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
        at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
        at org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:125)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
        at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
        at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
        at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
        at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
        at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
        at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
        at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
        at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
        at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
        at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
        at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
        at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
        at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
        at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
        at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
        at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
        at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
        at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
        at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
        at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
        at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
        at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
        at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
        at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
        at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
        at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
        at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
        at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
        at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
        at io.undertow.server.Connectors.executeRootHandler(Connectors.java:360)
        at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
        at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
        at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
        at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
        at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
        at java.lang.Thread.run(Thread.java:748)

1 Ответ

0 голосов
/ 04 декабря 2018

Проверьте API документ File.html.listFiles () , вы найдете ниже сообщение:

Если это абстрактное имя пути не обозначаеткаталог, тогда этот метод возвращает ноль.В противном случае возвращается массив объектов File

, поэтому вам необходимо проверить, не является ли он нулевым, прежде чем выполнять дальнейшую проверку

    File[] listOfFiles = folder.listFiles();

    if(listOfFiles != null){
        for (int i = 0; i < listOfFiles.length; i++) {
            if (listOfFiles[i].isFile()) {
                UserProfileDTO userProfileDTO = (UserProfileDTO) authentication.getPrincipal();
                String username = userProfileDTO.getUsername();
                if(listOfFiles[i].getName().contains(username)){
                    listOfFiles[i].delete();
                }
            }
        }
    }
Добро пожаловать на сайт PullRequest, где вы можете задавать вопросы и получать ответы от других членов сообщества.
...