前端之家

  1. 首页
  2. 问答

在spring-security-oauth2中强制自定义OAuth2User会导致反序列化错误

问答

我在Web应用程序中使用spring-security-oauth2-client。我想使用自定义用户类型。但是在使用身份验证服务器发送的请求正文Insteate OAuthUser时出错。

我使用自定义用户类型的原因是因为我想将hashmap内的字符串值用作nameAttributeKey而不是字符串值。

SecurityConfig 

    http.oauth2Login()
      .userInfoEndpoint()
        .customUserType(NaverOAuth2User.class,"naver");

NaverOAuth2User 

public class NaverOAuth2User implements OAuth2User {

   public NaverOAuth2User(Collection<? extends GrantedAuthority> authorities,Map<String,Object> attributes,String nameAttributeKey) {
           ...
   }

   ...

}

我希望调用NaverOAuth2User的构造函数,但是在序列化之前导致错误。

Caused by: com.fasterxml.jackson.databind.exc.InvalidDefinitionException: Cannot construct instance of `com.rw.springsecurity.vo.NaverOAuth2User` (no Creators,like default construct,exist): cannot deserialize from Object value (no delegate- or property-based Creator)
 at [Source: (PushbackInputStream); line: 1,column: 2]
    at com.fasterxml.jackson.databind.exc.InvalidDefinitionException.from(InvalidDefinitionException.java:67) ~[jackson-databind-2.9.9.3.jar:2.9.9.3]
    at com.fasterxml.jackson.databind.DeserializationContext.reportBadDefinition(DeserializationContext.java:1452) ~[jackson-databind-2.9.9.3.jar:2.9.9.3]
    at com.fasterxml.jackson.databind.DeserializationContext.handleMissingInstantiator(DeserializationContext.java:1028) ~[jackson-databind-2.9.9.3.jar:2.9.9.3]
    at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.deserializeFromObjectUsingNonDefault(BeanDeserializerBase.java:1297) ~[jackson-databind-2.9.9.3.jar:2.9.9.3]
    at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserializeFromObject(BeanDeserializer.java:326) ~[jackson-databind-2.9.9.3.jar:2.9.9.3]
    at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:159) ~[jackson-databind-2.9.9.3.jar:2.9.9.3]
    at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4014) ~[jackson-databind-2.9.9.3.jar:2.9.9.3]
    at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3085) ~[jackson-databind-2.9.9.3.jar:2.9.9.3]
    at org.springframework.http.converter.json.AbstractJackson2HttpMessageConverter.readJavaType(AbstractJackson2HttpMessageConverter.java:239) ~[spring-web-5.1.10.RELEASE.jar:5.1.10.RELEASE]

我认为构造函数参数错误。

chenwh8 回答:在spring-security-oauth2中强制自定义OAuth2User会导致反序列化错误

在后台,Spring Security使用RestTemplate将来自userInfo端点的数据反序列化为自定义类型,我们指定哪些需要具有默认构造函数

您可以在org.springframework.security.oauth2.client.userinfo.CustomUserTypesOAuth2UserService中检查此逻辑。

javaspring-bootspring-security-oauth2
本文链接:https://www.f2er.com/3169362.html

大家都在问