我在@RestController 方法中注入@AuthenticationPrincipal。它在 JVM 中按预期工作,但在运行本机映像时,我在安全 SpEL 评估中得到 NPE。
这是方法:
@PutMapping("/{proxiedUserSubject}/proxies/{grantedUserSubject}")
@PreAuthorize("#token.subject == #proxiedUserSubject")
public ResponseEntity<?> editUserProxy(
@PathVariable(name = "proxiedUserSubject") @NotEmpty String proxiedUserSubject,
@PathVariable(name = "grantedUserSubject") @NotEmpty String grantedUserSubject,
@RequestBody Collection<Long> grantIds,
@AuthenticationPrincipal Object token) {
final var proxiedUser = getOrCreateUser(proxiedUserSubject);
final var grantedUser = getOrCreateUser(grantedUserSubject);
final var grants = grantRepo.findAllById(grantIds);
grantedUser.setGrantsOn(proxiedUser, grants);
userRepo.save(grantedUser);
return ResponseEntity.accepted().build();
}
知道为什么token
仅在本机图像中为 null 吗?我怀疑 AOT 插件配置有问题,但还无法隔离问题。