[GitHub] [dubbo] baozi-2019 opened a new issue, #12167: spring security结合dubbo使用会报错

["baozi-2019 (via GitHub)" <gi...@apache.org>]

baozi-2019 opened a new issue, #12167:
URL: https://github.com/apache/dubbo/issues/12167

   环境：nacos+dubbo3+spring security（spring-boot-starter-security:3.0.0）
   
   重现方法：首先确保代码无问题，设置dubbo.application.metadata-type: remote并配置dubbo.metadata-report相关信息，调用报错，删掉dubbo.application.metadata-type以及dubbo.metadata-report相关信息。当登录后用户再次通过srping security接口登录时，代码运行到dubbo调用就会报以下错误，不知道dubbo内部是如何处理的。不知道dubbo内部人员能否解决下这个问题。
   
   ```log
   2023-04-23 17:38:24.323 ERROR --- [http-nio-8081-exec-3] org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/].[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception java.lang.RuntimeException: objectMapper! serialize error com.fasterxml.jackson.databind.JsonMappingException: class java.lang.Long cannot be cast to class java.lang.String (java.lang.Long and java.lang.String are in module java.base of loader 'bootstrap') (through reference chain: com.baozi.management.config.security.password.PasswordAuthenticationToken["account"])
   	at org.apache.dubbo.spring.security.jackson.ObjectMapperCodec.serialize(ObjectMapperCodec.java:71)
   	at org.apache.dubbo.spring.security.filter.ContextHolderAuthenticationPrepareFilter.setSecurityContext(ContextHolderAuthenticationPrepareFilter.java:55)
   	at org.apache.dubbo.spring.security.filter.ContextHolderAuthenticationPrepareFilter.invoke(ContextHolderAuthenticationPrepareFilter.java:45)
   	at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
   	at org.apache.dubbo.rpc.cluster.filter.support.ConsumerClassLoaderFilter.invoke(ConsumerClassLoaderFilter.java:40)
   	at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
   	at org.apache.dubbo.rpc.cluster.filter.support.ConsumerContextFilter.invoke(ConsumerContextFilter.java:118)
   	at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CopyOfFilterChainNode.invoke(FilterChainBuilder.java:331)
   	at org.apache.dubbo.rpc.cluster.filter.FilterChainBuilder$CallbackRegistrationInvoker.invoke(FilterChainBuilder.java:194)
   	at org.apache.dubbo.rpc.cluster.support.wrapper.AbstractCluster$ClusterFilterInvoker.invoke(AbstractCluster.java:91)
   	at org.apache.dubbo.rpc.cluster.support.wrapper.MockClusterInvoker.invoke(MockClusterInvoker.java:103)
   	at org.apache.dubbo.rpc.cluster.support.wrapper.ScopeClusterInvoker.invoke(ScopeClusterInvoker.java:131)
   	at org.apache.dubbo.registry.client.migration.MigrationInvoker.invoke(MigrationInvoker.java:284)
   	at org.apache.dubbo.rpc.proxy.InvocationUtil.invoke(InvocationUtil.java:57)
   	at org.apache.dubbo.rpc.proxy.InvokerInvocationHandler.invoke(InvokerInvocationHandler.java:75)
   	at com.baozi.user.api.IUserOuterServiceDubboProxy1.queryUserByAccount(IUserOuterServiceDubboProxy1.java)
   	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
   	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
   	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343)
   	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:211)
   	at jdk.proxy2/jdk.proxy2.$Proxy132.queryUserByAccount(Unknown Source)
   	at com.baozi.management.config.security.password.PasswordUserDetailService.loadUserByUsername(PasswordUserDetailService.java:44)
   	at com.baozi.management.config.security.password.PasswordAuthenticationProvider.authenticate(PasswordAuthenticationProvider.java:38)
   	at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:182)
   	at com.baozi.management.config.security.password.PasswordAuthenticationFilter.attemptAuthentication(PasswordAuthenticationFilter.java:92)
   	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:231)
   	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:221)
   	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
   	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:107)
   	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:93)
   	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
   	at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90)
   	at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75)
   	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
   	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
   	at org.springframework.security.web.context.SecurityContextHolderFilter.doFilterInternal(SecurityContextHolderFilter.java:69)
   	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
   	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
   	at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62)
   	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
   	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
   	at org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42)
   	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
   	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
   	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233)
   	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191)
   	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:351)
   	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
   	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:185)
   	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:158)
   	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
   	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
   	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:185)
   	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:158)
   	at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
   	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
   	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:185)
   	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:158)
   	at org.springframework.session.web.http.SessionRepositoryFilter.doFilterInternal(SessionRepositoryFilter.java:143)
   	at org.springframework.session.web.http.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:82)
   	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:185)
   	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:158)
   	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
   	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
   	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:185)
   	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:158)
   	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197)
   	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
   	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)
   	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:119)
   	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
   	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
   	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357)
   	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:400)
   	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
   	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861)
   	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1739)
   	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
   	at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
   	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
   	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
   	at java.base/java.lang.Thread.run(Thread.java:833)
   
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org

[GitHub] [dubbo] baozi-2019 commented on issue #12167: spring security结合dubbo使用会报错

["baozi-2019 (via GitHub)" <gi...@apache.org>]

baozi-2019 commented on issue #12167:
URL: https://github.com/apache/dubbo/issues/12167#issuecomment-1525252017

   问题解决了，谢谢


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org

[GitHub] [dubbo] jojocodeX commented on issue #12167: spring security结合dubbo使用会报错

["jojocodeX (via GitHub)" <gi...@apache.org>]

jojocodeX commented on issue #12167:
URL: https://github.com/apache/dubbo/issues/12167#issuecomment-1521214650

   > PasswordAuthenticationToken
   
   spring security Authentication 对象在反序列化的时候，有时会出现一些错误，主要错误体现在，在反序列化时，构造参数不能为空等条件，介于此，dubbo 内部加入了默认对象的一些反序列化器，可以查看ObjectMapperCodec这个类。如果是自定义认证对象，可以通过ObjectMapperCodecCustomer扩展反序列化方式，具体反序列化器实现参考 UsernamePasswordAuthenticationTokenDeserializer


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org

[GitHub] [dubbo] baozi-2019 closed issue #12167: spring security结合dubbo使用会报错

["baozi-2019 (via GitHub)" <gi...@apache.org>]

baozi-2019 closed issue #12167: spring security结合dubbo使用会报错
URL: https://github.com/apache/dubbo/issues/12167


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org

[GitHub] [dubbo] baozi-2019 commented on issue #12167: spring security结合dubbo使用会报错

["baozi-2019 (via GitHub)" <gi...@apache.org>]

baozi-2019 commented on issue #12167:
URL: https://github.com/apache/dubbo/issues/12167#issuecomment-1523000618

   > > PasswordAuthenticationToken
   > 
   > spring security Authentication 对象在反序列化的时候，有时会出现一些错误，主要错误体现在，在反序列化时，构造参数不能为空等条件，介于此，dubbo 内部加入了默认对象的一些反序列化器，可以查看ObjectMapperCodec这个类。如果是自定义认证对象，可以通过ObjectMapperCodecCustomer扩展反序列化方式，具体反序列化器实现参考 UsernamePasswordAuthenticationTokenDeserializer
   
   我修改了增加了mixin，但是MyObjectMapperCustomer这个类dubbo怎么加载
   ```java
   public class MyObjectMapperCustomer implements ObjectMapperCodecCustomer {
       @Override
       public void customize(ObjectMapperCodec objectMapperCodec) {
           objectMapperCodec.configureMapper(objectMapper -> {
               objectMapper.addMixIn(PasswordAuthenticationToken.class, PasswordAuthenticationTokenMixin.class);
           });
       }
   }
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org

[GitHub] [dubbo] AlbumenJ commented on issue #12167: spring security结合dubbo使用会报错

["AlbumenJ (via GitHub)" <gi...@apache.org>]

AlbumenJ commented on issue #12167:
URL: https://github.com/apache/dubbo/issues/12167#issuecomment-1521203486

   @jojocodeX PTAL


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org

[GitHub] [dubbo] jojocodeX commented on issue #12167: spring security结合dubbo使用会报错

["jojocodeX (via GitHub)" <gi...@apache.org>]

jojocodeX commented on issue #12167:
URL: https://github.com/apache/dubbo/issues/12167#issuecomment-1525158316

   > > > PasswordAuthenticationToken 使用PasswordAuthenticationToken
   > > 
   > > 
   > > spring security Authentication 对象在反序列化的时候，有时会出现一些错误，主要错误体现在，在反序列化时，构造参数不能为空等条件，介于此，dubbo 内部加入了默认对象的一些反序列化器，可以查看ObjectMapperCodec这个类。如果是自定义认证对象，可以通过ObjectMapperCodecCustomer扩展反序列化方式，具体反序列化器实现参考 UsernamePasswordAuthenticationTokenDeserializer
   > 
   > 我修改了增加了mixin，但是MyObjectMapperCustomer这个类dubbo怎么加载
   > 
   > ```java
   > public class MyObjectMapperCustomer implements ObjectMapperCodecCustomer {
   >     @Override
   >     public void customize(ObjectMapperCodec objectMapperCodec) {
   >         objectMapperCodec.configureMapper(objectMapper -> {
   >             objectMapper.addMixIn(PasswordAuthenticationToken.class, PasswordAuthenticationTokenMixin.class);
   >         });
   >     }
   > }
   > ```
   
   后面把文档补全咯，实在对不住
   ![截图20230427164518](https://user-images.githubusercontent.com/15051594/234809913-ab90dc4c-d784-49fa-b3ab-6dec5b3b50e9.png)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@dubbo.apache.org
For additional commands, e-mail: notifications-help@dubbo.apache.org