Spring-Security PasswordEncoder returns null

问题

I have implemented Spring security on my struts2 application and it perfectly works, but it runs into error java.lang.NullPointerException on line 3.

Although it seems passwordEncoder configuration works as by adding those I cant login with a plain text password any more.

 <authentication-manager> 
        <authentication-provider>
           <password-encoder ref="passwordEncoder"/>

            <jdbc-user-service data-source-ref="dataSource"

                           users-by-username-query="
              select username,password,enabled 
              from Users where username=?" 

                           authorities-by-username-query="
                      select username,authority 
                      from Users where username = ?"

        />
        </authentication-provider> 

    </authentication-manager> 
    <beans:bean id="passwordEncoder" 
        xmlns="http://www.springframework.org/schema/beans"            
        class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
        <constructor-arg value="256"/>
    </beans:bean>
</beans:beans>

MyClass.java

    import org.springframework.security.authentication.encoding.ShaPasswordEncoder;;
    ....
    private ShaPasswordEncoder passwordEncoder;

     public ShaPasswordEncoder getPasswordEncoder() {
         return passwordEncoder;
     }
     @Autowired
     public void setPasswordEncoder(ShaPasswordEncoder passwordEncoder) {
           this.passwordEncoder = passwordEncoder;
      }

     public void encode(String username)
        {
1             System.err.println("encode password");
2             String encodedPassword = "";
3             encodedPassword = passwordEncoder.encodePassword("Jack",username);
4             System.err.println("encoded password " + encodedPassword);
        }

pom.xml

   <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-webmvc</artifactId>
            <version>3.1.1.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-web</artifactId>
            <version>3.1.1.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-core</artifactId>
            <version>3.1.1.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-taglibs</artifactId>
            <version>3.1.1.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-config</artifactId>
            <version>3.1.1.RELEASE</version>
        </dependency>

回答1:

Do you actually inject the encoder into Encode.java somehow somewhere? If not,then that is your problem.

if you need a quick and dirty solution which will probably work. just make it

 private ShaPasswordEncoder passwordEncoder=new ShaPasswordEncoder(256);

and then find out what you are doing wrong with the injection.

maybe read this to see how injection should be done.

What is the difference between @Inject and @Autowired in Spring Framework? Which one to use under what condition?

回答2:

@Autowired will work only on Spring managed beans. So your MyClass should be a @Service or @Repository or @Component etc (or it may be simply configured in your XML as a <bean>)

Also, I don't understand your

I cant login with a plain text password any more.

The encoding of the user entered password and the comparison with the encoded password from the database is done by spring security internally. All it needs is a UserDetails object which will be provided by your jdbc-user-service.

来源：https://stackoverflow.com/questions/17479387/spring-security-passwordencoder-returns-null