AuthControllerAdvice类:
@RestControllerAdvice
public class AuthControllerAdvice {
private static final Logger logger = Logger.getLogger(AuthControllerAdvice.class);
@ExceptionHandler(value = InvalidTokenRequestException.class)
@ResponseStatus(HttpStatus.OK)
@ResponseBody
public ApiResponse handleInvalidTokenException(InvalidTokenRequestException ex, WebRequest request) {
return new ApiResponse(new ArrayList(), SuccessStatus.TOKEN_EXPIRED, ex.getMessage());
}
}
JwtAuthenticationFilter类:
public class JwtAuthenticationFilter extends OncePerRequestFilter {
private static final Logger log = Logger.getLogger(JwtAuthenticationFilter.class);
@Value("${app.jwt.header}")
private String tokenRequestHeader;
@Value("${app.jwt.header.prefix}")
private String tokenRequestHeaderPrefix;
@Autowired
private JwtTokenProvider jwtTokenProvider;
@Autowired
private JwtTokenValidator jwtTokenValidator;
@Autowired
private CustomUserDetailsService customUserDetailsService;
/**
* Filter the incoming request for a valid token in the request header
*/
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
FilterChain filterChain) throws ServletException, IOException {
try {
String jwt = getJwtFromRequest(request);
if (StringUtils.hasText(jwt) && jwtTokenValidator.validateToken(jwt)) {
Long userId = jwtTokenProvider.getUserIdFromJWT(jwt);
UserDetails userDetails = customUserDetailsService.loadUserById(userId);
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, jwt, userDetails.getAuthorities());
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(authentication);
}
} catch (Exception ex) {
log.error("Failed to set user authentication in security context: ", ex);
throw ex;
}
filterChain.doFilter(request, response);
}
/**
* Extract the token from the Authorization request header
*/
private String getJwtFromRequest(HttpServletRequest request) {
String bearerToken = request.getHeader(tokenRequestHeader);
if (StringUtils.hasText(bearerToken) && bearerToken.startsWith(tokenRequestHeaderPrefix)) {
log.info("Extracted Token: " + bearerToken);
return bearerToken.replace(tokenRequestHeaderPrefix, "");
}
return null;
}
}
JwtTokenValidator类:
@Component
public class JwtTokenValidator {
private static final Logger logger = Logger.getLogger(JwtTokenValidator.class);
private final String jwtSecret;
public boolean validateToken(String authToken) {
try {
Jwts.parser().setSigningKey(jwtSecret).parseClaimsJws(authToken);
} catch (SignatureException ex) {
logger.error("Invalid JWT signature");
throw new InvalidTokenRequestException("JWT", authToken, "Incorrect signature");
} catch (MalformedJwtException ex) {
logger.error("Invalid JWT token");
throw new InvalidTokenRequestException("JWT", authToken, "Malformed jwt token");
} catch (ExpiredJwtException ex) {
logger.error("Expired JWT token");
throw new InvalidTokenRequestException("JWT", authToken, "Token expired. Refresh required");
} catch (UnsupportedJwtException ex) {
logger.error("Unsupported JWT token");
throw new InvalidTokenRequestException("JWT", authToken, "Unsupported JWT token");
} catch (IllegalArgumentException ex) {
logger.error("JWT claims string is empty.");
throw new InvalidTokenRequestException("JWT", authToken, "Illegal argument token");
}
return true;
}
}
但是当我在Tomcat上部署并显示日志时:
2020-10-13 14:46:34 ERROR o.s.b.w.s.support.ErrorPageFilter - Forwarding to error page from request [/api/syncconfig] due to exception [Token expired. Refresh required: [JWT] token: [eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNjAyNDY5Njg2LCJleHAiOjE2MDI0NzA1ODZ9.CG-y1fJuQm5-Iy6C8gFUNIOY3vJ2wMS-0kxLwrh09K-TApKMKBVgUlDAWL8X7aml8BgXYh8e2sfHWbosaKOELQ] ]
用Postman测试时,响应是错误页面而不是JSON。
但是,在调试并在IntellIJ上运行时,我没有遇到此问题
我尝试了不同的方法,但是没有用。
你能帮我吗?