你能否帮我介绍一下暴露REST服务的Spring Boot应用程序中的安全配置:我在JWTAuthenticationFilter extends UsernamePasswordAuthenticationFilter中有JWTAuthorizationFilter extends BasicAuthenticationFilter,configure和以下WebSecurityConfig extends WebSecurityConfigurerAdapter方法:
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable().authorizeRequests().antMatchers(HttpMethod.POST, SIGN_UP_URL).permitAll()
.anyRequest().authenticated().and().addFilter(new JWTAuthenticationFilter(authenticationManager()))
.addFilter(new JWTAuthorizationFilter(authenticationManager()))
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
现在,当Jwt令牌过期时,将返回错误500。如何以及在何处返回401?
答案 0 :(得分:1)
捕获异常并立即发送回响应。
} catch (io.jsonwebtoken.ExpiredJwtException e) {
final String expiredMsg = e.getMessage();
logger.warn(expiredMsg);
final String msg = (expiredMsg != null) ? expiredMsg : "Unauthorized";
res.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg);
}