我正在尝试实现WebFilter以检查Spring WebFlux应用程序中的JWT标头。我设法找到一种方法来返回Publisher而不是Mono.empty(),但响应不是json格式。
以下是我的WebFilter filter()方法的示例:
public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
ServerHttpRequest request = exchange.getRequest();
ServerHttpResponse response = exchange.getResponse();
String path = request.getPath().pathWithinApplication().value();
// only apply filter for JWT on apiPath
if(!path.contains(apiPath) ||
(path.contains(apiPath) && request.getMethod().equals(HttpMethod.OPTIONS))) {
return chain.filter(exchange);
}
logger.debug("JWT authentication initiated");
Auth authentication = tokenAuthenticationService.getAuthentication((ServerHttpRequest) request);
if (authentication == null) {
ApiError error = new ApiError();
error.setMessage("foo msg");
response.setStatusCode(HttpStatus.UNAUTHORIZED);
return response
.writeWith(Mono.just(new DefaultDataBufferFactory().wrap(SerializationUtils.serialize(error))));
}
// extract token data and put in attributes,
// throw unauthorized if token is not properly signed
exchange.getAttributes().put("auth", authentication);
logger.debug("JWT authentication passed");
return chain.filter(exchange);
}
这就是我的ApiError类的样子:
@JsonIgnoreProperties(ignoreUnknown = true)
public class ApiError implements Serializable {
/**
*
*/
private static final long serialVersionUID = 1L;
private HttpStatus httpStatus;
private String message;
private String debugMessage;
private List<?> subErrors;
private long timestamp;
public ApiError() {
setTimestamp(new Date());
}
public ApiError(HttpStatus status) {
this();
this.httpStatus = status;
}
public ApiError(HttpStatus status, Throwable ex) {
this(status);
this.message = "Unexpected error";
this.debugMessage = ex.getLocalizedMessage();
}
public ApiError(HttpStatus status, String message, Throwable ex) {
this(status, ex);
this.message = message;
}
public ApiError(HttpStatus status, String message, Throwable ex, List<?> subErrors) {
this(status, message, ex);
this.subErrors = subErrors;
}
@JsonIgnore
public HttpStatus getHttpStatus() {
return this.httpStatus;
}
public void setHttpStatus(HttpStatus httpStatus) {
this.httpStatus = httpStatus;
}
@JsonProperty("status")
public Integer getStatus() {
return this.httpStatus.value();
}
@JsonProperty("error")
public String getError() {
return this.httpStatus.getReasonPhrase();
}
@JsonProperty("timestamp")
public long getTimestamp() {
return timestamp;
}
public void setTimestamp(Date time) {
this.timestamp = time.getTime();
}
@JsonProperty("message")
public String getMessage() {
return message;
}
public void setMessage(String message) {
this.message = message;
}
@JsonProperty("debugMessage")
public String getDebugMessage() {
return debugMessage;
}
public void setDebugMessage(String debugMessage) {
this.debugMessage = debugMessage;
}
@SuppressWarnings("unchecked")
@JsonInclude(JsonInclude.Include.NON_NULL)
@JsonProperty("subErrors")
public List<Object> getSubErrors() {
return (List<Object>) subErrors;
}
public void setSubErrors(List<?> subErrors) {
this.subErrors = subErrors;
}
}
当身份验证为空时我得到的响应:
sr0com.foo.exceptions.model.ApiErrorJtimestampLdebugMessagetLjava / lang / String; L httpStatust%Lorg / springframework / http / HttpStatus; Lmessageq~L subErrorstLjava / util / List;xpbCeY pptfoomsgp
我尝试将Content-type:application / json标头添加到exchange.getResponse()但它没有做到这一点。我可以得到帮助吗?
答案 0 :(得分:0)
我们也可以使用“response.bufferFactory()”,而不是每次手动创建一个。
ServerHttpResponse response = exchange.getResponse();
ExceptionDetail exceptionDetail = e.getExceptionDetail(); // custom class to hold exception deetails
response.setStatusCode(exceptionDetail.getHttpStatus());
response.getHeaders().add(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON);
DataBuffer dataBuffer = response.bufferFactory().wrap(objectMapper.writeValueAsBytes(exceptionDetail));
return response.writeWith(Mono.just(dataBuffer));