您好,我在Spring Boot上有一个小问题,可以与用户建立黑名单令牌以用于此断开连接,我将所有令牌黑名单存储在mongodb https://ibb.co/dcX0Vnh上 简短的这是我的代码
@Value("${app.jwtSecret}")
public String jwtsecret;
@Autowired
private JwtBlacklistRepository jwtBlacklistRepository;
@Override
public void doFilter(final ServletRequest req,
final ServletResponse res,
final FilterChain chain) throws IOException, ServletException {
final HttpServletRequest request = (HttpServletRequest) req;
final HttpServletResponse response = (HttpServletResponse) res;
final String authHeader = request.getHeader("authorization");
if ("OPTIONS".equals(request.getMethod())) {
response.setStatus(HttpServletResponse.SC_OK);
chain.doFilter(req, res);
} else {
if (authHeader == null || !authHeader.startsWith("Bearer ")) {
throw new ServletException("Missing or invalid Authorization header");
}
final String token = authHeader.substring(7);
if (jwtBlacklistRepository == null) { //Lazy Load because filter
ServletContext servletContext = req.getServletContext();
WebApplicationContext webApplicationContext = WebApplicationContextUtils.getWebApplicationContext(servletContext);
jwtBlacklistRepository = webApplicationContext.getBean(JwtBlacklistRepository.class);
}
try {
if (jwtBlacklistRepository.findByToken(token) == null) {
System.out.println("Checkout " + jwtBlacklistRepository.findByToken( token ));
final Claims claims = Jwts.parser().setSigningKey("topsecretjwtpass".getBytes(StandardCharsets.UTF_8)).parseClaimsJws(token).getBody();
request.setAttribute("claims", claims);
}
} catch (final SignatureException e) {
throw new ServletException("Invalid token." + "");
}
chain.doFilter(req, res);
}
}
}
但奇怪的是,当我这样做时一切正常
public class jwt extends GenericFilterBean {
@Value("${app.jwtSecret}")
public String jwtsecret;
@Autowired
private JwtBlacklistRepository jwtBlacklistRepository;
@Override
public void doFilter(final ServletRequest req,
final ServletResponse res,
final FilterChain chain) throws IOException, ServletException {
final HttpServletRequest request = (HttpServletRequest) req;
final HttpServletResponse response = (HttpServletResponse) res;
final String authHeader = request.getHeader("authorization");
if ("OPTIONS".equals(request.getMethod())) {
response.setStatus(HttpServletResponse.SC_OK);
chain.doFilter(req, res);
} else {
if (authHeader == null || !authHeader.startsWith("Bearer ")) {
throw new ServletException("Missing or invalid Authorization header");
}
final String token = authHeader.substring(7);
if (jwtBlacklistRepository == null) { //Lazy Load because filter
ServletContext servletContext = req.getServletContext();
WebApplicationContext webApplicationContext = WebApplicationContextUtils.getWebApplicationContext(servletContext);
jwtBlacklistRepository = webApplicationContext.getBean(JwtBlacklistRepository.class);
}
try {
if (jwtBlacklistRepository.findByToken("eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJmYTI2ZWVhNS03ZGNlLTRkNzktYTdmNy0xZjg0OGNjNTg5NjYiLCJyb2xlcyI6InVzZXIiLCJpYXQiOjE1NjY5OTg2MjAsImV4cCI6MTU2NzA4NTAxOX0.bisMLvLsJbNW0a9XIBUKFLH4vkEe-BXAofgVKwys87khwMq_2r52n92Z70r4Ojg9UCHdYuqUPBViDZXQ_kHE8A") == null) {
System.out.println("Checkout " + jwtBlacklistRepository.findByToken( token ));
final Claims claims = Jwts.parser().setSigningKey("topsecretjwtpass".getBytes(StandardCharsets.UTF_8)).parseClaimsJws(token).getBody();
request.setAttribute("claims", claims);
}
} catch (final SignatureException e) {
throw new ServletException("Invalid token." + "");
}
chain.doFilter(req, res);
}
}
}
已经有数周时间我阻止这个问题了,任何帮助都将受到欢迎