将Spring Boot与JWT和sprin安全一起使用..从servlet过滤器抛出的任何异常(例如未授权,禁止)。没有得到回应的消息。打印堆栈时跟踪其显示但未得到最终响应
{
"timestamp": "2020-11-26T09:09:21.684+00:00",
"status": 500,
"error": "Internal Server Error",
"message": "",
"path": "/api/users/profile"
}
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
String header = request.getHeader(JwtConstant.AUTHORIZATION);
if (StringUtils.isNotBlank(header) && header.startsWith(JwtConstant.BEARER)) {
String authToken = header.replace(JwtConstant.BEARER, "");
Claims claims = jwtTokenUtil.getJwtClaims(authToken);
String username = claims.getSubject();
UserDetails userDetails = userDetailsService.loadUserByUsername(username);
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails,
"", getAuthoritiesFromString(claims));
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
logger.info("authenticated user " + username + ", setting security context");
SecurityContextHolder.getContext().setAuthentication(authentication);
}
filterChain.doFilter(request, response);
}
public Claims getJwtClaims(String token) {
Claims claims = null;
try {
claims = Jwts.parserBuilder().setSigningKey(getPublicKey()).build().parseClaimsJws(token).getBody();
} catch (ExpiredJwtException e) {
throw new CustomException(env.getProperty(ExceptionMessage.TOKEN_EXPIRED),e, ErrorCode.TOKEN_EXPIRE);
} catch (SignatureException | MalformedJwtException e) {
throw new CustomException(env.getProperty(ExceptionMessage.TOKEN_INVALID),e, ErrorCode.TOKEN_INVALID);
} catch (Exception e) {
throw new CustomException(env.getProperty(ExceptionMessage.TOKEN_PARSING),e, ErrorCode.INTERNAL_SERVER_ERROR);
}
return claims;
}
我正在使用jwt身份验证。当请求包含令牌时。然后首先我从代币获得索偿。但是如果令牌已过期,则无效,那么我想抛出自定义异常。.但是我无法获得自定义异常代码和消息
这是由于自2.3版本以来在SpringBoot中所做的更改所致。请参阅本节。默认情况下,错误消息不再包含在响应中。将此行添加到您的application.properties:
server.error.include-message=always
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句