@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
if ((request.getContentType() == null && request.getContentLength() > 0) || (request.getContentType() != null && !request.getContentType().contains(Constants.REQUEST_HEADERS_CONTENT_TYPE))) {
filterChain.doFilter(request, response);
return;
}
MultiReadHttpServletRequest wrappedRequest = new MultiReadHttpServletRequest(request);
MultiReadHttpServletResponse wrappedResponse = new MultiReadHttpServletResponse(response);
StopWatch stopWatch = new StopWatch();
try {
stopWatch.start();
// 記錄請求的訊息體
logRequestBody(wrappedRequest);
// 前后端分離情況下,前端登錄后將token儲存在cookie中,每次訪問介面時通過token去拿用戶權限
String jwtToken = wrappedRequest.getHeader(Constants.REQUEST_HEADER);
log.debug("后臺檢查令牌:{}", jwtToken);
if (StringUtils.isNotBlank(jwtToken)) {
// 檢查token
// JWT相關start ===========================================
// 獲取jwt中的資訊
Claims claims = Jwts.parser().setSigningKey(Constants.SALT).parseClaimsJws(jwtToken.replace("Bearer", "")).getBody();
// 獲取當前登錄用戶名
System.out.println("獲取當前登錄用戶名: " + claims.getSubject());
// TODO 如需使用jwt特性在此做處理~
// JWT相關end ===========================================
SecurityUser securityUser = userDetailsService.getUserByToken(jwtToken);
if (securityUser == null || securityUser.getCurrentUserInfo() == null) {
throw new MyException("TOKEN已過期,請重新登錄!");
}
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(securityUser, null, securityUser.getAuthorities());
// 全域注入角色權限資訊和登錄用戶基本資訊
SecurityContextHolder.getContext().setAuthentication(authentication);
}
filterChain.doFilter(wrappedRequest, wrappedResponse);
}finally {
stopWatch.stop();
long usedTimes = stopWatch.getTotalTimeMillis();
// 記錄回應的訊息體
logResponseBody(wrappedRequest, wrappedResponse, usedTimes);
}
}
我的做法是實作了 AuthenticationFailureHandler 介面,
@Slf4j
@Component
public class AdminAuthenticationFailureHandler implements AuthenticationFailureHandler {
@Override
public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse response, AuthenticationException e) throws IOException, ServletException {
ApiResult result;
if (e instanceof UsernameNotFoundException || e instanceof BadCredentialsException) {
result = ApiResult.fail(e.getMessage());
} else if (e instanceof LockedException) {
result = ApiResult.fail("賬戶被鎖定,請聯系管理員!");
} else if (e instanceof CredentialsExpiredException) {
result = ApiResult.fail("證書過期,請聯系管理員!");
} else if (e instanceof AccountExpiredException) {
result = ApiResult.fail("賬戶過期,請聯系管理員!");
} else if (e instanceof DisabledException) {
result = ApiResult.fail("賬戶被禁用,請聯系管理員!");
} else {
log.error("登錄失敗:", e);
result = ApiResult.fail("登錄失敗!");
}
ResponseUtils.out(response, result);
}
}
如上所示,在 用戶資訊通過jwtToken 未查詢到時,拋出自定義例外,此token存在于redis中,但是我在redis中洗掉掉這個token,使程式拋出例外后,預期是走這個實作了AuthenticationFailureHandler介面的類,但是看樣子并沒有進入這個類中,而postman接受到了類似于springsecurity 自帶的回傳資訊。
{
"timestamp": "2021-05-10T15:32:01.977+00:00",
"status": 500,
"error": "Internal Server Error",
"message": "",
"path": "/user/get/1"
}
求問是什么原因導致,自定義例外沒有起作用
轉載請註明出處,本文鏈接:https://www.uj5u.com/houduan/283725.html
標籤:Web 開發
上一篇:【Java】介面的實作類
下一篇:第一次