Java 自定义异常在使用spring引导和spring安全性的筛选器中不起作用
我正在使用SpringBoot和SpringSecurity创建带有JWT令牌基安全性的RESTAPI。我想在令牌无效时引发自定义异常。因此,我创建了自定义异常类,每当我抛出该异常时,每次都会在postman中得到空白响应 我想扔掉这个Java 自定义异常在使用spring引导和spring安全性的筛选器中不起作用,java,spring-boot,exception,spring-security,Java,Spring Boot,Exception,Spring Security,我正在使用SpringBoot和SpringSecurity创建带有JWT令牌基安全性的RESTAPI。我想在令牌无效时引发自定义异常。因此,我创建了自定义异常类,每当我抛出该异常时,每次都会在postman中得到空白响应 我想扔掉这个 if (header == null || !header.startsWith("Bearer")) { throw new JwtTokenMissingException("No JWT token found in the request he
if (header == null || !header.startsWith("Bearer")) {
throw new JwtTokenMissingException("No JWT token found in the request headers");
}
因为我发送的令牌没有载体关键字。它可以在控制台中打印,但不能插入邮递员
每次都是邮递员的空白回复
JwtAuthenticationEntryPoint类
@Component
public class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint, Serializable[!
private static final long serialVersionUID = 1L;
@Override
public void commence(HttpServletRequest request, HttpServletResponse response,
AuthenticationException authException) throws IOException, ServletException {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
}
}
WebSecurity配置类
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsServiceImpl userDetailsService;
@Autowired
private JwtAuthenticationEntryPoint unauthorizedHandler;
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Autowired
public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(encoder());
}
@Bean
public JwtAuthenticationFilter authenticationTokenFilterBean() throws Exception {
return new JwtAuthenticationFilter();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests().antMatchers("/login").permitAll().anyRequest()
.authenticated().and().exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
}
@Bean
public BCryptPasswordEncoder encoder() {
return new BCryptPasswordEncoder();
}
}
JwtAuthenticationFilter类
JwtTokenUtil类
自定义异常类
请尝试以下代码:
String jwtToken = null;
if(headers.containKey("Authorization")){
jwtToken = headers.get("Authorization");
}
if (jwtToken == null || !jwtToken.startsWith("Bearer")) {
throw new JwtTokenMissingException("No JWT token found in the request headers");
}
请尝试以下代码:
String jwtToken = null;
if(headers.containKey("Authorization")){
jwtToken = headers.get("Authorization");
}
if (jwtToken == null || !jwtToken.startsWith("Bearer")) {
throw new JwtTokenMissingException("No JWT token found in the request headers");
}
如果希望在响应体中看到一些内容,那么在处理异常时应该在响应体中编写一些内容。请参阅本页:。也许你的味精被忽略了。是的,它起作用了。在响应体中更改了一些代码之后,它工作得很好。如果您想在响应体中看到一些内容,那么在处理异常时应该在响应体中编写一些内容。请参阅本页:。也许你的味精被忽略了。是的,它起作用了。在响应体中更改了一些代码,之后它工作正常。我复制了您的场景。这对我有用。您正在阅读可能包含多个(键、值)对的完整标题,我刚刚获取了令牌,即授权属性,并进行了空检查。我复制了您的场景。这对我有用。您正在阅读可能包含多个(键、值)对的完整标题,我刚刚获取了令牌,即授权属性,并进行了空检查。
public class JwtTokenMalformedException extends AuthenticationException {
private static final long serialVersionUID = 1L;
public JwtTokenMalformedException(String msg) {
super(msg);
}
}
public class JwtTokenMissingException extends AuthenticationException {
private static final long serialVersionUID = 1L;
public JwtTokenMissingException(String msg) {
super(msg);
}
}
String jwtToken = null;
if(headers.containKey("Authorization")){
jwtToken = headers.get("Authorization");
}
if (jwtToken == null || !jwtToken.startsWith("Bearer")) {
throw new JwtTokenMissingException("No JWT token found in the request headers");
}