@ Override
Protected void doFilterInternal (it request, HttpServletResponse response, FilterChain FilterChain) throws ServletException, IOException {
If ((request. GetContentType ()==null & amp; & Request. GetContentLength () & gt; 0) | | (request. GetContentType ()!=null & amp; & ! Request. GetContentType (). The contains (the REQUEST_HEADERS_CONTENT_TYPE))) {
FilterChain. DoFilter (request, response);
return;
}
MultiReadHttpServletRequest wrappedRequest=new MultiReadHttpServletRequest (request);
MultiReadHttpServletResponse wrappedResponse=new MultiReadHttpServletResponse (response);
A StopWatch StopWatch=new StopWatch ();
Try {
A stopWatch. Start ();
//record request message body
LogRequestBody (wrappedRequest);
//separation cases before and after the end, the front will be token stored in the cookie after login, each time you access interface by token get user permissions
String jwtToken=wrappedRequest. GetHeader (the REQUEST_HEADER);
The log. The debug (" the background check token: {} ", jwtToken);
{if (StringUtils. IsNotBlank (jwtToken))
//check the token
//JWT related start===========================================
//retrieve information from JWT
Claims Claims=Jwts. Parser (.) setSigningKey (the SALT). ParseClaimsJws (jwtToken. Replace (" Bearer ", "")). The getBody ();
//get the current login user name
System. The out. Println (" gets the current login user name: "+ claims. The getSubject ());
//TODO if you want to use JWT characteristics in the processing of ~
//JWT related end===========================================
SecurityUser SecurityUser=userDetailsService. GetUserByToken (jwtToken);
If (securityUser==null | | securityUser. GetCurrentUserInfo ()==null) {
Throw new MyException (" TOKEN has expired, please log in again!" );
}
UsernamePasswordAuthenticationToken authentication=new UsernamePasswordAuthenticationToken (securityUser, null, securityUser getAuthorities ());
//global injection role authorization information and login user basic information
SecurityContextHolder. GetContext (). SetAuthentication (authentication);
}
FilterChain. DoFilter (wrappedRequest wrappedResponse);
} the finally {
A stopWatch. Stop ();
Long usedTimes=a stopWatch. GetTotalTimeMillis ();
//record response message body
LogResponseBody (wrappedRequest wrappedResponse, usedTimes);
}
}
My approach is to implement the AuthenticationFailureHandler interface,
@ Slf4j
@ Component
Public class AdminAuthenticationFailureHandler implements AuthenticationFailureHandler {
@ Override
Public void onAuthenticationFailure (it it, HttpServletResponse response, AuthenticationException e) throws IOException, ServletException {
ApiResult result;
If (e instanceof UsernameNotFoundException | | e instanceof BadCredentialsException) {
Result=ApiResult. Fail (um participant etMessage ());
{} else if (e instanceof LockedException)
Result=ApiResult. Fail (" account is locked, please contact the administrator!" );
{} else if (e instanceof CredentialsExpiredException)
Result=ApiResult. Fail (" certificate expired, please contact the administrator!" );
{} else if (e instanceof AccountExpiredException)
Result=ApiResult. Fail (" account has expired, please contact the administrator!" );
{} else if (e instanceof DisabledException)
Result=ApiResult. Fail (" account is disabled, please contact the administrator!" );
} else {
The error (" logon failure: ", e);
Result=ApiResult. Fail (" login failed!" );
}
ResponseUtils. Out (the response, result);
}
}
As shown above, in the user information through jwtToken not query, then by definition process, the token exists in redis, but I delete the token in the redis, make the program after an exception is thrown, the implementation expectations for AuthenticationFailureHandler interface class, but it seems not to enter the class, the postman have received a similar springsecurity bring back information,
{
"Timestamp" : "the 2021-05-10 T15:32:01. 977 + 00:00",
"Status" : 500,
"Error" : "Internal Server error",
"Message" : ", "
"Path" : "/user/get/1"
}
Ask what causes, custom exception no work