堆栈内存溢出
  简体   繁体   English

为什么 *ExpiredJwtException* 没有被捕获和处理?

[英]Why is the *ExpiredJwtException* not being caught and handled?

 原文  2022-07-20 13:54:54       java/ spring-boot/ exception/ jwt

问题描述

Why is the ExpiredJwtException not being caught and handled?为什么没有捕获和处理ExpiredJwtException

When I pass an expired token into the validate endpoint, a ExpiredJwtException is thrown but it is not being handled is the catch block:当我将过期令牌传递到验证端点时,会抛出ExpiredJwtException但未处理的是 catch 块:

 public ResponseEntity<?> validateToken(@RequestParam String token,
                                           @AuthenticationPrincipal User user) {
        try {
            Boolean isValidToken = jwtUtility.validateToken(token, user);
            System.out.println("Is valid" + isValidToken);
            ValidateResponse res = new ValidateResponse();
            res.setIsValid(isValidToken);
            return ResponseEntity.ok(res);
        } catch (ExpiredJwtException e) {
            ValidateResponse res = new ValidateResponse();
            res.setIsValid(false);
            System.out.println("Is valid" + res);
            return ResponseEntity.ok(res);
        }
    }

In JWTUtility.java:在 JWTUtility.java 中:

//validate token
public Boolean validateToken(String token, UserDetails userDetails) {
    final String username = getUsernameFromToken(token);
    return (username.equals(userDetails.getUsername()) && !isTokenExpired(token));
}


//check if the token has expired
private Boolean isTokenExpired(String token) {
    final Date expiration = getExpirationDateFromToken(token);
    return expiration.before(new Date());
}

pom.xml pom.xml

    <!-- JWT Dependencies -->
    <dependency>
        <groupId>io.jsonwebtoken</groupId>
        <artifactId>jjwt-api</artifactId>
        <version>0.11.2</version>
    </dependency>

    <dependency>
        <groupId>io.jsonwebtoken</groupId>
        <artifactId>jjwt-impl</artifactId>
        <version>0.11.2</version>
        <scope>runtime</scope>
    </dependency>

    <dependency>
        <groupId>io.jsonwebtoken</groupId>
        <artifactId>jjwt-jackson</artifactId>
        <version>0.11.2</version>
        <scope>runtime</scope>
    </dependency>

Stack Trace:堆栈跟踪:

io.jsonwebtoken.ExpiredJwtException: JWT expired at 2022-07-20T14:25:56Z. Current time: 2022-07-20T14:25:56Z, a difference of 261 milliseconds.  Allowed clock skew: 0 milliseconds.
    at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:448) ~[jjwt-impl-0.11.2.jar:0.11.2]
    at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:550) ~[jjwt-impl-0.11.2.jar:0.11.2]
    at io.jsonwebtoken.impl.DefaultJwtParser.parseClaimsJws(DefaultJwtParser.java:610) ~[jjwt-impl-0.11.2.jar:0.11.2]
    at io.jsonwebtoken.impl.ImmutableJwtParser.parseClaimsJws(ImmutableJwtParser.java:173) ~[jjwt-impl-0.11.2.jar:0.11.2]
    at com.example.assignmentsubmissionapp.util.JWTUtility.getAllClaimsFromToken(JWTUtility.java:44) ~[classes/:na]
    at com.example.assignmentsubmissionapp.util.JWTUtility.getClaimFromToken(JWTUtility.java:38) ~[classes/:na]
    at com.example.assignmentsubmissionapp.util.JWTUtility.getUsernameFromToken(JWTUtility.java:29) ~[classes/:na]
    at com.example.assignmentsubmissionapp.filter.JwtFilter.doFilterInternal(JwtFilter.java:36) ~[classes/:na]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.21.jar:5.3.21]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:103) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:89) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91) ~[spring-web-5.3.21.jar:5.3.21]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.21.jar:5.3.21]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.21.jar:5.3.21]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:112) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:82) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:55) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.21.jar:5.3.21]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.21.jar:5.3.21]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:211) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183) ~[spring-security-web-5.7.2.jar:5.7.2]
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354) ~[spring-web-5.3.21.jar:5.3.21]
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267) ~[spring-web-5.3.21.jar:5.3.21]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-5.3.21.jar:5.3.21]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.21.jar:5.3.21]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-5.3.21.jar:5.3.21]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.21.jar:5.3.21]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-5.3.21.jar:5.3.21]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.21.jar:5.3.21]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:360) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:890) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1787) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-9.0.64.jar:9.0.64]
    at java.base/java.lang.Thread.run(Thread.java:829) ~[na:na]

3 个解决方案

解决方案1
 1  2022-07-20 15:30:14

Your stack trace shows the exception is coming from different code path.您的堆栈跟踪显示异常来自不同的代码路径。

From the stack trace:从堆栈跟踪:

com.example.assignmentsubmissionapp.filter.JwtFilter.doFilterInternal(JwtFilter.java:36) is calling com.example.assignmentsubmissionapp.util.JWTUtility.getUsernameFromToken(JWTUtility.java:29) com.example.assignmentsubmissionapp.filter.JwtFilter.doFilterInternal(JwtFilter.java:36) 正在调用 com.example.assignmentsubmissionapp.util.JWTUtility.getUsernameFromToken(JWTUtility.java:29)

which is throwing the exception, so it is thrown in JwtFilter.这是抛出异常,所以它被抛出在 JwtFilter 中。 The catch block you have is in validateToken(), which is nowhere to be seen in the stack trace.您拥有的 catch 块位于 validateToken() 中,在堆栈跟踪中无处可见。

So based on the stack trace the exception is thrown before validateToken() method is ever called.因此,根据堆栈跟踪,在调用 validateToken() 方法之前会引发异常。 If you want to catch the exception you'd need to do it in JwtFilter.如果要捕获异常,则需要在 JwtFilter 中进行。

解决方案2
 0  2022-07-20 14:14:38

From what I searched, the only method that throws a ExpiredJwtException is the parse(String jwt) throws ExpiredJwtException, ... method, probably you are not calling the method that will throw it.根据我的搜索,抛出ExpiredJwtException的唯一方法是parse(String jwt) throws ExpiredJwtException, ...方法,可能您没有调用将抛出它的方法。 If you are using jjwt of course.当然,如果您使用的是 jjwt。

解决方案3
 0  2022-07-26 11:25:39

You need few changes in your SecurityConfig class.您需要对SecurityConfig class 进行少量更改。 Inside your configure method在您的configure方法中

protected void configure(HttpSecurity http) throws Exception { }

you have to add AccessDeniedHandler and AuthenticationEntryPoint to handle the failures/exceptions generated by your filter.您必须添加AccessDeniedHandlerAuthenticationEntryPoint来处理过滤器生成的失败/异常。

Giving you a reference as below,给你一个参考如下,

http.cors()
            .and()
            .csrf().disable()
            .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and().exceptionHandling()
            .accessDeniedHandler(customAccessDeniedHandler())
            .authenticationEntryPoint(authenticationEntryPoint());

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在哪里捕获和处理此异常? - Where is this exception caught and handled? 有时可以捕获并处理错误,那么为什么大多数博客都声称应该处理所有错误? - Errors can be caught and handled sometimes then why do most of the blogs claim that they should be handled and all? 为什么我的自定义异常没有被重新抛出/捕获? - Why is my custom exception not being rethrown/caught? 为什么我会收到“io.jsonwebtoken.ExpiredJwtException”? - Why do I get a "io.jsonwebtoken.ExpiredJwtException"? 为什么我的NumberFormatException没有被捕获在try-catch中? - Why is my NumberFormatException not being caught in my try-catch? Java:为什么在Second Method catch块内未捕获异常 - Java : Why exception is not being caught inside the Second Method catch block 为什么我的NullPointerException没有被我的catch块捕获? - Why is my NullPointerException not being caught in my catch block? 单元测试,已捕获并处理了异常 - Unit test that an exception has been caught and handled 没有捕获InterruptedException - InterruptedException is not being caught 异常和 throwable 未被捕获 - Exception and throwable not being caught
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM