堆栈内存溢出
  繁体   English   中英

Spring:如何使过滤器抛出自定义异常?

[英]Spring: How to make a filter throw a custom exception?

 原文  2017-05-18 06:58:23       java/ spring

问题描述

我创建了一个过滤器,用于验证JWT令牌的每个请求标头: 

public class JWTAuthenticationFilter extends GenericFilterBean {

    private UserDetailsService customUserDetailsService;
    private static Logger logger = LoggerFactory.getLogger(JWTAuthenticationFilter.class);
    private final static UrlPathHelper urlPathHelper = new UrlPathHelper();

    public JWTAuthenticationFilter(UserDetailsService customUserDetailsService) {
        this.customUserDetailsService = customUserDetailsService;
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
        Authentication authentication = AuthenticationService.getAuthentication((HttpServletRequest) request, customUserDetailsService);
        SecurityContextHolder.getContext().setAuthentication(authentication);
        if (authentication == null) {
            logger.debug("failed authentication while attempting to access " + urlPathHelper.getPathWithinApplication((HttpServletRequest) request));
        }
        filterChain.doFilter(request, response);
    }

}

我想抛出一个自定义异常,该异常返回一个响应: 

@ResponseStatus(value=HttpStatus.SOMECODE, reason="There was an issue with the provided authentacion information")  // 409
public class CustomAuthenticationException extends RuntimeException {

    private static final long serialVersionUID = 6699623945573914987L;

}

我该怎么做? 捕获过滤器抛出此类异常的最佳设计是什么? 我可以使用Spring安全性提供的任何异常处理机制并在一点上捕获所有内容吗? 有没有其他方法可以在过滤器中抛出自定义异常?

:还有另外一个问题, 在这里它的接受的答案没有回答我的问题。 我想在到达任何控制器之前返回响应。

我想要处理的错误情况:1。客户端为Authorization标头发送一个空值。 2.客户端发送格式错误的令牌

在这两种情况下,我都会收到500 HTTP状态代码的响应。 我想要获得4XX代码。

2 个解决方案

解决方案1
 4  2017-05-18 07:04:18

看看@ControllerAdvice

这是我项目的一个例子。 

@ControllerAdvice
@RestController
public class GlobalExceptionHandler {

    private final Logger log = Logger.getLogger(this.getClass().getSimpleName());

    @ResponseStatus(HttpStatus.BAD_REQUEST)
    @ExceptionHandler(value = RuntimeException.class)
    public Response handleBaseException(RuntimeException e) {
        log.error("Error", e);
        Error error = new Error(HttpStatus.BAD_REQUEST.value(), HttpStatus.BAD_REQUEST.name());
        return Response.status(HttpStatus.BAD_REQUEST.value()).error(error, null).build();
    }

    @ResponseStatus(HttpStatus.NOT_FOUND)
    @ExceptionHandler(value = NoHandlerFoundException.class)
    public Response handleNoHandlerFoundException(Exception e) {
        log.error("Error", e);
        Error error = new Error(HttpStatus.NOT_FOUND.value(), HttpStatus.NOT_FOUND.name());
        return Response.status(HttpStatus.NOT_FOUND.value()).error(error, null).build();
    }

    @ExceptionHandler(value = AuthenticationCredentialsNotFoundException.class)
    public Response handleException(AuthenticationCredentialsNotFoundException e) {     
        log.error("Error", e);
        Error error = new Error(ErrorCodes.INVALID_CREDENTIALS_CODE, ErrorCodes.INVALID_CREDENTIALS_MSG);
        return Response.status(ErrorCodes.INVALID_CREDENTIALS_CODE).error(error, null).build();
    }

    @ResponseStatus(HttpStatus.UNAUTHORIZED)
    @ExceptionHandler(value = UnauthorisedException.class)
    public Response handleNotAuthorizedExceptionException(UnauthorisedException e) {        
//      log.error("Error", e);
        return Response.unauthorized().build();
    }

    @ExceptionHandler(value = Exception.class)
    public String handleException(Exception e) {
        log.error("Error", e);
        return e.getClass().getName() + " 14" + e.getMessage();
    }


}

编辑

我相信你可以在里面做response.sendError做Filter方法。 

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
    Authentication authentication = AuthenticationService.getAuthentication((HttpServletRequest) request, customUserDetailsService);
    SecurityContextHolder.getContext().setAuthentication(authentication);
    if (authentication == null) {
        logger.debug("failed authentication while attempting to access " + urlPathHelper.getPathWithinApplication((HttpServletRequest) request));
        response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Invalid authentication.");
        setUnauthorizedResponse(response);
        return;
    }
    filterChain.doFilter(request, response);
}

public void setUnauthorizedResponse(HttpServletResponse response) {
    response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
    response.setContentType("application/json");
    Response unAuthorizedResponse = Response.unauthorized().build();
    try {
        PrintWriter out = response.getWriter();
        out.println(unAuthorizedResponse.toJsonString());
    } catch (IOException e) {
        log.error("Error", e);
    }
}

解决方案2
 0  2017-09-21 20:59:03

我在JWT令牌上遇到了同样的问题,并在这个问题上发布了解决方案,因为那里的问题类似(他在过滤异常方面有问题)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用过滤器并在 Spring 中抛出自定义异常? 如何在Spring Batch中引发自定义异常? 如何使Spring Converter引发自定义异常而不是ConversionFailedException? 如何从 JWT 身份验证过滤器中抛出自定义异常 如何抛出 Spring @Valid “异常”? Spring Boot 应用程序中的自定义异常抛出 使用 Spring 数据 Rest 引发自定义异常 如何在Optional中引发自定义异常 Spring过滤器抛出自定义异常 如何在 Java 中使用自定义值抛出自定义异常?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM