![](/img/trans.png)
[英]Execute GenericFilterBean only on response with Spring boot 2.0.0
[英]Exception handling in Spring GenericFilterBean
我已經實現了基於令牌的身份驗證(沒有spring安全性)。 因此,在GenericFilterBean中,它會檢查並聲明令牌。
public class MyTokenFilter extends GenericFilterBean {
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws MyAuthException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
if (!"OPTIONS".equals(request.getMethod())) {
String authHeader = request.getHeader("Authorization");
if (authHeader == null || !authHeader.startsWith("Token ")) {
throw new MyAuthException("Authorization header needed"); // Should return custom http status response like 400
}
String token = authHeader.substring(6);
try {
claimToken(token);
} catch (Exception e) {
throw new MyAuthException("Invalid token."); // Should return custom http status response like 401
}
}
chain.doFilter(req, res);
}
}
所以在這個過濾器中似乎一切都好。 但是我需要用json發送不同Http Statutes的響應。 我能夠將ResponseEntitiyExceptionHandler與@ControllerAdvice一起使用。 所以我可以在我的控制器中處理異常。
@ControllerAdvice
public class MyPrettyExceptionHandler extends ResponseEntityExceptionHandler {
@ExceptionHandler(MyAuthException.class)
@ResponseBody
public ResponseEntity<Object> handleCustomException(HttpServletRequest req, MyAuthException ex) {
Map<String, String> responseBody = new HashMap<>();
responseBody.put("error", "true");
responseBody.put("message", ex.getMessage());
return new ResponseEntity<Object>(responseBody, HttpStatus.INTERNAL_SERVER_ERROR);
}
}
我知道它是如何工作的以及哪個順序過濾器和控制器及其異常(過濾器在控制器之前完成它們的工作,所以它們與控制器的范圍不同)。 所以我自然無法使用ControllerAdvice處理過濾器的異常。
那么在Filter中處理異常的有效方法是什么(比如我的例子)? 你能用另一種方式建議我嗎?
您應該使用response.sendError發送錯誤代碼和狀態:
public class MyTokenFilter extends GenericFilterBean {
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
if (!"OPTIONS".equals(request.getMethod())) {
String authHeader = request.getHeader("Authorization");
if (authHeader == null || !authHeader.startsWith("Token ")) {
//throw new MyAuthException("Authorization header needed"); // Should return custom http status response like 400
response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Authorization header needed");
return ;
}
String token = authHeader.substring(6);
try {
claimToken(token);
} catch (Exception e) {
//throw new MyAuthException("Invalid token."); // Should return custom http status response like 401
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Invalid token.");
return ;
}
}
chain.doFilter(req, res);
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.