覆盖过滤器中的 doFilterInternal 方法时获取空令牌 class
Getting null token when Override doFilterInternal Method in Filter class
我在保护我的微服务时使用 JWt 令牌,并在覆盖过滤器中的 doFilterInternal 方法时获取空令牌 class。
JwtRequestFilter.class
@Component
public class JwtRequestFilter extends OncePerRequestFilter{
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private JwtUtil jwtUtil;
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
final String authorizationHeader=request.getHeader("Authorization");
String userName=null;
String jwt=null;
if(authorizationHeader!=null && authorizationHeader.startsWith("Benz "))
{
jwt=authorizationHeader.substring(5);
userName=jwtUtil.extractUserName(jwt);
if(userName!=null && SecurityContextHolder.getContext().getAuthentication()==null)
{
UserDetails userDetails=(UserDetails) this.userDetailsService.loadUserByUsername(userName);
if(jwtUtil.validateToken(jwt, userDetails))
{
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken
=new UsernamePasswordAuthenticationToken(userDetails,null,userDetails.getAuthorities());
usernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
}
}
filterChain.doFilter(request, response);
}
}
}
注意 - 如果不覆盖 doFilterInternal 方法,则会生成令牌。
这里的问题是,如果你没有找到授权的 header,你就没有在做链和调用其他过滤器,你在 filterChain.doFilter(request, response);结束
只需添加:
if(authorizationHeader!=null && authorizationHeader.startsWith("Benz "))
{
.... your current logic
} else {
//missing part
filterChain.doFilter(request, response);
}
我在保护我的微服务时使用 JWt 令牌,并在覆盖过滤器中的 doFilterInternal 方法时获取空令牌 class。
JwtRequestFilter.class
@Component
public class JwtRequestFilter extends OncePerRequestFilter{
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private JwtUtil jwtUtil;
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
final String authorizationHeader=request.getHeader("Authorization");
String userName=null;
String jwt=null;
if(authorizationHeader!=null && authorizationHeader.startsWith("Benz "))
{
jwt=authorizationHeader.substring(5);
userName=jwtUtil.extractUserName(jwt);
if(userName!=null && SecurityContextHolder.getContext().getAuthentication()==null)
{
UserDetails userDetails=(UserDetails) this.userDetailsService.loadUserByUsername(userName);
if(jwtUtil.validateToken(jwt, userDetails))
{
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken
=new UsernamePasswordAuthenticationToken(userDetails,null,userDetails.getAuthorities());
usernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
}
}
filterChain.doFilter(request, response);
}
}
}
注意 - 如果不覆盖 doFilterInternal 方法,则会生成令牌。
这里的问题是,如果你没有找到授权的 header,你就没有在做链和调用其他过滤器,你在 filterChain.doFilter(request, response);结束
只需添加:
if(authorizationHeader!=null && authorizationHeader.startsWith("Benz "))
{
.... your current logic
} else {
//missing part
filterChain.doFilter(request, response);
}