作者:林世光_519 | 来源:互联网 | 2023-10-13 10:58
1.@ControllerAdvice+@ExceptionHandler 没有处理异常,或捕捉不到异常
2.在做shiro集成jwt,其中jwt token过期或不合法会抛出如下异常,代码如下: public static void verify(String token, String userId, String secret) {
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
| try {
Algorithm algorithm = Algorithm.HMAC256(secret);
JWTVerifier verifier = JWT.require(algorithm).withClaim(userPrimaryKey, userId).build();
verifier.verify(token);
} catch (TokenExpiredException exception) {
log.info("token 签名校验失败,过期:{}", token);
throw new ExpiredCredentialsException(EnumErrorCode.apiAuthorizationExpired.getMsg());
}catch (InvalidClaimException exception2){
log.info("token 签名校验失败,数据异常:{}", token);
throw new AuthenticationException(EnumErrorCode.apiAuthorizationInvalid.getMsg());
}catch (Exception exception3){
log.info("token 签名校验失败:{}", token);
throw new IFastApiException(EnumErrorCode.apiAuthorizationInvalid.getCodeStr());
}
}
全局的@RestControllerAdvice()
@ExceptionHandler(ShiroException.class)
public Result handleAuthorizationException(ShiroException e) {
log.error(e.getMessage());
if(e instanceof IncorrectCredentialsException) {
return Result.build(EnumErrorCode.apiAuthorizationFailed.getCode(), EnumErrorCode.apiAuthorizationFailed.getMsg());
}else if(e instanceof ExpiredCredentialsException) {
return Result.build(EnumErrorCode.apiAuthorizationExpired.getCode(), EnumErrorCode.apiAuthorizationExpired.getMsg());
}
return Result.build(EnumErrorCode.notAuthorization.getCode(), EnumErrorCode.notAuthorization.getMsg());
} |
3.按理来说当token过期会抛出ExpiredCredentialsException异常,这个异常是shiroException的子类,应该能接受到,但是死活接收不到,只会抛出异常,没有下一步的处理了,初步怀疑是不是抛出了其它没被捕获的异常