小贝子编程

JJWT 库和句柄过期 已过期的 JWTException



问题是我的应用程序在令牌过期时抛出异常,而我无法捕获该异常。 我想捕获该异常并做另一件事。尝试在捕获块上注释异常语句,但没有进展。

例外:

**03-Mar-2018 18:32:16.941 SEVERE [http-nio-1234-exec-26]                          org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service()
for servlet [Jersey Web Application] in context with path [/uis] threw
exception [io.jsonwebtoken.ExpiredJwtException: JWT expired at
2018-03-03T18:32:03Z. Current time: 2018-03-03T18:32:16Z, a difference
of 13940 milliseconds.  Allowed clock skew: 0 milliseconds.] with root
cause  io.jsonwebtoken.ExpiredJwtException: JWT expired at
2018-03-03T18:32:03Z. Current time: 2018-03-03T18:32:16Z, a difference
of 13940 milliseconds.  Allowed clock skew: 0 milliseconds.    at
io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:385)
at
io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:481)
at
io.jsonwebtoken.impl.DefaultJwtParser.parseClaimsJws(DefaultJwtParser.java:541)
at az.naxtel.java.JWTController.isValid(JWTController.java:53)  at
az.naxtel.java.JWTController.getManagerFromToken(JWTController.java:37)
at
az.naxtel.api.cc.resource.RedmineJournalResource.getJournalsCount(RedmineJournalResource.java:59)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)  at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)     at
org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:76)
at
org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:148)
at
org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:191)
at
org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:200)
at
org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:103)
at
org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:493)
at
org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:415)
at
org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:104)
at
org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:277)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:272)     at
org.glassfish.jersey.internal.Errors$1.call(Errors.java:268)   at
org.glassfish.jersey.internal.Errors.process(Errors.java:316)  at
org.glassfish.jersey.internal.Errors.process(Errors.java:298)  at
org.glassfish.jersey.internal.Errors.process(Errors.java:268)  at
org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:289)
at
org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:256)
at
org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:703)
at
org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:416)
at
org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:370)
at
org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:389)
at
org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:342)
at
org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:229)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:790)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)**

检查令牌:

private boolean isValid(String token) {
boolean validation = false;
try {
Jwts.parser().setSigningKey(PRIVATE_KEY).parseClaimsJws(token).getBody().getSubject();
validation = true;
} catch (SignatureException e) {
Logger.getLogger(JWTController.class.getName()).log(Level.ERROR, e);
}
return validation;
}

这是因为您没有捕获相关的异常。

通过添加以下catch (ExpiredJwtException e)声明来更改代码:

试试这个:

try {
Jwts.parser().setSigningKey(PRIVATE_KEY).parseClaimsJws(token).getBody().getSubject();
validation = true;
} catch (ExpiredJwtException e) {
System.out.println(" Token expired ");
} catch (SignatureException e) {
Logger.getLogger(JWTController.class.getName()).log(Level.ERROR, e);
} catch(Exception e){
System.out.println(" Some other exception in JWT parsing ");
}

请阅读以下内容:https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4

"exp"(过期时间)声明标识
或过期时间,在此时间之后不得接受 JWT 进行处理。 "exp"索赔的
处理要求当前日期/时间
必须在"exp"索赔中列出的到期日期/时间之前。

因此,它会引发异常,因为它应该!

如果要延长其到期日期,它将抛出异常!

我建议您使用刷新访问令牌流实现授权。

我建议你看看@doctore在这里的答案:如何在 Spring 安全性中刷新令牌

管理访问和刷新令牌用户登录到应用程序(包括用户名和密码)

后端应用程序返回任何必需的凭据信息,并且

2.1 访问过期时间的 JWT 令牌通常"低"(15、30 分钟等)。

2.2 刷新过期时间大于访问时间的 JWT 令牌。

从现在开始,前端应用程序将在每个请求的授权标头中使用访问令牌。

当后端返回 401 时,前端应用程序将尝试在标头中使用刷新令牌(使用特定终结点)来获取新的一对新的访问和刷新令牌!!

实现流 => 刷新令牌流

供参考:当令牌过期时,解析器会引发异常

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium