自定义过滤器如下:
java
/**
* jwt过滤器,验证令牌是否合法
*
* @author 朱铭健
*/
@Slf4j
public class JwtAuthenticationFilter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
//换成你自己的获取Token方式
String token = "";
if (StringUtil.isNotNullOrEmpty(token)) {
try {
//TODO 这里写校验逻辑和抛出异常
} catch (JWTException e) {
//这里的JwtAuthException是一个自定义的AuthenticationException
throw new JwtAuthException(e.getMessage());
} catch (Exception e) {
log.error("JWT认证异常 - {}:", token, e);
//这里的JwtAuthException是一个自定义的AuthenticationException
throw new JwtAuthException("JWT认证异常");
}
}
filterChain.doFilter(request, response);
}
}定义一个 AuthenticationEntryPoint
java
/**
* @author 朱铭健
*/
@Slf4j
@Component
public class AuthenticationExceptionHandler implements AuthenticationEntryPoint{
@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException {
//使用response处理你的异常,包括响应json,跳转页面等
}
}配置 Configurer,关键是要将过滤器置于ExceptionTranslationFilter之后,异常处理是由ExceptionTranslationFilter实现的
java
public class JwtAuthenticationConfigurer extends AbstractHttpConfigurer<JwtAuthenticationConfigurer, HttpSecurity> {
@Override
public void configure(HttpSecurity builder) {
JwtAuthenticationFilter filter = new JwtAuthenticationFilter();
// 务必注意这里与配置类中声明的先后顺序
builder.addFilterAfter(filter, ExceptionTranslationFilter.class);
}
}
java
public SecurityFilterChain adminFilterChain(HttpSecurity http) throws Exception {
//Jwt相关配置
http.with(new JwtAuthenticationConfigurer(), Customizer.withDefaults());
return http.build();
}