springsecurity从request中获取的是上一次的token
我现在遇到了个问题,就是使用springsecurity的时候,从authenticationEntryPoint中的方法获取的request中请求头里的token是上一次的token,导致会出现token过期
securityconfig的代码如下
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private WebClient webClient = WebClient.create();
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/admin/login")
.permitAll()
.anyRequest().authenticated()
.and()
.csrf().disable()
.httpBasic()
.authenticationEntryPoint((request, response, authException) -> {
// This block handles authentication failures for non-form login (e.g., basic authentication)
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.setContentType("application/json");
response.setCharacterEncoding("UTF-8");
JwtInterceptor jwtInterceptor = new JwtInterceptor();
String token = request.getHeader("collegemanage-token");
boolean tokenEqual = jwtInterceptor.tokenVerify(token);
if (!tokenEqual) {
// 如果需要,你还可以使用errorResponse.put(key, value)添加其他数据到响应中
Result result = new Result(ResultEnum.accessDenied.getCode(), ResultEnum.accessDenied.getMessage());
Gson gson = new Gson();
String jsonResponse = gson.toJson(result);
PrintWriter writer = response.getWriter();
writer.print(jsonResponse);
writer.flush();
} else {
String originalUrl = request.getRequestURI(); // 获取原始请求的 URL
// 根据需要根据 URL 来判断转发的 Controller 和请求方法
String targetController = determineTargetController(originalUrl);
HttpMethod httpMethod = determineHttpMethod(originalUrl);
// 构造要转发的 URL
String forwardUrl = "http://your-app-host" + targetController;
// 根据请求方法发送请求
Mono<String> responseMono = null;
if (httpMethod == HttpMethod.GET) {
responseMono = webClient.get()
.uri(forwardUrl)
.retrieve()
.bodyToMono(String.class);
} else if (httpMethod == HttpMethod.POST) {
// 构造请求参数,示例中为一个空的 Mono
Mono<String> requestMono = Mono.empty();
responseMono = webClient.post()
.uri(forwardUrl)
.body(requestMono, String.class)
.retrieve()
.bodyToMono(String.class);
}
// 订阅 Mono,获取响应体
responseMono.subscribe(responseBody -> {
// 根据响应结果进行处理,这里简单打印响应内容
System.out.println("Forward response: " + responseBody);
// 这里可以做其他的处理,例如重定向等
// 最后返回一个成功的 JSON 响应
response.setStatus(HttpServletResponse.SC_OK);
response.setContentType("application/json");
response.setCharacterEncoding("UTF-8");
PrintWriter writer = null;
try {
writer = response.getWriter();
} catch (IOException e) {
throw new RuntimeException(e);
}
writer.flush();
});
}
});
}
@Bean
public BCryptPasswordEncoder bCryptPasswordEncoder() {
return new BCryptPasswordEncoder();
}
private HttpMethod determineHttpMethod(String originalUrl) {
// 在这里根据 originalUrl 来判断要转发的 Controller
// 返回要转发的 Controller 的 URL,例如 "/your-target-controller"
Pattern pattern = Pattern.compile("/([^/]+)$"); // 匹配以 "/" 开头和结尾的单词字符
Matcher matcher = pattern.matcher(originalUrl);
String part = "";
if (matcher.find()) {
part = matcher.group(1); // 获取第一个捕获组的内容,即 "admin"
}
System.out.println(part);
switch (part) {
case "register":
return HttpMethod.POST;
default:
throw new CustomException(ResultEnum.unsupportedRequestMode.getCode(),ResultEnum.unsupportedRequestMode.getMessage());
}
}
private String determineTargetController(String originalUrl) {
Pattern pattern = Pattern.compile("/([^/]+)$"); // 匹配以 "/" 开头和结尾的单词字符
Matcher matcher = pattern.matcher(originalUrl);
String part = "";
if (matcher.find()) {
part = matcher.group(1); // 获取第一个捕获组的内容,即 "admin"
}
System.out.println(part);
return "";
}
}
现在,token过期也不提示,只会报错,返回结果里什么都没有,我有一个结果类和一个自定义异常处理器都是封装好了的,拒绝访问和不支持的请求方式等等都是以json的形式返回的。
{"code":401,"message":"服务器拒绝了您的访问"}
