JJWT 库和处理过期 ExpiredJWTException
JJWT library and handle expiration ExpiredJWTException
问题是我的应用程序在令牌过期时抛出异常,而我无法捕获该异常。
我想捕获那个异常并做另一件事。尝试在 catch 块上注释异常语句但没有任何进展。
异常:
**03-Mar-2018 18:32:16.941 SEVERE [http-nio-1234-exec-26] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service()
for servlet [Jersey Web Application] in context with path [/uis] threw
exception [io.jsonwebtoken.ExpiredJwtException: JWT expired at
2018-03-03T18:32:03Z. Current time: 2018-03-03T18:32:16Z, a difference
of 13940 milliseconds. Allowed clock skew: 0 milliseconds.] with root
cause io.jsonwebtoken.ExpiredJwtException: JWT expired at
2018-03-03T18:32:03Z. Current time: 2018-03-03T18:32:16Z, a difference
of 13940 milliseconds. Allowed clock skew: 0 milliseconds. at
io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:385)
at
io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:481)
at
io.jsonwebtoken.impl.DefaultJwtParser.parseClaimsJws(DefaultJwtParser.java:541)
at az.naxtel.java.JWTController.isValid(JWTController.java:53) at
az.naxtel.java.JWTController.getManagerFromToken(JWTController.java:37)
at
az.naxtel.api.cc.resource.RedmineJournalResource.getJournalsCount(RedmineJournalResource.java:59)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498) at
org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static[=10=](ResourceMethodInvocationHandlerFactory.java:76)
at
org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.run(AbstractJavaResourceMethodDispatcher.java:148)
at
org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:191)
at
org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:200)
at
org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:103)
at
org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:493)
at
org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:415)
at
org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:104)
at
org.glassfish.jersey.server.ServerRuntime.run(ServerRuntime.java:277)
at org.glassfish.jersey.internal.Errors.call(Errors.java:272) at
org.glassfish.jersey.internal.Errors.call(Errors.java:268) at
org.glassfish.jersey.internal.Errors.process(Errors.java:316) at
org.glassfish.jersey.internal.Errors.process(Errors.java:298) at
org.glassfish.jersey.internal.Errors.process(Errors.java:268) at
org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:289)
at
org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:256)
at
org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:703)
at
org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:416)
at
org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:370)
at
org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:389)
at
org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:342)
at
org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:229)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:790)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)**
检查令牌:
private boolean isValid(String token) {
boolean validation = false;
try {
Jwts.parser().setSigningKey(PRIVATE_KEY).parseClaimsJws(token).getBody().getSubject();
validation = true;
} catch (SignatureException e) {
Logger.getLogger(JWTController.class.getName()).log(Level.ERROR, e);
}
return validation;
}
这是因为你没有捕捉到相关的异常。
通过添加以下 catch (ExpiredJwtException e) 声明更改您的代码:
试试这个:
try {
Jwts.parser().setSigningKey(PRIVATE_KEY).parseClaimsJws(token).getBody().getSubject();
validation = true;
} catch (ExpiredJwtException e) {
System.out.println(" Token expired ");
} catch (SignatureException e) {
Logger.getLogger(JWTController.class.getName()).log(Level.ERROR, e);
} catch(Exception e){
System.out.println(" Some other exception in JWT parsing ");
}
请阅读: https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4
The "exp" (expiration time) claim identifies the expiration time on
or after which the JWT MUST NOT be accepted for processing. The
processing of the "exp" claim requires that the current date/time
MUST be before the expiration date/time listed in the "exp" claim.
因此,它应该抛出异常!
如果您想延长它的到期日期,它会抛出异常!
我建议您使用刷新 和 访问令牌流程实施授权。
我建议你看看@doctore's answer here: How can I refresh tokens in Spring security
管理访问和刷新令牌
用户登录应用程序(包括用户名和密码)
您的后端应用程序returns任何必需的凭据信息和:
2.1 访问 JWT 令牌的过期时间通常是“低”(15、30 分钟等)。
2.2 刷新过期时间大于访问时间的 JWT 令牌。
从现在开始,您的前端应用程序将在每个请求的授权 header 中使用访问令牌。
当后端returns 401时,前端应用程序将尝试在header(使用特定端点)中使用刷新令牌来获取新的一对新访问和刷新令牌!!!
实施流程=> Refresh token flow
问题是我的应用程序在令牌过期时抛出异常,而我无法捕获该异常。 我想捕获那个异常并做另一件事。尝试在 catch 块上注释异常语句但没有任何进展。
异常:
**03-Mar-2018 18:32:16.941 SEVERE [http-nio-1234-exec-26] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service()
for servlet [Jersey Web Application] in context with path [/uis] threw
exception [io.jsonwebtoken.ExpiredJwtException: JWT expired at
2018-03-03T18:32:03Z. Current time: 2018-03-03T18:32:16Z, a difference
of 13940 milliseconds. Allowed clock skew: 0 milliseconds.] with root
cause io.jsonwebtoken.ExpiredJwtException: JWT expired at
2018-03-03T18:32:03Z. Current time: 2018-03-03T18:32:16Z, a difference
of 13940 milliseconds. Allowed clock skew: 0 milliseconds. at
io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:385)
at
io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:481)
at
io.jsonwebtoken.impl.DefaultJwtParser.parseClaimsJws(DefaultJwtParser.java:541)
at az.naxtel.java.JWTController.isValid(JWTController.java:53) at
az.naxtel.java.JWTController.getManagerFromToken(JWTController.java:37)
at
az.naxtel.api.cc.resource.RedmineJournalResource.getJournalsCount(RedmineJournalResource.java:59)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498) at
org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static[=10=](ResourceMethodInvocationHandlerFactory.java:76)
at
org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.run(AbstractJavaResourceMethodDispatcher.java:148)
at
org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:191)
at
org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:200)
at
org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:103)
at
org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:493)
at
org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:415)
at
org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:104)
at
org.glassfish.jersey.server.ServerRuntime.run(ServerRuntime.java:277)
at org.glassfish.jersey.internal.Errors.call(Errors.java:272) at
org.glassfish.jersey.internal.Errors.call(Errors.java:268) at
org.glassfish.jersey.internal.Errors.process(Errors.java:316) at
org.glassfish.jersey.internal.Errors.process(Errors.java:298) at
org.glassfish.jersey.internal.Errors.process(Errors.java:268) at
org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:289)
at
org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:256)
at
org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:703)
at
org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:416)
at
org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:370)
at
org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:389)
at
org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:342)
at
org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:229)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:790)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)**
检查令牌:
private boolean isValid(String token) {
boolean validation = false;
try {
Jwts.parser().setSigningKey(PRIVATE_KEY).parseClaimsJws(token).getBody().getSubject();
validation = true;
} catch (SignatureException e) {
Logger.getLogger(JWTController.class.getName()).log(Level.ERROR, e);
}
return validation;
}
这是因为你没有捕捉到相关的异常。
通过添加以下 catch (ExpiredJwtException e) 声明更改您的代码:
试试这个:
try {
Jwts.parser().setSigningKey(PRIVATE_KEY).parseClaimsJws(token).getBody().getSubject();
validation = true;
} catch (ExpiredJwtException e) {
System.out.println(" Token expired ");
} catch (SignatureException e) {
Logger.getLogger(JWTController.class.getName()).log(Level.ERROR, e);
} catch(Exception e){
System.out.println(" Some other exception in JWT parsing ");
}
请阅读: https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4
The "exp" (expiration time) claim identifies the expiration time on
or after which the JWT MUST NOT be accepted for processing. The
processing of the "exp" claim requires that the current date/time
MUST be before the expiration date/time listed in the "exp" claim.
因此,它应该抛出异常!
如果您想延长它的到期日期,它会抛出异常!
我建议您使用刷新 和 访问令牌流程实施授权。
我建议你看看@doctore's answer here: How can I refresh tokens in Spring security
管理访问和刷新令牌 用户登录应用程序(包括用户名和密码)
您的后端应用程序returns任何必需的凭据信息和:
2.1 访问 JWT 令牌的过期时间通常是“低”(15、30 分钟等)。
2.2 刷新过期时间大于访问时间的 JWT 令牌。
从现在开始,您的前端应用程序将在每个请求的授权 header 中使用访问令牌。
当后端returns 401时,前端应用程序将尝试在header(使用特定端点)中使用刷新令牌来获取新的一对新访问和刷新令牌!!!
实施流程=> Refresh token flow
