HttpservletRequest 仅在 refresh_token api 调用中不在后端获取新的刷新令牌
HttpservletRequest not taking newer refreshtoken at backend side in only refreshtoken api call
我正在使用 Authenticator(okhttp3) class 的 authenticate 方法来提供 apis 的刷新令牌。
在那种方法中,我使用 httpClient.addInterceptor 调用 refreshtoken api 来提供新令牌
但是使用授权令牌创建问题
它向其他 api 提供较新的授权令牌,但仅在 refreshtoken api 调用中,它在后端获取他们之前的授权令牌,尽管在 android 方面提供较新的 refreshtoken 作为 header
示例:
当运行应用那个时间令牌是“ABC”
过期后,新的刷新令牌是“xyw”
在“xyw”过期后 - 然后将“xyw”作为 oldAccessToken - 较新的 refreshtoken 是“pqr”
现在当“pqr”过期时,它会使用“xyw”而不是“pqr”
它仅在 refreshtoken api调用中造成此问题。
我找不到这个问题的主要原因
谁能告诉我为什么会出现这个问题?
代码:
使用 post 方法的主要 api 调用:
public static void post(String url, String json, Context context, Callback callback) {
okHttpClient = new OkHttpClient().newBuilder()
.connectTimeout(10, TimeUnit.SECONDS)
.callTimeout(60,TimeUnit.SECONDS)
.writeTimeout(60, TimeUnit.SECONDS)
.readTimeout(60, TimeUnit.SECONDS)
.authenticator(new TokenAuthenticator(context))
.addInterceptor(new AccessTokenInterceptor(context)).build();
RequestBody body = RequestBody.create(json,mediaType);
System.out.println("J:> 1 main Token ::"+getToken(context));
Request request = new Request.Builder()
.url(url)
.header(AUTHORIZATION,getToken(context))
.post(body)
.build();
Call call = okHttpClient.newCall(request);
call.enqueue(callback);
}
访问令牌拦截器:
public class AccessTokenInterceptor implements Interceptor {
private Context mContext;
public AccessTokenInterceptor(Context mContext) {
this.mContext = mContext;
}
@NonNull
@Override
public Response intercept(@NonNull Chain chain) throws IOException {
System.out.println("J:> AUTH intercept inside...");
Request request = chain.request()
.newBuilder()
.addHeader(AUTHORIZATION, APIServices.getToken(mContext))
.build();
return chain.proceed(request);
}
}
令牌验证器:
public Request authenticate(@Nullable Route route, @NonNull Response response) throws IOException {
if (!response.request().header(AUTHORIZATION).equals(APIServices.getToken(mContext)))
return null;
String accessToken = null;
ApiInterface apiService = getAdapterRefresh(response.request().header(AUTHORIZATION)).create(ApiInterface.class);
Call<JwtRefreshTokenResponseModel> call = apiService.requestAccessToken();
try {
retrofit2.Response responseCall = call.execute();
JwtRefreshTokenResponseModel responseRequest = (JwtRefreshTokenResponseModel) responseCall.body();
if (responseRequest != null) {
String data = responseRequest.getToken();
accessToken = data;
//store token in session
}
}catch (Exception ex){
Log.d("ERROR", "onResponse: "+ ex.toString());
ex.printStackTrace();
}
if (accessToken != null) {
// retry the failed 401 request with new access token
return response.request().newBuilder()
.header("Authorization", accessToken) // use the new access token
.build();
}else{
return null;
}
}
获取适配器刷新:
public Retrofit getAdapterRefresh(String token) {
if (retrofitRefresh==null) {
final OkHttpClient.Builder httpClient = new OkHttpClient.Builder().
connectTimeout(10, TimeUnit.SECONDS)
.callTimeout(60,TimeUnit.SECONDS)
.writeTimeout(60, TimeUnit.SECONDS)
.readTimeout(60, TimeUnit.SECONDS);
httpClient.addInterceptor(new Interceptor() {
@Override
public Response intercept(Chain chain) throws IOException {
Request request = chain.request()
.newBuilder()
// add Authorization key on request header
// key will be using refresh token
.addHeader(AUTHORIZATION,token)
.build();
return chain.proceed(request);
}
});
Gson gson = new GsonBuilder()
.setLenient()
.create();
retrofitRefresh= new Retrofit.Builder()
.baseUrl(BASE_URL)
.addConverterFactory(GsonConverterFactory.create(gson))
.client(httpClient.build())
.build();
}
return retrofitRefresh;
}
提前致谢
主要原因是 getAdapterRefresh 方法中的 if (retrofitRefresh==null) 条件。
我从方法中删除了它,它按预期工作
如下所示:
public Retrofit getAdapterRefresh(String token) {
final OkHttpClient.Builder httpClient = new OkHttpClient.Builder();
httpClient.addInterceptor(new Interceptor() {
@Override
public Response intercept(Chain chain) throws IOException {
Request request = chain.request()
.newBuilder()
// add Authorization key on request header
// key will be using refresh token
.addHeader(AUTHORIZATION,token)
.build();
return chain.proceed(request);
}
});
Gson gson = new GsonBuilder().setLenient().create();
return new Retrofit.Builder()
.baseUrl(BASE_URL)
.addConverterFactory(GsonConverterFactory.create(gson))
.client(httpClient.build())
.build();
}
我正在使用 Authenticator(okhttp3) class 的 authenticate 方法来提供 apis 的刷新令牌。
在那种方法中,我使用 httpClient.addInterceptor 调用 refreshtoken api 来提供新令牌
但是使用授权令牌创建问题
它向其他 api 提供较新的授权令牌,但仅在 refreshtoken api 调用中,它在后端获取他们之前的授权令牌,尽管在 android 方面提供较新的 refreshtoken 作为 header
示例:
当运行应用那个时间令牌是“ABC” 过期后,新的刷新令牌是“xyw” 在“xyw”过期后 - 然后将“xyw”作为 oldAccessToken - 较新的 refreshtoken 是“pqr”
现在当“pqr”过期时,它会使用“xyw”而不是“pqr”
它仅在 refreshtoken api调用中造成此问题。
我找不到这个问题的主要原因
谁能告诉我为什么会出现这个问题?
代码:
使用 post 方法的主要 api 调用:
public static void post(String url, String json, Context context, Callback callback) {
okHttpClient = new OkHttpClient().newBuilder()
.connectTimeout(10, TimeUnit.SECONDS)
.callTimeout(60,TimeUnit.SECONDS)
.writeTimeout(60, TimeUnit.SECONDS)
.readTimeout(60, TimeUnit.SECONDS)
.authenticator(new TokenAuthenticator(context))
.addInterceptor(new AccessTokenInterceptor(context)).build();
RequestBody body = RequestBody.create(json,mediaType);
System.out.println("J:> 1 main Token ::"+getToken(context));
Request request = new Request.Builder()
.url(url)
.header(AUTHORIZATION,getToken(context))
.post(body)
.build();
Call call = okHttpClient.newCall(request);
call.enqueue(callback);
}
访问令牌拦截器:
public class AccessTokenInterceptor implements Interceptor {
private Context mContext;
public AccessTokenInterceptor(Context mContext) {
this.mContext = mContext;
}
@NonNull
@Override
public Response intercept(@NonNull Chain chain) throws IOException {
System.out.println("J:> AUTH intercept inside...");
Request request = chain.request()
.newBuilder()
.addHeader(AUTHORIZATION, APIServices.getToken(mContext))
.build();
return chain.proceed(request);
}
}
令牌验证器:
public Request authenticate(@Nullable Route route, @NonNull Response response) throws IOException {
if (!response.request().header(AUTHORIZATION).equals(APIServices.getToken(mContext)))
return null;
String accessToken = null;
ApiInterface apiService = getAdapterRefresh(response.request().header(AUTHORIZATION)).create(ApiInterface.class);
Call<JwtRefreshTokenResponseModel> call = apiService.requestAccessToken();
try {
retrofit2.Response responseCall = call.execute();
JwtRefreshTokenResponseModel responseRequest = (JwtRefreshTokenResponseModel) responseCall.body();
if (responseRequest != null) {
String data = responseRequest.getToken();
accessToken = data;
//store token in session
}
}catch (Exception ex){
Log.d("ERROR", "onResponse: "+ ex.toString());
ex.printStackTrace();
}
if (accessToken != null) {
// retry the failed 401 request with new access token
return response.request().newBuilder()
.header("Authorization", accessToken) // use the new access token
.build();
}else{
return null;
}
}
获取适配器刷新:
public Retrofit getAdapterRefresh(String token) {
if (retrofitRefresh==null) {
final OkHttpClient.Builder httpClient = new OkHttpClient.Builder().
connectTimeout(10, TimeUnit.SECONDS)
.callTimeout(60,TimeUnit.SECONDS)
.writeTimeout(60, TimeUnit.SECONDS)
.readTimeout(60, TimeUnit.SECONDS);
httpClient.addInterceptor(new Interceptor() {
@Override
public Response intercept(Chain chain) throws IOException {
Request request = chain.request()
.newBuilder()
// add Authorization key on request header
// key will be using refresh token
.addHeader(AUTHORIZATION,token)
.build();
return chain.proceed(request);
}
});
Gson gson = new GsonBuilder()
.setLenient()
.create();
retrofitRefresh= new Retrofit.Builder()
.baseUrl(BASE_URL)
.addConverterFactory(GsonConverterFactory.create(gson))
.client(httpClient.build())
.build();
}
return retrofitRefresh;
}
提前致谢
主要原因是 getAdapterRefresh 方法中的 if (retrofitRefresh==null) 条件。
我从方法中删除了它,它按预期工作
如下所示:
public Retrofit getAdapterRefresh(String token) {
final OkHttpClient.Builder httpClient = new OkHttpClient.Builder();
httpClient.addInterceptor(new Interceptor() {
@Override
public Response intercept(Chain chain) throws IOException {
Request request = chain.request()
.newBuilder()
// add Authorization key on request header
// key will be using refresh token
.addHeader(AUTHORIZATION,token)
.build();
return chain.proceed(request);
}
});
Gson gson = new GsonBuilder().setLenient().create();
return new Retrofit.Builder()
.baseUrl(BASE_URL)
.addConverterFactory(GsonConverterFactory.create(gson))
.client(httpClient.build())
.build();
}