【发布时间】:2019-03-08 22:45:04
【问题描述】:
我正在尝试实现基于 jwt 的身份验证以使用 spring boot 公开我的 REST api,但我遇到了 JWT 到期日期的问题。即使我设置了到期时间,它也总是抛出“ExpiredJwtException”。我提供了代码,如果有人找到确切的问题和解决方案,请告诉我。谢谢。
git 仓库https://github.com/asim-ch/JWT-authentication-with-spring-boot
身份验证过滤器
public class JWTAuthenticationFilter extends OncePerRequestFilter {
@Autowired
TokenProvider tokenProvider;
@Autowired
CustomUserDetailsService userDetailsService;
@Override
protected void doFilterInternal(HttpServletRequest httpServletRequest,
HttpServletResponse httpServletResponse, FilterChain filterChain) throws
ServletException, IOException {
try {
String jwt = getJwt(httpServletRequest);
if (jwt!=null && tokenProvider.validateJwtToken(jwt)) {
String username = tokenProvider.getUserNameFromJwtToken(jwt);
UserDetails userDetails = userDetailsService.loadUserByUsername(username);
UsernamePasswordAuthenticationToken authentication
= new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpServletRequest));
SecurityContextHolder.getContext().setAuthentication(authentication);
}
} catch (Exception e) {
logger.error("Can NOT set user authentication ", e);
}
filterChain.doFilter(httpServletRequest, httpServletResponse);
}
private String getJwt(HttpServletRequest request) {
String authHeader = request.getHeader("Authorization");
if (authHeader != null && authHeader.startsWith("Bearer ")) {
return authHeader.replace("Bearer ","");
}
return null;
}
}
TokenProvider 类
package com.example.RestApi.Configs;
import io.jsonwebtoken.*;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.stereotype.Component;
import java.io.UnsupportedEncodingException;
import java.util.Date;
import java.util.stream.Collectors;
@Component
public class TokenProvider {
private String jwtSecret = "something";
Logger logger = LoggerFactory.getLogger(TokenProvider.class);
public String generateJwtToken(Authentication authentication) throws UnsupportedEncodingException {
Date d = new Date();
Date expiry = new Date(d.getTime() + 720000L);
UserPrincipal userPrincipal = (UserPrincipal) authentication.getPrincipal();
final String authorities = userPrincipal.getAuthorities().stream()
.map(GrantedAuthority::getAuthority)
.collect(Collectors.joining(","));
String token = Jwts.builder()
.setSubject((userPrincipal.getUsername()))
.setIssuedAt(d)
.claim("roles", authorities)
.setExpiration(expiry)
.signWith(SignatureAlgorithm.HS512, jwtSecret)
.compact();
return token;
}
public String getUserNameFromJwtToken(String token) {
String userName = null;
try {
userName = Jwts.parser()
.setSigningKey(jwtSecret)
.parseClaimsJws(token)
.getBody().getSubject();
} catch (Exception e) {
System.out.println(e);
}
return userName;
}
public boolean validateJwtToken(String authToken) throws UnsupportedEncodingException {
try {
Jwts.parser().setSigningKey(jwtSecret)
.parseClaimsJws(authToken);
return true;
} catch (SignatureException e) {
logger.debug("signature exception"+e);
} catch (MalformedJwtException e) {
logger.debug("token malformed"+e);
} catch (ExpiredJwtException e) {
logger.debug("token expired"+e);
} catch (UnsupportedJwtException e) {
logger.debug("unsupported"+e);
} catch (IllegalArgumentException e) {
logger.debug("Illegal"+e);
}
return false;
}
}
异常处理
【问题讨论】:
-
似乎按预期工作。根据您提到的屏幕截图,令牌已在“1/10”过期,您正在“3/10”尝试。能否重新生成新令牌并重试?
-
@ShaunakPatel 请考虑我在 TokensProvider 类中附加到令牌的到期日期,即使在重新生成令牌后我也没有在任何地方设置“1/10”我面临同样的问题到期日期是总是“1/10”
-
@Asimshahzad 对我来说,您的代码在我检查时工作正常,因此请检查您的系统日期或您在应用程序中设置日期的某个位置,这可能会生成旧日期。
-
@kj007 除了它之外,我的应用程序中没有任何其他代码脚本正在处理令牌到期时间。而且我的系统时间也是正确的,每当我运行代码时,到期时间总是1/10。
-
你是如何生成新令牌的?