我已经部署了我的spring引导web应用程序在本地机器嵌入式apache服务器上使用spring ide和访问一个不正确的令牌url,在这种情况下,它返回我未经授权的访问错误401和一个特定的错误消息,由托管异常处理抛出,而如果我在独立但相同的apache服务器上部署相同的应用程序,它给我500内部服务器错误代替401或任何其他服务器端错误。
我捕获的日志只有以下一行差异:
local
------------------
2021-10-13 16:59:51 - Authentication Failed. Invalid signature in token.
2021-10-13 16:59:51 - Servlet.service() for servlet [dispatcherServlet] in context with path [/myapplication] threw exception
java.lang.RuntimeException: Authentication Failed. Invalid signature in token.
server
------------------
2021-10-13 16:59:35 - Authentication Failed. Invalid signature in token.
2021-10-13 16:59:35 - Forwarding to error page from request [/user/get_user_profile] due to exception [Authentication Failed. Invalid signature in token.]
java.lang.RuntimeException: Authentication Failed. Invalid signature in token.
下面是我用来处理异常的配置:
@Autowired
private JwtAuthenticationEntryPoint unauthorizedHandler;
http.cors().and().csrf().disable()
.authorizeRequests()
.antMatchers("admin/**").permitAll()
.anyRequest().authenticated()
.and()
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler)
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.addFilterBefore(authenticationFilter(), UsernamePasswordAuthenticationFilter.class);
这个类正在处理异常:
public class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint, Serializable {
private static final long serialVersionUID = -90731367144543199L;
@Override
public void commence(HttpServletRequest request,
HttpServletResponse response,
AuthenticationException authException) throws IOException {
response.getOutputStream().println(authException);
}
}
而不是抛出异常的过滤器,你应该设定它的状态是这样的:
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.getWriter().write("Here will be your message string"); //show error message
return;