JJWT库和句柄过期ExpiredJWTException

Question

问题是，我的应用程序在令牌过期时抛出异常，而我无法捕获该异常。我想捕捉这个异常，然后做另一件事。已尝试在catch块上注释异常语句，但没有任何进展。

例外：

 **03-Mar-2018 18:32:16.941 SEVERE [http-nio-1234-exec-26]                          org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service()
 for servlet [Jersey Web Application] in context with path [/uis] threw
 exception [io.jsonwebtoken.ExpiredJwtException: JWT expired at
 2018-03-03T18:32:03Z. Current time: 2018-03-03T18:32:16Z, a difference
 of 13940 milliseconds.  Allowed clock skew: 0 milliseconds.] with root
 cause  io.jsonwebtoken.ExpiredJwtException: JWT expired at
 2018-03-03T18:32:03Z. Current time: 2018-03-03T18:32:16Z, a difference
 of 13940 milliseconds.  Allowed clock skew: 0 milliseconds.    at
 io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:385)
    at
 io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:481)
    at
 io.jsonwebtoken.impl.DefaultJwtParser.parseClaimsJws(DefaultJwtParser.java:541)
    at az.naxtel.java.JWTController.isValid(JWTController.java:53)  at
 az.naxtel.java.JWTController.getManagerFromToken(JWTController.java:37)
    at
 az.naxtel.api.cc.resource.RedmineJournalResource.getJournalsCount(RedmineJournalResource.java:59)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)  at
 sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at
 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)     at
 org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:76)
    at
 org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:148)
    at
 org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:191)
    at
 org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:200)
    at
 org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:103)
    at
 org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:493)
    at
 org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:415)
    at
 org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:104)
    at
 org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:277)
    at org.glassfish.jersey.internal.Errors$1.call(Errors.java:272)     at
 org.glassfish.jersey.internal.Errors$1.call(Errors.java:268)   at
 org.glassfish.jersey.internal.Errors.process(Errors.java:316)  at
 org.glassfish.jersey.internal.Errors.process(Errors.java:298)  at
 org.glassfish.jersey.internal.Errors.process(Errors.java:268)  at
 org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:289)
    at
 org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:256)
    at
 org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:703)
    at
 org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:416)
    at
 org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:370)
    at
 org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:389)
    at
 org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:342)
    at
 org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:229)
    at
 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
    at
 org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at
 org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
    at
 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at
 org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at
 org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
    at
 org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
    at
 org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
    at
 org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
    at
 org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
    at
 org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650)
    at
 org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
    at
 org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
    at
 org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
    at
 org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
    at
 org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:790)
    at
 org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)
    at
 org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    at
 java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at
 java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at
 org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:748)**

正在检查令牌：

    private boolean isValid(String token) {
    boolean validation = false;
    try {
        Jwts.parser().setSigningKey(PRIVATE_KEY).parseClaimsJws(token).getBody().getSubject();
        validation = true;
    } catch (SignatureException e) {
        Logger.getLogger(JWTController.class.getName()).log(Level.ERROR, e);
    }
    return validation;
}

Answer 1

这是因为你没有捕捉到相关的异常。

通过添加以下catch (ExpiredJwtException e)声明来更改代码：

试试这个：

try {
    Jwts.parser().setSigningKey(PRIVATE_KEY).parseClaimsJws(token).getBody().getSubject();
    validation = true;
} catch (ExpiredJwtException e) {
    System.out.println(" Token expired ");
} catch (SignatureException e) {
    Logger.getLogger(JWTController.class.getName()).log(Level.ERROR, e);
} catch(Exception e){
    System.out.println(" Some other exception in JWT parsing ");
}

Answer 2

请阅读： https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4

"exp“(过期时间)声明标识

或者在此之后JWT不能被接受以进行处理。这个

"exp“索赔的处理要求当前日期/时间

必须在"exp“声明中列出的过期日期/时间之前。

因此，它抛出异常，这是它应该抛出的！

如果你想延长它的到期日，它将抛出异常！

我建议您使用刷新和访问令牌流来实现授权。

我建议你在这里看看@doctore的答案：How can I refresh tokens in Spring security

管理用户登录应用程序的访问和刷新令牌(包括用户名和密码)

您的后端应用程序返回任何必需的凭据信息和

2.1访问JWT令牌的过期时间通常为“低”(15分钟、30分钟等)。

2.2刷新过期时间大于访问时间的JWT令牌。

从现在开始，您的前端应用程序将在每个请求的头中使用访问令牌。

当后端返回401时，前端应用程序将尝试使用标头中的刷新令牌(使用特定端点)来获取新的访问和刷新令牌对！

实施流程=> Refresh token flow

参考：Parser throws exception when token is expired