6

我想做什么?

我正在尝试从服务器端生成新的时间戳令牌,客户端可以在其后续请求中使用

我试过什么?

我有一个围绕REST调用的 Servlet 过滤器,看起来像

@WebFilter(urlPatterns = "/rest/secure")
public class SecurityFilter implements Filter {

    private static final Pattern PATTERN = Pattern.compile(":");
    private static final Logger LOGGER = LoggerFactory.getLogger(SecurityFilter.class);

    @Override
    public void init(final FilterConfig filterConfig) throws ServletException {
        //LOGGER.info("initializing SecurityFilter");
    }

    @Override
    public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException {
        final HttpServletResponse httpServletResponse = (HttpServletResponse) response;
        final String authToken = getAuthenticationHeaderValue((HttpServletRequest) request);

        try {
            validateAuthToken(authToken);
        } catch (IllegalArgumentException tokenNotValidException) {
            LOGGER.error("invalid token");
            httpServletResponse.sendError(401);
        }

        try {
            chain.doFilter(request, response);
        } catch (Exception e) {
            LOGGER.error("exception: " + e.getMessage());
        }finally {
            final String newAuthToken = generateNewAuthToken(authToken);
            httpServletResponse.addHeader(AUTH_TOKEN, newAuthToken);
            LOGGER.info("added new security token: " + newAuthToken);
        }
    }

在我的一个端点中,我做

@PUT
public Response updateUser() {
    throw new IllegalArgumentException("just for test purposes");
}

我正在使用RESTEasy所有REST基础工作。

而且我还使用Seam REST库将服务器异常映射到REST基于异常

@ExceptionMapping.List({
        @ExceptionMapping(exceptionType = IllegalArgumentException.class, status = 400, useExceptionMessage = true),
        @ExceptionMapping(exceptionType = PersistenceException.class, status = 400, useExceptionMessage = true),
        @ExceptionMapping(exceptionType = ConstraintViolationException.class, status = 400, useExceptionMessage = true),
        @ExceptionMapping(exceptionType = ValidationException.class, status = 400, useExceptionMessage = true),
        @ExceptionMapping(exceptionType = NoResultException.class, status = 404, useExceptionMessage = true),
        @ExceptionMapping(exceptionType = IllegalStateException.class, status = 406, useExceptionMessage = true),
        @ExceptionMapping(exceptionType = NoClassDefFoundError.class, status = 404, useExceptionMessage = true),
        @ExceptionMapping(exceptionType = UnsupportedOperationException.class, status = 400, useExceptionMessage = true),
})
@ApplicationPath("/rest")
public class MarketApplicationConfiguration extends Application {
}

问题?
- 当端点抛出异常时,回调永远不会返回到过滤器代码。
- 即使我使用try/catch/finally如下

        try {
                chain.doFilter(request, response);
            } catch (Exception e) {
                LOGGER.error("exception: " + e.getMessage());
            }finally {
                final String newAuthToken = generateNewAuthToken(authToken);
                httpServletResponse.addHeader(AUTH_TOKEN, newAuthToken);
                LOGGER.info("added new security token: " + newAuthToken);
            }

- 但是,我可以测试是否基于异常映射IllegalArgumentException映射到,但在服务器异常的情况下它永远不会返回给代码。HTTP 400Seam RESTSecurityFilter

必需的?
- 即使应用程序抛出异常,我也想生成服务器令牌,以便客​​户端可以使用它们
- 如果出现异常,我如何路由我的响应SecurityFilter

4

1 回答 1

0

我认为你应该为此目的使用自己的异常处理程序,它可以在 web.xml 中定义,如果发生异常,你应该在异常处理程序中而不是在过滤器中处理它。

您可以在文章“Servlet - 异常处理”中获得更多详细信息

于 2013-09-03T21:07:38.330 回答