fix(security): 修复token认证过滤器异步刷新异常处理
- 添加Slf4j注解用于日志记录 - 在load方法中添加try-catch块捕获ServiceException异常 - 当远端token过期或校验失败时返回LOGIN_USER_EMPTY而不是抛出异常 - 记录token校验失败的日志信息避免被Guava包装为ExecutionException - 防止异步刷新线程将预期的验证异常作为未捕获异常打印到日志中
This commit is contained in:
@@ -14,6 +14,7 @@ import com.njcn.rdms.framework.common.util.json.JsonUtils;
|
||||
import com.njcn.rdms.gateway.util.SecurityFrameworkUtils;
|
||||
import com.njcn.rdms.gateway.util.WebFrameworkUtils;
|
||||
import com.njcn.rdms.module.system.enums.ErrorCodeConstants;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.springframework.cloud.client.loadbalancer.reactive.ReactorLoadBalancerExchangeFilterFunction;
|
||||
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
|
||||
import org.springframework.cloud.gateway.filter.GlobalFilter;
|
||||
@@ -30,6 +31,7 @@ import java.util.function.Function;
|
||||
|
||||
import static com.njcn.rdms.framework.common.util.cache.CacheUtils.buildAsyncReloadingCache;
|
||||
|
||||
@Slf4j
|
||||
@Component
|
||||
public class TokenAuthenticationFilter implements GlobalFilter, Ordered {
|
||||
|
||||
@@ -57,8 +59,16 @@ public class TokenAuthenticationFilter implements GlobalFilter, Ordered {
|
||||
|
||||
@Override
|
||||
public LoginUser load(String token) {
|
||||
String body = checkAccessToken(token).block();
|
||||
return buildUser(body, token);
|
||||
// 仅异步 refresh 走这里(同步链路用 getIfPresent + 直接 checkAccessToken,不触发 load)
|
||||
// 远端 token 已过期/校验失败时吞掉 ServiceException:
|
||||
// 若抛出,会被 Guava 包成 ExecutionException 并由刷新线程池作为 UncaughtException 打到日志,看起来像故障。
|
||||
try {
|
||||
String body = checkAccessToken(token).block();
|
||||
return buildUser(body, token);
|
||||
} catch (ServiceException ex) {
|
||||
log.info("[loginUserCache] 异步刷新忽略 token 校验失败:code={}, msg={}", ex.getCode(), ex.getMessage());
|
||||
return LOGIN_USER_EMPTY;
|
||||
}
|
||||
}
|
||||
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user