Shiro自定義異常無法被捕獲總是拋出AuthenticationException解決方案

原創 uguge 2023-06-08 13:49

問題描述

  • 配置Realm之後,發現在Realm中拋出的異常無法被捕獲,拋出AuthenticationException異常。例如請求接收的token無效等,這致使log文件裏出現大量這樣的異常堆棧信息。我司系統會對通過應用log文件檢測異常數量,達到閾值進行告警。

經內部研判,這種Shiro認證失敗的異常,程序可以自行消化,無須拋出。

場景再現

 

下面是error log

2023-06-07 11:49:26.131 [TID: N/A] [] [http-nio-9] ERROR o.s.c.sleuth.instrument.web.ExceptionLoggingFilter:54 - Uncaught exception thrownjavax.servlet.ServletException: org.apache.shiro.authc.AuthenticationException: Token失效,請重新登錄
    at org.apache.shiro.web.servlet.AdviceFilter.cleanup(AdviceFilter.java:196)
    at org.apache.shiro.web.filter.authc.AuthenticatingFilter.cleanup(AuthenticatingFilter.java:155)
    at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:148)
    at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
    at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
    at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
    at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
    at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
    at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
    at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:387)
    at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
    at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.springframework.boot.actuate.web.trace.servlet.HttpTraceFilter.doFilterInternal(HttpTraceFilter.java:90)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:92)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.springframework.cloud.sleuth.instrument.web.ExceptionLoggingFilter.doFilter(ExceptionLoggingFilter.java:50)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at brave.servlet.TracingFilter.doFilter(TracingFilter.java:82)
    at org.springframework.cloud.sleuth.instrument.web.TraceWebServletAutoConfiguration$LazyTracingFilter.doFilter(TraceWebServletAutoConfiguration.java:143)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.filterAndRecordMetrics(WebMvcMetricsFilter.java:117)
    at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:106)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:200)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:834)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1415)
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:748)
Caused by: org.apache.shiro.authc.AuthenticationException: Token失效,請重新登錄
    at com.emax.zhenghe.omsbase.modules.shiro.authc.aop.JwtFilter.isAccessAllowed(JwtFilter.java:38)
    at org.apache.shiro.web.filter.AccessControlFilter.onPreHandle(AccessControlFilter.java:162)
    at org.apache.shiro.web.filter.PathMatchingFilter.isFilterChainContinued(PathMatchingFilter.java:203)
    at org.apache.shiro.web.filter.PathMatchingFilter.preHandle(PathMatchingFilter.java:178)
    at com.emax.zhenghe.omsbase.modules.shiro.authc.aop.JwtFilter.preHandle(JwtFilter.java:72)
    at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:131)
    ... 59 common frames omitted
Caused by: org.apache.shiro.authc.AuthenticationException: Token失效,請重新登錄!
    at com.emax.zhenghe.omsbase.modules.shiro.authc.ShiroRealm.checkUserTokenIsEffect(ShiroRealm.java:127)
    at com.emax.zhenghe.omsbase.modules.shiro.authc.ShiroRealm.doGetAuthenticationInfo(ShiroRealm.java:99)
    at org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:571)
    at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180)
    at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267)
    at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)
    at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)
    at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:274)
    at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:260)
    at com.emax.zhenghe.omsbase.modules.shiro.authc.aop.JwtFilter.executeLogin(JwtFilter.java:52)
    at com.emax.zhenghe.omsbase.modules.shiro.authc.aop.JwtFilter.isAccessAllowed(JwtFilter.java:35)
    ... 64 common frames omitted

2023-06-07 11:49:26.137 [TID: N/A] [] [http-nio-9] ERROR o.a.c.c.C.[.[.[/oms-boot].[dispatcherServlet]:175 - Servlet.service() for servlet [dispatcherServlet] in context with path [/oms-boot] threw exception [org.apache.shiro.authc.AuthenticationException: Token失效,請重新登錄] with root causeorg.apache.shiro.authc.AuthenticationException: Token失效,請重新登錄!
    at com.emax.zhenghe.omsbase.modules.shiro.authc.ShiroRealm.checkUserTokenIsEffect(ShiroRealm.java:127)
    at com.emax.zhenghe.omsbase.modules.shiro.authc.ShiroRealm.doGetAuthenticationInfo(ShiroRealm.java:99)
    at org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:571)
    at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180)
    at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:267)
    at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198)
    at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106)
    at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:274)
    at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:260)
    at com.emax.zhenghe.omsbase.modules.shiro.authc.aop.JwtFilter.executeLogin(JwtFilter.java:52)
    at com.emax.zhenghe.omsbase.modules.shiro.authc.aop.JwtFilter.isAccessAllowed(JwtFilter.java:35)
    at org.apache.shiro.web.filter.AccessControlFilter.onPreHandle(AccessControlFilter.java:162)
    at org.apache.shiro.web.filter.PathMatchingFilter.isFilterChainContinued(PathMatchingFilter.java:203)
    at org.apache.shiro.web.filter.PathMatchingFilter.preHandle(PathMatchingFilter.java:178)
    at com.emax.zhenghe.omsbase.modules.shiro.authc.aop.JwtFilter.preHandle(JwtFilter.java:72)
    at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:131)
    at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
    at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
    at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
    at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
    at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
    at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
    at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:387)
    at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
    at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.springframework.boot.actuate.web.trace.servlet.HttpTraceFilter.doFilterInternal(HttpTraceFilter.java:90)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:92)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.springframework.cloud.sleuth.instrument.web.ExceptionLoggingFilter.doFilter(ExceptionLoggingFilter.java:50)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at brave.servlet.TracingFilter.doFilter(TracingFilter.java:82)
    at org.springframework.cloud.sleuth.instrument.web.TraceWebServletAutoConfiguration$LazyTracingFilter.doFilter(TraceWebServletAutoConfiguration.java:143)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.filterAndRecordMetrics(WebMvcMetricsFilter.java:117)
    at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:106)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:200)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:834)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1415)
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:748)
View Code

 

解決辦法

針對上面問題

  • 直接在全局異常中捕獲AuthenticationException異常,---這種是無法捕獲到的。自我分析是因爲shiro先於異常捕獲處理
  • 所以,如下,修改你所定義的Filter類,捕獲到異常後手寫http響應值。

 

發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章

C#開源的兩款功能強大的錄屏神器

ScreenToGif ScreenToGif是一款由C#語言開發且開源的操作簡單、免費的屏幕錄製和GIF動畫製作神器。它可以幫助用戶捕捉計算機屏幕上的實時動畫,並將其保存爲高質量的 GIF 圖像格式。該工具不僅適用於技術支持、軟件演示和教

追逐時光 2024-05-03 14:28:27

前端 Vue yarn.lock文件:詳解和使用指南

yarn.lock文件:詳解和使用指南 https://www.python100.com/html/38KF796X6BHM.html 一、什麼是yarn.lock文件 yarn.lock文件是一個產生於Yarn 0.22及以後版

emanlee 2024-05-03 14:15:26

前端 Vue webpack配置之 webpack.config.js 文件配置

  Webpack 在執行的時候,除了在命令行傳入參數,還可以通過指定的配置文件來執行。默認情況下,會搜索當前目錄的 webpack.config.js 文件,這個文件是一個 node.js 模塊,返回一個 json 格式的配置信息對象,或

emanlee 2024-05-03 14:15:26

Vue package-lock.json的作用

package-lock.json的作用   "node_modules/@aashutoshrathi/word-wrap": { "version": "1.2.6", "resolved": "h

emanlee 2024-05-03 14:15:26

前端 Vue-cli中 vue.config.js 的配置詳解

Vue-cli 3 / Vue-cli 4   目錄結構 ├── README.md # 說明 |-- dist # 打包後文件夾 ├── babel.config.js

emanlee 2024-05-03 14:15:26

druid數據源 xml配置

https://blog.csdn.net/h273979586/article/details/87932220 pom依賴 <dependency> <groupId>com.alibaba</groupId>

tono 2024-05-03 14:14:55

Windows中Redis怎麼設置密碼

Windows中Redis怎麼設置密碼

久曲健 2024-05-03 14:11:15

JDK8和JDK17共存以及切換的方法

1、先安裝"jdk-8u381-windows-x64.exe",再安裝"jdk-17_windows-x64_bin.exe" 2、"系統屬性"-"高級"-"環境變量"-"系統變量"-"Path"-"編輯",刪除以下2條 C:\Progr

久曲健 2024-05-03 14:11:15

centos7修改redis密碼

檢查Redis配置文件 首先,我們需要確保Redis的配置文件中包含了設置密碼的選項。打開Redis的配置文件/etc/redis.conf,查找以下行並確保取消註釋(去掉行首的#): requirepass your_password 啓

久曲健 2024-05-03 14:11:15

基於SSM的在線外賣訂餐系統畢業設計論文【範文】

摘要 隨着互聯網技術的迅猛發展和人們生活節奏的加快,在線外賣訂餐系統因其便捷性和高效率而受到廣泛歡迎。本文圍繞《基於SSM框架的在線外賣訂餐系統》這一課題展開研究,旨在設計並實現一個功能全面、操作簡便且安全可靠的在線外賣訂餐平臺。 首先,文

Lucky帥小武 2024-05-03 14:08:24

基於CodeMirror開發在線編輯器時遇到的問題及解決方案

需求:實現json在線編輯並支持校驗,基於此使用了 CodeMirror在線編輯,jsonlint校驗輸入數據 // package.json: "dependencies": { "codemirror": "^5.53.2"

致愛麗絲 2024-05-03 14:04:44

《軟件性能測試、分析與調優實踐之路》(第2版) PPT課件流出

掃描圖書前言中的如下圖所示的二維碼,即可進入到下載頁面。  如下圖所示即爲課件的下載頁面,免費提供下載      

張永清 2024-05-03 14:01:24

2024年感想

  看了一眼之前到博客,最近的一次博客還在一年之前,時間如白駒過隙,飛快流逝。這兩年生活和工作都經歷裏很多,想想是應該在這裏好好梳理總結下。我總是感慨,自己從二十六七歲到現在三十多的年紀,好像經歷別人的半輩子,感悟衆多。   我以前是個朋友

兜兜有糖的博客 2024-05-03 13:57:53

AWS S3 Lambda Python腳本函數實現圖片自動轉換爲webp並上傳至s3

Amazon S3 自動轉換圖片格式  Amazon S3 存儲桶 新增文件自動觸發 AWS Lambda。Lambda 取 S3 文件做轉換並存回去 S3 同一個目錄下,並增加相應的後綴名。 並且支持通過API Gateway的方式觸發對

翎野 2024-05-03 13:51:42

Eclipse Memory Analyzer (MAT)的安裝後提示JDK版本不對要升級到jdk_17

背景 在啓動MAT分析內存時報錯:Version1.8.0 of the jvm is not suitable for this product,Version17 or greater isrequired。 問題原因很明顯,我電腦的J

翎野 2024-05-03 13:51:42