好的,下面是一个更新后的代码示例,包含了对 JWT 过期、无效以及权限验证的处理。在这个示例中,我们使用了 Spring Security 进行权限验证,同时使用 JJWT 库进行 JWT 解析。```java
@RestController
public class UserController {
@Autowired
private UserService userService;
@GetMapping("/user")
public ResponseEntity<?> getUser(@RequestHeader("Authorization") String token) {
try {
String jwt = token.substring(7);
Jws<Claims> claimsJws = Jwts.parser().setSigningKey("secretkey").parseClaimsJws(jwt);
Claims claims = claimsJws.getBody();
String userId = claims.getSubject();
User user = userService.getUserById(userId);
return ResponseEntity.ok(user);
} catch (ExpiredJwtException e) {
return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body(new Response("Token has expired"));
} catch (MalformedJwtException | SignatureException e) {
return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body(new Response("Token is invalid"));
} catch (Exception e) {
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(new Response("Something went wrong"));
}
}
@GetMapping("/admin")
@PreAuthorize("hasRole('ADMIN')")
public ResponseEntity<?> getAdmin(@RequestHeader("Authorization") String token) {
try {
String jwt = token.substring(7);
Jws<Claims> claimsJws = Jwts.parser().setSigningKey("secretkey").parseClaimsJws(jwt);
Claims claims = claimsJws.getBody();
String userId = claims.getSubject();
User user = userService.getUserById(userId);
return ResponseEntity.ok(user);
} catch (ExpiredJwtException e) {
return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body(new Response("Token has expired"));
} catch (MalformedJwtException | SignatureException e) {
return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body(new Response("Token is invalid"));
} catch (Exception e) {
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(new Response("Something went wrong"));
}
}
}
```
在这个代码示例中,我们使用 try-catch 块来处理 JWT 解析过程中可能出现的异常,包括过期、无效以及其他异常。在出现异常时,我们返回一个包含错误信息的 Response 对象