SpringSecurity 捕获自定义JWT过滤器抛出的异常

自定义过滤器如下：

/*** jwt过滤器，验证令牌是否合法** @author 朱铭健*/
@Slf4j
public class JwtAuthenticationFilter extends OncePerRequestFilter {@Overrideprotected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {//换成你自己的获取Token方式String token = "";if (StringUtil.isNotNullOrEmpty(token)) {try {//TODO 这里写校验逻辑和抛出异常} catch (JWTException e) {//这里的JwtAuthException是一个自定义的AuthenticationExceptionthrow new JwtAuthException(e.getMessage());} catch (Exception e) {log.error("JWT认证异常 - {}：", token, e);//这里的JwtAuthException是一个自定义的AuthenticationExceptionthrow new JwtAuthException("JWT认证异常");}}filterChain.doFilter(request, response);}
}

定义一个 AuthenticationEntryPoint

/*** @author 朱铭健*/
@Slf4j
@Component
public class AuthenticationExceptionHandler implements AuthenticationEntryPoint{@Overridepublic void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException {//使用response处理你的异常，包括响应json，跳转页面等}
}

配置 Configurer，关键是要将过滤器置于ExceptionTranslationFilter之后，异常处理是由ExceptionTranslationFilter实现的

public class JwtAuthenticationConfigurer extends AbstractHttpConfigurer<JwtAuthenticationConfigurer, HttpSecurity> {@Overridepublic void configure(HttpSecurity builder) {JwtAuthenticationFilter filter = new JwtAuthenticationFilter();// 务必注意这里与配置类中声明的先后顺序builder.addFilterAfter(filter, ExceptionTranslationFilter.class);}
}

    public SecurityFilterChain adminFilterChain(HttpSecurity http) throws Exception {//Jwt相关配置http.with(new JwtAuthenticationConfigurer(), Customizer.withDefaults());return http.build();}