如何解决如何识别刷新令牌 API 的完整响应体?
这些是为移动应用开发的身份验证和刷新令牌 API。任何人都可以根据此代码帮助识别刷新令牌 API 的响应正文吗?我不知何故对完整的响应主体感到困惑。我相信最终的回应是:
{
"success":true,"message":"Refresh Token generated"
}
但在那之前的完整回应是什么?
@ApiOperation(value = "Authenticate",tags = {})
@ApiResponses(value = {
@ApiResponse(code = HttpServletResponse.SC_OK,message = "The response body contains a boolean value and a message.",response = ResponseBase.class),@ApiResponse(code = HttpServletResponse.SC_BAD_REQUEST,message = "Bad Request.",@ApiResponse(code = HttpServletResponse.SC_UNAUTHORIZED,message = "Login failed.",@ApiResponse(code = HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE,message = "Make sure specify 'application/json' as the media type.",@ApiResponse(code = HttpServletResponse.SC_INTERNAL_SERVER_ERROR,message = "Internal Server Error",response = ResponseBase.class)
})
@RequestMapping(value = Constants.REST_API_AUTH,method = RequestMethod.POST)
public ResponseEntity<Object> createAuthenticationToken(@RequestBody @Valid AuthenticationRequest request) throws Exception {
String msg = null;
try {
authenticationManager.authenticate(
new UsernamePasswordAuthenticationToken(request.getUsername(),request.getUsername())
);
} catch (BadCredentialsException e) {
msg = "Incorrect username or password";
} catch (AccountStatusException e) {
msg = e.getMessage();
}
if (null != msg) {
msg = "Login failed: " + msg;
String detail = request.toString();
log.info(msg);
throw new RestApiException(HttpStatus.UNAUTHORIZED,false,msg,detail);
}
if (smsUtil.isSGNumber(request.getUsername())) {
String result = otpService.checkOtp(request.getUsername(),request.getPassword());
msg = "Login failed: OTP " + result;
if (Constants.OTP_STATUS_EXP.equals(result) || Constants.OTP_STATUS_MIS.equals(result)) {
throw new RestApiException(HttpStatus.UNAUTHORIZED,msg);
}
}
final UserDetail userDetail = new UserDetail(request.getUsername(),"");
final String token = jwtTokenUtil.generateToken(userDetail);
ResponseBase body = new ResponseBase();
msg = "Login successful";
log.info("{} : {}",request);
body.setSuccess(true);
body.setMessage(msg);
return httpUtil.createResponseEntityJson(HttpStatus.OK,httpUtil.createSecTokenHeader(token),body);
}
@GetMapping(value = Constants.REST_API_REFRESH_TOKEN)
public ResponseEntity<Object> getRefreshToken(@RequestHeader(Constants.HTTP_AUTH_HEADER) String authHeader,HttpServletRequest request) {
log.info("Generate refresh token");
String token = httpUtil.extractSecurityToken(authHeader);
ResponseBase body = new ResponseBase();
body.setSuccess(true);
body.setMessage("Refresh Token generated");
String refreshToken;
DefaultClaims claims = (io.jsonwebtoken.impl.DefaultClaims) request.getAttribute("claims");
if(null == claims) {
refreshToken = jwtTokenUtil.renewToken(token);
} else {
refreshToken = jwtTokenUtil.renewToken(claims);
}
return httpUtil.createResponseEntityJson(HttpStatus.OK,httpUtil.createSecTokenHeader(refreshToken),body);
}
}
从最后一行 return httpUtil.createResponseEntityJson(HttpStatus.OK,body);
开始,createSecTokenHeader
将调用:
public HttpHeaders createSecTokenHeader(String token) {
HttpHeaders headers = new HttpHeaders();
headers.set(Constants.HTTP_AUTH_HEADER,Constants.HTTP_AUTH_HEADER_BEARER + token);
return headers;
}
解决方法
正如您所说,回复如下:
{
"success":true,"message":"Refresh Token generated"
}
来自代码:
return httpUtil.createResponseEntityJson(HttpStatus.OK,httpUtil.createSecTokenHeader(refreshToken),body);
但我相信刷新令牌来自带有
的标题httpUtil.createSecTokenHeader(refreshToken)
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。