package com.dxc.filter;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.filter.GenericFilterBean;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
public class JWTValidationFilter extends GenericFilterBean{
public static final String BEARER = "Bearer";
public static final String AUTHORIZATION = "Authorization";
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest)servletRequest;
HttpServletResponse response = (HttpServletResponse)servletResponse;
final String authorization = request.getHeader(AUTHORIZATION);
if(authorization == null || !authorization.startsWith(BEARER)) {
response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
response.getWriter().println("Auth Header is missing");
}
else {
// Bearer tokenValue
String token = authorization.substring(7);
try {
final Claims claims = Jwts.parser().setSigningKey("testsecretkey")
.parseClaimsJws(token)
.getBody();
request.setAttribute("claims", claims);
String role=(String) claims.get("role");
System.out.println(claims.getSubject());
System.out.println(role);
if(role=="seller") {
chain.doFilter(request, response);
}else {
System.out.println("wrong token");
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
response.getWriter().println("Invalid Token");
}
}
catch(Exception e) {
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
response.getWriter().println("Invalid Token");
}
}
}
}
在try块中,我试图检查我从令牌中获取的角色是seller,如果我没有使用if条件,它正在工作,但不应用条件,但如果我尝试使用if条件,它直接跳转到else块,即使发生同样的问题,我甚至没有尝试catch
1条答案
按热度按时间whlutmcx1#
要在Java中比较String,因为String是Object而不是primitive Type,所以应该使用
.equals()
方法(检查值相等)而不是==
运算符(检查引用相等)。下面是一些关于在Java中比较字符串的一般信息:How do I compare strings in Java?