失效的token解析处理

security-auth/src/main/java/timing/ukulele/auth/security/filter/JWTSecurityFilter.java

@@ -43,21 +43,26 @@ public class JWTSecurityFilter extends OncePerRequestFilter {
             filterChain.doFilter(request, response);
             return;
         }
-        Jwt decode = jwtDecoder.decode(token);
-        if (decode == null || decode.getExpiresAt() == null || decode.getExpiresAt().compareTo(Instant.now()) <= 0) {
+        try {
+            Jwt decode = jwtDecoder.decode(token);
+            if (decode == null || decode.getExpiresAt() == null || decode.getExpiresAt().compareTo(Instant.now()) <= 0) {
+                filterChain.doFilter(request, response);
+                return;
+            }
+            // 将UserDetails存储到SecurityContextHolder中
+            List<CustomGrantedAuthority> authorityList = new ArrayList<>();
+            List<String> scopeList = decode.getClaimAsStringList("scope");
+            for (String scope : scopeList) {
+                CustomGrantedAuthority auth = new CustomGrantedAuthority(scope);
+                authorityList.add(auth);
+            }
+            UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(decode.getClaimAsString("sub"), null, authorityList);
+            SecurityContextHolder.getContext().setAuthentication(authenticationToken);
+            filterChain.doFilter(request, response);
+        }catch (Exception ex){
             filterChain.doFilter(request, response);
-            return;
-        }
-        // 将UserDetails存储到SecurityContextHolder中
-        List<CustomGrantedAuthority> authorityList = new ArrayList<>();
-        List<String> scopeList = decode.getClaimAsStringList("scope");
-        for (String scope : scopeList) {
-            CustomGrantedAuthority auth = new CustomGrantedAuthority(scope);
-            authorityList.add(auth);
         }
-        UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(decode.getClaimAsString("sub"), null, authorityList);
-        SecurityContextHolder.getContext().setAuthentication(authenticationToken);
-        filterChain.doFilter(request, response);
+
     }
 }