SpringBoot切面拦截@PathVariable参数及抛出异常的全局处理方式

SpringBoot切面拦截@PathVariable参数及抛出异常的全局处理

微信小程序的接口验证防止非法请求，登录的时候获取openId生成一个七天有效期token存入redis中。

后续每次请求都需要把token作为参数传给后台接口进行验证，为了方便使用@PathVariable 直接将参数做为路径传过来 不用每一次都添加param参数也方便前端接口的请求。

例如：

@ApiOperation(value = "小程序登录")
@PostMapping("/login")
public AntdResponse login(@RequestParam String username, @RequestParam String password, @RequestParam String openId) throws Exception {
   String st = wxTokenService.passport(username, password);
   //省略。。。。。
   String wxToken = IdUtil.simpleUUID();
   data.put("wxToken", wxToken);
   wxTokenService.saveWxTokenToRedis(wxToken, openId);
   return new AntdResponse().success("登录成功，登录有效期七天").data(data);
}
@ApiOperation(value = "预约订单")
@PostMapping("/{wxToken}/addOrder")
public AntdResponse addOrder(@PathVariable String wxToken, @RequestBody ProductOrderDto productOrderDto){
   String openId = wxTokenService.getOpenIdByWxToken(wxToken);
   orderService.addOrder(openId, productOrderDto);
   return new AntdResponse().success("预约订单成功");
}

为了方便统一验证，基于切面来实现数据的验证

package cn.pconline.antd.smallshop.interceptor;
import cn.pconline.antd.common.exception.WxTokenException;
import cn.pconline.antd.smallshop.service.IWxTokenService;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import org.springframework.web.servlet.HandlerMapping;
import javax.servlet.http.HttpServletRequest;
import java.util.Map;
/**
* @Description 微信小程序登录拦截
* @Author jie.zhao
* @Date 2020/10/26 18:08
*/
@Component
@Aspect
public class WxMiniInterceptor {
   @Autowired
   private IWxTokenService wxTokenService;

//这里需要把登录的请求控制器排除出去
   @Pointcut("within (cn.pconline.antd.smallshop.wxmini..*) && !within(cn.pconline.antd.smallshop.wxmini.WxMiniLoginController)")
   public void pointCut() {
   }
   @Around("pointCut()")
   public Object trackInfo(ProceedingJoinPoint joinPoint) throws Throwable {
       ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
       HttpServletRequest request = attributes.getRequest();
       Map pathVariables = (Map) request.getAttribute(HandlerMapping.URI_TEMPLATE_VARIABLES_ATTRIBUTE);
       String wxToken = (String) pathVariables.get("wxToken");
       if (wxToken == null) {
           throw new WxTokenException("微信小程序令牌参数缺失！");
       }
       String openId = wxTokenService.getOpenIdByWxToken(wxToken);
       if (openId == null || "".equals(openId)) {
           throw new WxTokenException("登录失效,请重新登录！");
       }
       return joinPoint.proceed();
   }
}

全局异常处理

@RestControllerAdvice
@Order(value = Ordered.HIGHEST_PRECEDENCE)
public class GlobalExceptionHandler {
   @ExceptionHandler(value = WxTokenException.class)
   @ResponseStatus(HttpStatus.INTERNAL_SERVER_ERROR)
   public AntdResponse handleWxTokenException(WxTokenException e) {
       log.error("微信Token拦截异常信息：", e);
       return new AntdResponse().message(e.getMessage()).code(Code.C500.getCode().toString()).status(ResponseStat.ERROR.getText());
   }
}
package cn.pconline.antd.common.exception;
/**
* 微信授权token异常
*/
public class WxTokenException extends RuntimeException  {
   private static final long serialVersionUID = -3608667856397125671L;
   public WxTokenException(String message) {
       super(message);
   }
}

这里需要注意的是 WxTokenException 要继承RuntimeException而不是Exception，否则的话会报UndeclaredThrowableException。

java.lang.reflect.UndeclaredThrowableException
at com.insigmaunited.lightai.controller.UserController$$EnhancerBySpringCGLIB$$e4eb8ece.profile(<generated>)

异常原因：

我们的异常处理类，实际是 * 的一个实现。

如果一个异常是检查型异常并且没有在 * 的接口处声明，那么它将会被包装成UndeclaredThrowableException.

而我们定义的自定义异常，被定义成了检查型异常，导致被包装成了UndeclaredThrowableException

java.lang.reflect.UndeclaredThrowableException的解决

这2天开始写web接口，由于项目后端就我一个人，写起来比较慢。,遇到好多奇怪的问题,也基本只能一个人去解决。今天下午给这个问题坑了半天。现在脑壳子还疼。

问题

业务上需要实现一个功能，拦截请求的参数。检查是否包含token。项目是基于springmvc来实现的，这里很自然使用 spring 切面技术。拦截所有controller的请求,然后检查是否携带了token参数。如果没携带，则抛一个自定义异常。再调用 统一异常处理类来处理。

涉及的类如下:

package com.insigmaunited.lightai.base;
import com.insigmaunited.lightai.exception.TokenEmptyException;
import com.insigmaunited.lightai.result.Response;
import com.insigmaunited.lightai.util.StringUtil;
import org.aspectj.lang.annotation.Before;
import org.springframework.stereotype.Component;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.http.HttpServletRequest;
/**
* 权限拦截AOP
* @author Administrator
*
*/
@Component
@Aspect
public class PermissionAop {
   private final Logger logger = LoggerFactory.getLogger(PermissionAop.class);
   // 定义切点Pointcut
   @Pointcut("execution(* com.insigmaunited.lightai.controller.*Controller.*(..))")
   public void pointCut(){}
   @Before("pointCut()")
   public void before() throws Throwable {
       RequestAttributes ra = RequestContextHolder.getRequestAttributes();
       ServletRequestAttributes sra = (ServletRequestAttributes) ra;
       HttpServletRequest request = sra.getRequest();
       String url = request.getRequestURL().toString();
       String method = request.getMethod();
       String uri = request.getRequestURI();
       String queryString = request.getQueryString();
       System.out.println(url);
       System.out.println(method);
       System.out.println(uri);
       System.out.println(queryString);
       if (StringUtil.isNotEmpty(queryString) && queryString.indexOf("token") != -1 ){
       }else{
           throw new TokenEmptyException("token缺失");
       }
   }
}

自定义异常类

package com.insigmaunited.lightai.exception;
public class TokenEmptyException extends Exception {
   public TokenEmptyException(String message) {
       super(message);
   }
}

异常统一处理类

package com.insigmaunited.lightai.exception;
import com.insigmaunited.lightai.base.BaseException;
import com.insigmaunited.lightai.result.Response;
import org.springframework.http.HttpStatus;
import org.springframework.web.HttpMediaTypeNotSupportedException;
import org.springframework.web.HttpRequestMethodNotSupportedException;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.ResponseStatus;
import com.insigmaunited.lightai.exception.TokenEmptyException;
import javax.xml.bind.ValidationException;
@ControllerAdvice
@ResponseBody
public class ExceptionAdvice extends BaseException {
   /**
    * 400 - Bad Request
    */
   @ResponseStatus(HttpStatus.BAD_REQUEST)
   @ExceptionHandler(ValidationException.class)
   public Response handleValidationException(ValidationException e) {
       logger.error("参数验证失败", e);
       return new Response().failure("validation_exception");
   }
   /**
    * 405 - Method Not Allowed
    */
   @ResponseStatus(HttpStatus.METHOD_NOT_ALLOWED)
   @ExceptionHandler(HttpRequestMethodNotSupportedException.class)
   public Response handleHttpRequestMethodNotSupportedException(HttpRequestMethodNotSupportedException e) {
       logger.error("不支持当前请求方法", e);
       return new Response().failure("request_method_not_supported");
   }
   /**
    * 415 - Unsupported Media Type
    */
   @ResponseStatus(HttpStatus.UNSUPPORTED_MEDIA_TYPE)
   @ExceptionHandler(HttpMediaTypeNotSupportedException.class)
   public Response handleHttpMediaTypeNotSupportedException(Exception e) {
       logger.error("不支持当前媒体类型", e);
       return new Response().failure("content_type_not_supported");
   }
   @ResponseStatus(HttpStatus.INTERNAL_SERVER_ERROR)
   @ExceptionHandler(TokenEmptyException.class)
   public Response handleTokenEmptyException(Exception e) {
       logger.error("token参数缺少", e);
       return new Response().failure("token参数缺少");
   }
   /**
    * 500 - Internal Server Error
    */
   @ResponseStatus(HttpStatus.INTERNAL_SERVER_ERROR)
   @ExceptionHandler(Exception.class)
   public Response handleException(Exception e) {
       logger.error("服务运行异常", e);
       return new Response().failure("服务运行异常");
   }
}

此时调用接口，期望返回的是应该

{
   "success": false,
   "message": "token参数缺少",
   "data": null
}

实际返回的是

{
   "success": false,
   "message": "服务运行异常",
   "data": null
}

控制台的错误如下:

http://localhost:8080/user/3/profile
GET
/user/3/profile
null
[ ERROR ] 2017-12-08 18:29:19 - com.insigmaunited.lightai.exception.ExceptionAdvice - ExceptionAdvice.java(63) - 服务运行异常
java.lang.reflect.UndeclaredThrowableException
   at com.insigmaunited.lightai.controller.UserController$$EnhancerBySpringCGLIB$$e4eb8ece.profile(<generated>)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   at java.lang.reflect.Method.invoke(Method.java:498)
   at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:221)
   at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:136)
   at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:110)
   at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:832)
   at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:743)
   at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85)
   at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:961)
   at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:895)
   at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:967)
   at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:858)
   at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
   at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:843)
   at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
   at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
   at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:475)
   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)
   at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:651)
   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
   at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:498)
   at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
   at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:796)
   at org.apache.tomcat.util.net.Nio2Endpoint$SocketProcessor.doRun(Nio2Endpoint.java:1688)
   at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
   at org.apache.tomcat.util.net.AbstractEndpoint.processSocket(AbstractEndpoint.java:914)
   at org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper$4.completed(Nio2Endpoint.java:536)
   at org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper$4.completed(Nio2Endpoint.java:514)
   at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)
   at sun.nio.ch.Invoker$2.run(Invoker.java:218)
   at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
   at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
   at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
   at java.lang.Thread.run(Thread.java:748)
Caused by: com.insigmaunited.lightai.exception.TokenEmptyException: token缺失
   at com.insigmaunited.lightai.base.PermissionAop.before(PermissionAop.java:53)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   at java.lang.reflect.Method.invoke(Method.java:498)
   at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:620)
   at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:602)
   at org.springframework.aop.aspectj.AspectJMethodBeforeAdvice.before(AspectJMethodBeforeAdvice.java:41)
   at org.springframework.aop.framework.adapter.MethodBeforeAdviceInterceptor.invoke(MethodBeforeAdviceInterceptor.java:51)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
   at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
   at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:655)
   ... 45 more

这很奇怪了。为何我抛的自定义异常变成了 UndeclaredThrowableException，导致不能被统一异常处理器正常处理。

原因

通过搜索引擎，最终找到的原因:

我们的异常处理类，实际是 * 的一个实现。

如果一个异常是检查型异常并且没有在 * 的接口处声明，那么它将会被包装成UndeclaredThrowableException.

而我们定义的自定义异常，被定义成了检查型异常，导致被包装成了UndeclaredThrowableException

官方的文档解释

解决

知道原因就很简单了。要么 抛 java.lang.RuntimeException or java.lang.Error 非检查性异常, 要么接口要声明异常。

这里选择 修改 自定义异常为 运行时异常即可。

package com.insigmaunited.lightai.exception;
public class TokenEmptyException extends RuntimeException {
   public TokenEmptyException(String message) {
       super(message);
   }
}

教训

1、自定义异常尽可能定义成 运行时异常。

2、对异常的概念不清晰。基础不扎实。

来源：https://www.cnblogs.com/cnsyear/p/13915122.html