我创建了一个指令来验证 JWT token :
def authenticated: Directive[Unit] = optionalHeaderValueByName("Authorization")
.flatMap[Unit] {
case Some(token) => Jwt.decode(token, "secret", Seq(JwtAlgorithm.HS256)) match {
case Failure(_: JwtExpirationException) =>
// TODO the rejection handler needs to know that the token is expired.
reject(AuthenticationFailedRejection(CredentialsRejected, HttpChallenge("JWT", None)))
case Failure(_: JwtException) =>
// TODO the rejection handler needs to know that the token is invalid.
reject(AuthenticationFailedRejection(CredentialsRejected, HttpChallenge("JWT", None)))
case Success(_) =>
// TODO read token and validate user id
pass
}
case None => reject(AuthenticationFailedRejection(CredentialsMissing, HttpChallenge("JWT", None)))
}
问题在于,它们只有两个原因:CredentialsRejected 和 CredentialsMissing。我需要能够添加额外的拒绝原因以显示 token 是否已过期。但原因都是从密封类延伸出来的,所以我无法创建自己的类..
有没有办法创建自定义原因或向 CredentialsRejected 原因添加一些数据,以便可以检查拒绝的原因?
最佳答案
A(相当过时,因为它与 Spray 而不是 akka-http 有关)comment对于类似于您的请求的请求是:创建您自己的拒绝,而不是使用 AuthenticationFailedRejection 来处理此问题。
关于scala - Akka HTTP AuthenticationFailedRejection 原因,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/51266299/