JWT토큰 verify 중에 Unsupported JWS algorithm 에러시, 잘못된 토큰이므로 똑같이 invaild

예외처리.
This commit is contained in:
cho
2026-01-22 17:26:46 +09:00
parent bb91b986fe
commit c898b54cde
@@ -123,10 +123,14 @@ public class ApiAuthFilter implements HttpAdapterFilter {
} else if (new Date().after(signedJWT.getJWTClaimsSet().getExpirationTime())) { } else if (new Date().after(signedJWT.getJWTClaimsSet().getExpirationTime())) {
throw new JwtAuthException(ERROR_TOKEN_EXPIRED, "Access token expired"); throw new JwtAuthException(ERROR_TOKEN_EXPIRED, "Access token expired");
} }
try {
if (!signedJWT.verify(jwsVerifier)) { if (!signedJWT.verify(jwsVerifier)) {
throw new JwtAuthException(ERROR_AUTHENTICATION_FAIL, "Token invalid"); throw new JwtAuthException(ERROR_AUTHENTICATION_FAIL, "Token invalid");
}
}catch (Exception e) {
throw new JwtAuthException(ERROR_AUTHENTICATION_FAIL, "Token invalid", e);
} }
OAuth2Manager manager = OAuth2Manager.getInstance(); OAuth2Manager manager = OAuth2Manager.getInstance();
HashSet<String> scopeSet = manager.getApiScopeMap().get(apiId); HashSet<String> scopeSet = manager.getApiScopeMap().get(apiId);