使用自定义Spring Security过滤器,如果HTTP标头不包含特定的键值对,我想返回HTTP 401错误代码.
例:
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
final String val = request.getHeader(FOO_TOKEN)
if(val == null || !val.equals("FOO")) {
// token is not valid, return an HTTP 401 error code
...
}
else {
// token is good, let it proceed
chain.doFilter(req, res);
}
据我了解,我可以做以下事情:
(1)((HttpServletResponse) res).setStatus(401)并跳过剩余的过滤链
要么
(2)抛出异常,最终导致Spring Security向客户端抛出401错误.
如果#1是更好的选择,如何在调用setStatus(401)响应后跳过过滤器链?
或者,如果#2是正确的方法,我应该抛出哪个例外?