最近我不得不使用一个使用Retrofit 1,okhttp3,jobManager和Picasso 2.71828的大型旧项目。
应用程序从服务器接收数据。交互逻辑:用户登录,接收令牌,刷新令牌。它们与shHelper一起存储在SharedPreferences中。使用令牌,他可以发送请求(他在URL中的某个位置,以及身体中的某个位置),借助刷新令牌,如果会话被重置或令牌丢失,用户可以获得新令牌。
授权错误(401)由okhttp3身份验证器处理,我们设法与Picasso一起使用。但是有一个问题 - 毕加索如果屏幕上有几张图片 - 连续,同时或几乎同时发送几个请求,并且因为他们都立即收到答案401,如果令牌丢失,验证者立即发送相同的号码更新令牌的请求。是否有一些优雅的方式等待令牌更新,然后重复其余图片的请求?现在它发生如下 - 收到错误401,令牌重置为零(令牌=“”)和所有其他流入验证器检查if(token ==“”)执行Thread.sleep()和我我对此非常不满意
private Authenticator getAuthenticator() {
return (route, response) -> {
if (errorCount > 3){
return null;
}
if (response.request().url().toString().endsWith("/refreshToken")) {
Log.d(TAG, "getAuthenticator: " + "refreshToken");
PasswordRepeatActivity.start(context);
return null;
}
if (response.request().url().toString().endsWith("/auth")) {
String message = "Попробуйте позже";
try {
com.google.gson.Gson gson = Gson.builder().create();
ApiResponse apiError = gson.fromJson(response.body().string(), ApiResponse.class);
message = apiError.getMessage();
} catch (Exception e) {
e.printStackTrace();
}
throw new IOException(message);
}
String login = spHelper.getCurrentLogin();
Auth auth = spHelper.getAuth(login);
String token = auth.getToken();
HttpUrl oldUrl = response.request().url();
//if token is empty - repeat checking after some time
Log.d(TAG, "getAuthenticator: token ==" + token);
if (token != null && token.isEmpty()) {
boolean isEmpty = true;
while (isEmpty){
try {
Log.d(TAG, "Authenticator: sleeping...");
Thread.sleep(500);
String mToken = spHelper.getAuth(login).getToken();
if (mToken!= null && !mToken.isEmpty()){
isEmpty = false;
}
Log.d(TAG, "Authenticator: check if token is refreshed");
if (!mToken.isEmpty() && oldUrl.toString().contains("token") && !mToken.equals(oldUrl.queryParameter("token"))) {
Log.d(TAG, "Authenticator: token is valid, token: " + mToken);
return getRefreshedUrlRequest(mToken, oldUrl);
}
} catch (InterruptedException e) {
e.printStackTrace();
return response.request();
}
}
return response.request();
} else if (oldUrl.toString().contains("token") && !token.equals(oldUrl.queryParameter("token"))) {
Log.d(TAG, "Authenticator: token is valid, token: " + token);
return getRefreshedUrlRequest(token, oldUrl);
} else {
auth.clearToken();
spHelper.putAuth(login, auth);
String refreshToken = auth.getRefreshToken();
RefreshRequest refreshRequest = new RefreshRequest(refreshToken);
try {
AuthResponse refreshResponse = dataApi.refresh(refreshRequest);
errorCount = 0;
Auth newAuth = refreshResponse.getResponse();
spHelper.putAuth(login, newAuth);
Request request = response.request();
RequestBody requestBody = request.body();
String newToken = newAuth.getToken();
Log.d(TAG, "Authenticator: token refreshed, old token: " + token + " -> " + "new token : " + newToken);
if (oldUrl.toString().contains("token")) {
return getRefreshedUrlRequest(newToken, oldUrl);
}
if (requestBody != null
&& requestBody.contentType() != null
&& requestBody.contentType().subtype() != null
&& requestBody.contentType().subtype().contains("json")) {
requestBody = processApplicationJsonRequestBody(requestBody, newToken);
}
if (requestBody != null) {
Request.Builder requestBuilder = request.newBuilder();
request = requestBuilder
.post(requestBody)
.build();
} else {
LoginActivity.show(context);
}
return request;
} catch (RequestException e) {
AtlasPatienteLog.d(TAG, "Can't refresh token: " + e.getMessage());
return response.request();
}
}
};
}
我正在寻找方法在第一个错误401之后发送一个请求来刷新令牌并等待所有其他线程,然后使用新令牌发送请求。除了在验证器中等待更新的令牌之外,还有什么方法可以以某种方式简化此代码吗?现在这种方法大约有100行,每次都需要改变它 - 即使读取并保持头脑中的逻辑也会成为一个问题。
因此,经过一段时间和一些尝试后,我在一些锁定对象上使验证器的一部分同步。现在只有一个线程可以访问身份验证器。因此,如果令牌需要刷新 - 它将会刷新所有等待新令牌的线程后,将使用新令牌重复其调用。感谢@Yuri Schimke分享非常有用的信息。
private Authenticator getAuthenticator() {
return (route, response) -> {
String responseUrl = response.request().url().toString();
if (responseUrl.endsWith("/refreshToken") ) {
Log.d(TAG, "getAuthenticator: " + "refreshToken");
PasswordRepeatActivity.start(context);
return null;
}
if (responseUrl.endsWith("/auth")) {
String message = "Попробуйте позже";
try {
com.google.gson.Gson gson = Gson.builder().create();
ApiResponse apiError = gson.fromJson(response.body().string(), ApiResponse.class);
message = apiError.getMessage();
} catch (Exception e) {
e.printStackTrace();
}
throw new IOException(message);
}
synchronized (LOCK) {
String login = spHelper.getCurrentLogin();
Auth auth = spHelper.getAuth(login);
String token = auth.getToken();
HttpUrl oldUrl = response.request().url();
if (oldUrl.toString().contains("token") && !token.equals(oldUrl.queryParameter("token"))) {
Log.d(TAG, "Authenticator: token is valid, token: " + token);
return getRefreshedUrlRequest(token, oldUrl);
} else {
String refreshToken = auth.getRefreshToken();
RefreshRequest refreshRequest = new RefreshRequest(refreshToken);
try {
AuthResponse refreshResponse = dataApi.refresh(refreshRequest);
Auth newAuth = refreshResponse.getResponse();
spHelper.putAuth(login, newAuth);
Request request = response.request();
RequestBody requestBody = request.body();
String newToken = newAuth.getToken();
Log.d(TAG, "Authenticator: token refreshed, old token: " + token + " -> " + "new token : " + newToken);
if (oldUrl.toString().contains("token")) {
return getRefreshedUrlRequest(newToken, oldUrl);
}
if (requestBody != null
&& requestBody.contentType() != null
&& requestBody.contentType().subtype() != null
&& requestBody.contentType().subtype().contains("json")) {
requestBody = processApplicationJsonRequestBody(requestBody, newToken);
}
if (requestBody != null) {
Request.Builder requestBuilder = request.newBuilder();
request = requestBuilder
.post(requestBody)
.build();
} else {
LoginActivity.show(context);
}
return request;
} catch (RequestException e) {
AtlasPatienteLog.d(TAG, "Can't refresh token: " + e.getMessage());
PasswordRepeatActivity.start(context);
return null;
}
}
}
};
}
只需OkHttp,您通常需要在应用程序中处理这种复杂性,无论是在调用之外,在Authenticator中还是在主动验证Interceptor内部。在这些情况下,并不处理并发。
在这里讨论
https://github.com/square/okhttp/issues/3714#issuecomment-350469364
确保进行同步刷新调用,因为异步调用可能没有可执行的空闲线程。
来自@swankjesse的答案是,如果你在一个拦截器中进行同步调用,那么你正在绑定一个线程,但是不会死锁,因为它不需要抓住另一个线程并且在那段时间内没有锁定。
一些类似主题的博客
https://objectpartners.com/2018/06/08/okhttp-authenticator-selectively-reauthorizing-requests/
https://blog.coinbase.com/okhttp-oauth-token-refreshes-b598f55dd3b2