1. 添加退出功能
1.1 后端将存放当前登录用户的session中属性清空。
@DeleteMapping("/deleteCurrUser")
public Result deleteCurrUser(HttpSession session){
session.removeAttribute(Constants.SESSION_ATTR_CURRUSER);
return Result.success("您已成功退出系统!");
}
1.2 前端跳转到登录页面。
<a href="#" @click.prevent="logout">退出</a>
logout(){
this.$myDelete('security/home/deleteCurrUser')
.then(()=>{
this.$router.push('login');
});
}
2. 添加显示当前用户功能
2.1 后端返回当前用户。
@GetMapping("/getCurrUser")
public CurrUser getCurrUser(HttpSession session){
return (CurrUser) session.getAttribute(Constants.SESSION_ATTR_CURRUSER);
}
2.2 前端显示当前用户。
<span>当前用户:{{currUser.userId}}</span>
return {
currUser: {} //当前登录用户
};
getCurrUser(){
this.$myGet('security/home/getCurrUser')
.then((data)=>{
this.currUser = data;
})
}
3. 添加登录过滤器
3.1 在main函数上添加注解@ServletComponentScan,让Spring Boot扫描过滤器等组件。
3.2 创建SecurityFilter类,继承Filter的所有方法,添加注解@WebFilter("/*")表示过滤器拦截所有地址。
public class SecurityFilter implements Filter {}
3.3 在doFilter方法中添加判断算法,如果访问的是登录页面或已登录则不拦截,其他情况则禁止访问。
String path = httpServletRequest.getServletPath();
if (path.startsWith("/security/login")) {
filterChain.doFilter(servletRequest, servletResponse); //放行通过
return;
}
HttpSession session = httpServletRequest.getSession();
CurrUser currUser = (CurrUser) session.getAttribute(Constants.SESSION_ATTR_CURRUSER);
if (currUser != null) { //已登录
filterChain.doFilter(servletRequest, servletResponse); //放行通过
return;
}
//否则为非法访问,向客户端发送表达未登录的JSON信息
PrintWriter out = httpServletResponse.getWriter(); //获得向浏览器输出信息的输出流
out.print("{\"logined\": false}");
3.4 添加允许跨域和禁止缓存设置。
//接受跨域访问
httpServletResponse.setHeader("Access-Control-Allow-Origin", httpServletRequest.getHeader("Origin"));
httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE, PUT, HEAD");
httpServletResponse.setHeader("Access-Control-Max-Age", "0");
httpServletResponse.setHeader("Access-Control-Allow-Headers", "Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With,userId,token");
httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
httpServletResponse.setHeader("XDomainRequestAllowed","1");
//禁用缓存
httpServletResponse.addHeader("Pragma", "no-cache");
httpServletResponse.setHeader("Cache-Control", "no-cache, no-store, must-revalidate");
httpServletResponse.addHeader("Cache-Control", "pre-check=0, post-check=0");
httpServletResponse.setDateHeader("Expires", 0);
Java Spring Boot + Vue 实习项目7:登录filter
最新推荐文章于 2023-08-05 20:02:15 发布