本文cookie和session的存值和取值以及拦截器token验证
pom添加依赖
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.5.6</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.stu</groupId>
<artifactId>boot-init</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>boot-init</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>2.2.0</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.10.3</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.1</version>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
LoginController
package com.stu.controller;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.util.Date;
import java.util.HashMap;
import javax.servlet.http.Cookie;
@RestController
@RequestMapping("/login")
public class LogonController {
@RequestMapping("/login")
public String login(HttpServletRequest request, HttpServletResponse response, HttpSession session){
Cookie c = new Cookie("logincodecookie","");
c.setMaxAge(60*60*24*14); //2周时间Cookie过期 单位秒
c.setPath("/"); //表示任何请求路径都可以访问Cookie
response.addCookie(c);
session.setAttribute("loginsession","sessoin");
//如果登录验证成功,则需要生成令牌token(token就是按照特定规则生成的字符串)
//使用jwt规则生成token字符串
JwtBuilder builder = Jwts.builder();
HashMap<String,Object> map = new HashMap<>();
map.put("key1","value1");
map.put("key2","value2");
String token = builder.setSubject("tokenName") //主题,就是token中携带的数据
.setIssuedAt(new Date()) //设置token的生成时间
.setId("userId123456" + "") //设置用户id为token id
.setClaims(map) //map中可以存放用户的角色权限信息
.setExpiration(new Date(System.currentTimeMillis() + 24*60*60*1000)) //设置token过期时间
.signWith(SignatureAlgorithm.HS256, "QIANfeng6666") //设置加密方式和加密密码
.compact();
return token;
}
@RequestMapping("/loginAfter")
public void loginAfter(HttpServletRequest request, HttpServletResponse response, HttpSession session){
System.out.println("获取到Cookie中的键值对 loginAfter");
}
}
InterceptorConfig拦截器注册
package com.stu.controller.config;
import com.stu.controller.interceptor.CheckTokenInterceptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
@Autowired
private CheckTokenInterceptor checkTokenInterceptor;
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(checkTokenInterceptor)
.addPathPatterns("/**").excludePathPatterns("/login/login");
}
}
CheckTokenInterceptor拦截器
package com.stu.controller.interceptor;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.stu.controller.vo.ResultVO;
import io.jsonwebtoken.*;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.io.PrintWriter;
@Component
public class CheckTokenInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
String method = request.getMethod();
if("OPTIONS".equalsIgnoreCase(method)){
return true;
}
HttpSession session = request.getSession();
Object user = session.getAttribute("loginsession");
Cookie[] cookies = request.getCookies();
if(cookies != null){
for (Cookie cookie : cookies) {
if("logincodecookie".equals(cookie.getName())) {
System.out.println("获取到Cookie中的键值对" + cookie.getName() + "===== " + cookie.getValue());
}
}
}
String token = request.getHeader("token");
if(token == null){
ResultVO resultVO = new ResultVO(20001, "请先登录!", null);
doResponse(response,resultVO);
}else{
try {
JwtParser parser = Jwts.parser();
parser.setSigningKey("QIANfeng6666"); //解析token的SigningKey必须和生成token时设置密码一致
//如果token正确(密码正确,有效期内)则正常执行,否则抛出异常
Jws<Claims> claimsJws = parser.parseClaimsJws(token);
return true;
}catch (ExpiredJwtException e){
ResultVO resultVO = new ResultVO(20002, "登录过期,请重新登录!", null);
doResponse(response,resultVO);
}catch (UnsupportedJwtException e){
ResultVO resultVO = new ResultVO(20001, "Token不合法,请自重!", null);
doResponse(response,resultVO);
}catch (Exception e){
ResultVO resultVO = new ResultVO(20001, "请先登录!", null);
doResponse(response,resultVO);
}
}
return false;
}
private void doResponse(HttpServletResponse response,ResultVO resultVO) throws IOException {
response.setContentType("application/json");
response.setCharacterEncoding("utf-8");
PrintWriter out = response.getWriter();
String s = new ObjectMapper().writeValueAsString(resultVO);
out.print(s);
out.flush();
out.close();
}
}