案例:通过redis完成对用户的操作限流防刷,并可以从ThreadLocal取出对应的User信息
1.自定义注解的配置
案例:同过redis完成对用户的操作限流防刷的注解
AccessLimit.java
package com.wwk.seckill.access;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.METHOD)
public @interface AccessLimit {
int second() default 5;//过期时间为秒
int maxCount() default 5;//最大访问次数
boolean needLogin()default true;//是否需要登录
}
2.创建对应的UserThreadLocal的对象
package com.wwk.seckill.vo;
import com.wwk.seckill.pojo.User;
public class UserContext {
private static ThreadLocal<User> userThreadLocal=new ThreadLocal<>();
public static User getUserThreadLocal() {
return userThreadLocal.get();
}
public static void setUserThreadLocal(User user) {
userThreadLocal.set(user);
}
}
3.自定义拦截器的配置
package com.wwk.seckill.config;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.wwk.seckill.access.AccessLimit;
import com.wwk.seckill.pojo.User;
import com.wwk.seckill.service.GoodsService;
import com.wwk.seckill.service.OrderService;
import com.wwk.seckill.service.UserService;
import com.wwk.seckill.util.CookieUtil;
import com.wwk.seckill.vo.RespBean;
import com.wwk.seckill.vo.RespBeanEnum;
import com.wwk.seckill.vo.UserContext;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.core.ValueOperations;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.concurrent.TimeUnit;
@Component
public class AccessLimitInterceptor implements HandlerInterceptor {
@Resource
private UserService userService;
@Resource
private RedisTemplate redisTemplate;
@Override
//在执行方法前会调用response方法
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
if (handler instanceof HandlerMethod) {
User user = getUser(request, response);
// 暂时用不到因为在contrlooer里已经做过判断如果User是null的情况下会直接跳转到登录页面
// if (user == null) {
// //没有登录需要填写未登录的提示信息
// return false;
// }
HandlerMethod hm = (HandlerMethod) handler;
AccessLimit accessLimit = hm.getMethodAnnotation(AccessLimit.class);
if (accessLimit == null) { //如果目标方法没有@AccessLimit说明该接口并没有处理限流操作,可以直接返回
return true;
}
//获取注解的值
int second = accessLimit.second();//获取到时间范围
int maxCount = accessLimit.maxCount();//获取到最大的访问次数
boolean needLogin = accessLimit.needLogin();//获取是否需要登录
if (needLogin) {
if (user == null) {//需要登录但是用户没有登录
//处理没有登录的情况
render(response,RespBeanEnum.NOT_LOGIN);
return false;
}
}
//登录过或者不需要登录
//通过redis增加限流逻辑,方式返回请求连接
//redis数据格式:uri:userId 值为数字,5秒内大于5次则限流
ValueOperations valueOperations = redisTemplate.opsForValue();
String uri = request.getRequestURI();
String redisKey = uri + ":" + user.getId();
Integer value = (Integer) valueOperations.get(redisKey);
if (value == null) {//在规定时间内没有请求过
valueOperations.set(redisKey, 1, second, TimeUnit.SECONDS);
} else if (value < maxCount) {//请求没有达到限流标准
valueOperations.increment(redisKey);
} else {//达到了限流标准要进行限流
valueOperations.set(redisKey, maxCount, second, TimeUnit.SECONDS);
render(response,RespBeanEnum.current_limiting);
//这里处理下限流的情况
return false;
}
}
return true;
}
//对返回信息进行处理封装
private void render(HttpServletResponse response,RespBeanEnum respBeanEnum) throws IOException {
response.setContentType("application/json;charset=UTF-8");
RespBean error = RespBean.error(respBeanEnum);
PrintWriter out = response.getWriter();
out.write(new ObjectMapper().writeValueAsString(error));
out.flush();
out.close();
}
//通过ThreadLocal获取到user信息
private User getUser(HttpServletRequest request, HttpServletResponse response) {
//通过cookie的工具类获取到对应的userTicket值
String userTicket = CookieUtil.getCookieValue(request, "userTicket");
//该方法可以通过userTicket从redis里获取到user的信息并返回
User user = userService.getUserByCookie(userTicket, request, response);
if (user == null) {
return null;
}
//保存到ThreadLocal在同线程可以取
UserContext.setUserThreadLocal(user);
return user;
}
}
4. 创建自定义参数解析器,对包含User参数的方法进行解析
package com.wwk.seckill.config;
import com.wwk.seckill.pojo.User;
import com.wwk.seckill.service.UserService;
import com.wwk.seckill.util.CookieUtil;
import com.wwk.seckill.vo.UserContext;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.MethodParameter;
import org.springframework.stereotype.Component;
import org.springframework.web.bind.support.WebDataBinderFactory;
import org.springframework.web.context.request.NativeWebRequest;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.method.support.ModelAndViewContainer;
@Component
public class UserArgumentResolver implements HandlerMethodArgumentResolver {
@Autowired
private UserService userService;
//supportsParameter方法如果返回true就会进入到resolveArgument方法中,反之就不进入
@Override
public boolean supportsParameter(MethodParameter parameter) {
//得到参数的类型匹配是都和User类型一样
Class<?> aClass = parameter.getParameterType();
return aClass==User.class;
}
@Override
public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer,
NativeWebRequest webRequest, WebDataBinderFactory binderFactory) throws Exception {
//从ThreadLocal里取出user信息并返回
return UserContext.getUserThreadLocal();
}
}
5.通过WebMvcConfigurer注册自定义的解析器、拦截器
package com.wwk.seckill.config;
import com.wwk.seckill.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import javax.annotation.Resource;
import java.util.List;
@Configuration
@EnableWebMvc
public class WebMvcConfig implements WebMvcConfigurer {
@Autowired
private UserArgumentResolver userArgumentResolver;
@Resource
private AccessLimitInterceptor accessLimitInterceptor;
//注册自定义拦截器生效
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(accessLimitInterceptor);
}
/**
* addResourceHandlers方法用于配置静态资源的访问路径和资源目录。
* 在这个示例中,我们将所有的静态资源都放在classpath:/static/目
* 录下,并将其映射到URL的根路径。
* @param registry
*/
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/**").addResourceLocations("classpath:/static/");
}
/**
* addArgumentResolvers方法用于配置自定义的参数解析器。在这个示例中,我们将
* 自定义的UserArgumentResolver解析器添加到Spring MVC的解析器列表中,这样
* 就可以在Controller中使用User对象作为方法参数了。
* @param resolvers
*/
@Override
public void addArgumentResolvers(List<HandlerMethodArgumentResolver> resolvers) {
resolvers.add(userArgumentResolver);
}
}
6.用来秒杀商品的Controller,使用了上面的注解和解析器
@RequestMapping("/path")
@ResponseBody
//通过注解已进行限流
@AccessLimit(second = 5,maxCount = 5,needLogin = true)
//这个方法生成路径的同时验证验证码是否一致并返回
//方法参数User user 已经被解析器封装好了,是有对应user信息的
public RespBean path(User user, Long goodsId, String captcha,HttpServletRequest request) {
System.out.println(captcha);
if (user == null || goodsId < 0 || !StringUtils.hasText(captcha)) {
return RespBean.error(RespBeanEnum.USER_CHECK_ERROR);
}
boolean b = orderService.isSeckillCaptcha(user, goodsId, captcha);
if (!b) {
return RespBean.error(RespBeanEnum.CODE_ERROR);
}
// 验证成功后删除redis里的验证码,防止复用
// redisTemplate.delete("seckillCaptcha:" + user.getId() + ":" + goodsId);
String path = orderService.seckillPath(user, goodsId);
return RespBean.success(path);
}