流程
生成验证码:easy-captcha
它的官网:
GitHub - pig-mesh/easy-captcha: https://github.com/whvcse/EasyCaptcha增强JAVA11
里面详细的说明了如何生成easy-captcha
Surfing:不想研究的同学可直接抄作业 😀
导入依赖
<dependencies>
<dependency>
<groupId>io.springboot.plugin</groupId>
<artifactId>captcha-spring-boot-starter</artifactId>
<version>2.2.3</version>
</dependency>
</dependencies>
直接使用
@Service
public class LoginServiceImpl implements LoginService {
@Autowired
private StringRedisTemplate redisTemplate;
@Autowired
private SystemUserMapper systemUserMapper;
// 生成图像验证码
@Override
public CaptchaVo getCaptcha() {
// 生成图形验证码
SpecCaptcha specCaptcha = new SpecCaptcha(130, 48, 5);
String verCode = specCaptcha.text().toLowerCase();
String key = RedisConstant.ADMIN_LOGIN_PREFIX+ UUID.randomUUID().toString();
redisTemplate.opsForValue().set(key,verCode,RedisConstant.ADMIN_LOGIN_CAPTCHA_TTL_SEC ,TimeUnit.SECONDS);
CaptchaVo build = CaptchaVo.builder()
.key(key)
.image(specCaptcha.toBase64())
.build();
return build;
}
}
校验信息: 校验逻辑
步骤大概如下 自顶向下依次判断(箭头方向好像标错了)
jwt :生成token
它的相关文档:GitHub - jwtk/jjwt: Java JWT: JSON Web Token for Java and Android
Surfing:不想看文档的直接来抄作业 ☺
导入依赖
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-api</artifactId>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-impl</artifactId>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-jackson</artifactId>
<scope>runtime</scope>
</dependency>
创建工具类
package com.atguigu.lease.common.utils;
import com.atguigu.lease.common.exception.LeaseException;
import com.atguigu.lease.common.result.ResultCodeEnum;
import io.jsonwebtoken.*;
import io.jsonwebtoken.security.Keys;
import io.jsonwebtoken.security.SignatureException;
import javax.crypto.SecretKey;
import java.util.Date;
public class JWTUtils {
private static SecretKey secretKey = Keys.hmacShaKeyFor("SBO95aNXM4M4RyOl625r7WfGwT3hRsVe".getBytes());
public static String createToken(Long userId , String username){
String compact = Jwts.builder()
.setExpiration(new Date(System.currentTimeMillis() + 3600000))
.setSubject("Login_USER")
.claim("userId", userId)
.claim("username", username)
.signWith(secretKey, SignatureAlgorithm.HS256)
.compact();
return compact;
}
// 解析token 校验token
public static void parseToken(String token){
if(token == null){
throw new LeaseException(ResultCodeEnum.ADMIN_LOGIN_AUTH);
}
try {
// jwt前两部分 + 密钥验证 这一部分
JwtParser jwtParser = Jwts.parserBuilder().setSigningKey(secretKey).build();
jwtParser.parseClaimsJws(token);
} catch (ExpiredJwtException e) {
throw new LeaseException(ResultCodeEnum.TOKEN_EXPIRED);
} catch (JwtException e) {
throw new LeaseException(ResultCodeEnum.TOKEN_INVALID);
}
}
}
下面调用此方法即可
携带token:保持用户状态
我们需要拦截器 对于没有登录的用户我们禁止访问网站内部 :
Surfing:第一步设置一个拦截器
package com.atguigu.lease.web.admin.custom.interceptor;
import com.atguigu.lease.common.exception.LeaseException;
import com.atguigu.lease.common.result.ResultCodeEnum;
import com.atguigu.lease.common.utils.JWTUtils;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import java.awt.desktop.PreferencesHandler;
@Component
public class AuthenticationInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
// 获取token
String token = request.getHeader("access-token");
// 校验token
JWTUtils.parseToken(token);
return true;
}
}
2.配置
package com.atguigu.lease.web.admin.custom.config;
import com.atguigu.lease.web.admin.custom.converter.StringToBaseEnumConverterFactory;
import com.atguigu.lease.web.admin.custom.interceptor.AuthenticationInterceptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.format.FormatterRegistry;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
public class WebMvcConfiguration implements WebMvcConfigurer {
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(this.authenticationInterceptor)
.addPathPatterns("/admin/**")
.excludePathPatterns("/admin/login/**");
}
}