博客系统 - 登录功能
第1关:通过用户信息进行登录
UserController.java
package net.educoder.controller;
import java.util.Random;
import javax.servlet.http.HttpServletRequest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.util.DigestUtils;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import net.educoder.entity.Result;
import net.educoder.entity.TUser;
import net.educoder.service.impl.UserService;
@Controller
public class UserController {
@Autowired
HttpServletRequest httpServletRequest;
@Autowired
UserService userService;
@RequestMapping("/login")
@ResponseBody
public Result login(@RequestParam(name = "userName") String userName,
@RequestParam(name = "passWord") String passWord) {
//第一关请在这里写登录接口
/********* Begin *********/
TUser user = new TUser();
user.setUserName(userName);
user.setPassWord(passWord);
Result result = userService.login(user);
// 如果用户登录合法,将登录凭证加入到用户成功的session内
if(result.getCode() == 0) {
httpServletRequest.getSession().setAttribute("is_login", true);
httpServletRequest.getSession().setAttribute("userInfo", result.getData());
}
/********* End *********/
return result;
}
@RequestMapping("/logout")
@ResponseBody
public String logout() {
//第三关请在这里写注销接口
/********* Begin *********/
return null;
/********* End *********/
}
@RequestMapping("/getotp")
@ResponseBody
public String getotp(@RequestParam(name = "telphone") String telphone) {
Random random = new Random();
String opt = String.valueOf(random.nextInt(1000000));
httpServletRequest.getSession().setAttribute(telphone, opt);
return opt;
}
@RequestMapping("/register")
@ResponseBody
public Result register(@RequestParam(name = "optCode") String optCode,
@RequestParam(name = "userName") String userName, @RequestParam(name = "passWord") String passWord,
@RequestParam(name = "phone") String phone) {
Result result = new Result();
// 验证手机号和对应的`optCode`是否相符合
Object sessionOptcode = httpServletRequest.getSession().getAttribute(phone);
if (!org.thymeleaf.util.StringUtils.equals(sessionOptcode, optCode)) {
result.setCode(-1);
result.setMessage("验证码验证失败");
return result;
}
// 参数验证通过后,把数据存入TUser
TUser user = new TUser();
user.setPassWord(DigestUtils.md5DigestAsHex(passWord.getBytes()));
user.setUserName(userName);
user.setPhone(phone);
//调用注册接口完成注册
result = userService.addUser(user);
return result;
}
}
UserService.java
package net.educoder.service.impl;
import java.util.Map;
import org.apache.tomcat.util.security.MD5Encoder;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.util.DigestUtils;
import net.educoder.entity.Result;
import net.educoder.entity.TUser;
import net.educoder.mapper.UserMapper;
import net.educoder.service.ValidatorService;
@Service
public class UserService {
@Autowired
UserMapper userMapper;
@Autowired
ValidatorService validatorService;
/**
* 用户注册
* @param user 用户信息
* @return
*/
public Result addUser(TUser user) {
Result result = new Result();
// 进入注册流程
// 对参数进行验证
// if (org.springframework.util.StringUtils.isEmpty(user.getPhone())
// || org.springframework.util.StringUtils.isEmpty(user.getUserName())
// || org.springframework.util.StringUtils.isEmpty(user.getPassWord())) {
// result.setCode(-1);
// result.setMessage("参数验证失败");
// return result;
// }
// 对参数进行验证
Map<String, String> validate = validatorService.validate(user);
if (validate.get("code").toString().equals("1")) {
result.setCode(-1);
result.setMessage(validate.get("message").toString());
return result;
}
// 注册之前还要进行查询
TUser queryByUserName = userMapper.queryByUserName(user.getUserName());
if(queryByUserName != null) {
result.setCode(-1);
result.setMessage("当前用户名已经被注册");
return result;
}
// 最后调用mapper进行注册
userMapper.insert(user);
result.setCode(0);
result.setMessage("成功");
result.setData(user);
return result;
}
public Result login(TUser user) {
Result result = new Result();
/********* Begin *********/
String userName=user.getUserName();
String passWord=user.getPassWord();
// 参数校验
if (org.springframework.util.StringUtils.isEmpty(userName)
|| org.springframework.util.StringUtils.isEmpty(passWord)) {
result.setCode(-1);
result.setMessage("参数验证失败");
return result;
}
//效验用户登录是否合法
TUser queryByUserName = userMapper.queryByUserName(userName);
if(queryByUserName == null) {
result.setCode(-1);
result.setMessage("用户信息不存在");
return result;
}
//比对用户信息内加密的密码是否和传输的密码一致
if(!queryByUserName.getPassWord().equals(DigestUtils.md5DigestAsHex(passWord.getBytes()))) {
result.setCode(-1);
result.setMessage("用户密码错误");
return result;
}
//把登录密码清空,不需要返回密码信息
queryByUserName.setPassWord(null);
//密码验证通过,返回成功
result.setCode(0);
result.setMessage("成功");
result.setData(queryByUserName);
/********* End *********/
return result;
}
}
第2关:简单的权限控制,未登录用户禁止访问
WebConfig.java
package net.educoder.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import net.educoder.interceptors.LoginInterceptor;
@Configuration
public class WebConfig implements WebMvcConfigurer {
@Autowired
private LoginInterceptor loginInterceptor;
// 这个方法是用来配置静态资源的,比如html,js,css,等等
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
}
// 这个方法用来注册拦截器,我们自己写好的拦截器需要通过这里添加注册才能生效
@Override
public void addInterceptors(InterceptorRegistry registry) {
/********* Begin *********/
registry.addInterceptor(loginInterceptor).addPathPatterns("/**").excludePathPatterns("/login", "/register","/getotp","/index","/js/**","/css/**","/layer/**");
/********* End *********/
}
}
LoginInterceptor.java
package net.educoder.interceptors;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import net.educoder.entity.TUser;
@Component
public class LoginInterceptor implements HandlerInterceptor {
//这个方法是在访问接口之前执行的,我们只需要在这里写验证登陆状态的业务逻辑,就可以在用户调用指定接口之前验证登陆状态了
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
/********* Begin *********/
HttpSession session = request.getSession();
//这里的TUser是登陆时放入session的
TUser user = (TUser) session.getAttribute("userInfo");
//如果session中没有user,表示没登陆
if (user == null){
//设置编码格式
response.setContentType("text/html;charset=utf-8");
//这个方法返回false表示忽略当前请求,如果一个用户调用了需要登陆才能使用的接口,如果他没有登录,提示当前用户没有登录
response.getWriter().write("当前用户没有登录");;
return false;
}else {
return true; //如果session里有user,表示该用户已经登陆
}
/********* End *********/
}
}
第3关:退出登录功能
package net.educoder.controller;
import java.util.Random;
import javax.servlet.http.HttpServletRequest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.util.DigestUtils;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import net.educoder.entity.Result;
import net.educoder.entity.TUser;
import net.educoder.service.impl.UserService;
@Controller
public class UserController {
@Autowired
HttpServletRequest httpServletRequest;
@Autowired
UserService userService;
@RequestMapping("/login")
@ResponseBody
public Result login(@RequestParam(name = "userName") String userName,
@RequestParam(name = "passWord") String passWord) {
//第一关请在这里写登录接口
/********* Begin *********/
TUser user = new TUser();
user.setUserName(userName);
user.setPassWord(passWord);
Result result = userService.login(user);
// 如果用户登录合法,将登录凭证加入到用户成功的session内
if(result.getCode() == 0) {
httpServletRequest.getSession().setAttribute("is_login", true);
httpServletRequest.getSession().setAttribute("userInfo", result.getData());
}
/********* End *********/
return result;
}
@RequestMapping("/logout")
@ResponseBody
public String logout() {
//第三关请在这里写注销接口
/********* Begin *********/
httpServletRequest.getSession().invalidate();
return "success";
/********* End *********/
}
@RequestMapping("/getotp")
@ResponseBody
public String getotp(@RequestParam(name = "telphone") String telphone) {
Random random = new Random();
String opt = String.valueOf(random.nextInt(1000000));
httpServletRequest.getSession().setAttribute(telphone, opt);
return opt;
}
@RequestMapping("/register")
@ResponseBody
public Result register(@RequestParam(name = "optCode") String optCode,
@RequestParam(name = "userName") String userName, @RequestParam(name = "passWord") String passWord,
@RequestParam(name = "phone") String phone) {
Result result = new Result();
// 验证手机号和对应的`optCode`是否相符合
Object sessionOptcode = httpServletRequest.getSession().getAttribute(phone);
if (!org.thymeleaf.util.StringUtils.equals(sessionOptcode, optCode)) {
result.setCode(-1);
result.setMessage("验证码验证失败");
return result;
}
// 参数验证通过后,把数据存入TUser
TUser user = new TUser();
user.setPassWord(DigestUtils.md5DigestAsHex(passWord.getBytes()));
user.setUserName(userName);
user.setPhone(phone);
//调用注册接口完成注册
result = userService.addUser(user);
return result;
}
}