- redis数据源接入
- redis缓存
- 用户登录标识缓存
- 访问接口权限拦截
访问接口权限拦截
@Authorization
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface Authorization {
// UserTypeEnum userType() default UserTypeEnum.NORMAL_USER;
}
@CurrentUser
@Target(ElementType.PARAMETER)
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface CurrentUser {
}
CurrentUserMethodArgumentResolver
package arthur.test.resolver;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.MethodParameter;
import org.springframework.stereotype.Component;
import org.springframework.web.bind.support.WebDataBinderFactory;
import org.springframework.web.context.request.NativeWebRequest;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.method.support.ModelAndViewContainer;
import org.springframework.web.multipart.support.MissingServletRequestPartException;
import arthur.test.annotation.CurrentUser;
import arthur.test.constant.WebConstants;
import arthur.test.manager.BuSystemManager;
import arthur.test.po.BuSystemPO;
/**
* @Author:Arthur Han
* @Description:
* @CreateDate:2017/3/2912:13
* @Modified By:
*/
@Component
public class CurrentUserMethodArgumentResolver implements HandlerMethodArgumentResolver {
@Autowired
private BuSystemManager buSystemManager;
@Override
public boolean supportsParameter(MethodParameter parameter) {
if (parameter.hasParameterAnnotation(CurrentUser.class)) {
return true;
}
return false;
}
@Override
public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer, NativeWebRequest webRequest, WebDataBinderFactory binderFactory) throws Exception {
//取出鉴权时存入的登录用户Id
Long currentUserId = (Long) webRequest.getAttribute(WebConstants.CURRENT_USER_ID, RequestAttributes.SCOPE_REQUEST);
if (currentUserId != null) {
//从数据库中查询并返回
BuSystemGetRequest buSystemGetRequest=new BuSystemGetRequest();
buSystemGetRequest.setUserID(currentUserId);
BuSystemGetRespone buSystemGetRespone=buSystemManager.get(buSystemGetRequest);
if (buSystemGetRespone.hasError()||buSystemGetRespone.getResult()==null) throw new MissingServletRequestPartException(WebConstants.CURRENT_USER_ID);;
BuSystemPO user=buSystemGetRespone.getResult();
return user;
}else {
throw new MissingServletRequestPartException(WebConstants.CURRENT_USER_ID);
}
}
}
UserController
public class UserController {
@Autowired
private UserManager userManager;
@Autowired
private TokenManager tokenManager;
@RequestMapping(value = "/login", method = RequestMethod.POST)
public ResponseEntity<ResultModel> login( @RequestParam String userName,
@RequestParam String passWord){
//验证登录
User user=userManager.login(userName,passWord);
if(user!=null){
//记录token至Redis
TokenModel model=new TokenModel(user.getUserId(),UUID.randomUUID().toString(),user.getUserName());
model=tokenManager.createToken(model);
return new ResponseEntity<>(ResultModel.error(ResultStatus.INVALID_USERNAME), HttpStatus.NOT_ACCEPTABLE);
}else{
return new ResponseEntity<>(ResultModel.error(ResultStatus.INVALID_USERNAME), HttpStatus.NOT_ACCEPTABLE);
}
}
@RequestMapping(value = "/loginout",method = RequestMethod.POST)
@Authorization
@ApiImplicitParams({
@ApiImplicitParam(name = "authorization", value = "authorization", required = true,paramType = "header", dataType = "string")
})
public ResponseEntity<ResultModel> loginOut(@ApiParam(name="user",value="当前用户",required=false) @CurrentUser BuSystemPO user){
tokenManager.deleteToken(user.getUserId());
return new ResponseEntity<>(ResultModel.ok(), HttpStatus.OK);
}
}
将用户标识放在请求头中authorization:token;
ajax设置请求头:
$.ajax({
headers: {
authorization: $.cookie('authorization')
},
type: typr,
url:url,
data:data,
success: function (res) {
}
});