SSO单点登录:当用户登录一次以后,即可获得访问单点登录系统中其他关联系统和应用软件的权限。这里选用了redis实现了简单的单点登录。
1、编写登录接口,登录信息验证成功后,生成token,将token信息存入redis。并将token放回给前端,前端将token信息存放。
// 校验用户名和验证码是否正确
//...
//登录成功,生成token
String token = UUID.randomUUID().toString();
if (token.contains(CommonConstant.HORIZONTAL_LINE)) {
token = token.replace(CommonConstant.HORIZONTAL_LINE, "");
}
//将用户登录信息存到redis
redisUtil.hPut(user.getLoginName(), CommonConstant.TOKEN, token);
//设置登录过期时间
redisUtil.expire(user.getLoginName(), CommonConstant.LOGIN_EXPIRE_DAYS, TimeUnit.DAYS);
2、编写登录拦截器,判断前端传过来的token是否正确且有效,如果正常,则放行,反之将错误信息返回
@Component
public class AuthInterceptor implements HandlerInterceptor {
@Resource
private RedisUtil redisUtil;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
response.setCharacterEncoding("UTF-8");
response.setContentType("text/html;charset=utf-8");
String token = request.getHeader("token");
String loginName = request.getHeader("loginName");
if (ObjectUtils.isEmpty(token) || ObjectUtils.isEmpty(loginName)) {
response.getWriter().print("用户未登录,请登录后操作!");
return false;
}
boolean flag = redisUtil.hExists(loginName, CommonConstant.TOKEN) && token.equals(redisUtil.hGet(loginName,CommonConstant.TOKEN));
if(flag){
redisUtil.expire(CommonConstant.TOKEN, CommonConstant.LOGIN_EXPIRE_DAYS, TimeUnit.DAYS);
}else{
response.getWriter().print("token错误,请查看!");
return false;
}
return true;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
}
}
参考文章:https://blog.csdn.net/qq_32534441/article/details/90264485