最代码的记住登陆机制是通过客户端cookie和服务端session实现的。
拦截器代码
UserInterceptor.javapackage com.zuidaima.interceptor;
import java.util.Date;
import java.util.List;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import net.sf.json.JSONObject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import com.javaniu.core.constants.GlobalConstants;
import com.javaniu.core.constants.ModuleConstants;
import com.javaniu.core.module.User;
import com.javaniu.core.module.support.ModuleDesc;
import com.javaniu.core.service.UserService;
import com.javaniu.core.service.impl.OnlineUserRemind;
import com.javaniu.core.util.CookieUtil;
import com.javaniu.core.util.Security;
/**
*@author www.zuidaima.com
**/
public class UserInterceptor extends HandlerInterceptorAdapter {
@Autowired
public UserService userService;
@Autowired
public OnlineUserRemind onlineUserRemind;
public String getIpAddr(HttpServletRequest request) {
String ip = request.getHeader("x-forwarded-for");
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("Proxy-Client-IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("WL-Proxy-Client-IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getRemoteAddr();
}
return ip;
}
@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler) throws Exception {
HttpSession session = request.getSession();
User user = (User) session
.getAttribute(GlobalConstants.SESSION_LOGIN_USER_NAME);
if (user != null) {// 以db中user为准,以后需要refactor
User _user = userService.findOneById(user.getId());
if (_user.getStatus() != ModuleConstants.MODULE_STATUS_NORMAL) {// 让退出
session.removeAttribute(GlobalConstants.SESSION_LOGIN_USER_NAME);
// 主动退出则删除cookie
Cookie cookie = CookieUtil.newLogoutCookie(user.getId());
response.addCookie(cookie);
response.sendRedirect("/user/login.htm");
return true;
}
// 从db中重新设置会变动属性
// login time不要copy
String name = _user.getName();
user.setName(name);
String avatarUrl = _user.getAvatarUrl();
user.setAvatarUrl(avatarUrl);
int niubi = _user.getNiubi();
user.setNiubi(niubi);
updateIp(user, request);
return true;
}
Cookie[] cookies = request.getCookies();
Cookie cookie = CookieUtil.findLoginCookie(cookies);
if (cookie == null) {// 不强制登录
return true;
}
String descUId = cookie.getValue();
Long userId = Security.decryptUserId(descUId);
if (userId == null) {// 非法用户帐号
return true;
}
user = userService.findOneById(userId);
if (user == null) {// 非法用户帐号
return true;
}
if (user.getStatus() != ModuleConstants.MODULE_STATUS_NORMAL) {// 不正常的账号
return true;
}
updateIp(user, request);
// every ok
session.setAttribute(GlobalConstants.SESSION_LOGIN_USER_NAME, user);
user.setUpdateTime(new Date());
userService.save(user);
return true;
}
private void updateIp(User user, HttpServletRequest request) {
String lastloginIp = getIpAddr(request);
String ip = null;
if (user.getExtend().containsKey(
ModuleConstants.USER_EXTEND_LASTLOGIN_IP)) {
ip = user.getExtend().getString(
ModuleConstants.USER_EXTEND_LASTLOGIN_IP);
}
if (lastloginIp != null) {
if (ip == null || !lastloginIp.equals(ip)) {
JSONObject extend = user.getExtend();
extend.put(ModuleConstants.USER_EXTEND_LASTLOGIN_IP,
lastloginIp);
user.setExtendJson(extend.toString());
userService.save(user);
}
}
}
public void postHandle(HttpServletRequest request,
HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
HttpSession session = request.getSession();
User user = (User) session
.getAttribute(GlobalConstants.SESSION_LOGIN_USER_NAME);
if (user == null) {
return;
}
user.setLoginTime(new Date());
List remindDescs = onlineUserRemind.getRemindDescs(user);
session.setAttribute("remindDescs", remindDescs);
}
}