token流程
为什么要使用token
- 因为session+cookies是基于web的。但是针对api接口,可能会考虑到移动端,app是没有cookies和session的
Token放Cookie里验证登录
@GetMapping("/setToken")
public void setToken(HttpServletRequest request, HttpServletResponse response){
String token = UUID.randomUUID().toString();// 生成token
Cookie cookie = new Cookie("Token",token);
response.addCookie(cookie);
response.setHeader("Token", token);
redisTemplate.opsForValue().set("Token", token);
}
@GetMapping("/tokenLogin")
public void tokenLogin(HttpServletRequest request,HttpServletResponse response) throws IOException {
Cookie[] cookies = request.getCookies();
Optional<Cookie> token2 = Arrays.stream(cookies).filter(cookie -> cookie.getName().equals("Token")).findFirst();
if (!token2.isPresent()){
response.getWriter().write("shibai");
}
Object token1 = redisTemplate.opsForValue().get("Token");
response.getWriter().write(token2.get().getValue().equals(token1) ? "chenggong" : "shibai");
}