springboot项目中登录方式通过缓存redis及过滤器的实现
1. 登录在后台通过相应的业务逻辑判断然后生成相应的token并存放入redis中两个小时
/***
* 登录
* @param userName
* @param passWord
* @param request
* @return
*/
//Controller层
@ResponseBody
@RequestMapping(value = "/notValidate/login", method = RequestMethod.POST)
@CheckParam("userName,passWord")
public ResultEntity login(String userName, String passWord, HttpServletRequest request){
return service.login(userName,passWord);
}
//setvice层
@ResponseBody
@RequestMapping(value = "/Channel/login", method = RequestMethod.POST)
ResultEntity login(@RequestParam(value = "userName") String userName, @RequestParam(value = "passWord") String passWord);
//user服务中的Controller
/**
* 登录
*
* @return
*/
@RequestMapping(value = "/login", method = RequestMethod.POST)
@ResponseBody
public ResultEntity login(String userName, String passWord) {
userName = userName.trim();
boolean mobile_11num = RegexUtil.isMobile_11num(userName);
CorpUser corpUser = null;
if (mobile_11num) {
corpUser = channelCorpUserService.getCorpUserByMobile(userName);
}
if (corpUser != null) {
try {
Boolean pass = null;
pass = channelCorpUserService.verifyPassword(userName, passWord);
if (pass != null && pass) {
/***
* // 用户状态为可用 '认证状态:-1=暂时无需认证,1=待认证,2=认证中,3=认证通过,4=认证失败',
*/
if(corpUser.getCertificationStatus()!=null&&corpUser.getCertificationStatus()==3) {
//判断渠道商是否下架 (是否发布(0:未发布、1:已发布、-1:已下架))
int Ispublish = channelCorpUserService.getCorpPublishByUserId(corpUser.getId());
if(Ispublish==-1){
return new ResultEntity(false, "413", "账号状态异常(企业下架),无法登录", "status=" + corpUser.getStatusNo());
}
}
if (corpUser.getStatusNo().intValue() >= 1) {
Date date1 = new Date();
String date = DateConvertUtils.format(date1);
logger.info("用户登录成功");
String timeStamp = System.currentTimeMillis()+ "";
String token = creatToken(timeStamp, userName);
redisUtil.set(ChanneUserConstants.TOKEN + token, corpUser, ChanneUserConstants.user_token_tinme);
// 3.登录成功后,将记录保存到redis,供数据中心获取
Map map = new HashMap<String, Object>();
corpUser.setPassword("");
map.put("token", token);
map.put("corpUser", corpUser);
/**获取商户优蓝网企业信息(获取优蓝网企业id)*/
YlwTianyanchaCorpBase byEhrCorpId = channelCorpFeign.getTycByEhrCorpId(corpUser.getCorpId());
map.put("ylwCompanyId", byEhrCorpId !=null ? byEhrCorpId.getYlCompanyId() : null);
map.put("companyName", byEhrCorpId != null ? byEhrCorpId.getName() : null);
//获取用户的角色权限
List<String> rolePermission = channelCorpUserService.getRolePermission(corpUser.getId());
map.put("rolePermission",rolePermission);
return new ResultEntity(true, "200", "登录成功", map);
} else {
return new ResultEntity(false, "413", "账号状态异常,无法登录", "status=" + corpUser.getStatusNo());
}
} else {
return new ResultEntity(false, "412", "密码输入错误,登录失败");
}
} catch (Exception e) {
logger.info("用户session信息存入缓存失败");
e.printStackTrace();
return new ResultEntity(false, "411", "用户名或密码错误");
}
} else {
return new ResultEntity(false, "413", "用户不存在,登录失败");
}
}
2.通过token获取用户信息
import com.alibaba.fastjson.JSONObject;
import com.ylkz.constants.ChanneUserConstants;
import com.ylkz.entity.corpUser.CorpUser;
import com.ylkz.interfac.ChanneCorpUserService;
import com.ylkz.util.RedisUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
/**
* 基类
*/
@Component
public class BaseController {
@Autowired
private RedisUtil redisUtil;
@Autowired
ChanneCorpUserService service;
/**
* 通过用户token获取用户实体
*
* @param token
* @return
*/
public CorpUser getSysUserByToken(String token){
CorpUser corpUser =null;
if ( token != null && token.trim().length() > 0){
// 存储用户详情
Object object = redisUtil.get(ChanneUserConstants.TOKEN + token);
if (object != null ) {
corpUser= JSONObject.parseObject(object.toString(),CorpUser.class);
if (corpUser != null){
if(corpUser.getCertificationStatus()==1||corpUser.getCertificationStatus()==2){
corpUser = service.getCorpUserByMobile(corpUser.getMobile());
}
redisUtil.set(ChanneUserConstants.TOKEN + token, corpUser, ChanneUserConstants.user_token_tinme);
}
}
}
return corpUser;
}
}
3.当请求经过过滤器Filter时, chain.doFilter(request, response)方法可以直接放过相关方法。
import com.alibaba.fastjson.JSONObject;
import com.ylkz.constants.ChanneUserConstants;
import com.ylkz.entity.vo.ResultMessage;
import com.ylkz.sysCode.SysCode;
import com.ylkz.util.RedisUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
/**
* 过滤器
*/
@Component
@WebFilter(filterName="/loginFilter",urlPatterns="/*")
public class CheckLoginFilter implements Filter {
static Logger logger = LoggerFactory.getLogger(CheckLoginFilter.class.getName());
/**
* 封装,不需要过滤的list列表
* pattern是指关于正则表达式,比较好的帖子
* https://www.cnblogs.com/gdwkong/articles/7782331.html
*/
protected static List<Pattern> patterns = new ArrayList<Pattern>();
static {
patterns.add(Pattern.compile("/login"));
patterns.add(Pattern.compile("/channelDemand/getRuleBaseList"));
patterns.add(Pattern.compile("/channelDemand/selectCountRule"));
patterns.add(Pattern.compile("/channelDemand/addReturnFeeForQhWeb"));
patterns.add(Pattern.compile("/channelDemand/editInterviewScheduled"));
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Autowired
private RedisUtil redisUtil;
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
String requestURI = request.getRequestURI();
if(requestURI.contains("notValidate") ) {
chain.doFilter(request, response);
return;
} else if(this.isInclude(requestURI)) {
//排除非验证接口
chain.doFilter(request, response);
return;
} else {
String token = request.getParameter("token");
if (token != null && token.length() > 0) {
boolean hasKey = redisUtil.hasKey(ChanneUserConstants.TOKEN + token);
if(hasKey){
// 用户的token存在
chain.doFilter(request,response);
redisUtil.expire(ChanneUserConstants.TOKEN + token,2 * 60 * 60);
return;
}
}
// 用户不处于登录状态,返回错误信息
ResultMessage resultMessage = new ResultMessage(SysCode.TOKEN_NOTFOUND.getCode(),"系统无token信息,用户需要重新登录");
String responseJSONObject = JSONObject.toJSONString(resultMessage);
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json; charset=utf-8");
PrintWriter out = null;
try {
out = response.getWriter();
out.append(responseJSONObject);
out.flush();
} catch (IOException e) {
e.printStackTrace();
} finally {
if (out != null) {
out.close();
}
}
}
}
@Override
public void destroy() {
}
/**
* 是否需要过滤
* @param url
* @return
*/
private boolean isInclude(String url) {
for (Pattern pattern : patterns) {
Matcher matcher = pattern.matcher(url);
if (matcher.matches()) {
return true;
}
}
return false;
}
}
创建token
/**
* 创建session_token
*
* @param ipAddress
* @param username
* @return
*/
public String creatToken(String ipAddress, String username) {
Base64 base64 = new Base64();
String text = ipAddress + "," + username;
byte[] textByte = new byte[0];
try {
//编码
textByte = text.getBytes("UTF-8");
String encodedText = base64.encodeToString(textByte);
return encodedText;
} catch (UnsupportedEncodingException e) {
logger.info("token编码失败了,ipAddress:" + ipAddress + ",username:" + username);
e.printStackTrace();
return null;
}
}
4.举例说明:
在Controller层代码中获取用户信息,处理相应的业务逻辑,以及通过过滤器Filter校验用户是否登录。
@RequestMapping(value = "releaseDemandgrounding", method = RequestMethod.POST)
@ResponseBody
private ResultMessage releaseDemandgrounding( ExDemandBean exDemandBean , SetRuleReceiveRecord setRuleReceiveRecord) {
String token = exDemandBean.getToken();
CorpUser user = getSysUserByToken(token);
if (user != null) {
exDemandBean.setMemberId(user.getId());
} else {
return new ResultMessage(ChannelDemandCode.BADDATA.getCode(), ChannelDemandCode.BADDATA.getDesc());
}
//佣金信息添加到发布职位
exDemandBean.setSetRuleReceiveRecord(setRuleReceiveRecord);
ResultMessage mage = demandService.releaseDemandgrounding(exDemandBean);
return mage;
}
当请求时我们可以通过过滤器对用户是否登录进行过滤校验,并且可以设置某些请求是可以不需要验证的直接放过即可。
类似的功能都可以通过Filter来实现相关的过滤。