如何使用token保存用户登录信息
1.登录成功后生产token
登录成功之后,后台生成一个token,将token保存在redis中,key是token,value是用户id,并且把token响应给前端,前端每次请求时都把token传给后台进行鉴权。生成token代码如下:
private String logining(String account,Long userId){
String token = Constants.TOKEN + Md5Util.md5(account + String.valueOf(System.currentTimeMillis())) + new Random().nextInt(1000);
RedisUtils.put(token, userId, DAYS, TOKEN_TIMEOUT);
return token;
}
2.自定义拦截器实现鉴权
@Order(Ordered.HIGHEST_PRECEDENCE)
public class AuthorizeInterceptor extends HandlerInterceptorAdapter {
@Autowired
private UserSysRedis userSysRedis;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
String accessToken = request.getHeader("access-token");
String deviceId = request.getHeader("device-id");
if (isNullOrEmpty(accessToken)) {
throw new UnauthorizedException();
}
Long userId = RedisUtils.get(accessToken, Long.class);
if (Objects.isNull(userId)) {
throw new UnauthorizedException();
}
GlobalRequestContext.setUserId(userId);
GlobalRequestContext.setAccessToken(accessToken);
GlobalRequestContext.setDeviceId(deviceId);
checkDeviceInfo(userId,deviceId);
return super.preHandle(request, response, handler);
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
throws Exception {
super.afterCompletion(request, response, handler, ex);
}
/**
* 校验设备信息
* @param userId 用户id
* @param deviceId 设备id
*/
public void checkDeviceInfo(Long userId,String deviceId){
if(StringUtils.isEmpty(deviceId)){
return;
}
String key = AuthConstant.TEACHER_DEVICE_KEY+userId;
//如果设备已注册到redis中,判断当前设备是否可用
if(userSysRedis.hashHasKey(key,deviceId)){
TeacherDeviceInfo deviceInfo = userSysRedis.hashGet(key, deviceId, new TypeReference<TeacherDeviceInfo>() {
});
if(Objects.isNull(deviceInfo)){
return;
}
if(DeviceStatusEnum.ALTER_PASSWORD.equals(deviceInfo.getDeviceStatus())){
//修改密码,抛出异常
throw new CustomException(UserExceptionEnum.USER_ALTER_PASSWORD.getMsg(),
UserExceptionEnum.USER_ALTER_PASSWORD.getCode(),null);
}
return;
}
//如果未注册,则添加到redis中
TeacherDeviceInfo teacherDeviceInfo = new TeacherDeviceInfo()
.setDeviceId(deviceId)
.setDeviceStatus(DeviceStatusEnum.NORMAL_STATUS);
userSysRedis.hashPut(key,deviceId,teacherDeviceInfo);
}
}
自定义拦截器继承HandlerInterceptorAdapter,在里面实现登录校验逻辑。逻辑是前端请求头传入token的值,后台拿到token后去redis中取,如果取到说明登录了,未取到说明没登录,跳转至登录页。
配置鉴权拦截器,交给spring管理:
/**
-
教师端鉴权拦截器配置
-
@author liuzhihao
-
@date 2018/7/24
*/
@Configuration
@Slf4j
public class AuthorizeConfiguration extends WebMvcConfigurerAdapter {/**
- 在此处将拦截器注册成一个bean,可以在拦截器中使用@Autowired注入其它对象
*/
@Bean
public AuthorizeInterceptor authorizeInterceptor(){
return new AuthorizeInterceptor();
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(authorizeInterceptor())
.addPathPatterns(“//teacher-app/”)
.excludePathPatterns(“//open/”);super.addInterceptors(registry);
}
}
这样请求路径中只要有teacher-app都会被拦截到 - 在此处将拦截器注册成一个bean,可以在拦截器中使用@Autowired注入其它对象
3.使用
接口方法:
@PutMapping("/teacher-app/{transferId}")
public Response<SchoolClassTransfer> update(
@PathVariable("transferId") Long transferId, @RequestParam Long classId,@RequestParam Integer status) {
long userId = GlobalRequestContext.getUserId();
//处理业务逻辑
return new Response<SchoolClassTransfer>().ok(classTransfer);
}
所有请求路径中带teacher-app的都会被拦截,进行鉴权,如果鉴权通过,则可以通过GlobalRequestContext.getUserId()取出登录用户id,鉴权不通过则抛出异常,前端跳转至登录页面。