逻辑:
登录发送的前端请求
$.ajax({
url: 'http://localhost:8080/user/login',
type: "POST",
data:{"phone":phone,"password":password},
xhrFields: {
withCredentials: true
},
async: false,
success:function(data) {
if(data.code == 0){
// 登录成功后把相关信息存入全局域中
localStorage.userId=data.userId;
localStorage.user=data.user;
localStorage.token=data.token;
window.location = 'test1.html';
}else{
alert(data.msg);
}
},
error:function(err) {
console.log(err.data);
},
});
后台逻辑代码
@MethodMapping("login")
private void login(Map<String, Object> map, Map<String, Object> data){
//拿到用户的手机号或者邮箱号
Object phone=map.get("phone");
Object password=map.get("password");
if(phone==null || !StringUtils.isPhoneNumber((String)phone)){
System.out.println(phone);
data.put("code", -1);
data.put("msg","手机号不能为空且要正确的手机号");
}else if(password==null || !StringUtils.isPassword((String)password)){
data.put("code", -1);
data.put("msg","密码不能为空,必须8到16位,且不能出现空格");
}else {
List<Object> params=new ArrayList<>();
params.add(phone);
params.add(password);
UserDO userDo= new BaseDao().executeSql("loginPhone",params,false);
if(userDo==null){
data.put("code", -1);
data.put("msg", "手机号或者密码错误,请重新输入");
}else {
if(userDo.getStatus()==1) {
userDo.setPassword(null);
String token=UUID.randomUUID()+"";
// token 和user 数据返回给前端后,前端存入全局域,
// 之后的请求的时候请求头要带上token,我们验证有没有这个token,
// 前端: localStorage.token=data.token;localStorage.user=data.user
Jedis j=RedisUtils.getConnection();
// 把数据存入redis
j.set(token,token);
// 设置登录过期时间(一天),如果用户一天内为发送请求,则要重新登录
j.expire(token,24*24*60);
data.put("token",token);
data.put("userId",userDo.getUser_id());
data.put("user",userDo);
data.put("code", 0);
data.put("msg", "登陆成功");
}else{
data.put("code", -1);
data.put("msg", "此手机号已被封禁");
}
}
}
}
请求会被过滤器拦截,进行验证
public class LoginFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException {
//校验用户登录状态
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
//Filter过滤器跨域处理
String origin = request.getHeader("Origin");
response.setHeader("Access-Control-Allow-Origin", origin);
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers", "x-requested-with,Authorization,token");
response.setHeader("Access-Control-Allow-Credentials", "true");
//过滤器,如果是登录,注册,忘记密码请求,直接放行
String url = request.getRequestURI();
System.out.println(url);
if(url.endsWith("login")||url.endsWith("sendCode")||url.endsWith("forgetPassword")||url.endsWith("registerPhone")){
chain.doFilter(request, response);
}else {
System.out.println("yyyyy");
String token = request.getHeader("token");
token = token == null ? "" : token;
Jedis j=RedisUtils.getConnection();
// 从redis中此token是否存在,判断是否登录过
if(j.exists(token)){
j.expire(token,24*60*60);
chain.doFilter(request, response);
// 重新设置过期时间
}
else{
//未登录,响应数据
String string = JSONObject.toJSONString(new Result(103,"未登录",0,null));
response.setContentType("json/text;charset=utf-8");
PrintWriter out = response.getWriter();
out.write(string);
System.out.println("未登录");
}
}
}
@Override
public void destroy() {
}
}
以后的请求:请求头带上token
$.ajax({
url: 'http://localhost:8080/user/test',
type: "POST",
headers: {
"token":localStorage.getItem("token")//此处放置请求到的用户token
},
data:{"phone":phone,"password":password},
xhrFields: {
withCredentials: true
},
async: false,
success:function(data) {
},
error:function(err) {
console.log(err.data);
},
});