月光下有两个影子,一个是我的,另一个也是我的
一、登录
编辑 src/main/java/com/reggie/controller/EmployeeController
类:
package com.reggie.controller;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.reggie.common.R;
import com.reggie.entity.Employee;
import com.reggie.service.EmployeeService;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.util.DigestUtils;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpServletRequest;
@Slf4j
@RestController
@RequestMapping("/employee")
public class EmployeeController {
@Autowired
private EmployeeService employeeService;
@PostMapping("/login")
public R<Employee> login(HttpServletRequest request, @RequestBody Employee employee) {
// 1. 将页面提交的密码 password 进行 md5 加密处理
String password = employee.getPassword();
password = DigestUtils.md5DigestAsHex(password.getBytes());
// 2. 根据用户名 username 查询数据库
LambdaQueryWrapper<Employee> queryWrapper = new LambdaQueryWrapper<>();
queryWrapper.eq(Employee::getUsername, employee.getUsername());
Employee emp = employeeService.getOne(queryWrapper);
// 3. 如果没有查询到直接返回登录失败结果
if(emp == null) {
return R.error("登录失败");
}
// 4. 密码比对,如果不一致则返回登录失败结果
if(!emp.getPassword().equals(password)) {
return R.error("登录失败");
}
// 5. 查看员工状态,如果已禁用,则返回禁用结果
if(emp.getStatus() == 0) {
return R.error("账号已禁用");
}
// 6. 登录成功,将员工 id 存入 session,并返回登录成功结果
request.getSession().setAttribute("employee", emp.getId());
return R.success(emp);
}
}
二. 退出
编辑 src/main/java/com/reggie/controller/EmployeeController
类:
...
public R<Employee> login(HttpServletRequest request, @RequestBody Employee employee) {
...
}
/**
* 员工退出
* @return
*/
@PostMapping("/logout")
public R<String> logout(HttpServletRequest request) {
// 清除当前员工 session 中保存的员工信息
request.getSession().removeAttribute("employee");
return R.success("退出成功");
}
}
三. 拦截器
对所有请求进行判断,如果未登录则直接跳转至登录页面,已登录正常访问,部分请求可直接放行
编辑 src/main/java/com/reggie/filter/LoginCheckFilter
类:
package com.reggie.filter;
import com.alibaba.fastjson.JSON;
import com.reggie.common.R;
import lombok.extern.slf4j.Slf4j;
import org.springframework.util.AntPathMatcher;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* 检查用户是否登录
*/
@Slf4j
@WebFilter(filterName = "loginCheckFilter", urlPatterns = "/*")
public class LoginCheckFilter implements Filter {
// 路径匹配器,支持通配符
public static final AntPathMatcher PATH_MATCHER = new AntPathMatcher();
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
// 1. 获取本次请求的 URI
String requestURI = request.getRequestURI();
log.info("拦截到请求:{}", requestURI);
// 定义不需要处理的请求路径
String[] urls = new String[] {
"/employee/login",
"/employee/logout",
"/backend/**",
"/front/**",
};
// 2. 判断本次请求是否需要处理
boolean check = check(urls, requestURI);
// 3. 如果不需要处理,则直接放行
if(check) {
log.info("本次请求不需要处理:{}", requestURI);
filterChain.doFilter(request, response);
return;
}
// 4. 判断登录状态,如果已登录,则直接放行
if(request.getSession().getAttribute("employee") != null) {
log.info("用户已登录,用户 id 为:{}", request.getSession().getAttribute("employee"));
filterChain.doFilter(request, response);
return;
}
log.info("用户未登录");
// 5. 如果未登录则返回结果,通过输出流方式向客户端响应数据
response.getWriter().write(JSON.toJSONString(R.error("NOTLOGIN")));
return;
}
/**
* 路径匹配,检查本次请求是否需要放行
* @param urls
* @param requestURI
* @return
*/
public boolean check(String[] urls, String requestURI) {
for (String url : urls) {
boolean match = PATH_MATCHER.match(url, requestURI);
if(match) return true;
}
return false;
}
}