1Controller
@ApiOperation(value = "登录")
@PostMapping("/User/login")
public Result login(String username, String password, HttpSession session,HttpServletRequest request) {
Integer flat=0;
Cookie rcookie = null;
Cookie[] cookies=request.getCookies();
for (Cookie x:cookies) {
if(x.getName().equals("token"))
{
rcookie=x;
flat=1;
System.out.println("存在"+rcookie.getName()+" "+rcookie.getValue());
break;
}
}
if(flat==0)
{
System.out.println(username+ " "+password);
User user = userService.login(username,password);
System.out.println(user.getPassword());
if (user == null || !user.getPassword().equals(userService.getMd5Password(password, user.getSalt()))) {
return Result.build(202, "用户名或密码错误");
} else {
String token = authService.createToken(user);
TokenVO tokenVO = new TokenVO();
tokenVO.setToken(token);
User data = userService.login(username, password);
session.setAttribute("uid", data.getUid());
session.setAttribute("username", data.getUsername());
return Result.ok(tokenVO);
}
}
else {
String token=rcookie.getValue();
User user=authService.findByToken(token);
if(user==null)return Result.build(201, "token验证失败");
else {
User data = userService.login(username, password);
session.setAttribute("uid", data.getUid());
session.setAttribute("username", data.getUsername());
String newtoken = authService.createToken(user);
TokenVO tokenVO = new TokenVO();
tokenVO.setToken(newtoken);
return Result.ok(tokenVO);
}
}
}
@GetMapping("/User/logout")
public Result logout(HttpSession session, HttpServletRequest request)
{
session.invalidate();
String token = TokenUtil.getRequestToken(request);
authService.logout(token);
return Result.build(214, "没有登录");
}
2自定义拦截器
public class AuthInterceptor implements HandlerInterceptor {
@Autowired
private AuthService authService;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws IOException {
String token = TokenUtil.getRequestToken(request);
System.out.println(token);
User userEntity = authService.findByToken(token);
if (userEntity == null&&token!=null) {
setReturn(response, 400, "用户不存在");
return false;
}
if (token!=null&&userEntity.getExpiretime().isBefore(LocalDateTime.now())) {
setReturn(response, 400, "用户登录凭证已失效,请重新登录");
return false;
}
return true;
}
postHandle是进行处理器拦截用的,它的执行时间是在处理器进行处理之后,也就是在Controller的方法调用之后执行,但是它会在DispatcherServlet进行视图的渲染之前执行,也就是说在这个方法中你可以对ModelAndView进行操作。
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) {
}
(3)该方法也是需要当前对应的Interceptor的preHandle方法的返回值为true时才会执行。
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) {
}
private static void setReturn(HttpServletResponse response, int status, String msg) throws IOException {
HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.setHeader("Access-Control-Allow-Credentials", "true");
httpResponse.setHeader("Access-Control-Allow-Origin", HttpContextUtil.getOrigin());
httpResponse.setCharacterEncoding("UTF-8");
httpResponse.setStatus(400);
response.setContentType("application/json;charset=utf-8");
Result build = Result.build(status, msg);
String json = JSON.toJSONString(build);
httpResponse.getWriter().print(json);
}
}
自定义视图
@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
@Bean
public AuthInterceptor authInterceptor() {
return new AuthInterceptor();
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
List<String> patterns = new ArrayList();
patterns.add("/webjars/**");
patterns.add("/druid/**");
patterns.add("/sys/login");
patterns.add("/swagger/**");
patterns.add("/v2/api-docs");
patterns.add("/swagger-ui.html");
patterns.add("/swagger-resources/**");
patterns.add("/api/User/login");
registry.addInterceptor(authInterceptor()).addPathPatterns("/**").excludePathPatterns(patterns);
}
}
User实体类
@Data
@AllArgsConstructor
@NoArgsConstructor
public class User implements Serializable {
private Integer uid;
private String username;
private String password;
private String salt;
private String phone;
private String avatar;
private Integer status;
private String token;
private LocalDateTime expiretime;
private LocalDateTime logintime;
}
tokenVO类
@Data
public class TokenVO {
private String token;
private LocalDateTime expireTime;
}
TokenUtil
public class TokenUtil {
public static String getRequestToken(HttpServletRequest httpRequest) {
String token = httpRequest.getHeader("token");
if (StringUtils.isBlank(token)) {
token = httpRequest.getParameter("token");
}
return token;
}
}