1、创建springboot工程
具体可参照我的上一篇文章,非常简单。
2、前端
2.1 需要输入用户名、密码,点击提交
<input name="username" type="text" class="form-control" id="username" placeholder="请输入用户名">
<input name="password" type="text" class="form-control" id="password" placeholder="请输入密码">
<input id="btn-login" class="btn btn-primary" type="button" value="登录" />
2.2 使用ajax进行前端与后端得异步交互(需要导入JQuery)
<script type="text/javascript">
$("#btn-login").click(function () {
$.ajax({
url: "/users/login",
type: "POST",
data: $("#form-login").serialize(),
dataType: "JSON",
success: function (json) {
if (json.state == 200){
alert("登录成功");
location.href = "index.html";
//./index.html
} else {
alert("登录失败"+json.message);
}
},
error: function (xhr) {
alert("登陆时产生未知异常"+xhr.message);
}
});
});
</script>
3、控制层
获取username和password,传入service,在业务层做处理
@RestController //Controller+ResponseBody
@RequestMapping("/users")
public class UserController extends BaseController {
@Autowired
private UserService userService;
@RequestMapping("/login")
public JsonResult<User> login(String username, String password, HttpSession session){
User user = userService.login(username,password);
session.setAttribute("uid",user.getUid());
session.setAttribute("username",user.getUsername());
return new JsonResult<>(OK,user);
}
}
4、业务实现
首先是业务接口
package com.hc.store.service;
import com.hc.store.model.User;
public interface UserService {
User login(String username, String password);
}
然后是业务实现
//登录
@Override
public User login(String username, String password) {
User result = userMapper.getUserByName(username);
if (result == null){
throw new UserNotFoundException("用户数据不存在");
}
//数据库密码
String dataPwd = result.getPassword();
//MD5密码
String salt = result.getSalt();
String MD5 = getMD5(password,salt);
//对比
if (!dataPwd.equals(MD5)){
throw new PasswordNotMatchException("用户密码错误");
}
//is_delete
if (result.getIs_delete() == 1){
throw new UserNotFoundException("用户数据不存在");
}
User user = new User();
user.setUid(result.getUid());
user.setUsername(result.getUsername());
user.setAvatar(result.getAvatar());
return user;
}
在注册的时候生成随机盐值,登录的时候从数据库取出,在impl中MD5加密,与数据库取出的密码对比,是否一致,如果一致,则放行。
获得MD5密码的方法:
/**
* MD5加密
*/
private String getMD5(String pwd, String salt) {
//三次加密
for (int i = 0; i < 3; i++){
pwd = DigestUtils.md5DigestAsHex((salt+pwd+salt).getBytes()).toUpperCase();
}
return pwd;
}
5、SQL实现
利用用户名查询数据库,取出数据
package com.hc.store.mapper;
import com.hc.store.model.User;
import java.util.Date;
public interface UserMapper {
/**
* 根据用户名查询
* @param name
* @return
*/
User getUserByName(String name);
}
实现SQL语句:
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.hc.store.mapper.UserMapper">
<select id="getUserByName" parameterType="String" resultType="com.hc.store.model.User">
select * from user where username = #{name}
</select>
</mapper>
6、下面开始拦截器
新建LoginInterceptor,继承HandlerInterceptor
package com.hc.store.interceptor;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
* 登录拦截器
*/
public class LoginInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
Object obj = request.getSession().getAttribute("uid");
if (obj == null){
response.sendRedirect("/web/login.html");
return false;
}
return true;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
}
}
7、最重要的拦截器配置,必须注册或者登录才能同行
package com.hc.store.config;
import com.hc.store.interceptor.LoginInterceptor;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import java.util.ArrayList;
import java.util.List;
/**
* 处理器拦截器的注册
*/
@Configuration
public class LoginInterceptorConfig implements WebMvcConfigurer {
//注册拦截器
@Override
public void addInterceptors(InterceptorRegistry registry) {
HandlerInterceptor interceptor = new LoginInterceptor();
//配置白名单
//list<String>
List<String> strings = new ArrayList<>();
//静态资源
strings.add("/bootstrap3/**");
strings.add("/css/**");
strings.add("/images/**");
strings.add("/js/**");
strings.add("/web/register.html");
strings.add("/web/login.html");
strings.add("/web/index.html");
strings.add("/web/product.html");
strings.add("/users/reg");
strings.add("/users/login");
registry.addInterceptor(interceptor)
.addPathPatterns("/**")
.excludePathPatterns(strings);
}
}
8、启动,就可以实现登录拦截器了。
总结:拦截器算是最基础的了,登录的时候要检查用户是否存在、是否被禁用、是否被删除,最主要是MD5加密,我是使用自带的DigestUtils,可以选择Hutool。