创建SpringBoot项目,引入依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-aop</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
<dependency>
<groupId>cn.hutool</groupId>
<artifactId>hutool-all</artifactId>
<version>5.3.10</version>
</dependency>
思路是这样的:
1、用户登录成功就随机创建一个Token,然后分别存入session中和Redis中
2、AOP中配置切点,和使用@Around注解,判断请求的session中的token是否和redis中的一样,一样就放行,不一样就返回错误提示
我这边使用了前后端分离,所以封装了统一的返回结果类,可以根据需求选择
返回结果类:
package com.common;
import java.io.Serializable;
public class Result implements Serializable {
private int code;
private String msg;
private Object data;
public static Result success(Object data){
return new Result(200, "操作成功", data);
};
public static Result failed(String msg){
return new Result(400, msg, null);
};
public Result() {
}
public Result(int code, String msg, Object data) {
this.code = code;
this.msg = msg;
this.data = data;
}
public int getCode() {
return code;
}
public void setCode(int code) {
this.code = code;
}
public String getMsg() {
return msg;
}
public void setMsg(String msg) {
this.msg = msg;
}
public Object getData() {
return data;
}
public void setData(Object data) {
this.data = data;
}
@Override
public String toString() {
return "Result{" +
"code=" + code +
", msg='" + msg + '\'' +
", data=" + data +
'}';
}
}
先写两个控制器,一个登录和退出用的,一个是模拟其它带请求
登录控制器
package com.controller;
import cn.hutool.core.util.IdUtil;
import com.common.Result;
import com.entity.Users;
import com.service.UsersService;
import io.swagger.annotations.ApiOperation;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpSession;
@RestController
public class LoginController {
@Autowired
private UsersService usersService;
@Autowired
private HttpSession httpSession;
@Autowired
private StringRedisTemplate stringRedisTemplate;
@ApiOperation("用户登录")
@GetMapping("login")
public Result login(String userName) {
Users users = usersService.queryById("1");
if (userName.equals(users.getUserName())){
String token = IdUtil.simpleUUID();
httpSession.setAttribute("token", token);
stringRedisTemplate.opsForValue().set("token", token);
return Result.success("登录成功");
}
return Result.failed("用户或者密码不正确");
}
@ApiOperation("用户退出")
@GetMapping("loginOut")
public Result loginOut() {
httpSession.removeAttribute("token");
stringRedisTemplate.delete("token");
return Result.success("退出成功");
}
}
模拟其它业务接口
package com.controller;
import com.common.Result;
import com.entity.Users;
import com.service.UsersService;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import org.springframework.web.bind.annotation.*;
import javax.annotation.Resource;
@RestController
@Api("用户管理")
@CrossOrigin
public class UsersController {
@Resource
private UsersService usersService;
@ApiOperation("根据id查询用户")
@GetMapping("selectOne")
public Result selectOne(String id) {
Users users = usersService.queryById(id);
if (users!=null){
Result success = Result.success(users);
return Result.success(users);
}
return Result.failed("密码或帐户名错误");
}
}
AOP类
package com.aop;
import com.common.Result;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.stereotype.Component;
import javax.servlet.http.HttpSession;
@Aspect
@Component
public class LogAspect {
@Autowired
private HttpSession httpSession;
@Autowired
private StringRedisTemplate stringRedisTemplate;
@Pointcut("execution(* com.controller.UsersController.*(..))")
public void LogAspect() {}
@Around("LogAspect()")
public Object doAround(ProceedingJoinPoint proceedingJoinPoint) throws Throwable {
String s = stringRedisTemplate.opsForValue().get("token");
if (s!=null){
String token = (String)httpSession.getAttribute("token");
if (s.equals(token)){
return proceedingJoinPoint.proceed();
}
}
return Result.failed("请登录后再操作");
}
}
登录成功后
操作业务
退出
退出后再操作