【实战】Springboot +jjwt+注解实现需登陆才能操做
springboot +jjwt+注解实现需登陆才能调用接口
1.开发须要登陆才能进行操做的自定义注解NeedLogin,后面能够写在须要登录后操做的接口上
package com.songzhen.howcool.auth; import java.lang.annotation.ElementType; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; import java.lang.annotation.Target; @Target({ElementType.METHOD, ElementType.TYPE}) @Retention(RetentionPolicy.RUNTIME) public @interface NeedLogin { boolean required() default true; }
2.开发拦截器(Interceptor),预处理所有请求
package com.songzhen.howcool.auth; import com.alibaba.fastjson.JSON; import com.songzhen.howcool.model.enums.RetCodeEnum; import com.songzhen.howcool.util.JwtUtil; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.data.redis.core.RedisTemplate; import org.springframework.web.method.HandlerMethod; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.lang.reflect.Method; import java.util.HashMap; import java.util.Map; public class AuthenticationInterceptor implements HandlerInterceptor { @Autowired private RedisTemplate<String, String> redisTemplate; /** * 预处理回调方法,实现处理器的预处理(如检查登录),第三个参数为响应的处理器,自定义Controller * 返回值:true表示继续流程(如调用下一个拦截器或处理器);false表示流程中断(如登陆检查失败),不会继续调用其余的拦截器或处理器,此时咱们须要经过response来产生响应; */ @Override public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object object) throws Exception { // 判断对象是不是映射到一个方法,若是不是则直接经过 if (!(object instanceof HandlerMethod)) { // instanceof运算符是用来在运行时指出对象是不是特定类的一个实例 return true; } HandlerMethod handlerMethod = (HandlerMethod) object; Method method = handlerMethod.getMethod(); //检查方法是否有NeedLogin注解,无则跳过认证 if (method.isAnnotationPresent(NeedLogin.class)) { NeedLogin needLogin = method.getAnnotation(NeedLogin.class); if (needLogin.required()) { // 从HTTP请求头中获取TOKEN信息 String token = httpServletRequest.getHeader("Authorization"); // HTTP请求头中TOKEN解析出的用户信息 String uid = JwtUtil.getUid(token); String userName = JwtUtil.getUserName(token); String realName = JwtUtil.getRealName(token); // 检查TOKEN if (!checkToken(token)) { // TOKEN错误时,提示用户登陆 Map<String, Object> retMap = new HashMap<>(16); retMap.put("code", RetCodeEnum.ACCOUNT_UNAUTHORIZED.getCode()); retMap.put("msg", RetCodeEnum.ACCOUNT_UNAUTHORIZED.getDesc()); httpServletResponse.setContentType("application/json;charset=UTF-8"); httpServletResponse.getWriter().append(JSON.toJSONString(retMap)); return false; } // 组装用户信息到REQUEST中 Map<String, Object> currentUser = new HashMap<>(16); currentUser.put("uid", uid); currentUser.put("userName", userName); currentUser.put("realName", realName); httpServletRequest.setAttribute("currentUser", currentUser); return true; } } return true; } /** * 后处理回调方法,实现处理器的后处理(但在渲染视图以前),此时咱们能够经过modelAndView(模型和视图对象)对模型数据进行处理或对视图进行处理,modelAndView也可能为null。 */ @Override public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object object, ModelAndView modelAndView) throws Exception { long now = System.currentTimeMillis(); } /** * 整个请求处理完毕回调方法,即在视图渲染完毕时回调,如性能监控中咱们能够在此记录结束时间并输出消耗时间,还能够进行一些资源清理,相似于try-catch-finally中的finally,但仅调用处理器执行链中 */ @Override public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception { } /** * 检查TOKEN * * @param token token * 要校验的token * @return boolean * true:经过 false:失败 */ private boolean checkToken(String token) { // ------------------------认证------------开始----------------- if (null == token) { return false; } // 获取TOKEN中的用户信息 String uid = JwtUtil.getUid(token); // 根据uid从redis中获取用户tokenInRedis String tokenInRedis = redisTemplate.opsForValue().get(uid); if (null == tokenInRedis) { // 若是REDIS异常,返回成功保证正常业务能够继续处理 return true; } // HTTP请求头中TOKEN解析出的用户信息 String userName = JwtUtil.getUserName(token); String realName = JwtUtil.getRealName(token); String deviceId = JwtUtil.getDeviceId(token); long expireIn = JwtUtil.getExpireIn(token); // REDIS服务器中TOKEN解析出的用户信息 String userNameInRedis = JwtUtil.getUserName(tokenInRedis); String realNameInRedis = JwtUtil.getRealName(tokenInRedis); String deviceIdInRedis = JwtUtil.getDeviceId(tokenInRedis); long expireInInRedis = JwtUtil.getExpireIn(tokenInRedis); if (null == userName || null == realName || null == deviceId) { return false; } if (null == userNameInRedis || null == realNameInRedis || null == deviceIdInRedis) { return false; } // 判断TOKEN是否过时 if (expireIn != expireInInRedis) { return false; } if (expireIn < System.currentTimeMillis()) { return false; } // ------------------------认证------------结束----------------- return true; } }
3.开发拦截器配置类
package com.songzhen.howcool.config; import com.songzhen.howcool.auth.AuthenticationInterceptor; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; @Configuration public class InterceptorConfig implements WebMvcConfigurer { @Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(authenticationInterceptor()) .addPathPatterns("/**"); } @Bean public AuthenticationInterceptor authenticationInterceptor() { return new AuthenticationInterceptor(); } }
4.在Controller中须要登陆才能操做的方法上加上注解NeedLogin
package com.songzhen.howcool.controller; import com.songzhen.howcool.entity.QueryUserEntity; import com.songzhen.howcool.entity.UserLoginEntity; import com.songzhen.howcool.auth.NeedLogin; import com.songzhen.howcool.biz.UserBizService; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; import javax.servlet.http.HttpServletRequest; import java.util.Map; /** * 用户相关. * <p>用户相关<br> * 用户相关 * * @author Lucas * @date 2018/8/9 */ @RestController @RequestMapping("**/v1/user") public class UserController { private static final Logger logger = LoggerFactory.getLogger(UserController.class); @Autowired private UserBizService userBizService; /** * 登陆 */ @PostMapping("login") public Map<String, Object> login(@RequestBody UserLoginEntity userLoginEntity) { logger.info("login input params userLoginEntity={}", userLoginEntity); return userBizService.login(userLoginEntity.getUserName(), userLoginEntity.getPassword(), userLoginEntity.getDeviceId()); } /** * 登出 * * @param request request */ @NeedLogin @PostMapping("logout") public Map<String, Object> logout(HttpServletRequest request) { Map<String,Object> currentUser = (Map<String,Object>)request.getAttribute("currentUser"); return userBizService.logout(currentUser.get("uid").toString()); } /** * 列表用户 */ @NeedLogin @PostMapping("pageUser") public Map<String, Object> pageUser(@RequestBody QueryUserEntity queryUserEntity) { logger.info("login input params queryUserEntity={}", queryUserEntity); return userBizService.pageUsers(queryUserEntity); } }
5.GitHub上源代码地址
相关文章
- 1. RxSwift 实战操做【注册登陆】
- 2. SpringBoot实现登陆注册功能【Demo】
- 3. SpringBoot实现登陆注册(ajax)
- 4. SpringBoot+Security实现登陆注册
- 5. SpringBoot+Shiro实现登陆拦截功能
- 6. springboot -- 实现qq登陆功能
- 7. SpringBoot简单实现登陆功能
- 8. Springboot实现OAuth2登陆
- 9. SSM 实现登陆注册功能
- 10. Node.js实现登陆注册功能
- 更多相关文章...
- • 现实生活中的 XML - XML 教程
- • Hibernate实现增删改查 - Hibernate教程
- • Spring Cloud 微服务实战(三) - 服务注册与发现
- • ☆基于Java Instrument的Agent实现
相关标签/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
欢迎关注本站公众号,获取更多信息
