RememberMe 功能的实现(base-auth使用说明)

时间  2019-12-13
标签 rememberme 功能 实现 base auth 使用说明 繁體版
原文   原文链接

平常记录,代码是根据SpringSecurity写的。java

###写个Entity类实现UserDetailsgit

<!-- lang: java -->
package com.lqz.b2c.base.web.controller.member.support;

import com.lqz.b2c.base.entity.Passport;
import com.lqz.base.auth.UsernameNotFoundException;
import com.lqz.base.auth.userdetails.UserDetails;

public class LoginUserSupport implements UserDetails {

	private static final long serialVersionUID = 20130411151453L;
	
	public LoginUserSupport() {
		// TODO Auto-generated constructor stub
	}
	
	public LoginUserSupport(Passport passport) throws UsernameNotFoundException {
		if (passport == null || passport.getId() == null
				|| passport.getId() <= 0 || passport.getLoginName() == null
				|| passport.getPassword() == null) {
			throw new UsernameNotFoundException();
		}
		setId(passport.getId());
		setUsername(passport.getLoginName());
		setPassword(passport.getPassword());
	}
	
	private Long id;
	private String username;
	private String password;

	public Long getId() {
		return id;
	}

	public void setId(Long id) {
		this.id = id;
	}

	public String getUsername() {
		return username;
	}

	public void setUsername(String username) {
		this.username = username;
	}
	
	public void setLoginName(String loginName) {
		this.username = loginName;
	}

	public String getPassword() {
		return password;
	}

	public void setPassword(String password) {
		this.password = password;
	}

	/**
	 * 非过时帐户
	 */
	@Override
	public boolean isAccountNonExpired() {
		return true;
	}

	@Override
	public boolean isAccountNonLocked() {
		return true;
	}

	@Override
	public boolean isCredentialsNonExpired() {
		return true;
	}

	@Override
	public boolean isEnabled() {
		return true;
	}

}

###写个处理类,继承UserDetailsServiceweb

<!-- lang: java -->
package com.lqz.b2c.base.service.impl;
    
import javax.annotation.Resource;

import org.springframework.dao.DataAccessException;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

import com.lqz.b2c.base.entity.Passport;
import com.lqz.b2c.base.repository.IPassportDao;
import com.lqz.b2c.base.service.IPassportMgr;
import com.lqz.b2c.base.web.controller.member.support.LoginUserSupport;
import com.lqz.base.auth.UsernameNotFoundException;
import com.lqz.base.auth.userdetails.UserDetails;
import com.lqz.base.auth.userdetails.UserDetailsService;

/**
 * @author 小败
 * 
 */
@Service("passportMgrImpl")
@Transactional(readOnly = true)
public class PassportMgrImpl implements IPassportMgr, UserDetailsService {


	

	@Override
	public UserDetails loadUser(Long userId, String username)
			throws UsernameNotFoundException, DataAccessException {
		Passport passport = passportDao.findByIDAndLoginName(userId, username);
		LoginUserSupport user = new LoginUserSupport(passport);
		return user;
	}



	/** 注入 **/

	private IPassportDao passportDao;

	@Resource(name = "passportDao")
	public void setPassportDao(IPassportDao passportDao) {
		this.passportDao = passportDao;
	}	

}

###登陆处使用spring

<!-- lang: java -->
	@RequestMapping(method = RequestMethod.POST)
public String login(LoginUserSupport user, HttpServletRequest request,
		HttpServletResponse response, RedirectAttributes redirectAttributes) {
	Passport passport = passportMgr.login(user.getUsername(),
			user.getPassword());
	if (passport != null) {
		user.setId(passport.getId());
		user.setPassword(passport.getPassword());
		rememberMeService.loginSuccess(request, response, user);
		return passportMgr.login(request.getSession(), passport);
	}
	redirectAttributes.addFlashAttribute("login_error", "登陆失败");
	return "redirect:/login";
}

###退出登陆处理session

<!-- lang: java -->
	public String logout(HttpServletRequest request,
    			HttpServletResponse response, HttpSession session) {
    		logger.info("LogoutController#logout");
    		rememberMeService.logout(request, response);
    		session.invalidate();
    		return "redirect:/";
    	}

###拦截器自动登陆实现app

<!-- lang: java -->
    public boolean preHandle(HttpServletRequest request, 
        HttpServletResponse response, Object obj) throws Exception {
	/**
	 * 判断用户有没有登陆
	 */
    Passport account = (Passport) WebUtils.getSessionAttribute(request, "passport");
    if (account != null) {
    	return true;
    }
    
    /**
     * 判断有没有Cookie 有的话提取Cookie 内容 
     */
	UserDetails user = rememberMeService.autoLogin(request, response);
	if (user == null) {
		return true;
	}
	
	/**
	 * 自动登陆
	 */
	Passport passport = passportMgr.getPassportById(user.getId());
	if (passport != null) {
		passportMgr.login(request.getSession(), passport);
	} else {
		rememberMeService.loginFail(request, response);
	}
    return true;
}

Spring 配置

<!-- lang: xml -->
    <bean id="rememberMeService" class="com.lqz.base.auth.rememberme.TokenBasedRememberMeServices">
	<property name="key" value="20130411192953"/>
	<property name="domain" value=".lqz.com"/><!-- option -->
    <property name="parameter" value="rememberMe"/><!-- defult: remember_me -->
	<property name="userDetailsService" ref="passportMgrImpl"/>
</bean>

原理

登陆时,把数据以[用户名:时间:密码:key:id]形式加密 其中密码与key是单项加密dom

自动登陆时,首先使用id与用户名加载用户信息. 而后把查询出来的密码与key再次加密,与上次结果比较 若是两次加密相等,则登陆成功ide

项目地址:http://git.oschina.net/unsuccessful/remembermethis

相关文章
相关标签/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公众号
   欢迎关注本站公众号,获取更多信息
联系我们 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程