springboot 先后端分离开发 从零到整(3、登陆以及登陆状态的持续)
今天来写一下怎么登陆和维持登陆状态。前端
相信登陆验证你们都比较熟悉,在Javaweb中通常保持登陆状态都会用session。但若是是先后端分离的话,session的做用就没有那么明显了。对于先后端分离的项目目前比较流行的是jwt验证。参考文章:https://blog.csdn.net/qq_27828675/article/details/80923678java
其实,做为开发一整个项目来讲,以我一年多开发经验来,建议你们先作个需求开发文档,把项目的业务大体构思一下。而后再统一把数据库设计好,把用到的表和字段都建好,能够增长开发速率的。web
好了,废话少说,开始讲解一下怎么作登陆验证过程吧。ajax
首先,先建立token生成工具类。token能够设置过时时间,我项目中设置的是10个小时后过时。算法
添加依赖环境。spring
<!--JJWT-->
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.0</version>
</dependency>
工具类。在生成token的时候我把用户邮箱注入token中,方便根据用户邮箱查询用户信息。秘钥暂时用的是后台写死,也能够用用户密码做为每个token的秘钥。数据库
package com.liao.tdoor.util; import io.jsonwebtoken.Claims; import io.jsonwebtoken.JwtBuilder; import io.jsonwebtoken.Jwts; import io.jsonwebtoken.SignatureAlgorithm; import javax.crypto.spec.SecretKeySpec; import javax.xml.bind.DatatypeConverter; import java.security.Key; import java.util.Date; /** * 生成token的工具类 */ public class tokenUtil { /** * 签名秘钥(惟一秘钥,能够用密码作为秘钥) */ public static final String SECRET="admin"; /** * 生成token * @param username * @return */ public static String createJwtToken(String username){ String issuer="tdoor"; String subject="liao"; long ttlMillis=36000000;//10个小时后过时 return createJwtToken(username,issuer,subject,ttlMillis); } /** * 生成token * @param username 用户名 * @param issuer 改JWT的签发者,是否使用能够选 * @param subject 改JWT所面向的用户,是否使用可选 * @param ttlMillis 签发时间(有效时间,过时会报错) * @return token string */ public static String createJwtToken(String username,String issuer,String subject,long ttlMillis){ //签名算法,将token进行签名 SignatureAlgorithm signatureAlgorithm=SignatureAlgorithm.HS256; //生成签发时间 long nowMills=System.currentTimeMillis(); Date now=new Date(nowMills); //经过秘钥签名JWT byte[] apiKeySecretBytes= DatatypeConverter.parseBase64Binary(SECRET); Key signingKey=new SecretKeySpec(apiKeySecretBytes,signatureAlgorithm.getJcaName()); //建立token JwtBuilder builder=Jwts.builder().setId(username) .setIssuedAt(now) .signWith(signatureAlgorithm,signingKey); //添加过时时间 if(ttlMillis>=0){ long expMillis=nowMills+ttlMillis; Date exp=new Date(expMillis); builder.setExpiration(exp); } return builder.compact(); } //验证和读取JWT的示例方法 public static Claims parseJWT(String jwt){ Claims claims=Jwts.parser() .setSigningKey(DatatypeConverter.parseBase64Binary(SECRET)) .parseClaimsJws(jwt).getBody(); return claims; } public static void main(String[] args){ System.out.println(tokenUtil.createJwtToken("liao180@vip.qq.com")); } }
而后是用户登陆验证。apache
package com.liao.tdoor.dao; import com.liao.tdoor.model.User; import com.liao.tdoor.model.UserSign; import org.apache.ibatis.annotations.Insert; import org.apache.ibatis.annotations.Select; import org.apache.ibatis.annotations.SelectKey; import org.apache.ibatis.annotations.Update; import org.springframework.stereotype.Repository; import java.util.Date; @Repository public interface UserDao { /** * @desc 查询改邮箱是否被注册 * @param email * @return */ @Select("select * from user where email=#{email}") public User isExistUser(String email); /** * 用户注册 * @param user */ @Insert("insert into user(id,email,password,nickname) values (#{id},#{email},#{password},#{nickname})") @SelectKey(keyProperty = "id", resultType = String.class, before = true, statement = "select replace(uuid(), '-', '') as id from dual") public void addUser(User user); /** * 用户登陆 * @param email * @param password * @return */ @Select("select * from user where email=#{email} and password=#{password}") public User login(String email,String password); /** * 经过ID查询用户信息 * @param user_id * @return */ @Select("select * from user where id=#{user_id}") public User QueryInfoById(String user_id); }
用户登陆成功后生成token,把token返回给客户端。json
package com.liao.tdoor.service; import com.liao.tdoor.dao.CodeDao; import com.liao.tdoor.dao.PostingDao; import com.liao.tdoor.dao.UserDao; import com.liao.tdoor.model.Posting; import com.liao.tdoor.model.User; import com.liao.tdoor.model.UserSign; import com.liao.tdoor.model.VerificationCode; import com.liao.tdoor.responseMsg.PersonalEntity; import com.liao.tdoor.responseMsg.RespCode; import com.liao.tdoor.responseMsg.RespEntity; import com.liao.tdoor.util.DateUtils; import com.liao.tdoor.util.RandomTools; import com.liao.tdoor.util.SendEmailUtils; import com.liao.tdoor.util.tokenUtil; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Repository; import org.springframework.stereotype.Service; import java.text.SimpleDateFormat; import java.util.ArrayList; import java.util.Date; import java.util.List; /** * 用户服务层 * @author 廖某某 * @date 2019/02/17 */ @Service public class UserService { @Autowired UserDao userDao; @Autowired CodeDao codeDao; @Autowired SendEmailUtils sendEmailUtils; @Autowired PostingDao pDao; private RespEntity respEntity=new RespEntity(); private User user=new User(); private VerificationCode verificationCode=new VerificationCode(); private PersonalEntity infoEntity=new PersonalEntity(); /** * 发送验证码 * @param email * @return */ public RespEntity sendCode(String email){ try{ String code= RandomTools.randomCode();//产生随机的验证码 User user=new User(); user=userDao.isExistUser(email); if(user==null){ System.out.println("邮箱:"+email+"--验证码为:"+code); //修改数据库中的验证码 verificationCode=codeDao.checkCode(email); if(verificationCode!=null){ codeDao.changeCode(email,code); } //发送邮件开始 发送验证码 sendEmailUtils.sendRegisterCode(email,code); //保存验证码信息到数据库 codeDao.saveCode(email,code,new Date()); respEntity=new RespEntity(RespCode.REGISTER_SEND); }else { respEntity= new RespEntity(RespCode.REGISTER_NOTS); } }catch (Exception e){ e.printStackTrace(); } return respEntity; } /** * 注册信息提交 * @param email * @param nickName * @param password * @param registerCode * @return */ public RespEntity RegisterInfo(String email,String nickName,String password,String registerCode){ verificationCode=codeDao.checkCode(email); if(verificationCode!=null){ if(registerCode.equals(verificationCode.getCode())){ //时间校验--暂略 User user=new User(email,password,nickName); userDao.addUser(user); //删除验证码信息 codeDao.deleteCode(email); respEntity=new RespEntity(RespCode.REGISTER_SUCCESS); }else { respEntity=new RespEntity(RespCode.CODE_EXPIRED); } }else { respEntity=new RespEntity(RespCode.REGISTER_FAILED); } return respEntity; } /** * 登陆验证 * @param email * @param password * @return */ public RespEntity Login(String email,String password){ user=userDao.login(email,password); String token=""; if(user!=null){ token= tokenUtil.createJwtToken(email); respEntity=new RespEntity(RespCode.LOGIN_SUCCESS,token); }else { respEntity=new RespEntity(RespCode.LOGIN_FAILED); } return respEntity; } /** * 根据旧密码更改密码 * @param usedPassword * @return */ public RespEntity ChangePassword(String email,String usedPassword,String newPassword){ user=userDao.login(email,usedPassword); if(user==null){ respEntity=new RespEntity(RespCode.PASSWORD_FAILED); }else { userDao.ChangePassword(email,newPassword); respEntity=new RespEntity(RespCode.SUCCESS); } return respEntity; } }
controller。后端
package com.liao.tdoor.controller; import com.liao.tdoor.annotation.CurrentUser; import com.liao.tdoor.annotation.PassToken; import com.liao.tdoor.annotation.UserLoginToken; import com.liao.tdoor.model.User; import com.liao.tdoor.responseMsg.PersonalEntity; import com.liao.tdoor.responseMsg.RespEntity; import com.liao.tdoor.service.UserService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; import java.util.Map; /** * @author 廖某某 * 用户控制层 */ @RestController public class userController { @Autowired UserService userService; private RespEntity respEntity=new RespEntity(); private PersonalEntity pEntity=new PersonalEntity(); @RequestMapping("register") public RespEntity register(@RequestBody Map<String,Object> map){ String e_mail=(String)map.get("email"); String nickName=(String)map.get("nickName"); String password=(String)map.get("password"); String registerCode=(String)map.get("code"); respEntity=userService.RegisterInfo(e_mail,nickName,password,registerCode); return respEntity; } @RequestMapping("sendCode") public RespEntity sendPollCode(@RequestBody Map<String,Object> map){ String email=(String)map.get("email"); RespEntity respEntity=userService.sendCode(email); return respEntity; } @RequestMapping("/login") public RespEntity testData(@RequestBody Map<String,Object> map){ String email=(String)map.get("email"); String password=(String)map.get("password"); respEntity=userService.Login(email,password); return respEntity; } }
登陆操做完成后,客户端根据token来进行请求操做。前端是ajax请求,通常在请求头部携带token,而后服务端拦截请求,获取token并进行验证,判断有无和是否过时,若是token不过时,则放行。
三个注解
注入当前登陆用户注解
package com.liao.tdoor.annotation; import java.lang.annotation.ElementType; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; import java.lang.annotation.Target; /** * 注入当前用户 * @author 廖某某 * @date 2019/02/18 * 在Controller的方法参数中使用此注解,该方法在映射时会注入当前登陆的User对象 */ @Target(ElementType.PARAMETER) @Retention(RetentionPolicy.RUNTIME) public @interface CurrentUser { }
须要登陆的标记注解
package com.liao.tdoor.annotation; import java.lang.annotation.ElementType; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; import java.lang.annotation.Target; /** * 须要进行登陆才能进行操做的注解 * @author 廖某某 * @date 2019/02/8 */ @Target({ElementType.METHOD,ElementType.TYPE}) @Retention(RetentionPolicy.RUNTIME) public @interface UserLoginToken { boolean required() default true; }
不须要登陆的标记注解
package com.liao.tdoor.annotation; import java.lang.annotation.ElementType; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; import java.lang.annotation.Target; /** * 跳过验证 * @author 廖某某 * @date 2019/02/18 */ @Target({ElementType.METHOD,ElementType.TYPE}) @Retention(RetentionPolicy.RUNTIME) public @interface PassToken { boolean required() default true; }
建立拦截器。拦截器拦截token并解析token中的用户邮箱,查询用户信息并注入到CurrentUser 中。
package com.liao.tdoor.interceptor; import com.liao.tdoor.annotation.PassToken; import com.liao.tdoor.annotation.UserLoginToken; import com.liao.tdoor.dao.UserDao; import com.liao.tdoor.model.User; import com.liao.tdoor.responseMsg.CurrentUserConstants; import com.liao.tdoor.util.tokenUtil; import io.jsonwebtoken.Claims; import io.jsonwebtoken.ExpiredJwtException; import io.jsonwebtoken.Jwt; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.method.HandlerMethod; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.lang.reflect.Method; /** * 拦截器,拦截token * @author 廖某某 * @date 2019/02/18 */ public class AuthenticationInterceptor implements HandlerInterceptor { @Autowired UserDao userDao; @Override public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object object){ //设置容许哪些域名应用进行ajax访问 httpServletResponse.setHeader("Access-Control-Allow-Origin", "*"); httpServletResponse.setHeader("Access-Control-Allow-Methods", "GET,PUT,POST,DELETE"); httpServletResponse.setHeader("Access-Control-Allow-Headers", " Origin, X-Requested-With, content-Type, Accept, Authorization"); httpServletResponse.setHeader("Access-Control-Max-Age","3600"); //获取请求头的token String token=httpServletRequest.getHeader("Authorization"); //若是不是映射到方法直接经过 if(!(object instanceof HandlerMethod)){ return true; } HandlerMethod handlerMethod=(HandlerMethod) object; Method method=handlerMethod.getMethod(); //检查是否有passToken注释,有则跳过验证 if(method.isAnnotationPresent(PassToken.class)){ PassToken passToken=method.getAnnotation(PassToken.class); if(passToken.required()){ return true; } } //检查是否有须要用户权限的注解 if(method.isAnnotationPresent(UserLoginToken.class)){ UserLoginToken userLoginToken=method.getAnnotation(UserLoginToken.class); if(userLoginToken.required()){ //执行认证 if(token==null){ throw new RuntimeException("无token,请从新登陆"); }else { //获取token中的用户信息 Claims claims; try{ claims= tokenUtil.parseJWT(token); }catch (ExpiredJwtException e){ throw new RuntimeException("401,token失效"); } String email=claims.getId(); User user=userDao.isExistUser(email); if(user==null){ throw new RuntimeException("用户不存在,请从新登陆"); } httpServletRequest.setAttribute(CurrentUserConstants.CURRENT_USER,user); } } } return true; } // 请求处理以后进行调用,可是在视图被渲染以前(Controller方法调用以后) @Override public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception { } // 在整个请求结束以后被调用,也就是在DispatcherServlet 渲染了对应的视图以后执行(主要是用于进行资源清理工做) @Override public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e)throws Exception{ } }
配置拦截器
package com.liao.tdoor.config; import com.liao.tdoor.interceptor.AuthenticationInterceptor; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.web.method.support.HandlerMethodArgumentResolver; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; import java.util.List; /** * 配置拦截器 * @author 廖某某 * @date 2019/02/18 */ @Configuration public class InterceptorConfig extends WebMvcConfigurerAdapter { @Override public void addInterceptors(InterceptorRegistry registry){ //拦截全部请求,判断是否有@UserLogin注解,决定是否须要从新登陆 registry.addInterceptor(authenticationInterceptor()).addPathPatterns("/**"); super.addInterceptors(registry); } @Override public void addArgumentResolvers(List<HandlerMethodArgumentResolver> argumentResolvers){ argumentResolvers.add(currentUserMethodArgumentResolver()); super.addArgumentResolvers(argumentResolvers); } @Bean public CurrentUserMethodArgumentResolver currentUserMethodArgumentResolver(){ return new CurrentUserMethodArgumentResolver(); } @Bean public AuthenticationInterceptor authenticationInterceptor(){ return new AuthenticationInterceptor(); } }
自定义参数解析器解析token中包含的用户信息。
package com.liao.tdoor.config; import com.liao.tdoor.annotation.CurrentUser; import com.liao.tdoor.model.User; import com.liao.tdoor.responseMsg.CurrentUserConstants; import org.springframework.core.MethodParameter; import org.springframework.web.bind.support.WebDataBinderFactory; import org.springframework.web.context.request.NativeWebRequest; import org.springframework.web.context.request.RequestAttributes; import org.springframework.web.method.support.HandlerMethodArgumentResolver; import org.springframework.web.method.support.ModelAndViewContainer; import org.springframework.web.multipart.support.MissingServletRequestPartException; /** * 自定义参数解析器(解析user) * @author 廖某某 * @date 2019/02/18 * 增长方法注入,将含有 @CurrentUser 注解的方法参数注入当前登陆用户 */ public class CurrentUserMethodArgumentResolver implements HandlerMethodArgumentResolver { @Override public boolean supportsParameter(MethodParameter parameter){ return parameter.getParameterType().isAssignableFrom(User.class) //判断是否能转换成User类型 && parameter.hasParameterAnnotation(CurrentUser.class); //是否有CurrentUser注解 } @Override public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer, NativeWebRequest webRequest, WebDataBinderFactory binderFactory) throws Exception { User user = (User) webRequest.getAttribute(CurrentUserConstants.CURRENT_USER, RequestAttributes.SCOPE_REQUEST); if (user != null) { return user; } throw new MissingServletRequestPartException(CurrentUserConstants.CURRENT_USER); } }
这章就大概先说这么多吧,好像记得也就这么多了。
思想总结:用户登陆传递邮箱密码(缺点:没有作到密码加密传输)到服务端验证,经过就返回token给前台,前台获取token保存到本地客户端。在HTML中我用的是localStorage保存,而后每次发起请求会根据是否须要登陆操做而向后台传递token。服务端根据请求头的token,进行用户验证,验证经过就放行,不经过就返回登陆失败信息返回前台,前台根据服务端返回的消息做出相应处理。
下一章说一下关于验证经过放行操做。若是这章有什么问题请你们见谅,并留言指正,O(∩_∩)O哈哈~。
相关文章
- 1. 先后端分离(Vue + SpringBoot)整合CAS的单点登陆
- 2. python 先后端不分离 QQ登陆,微博登陆
- 3. demo之springboot-vue先后端分离session过时从新登陆
- 4. 先后端登陆
- 5. springboot(先后端分离)登陆拦截器+token过时返回状态码
- 6. SpringBoot AOP 基于先后端分离的登陆拦截设计
- 7. 登陆成功后如何利用cookie保持登陆状态
- 8. 先后端分离 单点登陆SSO 纯前端实现单点登陆SSO
- 9. springboot实现登陆功能,记住密码。先后端分离
- 10. Android 用sp存储登陆状态以及退出登陆
- 更多相关文章...
- • 持久化对象的状态及状态转换 - Hibernate教程
- • HTTP状态码 - HTTP 教程
- • PHP开发工具
- • 使用阿里云OSS+CDN部署前端页面与加速静态资源
相关标签/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
欢迎关注本站公众号,获取更多信息
相关文章