【實戰】Springboot +jjwt+註解實現需登陸才能操做
springboot +jjwt+註解實現需登陸才能調用接口
1.開發須要登陸才能進行操做的自定義註解NeedLogin,後面能夠寫在須要登錄後操做的接口上
package com.songzhen.howcool.auth; import java.lang.annotation.ElementType; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; import java.lang.annotation.Target; @Target({ElementType.METHOD, ElementType.TYPE}) @Retention(RetentionPolicy.RUNTIME) public @interface NeedLogin { boolean required() default true; }
2.開發攔截器(Interceptor),預處理所有請求
package com.songzhen.howcool.auth; import com.alibaba.fastjson.JSON; import com.songzhen.howcool.model.enums.RetCodeEnum; import com.songzhen.howcool.util.JwtUtil; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.data.redis.core.RedisTemplate; import org.springframework.web.method.HandlerMethod; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.lang.reflect.Method; import java.util.HashMap; import java.util.Map; public class AuthenticationInterceptor implements HandlerInterceptor { @Autowired private RedisTemplate<String, String> redisTemplate; /** * 預處理回調方法,實現處理器的預處理(如檢查登錄),第三個參數爲響應的處理器,自定義Controller * 返回值:true表示繼續流程(如調用下一個攔截器或處理器);false表示流程中斷(如登陸檢查失敗),不會繼續調用其餘的攔截器或處理器,此時咱們須要經過response來產生響應; */ @Override public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object object) throws Exception { // 判斷對象是不是映射到一個方法,若是不是則直接經過 if (!(object instanceof HandlerMethod)) { // instanceof運算符是用來在運行時指出對象是不是特定類的一個實例 return true; } HandlerMethod handlerMethod = (HandlerMethod) object; Method method = handlerMethod.getMethod(); //檢查方法是否有NeedLogin註解,無則跳過認證 if (method.isAnnotationPresent(NeedLogin.class)) { NeedLogin needLogin = method.getAnnotation(NeedLogin.class); if (needLogin.required()) { // 從HTTP請求頭中獲取TOKEN信息 String token = httpServletRequest.getHeader("Authorization"); // HTTP請求頭中TOKEN解析出的用戶信息 String uid = JwtUtil.getUid(token); String userName = JwtUtil.getUserName(token); String realName = JwtUtil.getRealName(token); // 檢查TOKEN if (!checkToken(token)) { // TOKEN錯誤時,提示用戶登陸 Map<String, Object> retMap = new HashMap<>(16); retMap.put("code", RetCodeEnum.ACCOUNT_UNAUTHORIZED.getCode()); retMap.put("msg", RetCodeEnum.ACCOUNT_UNAUTHORIZED.getDesc()); httpServletResponse.setContentType("application/json;charset=UTF-8"); httpServletResponse.getWriter().append(JSON.toJSONString(retMap)); return false; } // 組裝用戶信息到REQUEST中 Map<String, Object> currentUser = new HashMap<>(16); currentUser.put("uid", uid); currentUser.put("userName", userName); currentUser.put("realName", realName); httpServletRequest.setAttribute("currentUser", currentUser); return true; } } return true; } /** * 後處理回調方法,實現處理器的後處理(但在渲染視圖以前),此時咱們能夠經過modelAndView(模型和視圖對象)對模型數據進行處理或對視圖進行處理,modelAndView也可能爲null。 */ @Override public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object object, ModelAndView modelAndView) throws Exception { long now = System.currentTimeMillis(); } /** * 整個請求處理完畢回調方法,即在視圖渲染完畢時回調,如性能監控中咱們能夠在此記錄結束時間並輸出消耗時間,還能夠進行一些資源清理,相似於try-catch-finally中的finally,但僅調用處理器執行鏈中 */ @Override public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception { } /** * 檢查TOKEN * * @param token token * 要校驗的token * @return boolean * true:經過 false:失敗 */ private boolean checkToken(String token) { // ------------------------認證------------開始----------------- if (null == token) { return false; } // 獲取TOKEN中的用戶信息 String uid = JwtUtil.getUid(token); // 根據uid從redis中獲取用戶tokenInRedis String tokenInRedis = redisTemplate.opsForValue().get(uid); if (null == tokenInRedis) { // 若是REDIS異常,返回成功保證正常業務能夠繼續處理 return true; } // HTTP請求頭中TOKEN解析出的用戶信息 String userName = JwtUtil.getUserName(token); String realName = JwtUtil.getRealName(token); String deviceId = JwtUtil.getDeviceId(token); long expireIn = JwtUtil.getExpireIn(token); // REDIS服務器中TOKEN解析出的用戶信息 String userNameInRedis = JwtUtil.getUserName(tokenInRedis); String realNameInRedis = JwtUtil.getRealName(tokenInRedis); String deviceIdInRedis = JwtUtil.getDeviceId(tokenInRedis); long expireInInRedis = JwtUtil.getExpireIn(tokenInRedis); if (null == userName || null == realName || null == deviceId) { return false; } if (null == userNameInRedis || null == realNameInRedis || null == deviceIdInRedis) { return false; } // 判斷TOKEN是否過時 if (expireIn != expireInInRedis) { return false; } if (expireIn < System.currentTimeMillis()) { return false; } // ------------------------認證------------結束----------------- return true; } }
3.開發攔截器配置類
package com.songzhen.howcool.config; import com.songzhen.howcool.auth.AuthenticationInterceptor; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; @Configuration public class InterceptorConfig implements WebMvcConfigurer { @Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(authenticationInterceptor()) .addPathPatterns("/**"); } @Bean public AuthenticationInterceptor authenticationInterceptor() { return new AuthenticationInterceptor(); } }
4.在Controller中須要登陸才能操做的方法上加上註解NeedLogin
package com.songzhen.howcool.controller; import com.songzhen.howcool.entity.QueryUserEntity; import com.songzhen.howcool.entity.UserLoginEntity; import com.songzhen.howcool.auth.NeedLogin; import com.songzhen.howcool.biz.UserBizService; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; import javax.servlet.http.HttpServletRequest; import java.util.Map; /** * 用戶相關. * <p>用戶相關<br> * 用戶相關 * * @author Lucas * @date 2018/8/9 */ @RestController @RequestMapping("**/v1/user") public class UserController { private static final Logger logger = LoggerFactory.getLogger(UserController.class); @Autowired private UserBizService userBizService; /** * 登陸 */ @PostMapping("login") public Map<String, Object> login(@RequestBody UserLoginEntity userLoginEntity) { logger.info("login input params userLoginEntity={}", userLoginEntity); return userBizService.login(userLoginEntity.getUserName(), userLoginEntity.getPassword(), userLoginEntity.getDeviceId()); } /** * 登出 * * @param request request */ @NeedLogin @PostMapping("logout") public Map<String, Object> logout(HttpServletRequest request) { Map<String,Object> currentUser = (Map<String,Object>)request.getAttribute("currentUser"); return userBizService.logout(currentUser.get("uid").toString()); } /** * 列表用戶 */ @NeedLogin @PostMapping("pageUser") public Map<String, Object> pageUser(@RequestBody QueryUserEntity queryUserEntity) { logger.info("login input params queryUserEntity={}", queryUserEntity); return userBizService.pageUsers(queryUserEntity); } }
5.GitHub上源代碼地址
相關文章
- 1. RxSwift 實戰操做【註冊登陸】
- 2. SpringBoot實現登陸註冊功能【Demo】
- 3. SpringBoot實現登陸註冊(ajax)
- 4. SpringBoot+Security實現登陸註冊
- 5. SpringBoot+Shiro實現登陸攔截功能
- 6. springboot -- 實現qq登陸功能
- 7. SpringBoot簡單實現登陸功能
- 8. Springboot實現OAuth2登陸
- 9. SSM 實現登陸註冊功能
- 10. Node.js實現登陸註冊功能
- 更多相關文章...
- • 現實生活中的 XML - XML 教程
- • Hibernate實現增刪改查 - Hibernate教程
- • Spring Cloud 微服務實戰(三) - 服務註冊與發現
- • ☆基於Java Instrument的Agent實現
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
