用户--登录认证+JWT令牌
登录
1.根据用户名查询用户
2.判断用户是否存在
3.判断密码是否正确。
(1) password是密文
Md5Util.getMD5String(password).equals(loginUser.getPassword())
(2)把token存储到redis中
controller : UserController
@RestController @RequestMapping("/user") @Validated public class UserController { @Autowired private UserService userService; @Autowired private StringRedisTemplate stringRedisTemplate; @PostMapping("/login") public Result<String> login(@Pattern(regexp = "^\\S{5,16}$") String username, @Pattern(regexp = "^\\S{5,16}$") String password) { //根据用户名查询用户 User loginUser = userService.findByUserName(username); //判断该用户是否存在 if (loginUser == null) { return Result.error("用户名错误"); } //判断密码是否正确 loginUser对象中的password是密文 if (Md5Util.getMD5String(password).equals(loginUser.getPassword())) { //登录成功 Map<String, Object> claims = new HashMap<>(); claims.put("id", loginUser.getId()); claims.put("username", loginUser.getUsername()); String token = JwtUtil.genToken(claims); //把token存储到redis中 ValueOperations<String, String> operations = stringRedisTemplate.opsForValue(); operations.set(token,token,1, TimeUnit.HOURS); return Result.success(token); } return Result.error("密码错误"); } }
Service:UserService
public interface UserService { //根据用户名查询用户 User findByUserName(String username); }
Service:UserServiceImpl
@Service public class UserServiceImpl implements UserService { @Autowired private UserMapper userMapper; @Override public User findByUserName(String username) { User u = userMapper.findByUserName(username); return u; } }
Mapper:UserMapper
@Mapper public interface UserMapper { //根据用户名查询用户 @Select("select * from user where username=#{username}") User findByUserName(String username); }
interceptors:LongiInterceptor
package com.example.interceptors; import com.example.pojo.Result; import com.example.utils.JwtUtil; import com.example.utils.ThreadLocalUtil; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.data.redis.core.StringRedisTemplate; import org.springframework.data.redis.core.ValueOperations; import org.springframework.stereotype.Component; import org.springframework.web.servlet.HandlerInterceptor; import java.util.Map; @Component public class LoginInterceptor implements HandlerInterceptor { @Autowired private StringRedisTemplate stringRedisTemplate; @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { //令牌验证 String token = request.getHeader("Authorization"); //验证token try { //从redis中获取相同的token ValueOperations<String, String> operations = stringRedisTemplate.opsForValue(); String redisToken = operations.get(token); if (redisToken==null){ //token已经失效了 throw new RuntimeException(); } Map<String, Object> claims = JwtUtil.parseToken(token); //把业务数据存储到ThreadLocal中 ThreadLocalUtil.set(claims); //放行 return true; } catch (Exception e) { //http响应状态码为401 response.setStatus(401); //不放行 return false; } } @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { //清空ThreadLocal中的数据 ThreadLocalUtil.remove(); } }
utils : JwtUtils
package com.example.utils; import com.auth0.jwt.JWT; import com.auth0.jwt.algorithms.Algorithm; import java.util.Date; import java.util.Map; public class JwtUtil { private static final String KEY = "itheima"; //接收业务数据,生成token并返回 public static String genToken(Map<String, Object> claims) { return JWT.create() .withClaim("claims", claims) .withExpiresAt(new Date(System.currentTimeMillis() + 1000 * 60 * 60 )) .sign(Algorithm.HMAC256(KEY)); } //接收token,验证token,并返回业务数据 public static Map<String, Object> parseToken(String token) { return JWT.require(Algorithm.HMAC256(KEY)) .build() .verify(token) .getClaim("claims") .asMap(); } }
utils:Md5Utils
package com.example.utils; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; public class Md5Util { /** * 默认的密码字符串组合,用来将字节转换成 16 进制表示的字符,apache校验下载的文件的正确性用的就是默认的这个组合 */ protected static char hexDigits[] = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'}; protected static MessageDigest messagedigest = null; static { try { messagedigest = MessageDigest.getInstance("MD5"); } catch (NoSuchAlgorithmException nsaex) { System.err.println(Md5Util.class.getName() + "初始化失败,MessageDigest不支持MD5Util。"); nsaex.printStackTrace(); } } /** * 生成字符串的md5校验值 * * @param s * @return */ public static String getMD5String(String s) { return getMD5String(s.getBytes()); } /** * 判断字符串的md5校验码是否与一个已知的md5码相匹配 * * @param password 要校验的字符串 * @param md5PwdStr 已知的md5校验码 * @return */ public static boolean checkPassword(String password, String md5PwdStr) { String s = getMD5String(password); return s.equals(md5PwdStr); } public static String getMD5String(byte[] bytes) { messagedigest.update(bytes); return bufferToHex(messagedigest.digest()); } private static String bufferToHex(byte bytes[]) { return bufferToHex(bytes, 0, bytes.length); } private static String bufferToHex(byte bytes[], int m, int n) { StringBuffer stringbuffer = new StringBuffer(2 * n); int k = m + n; for (int l = m; l < k; l++) { appendHexPair(bytes[l], stringbuffer); } return stringbuffer.toString(); } private static void appendHexPair(byte bt, StringBuffer stringbuffer) { char c0 = hexDigits[(bt & 0xf0) >> 4];// 取字节中高 4 位的数字转换, >>> // 为逻辑右移,将符号位一起右移,此处未发现两种符号有何不同 char c1 = hexDigits[bt & 0xf];// 取字节中低 4 位的数字转换 stringbuffer.append(c0); stringbuffer.append(c1); } }
浙公网安备 33010602011771号