1、登录成功后,生成token,响应给客户端,并存入redis中
public boolean login(HttpServletResponse response, LoginVO loginVO) {
if(loginVO == null){
throw new GlobalException(CodeMsg.SERVER_ERROR);
}
//判断手机号是否存在
//log.info("手机号:{}", loginVO.getMobile());
//log.info("密码:{}", loginVO.getPassword());
SeckillUser seckillUser = getById(Long.parseLong(loginVO.getMobile()));
if(seckillUser == null){
throw new GlobalException(CodeMsg.MOBILE_NOT_EXIST);
}
//验证密码
String dbPass = seckillUser.getPassword();
String dbSalt = seckillUser.getSalt();
String calcPass = MD5Util.formPassToDBPass(loginVO.getPassword(), dbSalt);
if(!dbPass.equals(calcPass)){
throw new GlobalException(CodeMsg.PASSWORD_ERROR);
}
//生成cookie
String token = UUIDUtil.uuid();
addCookie(response, token, seckillUser);
return true;
}
/** 生成cookie */
private void addCookie(HttpServletResponse response, String token, SeckillUser seckillUser){
//生成token
redisService.set(SeckillUserKey.token, token, seckillUser);
//设置cookie
Cookie cookie = new Cookie(COOK_NAME_TOKEN, token);
cookie.setMaxAge(SeckillUserKey.token.expireSeconds());
cookie.setPath("/");
response.addCookie(cookie);
}
public class SeckillUserKey extends BasePrefix {
private static final int TOKEN_EXPIRE = 3600*24*2;
private SeckillUserKey(int expireSeconds, String prefix) {
super(expireSeconds, prefix);
}
public static SeckillUserKey token = new SeckillUserKey(TOKEN_EXPIRE,"token");
}
public abstract class BasePrefix implements KeyPrefix {
/** 过期时间 */
private int expireSeconds;
/** 前缀 */
private String prefix;
public BasePrefix(){
}
/** 0代表永不过期 */
public BasePrefix(String prefix){
this(0, prefix);
}
public BasePrefix(int expireSeconds, String prefix){
this.expireSeconds = expireSeconds;
this.prefix = prefix;
}
/** 默认0代表永不过期 */
@Override
public int expireSeconds() {
return expireSeconds;
}
@Override
public String getPrefix() {
String className = getClass().getSimpleName();
return className + "-" + prefix + "-";
}
}
public interface KeyPrefix {
/** 有效期 */
public int expireSeconds();
/** 前缀 */
public String getPrefix();
}
2、需要登录才能访问的页面(token验证),对请求参数进行验证
@GetMapping("/to_list")
public String toList(Model model, SeckillUser seckillUser){
if(seckillUser == null){
return "login";
}
model.addAttribute("user", seckillUser);
return "goods_list";
}
@Configuration
public class WebConfig extends WebMvcConfigurerAdapter {
@Autowired
private UserArgumentResolver userArgumentResolver;
@Override
public void addArgumentResolvers(List<HandlerMethodArgumentResolver> argumentResolvers) {
argumentResolvers.add(userArgumentResolver);
}
}
@Service
public class UserArgumentResolver implements HandlerMethodArgumentResolver {
@Autowired
private SeckillUserService seckillUserService;
/** 如果参数类型是seckillUser(对象) 才做下面的处理 */
@Override
public boolean supportsParameter(MethodParameter methodParameter) {
Class<?> clazz = methodParameter.getParameterType();
return clazz == SeckillUser.class;
}
@Override
public Object resolveArgument(MethodParameter methodParameter, ModelAndViewContainer modelAndViewContainer,
NativeWebRequest nativeWebRequest, WebDataBinderFactory webDataBinderFactory)
throws Exception {
HttpServletRequest request = nativeWebRequest.getNativeRequest(HttpServletRequest.class);
HttpServletResponse response = nativeWebRequest.getNativeResponse(HttpServletResponse.class);
String paramToken = request.getParameter(SeckillUserService.COOK_NAME_TOKEN);
String cookieToken = getCookieValue(request, SeckillUserService.COOK_NAME_TOKEN);
if(StringUtils.isBlank(paramToken) && StringUtils.isBlank(cookieToken)){
return null;
}
String token = StringUtils.isBlank(paramToken)?cookieToken:paramToken;
System.out.println(token);
return seckillUserService.getByToken(response, token);
}
private String getCookieValue(HttpServletRequest request, String cookName) {
Cookie[] cookies = request.getCookies();
for (Cookie cookie:cookies) {
if(cookie.getName().equals(cookName)){
return cookie.getValue();
}
}
return null;
}
}
public SeckillUser getByToken(HttpServletResponse response, String token) {
if(StringUtils.isBlank(token)){
return null;
}
SeckillUser seckillUser = redisService.get(SeckillUserKey.token, token, SeckillUser.class);
// 延长有效期
if(seckillUser != null){
addCookie(response, token, seckillUser);
}
return seckillUser;
}
public static final String COOK_NAME_TOKEN = "token";
浙公网安备 33010602011771号