用户会话拦截器
若用户未登录 不能进行某些操作 如修改用户信息等
业务思路:
- 从header中取出userId 和 token
- 判断token是可以取出userid和token 若未取出则表示未登录 抛出异常并返回
- 从redis中取出token信息 若未取出表示未登录
- 判断token是前端传入的token是否和redis中存储的token一直 若不一致提示会话失效 重新登录
将他们封装到BaseIntercepto中因为其他的拦截器可能会用到
@Component
public class BaseInterceptor {
protected static final String REDIS_USER_TOKEN = "redis_user_token";
protected static final String REDIS_USER_CACHE = "redis_user_cache";
@Autowired
private RedisOperator redisOperator;
public boolean verityUserToken(String userId, String userToken, String redisPrefix) {
if (StringUtils.isBlank(userId) && StringUtils.isBlank(userToken)) {
GraceException.display(ResponseStatusEnum.UN_LOGIN);
return false;
} else {
String redisUserToken = redisOperator.get(redisPrefix + ":" + userId);
if (StringUtils.isBlank(redisUserToken)) {
GraceException.display(ResponseStatusEnum.UN_LOGIN);
return false;
} else if (!userToken.equals(redisUserToken)) {
GraceException.display(ResponseStatusEnum.TICKET_INVALID);
return false;
}
}
return true;
}
}
拦截器调用BaseController验证合法即可
public class UserTokenInterceptor extends BaseInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
String userToken = request.getHeader("headerUserToken");
String userId = request.getHeader("headerUserId");
return super.verityUserToken(userId, userToken, REDIS_USER_TOKEN);
}
}
之后在configuration中注入bean并注册拦截器即可
@Bean
public UserTokenInterceptor userTokenInterceptor() {
return new UserTokenInterceptor();
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(userTokenInterceptor())
.addPathPatterns("/user/updateUserInfo")
.addPathPatterns("/user/getAccountInfo");
}
虽然道路是曲折的,但前途是光明的。
浙公网安备 33010602011771号