实现了博客的退出登录
使用SpringSecurity框架,配合redis和token实现
package com.huanf.controller;
import com.huanf.domain.ResponseResult;
import com.huanf.domain.User;
import com.huanf.enums.AppHttpCodeEnum;
import com.huanf.exception.SystemException;
import com.huanf.service.BlogLoginService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;
/**
* @author 35238
* @date 2023/7/22 0022 21:31
*/
@RestController
public class BlogLoginController {
@Autowired
//BlogLoginService是我们在service目录写的接口
private BlogLoginService blogLoginService;
@PostMapping("/login")
//ResponseResult是我们在huanf-framework工程里面写的实体类
public ResponseResult login(@RequestBody User user){
//如果用户在进行登录时,没有传入'用户名'
if(!StringUtils.hasText(user.getUserName())){
// 提示'必须要传用户名'。AppHttpCodeEnum是我们写的枚举类。SystemException是我们写的统一异常处理的类
throw new SystemException(AppHttpCodeEnum.REQUIRE_USERNAME);
}
return blogLoginService.login(user);
}
@PostMapping("/logout")
public ResponseResult logout(){
return blogLoginService.logout();
}
}
package com.huanf.service.impl;
import com.huanf.domain.LoginUser;
import com.huanf.domain.ResponseResult;
import com.huanf.domain.User;
import com.huanf.service.BlogLoginService;
import com.huanf.utils.BeanCopyUtils;
import com.huanf.utils.JwtUtil;
import com.huanf.utils.RedisCache;
import com.huanf.vo.BlogUserLoginVo;
import com.huanf.vo.UserInfoVo;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Service;
import java.util.Objects;
/**
* @author 35238
* @date 2023/7/22 0022 21:39
*/
@Service
//认证,判断用户登录是否成功
public class BlogLoginServiceImpl implements BlogLoginService {
@Autowired
//AuthenticationManager是security官方提供的接口
private AuthenticationManager authenticationManager;
@Autowired
//RedisCache是我们在huanf-framework工程的config目录写的类
private RedisCache redisCache;
@Override
public ResponseResult login(User user) {
//封装登录的用户名和密码
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(user.getUserName(),user.getPassword());
//在下一行之前,封装的数据会先走UserDetailsServiceImpl实现类,这个实现类在我们的huanf-framework工程的service/impl目录里面
Authentication authenticate = authenticationManager.authenticate(authenticationToken);
//上面那一行会得到所有的认证用户信息authenticate。然后下一行需要判断用户认证是否通过,如果authenticate的值是null,就说明认证没有通过
if(Objects.isNull(authenticate)){
throw new RuntimeException("用户名或密码错误");
}
//获取userid
LoginUser loginUser = (LoginUser) authenticate.getPrincipal();
String userId = loginUser.getUser().getId().toString();
//把这个userid通过我们写的JwtUtil工具类转成密文,这个密文就是token值
String jwt = JwtUtil.createJWT(userId);
//下面那行的第一个参数: 把上面那行的jwt,也就是token值保存到Redis。存到时候是键值对的形式,值就是jwt,key要加上 "bloglogin:" 前缀
//下面那行的第二个参数: 要把哪个对象存入Redis。我们写的是loginUser,里面有权限信息,后面会用到
redisCache.setCacheObject("bloglogin:"+userId,loginUser);
//把User转化为UserInfoVo,再放入vo对象的第二个参数
UserInfoVo userInfoVo = BeanCopyUtils.copyBean(loginUser.getUser(), UserInfoVo.class);
BlogUserLoginVo vo = new BlogUserLoginVo(jwt,userInfoVo);
//封装响应返回
return ResponseResult.okResult(vo);
}
//-----------------------------------退出登录------------------------------------------
@Override
public ResponseResult logout() {
//获取token,然后解析token值获取其中的userid。SecurityContextHolder是security官方提供的类
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
//LoginUser是我们写的类
LoginUser loginUser = (LoginUser) authentication.getPrincipal();
//获取userid
Long userid = loginUser.getUser().getId();
//在redis根据key来删除用户的value值,注意之前我们在存key的时候,key是加了'bloglogin:'前缀
redisCache.deleteObject("bloglogin:"+userid);
//封装响应返回
return ResponseResult.okResult();
}
}