SpringBootWeb登录认证
基础登录功能
思路
代码实现
测试
前后端联调
登录校验
会话跟踪方案
JWT令牌
①登录成功后,生成令牌
②后续每个请求,都要携带JWT令牌,系统在每次请求处理之前,先校验令牌,通过后,再处理
生成
校验
这里输出的是自定义的东西
复制jwt令牌去jwt官网也可以解析
登录后下发令牌
引入JWT令牌操作工具类
登录完成后,调用工具类生成JWT令牌,并返回
代码
@Autowired
private EmpService empService;
@PostMapping("/login")
public Result login(@RequestBody Emp emp) {
log.info("login emp: {}", emp);
Emp e=empService.login(emp);
if(e!=null){
Map<String,Object> claims=new HashMap<>();
claims.put("id",e.getId());
claims.put("name",e.getName());
claims.put("username",e.getUsername());
String jwt = JwtUtils.generateJwt(claims);
return Result.success(jwt);
}
return Result.error("用户名或密码错误");
}
测试
过滤器
快速入门
执行流程
拦截路径
过滤器链
过滤器执行顺序取决于类名
登录校验Filter
流程
代码
@Slf4j
@WebFilter(urlPatterns = "/*")
public class LoginCheckFilter implements Filter {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) servletRequest;
HttpServletResponse resp = (HttpServletResponse) servletResponse;
String url = req.getRequestURI().toString();
log.info("请求url:{}" + url);
if (url.contains("login")) {
log.info("登录页面,放行");
filterChain.doFilter(servletRequest, servletResponse);
return;
}
String jwt = req.getHeader("token");
if (!StringUtils.hasLength(jwt)) {
log.info("token为空,返回未登录信息");
Result error = Result.error("NOT_LOGIN");
String notLogin = JSONObject.toJSONString(error);
resp.getWriter().write(notLogin);
return;
}
try {
JwtUtils.parseJWT(jwt);
} catch (Exception e) {
e.printStackTrace();
log.info("token解析失败,返回未登录信息");
Result error = Result.error("NOT_LOGIN");
String notLogin = JSONObject.toJSONString(error);
resp.getWriter().write(notLogin);
return;
}
log.info("token解析成功,放行");
filterChain.doFilter(servletRequest, servletResponse);
}
}
Interceptor
快速入门
拦截路径
执行流程
登录校验Interceptor
@Slf4j
@Component
public class LoginCheckInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest req, HttpServletResponse resp, Object handler) throws Exception {
String url = req.getRequestURI().toString();
log.info("请求url:{}" + url);
if (url.contains("login")) {
log.info("登录页面,放行");
return true;
}
String jwt = req.getHeader("token");
if (!StringUtils.hasLength(jwt)) {
log.info("token为空,返回未登录信息");
Result error = Result.error("NOT_LOGIN");
String notLogin = JSONObject.toJSONString(error);
resp.getWriter().write(notLogin);
return false;
}
try {
JwtUtils.parseJWT(jwt);
} catch (Exception e) {
e.printStackTrace();
log.info("token解析失败,返回未登录信息");
Result error = Result.error("NOT_LOGIN");
String notLogin = JSONObject.toJSONString(error);
resp.getWriter().write(notLogin);
return false;
}
log.info("token解析成功,放行");
return true;
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
System.out.println("postHandle...");
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
System.out.println("afterCompletion...");
}
}
全局异常处理
