SpringBootWeb登录认证

基础登录功能

思路

代码实现

测试

前后端联调

登录校验

会话跟踪方案

JWT令牌

①登录成功后，生成令牌
②后续每个请求，都要携带JWT令牌，系统在每次请求处理之前，先校验令牌，通过后，再处理

生成

校验

这里输出的是自定义的东西

复制jwt令牌去jwt官网也可以解析

登录后下发令牌

引入JWT令牌操作工具类

登录完成后，调用工具类生成JWT令牌，并返回

代码

    @Autowired
    private EmpService empService;
    @PostMapping("/login")
    public Result login(@RequestBody Emp emp) {
        log.info("login emp: {}", emp);
        Emp e=empService.login(emp);
        if(e!=null){
            Map<String,Object> claims=new HashMap<>();
            claims.put("id",e.getId());
            claims.put("name",e.getName());
            claims.put("username",e.getUsername());
            String jwt = JwtUtils.generateJwt(claims);
            return Result.success(jwt);
        }
        return Result.error("用户名或密码错误");
    }

测试

过滤器

快速入门

执行流程

拦截路径

过滤器链

过滤器执行顺序取决于类名

登录校验Filter

流程

代码

@Slf4j
@WebFilter(urlPatterns = "/*")
public class LoginCheckFilter implements Filter {

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest req = (HttpServletRequest) servletRequest;
        HttpServletResponse resp = (HttpServletResponse) servletResponse;
        String url = req.getRequestURI().toString();
        log.info("请求url：{}" + url);
        if (url.contains("login")) {
            log.info("登录页面，放行");
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        String jwt = req.getHeader("token");
        if (!StringUtils.hasLength(jwt)) {
            log.info("token为空，返回未登录信息");
            Result error = Result.error("NOT_LOGIN");
            String notLogin = JSONObject.toJSONString(error);
            resp.getWriter().write(notLogin);
            return;
        }
        try {
            JwtUtils.parseJWT(jwt);
        } catch (Exception e) {
            e.printStackTrace();
            log.info("token解析失败，返回未登录信息");
            Result error = Result.error("NOT_LOGIN");
            String notLogin = JSONObject.toJSONString(error);
            resp.getWriter().write(notLogin);
            return;
        }
        log.info("token解析成功，放行");
        filterChain.doFilter(servletRequest, servletResponse);
    }
}

Interceptor

快速入门

拦截路径

执行流程

登录校验Interceptor

@Slf4j
@Component
public class LoginCheckInterceptor implements HandlerInterceptor {
    @Override
    public boolean preHandle(HttpServletRequest req, HttpServletResponse resp, Object handler) throws Exception {
        String url = req.getRequestURI().toString();
        log.info("请求url：{}" + url);
        if (url.contains("login")) {
            log.info("登录页面，放行");
            return true;
        }
        String jwt = req.getHeader("token");
        if (!StringUtils.hasLength(jwt)) {
            log.info("token为空，返回未登录信息");
            Result error = Result.error("NOT_LOGIN");
            String notLogin = JSONObject.toJSONString(error);
            resp.getWriter().write(notLogin);
            return false;
        }
        try {
            JwtUtils.parseJWT(jwt);
        } catch (Exception e) {
            e.printStackTrace();
            log.info("token解析失败，返回未登录信息");
            Result error = Result.error("NOT_LOGIN");
            String notLogin = JSONObject.toJSONString(error);
            resp.getWriter().write(notLogin);
            return false;
        }
        log.info("token解析成功，放行");
        return true;
    }

    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
        System.out.println("postHandle...");
    }

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
        System.out.println("afterCompletion...");
    }
}

全局异常处理