web工程过滤器和springMVC拦截器的一些总结

其他 2018-05-07 15:38:06 阅读次数: 5

今天自己写SSO(单点登录)发现一些问题的总结




1。因为原先有拦截器inteceptor,所以想着就直接用拦截器搞好了,后来发现不行,

原因是:工程默认是/访问,是在web中配置默认的,并没有调用任何方法(而拦截器是拦截方法的),所以无论我修改spring配置文件,修改拦截条件都始终拦截不上

所以个人感觉,登录这种操作应该是在filter来搞,因为过滤器(过滤一切请求,即便是还没有登录)


2.所以改用filter过滤器

	public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
			FilterChain filterChain) throws IOException, ServletException {
		 	HttpServletRequest request = (HttpServletRequest) servletRequest;
	        HttpServletResponse response = (HttpServletResponse) servletResponse;
	        
	        String urlString = request.getRequestURI();
	        System.out.println("client请求链接:"+urlString);
	        if(urlString.contains("css")||urlString.contains("js")){
	        	filterChain.doFilter(servletRequest, servletResponse);
	        	return;
	        }
	        HttpSession session = request.getSession();
	        String username = (String) session.getAttribute("username");
	        
	        String ticket = request.getParameter("ticket");
	        String url = URLEncoder.encode(request.getRequestURL().toString(), "UTF-8");

	        if (null == username) {  
	            if (null != ticket && !"".equals(ticket)) {  
	            	JSONObject jsonObject = httpRequest("http://localhost:8080/yxy_author/ticketService?ticket="+ticket, "GET");
	            	if(jsonObject!=null){
	            		username = (String) jsonObject.getJSONObject("data").get("username");
	            	}
	                if (null != username && !"".equals(username)) {  
	                    session.setAttribute("username", username);  
	                    filterChain.doFilter(request, response);  
	                } else {  
	                    response.sendRedirect("http://localhost:8080/yxy_author/login?service=" + url);  
	                }  
	            } else {  
	                response.sendRedirect("http://localhost:8080/yxy_author/login?service=" + url);  
	            }  
	        } else {  
	            filterChain.doFilter(request, response);  
	        } 
	}
核心代码就这么几句


记得配置web.xml中添加这个过滤器


    

   <filter>  
        <filter-name>ssoClientFilter</filter-name>  
        <filter-class>com.cyt.babyhealth.tj.filter.SSOClientFilter</filter-class>  
    </filter>  
    <filter-mapping>  
        <filter-name>ssoClientFilter</filter-name>  
        <url-pattern>/*</url-pattern>  
    </filter-mapping>

============================下面是授权服务工程代码==============================================



SSOServerFilter代码

public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
			FilterChain filterChain) throws IOException, ServletException {
		// TODO Auto-generated method stub
		 	
			HttpServletRequest request = (HttpServletRequest) servletRequest;
	        HttpServletResponse response = (HttpServletResponse) servletResponse;
	        
	        String test = ((HttpServletRequest) servletRequest).getServletPath();
	        
	        
	        String urlString = request.getRequestURI();
	        System.out.println("service请求链接:"+urlString);
	        if("/yxy_author/login".equals(urlString)||"/yxy_author/ticketService".equals(urlString)||urlString.contains("css")||urlString.contains("js")){
	        	filterChain.doFilter(servletRequest, servletResponse);
	        	return;
	        }
	        
	        String service = request.getParameter("service");
	        String ticket = request.getParameter("ticket");
	        Cookie[] cookies = request.getCookies();
	        String username = "";
	        if (null != cookies) {
	            for (Cookie cookie : cookies) {
	                if ("sso".equals(cookie.getName())) {
	                    username = cookie.getValue();
	                    break;
	                }
	            }
	        }

	        if (null == service && null != ticket) {
	            filterChain.doFilter(servletRequest, servletResponse);
	        }

	        if (null != username && !"".equals(username)) {
	        	
	        	System.out.println("service用户名:"+username);
	        	
	            long time = System.currentTimeMillis();
	            String timeString = username + time;
	            MemCached memCached = (MemCached) SpringUtil.getBean("memcachedClient");
	            memCached.set(timeString, 1000,username);
	            StringBuilder url = new StringBuilder();
	            if(service!=null){
	            	url.append(service);
	            	
	            	if (0 <= service.indexOf("?")) {
	            		url.append("&");
	            	} else {
	            		url.append("?");
	            	}
	            	url.append("ticket=").append(timeString);
	            	
	            }
	            response.sendRedirect(url.toString());
	            
	        } else {
	        		filterChain.doFilter(servletRequest, servletResponse);
	        }
		
	}

授权中心login

@RequestMapping(value = "/ticketService")
	@ResponseBody
	public ApiResult  ticketService(HttpServletRequest request, HttpServletResponse response){
		ApiResult apiResult = new ApiResult();
		
		String ticket = request.getParameter("ticket");
        String username = memcachedClient.get(ticket);
        memcachedClient.delete(ticket);
        
//        Object  customVO   = memcachedClient.get(ticket+".user");
//        memcachedClient.delete(ticket+".user");
        
        
        Map<String, Object> data = new HashMap<String, Object>();
        data.put("username",username);
//        data.put("customVO", customVO);
        apiResult.setData(data);

		
		return apiResult;
		
	}
	/**
	 * @param loginname
	 * @param pwd
	 * @return 登录
	 * @throws IOException 
	 */
	@RequestMapping(value = "/login")
	public String login(@RequestParam(required = false) String loginname,
			@RequestParam(required = false) String pwd,
			String service,HttpServletResponse response) throws IOException {
        
		if(loginname!=null&&loginname.trim().length()>0&&pwd!=null&&pwd.trim().length()>0){
			ImCustom admin = imCustomService.findLoginName(loginname);
			if (admin != null) {
				if(admin.getStatus() == 1){
					if (admin.getPwd().equals(MD5.sign(pwd + PropertiesUtil.config.get("md5.key")))) {
						if (admin.getStatus() == 1) {
							
						
							
							String sysIds = admin.getSysIds();
							
							List<AdminAuthorSys> adminAuthorSys = new ArrayList<AdminAuthorSys>();
							String[] sysIdsArrStrings = sysIds.split(",");
							
							for (int i = 0; i < sysIdsArrStrings.length; i++) {
								String sysIdString = sysIdsArrStrings[i];
								AdminAuthorSys adminAuthorSyss = adminAuthorSysService.find(Integer.parseInt(sysIdString));
								adminAuthorSys.add(adminAuthorSyss);
							}
							ImCustomVO  customVO = new ImCustomVO();
							BeanUtils.copyProperties(admin, customVO);
							customVO.setAdminSyses(adminAuthorSys);
							
							ServletContext ContextA =getSession().getServletContext();
							ContextA.setAttribute("session",getSession() );
							getSession().setAttribute("admin", customVO);//这样保存只能在当前应用内看
							
							
							System.out.println("44444444444444444444444444444444");
							//设置cookie
							  Cookie cookie = new Cookie("sso", admin.getUname());
							  cookie.setPath("/");
							  response.addCookie(cookie);
							//admin1503379134793 admin
					        //admin1503379134793.user	 com.cyt.babyhealth.tj.entity.ImCustomVO@399f315c		            
					            long time = System.currentTimeMillis();
					            String timeString = admin.getUname() + time;
					            memcachedClient.set(timeString, 10000, admin.getUname());
					            
//					            JSONObject.toJSON(customVO);
					          //要想在应用外用,则需要session共享,放在memcached中
//								memcachedClient.set(timeString+".user", 10000, JSONObject.toJSON(customVO));
					            if (null != service) {
					            	StringBuilder url = new StringBuilder();
					            	url.append(service);
					            	if (0 <= service.indexOf("?")) {
					            		url.append("&");
					            	} else {
					            		url.append("?");
					            	}
					            	url.append("ticket=").append(timeString);
					            	response.sendRedirect(url.toString());
					            	return null;
					            }else {
					            	response.sendRedirect("/yxy_author/index.jsp");
					            	return null;
								}
							
						} else {
							getRequest().setAttribute("error", "该用户禁止登录");
						}
					} else {
						getRequest().setAttribute("error", "密码错误");
					}
				}else{
					getRequest().setAttribute("error", "用户已被禁止");
				}
			} else {
					getRequest().setAttribute("error", "该用户不存在");
			}
		}
		return "/login";
	}

	/**
	 * @return 退出登录
	 */
	@RequestMapping(value = "/logout")
	public String logout() {

		getSession().invalidate();

		return "/login";
	}

最後記得web.xml配置

    <filter>  
        <filter-name>ssoServerFilter</filter-name>  
        <filter-class>com.cyt.babyhealth.tj.filter.SSOServerFilter</filter-class>  
    </filter>  
    <filter-mapping>  
        <filter-name>ssoServerFilter</filter-name>  
        <url-pattern>/*</url-pattern>  
    </filter-mapping>



猜你喜欢

转载自blog.csdn.net/lixld/article/details/77483385
今日推荐
周排行
小程序的背景图片
SpringBoot项目架构小实例
[多线程] Wait和Notify方法解析
第五章 绘图基础(ALTWIND)
HDU 6386 Age of Moyu 【bfs】【spfa】
如何在windows上搭载PHP环境并编写运行第一个PHP代码
CF1006C 【Three Parts of the Array】
FastAdmin 增删改查在哪里?
区块链安全吗?
docker Dockerfile实战
每日归档
更多
2024-06-16(0)
2024-06-15(0)
2024-06-14(0)
2024-06-13(0)
2024-06-12(0)
2024-06-11(0)
2024-06-10(0)
2024-06-09(0)
2024-06-08(0)
2024-06-07(0)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022