上一篇主要介绍了SSM整合以及测试。
这一篇主要介绍登录模块,登录模块用到了过滤器,配置过滤器时需要在web.xml里面进行配置,相关配置已经在第二篇的web.xml有注明。
本篇涉及的类有:控制层的LoginController、过滤器CheckLoginFilter以及数据库访问的。
- Controller层:如果登录成功,则将该用户设置到session里,然后结合前端JS判断该用户是否为空来显示遮罩层与否,并且设置session失效时间。用户密码存储到数据库时推荐使用MD5加密。
package com.tdrip.controller; import javax.servlet.http.HttpSession; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RestController; import com.tdrip.model.util.ServiceResult; import com.tdrip.service.OperatorService; @RestController public class LoginController { @Autowired private OperatorService operatorService; @Autowired private HttpSession session; @RequestMapping(value = "/login/login", method=RequestMethod.POST) public ServiceResult login(String password) { ServiceResult serviceResult = operatorService.findById(password); if (null != serviceResult.getData()) { session.setAttribute("admin", serviceResult.getData()); //无活动10分钟后session失效 session.setMaxInactiveInterval(10*60); } return serviceResult; } }-
OperatorlService:操作员service,用于登录验证的serivce层
package com.tdrip.service.impl; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import com.tdrip.mapper.OperatorMapper; import com.tdrip.model.db.OperatorModel; import com.tdrip.model.util.ServiceResult; import com.tdrip.service.OperatorService; import com.tdrip.util.ToolUtil; @Service public class OperatorServiceImpl implements OperatorService { @Autowired private OperatorMapper operatorMapper; @Override public ServiceResult findById(String password) { String md5 = ToolUtil.getMD5(password); OperatorModel model = operatorMapper.selectById(md5); if (model != null) { return ServiceResult.Return(model); } return ServiceResult.Build(-1, "密码错误!"); } }
-
OperatorMapper接口:
package com.tdrip.mapper; import org.springframework.stereotype.Repository; import com.tdrip.model.db.OperatorModel; @Repository public interface OperatorMapper { public OperatorModel selectById(String id); public OperatorModel selectLikeId(String id); public int insert(OperatorModel model); }
-
OperatorMpper.xml:
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" > <mapper namespace="com.tdrip.mapper.OperatorMapper"> <resultMap type="com.tdrip.model.db.OperatorModel" id="OperatorModelResult"> <id property="id" column="id" /> <result property="cutc" column="cutc" /> <result property="permission" column="permission" /> </resultMap> <select id="selectById" resultMap="OperatorModelResult"> SELECT id, cutc, permission FROM operator WHERE id = #{id} </select> <select id="selectLikeId" resultMap="OperatorModelResult"> SELECT id, permission FROM operator WHERE id like CONCAT('%',#{id},'%') </select> <insert id="insert"> INSERT INTO operator(id, cutc) values(#{id}, #{cutc}) </insert> </mapper>
-
CheckLoginFilter:该类需要实现Filter接口,过滤的实现方法主要是doFilter。
package com.tdrip.filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; public class CheckLoginFilter implements Filter { @Override public void init(FilterConfig filterConfig) throws ServletException { // TODO Auto-generated method stub } /** * 过滤流程: * 1、如果访问的是主页index或者静态文件(css,js)之类的话直接访问通过 * 2、如果是登录请求或者查询全部内容请求则通过 * 3、不满足以上两点则需要用户进行登录。 */ @Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; HttpSession session = request.getSession(); String requestURL = request.getRequestURI(); boolean conditionPass = requestURL.contains("/index") || requestURL.endsWith(".html") || requestURL.contains("/resource") || requestURL.endsWith(".js") || requestURL.endsWith(".css") || requestURL.endsWith(".ico"); if (conditionPass) { chain.doFilter(request, response); } else { if (requestURL.contains("/login/login") || requestURL.endsWith("/content/findAll")) { chain.doFilter(request, response); } else { boolean loggedIn = session != null && session.getAttribute("admin") != null; if (loggedIn) { chain.doFilter(request, response); } else { request.getRequestDispatcher("index").forward(request, response); } } } } @Override public void destroy() { // TODO Auto-generated method stub } }
PS:本篇介绍的是关于登录模块和过滤器。由于楼主之前还没接触过shiro框架,所以用的是基本的过滤器,有兴趣的小伙伴可以去看看shiro框架,关于登录验证权限方面的。楼主最近在整合自己到目前为止所学的东西到一个项目里,里面也用到了shiro,之后再推出。
下一篇开始介绍redis,并整合到spring中。