用户登录流程图:
在spring拦截器中进行鉴权操作:
控制器的拦截:
import com.mooc.house.common.model.User; import org.springframework.stereotype.Component; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.net.URLEncoder; @Component //成为spring ben public class AuthActionInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object o) throws Exception { User user= UserContext.getUser(); if(user==null){ //重定向到登录界面 String msg= URLEncoder.encode("请先登录","utf-8"); String target = URLEncoder.encode(request.getRequestURL().toString(),"utf-8"); if ("GET".equalsIgnoreCase(request.getMethod())) { response.sendRedirect("/accounts/signin?errorMsg=" + msg + "&target="+target); return false; }else { response.sendRedirect("/accounts/signin?errorMsg="+msg); return false; } } return false; } @Override public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception { } @Override public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception { } }
import com.google.common.base.Joiner; import com.mooc.house.common.constants.CommonConstants; import com.mooc.house.common.model.User; import org.springframework.stereotype.Component; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import java.util.Map; @Component //实现拦截器接口 public class AuthInterceptor implements HandlerInterceptor { @Override //在控制器执行之前拦截执行的 public boolean preHandle(HttpServletRequest request, HttpServletResponse httpServletResponse, Object o) throws Exception { Map<String,String[]> map=request.getParameterMap(); //获取所有的请求 map.forEach((k,v)->{ if (k.equals("errorMsg") || k.equals("successMsg") || k.equals("target")) { request.setAttribute(k, Joiner.on(",").join(v)); } }); String reqUri=request.getRequestURI(); if(reqUri.startsWith("/static")||reqUri.startsWith("/error")){ return true; } HttpSession session=request.getSession(true); //没有的话创建 User user=(User)session.getAttribute(CommonConstants.USER_ATTRIBUTE); if(user!=null){ UserContext.setUser(user); } return true; } @Override public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception { } @Override public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception { UserContext.remove(); } }
获取删除得到用户信息:
public class UserContext { private static final ThreadLocal<User> USER_THREAD_LOCAL=new ThreadLocal<>(); public static void setUser(User user){ USER_THREAD_LOCAL.set(user); } public static void remove(){ USER_THREAD_LOCAL.remove(); } public static User getUser(){ return USER_THREAD_LOCAL.get(); } }
注册到请求接口:
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; @Configuration public class WebMvcConf extends WebMvcConfigurerAdapter { @Autowired private AuthActionInterceptor authActionInterceptor; @Autowired private AuthInterceptor authInterceptor; //管理拦截请求 @Override public void addInterceptors(InterceptorRegistry registry){ registry.addInterceptor(authInterceptor).excludePathPatterns("/static").addPathPatterns("/**"); registry .addInterceptor(authActionInterceptor).addPathPatterns("/house/toAdd") .addPathPatterns("/accounts/profile").addPathPatterns("/accounts/profileSubmit") .addPathPatterns("/house/bookmarked").addPathPatterns("/house/del") .addPathPatterns("/house/ownlist").addPathPatterns("/house/add") .addPathPatterns("/house/toAdd").addPathPatterns("/agency/agentMsg") .addPathPatterns("/comment/leaveComment").addPathPatterns("/comment/leaveBlogComment"); super.addInterceptors(registry); } }
拦截器编写配置步骤:
在配置中加入:
domain.name=127.0.0.1:8090 spring.mail.host=smtp.163.com spring.mail.username= spring.mail.password= spring.mail.properties.mail.smtp.outh=true spring.mail.properties.mail.smtp.starttls.enable=true spring.mail.properties.mail.smtp.starttls.required=true