用户登录流程图:
在spring拦截器中进行鉴权操作:
控制器的拦截:
import com.mooc.house.common.model.User;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.net.URLEncoder;
@Component //成为spring ben
public class AuthActionInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object o)
throws Exception {
User user= UserContext.getUser();
if(user==null){ //重定向到登录界面
String msg= URLEncoder.encode("请先登录","utf-8");
String target = URLEncoder.encode(request.getRequestURL().toString(),"utf-8");
if ("GET".equalsIgnoreCase(request.getMethod())) {
response.sendRedirect("/accounts/signin?errorMsg=" + msg + "&target="+target);
return false;
}else {
response.sendRedirect("/accounts/signin?errorMsg="+msg);
return false;
}
}
return false;
}
@Override
public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
}
}
import com.google.common.base.Joiner;
import com.mooc.house.common.constants.CommonConstants;
import com.mooc.house.common.model.User;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.util.Map;
@Component //实现拦截器接口
public class AuthInterceptor implements HandlerInterceptor {
@Override //在控制器执行之前拦截执行的
public boolean preHandle(HttpServletRequest request, HttpServletResponse httpServletResponse, Object o)
throws Exception {
Map<String,String[]> map=request.getParameterMap(); //获取所有的请求
map.forEach((k,v)->{
if (k.equals("errorMsg") || k.equals("successMsg") || k.equals("target")) {
request.setAttribute(k, Joiner.on(",").join(v));
}
});
String reqUri=request.getRequestURI();
if(reqUri.startsWith("/static")||reqUri.startsWith("/error")){
return true;
}
HttpSession session=request.getSession(true); //没有的话创建
User user=(User)session.getAttribute(CommonConstants.USER_ATTRIBUTE);
if(user!=null){
UserContext.setUser(user);
}
return true;
}
@Override
public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
UserContext.remove();
}
}
获取删除得到用户信息:
public class UserContext {
private static final ThreadLocal<User> USER_THREAD_LOCAL=new ThreadLocal<>();
public static void setUser(User user){
USER_THREAD_LOCAL.set(user);
}
public static void remove(){
USER_THREAD_LOCAL.remove();
}
public static User getUser(){
return USER_THREAD_LOCAL.get();
}
}
注册到请求接口:
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
@Configuration
public class WebMvcConf extends WebMvcConfigurerAdapter {
@Autowired
private AuthActionInterceptor authActionInterceptor;
@Autowired
private AuthInterceptor authInterceptor;
//管理拦截请求
@Override
public void addInterceptors(InterceptorRegistry registry){
registry.addInterceptor(authInterceptor).excludePathPatterns("/static").addPathPatterns("/**");
registry
.addInterceptor(authActionInterceptor).addPathPatterns("/house/toAdd")
.addPathPatterns("/accounts/profile").addPathPatterns("/accounts/profileSubmit")
.addPathPatterns("/house/bookmarked").addPathPatterns("/house/del")
.addPathPatterns("/house/ownlist").addPathPatterns("/house/add")
.addPathPatterns("/house/toAdd").addPathPatterns("/agency/agentMsg")
.addPathPatterns("/comment/leaveComment").addPathPatterns("/comment/leaveBlogComment");
super.addInterceptors(registry);
}
}
拦截器编写配置步骤:
在配置中加入:
domain.name=127.0.0.1:8090 spring.mail.host=smtp.163.com spring.mail.username= spring.mail.password= spring.mail.properties.mail.smtp.outh=true spring.mail.properties.mail.smtp.starttls.enable=true spring.mail.properties.mail.smtp.starttls.required=true