xmall mall study notes

Article Directory

xmall mall study notes
Preface
1. What is single sign-on?
2. Project structure
to sum up

Preface

Tips: xmall-sso, the single sign-on module to be seen today

1. What is single sign-on?

To put it simply, other modules or systems can be accessed in a system (login in a module) without logging in.
There is an article here that is very thorough: the principle of single sign-on

We mainly study how xmall is implemented and optimize it

2. Project structure

Insert picture description here
Obviously this is a service. It is registered in zookeeper.
We mainly look at service. The following three files are more important.
LoginServiceImpl, MemberServiceImpl, RegisterServiceImpl.
RegisterServiceImpl contains registered accounts, which is to search and insert the database. This is not difficult. .

Let’s look at the LoginServiceImpl class. It has only three methods: userLogin, getUserByToken, and logout.
Look at the first method first.

List<TbMember> list = tbMemberMapper.selectByExample(example);
		if (list == null || list.size() == 0) {
			Member member=new Member();
			member.setState(0);
			member.setMessage("用户名或密码错误");
			return member;
		}
		TbMember tbMember = list.get(0);
		//md5加密
		if (!DigestUtils.md5DigestAsHex(password.getBytes()).equals(tbMember.getPassword())) {
			Member member=new Member();
			member.setState(0);
			member.setMessage("用户名或密码错误");
			return member;
		}
		String token = UUID.randomUUID().toString();
		Member member= DtoUtil.TbMemer2Member(tbMember);
		member.setToken(token);
		member.setState(1);
		// 用户信息写入redis：key："SESSION:token" value："user"
		jedisClient.set("SESSION:" + token, new Gson().toJson(member));
		jedisClient.expire("SESSION:" + token, SESSION_EXPIRE);

This code is the core. The main thing is to find the user in the database. If there is no user, throw an exception. If there is, store the generated token in redis and set the expiration time.
The code is as follows (example):

getUserByToken This method is used to verify the login status based on the Token
and then "recharge" the expiration time

String json = jedisClient.get("SESSION:" + token);
		if (json==null) {
			Member member=new Member();
			member.setState(0);
			member.setMessage("用户登录已过期");
			return member;
		}
		//重置过期时间
		jedisClient.expire("SESSION:" + token, SESSION_EXPIRE);
		Member member = new Gson().fromJson(json,Member.class);
		return member;

logout is just two lines of code to
clear redis login information

jedisClient.del("SESSION:" + token);
		return 1;

The MemberServiceImpl class has a method imageUpload, used to update the avatar

to sum up

The article is far from over here, so we know that the project uses shiro authentication framework, what does it have to do with login? And what is the popular JWT on the Internet? Is the idea of xmall consistent with them? I will modify the login implementation of this project later.