Interceptor--check if there are any annotation marks, and operate if there are any (update settings, session, token, the server sets the session for our web, and the token is based on this principle)
1. The service generates session and token, and returns the session and token to the client when the client logs in successfully (at the same time, the server will save a copy in the map (KV)), and the client is stored in the browser (cookie), The session exists in the current thread of the server (threadlocal)
2. When the client requests, it brings its own session and token to the server request as parameters.
3. The server uses the client's K to obtain its own V, and then compares the client's V with the V obtained from the map by the client's K, and if it matches, it is released, and the session is refreshed (to prevent the session from failing) (the authority is equivalent to Annotation tag for app side)
The same is true when we use this as an interface for the app (interceptor + tagging) (intercept all requests, and process this logic if there is this tag)
It is also an interceptor when writing a tool class to save session and other information. Once intercepted, save a session (this can intercept all user requests. As for refreshing our PC side, it will be refreshed if there is an operation, we don’t need to care)
What the real user saves in the session is a place---when logging in, the interceptor (tool class) just keeps saving this thread sesson and is responsible for taking out
//In this way, the session without permission cannot be verified, and the direct copy link without session information cannot log in
Save it to the session when logging in, use a tool class to intercept and save the session (the operation of the session is superimposed (the same session)), and obtain it through this tool class,
// threadlocal can save strings or objects. When saving objects, use generic declarations. Remember to set such objects as
In this way, the current variable is saved in the current thread, and the acquisition is because the current threadLocal is obtained, and the next one is of course in the current process.
private static ThreadLocal<WebInfo> threadLocal = new NamedThreadLocal<WebInfo>("SpringWebHolder");
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
WebInfo webInfo=new WebInfo(request,response);
threadLocal.set(webInfo);
return super.preHandle(request, response, handler);
}
===================================================================
package com.esteel.until;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.core.NamedThreadLocal;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
public class SpringWebHolder extends HandlerInterceptorAdapter {
private static ThreadLocal<WebInfo> threadLocal = new NamedThreadLocal<WebInfo>("SpringWebHolder");
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
WebInfo webInfo=new WebInfo(request,response);
threadLocal.set(webInfo);
return super.preHandle(request, response, handler);
}
public static HttpServletRequest getRequest() {
return threadLocal.get().getRequest();
}
public static HttpServletResponse getResponse() {
return threadLocal.get().getResponse();
}
public static HttpSession getSession() {
return threadLocal.get().getRequest().getSession();
}
public static User getCurrentUser() {
return (User) threadLocal.get().getRequest().getSession().getAttribute("LOGIN_USER");
}
public static Employee getCurrentEmployee() {
return (Employee) threadLocal.get().getRequest().getSession().getAttribute("CURR_EMPLOYEE");
}
public static Long getCurrentPlatFormId() {
return (Long) threadLocal.get().getRequest().getSession().getAttribute("CURR_PLATFORM_ID");
}
private class WebInfo{
private HttpServletRequest request;
private HttpServletResponse response;
public WebInfo(HttpServletRequest request,HttpServletResponse response){
this.request=request;
this.response=response;
}
public HttpServletRequest getRequest() {
return this.request;
}
public HttpServletResponse getResponse() {
return this.response;
}
}
}
======================================================
For shiro, he has provided such a tool class, just call this tool class where the login is successful
The process here is the opposite: 1 tool class 2, session, 3 are saved into the user, etc. and enter the session, the above tool class is 1, the user writes session, 2, and the session is put into the tool class,
In essence, they are all threadlocal variables;
this.setSession("currentUser", user);//After successful login
/**
* Put some data into ShiroSession for use elsewhere
* @see For example Controller, you can get it directly with HttpSession.getAttribute(key) when using it
*/
private void setSession(Object key, Object value) {
Subject currentUser = SecurityUtils.getSubject();//Information of the current thread
if (null != currentUser) {
Session session = currentUser.getSession();
if (null != session) {
session.setAttribute(key, value);
}
}
}
Obtain:
Subject currentUser = SecurityUtils.getSubject();
Session session1 = currentUser.getSession();//currentUser
OpmUser user=(OpmUser) session1.getAttribute("currentUser");
=========================
In springmvc, HttpServletRequest request, HttpServletResponse response, HttpSession session, Model model and other similar context information servers will automatically pass to the jump method of mvc
@RequestMapping(value = "/account/tbCusFirmWeb/list")
public void tbConFeeList(TbCusFirmWebVo tbCusFirmWeb,Model model, HttpSession session, HttpServletRequest request)
}
@RequestMapping("/account/tbCusFirmWeb/basbedList")
public void spsxList(@RequestParam(value = "warekind_key", required = false) String warekind_key,
HttpServletRequest request,HttpServletResponse response,Model model) throws EsteelException {}