移动端请求接口,不能随意请求,必须在后端进行身份效验,我使用拦截器+Redis来实现;

1.在登录成功后,生成Token将Token传给移动端,并将Token存入Redis中;

              @Resource
              private RedisTemplate<String,Object> redisTemplate;
               //创建token
                        map.put("token",UUID);
                        //存入Redis,设置过期时间
                        redisTemplate.opsForValue().set(UUID,handsetId,14000, TimeUnit.SECONDS);

2.配置拦截器

import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.PrintWriter;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.TimeUnit;

/**
 * @Description:拦截器
 * @author: xfy
 * @date: 2019/10/14 19:29
 */
public class LoginInterceptor implements HandlerInterceptor {

    @Autowired
    protected RedisTemplate redisTemplate;
    //提供查询
    @Override
    public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3)
            throws Exception {}
    @Override
    public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, ModelAndView arg3)
            throws Exception {}
    @Override
    public boolean preHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2) throws Exception {
        //此处为不需要登录的接口放行
        if (arg0.getRequestURI().contains("/login") || arg0.getRequestURI().contains("/register") || arg0.getRequestURI().contains("/error") || arg0.getRequestURI().contains("/static")) {
            return true;
        }
        String  str = arg0.getHeader("token");
        if (redisTemplate.hasKey(str)) {//如果Redis中有key为此token的数据 放行
            redisTemplate.expire(str,14000, TimeUnit.SECONDS);
            return true;
        }else {
            //将消息放进Response中
            arg1.setCharacterEncoding("utf-8");
            arg1.setContentType("application/json; charset=utf-8");
            PrintWriter writer = arg1.getWriter();
            Map<String, String> map = new HashMap<>();
            map.put("result_code", "请重新登录");
            writer.write(map.toString());
            return  false;
        }
    }

3.创建WebConfig

import com.bbd.interceptor.LoginInterceptor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

/**
 * 使用WebMvcConfigurer可以来扩展SpringMVC的功能
 *
 * 在spring5.0之前可以继承WebMvcConfigurerAdapter此适配器进行配置,但spring5.0以后此适配器就被废弃(已被标注为@Deprecated),
 * 目前有两种解决方案,一种是直接实现WebMvcConfigurer,另一种是直接继承WebMvcConfigurationSupport,官方推荐第一种方案。
 */
@Configuration
public class WebMvcConfig implements WebMvcConfigurer {


    /**
     * @Function: 这个方法才能在拦截器中自动注入查询数据库的对象
     * @author:
     * @Date:
     */
    @Bean
    LoginInterceptor loginInterceptor() {
        return new LoginInterceptor();
    }

    /**
     * @Function: 配置生成器:添加一个拦截器,拦截路径为login以后的路径
     * @author:   YangXueFeng
     * @Date:     2019/4/14 13:10
     */
    @Override
    public void addInterceptors(InterceptorRegistry registry ){
        registry.addInterceptor(loginInterceptor()).addPathPatterns("/**").excludePathPatterns("/login", "/register", "/static");
    }

}
02-10 09:51
查看更多