移动端请求接口,不能随意请求,必须在后端进行身份效验,我使用拦截器+Redis来实现;
1.在登录成功后,生成Token将Token传给移动端,并将Token存入Redis中;
@Resource
private RedisTemplate<String,Object> redisTemplate;
//创建token map.put("token",UUID); //存入Redis,设置过期时间 redisTemplate.opsForValue().set(UUID,handsetId,14000, TimeUnit.SECONDS);
2.配置拦截器
import javax.servlet.ServletOutputStream; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.PrintWriter; import java.util.Date; import java.util.HashMap; import java.util.Map; import java.util.concurrent.TimeUnit; /** * @Description:拦截器 * @author: xfy * @date: 2019/10/14 19:29 */ public class LoginInterceptor implements HandlerInterceptor { @Autowired protected RedisTemplate redisTemplate; //提供查询 @Override public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3) throws Exception {} @Override public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, ModelAndView arg3) throws Exception {} @Override public boolean preHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2) throws Exception { //此处为不需要登录的接口放行 if (arg0.getRequestURI().contains("/login") || arg0.getRequestURI().contains("/register") || arg0.getRequestURI().contains("/error") || arg0.getRequestURI().contains("/static")) { return true; } String str = arg0.getHeader("token"); if (redisTemplate.hasKey(str)) {//如果Redis中有key为此token的数据 放行 redisTemplate.expire(str,14000, TimeUnit.SECONDS); return true; }else { //将消息放进Response中 arg1.setCharacterEncoding("utf-8"); arg1.setContentType("application/json; charset=utf-8"); PrintWriter writer = arg1.getWriter(); Map<String, String> map = new HashMap<>(); map.put("result_code", "请重新登录"); writer.write(map.toString()); return false; } }
3.创建WebConfig
import com.bbd.interceptor.LoginInterceptor; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; /** * 使用WebMvcConfigurer可以来扩展SpringMVC的功能 * * 在spring5.0之前可以继承WebMvcConfigurerAdapter此适配器进行配置,但spring5.0以后此适配器就被废弃(已被标注为@Deprecated), * 目前有两种解决方案,一种是直接实现WebMvcConfigurer,另一种是直接继承WebMvcConfigurationSupport,官方推荐第一种方案。 */ @Configuration public class WebMvcConfig implements WebMvcConfigurer { /** * @Function: 这个方法才能在拦截器中自动注入查询数据库的对象 * @author: * @Date: */ @Bean LoginInterceptor loginInterceptor() { return new LoginInterceptor(); } /** * @Function: 配置生成器:添加一个拦截器,拦截路径为login以后的路径 * @author: YangXueFeng * @Date: 2019/4/14 13:10 */ @Override public void addInterceptors(InterceptorRegistry registry ){ registry.addInterceptor(loginInterceptor()).addPathPatterns("/**").excludePathPatterns("/login", "/register", "/static"); } }