代码摘出来了做了一下笔记
,更多是思路,因为包含一些业务信息,复制粘贴适配率很低,做好准备在读
当然这个适合初期的登录和退出功能,后续可以改为shiro等,那都是后话
不忙了,梳理一下使用思路总结:
- MVC拦截器拦截以后交给指定拦截器处理
- 登录时候,根据账号密码验证一下,
- 如果验证存在这个账号,且无禁用状态
- 就将ID通过Beas64加密一下然后放cookie中
- 然后接着判断账号内置的字段是否包含某个字段,来判断权限是否放行
- 验证
- 先去session中查看是否含有登录信息(),
- 如果没有就去cookie里面查看是否有登录ID,有的话查询一下账号所有信息放session中
- 后续请求 验证直接去session取账号信息,然后权限判断
package com.***;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import com.***.ManageInterceptor;
@Configuration
public class WebMvcConfig implements WebMvcConfigurer{
@Bean
ManageInterceptor ManageInterceptor() {
return new ManageInterceptor();
}
/**
* 添加拦截器
* @param registry
*/
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(ManageInterceptor()) //指定拦截器类
.addPathPatterns("/**")
.excludePathPatterns("/login", "/submitLogin", "/lib/**", "/kindeditor/**");
}
}
附上拦截类
package com.***.interceptor;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.util.StringUtils;
import org.springframework.web.servlet.HandlerInterceptor;
import com.***.CryptoUtil;
import com.***.manage.AdminHelper;
import com.***.manage.Constants;
import com.***.manage.service.AdminService;
import com.**.model.Admin;
/*
* author: hua
*/
public class ManageInterceptor implements HandlerInterceptor {
@Autowired
private AdminService adminService;
//在请求处理之前进行调用(Controller方法调用之前
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object o) throws Exception {
request.setAttribute("path", request.getRequestURI());
String path = request.getRequestURI().substring(1);
int n = path.indexOf("/");
//拿到url路径,一会判断使用
String module = n > 0 ? path.substring(0, n) : "index";
request.setAttribute("module", module);
//第一次访问,会根据cookie判断是否登录,登录以后就放session里面
//如果第二次访问,就会有session信息了
//ps:Constants是自己定义的枚举类
Admin loginAdmin = (Admin) request.getSession().getAttribute(Constants.ADMIN_SESSIONID);
if(loginAdmin == null){
String adminstr = "";
Cookie[] cookies = request.getCookies();
if(null!=cookies){
for(Cookie cookie : cookies){
if(Constants.ADMIN_COOKIEID.equals(cookie.getName())){
adminstr = cookie.getValue();
if (adminstr != null)
break;
}
}
if(!StringUtils.isEmpty(adminstr)){
//根据cookie的value值base65解码得到ID
int adminId = Integer.parseInt( CryptoUtil.decryptDES(Constants.ADMIN_KEY, adminstr) );
//根据ID查询,得到账号的所有信息
loginAdmin = adminService.selectAdminById(adminId);
}
}
if (loginAdmin != null) {
//如果账号存在,就放session里面,以后都省的去Cookie查了
request.getSession().setAttribute(Constants.ADMIN_SESSIONID, loginAdmin);
//调用下面的方法
return goOn(loginAdmin, module, request, response);
} else {
response.sendRedirect("/login");
return false;
}
} else {
return goOn(loginAdmin, module, request, response);
}
}
//goON方法略,业务内容:
//(admin的权限字段).contains(截取的路径) 匹配判断是否能进入程序,return boolean
private boolean goOn(Admin admin, String module, HttpServletRequest request, HttpServletResponse response)
}
更新一下把登录登出代码也记一下
@RequestMapping(value = "/login")
public ModelAndView login(){
return new ModelAndView("/login");
}
@RequestMapping(value = "submitLogin", method = RequestMethod.POST)
@ResponseBody
public ModelAndView submitLogin(Admin entity,
Boolean rememberMe,
HttpServletRequest request,
HttpServletResponse response) throws Exception {
//给admin字段设置一下登录IP ,如果验证成功就顺便插一条日志
entity.setLoginIp( RequestUtil.getRealIP(request) );
ModelAndView model=new ModelAndView();
//判断账号密码是否正确
//jsonResult自定义类,里面有个状态码和 T data
JsonResult<Admin> result=adminService.login(entity,request);
//状态码200就是成功 业务自己定义的200
if(result.getErrCode()==200) {
Admin admin = result.getData();
if (admin.getState() == 0) {//账号是启用的
// 设置Cookie
//将ID 64加密以后 放入cookie中
Cookie cookie = new Cookie(Constants.ADMIN_COOKIEID, CryptoUtil.encryptDES(Constants.ADMIN_KEY, admin.getId().toString()));
response.addCookie(cookie);
model.addObject("result",result);
model.setViewName("redirect:/index");;
} else {//账号禁用
model.setViewName("/login");
result.setErrCode(-1);
result.setErrMsg("此管理员已禁用。");
model.addObject("result",result);
}
}else {
model.setViewName("/login");
model.addObject("result",result);
}
model.addObject("loginName",entity.getLoginName());
model.addObject("password",entity.getLoginPassword());
return model;
}
@RequestMapping(value = "logout", method = RequestMethod.GET)
@ResponseBody
public ModelAndView logout(
HttpServletRequest request,
HttpServletResponse response) {
Admin admin = (Admin)request.getSession().getAttribute(Constants.ADMIN_SESSIONID);
request.getSession().invalidate();
Cookie[] cookies = request.getCookies();
if(null!=cookies){
for(Cookie cookie : cookies){
if(Constants.ADMIN_COOKIEID.equals(cookie.getName())){
cookie.setValue(null);
cookie.setMaxAge(-1);
cookie.setPath("/");
response.addCookie(cookie);
break;
}
}
}
ModelAndView model=new ModelAndView();
model.setViewName("redirect:/index");
return model;
}
JsonResult是自己封装的类