发表于: 2017-10-05 20:02:30
4 874
今天完成的事情:
1.完成了拦截器拦截并根据session中的信息判断用户是否登录的一个demo
控制器:
@RequestMapping(value = "/login", method = RequestMethod.POST)
public ModelAndView login(@Param("username")String username,@Param("password")String password,HttpServletRequest request,HttpServletResponse response) {
ModelAndView mv = new ModelAndView();
User realUser = null;
realUser = userService.selectUserByName(username);
if (realUser != null && realUser.getPassword().equals(password)) {
HttpSession session = request.getSession();
session.setAttribute("message", username);
mv.setViewName("loginSuccess");
mv.addObject("username", realUser.getUsername());
return mv;
} else {
mv.setViewName("loginFail");
return mv;
}
}
注:这里的判断逻辑应该写在service层
拦截设置:
<!--拦截器-->
<mvc:interceptors>
<mvc:interceptor>
<!-- 拦截所有URL中包含/u/的请求 -->
<mvc:mapping path="/u/**"/>
<bean class="cn.summerwaves.interceptor.LoginInterceptor"></bean>
</mvc:interceptor>
</mvc:interceptors>
拦截包含/u/的url
拦截器:
@Override
public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o) throws Exception {
String session = (String) httpServletRequest.getSession().getAttribute("message");
if (session == null) {
httpServletRequest.getRequestDispatcher("/skip").forward(httpServletRequest, httpServletResponse);
return false;
}else
return true;
}skipToLogin.jsp
<html>
<head>
<title>Title</title>
</head>
<body>
<a href="${ctx}/login">未登录,请登陆后查看</a>
<script>
function jumpurl(){
location='http://localhost:8080/task5/login';
}
setTimeout('jumpurl()',3000);
</script>
</body>
</html>三秒后跳转到login页
效果:
2.学习了token是什么
token是一串字符串,一般放在缓存中设置过期时间,然后每次用户访问网页时根据cookie中的token和缓存中的token校对,一致则返回已登录状态,这样大量减少了对数据库的访问,增加了数据库和网站的健壮性
剩下的工作是把写好token放在cookie中,代替上面例子的session,然后再写加密token和加密登录
3.写好了cookie的工具类:
public class CookieUtil {
private static Map<String, Cookie> ReadCooKieMap(HttpServletRequest request) {
Map<String, Cookie> cookieMap = new HashMap<String, Cookie>();
Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (Cookie cookie : cookies) {
cookieMap.put(cookie.getName(), cookie);
}
}
return cookieMap;
}
public static Cookie getCookieByName(HttpServletRequest request, String name) {
Map<String, Cookie> cookieMap = ReadCooKieMap(request);
if (cookieMap.containsKey(name)) {
Cookie cookie = cookieMap.get(name);
return cookie;
}
return null;
}
public static Cookie creatCookie(String name, String value, Integer expire) throws UnsupportedEncodingException {
Cookie cookie = new Cookie(name.trim(), URLEncoder.encode(value.trim(),"UTF-8"));
cookie.setMaxAge(expire);
cookie.setPath("/");
return cookie;
}
public static String getCookieValueByName(HttpServletRequest request,String name) throws UnsupportedEncodingException {
Cookie cookie = getCookieByName(request, name);
if (cookie != null && StringUtils.isNotBlank(cookie.getValue())) {
return URLEncoder.encode(cookie.getValue(), "UTF-8");
} else if (cookie.getValue() != null) {
return "";
} else {
return null;
}
}
public static Cookie modCookieByName(HttpServletRequest request, String name,String value, Integer expire, boolean creatd) throws UnsupportedEncodingException {
Cookie cookie = getCookieByName(request, name);
if (cookie != null) {
cookie.setMaxAge(expire);
cookie.setValue(URLEncoder.encode(value, "UTF-8"));
} else if (cookie == null){
if (creatd) {
cookie = creatCookie(name, value, expire);
}
}
return cookie;
}
}明天计划的事情:
1.写完根据根据cookie中token返回登录状态
2.学习加密
遇到的问题:
token是什么,怎么让token过期,怎么实现token
查了很久,发现资料挺少,而且写的基本上token的概念很模糊
后来发现,token就是一串字符,放到cookie中,然后向服务器校对就好了
过期的设置是将服务器上的token放在缓存中,设置token什么时候过期,不过我还没有学习缓存,所以先要放在数据库中以实现效果
收获:
1.学会了token的概念
2.学习了cookie的生成,更改,查询
3.完成了拦截器的小demo
进度:
任务5开始时间:2017.10.03
预计demo时间:2017.10.08
延期风险:无
http://task.ptteng.com/zentao/project-task-350.html
返回列表
评论