JAVA 用户登录后token验证
JAVA 用户登录后token验证
- 此例使用的是数据库存token, 如果使用redis更佳
一、注解接口是否需要验证token
- IgnoreAuth.java
import java.lang.annotation.*;
/**
* 忽略Token验证
* @author chenshun
* @email sunlightcs@gmail.com
* @date 2017-03-23 15:44
*/
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface IgnoreAuth {
}
类方法上接此注解, 不需要验证token, 相反则验证
二、拦截器配置
public static final String LOGIN_USER_KEY = "LOGIN_USER_KEY";
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
IgnoreAuth annotation;
if(handler instanceof HandlerMethod) {
annotation = ((HandlerMethod) handler).getMethodAnnotation(IgnoreAuth.class);
}else{
return true;
}
//如果有@IgnoreAuth注解,则不验证token
if(annotation != null){
return true;
}
//从header中获取token
String token = request.getHeader("token");
//如果header中不存在token,则从参数中获取token
if(StringUtils.isBlank(token)){
token = request.getParameter("token");
}
//token为空
if(StringUtils.isBlank(token)){
this.returnResponse(response, "token不能为空");
}
//查询token信息
TokenEntity tokenEntity = tokenService.queryByToken(token);
if(tokenEntity == null || tokenEntity.getExpireTime().getTime() < System.currentTimeMillis()){
this.returnResponse(response, "token失效,请重新登录");
}
//设置userId到request里,后续根据userId,获取用户信息
request.setAttribute(LOGIN_USER_KEY, tokenEntity.getUserId());
return true;
}
public void returnResponse(HttpServletResponse response, String msg){
Result result = ResultUtil.error(msg);
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json; charset=utf-8");
PrintWriter out = null;
try {
out = response.getWriter();
out.append(JSON.toJSONString(result));
} catch (IOException e) {
e.printStackTrace();
} finally {
if (out != null) {
out.close();
}
}
}
用到的Result.java以及ResultUtil.java
public class Result<T>{
private String code;//状态码
private String msg;//信息
private Object data;//数据
public String getCode() {
return code;
}
public void setCode(String code) {
this.code = code;
}
public String getMsg() {
return msg;
}
public void setMsg(String msg) {
this.msg = msg;
}
public Object getData() {
return data;
}
public void setData(Object data) {
this.data = data;
}
}
public class ResultUtil {
//当正确时返回的值
public static Result success(Object data){
Result result = new Result();
result.setCode("0000");
result.setMsg("OK");
result.setData(data);
return result;
}
public static Result success(){
return success(null);
}
//当错误时返回的值
public static Result error(String code,String msg) {
Result result = new Result();
result.setCode(code);
result.setMsg(msg);
return result;
}
//当错误时返回的值
public static Result error(String msg) {
Result result = new Result();
result.setMsg(msg);
result.setCode("0001");
return result;
}
}
三、登陆接口
/**
* 登录
*/
@IgnoreAuth
@PostMapping("login")
public Result login(String mobile, String password){
//用户登录
long userId = userService.login(mobile, password);
//生成token
//生成一个token
String token = UUID.randomUUID().toString();
//当前时间
Date now = new Date();
//过期时间
Date expireTime = new Date(now.getTime() + EXPIRE * 1000);
//判断是否生成过token
TokenEntity tokenEntity = queryByUserId(userId);
if(tokenEntity == null){
tokenEntity = new TokenEntity();
tokenEntity.setUserId(userId);
tokenEntity.setToken(token);
tokenEntity.setUpdateTime(now);
tokenEntity.setExpireTime(expireTime);
//保存token
save(tokenEntity);
}else{
tokenEntity.setToken(token);
tokenEntity.setUpdateTime(now);
tokenEntity.setExpireTime(expireTime);
//更新token
update(tokenEntity);
}
Map<String, Object> map = new HashMap<>();
map.put("token", token);
map.put("expire", EXPIRE);
return ResultUtil.success(map);
}

微信扫一扫,向我赞赏

支付宝扫一扫,向我赞赏