如何使用token保存用户登录信息

如何使用token保存用户登录信息

1.登录成功后生产token

登录成功之后，后台生成一个token，将token保存在redis中，key是token，value是用户id，并且把token响应给前端，前端每次请求时都把token传给后台进行鉴权。生成token代码如下：

    private String logining(String account,Long userId){String token = Constants.TOKEN + Md5Util.md5(account + String.valueOf(System.currentTimeMillis())) + new Random().nextInt(1000);RedisUtils.put(token, userId, DAYS, TOKEN_TIMEOUT);return token;}

2.自定义拦截器实现鉴权

@Order(Ordered.HIGHEST_PRECEDENCE)
public class AuthorizeInterceptor extends HandlerInterceptorAdapter {@Autowiredprivate UserSysRedis userSysRedis;@Overridepublic boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)throws Exception {String accessToken = Header("access-token");String deviceId = Header("device-id");if (isNullOrEmpty(accessToken)) {throw new UnauthorizedException();}Long userId = (accessToken, Long.class);if (Objects.isNull(userId)) {throw new UnauthorizedException();}GlobalRequestContext.setUserId(userId);GlobalRequestContext.setAccessToken(accessToken);GlobalRequestContext.setDeviceId(deviceId);checkDeviceInfo(userId,deviceId);return super.preHandle(request, response, handler);}@Overridepublic void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)throws Exception {super.afterCompletion(request, response, handler, ex);}/*** 校验设备信息* @param userId 用户id* @param deviceId 设备id*/public void checkDeviceInfo(Long userId,String deviceId){if(StringUtils.isEmpty(deviceId)){return;}String key = AuthConstant.TEACHER_DEVICE_KEY+userId;//如果设备已注册到redis中，判断当前设备是否可用if(userSysRedis.hashHasKey(key,deviceId)){TeacherDeviceInfo deviceInfo = userSysRedis.hashGet(key, deviceId, new TypeReference<TeacherDeviceInfo>() {});if(Objects.isNull(deviceInfo)){return;}if(DeviceStatusEnum.ALTER_PASSWORD.DeviceStatus())){//修改密码，抛出异常throw new CustomException(UserExceptionEnum.USER_Msg(),UserExceptionEnum.USER_Code(),null);}return;}//如果未注册，则添加到redis中TeacherDeviceInfo teacherDeviceInfo = new TeacherDeviceInfo().setDeviceId(deviceId).setDeviceStatus(DeviceStatusEnum.NORMAL_STATUS);userSysRedis.hashPut(key,deviceId,teacherDeviceInfo);}
}

自定义拦截器继承HandlerInterceptorAdapter，在里面实现登录校验逻辑。逻辑是前端请求头传入token的值，后台拿到token后去redis中取，如果取到说明登录了，未取到说明没登录，跳转至登录页。

配置鉴权拦截器，交给spring管理：

/*** 教师端鉴权拦截器配置* @author liuzhihao* @date 2018/7/24*/
@Configuration
@Slf4j
public class AuthorizeConfiguration extends WebMvcConfigurerAdapter {/*** 在此处将拦截器注册成一个bean，可以在拦截器中使用@Autowired注入其它对象*/@Beanpublic AuthorizeInterceptor authorizeInterceptor(){return new AuthorizeInterceptor();}@Overridepublic void addInterceptors(InterceptorRegistry registry) {registry.addInterceptor(authorizeInterceptor()).addPathPatterns("/**/teacher-app/**").excludePathPatterns("/**/open/**");super.addInterceptors(registry);}
}

这样请求路径中只要有teacher-app都会被拦截到

3.使用

接口方法：

    @PutMapping("/teacher-app/{transferId}")public Response<SchoolClassTransfer> update(@PathVariable("transferId") Long transferId, @RequestParam Long classId,@RequestParam Integer status) {long userId = UserId();//处理业务逻辑return new Response<SchoolClassTransfer>().ok(classTransfer);}

所有请求路径中带teacher-app的都会被拦截，进行鉴权，如果鉴权通过，则可以通过UserId()取出登录用户id，鉴权不通过则抛出异常，前端跳转至登录页面。