java后端实现登录功能,并用过滤器验证
登录,退出功能
登录,退出功能的逻辑思路:
* 1. 密码md5加密
* 2. 根据用户名查询数据库
* 3. 比对密码
* 4. 查看状态
* 5. 将员工的id存放到session
- 代码实现
@Slf4j
@RestController
@RequestMapping("/employee")
public class EmployeeController {
@Autowired
private EmployeeService employeeService;
@PostMapping("/login")
public R<Object> login(HttpServletRequest request, @RequestBody Employee employee){
String password = employee.getPassword();
password = DigestUtils.md5DigestAsHex(password.getBytes());
LambdaQueryWrapper<Employee> queryWrapper = new LambdaQueryWrapper<>();
queryWrapper.eq(Employee::getUsername,employee.getUsername());
Employee emp = employeeService.getOne(queryWrapper);
if(emp == null){
return R.error("登录失败!");
}
if(!emp.getPassword().equals(password)){
return R.error("登录失败!");
}
if(emp.getStatus()==0){
return R.error("账号已禁用!");
}
request.getSession().setAttribute("employee",emp.getId());
return R.success(emp);
}
@PostMapping("/logout")
public R<String> logout(HttpServletRequest request){
request.getSession().removeAttribute("employee");
return R.success("退出成功");
}
验证登录功能
完善登录功能,使没有登录的用户不能随意访问一些特定的界面
逻辑:
* 1. 过滤器实现 √
* 1.1自定义过滤器
* 1.2加入注解
* 1.3完善过滤器的逻辑
* 1.3.1获取本次请求的uri
* 1.3.2判断本次请求是否需要处理
* 1.3.3判断登录状态
* 2. 拦截器(不详细说明)
- 代码实现
@WebFilter(filterName = "loginCheckFilter",urlPatterns = "/*")
@Slf4j
public class LoginCheckFilter implements Filter {
public static final AntPathMatcher PATH_MATCHER = new AntPathMatcher();
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
String requestURI = request.getRequestURI();
log.info("拦截到请求:{}",requestURI);
String[] urls = new String[]{
"/employee/login",
"/employee/logout",
"/backend/**",
"front/**"
};
boolean check = check(urls,requestURI);
if(check){
log.info("本次请求请求{}不要处理!",requestURI);
filterChain.doFilter(request,response);
return;
}
if(request.getSession().getAttribute("employee")!=null){
log.info("用户已登录,用户id为{}",request.getSession().getAttribute("employee"));
filterChain.doFilter(request,response);
return;
}
log.info("用户未登录");
response.getWriter().write(JSON.toJSONString(R.error("NOTLOGIN")));
return;
}
public boolean check(String[] urls,String requestURI){
for (String url : urls) {
boolean match = PATH_MATCHER.match(url,requestURI);
if(match){
return true;
}
}
return false;
}
}