做网站毕业答辩会问什么,企业网站策划书范文3000字,dw个人主页模板,网页制作三剑客教程登录校验
会话技术
会话:用户打开浏览器,访问web服务器的资源,会话建立,直到有一方断开连接,会话结束.在一次会话中可以包含多次请求和响应会话跟踪:一种维护浏览器状态的方法,服务器需要识别多次请求是否来自于同一浏览器,以便在同一次会话请求间共享数据会话跟踪方案 客户端…登录校验
会话技术
会话:用户打开浏览器,访问web服务器的资源,会话建立,直到有一方断开连接,会话结束.在一次会话中可以包含多次请求和响应会话跟踪:一种维护浏览器状态的方法,服务器需要识别多次请求是否来自于同一浏览器,以便在同一次会话请求间共享数据会话跟踪方案 客户端会话跟踪技术:Cookie服务端会话跟踪技术:Session令牌技术 JWT令牌(JSON Web Token)
1. 组成
第一部分Heade头记录令牌类型算法签名等。例如{alg:HS256,type:JWT}第二部分Payload有效载荷携带一些自定义信息默认信息等等。例如{id:1,name:Tom}第三部分Signature签名防止Token被篡改确保安全性。将Header , payload , 并加入指定秘钥 , 通过指定签名算法计算而来 2. 生成/解析 Testpublic void testGenJWT(){HashMapString, Object claims new HashMap();claims.put(id,1);claims.put(name,Tom);String jwt Jwts.builder().signWith(SignatureAlgorithm.HS256, comcrn)//签名算法.setClaims(claims)//自定义内容,载荷.setExpiration(new Date(System.currentTimeMillis() 3600 * 1000))//设置有效期是一个小时.compact();System.out.println(jwt);}Test//解析public void testParseJwt(){Claims claims Jwts.parser().setSigningKey(comcrn).parseClaimsJws(eyJhbGciOiJIUzI1NiJ9.eyJuYW1lIjoiVG9tIiwiaWQiOjEsImV4cCI6MTcxNjk5NTA1Nn0.ArBnzJo8SWv1YbJIddsiH8_ZgAX_IapDf0vENI43tfo).getBody();System.out.println(claims);}
过滤器Filter
一般完成一些通用的操作 , 比如 : 登录校验 , 统一编码处理 , 敏感字符处理等 .
1. 快速入门
1.1. 定义Filter:定义一个类,实现Filter接口,并重写其所有方法
package com.crn.filter;import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import java.io.IOException;WebFilter(urlPatterns /*)
public class DemoFilter implements Filter {Override //初始化方法,只调用一次public void init(FilterConfig filterConfig) throws ServletException {Filter.super.init(filterConfig);}Override //拦截到请求之后调用,调用多次public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {//放行filterChain.doFilter(servletRequest,servletResponse);}Override//销毁方法,只调用一次public void destroy() {Filter.super.destroy();}
}1.2. 配置Filter:Filter配置类上加WebFilter注解,配置资源拦截的路劲.引导类加上ServletComponentScan开启支持Servlet组件
package com.crn;import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.web.servlet.ServletComponentScan;ServletComponentScan
SpringBootApplication
public class SpringbootTliasYbApplication {public static void main(String[] args) {SpringApplication.run(SpringbootTliasYbApplication.class, args);}}dependencygroupIdio.jsonwebtoken/groupIdartifactIdjjwt/artifactIdversion0.9.1/version/dependency
2. 过滤器链
注解配置的Filter,优先级是按照过滤器类名(字符串)的自然排序
3. 登录校验流程
package com.crn.filter;import com.alibaba.fastjson.JSONObject;
import com.crn.pojo.Result;
import com.crn.utils.JwtUtils;
import lombok.extern.slf4j.Slf4j;
import org.springframework.util.StringUtils;import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;Slf4j
WebFilter(urlPatterns /*)
public class LoginCheckFilter implements Filter {Overridepublic void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {HttpServletRequest req (HttpServletRequest) servletRequest;HttpServletResponse resp (HttpServletResponse) servletResponse;//1.获取请求urlString url req.getRequestURL().toString();log.info(url:{}, url);//2.判断URL中是否包含login,如果包含,说明是登录操作,放行if(url.contains(login)){log.info(登录操作,放行);filterChain.doFilter(servletRequest, servletResponse);return;}//3.获取请求头中的令牌String jwt req.getHeader(token);//4.判断令牌是否存在if(!StringUtils.hasLength(jwt)){//令牌不存在,说明用户没有登录,返回错误信息log.info(令牌不存在,请先登录);Result error Result.error(NOT_LOGIN);//手动转换 对象--json ----阿里巴巴fastJSONString jsonString JSONObject.toJSONString(error);resp.getWriter().write(jsonString);return ;}//5.解析token,如果解析失败,返回错误结果try {JwtUtils.parseJWT(jwt);} catch (Exception e) { //解析失败e.printStackTrace();log.info(令牌解析失败);Result error Result.error(NOT_LOGIN);//手动转换 对象--json ----阿里巴巴fastJSONString jsonString JSONObject.toJSONString(error);resp.getWriter().write(jsonString);return ;}//6.放行log.info(令牌合法,放行);filterChain.doFilter(servletRequest, servletResponse);}
}拦截器Interceptor
spring框架提供的,用来动态拦截控制器方法的执行
1. 快速入门
1.1. 定义拦截器,实现HandlerInterceptor接口,并从写其方法
package com.crn.interceptor;import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;Component
public class LoginCheckInterceptor implements HandlerInterceptor {Override //目标资源方法运行前运行,返回为true,代表放行;返回值为false,代表拦截public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {System.out.println(preHandle运行了...);return true;}Override //目标资源方法运行后运行public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {System.out.println(postHandle运行了...);}Override //视图渲染完毕后运行,最后运行public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {System.out.println(afterCompletion运行了...);}
}
1.2. 定义拦截器
package com.crn.config;import com.crn.interceptor.LoginCheckInterceptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
Configuration
public class WebConfig implements WebMvcConfigurer {Autowiredprivate LoginCheckInterceptor loginCheckInterceptor;Override //注册拦截器public void addInterceptors(InterceptorRegistry registry) {registry.addInterceptor(loginCheckInterceptor).addPathPatterns(/**);}
}2. 详解 3. 登录校验流程
package com.crn.interceptor;import com.alibaba.fastjson.JSONObject;
import com.crn.pojo.Result;
import com.crn.utils.JwtUtils;
import lombok.extern.slf4j.Slf4j;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
Slf4j
Component
public class LoginCheckInterceptor implements HandlerInterceptor {Override //目标资源方法运行前运行,返回为true,代表放行;返回值为false,代表拦截public boolean preHandle(HttpServletRequest req, HttpServletResponse resp, Object handler) throws Exception {//1.获取请求urlString url req.getRequestURL().toString();log.info(url:{}, url);//2.判断URL中是否包含login,如果包含,说明是登录操作,放行if(url.contains(login)){log.info(登录操作,放行);return true;}//3.获取请求头中的令牌String jwt req.getHeader(token);//4.判断令牌是否存在if(!StringUtils.hasLength(jwt)){//令牌不存在,说明用户没有登录,返回错误信息log.info(令牌不存在,请先登录);Result error Result.error(NOT_LOGIN);//手动转换 对象--json ----阿里巴巴fastJSONString jsonString JSONObject.toJSONString(error);resp.getWriter().write(jsonString);return false;}//5.解析token,如果解析失败,返回错误结果try {JwtUtils.parseJWT(jwt);} catch (Exception e) { //解析失败e.printStackTrace();log.info(令牌解析失败);Result error Result.error(NOT_LOGIN);//手动转换 对象--json ----阿里巴巴fastJSONString jsonString JSONObject.toJSONString(error);resp.getWriter().write(jsonString);return false;}//6.放行log.info(令牌合法,放行);return true;}Override //目标资源方法运行后运行public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {System.out.println(postHandle运行了...);}Override //视图渲染完毕后运行,最后运行public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {System.out.println(afterCompletion运行了...);}
}过滤器与拦截器的区别 接口规范不同:过滤器需要实现Filter接口,二拦截器需要实现HandleInterceptor接口拦截范围不同:过滤器Filer会拦截所有资源,而Interceptor只会拦截进入Spring环境中的资源
异常处理器
package com.crn.exception;import com.crn.pojo.Result;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.RestControllerAdvice;/*** 全局异常处理器*/
RestControllerAdvice
public class GlobalExceptionHandler {ExceptionHandler(Exception.class) //捕获所有异常public Result ex(Exception e){e.printStackTrace();return Result.error(对不起,操作失败,请联系管理员);}
}
