SpringBoot29 登录逻辑、登录状态判断
1 知识点扫盲
浏览器和服务器之间时通过session来确定连接状态的,浏览器第一次请求时服务端会自动生成一个session,并将这个sessionId传回给浏览器,浏览器将这个sessionId存放在cookie中,下一次浏览器访问服务器时就会将这个sessionId以cookie的形式传递到服务器,服务器接送到这个sessionId后就可以判断发送这个请求的浏览器之前是否访问过。
在进行登录认证逻辑时,通常会在登录认证成功后将用户信息保存到session中;整个系统会对出登录和登出操作之外的请求进行拦截,在拦截器中会判断session中是否有用户的数据,如果有就跳转到controller层执行对应的请求,如果没有就直接返回一个提示信息。(PS: 每个客户端第一次访问服务器时服务端都会自动创建一个session)
2 基于SpringBoot的登录状态判断
2.1 整体流程图
2.2 代码实现
2.2.1 创建一个SpringBoot
利用IDEA创建一个SpringBoot项目,只引入web模块
2.2.2 创建一个拦截器
拦截出登录请求以外的所有请求,通过判断session是否有用户信息来判断登录状态
package com.xunyji.springboot_login_session.interceptor; import lombok.extern.slf4j.Slf4j; import org.springframework.lang.Nullable; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; /** * @author 王杨帅 * @create 2018-09-11 21:31 * @desc 登录状态拦截器 **/ @Slf4j public class LoginInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { log.info("==========登录状态拦截"); HttpSession session = request.getSession(); log.info("sessionId为:" + session.getId()); // 获取用户信息,如果没有用户信息直接返回提示信息 Object userInfo = session.getAttribute("userInfo"); if (userInfo == null) { log.info("没有登录"); response.getWriter().write("Please Login In"); return false; } else { log.info("已经登录过啦,用户信息为:" + session.getAttribute("userInfo")); } return true; } @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable ModelAndView modelAndView) throws Exception { } @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable Exception ex) throws Exception { } }
2.2.3 添加拦截器
package com.xunyji.springboot_login_session.config; import com.xunyji.springboot_login_session.interceptor.LoginInterceptor; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; /** * @author 王杨帅 * @create 2018-09-11 21:35 * @desc **/ @Configuration public class LoginConfig implements WebMvcConfigurer { @Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(new LoginInterceptor()) .addPathPatterns("/**") .excludePathPatterns("/test/login"); } }
2,2.4 测试控制层
package com.xunyji.springboot_login_session.controller; import lombok.extern.slf4j.Slf4j; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RestController; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; /** * @author 王杨帅 * @create 2018-09-11 21:17 * @desc **/ @RestController @RequestMapping(value = "/test") @Slf4j public class TestController { @GetMapping(value = "/test01") public String test01() { String info = "测试01"; log.info(info); return info; } @GetMapping(value = "/test02") public String test02() { String info = "test02"; log.info(info); return info; } /** * 登录逻辑 * @param name 用户名 * @param pwd 用户密码 * @param request * @return */ @GetMapping(value = "/login") public String login( @RequestParam(value = "name") String name, @RequestParam(value = "pwd") String pwd, HttpServletRequest request ) { String info = "登录逻辑"; log.info(info); // 登录认证,认证成功后将用户信息放到session中 if (name.equals("fury") && pwd.equals("111111")) { request.getSession().setAttribute("userInfo", name + " - " + pwd); info = "登录成功"; } else { info = "登录失败"; } log.info(info); return info; } /** * 登出操作 * @param request * @return */ @GetMapping(value = "/loginout") public String loginout(HttpServletRequest request) { String info = "登出操作"; log.info(info); HttpSession session = request.getSession(); // 将用户信息从session中删除 session.removeAttribute("userInfo"); Object userInfo = session.getAttribute("userInfo"); if (userInfo == null) { info = "登出成功"; } else { info = "登出失败"; } log.info(info); return info; } }
3 代码汇总