vue+axios+springmvc身份驗證

后臺用的是基于Token 的身份驗證——JWT(json web token)

1.maven 配置 在pom.xml 中加入如下代碼

    <dependency>
      <groupId>com.auth0</groupId>
      <artifactId>java-jwt</artifactId>
      <version>2.2.0</version>
    </dependency>

2.新建JWT.java文件(此處我是放到com.demo.filter包下)

    package com.demo.filter;

    import com.auth0.jwt.JWTSigner;
    import com.auth0.jwt.JWTVerifier;
    import com.auth0.jwt.internal.com.fasterxml.jackson.databind.ObjectMapper;

    import java.util.HashMap;
    import java.util.Map;

    public class JWT {
        private static final String SECRET = "XX#$%()(#*!()!KL<><MQLMNQNQJQK sdfkjsdrow32234545fdf>?N<:{LWPW";

        private static final String EXP = "exp";

        private static final String PAYLOAD = "payload";

        //加密,傳入一個對象和有效期
        public static <T> String sign(T object, long maxAge) {
            try {
                final JWTSigner signer = new JWTSigner(SECRET);
                final Map<String, Object> claims = new HashMap<String, Object>();
                ObjectMapper mapper = new ObjectMapper();
                String jsonString = mapper.writeValueAsString(object);
                claims.put(PAYLOAD, jsonString);
                claims.put(EXP, System.currentTimeMillis() + maxAge);
                return signer.sign(claims);
            } catch(Exception e) {
                return null;
            }
          }

        //解密,傳入一個加密后的token字符串和解密后的類型
        public static<T> T unsign(String jwt, Class<T> classT) {
            final JWTVerifier verifier = new JWTVerifier(SECRET);
            try {
                final Map<String,Object> claims= verifier.verify(jwt);
                if (claims.containsKey(EXP) && claims.containsKey(PAYLOAD)) {
                    long exp = (Long)claims.get(EXP);
                    long currentTimeMillis = System.currentTimeMillis();
                    if (exp > currentTimeMillis) {
                        String json = (String)claims.get(PAYLOAD);
                        ObjectMapper objectMapper = new ObjectMapper();
                        return objectMapper.readValue(json, classT);
                    }
                }
                return null;
            } catch (Exception e) {
                return null;
            }
        }
    }

3.登錄時,生成token并傳遞給前臺(ResponseData 類在頁末貼出;此處不一定要像下面這種寫法,關(guān)鍵是要看生成token那里)

    //處理登錄
@RequestMapping(value="/login.do", produces = "application/json; charset=utf-8")
public @ResponseBody
ResponseData login(String userName, String password, HttpServletRequest request, HttpServletResponse response) throws Exception{
    response.setCharacterEncoding("UTF-8");
    request.setCharacterEncoding("UTF-8");
    ResponseData responseData = ResponseData.ok();
    try{
        //先到數(shù)據(jù)庫驗證(這一步根據(jù)自己的代碼邏輯來實現(xiàn))
        User user = service.findUserByNameAndPassword(userName.trim(),CommUtil.generateMD5Str(password));
        if(null != user) {
            //給用戶jwt加密生成token  這里是關(guān)鍵,生成了token 后,怎么給前臺返回,那可以用你自己的方法;
            String token = JWT.sign(user, 60L* 1000L* 30L);
            //封裝成對象返回給客戶端
            responseData.putDataValue("token", token);
            responseData.putDataValue("user", user);
        }
        else{
            responseData =  ResponseData.customerError();
        }
    }catch (Exception e){
        e.printStackTrace();
    }
    return responseData;
}

4.寫一個攔截;攔截訪問的請求

    package com.demo.util;

    import com.alibaba.fastjson.JSONObject;
    import com.demo.bean.User;
    import com.demo.filter.JWT;
    import org.springframework.web.servlet.HandlerInterceptor;
    import org.springframework.web.servlet.ModelAndView;

    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    import java.io.PrintWriter;

    public class TokenInterceptor implements HandlerInterceptor {
        public void afterCompletion(HttpServletRequest request,
                            HttpServletResponse response, Object handler, Exception arg3)
                throws Exception {
        }

        public void postHandle(HttpServletRequest request, HttpServletResponse response,
                       Object handler, ModelAndView model) throws Exception {
        }

        //攔截每個請求
        public boolean preHandle(HttpServletRequest request, HttpServletResponse response,
                         Object handler) throws Exception {
            response.setCharacterEncoding("utf-8");
            //此處是前臺將token和loginId 放到了headers里面,后來來獲取并處理
            String token = request.getHeader("X-Token");
            String loginId = request.getHeader("X-LoginId");
            ResponseData responseData = ResponseData.ok();
            //token不存在
            if(null != token) {
                User user = JWT.unsign(token, User.class);
                //解密token后的loginId與用戶傳來的loginId不一致,一般都是token過期
                if(null != loginId && null != user) {
                    if(Integer.parseInt(loginId) == user.getId()) {
                        return true;
                    }
                    else{
                        responseData = ResponseData.forbidden();
                        responseMessage(response, response.getWriter(), responseData);
                        return false;
                    }
                }
                else
                {
                    responseData = ResponseData.forbidden();
                    responseMessage(response, response.getWriter(), responseData);
                    return false;
                }
            }
            else
            {
                responseData = ResponseData.forbidden();
                responseMessage(response, response.getWriter(), responseData);
                return false;
            }
        }

        //請求不通過,返回錯誤信息給客戶端
        private void responseMessage(HttpServletResponse response, PrintWriter out, ResponseData responseData) {
            responseData = ResponseData.forbidden();
            response.setContentType("application/json; charset=utf-8");
            String json = JSONObject.toJSONString(responseData);
            out.print(json);
            out.flush();
            out.close();
        }
    }

5.spring-mvc.xml中配置攔截

     <mvc:interceptors>
          <mvc:interceptor>
                <!-- 匹配的是url路徑, 如果不配置或/**,將攔截所有的Controller -->
                <mvc:mapping path="/**" />
                <!-- /register.do 和 /login.do 不需要攔截(這里根據(jù)項目具體需求來配置)-->
                <mvc:exclude-mapping path="/register.do" />
                <mvc:exclude-mapping path="/login.do" />
                <bean class="com.demo.util.TokenInterceptor"></bean>
          </mvc:interceptor>
    <!-- 當設(shè)置多個攔截器時,先按順序調(diào)用preHandle方法,然后逆序調(diào)用每個攔截器的postHandle和afterCompletion方法 -->
    </mvc:interceptors>

6.后臺攔截已經(jīng)做完,接下來是前端vue+axios 配置了

在main.js中對axios進行配置

import Vue from 'vue'
import axios from 'axios'
Vue.prototype.axios = axios
// 請求時的攔截
axios.interceptors.request.use(function (config) {
    // 發(fā)送請求之前做一些處理
    //在登錄的時候,后臺會將token和loginId傳遞過來,拿到值以后,用localStorage.setItem("jwt",JSON.stringify(data));存起來
    let storageData = localStorage.getItem("jwt");
    if(storageData){
        storageData = JSON.parse(storageData);
        let  token = storageData.token,
             loginId = storageData.loginId;
        config.headers['X-Token'] = token;
        config.headers['X-LoginId'] = loginId;
    }
    return config;
  }, function (error) {
    // 當請求異常時做一些處理
    return Promise.reject(error);
  });
  // 響應(yīng)時攔截
axios.interceptors.response.use(function (response) {
    // 返回響應(yīng)時做一些處理
    console.log("返回的數(shù)據(jù)",response);
    return response;
  }, function (error) {
    // 當響應(yīng)異常時做一些處理
    return Promise.reject(error);
  });

7.附上ResponseData 代碼

    package com.demo.util;

    import java.util.HashMap;
    import java.util.Map;

    public class ResponseData {
        private final String message;
        private final int code;
        private final Map<String, Object> data = new HashMap<String, Object>();

        public String getMessage() {
            return message;
        }

        public int getCode() {
            return code;
        }

        public Map<String, Object> getData() {
            return data;
        }

        public ResponseData putDataValue(String key, Object value) {
            data.put(key, value);
            return this;
        }

        private ResponseData(int code, String message) {
            this.code = code;
            this.message = message;
        }

        public static ResponseData ok() {
            return new ResponseData(200, "Ok");
        }

        public static ResponseData notFound() {
            return new ResponseData(404, "Not Found");
        }

        public static ResponseData badRequest() {
            return new ResponseData(400, "Bad Request");
        }

        public static ResponseData forbidden() {
            return new ResponseData(403, "Forbidden");
        }

        public static ResponseData unauthorized() {
            return new ResponseData(401, "unauthorized");
        }

        public static ResponseData serverInternalError() {
            return new ResponseData(500, "Server Internal Error");
        }

       public static ResponseData customerError() {
            return new ResponseData(1001, "customer Error");
        }
    }
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時請結(jié)合常識與多方信息審慎甄別。
平臺聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點,簡書系信息發(fā)布平臺,僅提供信息存儲服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

  • Spring Cloud為開發(fā)人員提供了快速構(gòu)建分布式系統(tǒng)中一些常見模式的工具(例如配置管理,服務(wù)發(fā)現(xiàn),斷路器,智...
    卡卡羅2017閱讀 136,554評論 19 139
  • 在分布式環(huán)境中,如何支持PC、APP(ios、android)等多端的會話共享,這也是所有公司都需要的解決方案,用...
    安琪拉_4b7e閱讀 1,840評論 2 7
  • Spring Boot 參考指南 介紹 轉(zhuǎn)載自:https://www.gitbook.com/book/qbgb...
    毛宇鵬閱讀 47,272評論 6 342
  • 1. 微服務(wù)架構(gòu)介紹 1.1 什么是微服務(wù)架構(gòu)? 形像一點來說,微服務(wù)架構(gòu)就像搭積木,每個微服務(wù)都是一個零件,并使...
    靜修佛緣閱讀 6,813評論 0 39
  • 外婆的道歉信 尼羅河的慘案
    爺非傻蛋閱讀 212評論 0 0

友情鏈接更多精彩內(nèi)容