登錄鑒權:1. 用戶名+密碼 登錄請求2. 後臺接收登錄請求,生成ToKen(用戶名/密碼正確) 返回token3. 請求其他api 都帶上token,後臺校驗token是否存在/過期 後臺代碼如下:登錄/登出 @RestController@RequestMappingclass AuthCont ...
登錄鑒權:
1. 用戶名+密碼 登錄請求
2. 後臺接收登錄請求,生成ToKen(用戶名/密碼正確) 返回token
3. 請求其他api 都帶上token,後臺校驗token是否存在/過期
後臺代碼如下:
登錄/登出 --------------
@RestController
@RequestMapping
class AuthController {
@Autowired
private lateinit var tokenService: TokenService
@Autowired
private lateinit var appUserService: AppUserService
@PostMapping(value = ["/auth/login"])
fun login(username: String, password: String,
request: HttpServletRequest): RestResponse<Any> {
val predicate = Predicate.eq("username", username).eq("password", password)
val user = appUserService.findOne(predicate) ?: return RestResponse(1, "用戶不存在")
// 生成一個 token,保存用戶登錄狀態
val tokenModel = tokenService.createToken(user.userId, user.nickname, Utils.getIp(request))
return RestResponse(0, mapOf(
"user" to user,
"token" to tokenModel.token,
"roles" to arrayOf("admin")))
}
@PostMapping(value = ["/auth/logout"])
fun logout(@RequestAttribute tokenModel: TokenModel): RestResponse<Any> {
tokenService.deleteToken(tokenModel.token)
return RestResponse(0, "success")
}
}
-----配置攔截器---------------------------
WebAppConfigurer.kt
override fun addInterceptors(registry: InterceptorRegistry) {
registry.addInterceptor(authInterceptor())
.excludePathPatterns("/auth/**")
.excludePathPatterns("/rest/**")
}
@Bean
fun authInterceptor(): AuthInterceptor {
return AuthInterceptor()
}
攔截器-------------------------------
@Component
class AuthInterceptor : HandlerInterceptorAdapter() {
@Autowired
private lateinit var tokenService: TokenService
@Throws(Exception::class)
override fun preHandle(request: HttpServletRequest, response: HttpServletResponse, handler: Any): Boolean {
//從header中得到token
val token = request.getHeader("x-token")
//驗證token
val tokenModel = tokenService.checkToken(token)
if (tokenModel != null) {
//如果token驗證成功,將token對應的用戶id存在request中,便於之後註入
request.setAttribute("tokenModel", tokenModel)
return true
}
//如果驗證token失敗,返回401錯誤
response.status = HttpServletResponse.SC_UNAUTHORIZED
return false
}
}