springMVC使用ehcache实现简单的单点登录
2017-01-22 17:29
381 查看
只要解决了以上的问题,达到了开头讲得效果就可以说是SSO。最简单实现SSO的方法就是用Cookie,实现流程如下所示
以下是代码部份
package com.qj.sso.controller;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.converter.json.MappingJacksonValue;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import com.qj.bean.User;
import com.qj.bean.UserOpenid;
import com.qj.contants.ApiContants;
import com.qj.sms.SmsAct;
import com.qj.sso.annotation.MySign;
import com.qj.sso.service.UserOpenidService;
import com.qj.sso.service.UserService;
import com.qj.utils.CookieUtils;
import com.qj.utils.EhcacheUtil;
import com.qj.utils.ExceptionUtil;
import com.qj.utils.HttpClientUtil;
import com.qj.utils.JsonUtils;
import com.qj.utils.MD5Utils;
import com.qj.utils.StringCodeHelper;
import com.qj.utils.StringHelper;
import com.qj.utils.VrResult;
/***
* 登录
* @author HZW
*
*/
@Controller
public class UserController {
private static Logger log = LoggerFactory.getLogger(UserController.class);
@Autowired
private UserService service;
@Autowired
private UserOpenidService uoService;
@Value("${ACCOUNTSID}")
private String accountSid;
@Value("${TOKEN}")
private String token;
@Value("${APPID}")
private String appId;
@Value("${TEMPLATEID}")
private String templateId;
@Value("${vrstoreUrl}")
private String vrstoreUrl;
@Value("${KEY}")
private String key;
@Value("${webSite}")
private String webSite;
/***
* 测试集群缓存同步
* @return
*/
@RequestMapping(value="/test/sso",method=RequestMethod.GET)
public Object test(){
//把用户信息写入ehcache
//EhcacheUtil.put("org.news.pojo.News",ApiContants.USER_SESSIONID_KEY,":xxxxxxxx123213");
//Object object = EhcacheUtil.get("org.news.pojo.News",ApiContants.USER_SESSIONID_KEY);
//System.out.println(object.toString()+">>>");
return "请求成功";
}
/***
* 登录
*
* @return
*/
@RequestMapping(value="/loginsubmit")
@ResponseBody
public Object loginsubmit(@RequestBody User u,HttpServletRequest request, HttpServletResponse response,String callback){
VrResult result=null;
if(!MD5Utils.MD5(u.getData()+key).equals(u.getSign())){
return VrResult.build(400,"签名异常!");
}
if(u.getLoginType().equals("phone")){//账号密码
result=loginPhone(u,request,response);
}
if(u.getLoginType().equals("1")){//QQ
result=loginApi(u,request,response);
}
if(u.getLoginType().equals("2")){//微信登录
System.out.println();
result=loginApi(u,request,response);
}
if(u.getLoginType().equals("3")){//微博
result=loginApi(u,request,response);
}
if (null != callback) {
MappingJacksonValue mappingJacksonValue = new MappingJacksonValue(result);
mappingJacksonValue.setJsonpFunction(callback);
return mappingJacksonValue;
} else {
System.out.println(result.toString());
return result;
}
}
/***
* 账号密码登录
* @param req
* @param request
* @param response
* @return
*/
public VrResult loginPhone(User req,HttpServletRequest request, HttpServletResponse response){
try {
if(StringHelper.isNotNull(req.getUsername()) && StringHelper.isNotNull(req.getPassword())){
User user = service.findByUsername(req.getUsername());
//如果没有此用户名
if (null== user) {
return VrResult.build(400, "用户名不存在");
}
//比对密码
if (!user.getPassword().equals(MD5Utils.MD5(req.getPassword()))) {
return VrResult.build(400, "用户名或密码错误");
}
//生成token
String token =UUID.randomUUID().toString();
//保存用户之前,把用户对象中的密码清空。
user.setPassword(null);
user.setRegisterTime(null);
//把用户信息写入ehcache
EhcacheUtil.put(ApiContants.EHCZCHE_NAME,ApiContants.USER_SESSIONID_KEY+":"+token,JsonUtils.objectToJson(user));
//添加写cookie的逻辑,cookie的有效期是关闭浏览器就失效。
log.info(token);
user.setToken(token);
CookieUtils.setCookie(request, response, "VR_TOKEN", token);
return VrResult.build(200,"登录成功",JsonUtils.objectToJson(user));
}else{
log.info("用户名或密码不能为空!");
return VrResult.build(400, "用户名或密码不能为空!");
}
} catch (Exception e) {
e.printStackTrace();
return VrResult.build(500, ExceptionUtil.getStackTrace(e));
}
}
/***
* 第三方 登录
* @param req
* @param request
* @param response
* @return
*/
public VrResult loginApi(User req,HttpServletRequest request, HttpServletResponse response){
try {
Map<String,Object> map=new HashMap<>();
map.put("loginType",req.getLoginType());
map.put("unionid",req.getUnionid());
UserOpenid uo = uoService.findByOpenId(map);
if(null==uo){
//没有绑定
return VrResult.build(201, "该用户没有绑定"+req.getLoginType());
}else{//已绑定当前第三方
//
User u = service.findByOpenId(map);//根据唯一标识查用户信息
log.info(req.getLoginType()+"登录,用户信息为"+u.toString());
//生成token
String token =UUID.randomUUID().toString();
//保存用户之前,把用户对象中的密码清空。
u.setPassword(null);
u.setRegisterTime(null);
//把用户信息写入ehcache
EhcacheUtil.put(ApiContants.EHCZCHE_NAME,ApiContants.USER_SESSIONID_KEY+":"+token,JsonUtils.objectToJson(u));
//添加写cookie的逻辑,cookie的有效期是关闭浏览器就失效。
log.info(token);
CookieUtils.setCookie(request,response, "VR_TOKEN",token);
u.setToken(token);
if(StringHelper.isNotNull(u.getPhone())){//手机号不为空,已绑定直接返回登录成功
//返回cookie
return VrResult.build(200,"登录成功,已成功绑定手机与"+req.getLoginType(),JsonUtils.objectToJson(u));
}
//已绑定当前第三方,没有绑定手机
return VrResult.build(202,"登录成功,请绑定手机号",JsonUtils.objectToJson(u));
}
} catch (Exception e) {
e.printStackTrace();
return VrResult.build(500,ExceptionUtil.getStackTrace(e));
}
}
/***
* 第三方注册信息接口
* @param user
* @param request
* @param response
* @return*/
@RequestMapping(value="/register")
@ResponseBody
public Object register(@RequestBody User user,HttpServletRequest request, HttpServletResponse response){
try {
if(!MD5Utils.MD5(user.getData()+key).equals(user.getSign())){
return VrResult.build(400,"签名异常!");
}
user.setClient(0);//网页
Map<String, Object> map=new HashMap<>();
map.put("phone",user.getPhone());//
map.put("loginType",user.getLoginType());//2
int rows=service.getPhone(map);//查询手机号是否与别的账号有关联
if(rows>0){//如果存在,返回
//返回cookie
return VrResult.build(400,"手机号已被注册,请更换手机号!");
}
User pu=service.selectPhone(user.getPhone());//用手机账号查询用户信息
if(null!=pu){//修改已存在信息
//绑定手机号,返回成功登录
pu.setPhone(user.getPhone());
pu.setPassword(MD5Utils.MD5(user.getPassword()));
pu.setRegisterTime(new Date());
if(!StringHelper.isNotNull(pu.getAvatarUrl30())){
pu.setAvatarUrl30(user.getAvatarUrl30());
}
if(!StringHelper.isNotNull(pu.getAvatarUrl50())){
pu.setAvatarUrl50(user.getAvatarUrl50());
}
if(!StringHelper.isNotNull(pu.getAvatarUrl100())){
pu.setAvatarUrl100(user.getAvatarUrl100());
}
if(pu.getSex()==0){
pu.setSex(user.getSex());
}
pu.setLoginType(user.getLoginType());
pu.setOpenid(user.getOpenid());
pu.setClient(user.getClient());
pu.setUnionid(user.getUnionid());
int row=service.update(pu);
if(row>0){
pu.setRegisterTime(null);
pu.setPassword(null);
//把用户信息写入ehcache
EhcacheUtil.put(ApiContants.EHCZCHE_NAME,ApiContants.USER_SESSIONID_KEY+":"+token,JsonUtils.objectToJson(pu));
//添加写cookie的逻辑,cookie的有效期是关闭浏览器就失效。
log.info(token);
CookieUtils.setCookie(request, response, "VR_TOKEN",token);
pu.setToken(token);
//返回cookie
return VrResult.build(200,"登录成功",JsonUtils.objectToJson(pu));
}
}else//新增
{
user.setPassword(MD5Utils.MD5(user.getPassword()));
int registerUser = service.registerApiUser(user);//新增用户
if(registerUser>0){
User u = service.getUser(user.getUserId());
u.setPassword(null);
u.setRegisterTime(null);
//生成token
String token =UUID.randomUUID().toString();
//把用户信息写入ehcache
EhcacheUtil.put(ApiContants.EHCZCHE_NAME,ApiContants.USER_SESSIONID_KEY+":"+token,JsonUtils.objectToJson(u));
//添加写cookie的逻辑,cookie的有效期是关闭浏览器就失效。
log.info(token);
CookieUtils.setCookie(request, response, "VR_TOKEN", token);
u.setToken(token);
//返回cookie
return VrResult.build(200,"写入成功已绑定"+user.getLoginType(),JsonUtils.objectToJson(u));
}
}
} catch (Exception e) {
e.printStackTrace();
return VrResult.build(500, ExceptionUtil.getStackTrace(e));
}
return VrResult.build(400,"写入信息失败");
}
/***
* 手机密码注册与绑定
* @return
*/
@RequestMapping(value="/registerPhone")
@ResponseBody
public Object registerPhone(@RequestBody User user,HttpServletRequest request, HttpServletResponse response){
//生成token
String token =UUID.randomUUID().toString();
try {
if(!MD5Utils.MD5(user.getData()+key).equals(user.getSign())){
return VrResult.build(400,"签名异常!");
}
//检验短信验证码
String code=(String)EhcacheUtil.get(ApiContants.EHCZCHE_NAME,ApiContants.SMS_CODE+":"+user.getPhone());//短信验证码
String phone=(String)EhcacheUtil.get(ApiContants.EHCZCHE_NAME,ApiContants.SMS_PHONE+":"+user.getPhone());//手机号
if(StringHelper.isNull(code)||StringHelper.isNull(phone)){
return VrResult.build(400,"验证码不正确,请重新输入");
}
if(!code.equals(user.getCode())){
return VrResult.build(400,"验证码不正确,请重新输入!");
}
if(!phone.equals(user.getPhone())){
return VrResult.build(400,"验证码输入有误,请重新输入!");
}
if(user.getLoginType().equals("phone")){//手机号注册
User ur=new User();
ur.setPhone(user.getPhone());
User r=service.selectPhone(user.getPhone());//查询手机号是否存在
if(null!=r){//如果存在,返回
//返回cookie
return VrResult.build(400,"手机号已被注册,请更换手机号!");
}
user.setPassword(MD5Utils.MD5(user.getPassword()));//密码加密
user.setRegisterTime(new Date());
user.setSex(0);//新用户注册性别默认为0未知
user.setAvatarUrl30(webSite+"/images/tx.jpg");
user.setAvatarUrl50(webSite+"/images/tx.jpg");
user.setAvatarUrl100(webSite+"/images/tx.jpg");
int registerUser = service.registerUser(user);//新增
if(registerUser>0){
User u = service.getUser(user.getUserId());
u.setRegisterTime(null);
u.setPassword(null);
//把用户信息写入ehcache
EhcacheUtil.put(ApiContants.EHCZCHE_NAME,ApiContants.USER_SESSIONID_KEY+":"+token,JsonUtils.objectToJson(u));
//添加写cookie的逻辑,cookie的有效期是关闭浏览器就失效。
log.info(token);
CookieUtils.setCookie(request, response, "VR_TOKEN", token);
u.setToken(token);
//返回cookie
return VrResult.build(200,"登录成功",JsonUtils.objectToJson(u));
}
}
} catch (Exception e) {
e.printStackTrace();
return VrResult.build(500, ExceptionUtil.getStackTrace(e));
}
return VrResult.build(400,"注册失败");
}
/**
* 发送短信验证码
* @param user
* @param request
* @return
*/
@RequestMapping("/sendMsg")
@ResponseBody
@MySign
public Object sendMsg(String phone,HttpServletRequest request){
try {
String code =StringCodeHelper.getRandomString(4);//产生四位验证码
EhcacheUtil.putTime(ApiContants.EHCZCHE_NAME,ApiContants.SMS_CODE+":"+phone,code);//时间为5分钟
EhcacheUtil.putTime(ApiContants.EHCZCHE_NAME,ApiContants.SMS_PHONE+":"+phone,phone);
String para = code + ",5"; //过期时间为5分钟??
String result=SmsAct.InstantiationRestAPI(true).templateSMS(accountSid,token,appId,templateId,phone,para);
log.info("Response content is: " + result);
return VrResult.build(200,"发送成功",result);
} catch (Exception e) {
e.printStackTrace();
return VrResult.build(500, ExceptionUtil.getStackTrace(e));
}
}
/****
* 根据token获取用户信息
* @param req
* @param session
* @return
*/
@RequestMapping(value = "/token")
@ResponseBody
@MySign
public Object getUserByToken(String token, String callback) {
VrResult result=null;
try {
String json=(String)EhcacheUtil.get(ApiContants.EHCZCHE_NAME,ApiContants.USER_SESSIONID_KEY + ":"+ token);
// 判断是否为空
log.info(token + "json=" + json);
if (StringUtils.isBlank(json)) {
result=VrResult.build(400, "此用户已经过期,请重新登录");
}else{
result=VrResult.ok(json);
}
} catch (Exception e) {
e.printStackTrace();
result=VrResult.build(500,ExceptionUtil.getStackTrace(e));
}
//判断是否为jsonp调用
if (StringUtils.isBlank(callback)) {
return result;
} else {
MappingJacksonValue mappingJacksonValue = new MappingJacksonValue(result);
mappingJacksonValue.setJsonpFunction(callback);
return mappingJacksonValue;
}
}
/***
* 找回密码[手机号,验证码]
* @return
*/
@RequestMapping(value="/findPwd")
@ResponseBody
@MySign
public Object findPwd(String phone,String code,String callback){
//检验短信验证码
String codes=(String)EhcacheUtil.get(ApiContants.EHCZCHE_NAME,ApiContants.SMS_CODE+":"+phone);//短信验证码
String phones=(String)EhcacheUtil.get(ApiContants.EHCZCHE_NAME,ApiContants.SMS_PHONE+":"+phone);//手机号
if(StringHelper.isNull(codes)||StringHelper.isNull(phones)){
return VrResult.build(400,"验证码不正确,请重新输入");
}
if(!code.equals(codes)){
return VrResult.build(400,"验证码不正确,请重新输入!");
}
if(!phone.equals(phones)){
return VrResult.build(400,"验证码输入有误,请重新输入!");
}
//查询手机号是否存在,存在则下一步,否则返回
Map<String, Object> map=new HashMap<>();
map.put("phone",phone);
int row=service.getPhone(map);
if(row==0){
return VrResult.build(400,"手机号不存在,请更换手机号!");
}
return VrResult.build(200,"验证成功!");
}
/***
* 修改密码
* @return
*/
@RequestMapping(value="/updatePwd")
@ResponseBody
@MySign
public Object updatePwd(String phone,String paws,String callback){
//检验短信验证码
String codes=(String)EhcacheUtil.get(ApiContants.EHCZCHE_NAME,ApiContants.SMS_CODE+":"+phone);//短信验证码
String phones=(String)EhcacheUtil.get(ApiContants.EHCZCHE_NAME,ApiContants.SMS_PHONE+":"+phone);//手机号
if(StringHelper.isNull(codes)||StringHelper.isNull(phones)){
return VrResult.build(400,"用户异常,请稍后再试");
}
if(!phone.equals(phones)){
return VrResult.build(400,"用户异常,请稍后再试!");
}
User beam=new User();
beam.setPhone(phone);
beam.setPassword(paws);
int row = service.updatePassword(beam);
if(row>0){
return VrResult.build(200,"修改成功!");
}
return VrResult.build(400,"修改失败!");
}
/**
* 修改手机号
* @return
*/
@RequestMapping("/updatePhone")
@ResponseBody
@MySign
public Object updatePhone(String phone,String code,String userId,String callback){
try {
//检验短信验证码
String codes=(String)EhcacheUtil.get(ApiContants.EHCZCHE_NAME,ApiContants.SMS_CODE+":"+phone);//短信验证码
String phones=(String)EhcacheUtil.get(ApiContants.EHCZCHE_NAME,ApiContants.SMS_PHONE+":"+phone);//手机号
if(StringHelper.isNull(codes)||StringHelper.isNull(phones)){
return VrResult.build(400,"验证码有误,请重新输入!");
}
if(!phone.equals(phones)){
return VrResult.build(400,"验证码有误,请重新输入!");
}
if(!phone.equals(phones)){
return VrResult.build(400,"验证码有误,请重新输入!");
}
User user=new User();
user.setUserId(Integer.parseInt(userId));
user.setPhone(phone);
User r=service.selectPhone(phone);//查询手机号是否存在
if(null!=r){
return VrResult.build(400,"手机号已绑定其它账号,请更换手机号!");
}
int row=service.updateUser(user);
if(row>0){
return VrResult.build(200,"修改成功!");
}
} catch (NumberFormatException e) {
e.printStackTrace();
}
return VrResult.build(200,"修改失败!");
}
/***
* 退出处理
* @param request
* @param response
*/
@RequestMapping(value="/quit")
@ResponseBody
public Object quit(String callback){
//清除缓存
EhcacheUtil.remove(ApiContants.EHCZCHE_NAME,ApiContants.USER_SESSIONID_KEY + ":"+ token);
//exitUrl
long currentTimeMillis = System.currentTimeMillis();
Map<String,String> param=new HashMap<>();
param.put("t",currentTimeMillis+"");
param.put("sign",MD5Utils.MD5(currentTimeMillis+key));
String returns=HttpClientUtil.doGet(vrstoreUrl,param);// writeJson("success", response);
System.out.println(returns);
return VrResult.build(200,"退出成功");
}
}
2//为保证sso接口的安全性,在拦截处设置简单的签名
package com.qj.sso.interceptor;
import java.io.PrintWriter;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.Date;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import com.google.gson.Gson;
import com.qj.sso.annotation.MySign;
import com.qj.utils.MD5Utils;
import com.qj.utils.VrResult;
/***
* 拦截请求
* @author hzw 2017年1月20日
*
*/
public class SignInterceptor implements HandlerInterceptor{
@Value("${KEY}")
private String key;
private static final SimpleDateFormat format = new SimpleDateFormat("yyyyMMddHHmmss");
private static final Integer MINUTE = 3;
private static final Boolean BEFORE = Boolean.TRUE;
private static final Boolean AFTER = Boolean.FALSE;
@Override
public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3)
throws Exception {
}
@Override
public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, ModelAndView arg3)
throws Exception {
}
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
HandlerMethod methodHandler=(HandlerMethod) handler;
MySign sign=methodHandler.getMethodAnnotation(MySign.class);
if(null!=sign&&sign.check()){
if(vailSign(request)){
return true;
}
PrintWriter out = null;
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json; charset=utf-8");
Gson gson=new Gson();
try {
out = response.getWriter();
out.append(gson.toJson(VrResult.build(500,"invalid sign or timestamp out of range 3 minute")));
return false;
} catch (Exception e) {
out.append(gson.toJson(VrResult.build(400,e.getMessage())));
} finally {
if (out != null) {
out.close();
}
}
}
return true;
}
/***
* 验证签名
* @param request
* @return
* @throws ParseException
*/
private boolean vailSign(HttpServletRequest request){
try {
String t=request.getParameter("t");
String sign=request.getParameter("sign");
//请求时间不能超过三分钟
if(timeStampCheck(format.parse(t))&&MD5Utils.MD5(t+key).equals(sign)){//签证签名成功
return true;
}
} catch (Exception e) {
return false;
}
return false;
}
/**
* 请求必须在三分钟内完成,否则算无效请求
*/
private Boolean timeStampCheck(Date time) {
Calendar timestamp = Calendar.getInstance();
timestamp.setTime(time);
Calendar before = getTimeServeralMinuteBefore(MINUTE);
Calendar after = getTimeServeralMinuteAfter(MINUTE);
if (timestamp.before(before) || timestamp.after(after)) {//no
//时间不能
return false;
}
return true;
}
private Calendar getTimeServeralMinuteBefore(int minute) {
return getTimeServeralMinute(minute, BEFORE);
}
private Calendar getTimeServeralMinuteAfter(int minute) {
return getTimeServeralMinute(minute, AFTER);
}
private Calendar getTimeServeralMinute(Integer minute, Boolean agoOrAfter) {
Calendar cal = Calendar.getInstance();
cal.setTime(new Date());
cal.set(Calendar.MINUTE, cal.get(Calendar.MINUTE) + minute * (agoOrAfter ? -1 : 1));
return cal;
}
}
3.在项目中调用,原理也是实现拦截器,去判断Cookie
package com.qj.vrstore.interceptor;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import com.qj.vrstore.common.util.ConfigUtil;
import com.qj.vrstore.common.util.CookieUtils;
import com.qj.vrstore.common.util.DateUtils;
import com.qj.vrstore.common.util.HttpClientUtil;
import com.qj.vrstore.common.util.JsonUtils;
import com.qj.vrstore.common.util.MD5Utils;
import com.qj.vrstore.common.util.RequestUtil;
import com.qj.vrstore.entity.ApiUser;
import com.qj.vrstore.entity.User;
import com.qj.vrstore.entity.api.ApiSso;
public class LoginInterceptor implements HandlerInterceptor{
@Override
public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3)
throws Exception {
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object arg2, ModelAndView arg3)
throws Exception {
User u = (User)request.getSession().getAttribute(RequestUtil.CURRENT_USER);
if(u==null){
String cookieValue = CookieUtils.getCookieValue(request,"VR_TOKEN");
if(cookieValue!=null){
String date =DateUtils.format(new Date(),"yyyyMMddHHmmss");
Map<String,Object> param=new HashMap<>();
param.put("token",cookieValue);
param.put("t",date);
param.put("sign",MD5Utils.MD5(date+ConfigUtil.get("KEY")));
String result=HttpClientUtil.postMap(ConfigUtil.get("getUser"),param);
if(null==result){
return ;
}
ApiSso data=JsonUtils.jsonToPojo(result, ApiSso.class);
if(data.getStatus()==200){
ApiUser user = JsonUtils.jsonToPojo(data.getData().toString(),ApiUser.class);
if(null!=user){
User ur=new User();
ur.setUserId(user.getUserId());
ur.setUsername(user.getUsername());
ur.setEmail(user.getEmail());
ur.setPhone(user.getPhone());
ur.setRealname(user.getRealname());
ur.setSex(user.getSex());
ur.setGrade(user.getGrade());
ur.setAvatarURL30(user.getAvatarUrl30());
ur.setAvatarURL50(user.getAvatarUrl50());
ur.setAvatarURL100(user.getAvatarUrl100());
ur.setToken(user.getToken());
RequestUtil.setCurrentUser(request,ur);
}
}
}
}
}
@Override
public boolean preHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2) throws Exception {
return true;
}
}
所有原理就是通过token来访问sso系统实现,token返回时加密处理
以下是代码部份
package com.qj.sso.controller;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.converter.json.MappingJacksonValue;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import com.qj.bean.User;
import com.qj.bean.UserOpenid;
import com.qj.contants.ApiContants;
import com.qj.sms.SmsAct;
import com.qj.sso.annotation.MySign;
import com.qj.sso.service.UserOpenidService;
import com.qj.sso.service.UserService;
import com.qj.utils.CookieUtils;
import com.qj.utils.EhcacheUtil;
import com.qj.utils.ExceptionUtil;
import com.qj.utils.HttpClientUtil;
import com.qj.utils.JsonUtils;
import com.qj.utils.MD5Utils;
import com.qj.utils.StringCodeHelper;
import com.qj.utils.StringHelper;
import com.qj.utils.VrResult;
/***
* 登录
* @author HZW
*
*/
@Controller
public class UserController {
private static Logger log = LoggerFactory.getLogger(UserController.class);
@Autowired
private UserService service;
@Autowired
private UserOpenidService uoService;
@Value("${ACCOUNTSID}")
private String accountSid;
@Value("${TOKEN}")
private String token;
@Value("${APPID}")
private String appId;
@Value("${TEMPLATEID}")
private String templateId;
@Value("${vrstoreUrl}")
private String vrstoreUrl;
@Value("${KEY}")
private String key;
@Value("${webSite}")
private String webSite;
/***
* 测试集群缓存同步
* @return
*/
@RequestMapping(value="/test/sso",method=RequestMethod.GET)
public Object test(){
//把用户信息写入ehcache
//EhcacheUtil.put("org.news.pojo.News",ApiContants.USER_SESSIONID_KEY,":xxxxxxxx123213");
//Object object = EhcacheUtil.get("org.news.pojo.News",ApiContants.USER_SESSIONID_KEY);
//System.out.println(object.toString()+">>>");
return "请求成功";
}
/***
* 登录
*
* @return
*/
@RequestMapping(value="/loginsubmit")
@ResponseBody
public Object loginsubmit(@RequestBody User u,HttpServletRequest request, HttpServletResponse response,String callback){
VrResult result=null;
if(!MD5Utils.MD5(u.getData()+key).equals(u.getSign())){
return VrResult.build(400,"签名异常!");
}
if(u.getLoginType().equals("phone")){//账号密码
result=loginPhone(u,request,response);
}
if(u.getLoginType().equals("1")){//QQ
result=loginApi(u,request,response);
}
if(u.getLoginType().equals("2")){//微信登录
System.out.println();
result=loginApi(u,request,response);
}
if(u.getLoginType().equals("3")){//微博
result=loginApi(u,request,response);
}
if (null != callback) {
MappingJacksonValue mappingJacksonValue = new MappingJacksonValue(result);
mappingJacksonValue.setJsonpFunction(callback);
return mappingJacksonValue;
} else {
System.out.println(result.toString());
return result;
}
}
/***
* 账号密码登录
* @param req
* @param request
* @param response
* @return
*/
public VrResult loginPhone(User req,HttpServletRequest request, HttpServletResponse response){
try {
if(StringHelper.isNotNull(req.getUsername()) && StringHelper.isNotNull(req.getPassword())){
User user = service.findByUsername(req.getUsername());
//如果没有此用户名
if (null== user) {
return VrResult.build(400, "用户名不存在");
}
//比对密码
if (!user.getPassword().equals(MD5Utils.MD5(req.getPassword()))) {
return VrResult.build(400, "用户名或密码错误");
}
//生成token
String token =UUID.randomUUID().toString();
//保存用户之前,把用户对象中的密码清空。
user.setPassword(null);
user.setRegisterTime(null);
//把用户信息写入ehcache
EhcacheUtil.put(ApiContants.EHCZCHE_NAME,ApiContants.USER_SESSIONID_KEY+":"+token,JsonUtils.objectToJson(user));
//添加写cookie的逻辑,cookie的有效期是关闭浏览器就失效。
log.info(token);
user.setToken(token);
CookieUtils.setCookie(request, response, "VR_TOKEN", token);
return VrResult.build(200,"登录成功",JsonUtils.objectToJson(user));
}else{
log.info("用户名或密码不能为空!");
return VrResult.build(400, "用户名或密码不能为空!");
}
} catch (Exception e) {
e.printStackTrace();
return VrResult.build(500, ExceptionUtil.getStackTrace(e));
}
}
/***
* 第三方 登录
* @param req
* @param request
* @param response
* @return
*/
public VrResult loginApi(User req,HttpServletRequest request, HttpServletResponse response){
try {
Map<String,Object> map=new HashMap<>();
map.put("loginType",req.getLoginType());
map.put("unionid",req.getUnionid());
UserOpenid uo = uoService.findByOpenId(map);
if(null==uo){
//没有绑定
return VrResult.build(201, "该用户没有绑定"+req.getLoginType());
}else{//已绑定当前第三方
//
User u = service.findByOpenId(map);//根据唯一标识查用户信息
log.info(req.getLoginType()+"登录,用户信息为"+u.toString());
//生成token
String token =UUID.randomUUID().toString();
//保存用户之前,把用户对象中的密码清空。
u.setPassword(null);
u.setRegisterTime(null);
//把用户信息写入ehcache
EhcacheUtil.put(ApiContants.EHCZCHE_NAME,ApiContants.USER_SESSIONID_KEY+":"+token,JsonUtils.objectToJson(u));
//添加写cookie的逻辑,cookie的有效期是关闭浏览器就失效。
log.info(token);
CookieUtils.setCookie(request,response, "VR_TOKEN",token);
u.setToken(token);
if(StringHelper.isNotNull(u.getPhone())){//手机号不为空,已绑定直接返回登录成功
//返回cookie
return VrResult.build(200,"登录成功,已成功绑定手机与"+req.getLoginType(),JsonUtils.objectToJson(u));
}
//已绑定当前第三方,没有绑定手机
return VrResult.build(202,"登录成功,请绑定手机号",JsonUtils.objectToJson(u));
}
} catch (Exception e) {
e.printStackTrace();
return VrResult.build(500,ExceptionUtil.getStackTrace(e));
}
}
/***
* 第三方注册信息接口
* @param user
* @param request
* @param response
* @return*/
@RequestMapping(value="/register")
@ResponseBody
public Object register(@RequestBody User user,HttpServletRequest request, HttpServletResponse response){
try {
if(!MD5Utils.MD5(user.getData()+key).equals(user.getSign())){
return VrResult.build(400,"签名异常!");
}
user.setClient(0);//网页
Map<String, Object> map=new HashMap<>();
map.put("phone",user.getPhone());//
map.put("loginType",user.getLoginType());//2
int rows=service.getPhone(map);//查询手机号是否与别的账号有关联
if(rows>0){//如果存在,返回
//返回cookie
return VrResult.build(400,"手机号已被注册,请更换手机号!");
}
User pu=service.selectPhone(user.getPhone());//用手机账号查询用户信息
if(null!=pu){//修改已存在信息
//绑定手机号,返回成功登录
pu.setPhone(user.getPhone());
pu.setPassword(MD5Utils.MD5(user.getPassword()));
pu.setRegisterTime(new Date());
if(!StringHelper.isNotNull(pu.getAvatarUrl30())){
pu.setAvatarUrl30(user.getAvatarUrl30());
}
if(!StringHelper.isNotNull(pu.getAvatarUrl50())){
pu.setAvatarUrl50(user.getAvatarUrl50());
}
if(!StringHelper.isNotNull(pu.getAvatarUrl100())){
pu.setAvatarUrl100(user.getAvatarUrl100());
}
if(pu.getSex()==0){
pu.setSex(user.getSex());
}
pu.setLoginType(user.getLoginType());
pu.setOpenid(user.getOpenid());
pu.setClient(user.getClient());
pu.setUnionid(user.getUnionid());
int row=service.update(pu);
if(row>0){
pu.setRegisterTime(null);
pu.setPassword(null);
//把用户信息写入ehcache
EhcacheUtil.put(ApiContants.EHCZCHE_NAME,ApiContants.USER_SESSIONID_KEY+":"+token,JsonUtils.objectToJson(pu));
//添加写cookie的逻辑,cookie的有效期是关闭浏览器就失效。
log.info(token);
CookieUtils.setCookie(request, response, "VR_TOKEN",token);
pu.setToken(token);
//返回cookie
return VrResult.build(200,"登录成功",JsonUtils.objectToJson(pu));
}
}else//新增
{
user.setPassword(MD5Utils.MD5(user.getPassword()));
int registerUser = service.registerApiUser(user);//新增用户
if(registerUser>0){
User u = service.getUser(user.getUserId());
u.setPassword(null);
u.setRegisterTime(null);
//生成token
String token =UUID.randomUUID().toString();
//把用户信息写入ehcache
EhcacheUtil.put(ApiContants.EHCZCHE_NAME,ApiContants.USER_SESSIONID_KEY+":"+token,JsonUtils.objectToJson(u));
//添加写cookie的逻辑,cookie的有效期是关闭浏览器就失效。
log.info(token);
CookieUtils.setCookie(request, response, "VR_TOKEN", token);
u.setToken(token);
//返回cookie
return VrResult.build(200,"写入成功已绑定"+user.getLoginType(),JsonUtils.objectToJson(u));
}
}
} catch (Exception e) {
e.printStackTrace();
return VrResult.build(500, ExceptionUtil.getStackTrace(e));
}
return VrResult.build(400,"写入信息失败");
}
/***
* 手机密码注册与绑定
* @return
*/
@RequestMapping(value="/registerPhone")
@ResponseBody
public Object registerPhone(@RequestBody User user,HttpServletRequest request, HttpServletResponse response){
//生成token
String token =UUID.randomUUID().toString();
try {
if(!MD5Utils.MD5(user.getData()+key).equals(user.getSign())){
return VrResult.build(400,"签名异常!");
}
//检验短信验证码
String code=(String)EhcacheUtil.get(ApiContants.EHCZCHE_NAME,ApiContants.SMS_CODE+":"+user.getPhone());//短信验证码
String phone=(String)EhcacheUtil.get(ApiContants.EHCZCHE_NAME,ApiContants.SMS_PHONE+":"+user.getPhone());//手机号
if(StringHelper.isNull(code)||StringHelper.isNull(phone)){
return VrResult.build(400,"验证码不正确,请重新输入");
}
if(!code.equals(user.getCode())){
return VrResult.build(400,"验证码不正确,请重新输入!");
}
if(!phone.equals(user.getPhone())){
return VrResult.build(400,"验证码输入有误,请重新输入!");
}
if(user.getLoginType().equals("phone")){//手机号注册
User ur=new User();
ur.setPhone(user.getPhone());
User r=service.selectPhone(user.getPhone());//查询手机号是否存在
if(null!=r){//如果存在,返回
//返回cookie
return VrResult.build(400,"手机号已被注册,请更换手机号!");
}
user.setPassword(MD5Utils.MD5(user.getPassword()));//密码加密
user.setRegisterTime(new Date());
user.setSex(0);//新用户注册性别默认为0未知
user.setAvatarUrl30(webSite+"/images/tx.jpg");
user.setAvatarUrl50(webSite+"/images/tx.jpg");
user.setAvatarUrl100(webSite+"/images/tx.jpg");
int registerUser = service.registerUser(user);//新增
if(registerUser>0){
User u = service.getUser(user.getUserId());
u.setRegisterTime(null);
u.setPassword(null);
//把用户信息写入ehcache
EhcacheUtil.put(ApiContants.EHCZCHE_NAME,ApiContants.USER_SESSIONID_KEY+":"+token,JsonUtils.objectToJson(u));
//添加写cookie的逻辑,cookie的有效期是关闭浏览器就失效。
log.info(token);
CookieUtils.setCookie(request, response, "VR_TOKEN", token);
u.setToken(token);
//返回cookie
return VrResult.build(200,"登录成功",JsonUtils.objectToJson(u));
}
}
} catch (Exception e) {
e.printStackTrace();
return VrResult.build(500, ExceptionUtil.getStackTrace(e));
}
return VrResult.build(400,"注册失败");
}
/**
* 发送短信验证码
* @param user
* @param request
* @return
*/
@RequestMapping("/sendMsg")
@ResponseBody
@MySign
public Object sendMsg(String phone,HttpServletRequest request){
try {
String code =StringCodeHelper.getRandomString(4);//产生四位验证码
EhcacheUtil.putTime(ApiContants.EHCZCHE_NAME,ApiContants.SMS_CODE+":"+phone,code);//时间为5分钟
EhcacheUtil.putTime(ApiContants.EHCZCHE_NAME,ApiContants.SMS_PHONE+":"+phone,phone);
String para = code + ",5"; //过期时间为5分钟??
String result=SmsAct.InstantiationRestAPI(true).templateSMS(accountSid,token,appId,templateId,phone,para);
log.info("Response content is: " + result);
return VrResult.build(200,"发送成功",result);
} catch (Exception e) {
e.printStackTrace();
return VrResult.build(500, ExceptionUtil.getStackTrace(e));
}
}
/****
* 根据token获取用户信息
* @param req
* @param session
* @return
*/
@RequestMapping(value = "/token")
@ResponseBody
@MySign
public Object getUserByToken(String token, String callback) {
VrResult result=null;
try {
String json=(String)EhcacheUtil.get(ApiContants.EHCZCHE_NAME,ApiContants.USER_SESSIONID_KEY + ":"+ token);
// 判断是否为空
log.info(token + "json=" + json);
if (StringUtils.isBlank(json)) {
result=VrResult.build(400, "此用户已经过期,请重新登录");
}else{
result=VrResult.ok(json);
}
} catch (Exception e) {
e.printStackTrace();
result=VrResult.build(500,ExceptionUtil.getStackTrace(e));
}
//判断是否为jsonp调用
if (StringUtils.isBlank(callback)) {
return result;
} else {
MappingJacksonValue mappingJacksonValue = new MappingJacksonValue(result);
mappingJacksonValue.setJsonpFunction(callback);
return mappingJacksonValue;
}
}
/***
* 找回密码[手机号,验证码]
* @return
*/
@RequestMapping(value="/findPwd")
@ResponseBody
@MySign
public Object findPwd(String phone,String code,String callback){
//检验短信验证码
String codes=(String)EhcacheUtil.get(ApiContants.EHCZCHE_NAME,ApiContants.SMS_CODE+":"+phone);//短信验证码
String phones=(String)EhcacheUtil.get(ApiContants.EHCZCHE_NAME,ApiContants.SMS_PHONE+":"+phone);//手机号
if(StringHelper.isNull(codes)||StringHelper.isNull(phones)){
return VrResult.build(400,"验证码不正确,请重新输入");
}
if(!code.equals(codes)){
return VrResult.build(400,"验证码不正确,请重新输入!");
}
if(!phone.equals(phones)){
return VrResult.build(400,"验证码输入有误,请重新输入!");
}
//查询手机号是否存在,存在则下一步,否则返回
Map<String, Object> map=new HashMap<>();
map.put("phone",phone);
int row=service.getPhone(map);
if(row==0){
return VrResult.build(400,"手机号不存在,请更换手机号!");
}
return VrResult.build(200,"验证成功!");
}
/***
* 修改密码
* @return
*/
@RequestMapping(value="/updatePwd")
@ResponseBody
@MySign
public Object updatePwd(String phone,String paws,String callback){
//检验短信验证码
String codes=(String)EhcacheUtil.get(ApiContants.EHCZCHE_NAME,ApiContants.SMS_CODE+":"+phone);//短信验证码
String phones=(String)EhcacheUtil.get(ApiContants.EHCZCHE_NAME,ApiContants.SMS_PHONE+":"+phone);//手机号
if(StringHelper.isNull(codes)||StringHelper.isNull(phones)){
return VrResult.build(400,"用户异常,请稍后再试");
}
if(!phone.equals(phones)){
return VrResult.build(400,"用户异常,请稍后再试!");
}
User beam=new User();
beam.setPhone(phone);
beam.setPassword(paws);
int row = service.updatePassword(beam);
if(row>0){
return VrResult.build(200,"修改成功!");
}
return VrResult.build(400,"修改失败!");
}
/**
* 修改手机号
* @return
*/
@RequestMapping("/updatePhone")
@ResponseBody
@MySign
public Object updatePhone(String phone,String code,String userId,String callback){
try {
//检验短信验证码
String codes=(String)EhcacheUtil.get(ApiContants.EHCZCHE_NAME,ApiContants.SMS_CODE+":"+phone);//短信验证码
String phones=(String)EhcacheUtil.get(ApiContants.EHCZCHE_NAME,ApiContants.SMS_PHONE+":"+phone);//手机号
if(StringHelper.isNull(codes)||StringHelper.isNull(phones)){
return VrResult.build(400,"验证码有误,请重新输入!");
}
if(!phone.equals(phones)){
return VrResult.build(400,"验证码有误,请重新输入!");
}
if(!phone.equals(phones)){
return VrResult.build(400,"验证码有误,请重新输入!");
}
User user=new User();
user.setUserId(Integer.parseInt(userId));
user.setPhone(phone);
User r=service.selectPhone(phone);//查询手机号是否存在
if(null!=r){
return VrResult.build(400,"手机号已绑定其它账号,请更换手机号!");
}
int row=service.updateUser(user);
if(row>0){
return VrResult.build(200,"修改成功!");
}
} catch (NumberFormatException e) {
e.printStackTrace();
}
return VrResult.build(200,"修改失败!");
}
/***
* 退出处理
* @param request
* @param response
*/
@RequestMapping(value="/quit")
@ResponseBody
public Object quit(String callback){
//清除缓存
EhcacheUtil.remove(ApiContants.EHCZCHE_NAME,ApiContants.USER_SESSIONID_KEY + ":"+ token);
//exitUrl
long currentTimeMillis = System.currentTimeMillis();
Map<String,String> param=new HashMap<>();
param.put("t",currentTimeMillis+"");
param.put("sign",MD5Utils.MD5(currentTimeMillis+key));
String returns=HttpClientUtil.doGet(vrstoreUrl,param);// writeJson("success", response);
System.out.println(returns);
return VrResult.build(200,"退出成功");
}
}
2//为保证sso接口的安全性,在拦截处设置简单的签名
package com.qj.sso.interceptor;
import java.io.PrintWriter;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.Date;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import com.google.gson.Gson;
import com.qj.sso.annotation.MySign;
import com.qj.utils.MD5Utils;
import com.qj.utils.VrResult;
/***
* 拦截请求
* @author hzw 2017年1月20日
*
*/
public class SignInterceptor implements HandlerInterceptor{
@Value("${KEY}")
private String key;
private static final SimpleDateFormat format = new SimpleDateFormat("yyyyMMddHHmmss");
private static final Integer MINUTE = 3;
private static final Boolean BEFORE = Boolean.TRUE;
private static final Boolean AFTER = Boolean.FALSE;
@Override
public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3)
throws Exception {
}
@Override
public void postHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, ModelAndView arg3)
throws Exception {
}
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
HandlerMethod methodHandler=(HandlerMethod) handler;
MySign sign=methodHandler.getMethodAnnotation(MySign.class);
if(null!=sign&&sign.check()){
if(vailSign(request)){
return true;
}
PrintWriter out = null;
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json; charset=utf-8");
Gson gson=new Gson();
try {
out = response.getWriter();
out.append(gson.toJson(VrResult.build(500,"invalid sign or timestamp out of range 3 minute")));
return false;
} catch (Exception e) {
out.append(gson.toJson(VrResult.build(400,e.getMessage())));
} finally {
if (out != null) {
out.close();
}
}
}
return true;
}
/***
* 验证签名
* @param request
* @return
* @throws ParseException
*/
private boolean vailSign(HttpServletRequest request){
try {
String t=request.getParameter("t");
String sign=request.getParameter("sign");
//请求时间不能超过三分钟
if(timeStampCheck(format.parse(t))&&MD5Utils.MD5(t+key).equals(sign)){//签证签名成功
return true;
}
} catch (Exception e) {
return false;
}
return false;
}
/**
* 请求必须在三分钟内完成,否则算无效请求
*/
private Boolean timeStampCheck(Date time) {
Calendar timestamp = Calendar.getInstance();
timestamp.setTime(time);
Calendar before = getTimeServeralMinuteBefore(MINUTE);
Calendar after = getTimeServeralMinuteAfter(MINUTE);
if (timestamp.before(before) || timestamp.after(after)) {//no
//时间不能
return false;
}
return true;
}
private Calendar getTimeServeralMinuteBefore(int minute) {
return getTimeServeralMinute(minute, BEFORE);
}
private Calendar getTimeServeralMinuteAfter(int minute) {
return getTimeServeralMinute(minute, AFTER);
}
private Calendar getTimeServeralMinute(Integer minute, Boolean agoOrAfter) {
Calendar cal = Calendar.getInstance();
cal.setTime(new Date());
cal.set(Calendar.MINUTE, cal.get(Calendar.MINUTE) + minute * (agoOrAfter ? -1 : 1));
return cal;
}
}
3.在项目中调用,原理也是实现拦截器,去判断Cookie
package com.qj.vrstore.interceptor;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import com.qj.vrstore.common.util.ConfigUtil;
import com.qj.vrstore.common.util.CookieUtils;
import com.qj.vrstore.common.util.DateUtils;
import com.qj.vrstore.common.util.HttpClientUtil;
import com.qj.vrstore.common.util.JsonUtils;
import com.qj.vrstore.common.util.MD5Utils;
import com.qj.vrstore.common.util.RequestUtil;
import com.qj.vrstore.entity.ApiUser;
import com.qj.vrstore.entity.User;
import com.qj.vrstore.entity.api.ApiSso;
public class LoginInterceptor implements HandlerInterceptor{
@Override
public void afterCompletion(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2, Exception arg3)
throws Exception {
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object arg2, ModelAndView arg3)
throws Exception {
User u = (User)request.getSession().getAttribute(RequestUtil.CURRENT_USER);
if(u==null){
String cookieValue = CookieUtils.getCookieValue(request,"VR_TOKEN");
if(cookieValue!=null){
String date =DateUtils.format(new Date(),"yyyyMMddHHmmss");
Map<String,Object> param=new HashMap<>();
param.put("token",cookieValue);
param.put("t",date);
param.put("sign",MD5Utils.MD5(date+ConfigUtil.get("KEY")));
String result=HttpClientUtil.postMap(ConfigUtil.get("getUser"),param);
if(null==result){
return ;
}
ApiSso data=JsonUtils.jsonToPojo(result, ApiSso.class);
if(data.getStatus()==200){
ApiUser user = JsonUtils.jsonToPojo(data.getData().toString(),ApiUser.class);
if(null!=user){
User ur=new User();
ur.setUserId(user.getUserId());
ur.setUsername(user.getUsername());
ur.setEmail(user.getEmail());
ur.setPhone(user.getPhone());
ur.setRealname(user.getRealname());
ur.setSex(user.getSex());
ur.setGrade(user.getGrade());
ur.setAvatarURL30(user.getAvatarUrl30());
ur.setAvatarURL50(user.getAvatarUrl50());
ur.setAvatarURL100(user.getAvatarUrl100());
ur.setToken(user.getToken());
RequestUtil.setCurrentUser(request,ur);
}
}
}
}
}
@Override
public boolean preHandle(HttpServletRequest arg0, HttpServletResponse arg1, Object arg2) throws Exception {
return true;
}
}
所有原理就是通过token来访问sso系统实现,token返回时加密处理
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- SpringMVC使用session实现简单登录
- ASP.NET jQuery 食谱11 (通过使用jQuery validation插件简单实现用户登录页面验证功能)
- Objective-C ,ios,iphone开发基础:使用第三方库FMDB连接sqlite3 数据库,实现简单的登录
- Android Http简单使用实现登录校园网App
- 一个使用监听器模式实现的J2ME网络编程框架,包括一个简单的登录功能实现(含源代码)
- ASP.NET jQuery 实例11 通过使用jQuery validation插件简单实现用户登录页面验证功能
- springMVC实现简单登录
- Xcode中使用自动布局实现简单登录界面
- 使用 JSONP 实现简单的 SSO 单点登录
- 使用intellij idea 搭建springmvc例子【简单景点登录】
- 使用ajax技术实现简单登录操作
- Silverlight学习笔记一(理解一下机制,使用一下布局,实现一个简单的用户登录)
- Objective-C ,ios,iphone开发基础:使用第三方库FMDB连接sqlite3 数据库,实现简单的登录
- 使用java实现简单QQ登录界面
- Objective-C ,ios,iphone开发基础:使用第三方库FMDB连接sqlite3 数据库,实现简单的登录