当前位置: 首页 > news >正文

登录认证-下篇:基于 Redis 实现共享session登录

news 2026/1/15 12:42:25

将验证码 (session.setAttribute("code", code));用户信息 (session.setAttribute("user", userDTO))改为存入redis中

将随机生成的token作为登录凭证,放在请求头中的authorization字段

并设置两层拦截器,解决状态登录刷新的问题

image

业务流程图1
image

业务流程图2
image

具体实现:

UserServiceImpl

package com.hmdp.service.impl;import cn.hutool.core.bean.BeanUtil;
import cn.hutool.core.bean.copier.CopyOptions;
import cn.hutool.core.lang.UUID;
import cn.hutool.core.util.RandomUtil;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import com.hmdp.dto.LoginFormDTO;
import com.hmdp.dto.Result;
import com.hmdp.dto.UserDTO;
import com.hmdp.entity.User;
import com.hmdp.mapper.UserMapper;
import com.hmdp.service.IUserService;
import com.hmdp.utils.RegexUtils;
import lombok.extern.slf4j.Slf4j;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.stereotype.Service;import javax.annotation.Resource;
import javax.servlet.http.HttpSession;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.TimeUnit;import static com.hmdp.utils.RedisConstants.*;
import static com.hmdp.utils.SystemConstants.USER_NICK_NAME_PREFIX;/*** <p>* 服务实现类* </p>** @author ztn* @since 2025-9-10*/
@Slf4j
@Service
public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements IUserService {@Resourceprivate StringRedisTemplate stringRedisTemplate;@Overridepublic Result sendCode(String phone, HttpSession session) {//1.校验手机号,isPhoneInvalid是无效if(RegexUtils.isPhoneInvalid(phone)){//2.如果不符合,返回错误信息return Result.fail("手机号格式错误!");}//3.符合,生成验证码String code = RandomUtil.randomNumbers(6);//4.保存验证码到redis //set key value ex 120 两分钟有效期
//        session.setAttribute("code",code);
//        stringRedisTemplate.opsForValue().set("login:code" + phone,code,2, TimeUnit.MINUTES);stringRedisTemplate.opsForValue().set(LOGIN_CODE_KEY + phone,code,LOGIN_CODE_TTL, TimeUnit.MINUTES);//5.发送验证码log.debug("发送短信验证码成功,验证码:{}",code);//返回okreturn Result.ok();}@Overridepublic Result login(LoginFormDTO loginForm, HttpSession session) {String phone = loginForm.getPhone();//1.校验手机号,isPhoneInvalid是无效if(RegexUtils.isPhoneInvalid(phone)){//2.如果不符合,返回错误信息return Result.fail("手机号格式错误!");}//3.从redis中获取并校验验证码String cachecode = stringRedisTemplate.opsForValue().get(LOGIN_CODE_KEY + phone);String code = loginForm.getCode();if(cachecode == null && !cachecode.equals(code)){//4.不一致,报错return Result.fail("验证码错误");}//4.一致,根据手机号查询用户select * from tb_user where phone = ?User user = query().eq("phone", phone).one();//5.判断用户是否存在if(user == null){//6.不存在,创建用户并保存user = createUserWithphone(phone);}//7.保存用户信息到redis中//7.1生成随机token,作为登录令牌String token = UUID.randomUUID().toString(true);//7.2将user对象转为HashMap存储UserDTO userDTO = BeanUtil.copyProperties(user, UserDTO.class);Map<String, Object> userMap = BeanUtil.beanToMap(userDTO,new HashMap<>(),CopyOptions.create().setIgnoreNullValue(true).setFieldValueEditor((fieldName,fieldValue) ->fieldValue.toString()));//7.3存储stringRedisTemplate.opsForHash().putAll(LOGIN_USER_KEY + token,userMap);//7.4有效期stringRedisTemplate.expire(LOGIN_USER_KEY + token,LOGIN_USER_TTL, TimeUnit.MINUTES);//8.返回tokenreturn Result.ok(token);}private User createUserWithphone(String phone) {//1.创建用户User user = new User();user.setPhone(phone);user.setNickName(USER_NICK_NAME_PREFIX+RandomUtil.randomString(10));//2.保存用户save(user);return user;}
}

RefreshTokenInterceptor


package com.hmdp.utils;import cn.hutool.core.bean.BeanUtil;
import cn.hutool.core.util.StrUtil;
import com.hmdp.dto.UserDTO;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.lang.Nullable;
import org.springframework.web.servlet.HandlerInterceptor;import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.Map;
import java.util.concurrent.TimeUnit;import static com.hmdp.utils.RedisConstants.LOGIN_USER_TTL;public class RefreshTokenInterceptor implements HandlerInterceptor {private StringRedisTemplate stringRedisTemplate;public RefreshTokenInterceptor(StringRedisTemplate stringRedisTemplate) {this.stringRedisTemplate = stringRedisTemplate;}@Overridepublic boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {//1.获取请求头中的tokenString token = request.getHeader("authorization");if(StrUtil.isBlank(token)){return true;}//2.获取redis中的用户Map<Object, Object> userMap = stringRedisTemplate.opsForHash().entries(RedisConstants.LOGIN_USER_KEY + token);//3.判断用户是否存在if (userMap.isEmpty()) {return true;}//5.将查询到的Hash数据转为userdto对象UserDTO userDTO = BeanUtil.fillBeanWithMap(userMap, new UserDTO(), false);//6.存在,保存用户信息到ThreadLocalUserHolder.saveUser(userDTO);//7.刷新token有效期stringRedisTemplate.expire(RedisConstants.LOGIN_USER_KEY + token,LOGIN_USER_TTL, TimeUnit.MINUTES);//8.放行return true;}@Overridepublic void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable Exception ex) throws Exception {//移除用户UserHolder.removeUser();}
}

LoginInterceptor

package com.hmdp.utils;import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;public class LoginInterceptor implements HandlerInterceptor {@Overridepublic boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {//判断是否要拦截(ThreadLocal中是否有用户)if(UserHolder.getUser() == null){response.setStatus(401);return false;}return true;}}

MvcConfig

package com.hmdp.config;import com.hmdp.utils.LoginInterceptor;
import com.hmdp.utils.RefreshTokenInterceptor;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;import javax.annotation.Resource;@Configuration
public class MvcConfig implements WebMvcConfigurer {@Resourceprivate StringRedisTemplate stringRedisTemplate;@Overridepublic void addInterceptors(InterceptorRegistry registry) {registry.addInterceptor(new LoginInterceptor()).excludePathPatterns(//放行"/user/code","/user/login","/blog/hot","/shop/**","/upload/**","/shop-type/**","/voucher/**").order(1);registry.addInterceptor(new RefreshTokenInterceptor(stringRedisTemplate)).addPathPatterns("/**").order(0);}}
http://www.hskmm.com/?act=detail&tid=1781

相关文章:

  • 用 Go + Tesseract 实现英文数字验证码识别
  • 基于MATLAB的CNN大气散射传播率计算与图像去雾实现
  • .net连接MYSQL数据库字符串参数详细解析(总结)
  • Kubernetes 数据存储
  • 软件工程第一次作业:自我介绍+软工五问
  • 软件著作权市场与加密货币趋势
  • The 3rd Universal Cup. Stage 37: Wuhan
  • 炸裂:SpringAI新版发布,终于支持断线重连了!
  • spring 事务实战:声明式vs 编程式
  • Mysql 事务提交回滚退回
  • 鸿蒙前端开发3-ArkTS语言基本语法
  • solo博客容器化运行访问
  • Flutter应用架构设计:基于Riverpod的状态管理最佳实践
  • P12502 「ROI 2025 Day1」天狼星的换班 「线段覆盖问题」
  • 动态规划DP问题详解,超全,思路全收集
  • SQL入门与实战
  • day05 课程
  • 【JPCS独立出版Fellow杰青云集】2025年先进材料与航空航天结构力学国际学术会议(AMASM 2025)
  • 算法-TSP旅行商问题-03 - jack
  • ArkTS
  • 一文读懂基因检测PLM、体外诊断试剂PLM的功能、价值、解决方案
  • ai本地部署工具有哪些?新手入门AI推荐这几个
  • 匿名内部类
  • 文件上传、分片上传结合antdProComponents表格展示,点击上传
  • 2025 年 PLM 市场新锐崛起:五家厂商以创新技术引领行业变革新路径
  • 2025 年国产 PLM 系统发展全景:厂商实力与核心功能深度解读
  • 开发效率翻倍!编码助手+云效 AI 评审如何破解代码质量与速度难题?
  • SSL部署完成,https显示连接不安全如何处理?
  • 各省简称
  • 完整教程:HDFS基准测试与数据治理