注册
从login页面传递username和password到LoginController,LoginController中调用userService的register方法,对传递过来的username和password进行用户名的合法性(为空、敏感词、特殊字符)检测、密码强度检测,通过检测则调用userDAO的addUser方法将user保存到数据库中。
这里新建了一个LoginTicket表,用来保存和检测登录状态的,每次登录或注册,都会新增或检查相应的Ticket,并进行判断,到这里我们就会想,既然登录或者注册了就要将这个登录的状态保存起来,并且让整个程序随时都能够访问到。
这里是新增了一个HostHolder组件,将其增加到Spring容器中,这样就可以通过依赖注入随时获取到相应属性的状态了。
DROP TABLE IF EXISTS `login_ticket`; CREATE TABLE `login_ticket` ( `id` INT NOT NULL AUTO_INCREMENT, `user_id` INT NOT NULL, `ticket` VARCHAR(45) NOT NULL, `expired` DATETIME NOT NULL, `status` INT NULL DEFAULT 0, PRIMARY KEY (`id`), UNIQUE INDEX `ticket_UNIQUE` (`ticket` ASC) ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
@Component public class HostHolder { //为每一条线程分配一个对象 private static ThreadLocal<User> users = new ThreadLocal<>(); public User getUser() { return users.get(); } public void serUser(User user) { users.set(user); } public void clear() { users.remove(); } }
登录
和注册差不多
未登录跳转
利用了一个Interceptor,在页面发出请求的时候检测cookie里面是否携带了tiket,如果有,可以继续访问,如果没有就跳转到登录页面。
@Component public class PassportInterceptor implements HandlerInterceptor { @Autowired private LoginTicketDAO loginTicketDAO; @Autowired private UserDAO userDAO; @Autowired HostHolder hostHolder; @Override public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o) throws Exception { String ticket = null; Cookie[] cookies = httpServletRequest.getCookies(); if (cookies != null) { for (Cookie cookie : cookies) { if (cookie.getName().equals("ticket")) { ticket = cookie.getValue(); break; } } } if (ticket != null) { LoginTicket loginTicket = loginTicketDAO.selectByTicket(ticket); if (loginTicket == null || loginTicket.getStatus() != 0 || loginTicket.getExpired().before(new Date())) { return true; } User user = userDAO.selectById(loginTicket.getUserId()); hostHolder.serUser(user); } return true; } @Override public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception { if (modelAndView != null) { modelAndView.addObject("user", hostHolder.getUser()); } } @Override public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception { hostHolder.clear(); } }
总的来说没用到什么新技术,很基础的东西。