目录

Web开发笔记(登入,注册,记录登入状态,拦截器)

注册功能

注册的功能的实现是比较简单的,但是涉及到一些问题

  • 用户名检测(长度,敏感词汇,重复,特殊字符(html,js脚本,sql注入))
  • 密码长度要求,强度检测,salt加密,(md5)
  • 用户邮件/短信激活(注册太随意脚本攻击,浸入垃圾非法信息)

登录功能

  • 用户登入,在web端记录cookie或者token,或者app中token记录登入状态
  • 登出,删除,session清理等。

拦截器

我们需要一个实现HandlerInterceptor接口的类来编写拦截器实体

package com.example.demo.interceptor;

import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@Component
public class TestInterceptor implements HandlerInterceptor {

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        //请求开始前
        System.out.println("这里是拦截器");
        return false; //false就拦截了
    }

    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
        //拦截器处理完后

    }

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
        //渲染完后,用来释放资源

    }
}

我们需要一个地方加入刚刚的拦截器,继承WebMvcConfigurerAdapter的类

package com.example.demo.configuration;

import com.example.demo.interceptor.TestInterceptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;

@Component
public class Wendaconfigration extends WebMvcConfigurerAdapter {

    @Autowired
    TestInterceptor testInterceptor;

    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(testInterceptor);
        super.addInterceptors(registry);
    }
}

我们可以用拦截器带以及跳转完成未登入跳转等功能