exclude-mappingpath="/*/api-docs"/>
exclude-mappingpath="/swagger-ui.html"/>
exclude-mappingpath="/configuration/**"/>
--登录拦截器-->
interceptor>
interceptors>
--验证码-->
no
105,179,90
red
250
90
120
code
4
宋体,楷体,微软雅黑
3.生成验证码的controller
[java]viewplaincopy在CODE上查看代码片派生到我的代码片
//生成验证码
@RequestMapping("/captcha-image")
publicvoidcaptchaImageCode(@RequestParamIntegerbizType,HttpServletRequestrequest,HttpServletResponseresponse)throwsBizException{
response.setDateHeader("Expires",0);
//SetstandardHTTP/1.1no-cacheheaders.
response.setHeader("Cache-Control","no-store,no-cache,must-revalidate");
//SetIEextendedHTTP/1.1no-cacheheaders(useaddHeader).
response.addHeader("Cache-Control","post-check=0,pre-check=0");
//SetstandardHTTP/1.0no-cacheheader.
response.setHeader("Pragma","no-cache");
//returnajpeg
response.setContentType("image/png");
//createthetextfortheimage
StringcapText=captchaProducer.createText();
//bizType为业务类型,这里为LOGIN
BizTypeEnumbizTypeEnum=BizTypeEnum.findByBizType(bizType);
if(bizTypeEnum==null){
logger.error("ThebizTypeisillegal!
");
return;
}
//客户端保存一个验证码的cookie,GlobalConst.BOM_CAPTCHA_KEY为cookie的name,value为一个随机数
Stringcaptcha_key=CookieUtil.getCookieValue(request,GlobalConst.BOM_CAPTCHA_KEY);
//如果取出来的为空,这表示是一个新用户,客户端没有这个cookie,就新建一个
if(StringUtils.isBlank(captcha_key)){
captcha_key=UuidUtil.get32UUID();
logger.info("Newusercoming,captcha_key={}",captcha_key);
CookieUtil.addCookie(response,GlobalConst.BOM_CAPTCHA_KEY,captcha_key,CaptchaCodeUtil.CAPTCHA_TIME_OUT);
}
//将验证码和客户端cookie的信息存在redis中
CaptchaCodeUtil.addCaptchaCode(captcha_key,redisService,bizTypeEnum,capText);
OutputStreamout=null;
try{
//createtheimagewiththetext
BufferedImagebi=captchaProducer.createImage(capText);
out=response.getOutputStream();
//writethedataout
ImageIO.write(bi,"png",out);
}catch(IOExceptione){
e.printStackTrace();
}finally{
IOUtils.closeQuietly(out);
}
}
//判断验证码是否正确
//一般是先判断验证码是否正确,如果正确再进行登录判断,不然提示验证码错误。
@RequestMapping(value="/checkCaptchaCode")
@ResponseBody
publicResultcheckCaptchaCode(HttpServletRequestrequest,
@RequestParamIntegerbizType,@RequestParamStringcaptchaCode){
//bizType表示业务类型,这里是LOGIN
BizTypeEnumbizTypeEnum=BizTypeEnum.findByBizType(bizType);
if(bizTypeEnum==null){
logger.error("ThebizTypeisillegal!
");
returnsuper.buildBizErrorResult("验证码bizType不合法");
}
//得到客户端cookie的value,redis里的key就是通过这个value生成的
StringcaptchaKey=CookieUtil.getCookieValue(request,GlobalConst.BOM_CAPTCHA_KEY);
//在redis中判断验证码是否正确
booleancaptchaCodeOk=CaptchaCodeUtil.captchaCodeOk(captchaKey,redisService,bizTypeEnum,captchaCode);
if(captchaCodeOk){
returnsuper.buildOk(true);
}else{
returnsuper.buildBizErrorResult("验证码不正确");
}
}
4.图形验证码工具类
[java]viewplaincopy在CODE上查看代码片派生到我的代码片
/**
*图形验证码工具类,目前主要是未登录,基于Cookie的方式。
用户已登录的情况,暂时没有。
*/
publicclassCaptchaCodeUtil{
privatestaticfinalLoggerlogger=LoggerFactory.getLogger(CaptchaCodeUtil.class);
publicstaticfinalStringCAPTCHA_NAMESPACE="captcha";
//验证码在redis中保存的时间
publicstaticfinalintCAPTCHA_TIME_OUT=10*60;
//captcha_key为一个随机数,captchaCode为验证码
//captchaKey为redis中的key,captchaCode为value
//添加验证码信息到redis
publicstaticvoidaddCaptchaCode(Stringcaptcha_key,RedisServiceredisService,BizTypeEnumbizType,StringcaptchaCode)throwsBizException{
StringcaptchaKey=buildCaptchaKey(captcha_key,captchaCode,bizType);
if(StringUtils.isNotBlank(captchaKey)){
redisService.add(captchaKey,captchaCode,CAPTCHA_TIME_OUT,TimeUnit.SECONDS);
}
}
//验证某个业务的验证码,是否正确
publicstaticbooleancaptchaCodeOk(Stringcaptcha_key,RedisServiceredisService,BizTypeEnumbizType,StringcaptchaCode){
try{
StringcaptchaKey=buildCaptchaKey(captcha_key,captchaCode,bizType);
if(StringUtils.isNotBlank(captchaKey)){
//验证码
StringcaptchaCodeRedis=redisService.getString(captchaKey);
if(StringUtils.equalsIgnoreCase(captchaCodeRedis,captchaCode)){
returntrue;
}
}
}catch(Exceptione){
logger.error(e.getMessage());
returnfalse;
}
returnfalse;
}
//重新构建redis中的key
privatestaticStringbuildCaptchaKey(Stringcaptcha_key,StringcaptchaCode,BizTypeEnumbizType){
if(StringUtils.isBlank(captcha_key)){
returnnull;
}
StringcaptchaKey=CAPTCHA_NAMESPACE+":
"+bizType.getDir()+":
"+captcha_key+":
"+captchaCode;
returncaptchaKey;
}
//删除redis中验证码的信息
publicstaticvoiddeleteCaptchaCode(Stringcaptcha_key,RedisServiceredisService,StringcaptchaCode,BizTypeEnumbizType)throwsBizException{
StringcaptchaKey=buildCaptchaKey(captcha_key,captchaCode,bizType);
if(StringUtils.isNotBlank(captchaKey)){
redisService.delete(captchaKey);
}
}
}
5.登录和登出
[java]viewplaincopy在CODE上查看代码片派生到我的代码片
@ApiOperation(value="登录",produces=MediaType.APPLICATION_JSON_VALUE)
@RequestMapping(value="/doLogin",produces=MediaType.APPLICATION_JSON_VALUE)
@ResponseBody
publicResultdoLogin(
@ApiParam(required=true,value="登录名")@RequestParamStringloginName,
@ApiParam(required=true,value="登录密码")@RequestParamStringpassword,
@ApiParam(required=true,value="验证码")@RequestParamStringcaptchaCode,
HttpServletResponseresponse,
HttpServletRequestrequest
){
try{
BizTypeEnumbizType=BizTypeEnum.LOGIN;
//从客户端cookie中得到redis的value
Stringcaptcha_Key=CookieUtil.getCookieValue(request,GlobalConst.BOM_CAPTCHA_KEY);
booleancaptchaCodeOk=CaptchaCodeUtil.captchaCodeOk(captcha_Key,redisService,bizType,captchaCode);
if(!
captchaCodeOk){
returnbuildBizErrorResult("验证码错误!
");
}
//删除验证码
CaptchaCodeUtil.deleteCaptchaCode(captcha_Key,redisService,captchaCode,bizType);
Membermember=memberSecurityBizService.login(loginName,password);
if(member==null){
logger.info("Loginfailed,loginName="+loginName);
returnbuildBizErrorResult("用户名和密码信息输入有误!
");
}
if(!
RoleTypeEnum.DESIGNER.getCode().equals(member.getRoleType())&&!
RoleTypeEnum.EDITOR.equals(member.getRoleType())){
returnbuildBizErrorResult("你无权登录本系统!
");
}
//用户token的key值
Stringlogin_ut_key=UuidUtil.get32UUID();
//在客户端添加有关用户信息的Cookie
CookieUtil.addCookie(response,GlobalConst.BOM_FRONT_UT,login_ut_key,GlobalConst.KEEP_BOM_FRONT_UT_TIME);
//在redis中添加用户信息
redisService.add(login_ut_key,member,1,TimeUnit.HOURS);
returnbuildOk(true);
}catch(Exceptione){
returnbuildExceptionResult(e);
}
}
@ApiOperation(value="登出",produces=MediaType.TEXT_HTML_VALUE)
@RequestMapping(value="/logout",produces=MediaType.TEXT_HTML_VALUE)
publicStringlogout(HttpServletRequestrequest,HttpServletResponseresponse){
try{
logger.info("Logout");
StringaccessTokenKey=CookieUtil.getCookieValue(request,GlobalConst.BOM_FRONT_UT);
if(StringUtils.isNotBlank(accessTokenKey)){
CookieUtil.removeCookie(response,GlobalConst.BOM_FRONT_UT);
redisService.delete(accessTokenKey);
}
}catch(Exceptione){
logger.error("Logoutfailed");
e.printStackTrace();
}
return"login/login";
}
6.登录拦截器LoginInterceptor
[java]viewplaincopy在CODE上查看代码片派生到我的代码片
packagecom.front.interceptor;
importjava.io.IOException;
importjava.util.Map;
importjava.util.concurrent.TimeUnit;
importjavax.servlet.http.HttpServletRequest;
importjavax.servlet.http.HttpServletResponse;
importmons.lang3.StringUtils;
importorg.slf4j.Logger;
importorg.slf4j.LoggerFactory;
importorg.s