1.前段调用接口
2.后台调用 其中用户表为 sys_user
3.后台实现
(1).验证用户信息
1. @RequestMapping(value = "/login", method = RequestMethod.POST) 2. @ApiOperation("登录接口") 3. public Result<JSONObject> login(@RequestBody SysLoginModel sysLoginModel) throws Exception { 4. Result<JSONObject> result = new Result<JSONObject>(); 5. String username = sysLoginModel.getUsername(); 6. String password = sysLoginModel.getPassword(); 7. //update-begin--Author:scott Date:20190805 for:暂时注释掉密码加密逻辑,有点问题 8. //前端密码加密,后端进行密码解密 9. //password = AesEncryptUtil.desEncrypt(sysLoginModel.getPassword().replaceAll("%2B", "\\+")).trim();//密码解密 10. //update-begin--Author:scott Date:20190805 for:暂时注释掉密码加密逻辑,有点问题 11. 12. //1. 校验用户是否有效 13. SysUser sysUser = sysUserService.getUserByName(username); 14. result = sysUserService.checkUserIsEffective(sysUser); 15. if(!result.isSuccess()) { 16. return result; 17. } 18. 19. //2. 校验用户名或密码是否正确 20. String userpassword = PasswordUtil.encrypt(username, password, sysUser.getSalt()); 21. String syspassword = sysUser.getPassword(); 22. if (!syspassword.equals(userpassword)) { 23. result.error500("用户名或密码错误"); 24. return result; 25. } 26. 27. //用户登录信息 28. userInfo(sysUser, result); 29. sysBaseAPI.addLog("用户名: " + username + ",登录成功!", CommonConstant.LOG_TYPE_1, null); 30. 31. return result; 32. } 33. 34.
(2).放入部门,token ,在之后的调用中需要传入token
其中token放入redis中 并在每次调用中取出比对。
1. private Result<JSONObject> userInfo(SysUser sysUser, Result<JSONObject> result) { 2. String syspassword = sysUser.getPassword(); 3. String username = sysUser.getUsername(); 4. // 生成token 5. String token = JwtUtil.sign(username, syspassword); 6. redisUtil.set(CommonConstant.PREFIX_USER_TOKEN + token, token); 7. // 设置超时时间 8. redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + token, JwtUtil.EXPIRE_TIME / 1000); 9. 10. // 获取用户部门信息 11. JSONObject obj = new JSONObject(); 12. List<SysDepart> departs = sysDepartService.queryUserDeparts(sysUser.getId()); 13. obj.put("departs", departs); 14. if (departs == null || departs.size() == 0) { 15. obj.put("multi_depart", 0); 16. } else if (departs.size() == 1) { 17. sysUserService.updateUserDepart(username, departs.get(0).getOrgCode()); 18. obj.put("multi_depart", 1); 19. } else { 20. obj.put("multi_depart", 2); 21. } 22. obj.put("token", token); 23. obj.put("userInfo", sysUser); 24. result.setResult(obj); 25. result.success("登录成功"); 26. return result; 27. }
(3).可以使后台不拦截token 路径eecg-boot-master\jeecg-boot\jeecg-boot-module-system\src\main\java\org\jeecg\config\ShiroConfig.java 在其中配置拦截的路径
1. public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) { 2. ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); 3. shiroFilterFactoryBean.setSecurityManager(securityManager); 4. // 拦截器 5. Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>(); 6. //cas验证登录 7. filterChainDefinitionMap.put("/hello/**", "anon"); 8. // 配置不会被拦截的链接 顺序判断 9. filterChainDefinitionMap.put("/sys/login", "anon"); //登录接口排除 10. 11. filterChainDefinitionMap.put("/sys/login", "anon"); //登录接口排除 12. filterChainDefinitionMap.put("/sys/logout", "anon"); //登出接口排除 13. filterChainDefinitionMap.put("/sys/getEncryptedString", "anon"); //获取加密串 14. filterChainDefinitionMap.put("/sys/sms", "anon");//短信验证码 15. filterChainDefinitionMap.put("/sys/phoneLogin", "anon");//手机登录 16. filterChainDefinitionMap.put("/sys/user/checkOnlyUser", "anon");//校验用户是否存在 17. filterChainDefinitionMap.put("/sys/user/register", "anon");//用户注册 18. filterChainDefinitionMap.put("/sys/user/querySysUser", "anon");//根据手机号获取用户信息 19. filterChainDefinitionMap.put("/sys/user/phoneVerification", "anon");//用户忘记密码验证手机号 20. filterChainDefinitionMap.put("/sys/user/passwordChange", "anon");//用户更改密码 21. filterChainDefinitionMap.put("/auth/2step-code", "anon");//登录验证码 22. filterChainDefinitionMap.put("/sys/common/view/**", "anon");//图片预览不限制token 23. filterChainDefinitionMap.put("/sys/common/download/**", "anon");//文件下载不限制token 24. filterChainDefinitionMap.put("/sys/common/pdf/**", "anon");//pdf预览 25. filterChainDefinitionMap.put("/generic/**", "anon");//pdf预览需要文件 26. filterChainDefinitionMap.put("/", "anon"); 27. filterChainDefinitionMap.put("/doc.html", "anon"); 28. filterChainDefinitionMap.put("/**/*.js", "anon"); 29. filterChainDefinitionMap.put("/**/*.css", "anon"); 30. filterChainDefinitionMap.put("/**/*.html", "anon"); 31. filterChainDefinitionMap.put("/**/*.svg", "anon"); 32. filterChainDefinitionMap.put("/**/*.pdf", "anon"); 33. filterChainDefinitionMap.put("/**/*.jpg", "anon"); 34. filterChainDefinitionMap.put("/**/*.png", "anon"); 35. filterChainDefinitionMap.put("/**/*.ico", "anon"); 36. 37. // update-begin--Author:sunjianlei Date:20190813 for:排除字体格式的后缀 38. filterChainDefinitionMap.put("/**/*.ttf", "anon"); 39. filterChainDefinitionMap.put("/**/*.woff", "anon"); 40. // update-begin--Author:sunjianlei Date:20190813 for:排除字体格式的后缀 41. 42. filterChainDefinitionMap.put("/druid/**", "anon"); 43. filterChainDefinitionMap.put("/swagger-ui.html", "anon"); 44. filterChainDefinitionMap.put("/swagger**/**", "anon"); 45. filterChainDefinitionMap.put("/webjars/**", "anon"); 46. filterChainDefinitionMap.put("/v2/**", "anon"); 47. 48. //性能监控 49. filterChainDefinitionMap.put("/actuator/metrics/**", "anon"); 50. filterChainDefinitionMap.put("/actuator/httptrace/**", "anon"); 51. filterChainDefinitionMap.put("/actuator/redis/**", "anon"); 52. 53. 54. filterChainDefinitionMap.put("/test/jeecgDemo/demo3", "anon"); //模板测试 55. filterChainDefinitionMap.put("/test/jeecgDemo/redisDemo/**", "anon"); //redis测试 56. 57. 58. 59. //排除Online请求 60. filterChainDefinitionMap.put("/auto/cgform/**", "anon"); 61. //websocket排除 62. filterChainDefinitionMap.put("/websocket/**", "anon"); 63. 64. 65. 66. // 添加自己的过滤器并且取名为jwt 67. Map<String, Filter> filterMap = new HashMap<String, Filter>(1); 68. filterMap.put("jwt", new JwtFilter()); 69. shiroFilterFactoryBean.setFilters(filterMap); 70. // <!-- 过滤链定义,从上向下顺序执行,一般将/**放在最为下边 71. filterChainDefinitionMap.put("/**", "jwt"); 72. 73. // 未授权界面返回JSON 74. shiroFilterFactoryBean.setUnauthorizedUrl("/sys/common/403"); 75. shiroFilterFactoryBean.setLoginUrl("/sys/common/403"); 76. shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap); 77. return shiroFilterFactoryBean; 78. }