登录功能
需求分析
查看原型
需求分析
代码开发
准备实体类Employee, 和employee表进行映射
package com.itheima.reggie.entity;
import com.baomidou.mybatisplus.annotation.FieldFill;
import com.baomidou.mybatisplus.annotation.TableField;
import lombok.Data;
import java.io.Serializable;
import java.time.LocalDateTime;
/**
* 员工实体类
*/
@Data
public class Employee implements Serializable {
private static final long serialVersionUID = 1L;
private Long id;
private String username;
private String name;
private String password;
private String phone;
private String sex;
private String idNumber;
private Integer status;
private LocalDateTime createTime;
private LocalDateTime updateTime;
@TableField(fill = FieldFill.INSERT)
private Long createUser;
@TableField(fill = FieldFill.INSERT_UPDATE)
private Long updateUser;
}
创建Controller, Service, Mapper
@Mapper
public interface EmployeeMapper extends BaseMapper<Employee> {
}
public interface EmployeeService extends IService<Employee> {
}
@Service
public class EmployeeServiceImpl extends ServiceImpl<EmployeeMapper, Employee> implements EmployeeService {
}
@Slf4j
@RestController
@RequestMapping("/employee")
public class EmployeeController {
@Autowired
private EmployeeService employeeService;
}
返回结果类: 服务端相应的所有结果最终都会包装成该类型返回给前端页面
/**
* 通用返回结果封装类
* @param <T>
*/
@Data
public class R<T> {
private Integer code; //编码:1成功,0和其它数字为失败
private String msg; //错误信息
private T data; //数据
private Map map = new HashMap(); //动态数据
public static <T> R<T> success(T object) {
R<T> r = new R<T>();
r.data = object;
r.code = 1;
return r;
}
public static <T> R<T> error(String msg) {
R r = new R();
r.msg = msg;
r.code = 0;
return r;
}
public R<T> add(String key, Object value) {
this.map.put(key, value);
return this;
}
}
在controller层创建登录方法, 梳理登录逻辑
@Slf4j
@RestController
@RequestMapping("/employee")
public class EmployeeController {
@Autowired
private EmployeeService employeeService;
/**
* 员工登录
* @param request
* @param employee
* @return
*/
@PostMapping("/login")
public R<Employee> login(HttpServletRequest request, @RequestBody Employee employee) {
log.info("员工登录:" + employee);
//1.密码进行md5加密
String password = employee.getPassword();
password = DigestUtils.md5DigestAsHex(password.getBytes());
//2.根据用户名查询数据库(用户名唯一)
LambdaQueryWrapper<Employee> queryChainWrapper = new LambdaQueryWrapper<>();
queryChainWrapper.eq(Employee::getUsername, employee.getUsername());
Employee emp = employeeService.getOne(queryChainWrapper);
//3.没有查询到结果
if(emp == null) {
return R.error("用户名无效");
}
//4.对比密码
if(!emp.getPassword().equals(password)) {
return R.error("密码错误");
}
//5.查看员工状态是否可用
if(emp.getStatus() == 0) {
return R.error("账号已禁用");
}
//6.登录成功,将员工id存入session并返回登录成功结果
request.getSession().setAttribute("employee", emp.getId());
return R.success(emp);
};
}
功能测试
测试登录成功, 用户名错误, 密码错误, 用户禁用等多种情况
登出功能
需求分析: 用户点击退出按钮, 发送退出请求, 后端清理Session中的用户id
代码实现
@Slf4j
@RestController
@RequestMapping("/employee")
public class EmployeeController {
@Autowired
private EmployeeService employeeService;
/**
* 退出登录
* @param request
* @return
*/
@PostMapping("/logout")
public R<String> logout(HttpServletRequest request) {
//清理Seeson中保存的当前登录的id
request.getSession().removeAttribute("employee");
return R.success("退出成功");
}
}
登录校验
前面已经完成了员工登录退出的功能, 由于没有登录校验, 当用户直接访问系统首页, 即便没有登录也可以访问,
我们的需求是用户未登录的情况下让用户去往登录页
自定义过滤器
/**
* 过滤器: 检测用户是否登录
* 拦截的路径: urlPatterns = "/*"
*/
@WebFilter(filterName = "loginCheckFilter", urlPatterns = "/*")
@Slf4j
public class LoginCheckFilter implements Filter {
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
log.info("拦截到请求:{}", request.getRequestURI());
filterChain.doFilter(request, response);
}
}
- 创建自定义过滤器LoginCheckFilter
- 在启动类上添加@ServletComponentScan注解, 注册过滤器
编写拦截逻辑
/**
* 过滤器: 检测用户是否登录
* 拦截的路径: urlPatterns = "/*"
*/
@WebFilter(filterName = "loginCheckFilter", urlPatterns = "/*")
@Slf4j
public class LoginCheckFilter implements Filter {
// 路径匹配器, 支持通配符
public static final AntPathMatcher PATH_MATCHER = new AntPathMatcher();
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
//1.获取本次请求的UIL
String requestURI = request.getRequestURI();
//定义不需要处理的请求路径
String[] urls = new String[]{
"/employee/login",
"/employee/logout",
"/backend/**",
"/front/**"
};
//2.判断本次请求是否需要处理
boolean check = check(urls, requestURI);
//3.不需要处理则放行
if(check) {
filterChain.doFilter(request, response);
return;
}
//4.判断登录状态, 已登录放行
if(request.getSession().getAttribute("employee") != null) {
filterChain.doFilter(request, response);
return;
}
//5.未登录则返回未登录结果,通过输出流方式向客户端页面响应数据
response.getWriter().write(JSON.toJSONString(R.error("NOTLOGIN")));
return;
}
/**
* 路径匹配, 检查本次请求是否需要放行
* @param urls
* @param requestURI
* @return
*/
public boolean check(String[] urls, String requestURI) {
for (String url : urls) {
boolean match = PATH_MATCHER.match(url, requestURI);
if(match){
return true;
}
}
return false;
}
}
前端和后端都可以通过日志或者断点的形式进行调试
