1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
/**
* 当前用户类
*/
@Data
public class Principal {
private int id;
private String username;
private String password;
private String token;
}
/**
* 描述类
*/
public class PrincipalHolder {
private PrincipalHolder {
}
private static final ThreadLocal<Principal> PRINCIPAL = new ThreadLocal<>();
/**
* 设置当前用户
*/
public static void set(Principal principal){
PRINCIPAL.set(principal);
}
/**
* 获取当前用户
*/
public static Principal get(){
PRINCIPAL.get();
}
}
/**
* 拦截器,拦截请求,通过 cookie 中的 token 获取当前用户信息,并放到 ThreadLocal 中
*/
public class PrincipalFilter implements Filter{
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
Cookie[] cookies = req.getCookies();
for (Cookie cookie : cookies) {
if (cookie.getName().equals("token")) {
// 通过 token 获取用户信息
Principal principal = SpringUtil.getBean(UserService.class).getByToken(cookie.getValue());
PrincipalHolder.set(principal);
break;
}
}
chain.doFilter(request, response);
}
@Override
public void destroy() {
}
}
/**
* 简单的登录逻辑
*/
@PostMapping("/login")
public HttpEntity<Principal> login(@RequestBody LoginParam loginParam, HttpServletResponse response) {
Principal principal;
try {
principal = userService.login(loginParam);
} catch (Exception e) {
Throwables.getStackTraceAsString(e);
}
Cookie cookie = new Cookie("token", principal.getToken());
cookie.setDomain("domain.com");
cookie.setPath("/");
response.addCookie(cookie);
return new ResponseEntity<>(principal, HttpStatus.OK);
}
/**
* SpringBoot 配置 filter 的方式,普通的 web 项目在 web.xml 中配置即可
*/
@Configuration
public class FilterConfig {
@Bean
public Filter principalFilter() {
return new PrincipalFilter();
}
@Bean
public FilterRegistrationBean principalFilterRegistration() {
FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(principalFilter());
registration.addUrlPatterns("/*");
registration.setName("principalFilter");
registration.setOrder(1);
return registration;
}
}
/**
* 测试获取当前用户
*/
@GetMapping("/principal")
public HttpEntity<Principal> getPrincipal(){
return new ResponseEntity<>(PrincipalHolder.get(), HttpStatus.OK);
}
Cookie & ThreadLocal 代替 session 实现无状态登录
本文由作者按照 CC BY 4.0 进行授权