1. 配置文件中赋值
1.1 配置application.properties
为了我们在不同的服务器环境,项目环境能读取到不同的配置文件,于是把所有我们需要的变量全部放到application.properties中,这样就可以让不同的项目环境读取不同的配置文件
package life.guohui.community.controller;
@Controller
public class AuthorizeController {
@Autowired
private GithubProvider githubProvider;
@Value("${github.client.id}")
private String clientId;
@Value("${github.client.secret}")
private String clientSecret;
@Value("${github.redirect.uri}")
private String redirectUri;
@GetMapping("/callback")
public String callback(@RequestParam(name="code") String code,
@RequestParam(name="state") String state){
AccessTokendDTO accessTokendDTO = new AccessTokendDTO();
accessTokendDTO.setCode(code);
accessTokendDTO.setRedirect_uri(redirectUri);
accessTokendDTO.setCliend_id(clientId);
accessTokendDTO.setClient_secret("clientSecret");
accessTokendDTO.setState(state);
String accessToken = githubProvider.getAccessToken(accessTokendDTO);
GithubUser user = githubProvider.getUser(accessToken);
System.out.println(user.getName());
return "index";
}
}
1.2 保存登陆用户的信息
package life.guohui.community.controller;
@Controller
public class AuthorizeController {
@Autowired
private GithubProvider githubProvider;
@Value("${github.client.id}")
private String clientId;
@Value("${github.client.secret}")
private String clientSecret;
@Value("${github.redirect.uri}")
private String redirectUri;
@GetMapping("/callback")
public String callback(@RequestParam(name="code") String code,
@RequestParam(name="state") String state,
HttpServletRequest request){
AccessTokendDTO accessTokendDTO = new AccessTokendDTO();
accessTokendDTO.setCode(code);
accessTokendDTO.setRedirect_uri(redirectUri);
accessTokendDTO.setCliend_id(clientId);
accessTokendDTO.setClient_secret(clientSecret);
accessTokendDTO.setState(state);
String accessToken = githubProvider.getAccessToken(accessTokendDTO);
System.out.println(accessToken);
GithubUser user = githubProvider.getUser(accessToken);
System.out.println(user);
if(user != null){
//登陆成功,写cookie和session
request.getSession().setAttribute("user",user);
return "redirect:/";
}else {
return "redirect:/";
}
}
}
1.3 index页面导入命名空间
<html xmlns:th="http://www.thymeleaf.org">
a. 登陆和未登陆的区别显示
<li class="dropdown" th:if="${session.user != null}">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false" th:text="${session.user.getName()}"> <span class="caret"></span></a>
<ul class="dropdown-menu">
<li><a href="#">消息中心</a></li>
<li><a href="#">个人资料</a></li>
<li><a href="#">退出登陆</a></li>
</ul>
</li>
<li th:unless="${session.user != null}">
<a href="https://github.com/login/oauth/authorize?client_id=Iv1.bf5154208e60707f&redirect_uri=http://localhost:8887/callback&scope=user&state=1">登陆</a>
</li>
2. h2数据库
2.1 添加依赖
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
<version>1.4.199</version>
</dependency>
2.2 添加数据源
a. 测试连接
b. 建表
3. 使用Mybatis
3.1 添加依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jdbc</artifactId>
</dependency>
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>2.0.1</version>
</dependency>
3.2配置数据源
application.properties
spring.datasource.url=jdbc:h2:E:/Users/IdeaProjects/community
spring.datasource.username=sa
spring.datasource.password=123
spring.datasource.driver-class-name=org.h2.Driver
3.3 创建实体类对应数据库的user
3.4 UserMapper接口
package life.guohui.community.mapper;
@Mapper
public interface UserMapper {
@Insert("insert into user (name,account_id,token,gmt_create,gmt_modified) values(#{name},#{accountId},#{token},#{gmtCreate},#{gmtModified})")
void insert(User user);
}
3.5 Controller层
把用户token存为uuid随机值,githubUser赋值给User对象
package life.guohui.community.controller;
@Controller
public class AuthorizeController {
@Autowired
private GithubProvider githubProvider;
@Value("${github.client.id}")
private String clientId;
@Value("${github.client.secret}")
private String clientSecret;
@Value("${github.redirect.uri}")
private String redirectUri;
@Autowired
private UserMapper userMapper;
@GetMapping("/callback")
public String callback(@RequestParam(name="code") String code,
@RequestParam(name="state") String state,
HttpServletRequest request){
AccessTokendDTO accessTokendDTO = new AccessTokendDTO();
accessTokendDTO.setCode(code);
accessTokendDTO.setRedirect_uri(redirectUri);
accessTokendDTO.setCliend_id(clientId);
accessTokendDTO.setClient_secret(clientSecret);
accessTokendDTO.setState(state);
String accessToken = githubProvider.getAccessToken(accessTokendDTO);
System.out.println(accessToken);
GithubUser githubUser = githubProvider.getUser(accessToken);
System.out.println(githubUser);
if(githubUser != null){
User user = new User();
user.setToken(UUID.randomUUID().toString());
user.setName(githubUser.getName());
user.setAccountId(String.valueOf(githubUser.getId()));
user.setGmtCreate(System.currentTimeMillis());
user.setGmtModified(user.getGmtCreate());
userMapper.insert(user);
//登陆成功,写cookie和session
request.getSession().setAttribute("user",user);
return "redirect:/";
}else {
return "redirect:/";
}
}
}
3.6 数据保存成功
如果说数据库说用户名和密码不对
4 持久化登陆状态的获取
4.1 过程描述
我们手动的去写一个key和value,并且能在登陆验证的时候手动把user和value识别出来,识别处理以后,然后去数据库查看是不是在数据库中,并且已经存在,那么如果存在就是登陆成功,如果不存在就是登陆失败。
package life.guohui.community.controller;
@Controller
public class AuthorizeController {
......
@GetMapping("/callback")
public String callback(@RequestParam(name="code") String code,
@RequestParam(name="state") String state,
HttpServletResponse response){
AccessTokendDTO accessTokendDTO = new AccessTokendDTO();
accessTokendDTO.setCode(code);
accessTokendDTO.setRedirect_uri(redirectUri);
accessTokendDTO.setCliend_id(clientId);
accessTokendDTO.setClient_secret(clientSecret);
accessTokendDTO.setState(state);
String accessToken = githubProvider.getAccessToken(accessTokendDTO);
System.out.println(accessToken);
GithubUser githubUser = githubProvider.getUser(accessToken);
System.out.println(githubUser);
if(githubUser != null){
User user = new User();
String token = UUID.randomUUID().toString();
user.setToken(token);
user.setName(githubUser.getName());
user.setAccountId(String.valueOf(githubUser.getId()));
user.setGmtCreate(System.currentTimeMillis());
user.setGmtModified(user.getGmtCreate());
userMapper.insert(user);
response.addCookie(new Cookie("token",token));
return "redirect:/";
}else {
return "redirect:/";
}
}
}
当使用github登陆成功以后,它会做登陆获取到用户信息,这时生成一个token,生成token以后,把token放到User对象中,存取到数据库中,并且把token放到cookIe里面。
4.2 访问首页
当有人访问首页的时候,循环去看所有的cookie,找到cookie的name=token的cookie,然后拿到这个cookie去数据库里查,是不是有这个cookie这条记录,如果有就把user放到session中。
如果没有登陆过,数据库是不会有对应的token的,拿不到token
package life.guohui.community.controller;
@Controller
public class IndexController {
@Autowired
private UserMapper userMapper;
@GetMapping("/")
public String index(HttpServletRequest request){
Cookie[] cookies = request.getCookies();
for(Cookie cookie: cookies){
if(cookie.getName().equals("token")){
String token = cookie.getValue();
User user = userMapper.findByToken(token);
if(user != null){
request.getSession().setAttribute("user",user);
}
break;
}
}
return "index";
}
}
这样做的好处是:假如有用户在访问我们的网站,我们的服务器重启或连接断开,发现登陆就失效了,每次重启服务我们都需要用户重新登陆一下,那就相当麻烦了,所以我们需要一种方式通过页面的key。
这种方式适合小范围,用户量大就会不合适。
网友评论