java session和cookie的存值和取值

本文cookie和session的存值和取值以及攔截器token驗證

pom添加依賴

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.5.6</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <groupId>com.stu</groupId>
    <artifactId>boot-init</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>boot-init</name>
    <description>Demo project for Spring Boot</description>
    <properties>
        <java.version>1.8</java.version>
    </properties>
    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.mybatis.spring.boot</groupId>
            <artifactId>mybatis-spring-boot-starter</artifactId>
            <version>2.2.0</version>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>com.auth0</groupId>
            <artifactId>java-jwt</artifactId>
            <version>3.10.3</version>
        </dependency>

        <dependency>
            <groupId>io.jsonwebtoken</groupId>
            <artifactId>jjwt</artifactId>
            <version>0.9.1</version>
        </dependency>
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>

</project>

LoginController

package com.stu.controller;

import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.util.Date;
import java.util.HashMap;
import javax.servlet.http.Cookie;

@RestController
@RequestMapping("/login")
public class LogonController {


    @RequestMapping("/login")
    public String login(HttpServletRequest request, HttpServletResponse response, HttpSession session){

        Cookie c = new Cookie("logincodecookie","");

        c.setMaxAge(60*60*24*14); //2周時間Cookie過期     單位秒
        c.setPath("/"); //表示任何請求路徑都可以訪問Cookie

        response.addCookie(c);
        session.setAttribute("loginsession","sessoin");





        //如果登錄驗證成功，則需要生成令牌token（token就是按照特定規則生成的字符串）
        //使用jwt規則生成token字符串
        JwtBuilder builder = Jwts.builder();

        HashMap<String,Object> map = new HashMap<>();
        map.put("key1","value1");
        map.put("key2","value2");

        String token = builder.setSubject("tokenName")                     //主題，就是token中攜帶的數據
                .setIssuedAt(new Date())                            //設置token的生成時間
                .setId("userId123456" + "")               //設置用戶id為token  id
                .setClaims(map)                                     //map中可以存放用戶的角色權限信息
                .setExpiration(new Date(System.currentTimeMillis() + 24*60*60*1000)) //設置token過期時間
                .signWith(SignatureAlgorithm.HS256, "QIANfeng6666")     //設置加密方式和加密密碼
                .compact();

        return token;

    }
    @RequestMapping("/loginAfter")
    public void loginAfter(HttpServletRequest request, HttpServletResponse response, HttpSession session){

        System.out.println("獲取到Cookie中的鍵值對 loginAfter");


    }




}

InterceptorConfig攔截器注冊

package com.stu.controller.config;

import com.stu.controller.interceptor.CheckTokenInterceptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

@Configuration
public class InterceptorConfig implements WebMvcConfigurer {

    @Autowired
    private CheckTokenInterceptor checkTokenInterceptor;

    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(checkTokenInterceptor)
                .addPathPatterns("/**").excludePathPatterns("/login/login");

    }
}

CheckTokenInterceptor攔截器

package com.stu.controller.interceptor;


import com.fasterxml.jackson.databind.ObjectMapper;
import com.stu.controller.vo.ResultVO;
import io.jsonwebtoken.*;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.io.PrintWriter;

@Component
public class CheckTokenInterceptor implements HandlerInterceptor {

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        String method = request.getMethod();
        if("OPTIONS".equalsIgnoreCase(method)){
            return true;
        }
        HttpSession session = request.getSession();
        Object user = session.getAttribute("loginsession");
        Cookie[] cookies = request.getCookies();
        if(cookies != null){
            for (Cookie cookie : cookies) {
                if("logincodecookie".equals(cookie.getName())) {

                    System.out.println("獲取到Cookie中的鍵值對" + cookie.getName() + "===== " + cookie.getValue());
                }
            }
        }


        String token = request.getHeader("token");
        if(token == null){
            ResultVO resultVO = new ResultVO(20001, "請先登錄！", null);
            doResponse(response,resultVO);
        }else{
            try {
                JwtParser parser = Jwts.parser();
                parser.setSigningKey("QIANfeng6666"); //解析token的SigningKey必須和生成token時設置密碼一致
                //如果token正確（密碼正確，有效期內）則正常執行，否則拋出異常
                Jws<Claims> claimsJws = parser.parseClaimsJws(token);
                return true;
            }catch (ExpiredJwtException e){
                ResultVO resultVO = new ResultVO(20002, "登錄過期，請重新登錄！", null);
                doResponse(response,resultVO);
            }catch (UnsupportedJwtException e){
                ResultVO resultVO = new ResultVO(20001, "Token不合法，請自重！", null);
                doResponse(response,resultVO);
            }catch (Exception e){
                ResultVO resultVO = new ResultVO(20001, "請先登錄！", null);
                doResponse(response,resultVO);
            }
        }
        return false;
    }

    private void doResponse(HttpServletResponse response,ResultVO resultVO) throws IOException {
        response.setContentType("application/json");
        response.setCharacterEncoding("utf-8");
        PrintWriter out = response.getWriter();
        String s = new ObjectMapper().writeValueAsString(resultVO);
        out.print(s);
        out.flush();
        out.close();
    }

}