登录成功后,使用用户id构造生成一个token并保存到redis中,同时也保存用户id到session中
生成token的代码如下:
@Override public String createToken(String phone,String appId) throws Exception { long loginTime = DateUtil.getNowTimeStampTime().getTime(); String str = String.valueOf(phone) + CommonConstant.COMMA_CHARACTER+appId+ CommonConstant.COMMA_CHARACTER+ String.valueOf(loginTime); byte[] cipherData = null; String result = null; cipherData = RSAEncrypt.encrypt(Rsa2Manager.getPublicKeyGmall(), str.getBytes("UTF-8"));//RSA加密 result = Base64.encode(cipherData);//加密 return result; }
checkToken,获取当前session,有效则已登录,无效则获取当前的token,解密token,再去查询redis中的token是否有效,有效则再次对session赋值,还原登录状态
@Override
public boolean isLogin(HttpSession session) throws Exception {
boolean islogin = false;
String appId = (String) session.getAttribute(UserConstant.LOGIN_APP_ID);
String userId = (String) session.getAttribute(UserConstant.USER_SESSION_KEY);
if (StringUtils.isNotBlank(appId) && StringUtils.isNotBlank(userId)) {
islogin = true;
} else {
String phone ="";
String appid ="";
HttpServletRequest request = getCurrentThreadRequest();
String currentToken = request.getHeader(CommonConstant.REQUEST_HEADER_TOKEN_NAME);
if(StringUtils.isNotBlank(currentToken)){
byte[] res = null;
res = RSAEncrypt.decrypt(Rsa2Manager.getPrivateKeyGmall(), Base64.decode(currentToken));
String restr = new String(res);
String[] str = restr.split(",");
phone = str[0];
appid = str[1];
String redisKey = CommonConstant.LOGIN_TOKEN.concat(phone);
String token = RedisUtil.getRedisString(redisKey);
if (StringUtils.isNotBlank(token)) {
request.getSession().setAttribute(UserConstant.USER_SESSION_KEY, phone);
request.getSession().setAttribute(UserConstant.LOGIN_APP_ID, appid);
islogin = true;
}else{
islogin = false;
}
}
}
return islogin;
}