java使用token防止用户重复登录以及验证用户登录

登录成功后,使用用户id构造生成一个token并保存到redis中,同时也保存用户id到session中

生成token的代码如下:

    @Override
    public String createToken(String phone,String appId) throws Exception {
        long loginTime = DateUtil.getNowTimeStampTime().getTime();
        String str = String.valueOf(phone) + CommonConstant.COMMA_CHARACTER+appId+ CommonConstant.COMMA_CHARACTER+ String.valueOf(loginTime);
        byte[] cipherData = null;
        String result = null;
        cipherData = RSAEncrypt.encrypt(Rsa2Manager.getPublicKeyGmall(), str.getBytes("UTF-8"));//RSA加密
        result = Base64.encode(cipherData);//加密
        return result;
    }

checkToken,获取当前session,有效则已登录,无效则获取当前的token,解密token,再去查询redis中的token是否有效,有效则再次对session赋值,还原登录状态

@Override
	public boolean isLogin(HttpSession session) throws Exception {
		boolean islogin = false;
		String appId = (String) session.getAttribute(UserConstant.LOGIN_APP_ID);
		String userId = (String) session.getAttribute(UserConstant.USER_SESSION_KEY);
		if (StringUtils.isNotBlank(appId) && StringUtils.isNotBlank(userId)) {
			islogin = true;
		} else {
			String phone ="";
			String appid ="";
			HttpServletRequest request = getCurrentThreadRequest();
			String currentToken = request.getHeader(CommonConstant.REQUEST_HEADER_TOKEN_NAME);
			if(StringUtils.isNotBlank(currentToken)){
				byte[] res = null;
				res = RSAEncrypt.decrypt(Rsa2Manager.getPrivateKeyGmall(), Base64.decode(currentToken));
				String restr = new String(res);
				String[] str = restr.split(",");
				phone = str[0];
				appid = str[1];
				String redisKey = CommonConstant.LOGIN_TOKEN.concat(phone);
				String token = RedisUtil.getRedisString(redisKey);
				if (StringUtils.isNotBlank(token)) {
					request.getSession().setAttribute(UserConstant.USER_SESSION_KEY, phone);
					request.getSession().setAttribute(UserConstant.LOGIN_APP_ID, appid);
					islogin = true;
				}else{
					islogin = false;
				}
			}
		}
		return islogin;
	}

  

转载于:https://www.cnblogs.com/ouyanxia/p/7490613.html

你可能感兴趣的:(java,数据库)