App login Java background processing and user rights authentication _java

Recently made an app project, backstage I was alone development, the development task sequence arrangement does not have the landing, the registration and the authorization authentication these basic functions to put in the first stage development, is now part of the business related function already completed, but the user entrance unexpectedly still did not have, only explained the original demand analysis when was too anxious, Put the most basic user entrance to the back.

Now you need to add the user login and permission verification capabilities based on existing code.

With regard to login and permission verification, referring to previous iOS development experience, App end provides username and password in exchange for token, every time through the exchange of token request need login permission operation.

Now in turn, I need to consider the following questions:

1. How to easily meet the implementation of these functions in the code of the existing features, making the existing code less modified, and the future of the new features to achieve the right to verify not trouble

2. How to generate token based on user name and password, and how to differentiate the client to provide token correctness in the function that needs permissions

First of all to face the first problem, according to experience, the general solution is the filter, interceptor, if the requirements on the landing and authorization to verify these in front of the words, as long as the late function of the URL has a certain regularity, filter or interceptor use is almost always. But I am now faced with no previous design and specification of the URL, so the use of filters or interceptors is I do not want to face.

In addition to these conventional solutions, Spring AOP is a good tool for solving such problems, using face-cut programming to make a forward notification to all methods that require permission validation, but because the URL, class name, or method has no regularity, I think of a custom annotation (annotation), Permission validation is done on all the method plus the custom annotation.

1. Now that you're thinking about using Spring AOP, the first step is to open AOP in the spring configuration file

Open AOP

<aop:aspectj-autoproxy/>

The above configuration is based on pouring SPRING-AOP related jar packages into the project and introducing an AOP URL in the header of the configuration file

2. Secondly, we first define a custom annotation

@Target ({elementtype.method, elementtype.type})

@Retention (retentionpolicy.runtime) public

@interface useraccess {

 

}

3. We are not in a hurry to do authorization function, because now our token has not yet generated a solution.

A single sign-on is taken into account on token generation, so token cannot be fixed at any time, as long as we have a token at least two people can use the same account at the same time, which is not allowed in our business at the moment. Finally I chose "username+password+ login Time" To do MD5 encryption as token (there are many methods, such as UUID, in the case of guaranteed uniqueness and variability). The token is generated when the user name and password are validated, and the token is saved as a key-value pair of "Username:token" and "Token: User" (or it can be saved to the database) and finally returned to the client.

The following code only makes a simple example:

@Service public class Loginservice {/** * store "username: Token" key value pair/public static map<string,string> tokenmap=new H

Ashmap<string,string> ();

 

/** * Store "token:user" key value pairs/public static map<string,user> loginusermap=new hashmap<string,user> ();

public string Login (string name,string password) {System.out.println (name+ "-----" +password);

/** * To determine whether login success * 1. Login Success * 1.1. Successfully generate the corresponding token and update * 1.2. The failure throws an exception/String token=tokenmap.get (name);

User User=null;

if (token==null) {user=new user ();

User.setname (name);

User.setpassword (password);

SYSTEM.OUT.PRINTLN ("New user Login");

}else{User=loginusermap.get (token);

Loginusermap.remove (token);

SYSTEM.OUT.PRINTLN ("Update user login token");

} token=md5util.md5 (Name+password+new Date (). GetTime ());

Loginusermap.put (token, user);

Tokenmap.put (name, token);

System.out.println ("currently has" +tokenmap.size () + "user");

For (User u:loginusermap.values ()) {System.out.println (U.getname () + ":" +u.getpassword ());

return token;
 } 

}

4. At the same time, our clients have been logged after the token, as long as in all requests for permission to carry token in order to obtain a successful response (recommended: For the convenience of app coding, token can be carried in the request header, the existing code without major changes, and will not need to care about the token problem in the future. I randomly found a method to do the experiment:

@Controller

@RequestMapping ("/login") public

class Logincontroller {

@Autowired

private Loginservice Loginservice;

 

@UserAccess

@RequestMapping (value= "/loginin", method=requestmethod.get) public

@ResponseBody String Login ( HttpServletRequest request) {

String name=request.getparameter (' name ');

String password=request.getparameter ("password");

String token=loginservice.login (name, password);

Return token

}

}

Note that the bold part is a custom annotation, the login function of the request parameters can not be token, so no matter how many times, it is impossible to pass, just to do an example. @UserAccess added to functions that require permission validation

5. Customizing annotation is now a good starting point

@Component

@Aspect Public

class Permissionaspect {

 

 //settings annotation as a pointcut

@Before ("@annotation" ( com.example.chap01.annotation.UserAccess) ") Public

void Checkpermission (Joinpoint joinpoint) throws exception{

System.out.println ("predecessor notice");

Gets the request parameter of the interception

object[] args = Joinpoint.getargs ();

HttpServletRequest request= (HttpServletRequest) args[0];

String Token=request.getparameter ("token");

SYSTEM.OUT.PRINTLN ("predecessor Notice token:" +token);

User User=loginservice.loginusermap.get (token);

if (user==null) {

System.out.println ("Validation does not pass!") ");

throw new Exception ("No Permissions");}}

At this point, the login and permissions verification function is complete.

Also attach personal github above the source code: Https://github.com/zw201913/applogin.git

The above is the entire content of this article, I hope to help you learn.