1、单点登录解决方案

• 多个系统只有一个登录服务

1.1、后端保存登录状态

1.2、token模式

2、user服务-登录接口

2.1、UserController

	@Operation( summary = "用户登录接口")@PostMapping("/login")public Result login(@RequestBody UserInfo userInfo) {String token = userInfoService.login(userInfo);return Result.ok(token);}

2.2、UserInfoServiceImpl

    @Overridepublic String login(UserInfo userInfo) {//1、校验参数String username = userInfo.getUsername();String password = userInfo.getPassword();if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) {throw new SpzxException(ResultCodeEnum.LOGIN_PARAMS_ERROR, null);}//2、根据账号查询用户信息UserInfo dbUserInfo = this.getOne(Wrappers.lambdaQuery(UserInfo.class).eq(UserInfo::getUsername, username));if (dbUserInfo == null) {throw new SpzxException(ResultCodeEnum.LOGIN_USERNAME_ERROR, null);}//判断用户状态，用户状态校验if (dbUserInfo.getStatus() != 1) {throw new SpzxException(ResultCodeEnum.LOGIN_USER_STATUS_ERROR, null);}//3、账号存在，校验密码//使用明文密码 和 盐 采用注册的加密方式加密 和数据库密文比较String encodePwd = DigestUtils.md5DigestAsHex((DigestUtils.md5DigestAsHex(password.getBytes()) + dbUserInfo.getSalt()).getBytes());if (!encodePwd.equals(dbUserInfo.getPassword())) {throw new SpzxException(ResultCodeEnum.LOGIN_PASSWORD_ERROR, null);}//密码正确//4、生成token 缓存到redis中String token = IdUtil.getSnowflake(1, 1).nextIdStr();// 将用户密码重置为null，表示清除密码信息dbUserInfo.setPassword(null);// 将用户盐值重置为null，配合密码重置，确保安全性和一致性dbUserInfo.setSalt(null);redisTemplate.opsForValue().set("spzx:user:login:" + token, dbUserInfo, 7, TimeUnit.DAYS);//登录成功：更新用户最后一次登录的时间 和 ip地址ServletRequestAttributes requestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();HttpServletRequest request = requestAttributes.getRequest();return token;}

2.3、载荷

{"username": "18947628476","password": "123456"
}

2.4、响应

{"code":200,"message":"SUCCESS","data":"1801188891328385024"}

2.5、Redis Desktop Manager

{"@class": "com.atguigu.spzx.model.entity.h5.UserInfo","id": 1774759294596579329,"createTime": ["java.util.Date","2024-04-01 19:22:44"],"updateTime": ["java.util.Date",1718243055000],"deleted": false,"username": "18947628476","password": null,"nickName": "小弟","avatar": "https://cdn.apifox.com/app/project-icon/builtin/16.jpg","sex": null,"phone": null,"memo": null,"openId": null,"unionId": null,"lastLoginIp": null,"lastLoginTime": null,"status": 1,"salt": null
}

3、user服务-登录成功获取用户信息回显

3.1、UserController

    //auth：以后需要登录验证的接口会在路径中添加一层auth   前端访问时需要在请求头携带token@Operation( summary = "查询用户信息回显接口")@GetMapping("/auth/getCurrentUserInfo")public Result getCurrentUserInfo(@RequestHeader(value = "token",required = false)String token) {UserInfoVo userInfoVo = userInfoService.getCurrentUserInfo(token);return Result.ok(userInfoVo);}

3.2、UserInfoServiceImpl

    @Overridepublic UserInfoVo getCurrentUserInfo(String token) {UserInfo userInfo = (UserInfo) redisTemplate.opsForValue().get("spzx:user:login:" + token);if (userInfo == null) {//登录状态失效throw new SpzxException(ResultCodeEnum.LOGIN_STATUS_ERROR, null);}//UserInfo userInfo = SpzxServiceAuthInterceptor.THREAD_LOCAL.get();UserInfoVo userInfoVo = new UserInfoVo();userInfoVo.setNickName(userInfo.getNickName());userInfoVo.setAvatar(userInfo.getAvatar());return userInfoVo;}

3.3、响应

{"code": 200,"message": "SUCCESS","data": {"nickName": "小弟","avatar": "https://cdn.apifox.com/app/project-icon/builtin/16.jpg"}
}

4、登录状态验证&状态透传分析

4.1、gateway-过滤器统一校验登录状态

4.1.1、GlobalAuthFilter

package com.atguigu.spzx.gateway.filter;
import com.alibaba.nacos.shaded.com.google.gson.JsonObject;
import com.atguigu.spzx.model.result.ResultCodeEnum;
import jakarta.annotation.Resource;
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.cloud.gateway.filter.GlobalFilter;
import org.springframework.core.Ordered;
import org.springframework.core.io.buffer.DataBuffer;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.stereotype.Component;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.StringUtils;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;
@Component
public class GlobalAuthFilter implements GlobalFilter, Ordered {@Resourceprivate RedisTemplate redisTemplate;@Overridepublic Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {//1、判断请求路径是否需要验证登录状态ServerHttpRequest request = exchange.getRequest();String path = request.getURI().getPath();AntPathMatcher matcher = new AntPathMatcher();//1.1 不需要：直接放行if (!matcher.match("/**/auth/**", path)) {return chain.filter(exchange);}//1.2 需要：验证//2、获取头中的token到redis中查询登录状态 存在放行不存在返回一个Restful风格的响应报文（响应体设置一个Result对象的json）String token = request.getHeaders().getFirst("token");//redisTemplate必须和 微服务的配置一样if (StringUtils.isEmpty(token) || !redisTemplate.hasKey("spzx:user:login:" + token)) {//token不存在 或者 token 过期ServerHttpResponse response = exchange.getResponse();response.setStatusCode(HttpStatus.OK);//设置状态码//设置响应头：指定响应体内容的类型response.getHeaders().add("Content-Type", MediaType.APPLICATION_JSON_UTF8_VALUE);//设置响应体：ResultJsonObject jsonObject = new JsonObject();jsonObject.addProperty("code", ResultCodeEnum.LOGIN_STATUS_ERROR.getCode());jsonObject.addProperty("message", ResultCodeEnum.LOGIN_STATUS_ERROR.getMessage());String json = jsonObject.toString();DataBuffer buffer = response.bufferFactory().wrap(json.getBytes());//返回自定义响应报文：不放行return response.writeWith(Mono.just(buffer));}//登录状态有效 放行return chain.filter(exchange);}@Overridepublic int getOrder() {return -1;}
}

4.2、登录状态透传拦截器

4.2.1、SpzxServiceAuthInterceptor

package com.atguigu.spzx.common.handler.interceptor;
import com.atguigu.spzx.model.entity.h5.UserInfo;
import jakarta.annotation.Resource;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
@Component
public class SpzxServiceAuthInterceptor implements HandlerInterceptor {@Resourceprivate RedisTemplate redisTemplate;public static ThreadLocal<UserInfo> THREAD_LOCAL = new ThreadLocal();@Overridepublic boolean preHandle(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, Object handler) throws Exception {String token = request.getHeader("token");UserInfo userInfo = (UserInfo) redisTemplate.opsForValue().get("spzx:user:login:" + token);THREAD_LOCAL.set(userInfo);return true;}@Overridepublic void afterCompletion(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, Object handler, Exception ex) throws Exception {THREAD_LOCAL.remove();}
}

4.2.2、H5SpzxWebMvcConfigurer

package com.atguigu.spzx.common.handler.interceptor;
import jakarta.annotation.Resource;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
public class H5SpzxWebMvcConfigurer implements WebMvcConfigurer {@Resourceprivate SpzxServiceAuthInterceptor spzxServiceAuthInterceptor;@Overridepublic void addInterceptors(InterceptorRegistry registry) {registry.addInterceptor(spzxServiceAuthInterceptor).addPathPatterns("/**/auth/**");}
}

4.2.3、@EnableSpzxServiceAuth

package com.atguigu.spzx.common.handler.interceptor;
import org.springframework.context.annotation.Import;
import java.lang.annotation.*;
@Target(ElementType.TYPE)
@Retention(RetentionPolicy.RUNTIME)
@Documented
@Import(value = {SpzxServiceAuthInterceptor.class, H5SpzxWebMvcConfigurer.class})
public @interface EnableSpzxServiceAuth {
}

4.2.4、UserInfoServiceImpl

    @Overridepublic UserInfoVo getCurrentUserInfo(String token) {/*UserInfo userInfo = (UserInfo) redisTemplate.opsForValue().get("spzx:user:login:" + token);if (userInfo == null) {//登录状态失效throw new SpzxException(ResultCodeEnum.LOGIN_STATUS_ERROR, null);}*/UserInfo userInfo = SpzxServiceAuthInterceptor.THREAD_LOCAL.get();UserInfoVo userInfoVo = new UserInfoVo();userInfoVo.setNickName(userInfo.getNickName());userInfoVo.setAvatar(userInfo.getAvatar());return userInfoVo;}

5、登录校验状态透传总结