接口地址
http://localhost:8013/auth/login
请求参数
{
"username":"admin",
"password":"A6pMgii8***",
"code":"4",
"uuid":"captcha-code:2e7ac297ba18***"
}
返回结果
{
"user": {
"authorities": [
{
"authority": "admin"
}
],
"dataScopes": [],
"roles": [
"admin"
],
"user": {
"avatarName": "avatar-20200806032259161.png",
"avatarPath": "/Users/jie/Documents/work/me/admin/eladmin/~/avatar/avatar-202008060322***.png",
"createTime": "2018-08-23 09:11:56",
"dept": {
"hasChildren": false,
"id": 2,
"label": "研发部",
"leaf": true,
"name": "研发部",
"subCount": 0
},
"deptId": 2,
"email": "2015***m",
"enabled": true,
"gender": "男",
"id": 1,
"isAdmin": true,
"jobs": [],
"nickName": "管理员",
"password": "$2a$10$Egp***",
"phone": "188***",
"pwdResetTime": "2020-05-03 16:38:31",
"roles": [],
"updateBy": "admin",
"updateTime": "2020-09-05 10:43:31",
"username": "admin"
}
},
"token": "Bearer eyJhbGciOiJIUzU***"
}
代码
@Log("用户登录")
@ApiOperation("登录授权")
@AnonymousPostMapping(value = "/login")
public ResponseEntity<Object> login(@Validated @RequestBody AuthUserDto authUser, HttpServletRequest request) throws Exception {
// 密码解密
String password = RsaUtils.decryptByPrivateKey(RsaProperties.privateKey, authUser.getPassword());
// 查询验证码
String code = (String) redisUtils.get(authUser.getUuid());
// 清除验证码
redisUtils.del(authUser.getUuid());
if (StringUtils.isBlank(code)) {
throw new BadRequestException("验证码不存在或已过期");
}
if (StringUtils.isBlank(authUser.getCode()) || !authUser.getCode().equalsIgnoreCase(code)) {
throw new BadRequestException("验证码错误");
}
UsernamePasswordAuthenticationToken authenticationToken =
new UsernamePasswordAuthenticationToken(authUser.getUsername(), password);
Authentication authentication = authenticationManagerBuilder.getObject().authenticate(authenticationToken);
SecurityContextHolder.getContext().setAuthentication(authentication);
// 生成令牌与第三方系统获取令牌方式
// UserDetails userDetails = userDetailsService.loadUserByUsername(userInfo.getUsername());
// Authentication authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
// SecurityContextHolder.getContext().setAuthentication(authentication);
String token = tokenProvider.createToken(authentication);
final JwtUserDto jwtUserDto = (JwtUserDto) authentication.getPrincipal();
// 返回 token 与 用户信息
Map<String, Object> authInfo = new HashMap<String, Object>(2) {{
put("token", properties.getTokenStartWith() + token);
put("user", jwtUserDto);
}};
if (loginProperties.isSingleLogin()) {
// 踢掉之前已经登录的token
onlineUserService.kickOutForUsername(authUser.getUsername());
}
// 保存在线信息
onlineUserService.save(jwtUserDto, token, request);
// 返回登录信息
return ResponseEntity.ok(authInfo);
}
代码解析如下
如何解密前端密码传参
String password = RsaUtils.decryptByPrivateKey(RsaProperties.privateKey, authUser.getPassword());
具体的加密解密原理可以看看这篇博客
如何使用缓存校验前端传参-图片二维码是否正确
// 查询验证码
String code = (String) redisUtils.get(authUser.getUuid());
// 清除验证码
redisUtils.del(authUser.getUuid());
if (StringUtils.isBlank(code)) {
throw new BadRequestException("验证码不存在或已过期");
}
if (StringUtils.isBlank(authUser.getCode()) || !authUser.getCode().equalsIgnoreCase(code)) {
throw new BadRequestException("验证码错误");
}
项目作者是把原来的spring-redis类RedisTemplate进行了二次封装,方便不同Redis数据类型的调用,写在公共模块eladmin-common的utils目录下的RedisUtils类。具体路径为:你的项目路径\eladmin\eladmin-common\src\main\java\me\zhengjie\utils\RedisUtils.java。
如何生成jwt-token
String token = tokenProvider.createToken(authentication);
用的是spring-security,不懂的可以去找找对应的视频教程进行学习。项目作者把这个权限认证的功能写在了路径之下:你的项目路径\eladmin\eladmin-system\src\main\java\me\zhengjie\modules\security\security
下一篇,拆解一下用户管理模块代码。
接下来,我会拆解一下用户管理模块代码,然后基于用户模块,编写自己的文章管理模块代码。