關于Token在Android中實作用戶登錄的使用
原理
在安卓中實作用戶登錄一般都是用Token,而目前最流行的就是用jwt先講一下實作的原理:第一步:用戶第一次登錄,客戶端向服務端發送用戶和密碼,服務端驗證用戶密碼是否正確,如果不正確回傳客戶端一個訊息(用戶名錯誤或者密碼錯誤),如果正確,服務端生成一個Token,并且快取起來(可以用Redis或者存放資料庫),第二步:客戶端接收服務端發送的Token和登陸成功的標識,并且把Token也保存起來,并跳轉到登錄成功后的頁面,第三步:登陸成功后有其他向服務端請求資料的請求,一律在請求頭部攜帶客戶端保存的Token,服務端驗證這些請求攜帶的Token是否過期或者不對,正常就回傳正常的資料,失敗就回傳驗證Token失敗的資訊,客服端接收失敗的資訊提示用戶重新登陸,并跳轉到登錄頁,
流程圖
前臺
第一步:用戶第一次登錄,客戶端向服務端發送用戶和密碼,
try{
String loginurl = getString(R.string.url2) + "login";
//自己寫的工具類
YyHttpRequestOrGetDataFromNet yyHttpRequestOrGetDataFromNet = new YyHttpRequestOrGetDataFromNet();
//以下采用的是將accountid和credential放到JsonObject物件中,
// 因為后臺/login設定的引數是一個user物件
JSONObject jsonParam = new JSONObject();
jsonParam.put("credential", password);
jsonParam.put("accountid", accountid);
// System.out.println("token:"+yyHttpRequestOrGetDataFromNet.doPost(loginurl,jsonParam));
//把第一次登錄服務器生成的Token存在本地
// json格式化
jsonLoginningInfo = yyHttpRequestOrGetDataFromNet.doPost(loginurl,jsonParam);
Gson gson = new Gson();
jsonRootBean = gson.fromJson(jsonLoginningInfo,new TypeToken<JsonRootBean>(){}.getType());
//token 存盤
YySharedPrefUtility.setParam(LoginActivity.this,YySharedPrefUtility.Token,
jsonRootBean.getContent().getToken());
System.out.println("tokrn:"+jsonRootBean.getContent().getToken());
System.out.println("tokrn:"+jsonRootBean.getMsg());
}
catch (Exception e){ e.printStackTrace();}
//密碼正確:服務端回傳1
if (jsonRootBean.getStatus()==0&&jsonRootBean.getMsg().equals("loginSuccess")) {
Toast.makeText(this, "登陸成功", Toast.LENGTH_SHORT).show();
YySharedPrefUtility.setParam(LoginActivity.this,
YySharedPrefUtility.ACCOUNTID, accountid);//用戶名存起來
startActivity(new Intent(getApplicationContext(), MainActivity.class));//登錄成功跳轉首頁
}
//用戶名不存在或密碼錯誤:服務端回傳-1
else {
Toast.makeText(this, "用戶名不存在或密碼不正確", Toast.LENGTH_SHORT).show();
}
這是我改動的工具類
post請求:
public String doPost(String url, JSONObject jsonParam) throws Exception {
/* Translate parameter map to parameter date string */
System.out.println("POST parameter : " + jsonParam.toString());
//以下兩行代碼非常有用,是網路連接一個嚴格的格式
//原文博客見https://blog.csdn.net/yuan882696yan/article/details/38419219
StrictMode.ThreadPolicy policy=new StrictMode.ThreadPolicy.Builder().permitAll().build();
StrictMode.setThreadPolicy(policy);
//創建URL連接
URL localURL = new URL(url);
URLConnection connection = this.openConnection(localURL);
HttpURLConnection httpURLConnection = (HttpURLConnection) connection;
httpURLConnection.setDoOutput(true);
httpURLConnection.setRequestMethod("POST");//請求方法為Post
httpURLConnection.setRequestProperty("Accept-Charset", charset);
httpURLConnection.setRequestProperty("Content-Type", "application/json");
httpURLConnection.setUseCaches(false);//post不能設定快取
OutputStream outputStream = null;
OutputStreamWriter outputStreamWriter = null;
InputStream inputStream = null;
InputStreamReader inputStreamReader = null;
BufferedReader reader = null;
StringBuffer resultBuffer = new StringBuffer();
String tempLine = null;
try {
outputStream = httpURLConnection.getOutputStream();
outputStreamWriter = new OutputStreamWriter(outputStream);
//這個地方最關鍵,將登錄傳過來的賬戶和密碼
outputStreamWriter.write(jsonParam.toString());
outputStreamWriter.flush();
//判斷請求是否成功
if (httpURLConnection.getResponseCode() >= 300) {
throw new Exception("HTTP Request is not success, Response code is " + httpURLConnection.getResponseCode());
}
//接收回應流
inputStream = httpURLConnection.getInputStream();
inputStreamReader = new InputStreamReader(inputStream);
reader = new BufferedReader(inputStreamReader);
while ((tempLine = reader.readLine()) != null) {
resultBuffer.append(tempLine);
}
} finally {
if (outputStreamWriter != null) {
outputStreamWriter.close();
}
if (outputStream != null) {
outputStream.close();
}
if (reader != null) {
reader.close();
}
if (inputStreamReader != null) {
inputStreamReader.close();
}
if (inputStream != null) {
inputStream.close();
}
}
return resultBuffer.toString();//回傳資料
}
get請求:
//獲取JSON資料流資料
public static String doGetJsonStringFromThread(final String u,final String token) {
Thread newThread;
newThread = new Thread(new Runnable() {
@Override
public void run() {
//創建url物件
URL url = null;
try {
//實體化url
url = new URL(u);
//獲取HttpURLConnection
HttpURLConnection connection = (HttpURLConnection) url.openConnection();
//設定get請求
connection.setRequestMethod("GET");
//設定超時時間
connection.setConnectTimeout(5 * 1000);
//設定編碼
connection.setRequestProperty("contentType", "utf-8");
//注意,最重要的地方,通過setRequestProperty把Token放到請求頭
connection.setRequestProperty("token",token);
//連接
connection.connect();
//獲取連接回應碼
int code = connection.getResponseCode();
//回應失敗
if (code >= 300) {
throw new Exception("HTTP Request is not success, Response code is " + code);
}
//如果連接上
if (code == 200) {
// h.sendEmptyMessage(2);
//獲取資料
InputStream inputStream = connection.getInputStream();
BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
String line;
StringBuffer buffer = new StringBuffer();
while ((line = bufferedReader.readLine()) != null) {
buffer.append(line);
}
//獲取json
jsonBuffer = buffer.toString();
//關閉is
inputStream.close();
}
//關閉連接
connection.disconnect();
} catch (Exception e) {
e.printStackTrace();
}
}
});
newThread.start(); //啟動執行緒
try {
//join方法:讓主執行緒等待子執行緒運行結束后再繼續運行
newThread.join();
} catch (InterruptedException e) {
e.printStackTrace();
}
return jsonBuffer;
}
后臺
1.攔截器:客戶端每像服務端發送請求都要在這里接受一下驗證,如果Token失效或者是偽造的Token都會驗證出來回傳客戶端錯誤的資訊
public class JWTInterceptor implements HandlerInterceptor{
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws IOException{
// TODO Auto-generated method stub
String token = request.getHeader("token");
try{
JWTUtils.verify(token);
return true;
}catch (Exception e){
JsonRootBean sJsonBaseObject=new JsonRootBean();
sJsonBaseObject.setMsg("令牌驗證失敗");
sJsonBaseObject.setStatus(-1);
ObjectMapper objectMapper = new ObjectMapper();
String result = objectMapper.writerWithDefaultPrettyPrinter().writeValueAsString(sJsonBaseObject);
response.setContentType("application/json;charset=UTF-8");
response.getWriter().println(result);
return false;
}
}
}
2.jwt工具類
public class JWTUtils {
token密鑰(自定義),最好在網上在線生成一個隨機字串,我這里是瞎打的
//這個密鑰一定不能泄露
private static final String SING = "!@#$%%^&&*####%%%$%";
//生成Token
public static String getToken(Map<String,String> map){
Calendar instance = Calendar.getInstance();
instance.add(Calendar.HOUR,5);
JWTCreator.Builder builder = JWT.create();
map.forEach((k,v)->{
builder.withClaim(k,v);
});
String token = builder.withExpiresAt(instance.getTime())
.sign(Algorithm.HMAC256(SING));
return token;
}
//根據密鑰生成JWT效驗器
public static void verify(String token){//決議Token
JWT.require(Algorithm.HMAC256(SING)).build().verify(token);
}
//效驗TOKEN
public static DecodedJWT getTokenInfo(String token){
return JWT.require(Algorithm.HMAC256(SING)).build().verify(token);
}
}
3.spring.mvc 寫在標簽的最外面,因為客戶端要通過/login來獲取Token,所以不能被攔截
<!-- 配置攔截器,驗證Token -->
<mvc:interceptors>
<mvc:interceptor>
<!-- 攔截所有/目錄下面的頁面 -->
<mvc:mapping path="/**"/>
<!-- mvc:exclude-mapping是另外一種攔截,它可以在你后來的測驗中對某個頁面進行不攔截 -->
<mvc:exclude-mapping path="/login" />
<bean class="com.yunyou.DBI.interceptor.JWTInterceptor"></bean>
</mvc:interceptor>
</mvc:interceptors>
4.controller層
其他等等服務層,物體類就沒必要給出來了,這里給了一個控制層
@Controller
public class UserLoginningInfoController {
@Autowired
private UserLoginningInfoService uService;
@RequestMapping(value="login",method=RequestMethod.POST)
@ResponseBody
public JsonRootBean login(@RequestBody v_U_userLoginning_info user) {
System.out.println("user"+user.getAccountid()+" "+user.getCredential());
JsonRootBean uJsonBaseObject = new JsonRootBean();
v_U_userLoginning_info us = uService.findUserByPassword(
user.getAccountid(), user.getCredential());
if(us==null) {
uJsonBaseObject.setMsg("loginError");
uJsonBaseObject.setStatus(-1);
return uJsonBaseObject;
}
HashMap<String,String> payload = new HashMap<String,String>();
payload.put("accountid", us.getAccountid());
String token = JWTUtils.getToken(payload);
LoginToken loginToken = new LoginToken();
loginToken.setToken(token);
uJsonBaseObject.setContent(loginToken);
uJsonBaseObject.setMsg("loginSuccess");
return uJsonBaseObject;
}
最后就可以啦
轉載請註明出處,本文鏈接:https://www.uj5u.com/yidong/301316.html
標籤:其他
上一篇:流式布局案例——京東網頁
下一篇:Java 虛擬機啟動