从零到企业级SSM电商项目实战教程(十八)用户登录功能开发

用户模块功能介绍

1、登录

2、用户名验证

3、注册

4、忘记密码

5、提交问题答案

6、重置密码

7、获取用户信息

8、更新用户信息

9、退出登录

学习目标

1、理解横向越权、纵向越权安全漏洞

2、MD5明文加密机增加salt值

3、Guava缓存的使用

4、高复用服务响应对象的设计思想及抽象分装

5、session的使用

6、方法局部演进

横向越权、纵向越权安全漏洞

横向越权:攻击者尝试访问与他拥有相同权限的用户的资源

纵向越权:低级别攻击者尝试访问高级别用户的资源

完成用户登录功能

controller包下新建一个包portal,门户的意思,给前端用的。然后在里面创建一个类UserController

package com.mmall.controller.portal;

import com.mmall.common.Const;
import com.mmall.common.ServerResponse;
import com.mmall.pojo.User;
import com.mmall.service.IUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;

import javax.servlet.http.HttpSession;

/**
 * @Author: Geekerstar(jikewenku.com)
 * @Date: 2018/6/22 9:04
 * @Description:
 */
@Controller
@RequestMapping("/user/")
public class UserController {

    @Autowired
    private IUserService iUserService;
    /*
     * @Description: 用户登录
     *
     * @auther: Geekerstar(jikewenku.com)
     * @date: 2018/6/22 9:28
     * @param: [username, password, session]
     * @return: java.lang.Object
     */
    @RequestMapping(value = "login.do",method = RequestMethod.POST)
    @ResponseBody
    public ServerResponse login(String username, String password, HttpSession session){
        //service-->mybatis-->dao
        ServerResponse response = iUserService.login(username,password);
        if(response.isSuccess()){
            session.setAttribute(Const.CURRENT_USER,response.getData());
        }
        return response;

    }
}

service包下创建IUserService,创建一个包impl存放它的实现类

IUserService代码如下:

package com.mmall.service;

import com.mmall.common.ServerResponse;
import com.mmall.pojo.User;

/**
 * @Author: Geekerstar(jikewenku.com)
 * @Date: 2018/6/22 9:32
 * @Description:
 */
public interface IUserService {
    ServerResponse login(String username, String password);
}

实现类UserServiceImpl代码如下

package com.mmall.service.impl;

import com.mmall.common.ServerResponse;
import com.mmall.dao.UserMapper;
import com.mmall.pojo.User;
import com.mmall.service.IUserService;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

/**
 * @Author: Geekerstar(jikewenku.com)
 * @Date: 2018/6/22 9:34
 * @Description:
 */
@Service("iUserService")
public class UserServiceImpl implements IUserService{
    @Autowired
    private UserMapper userMapper;

    @Override
    public ServerResponse login(String username, String password){
        int resultCount = userMapper.checkUsername(username);
        if(resultCount == 0){
            return ServerResponse.createByErrorMessgae("用户名不存在");
        }
        //密码登录MD5

        User user = userMapper.selectLogin(username,password);
        if(user == null){
            return ServerResponse.createByErrorMessgae("密码错误");
        }

        user.setPassword(StringUtils.EMPTY);
        return ServerResponse.createBySuccess("登录成功",user);
    }
}

接下来完成一个通用的响应对象,common里新建一个类ServerResponse

package com.mmall.common;

import org.codehaus.jackson.annotate.JsonIgnore;
import org.codehaus.jackson.map.annotate.JsonSerialize;

import java.io.Serializable;

/**
 * @Author: Geekerstar(jikewenku.com)
 * @Date: 2018/6/22 9:36
 * @Description:
 */
@JsonSerialize(include = JsonSerialize.Inclusion.NON_NULL)
//保证序列化JSon的时候,如果是null的对象,可以也会消失
public class ServerResponse implements Serializable{
    private int status;
    private String msg;
    private T data;

    private ServerResponse(int status){
        this.status = status;
    }
    private ServerResponse(int status,T data){
        this.status = status;
        this.data = data;
    }
    private ServerResponse(int status,String msg,T data){
        this.status = status;
        this.msg = msg;
        this.data = data;
    }
    private ServerResponse(int status,String msg){
        this.status = status;
        this.msg = msg;
    }

    @JsonIgnore
    //使之不在json序列化结果当中
    public boolean isSuccess(){
        return this.status == ResponseCode.SUCCESS.getCode();
    }

    public int getStatus(){
        return status;
    }

    public T getData(){
        return data;
    }

    public String getMsg(){
        return msg;
    }

    public static  ServerResponse createBySuccess(){
        return new ServerResponse(ResponseCode.SUCCESS.getCode());
    }

    public static  ServerResponse createBySuccessMessage(String msg){
        return new ServerResponse(ResponseCode.SUCCESS.getCode(),msg);
    }

    public static  ServerResponse createBySuccess(T data){
        return new ServerResponse(ResponseCode.SUCCESS.getCode(),data);
    }

    public static  ServerResponse createBySuccess(String msg,T data){
        return new ServerResponse(ResponseCode.SUCCESS.getCode(),msg,data);
    }


    public static  ServerResponse createByError(){
        return new ServerResponse(ResponseCode.ERROR.getCode(),ResponseCode.ERROR.getDesc());
    }

    public static  ServerResponse createByErrorMessgae(String errorMesage){
        return new ServerResponse(ResponseCode.ERROR.getCode(),errorMesage);
    }

    public static  ServerResponse createByErrorCodeMessgae(int errorCode,String errorMesage){
        return new ServerResponse(errorCode,errorMesage);
    }

}

common包下新建一个ResponseCode

package com.mmall.common;

/**
 * @Author: Geekerstar(jikewenku.com)
 * @Date: 2018/6/22 9:43
 * @Description:
 */
public enum ResponseCode {
    SUCCESS(0,"SUCCESS"),
    ERROR(1,"ERROR"),
    NEED_LOGIN(10,"NEED_LOGIN"),
    ILLEGAL_ARGUMENT(2,"ILLEGAL_ARGUMENT");

    private final int code;
    private final String desc;

    ResponseCode(int code,String desc){
        this.code = code;
        this.desc = desc;
    }

    public int getCode(){
        return code;
    }

    public String getDesc(){
        return desc;
    }
}

common包下新建一个Const

package com.mmall.common;

/**
 * @Author: Geekerstar(jikewenku.com)
 * @Date: 2018/6/22 10:33
 * @Description:
 */
public class Const {
    public static final String CURRENT_USER = "currentUser";
}

UserMapper下新增

int checkUsername(String username);

User selectLogin(@Param("username") String username, @Param("password") String password);

UserMapper.xml里编写SQL




说明

以上代码不是一蹴而就的,不是写完一个文件再写另一个,而是交叉开发的。

但是为了展示方便,所以按照文件来呈现代码,没有按照先后顺序来呈现,望周知。

每个章节的代码都放到GitHub上了,希望参考后顺便给个star。

整个教程完成之后我会再做一次优化,做出部分调整完善。

有任何疑问请在下面留言。

本站所有文章均由网友分享,仅用于参考学习用,请勿直接转载,如有侵权,请联系网站客服删除相关文章。若由于商用引起版权纠纷,一切责任均由使用者承担
极客文库 » 从零到企业级SSM电商项目实战教程(十八)用户登录功能开发

Leave a Reply

欢迎加入「极客文库」,成为原创作者从这里开始!

立即加入 了解更多