当前位置:首页 » 《随便一记》 » 正文

Token在android的使用_weixin_52173611的博客

6 人参与  2021年12月15日 11:09  分类 : 《随便一记》  评论

点击全文阅读


关于Token在Android中实现用户登录的使用

原理

在安卓中实现用户登录一般都是用Token,而目前最流行的就是用jwt先讲一下实现的原理:第一步:用户第一次登录,客户端向服务端发送用户和密码,服务端验证用户密码是否正确,如果不正确返回客户端一个消息(用户名错误或者密码错误),如果正确,服务端生成一个Token,并且缓存起来(可以用Redis或者存放数据库)。第二步:客户端接收服务端发送的Token和登陆成功的标识,并且把Token也保存起来,并跳转到登录成功后的页面。第三步:登陆成功后有其他向服务端请求数据的请求,一律在请求头部携带客户端保存的Token,服务端验证这些请求携带的Token是否过期或者不对,正常就返回正常的数据,失败就返回验证Token失败的信息,客服端接收失败的信息提示用户重新登陆,并跳转到登录页。

流程图

在这里插入图片描述

前台

第一步:用户第一次登录,客户端向服务端发送用户和密码,

try{
            String loginurl = getString(R.string.url2) + "login";

                //自己写的工具类
            YyHttpRequestOrGetDataFromNet yyHttpRequestOrGetDataFromNet = new YyHttpRequestOrGetDataFromNet();
//以下采用的是将accountid和credential放到JsonObject对象中,
// 因为后台/login设置的参数是一个user对象
                JSONObject jsonParam = new JSONObject();
                jsonParam.put("credential", password);
                jsonParam.put("accountid", accountid);
//                System.out.println("token:"+yyHttpRequestOrGetDataFromNet.doPost(loginurl,jsonParam));
//把第一次登录服务器生成的Token存在本地

// json格式化
                jsonLoginningInfo = yyHttpRequestOrGetDataFromNet.doPost(loginurl,jsonParam);
                Gson gson = new Gson();
                jsonRootBean = gson.fromJson(jsonLoginningInfo,new TypeToken<JsonRootBean>(){}.getType());
//token 存储

                YySharedPrefUtility.setParam(LoginActivity.this,YySharedPrefUtility.Token,
                        jsonRootBean.getContent().getToken());
                System.out.println("tokrn:"+jsonRootBean.getContent().getToken());
                System.out.println("tokrn:"+jsonRootBean.getMsg());


            }
            catch (Exception e){ e.printStackTrace();}

            //密码正确:服务端返回1
            if (jsonRootBean.getStatus()==0&&jsonRootBean.getMsg().equals("loginSuccess")) {
                Toast.makeText(this, "登陆成功", Toast.LENGTH_SHORT).show();
                YySharedPrefUtility.setParam(LoginActivity.this,
                        YySharedPrefUtility.ACCOUNTID, accountid);//用户名存起来
                startActivity(new Intent(getApplicationContext(), MainActivity.class));//登录成功跳转首页

            }
            //用户名不存在或密码错误:服务端返回-1
            else {
                Toast.makeText(this, "用户名不存在或密码不正确", Toast.LENGTH_SHORT).show();
            }

这是我改动的工具类

post请求:

public String doPost(String url, JSONObject jsonParam) throws Exception {

        /* Translate parameter map to parameter date string */

        System.out.println("POST parameter : " + jsonParam.toString());
//以下两行代码非常有用,是网络连接一个严格的格式
        //原文博客见https://blog.csdn.net/yuan882696yan/article/details/38419219
        StrictMode.ThreadPolicy policy=new StrictMode.ThreadPolicy.Builder().permitAll().build();
        StrictMode.setThreadPolicy(policy);
    //创建URL连接
        URL localURL = new URL(url);

        URLConnection connection = this.openConnection(localURL);
        HttpURLConnection httpURLConnection = (HttpURLConnection) connection;
        httpURLConnection.setDoOutput(true);
        httpURLConnection.setRequestMethod("POST");//请求方法为Post
        httpURLConnection.setRequestProperty("Accept-Charset", charset);
        httpURLConnection.setRequestProperty("Content-Type", "application/json");
        httpURLConnection.setUseCaches(false);//post不能设置缓存


        OutputStream outputStream = null;
        OutputStreamWriter outputStreamWriter = null;
        InputStream inputStream = null;
        InputStreamReader inputStreamReader = null;
        BufferedReader reader = null;
        StringBuffer resultBuffer = new StringBuffer();
        String tempLine = null;

        try {
            outputStream = httpURLConnection.getOutputStream();
            outputStreamWriter = new OutputStreamWriter(outputStream);
            //这个地方最关键,将登录传过来的账户和密码
            outputStreamWriter.write(jsonParam.toString());
            outputStreamWriter.flush();
           //判断请求是否成功
            if (httpURLConnection.getResponseCode() >= 300) {
                throw new Exception("HTTP Request is not success, Response code is " + httpURLConnection.getResponseCode());
            }
            //接收响应流
            inputStream = httpURLConnection.getInputStream();
            inputStreamReader = new InputStreamReader(inputStream);
            reader = new BufferedReader(inputStreamReader);

            while ((tempLine = reader.readLine()) != null) {
                resultBuffer.append(tempLine);
            }

        } finally {

            if (outputStreamWriter != null) {
                outputStreamWriter.close();
            }

            if (outputStream != null) {
                outputStream.close();
            }

            if (reader != null) {
                reader.close();
            }

            if (inputStreamReader != null) {
                inputStreamReader.close();
            }

            if (inputStream != null) {
                inputStream.close();
            }

        }

        return resultBuffer.toString();//返回数据
    }

get请求:

//获取JSON数据流数据
    public static String doGetJsonStringFromThread(final String u,final String token) {
        Thread newThread;
        newThread = new Thread(new Runnable() {

            @Override
            public void run() {

                //创建url对象
                URL url = null;
                try {
                    //实例化url
                    url = new URL(u);
                    //获取HttpURLConnection
                    HttpURLConnection connection = (HttpURLConnection) url.openConnection();
                    //设置get请求
                    connection.setRequestMethod("GET");
                    //设置超时时间
                    connection.setConnectTimeout(5 * 1000);
                    //设置编码
                    connection.setRequestProperty("contentType", "utf-8");
                    //注意,最重要的地方,通过setRequestProperty把Token放到请求头
                    connection.setRequestProperty("token",token);
                    //连接
                    connection.connect();
                    //获取连接响应码
                    int code = connection.getResponseCode();

                    //响应失败
                    if (code >= 300) {
                        throw new Exception("HTTP Request is not success, Response code is " + code);
                    }
                    //如果连接上
                    if (code == 200) {

//                        h.sendEmptyMessage(2);
                        //获取数据
                        InputStream inputStream = connection.getInputStream();
                        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
                        String line;

                        StringBuffer buffer = new StringBuffer();
                        while ((line = bufferedReader.readLine()) != null) {
                            buffer.append(line);

                        }
                        //获取json
                        jsonBuffer = buffer.toString();
                        //关闭is
                        inputStream.close();
                    }
                    //关闭连接
                    connection.disconnect();

                } catch (Exception e) {
                    e.printStackTrace();
                }
            }
        });
        newThread.start(); //启动线程
        try {
            //join方法:让主线程等待子线程运行结束后再继续运行
            newThread.join();
        } catch (InterruptedException e) {
            e.printStackTrace();
        }
        return jsonBuffer;
    }

后台

1.拦截器:客户端每像服务端发送请求都要在这里接受一下验证,如果Token失效或者是伪造的Token都会验证出来返回客户端错误的信息


public class JWTInterceptor implements HandlerInterceptor{
	@Override
	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws IOException{
		// TODO Auto-generated method stub
	
   	 String token = request.getHeader("token");

    	try{
        	JWTUtils.verify(token);
       	 return true;
   	 }catch (Exception e){
    		JsonRootBean sJsonBaseObject=new JsonRootBean(); 
    		sJsonBaseObject.setMsg("令牌验证失败");
    		sJsonBaseObject.setStatus(-1);
        	ObjectMapper objectMapper = new ObjectMapper();
       	    String result = objectMapper.writerWithDefaultPrettyPrinter().writeValueAsString(sJsonBaseObject);
        	response.setContentType("application/json;charset=UTF-8");
        	response.getWriter().println(result);

        	return false;
    	}
	}
}

2.jwt工具类

public class JWTUtils {
     token密钥(自定义),最好在网上在线生成一个随机字符串,我这里是瞎打的
    //这个密钥一定不能泄露
	private static final String SING = "!@#$%%^&&*####%%%$%";
    //生成Token
	public static String getToken(Map<String,String> map){
    	Calendar instance = Calendar.getInstance();
    	instance.add(Calendar.HOUR,5);
    	JWTCreator.Builder builder = JWT.create();
    	map.forEach((k,v)->{
        	builder.withClaim(k,v);
    	});
    	String token = builder.withExpiresAt(instance.getTime())
            	.sign(Algorithm.HMAC256(SING));

    	return token;
	}
//根据密钥生成JWT效验器
	public static void verify(String token){//解析Token
    	JWT.require(Algorithm.HMAC256(SING)).build().verify(token);
	}
//效验TOKEN
	public static DecodedJWT getTokenInfo(String token){
    	return JWT.require(Algorithm.HMAC256(SING)).build().verify(token);
	}
	}

3.spring.mvc 写在标签的最外面,因为客户端要通过/login来获取Token,所以不能被拦截

<!-- 配置拦截器,验证Token -->
  <mvc:interceptors>
		<mvc:interceptor>
			<!-- 拦截所有/目录下面的页面 -->
			<mvc:mapping path="/**"/>
			<!-- mvc:exclude-mapping是另外一种拦截,它可以在你后来的测试中对某个页面进行不拦截 -->
			<mvc:exclude-mapping path="/login" />
			<bean class="com.yunyou.DBI.interceptor.JWTInterceptor"></bean>			
		</mvc:interceptor>
	</mvc:interceptors>

4.controller层

其他等等服务层,实体类就没必要给出来了,这里给了一个控制层

@Controller
public class UserLoginningInfoController {
	@Autowired
	private UserLoginningInfoService uService;
@RequestMapping(value="login",method=RequestMethod.POST)
	@ResponseBody
	public JsonRootBean login(@RequestBody v_U_userLoginning_info user) {
		System.out.println("user"+user.getAccountid()+" "+user.getCredential());
		JsonRootBean uJsonBaseObject = new JsonRootBean();
		v_U_userLoginning_info us = uService.findUserByPassword(
				user.getAccountid(), user.getCredential());
		if(us==null) {
			uJsonBaseObject.setMsg("loginError");
			uJsonBaseObject.setStatus(-1);
			return uJsonBaseObject;
		}
		HashMap<String,String> payload = new HashMap<String,String>();
		payload.put("accountid", us.getAccountid());
		String token = JWTUtils.getToken(payload);
		LoginToken loginToken = new LoginToken();
		loginToken.setToken(token);
		uJsonBaseObject.setContent(loginToken);
		uJsonBaseObject.setMsg("loginSuccess");
		return uJsonBaseObject;
	}

最后就可以啦


点击全文阅读


本文链接:http://zhangshiyu.com/post/31589.html

<< 上一篇 下一篇 >>

  • 评论(0)
  • 赞助本站

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

关于我们 | 我要投稿 | 免责申明

Copyright © 2020-2022 ZhangShiYu.com Rights Reserved.豫ICP备2022013469号-1