Web开发笔记(登入,注册,记录登入状态,拦截器)
注册功能
注册的功能的实现是比较简单的,但是涉及到一些问题
- 用户名检测(长度,敏感词汇,重复,特殊字符(html,js脚本,sql注入))
- 密码长度要求,强度检测,salt加密,(md5)
- 用户邮件/短信激活(注册太随意脚本攻击,浸入垃圾非法信息)
登录功能
- 用户登入,在web端记录cookie或者token,或者app中token记录登入状态
- 登出,删除,session清理等。
拦截器
我们需要一个实现HandlerInterceptor接口的类来编写拦截器实体
package com.example.demo.interceptor;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@Component
public class TestInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
//请求开始前
System.out.println("这里是拦截器");
return false; //false就拦截了
}
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
//拦截器处理完后
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
//渲染完后,用来释放资源
}
}
我们需要一个地方加入刚刚的拦截器,继承WebMvcConfigurerAdapter的类
package com.example.demo.configuration;
import com.example.demo.interceptor.TestInterceptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
@Component
public class Wendaconfigration extends WebMvcConfigurerAdapter {
@Autowired
TestInterceptor testInterceptor;
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(testInterceptor);
super.addInterceptors(registry);
}
}
我们可以用拦截器带以及跳转完成未登入跳转等功能