app中無cookie概念,我們用設備id(deviceld)來代替session機制,其實就是存儲機制不一樣,我們可以將app的驗證碼存放在redis中
在core項目中定義一個存儲接口 CaptchaRepository
package com.rui.tiger.auth.core.captcha;
import org.springframework.web.context.request.ServletWebRequest;
/**
* 驗證碼存儲接口
* (適配瀏覽器和app)
* @author CaiRui
* @Date 2019-04-21 12:06
*/
public interface CaptchaRepository {
/**
* 保存驗證碼
* @param request
* @param code
* @param captchaType
*/
void save(ServletWebRequest request, CaptchaVo code, CaptchaTypeEnum captchaType);
/**
* 獲取驗證碼
* @param request
* @param captchaType
* @return
*/
CaptchaVo get(ServletWebRequest request, CaptchaTypeEnum captchaType);
/**
* 移除驗證碼
* @param request
* @param captchaType
*/
void remove(ServletWebRequest request, CaptchaTypeEnum captchaType);
}
app實現 RedisCaptchaRepository
package com.rui.tiger.auth.app.captcha;
import com.rui.tiger.auth.core.captcha.*;
import org.apache.commons.lang.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.data.redis.RedisAutoConfiguration;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.ServletWebRequest;
import java.util.concurrent.TimeUnit;
/**
* redis存儲驗證碼
* @author CaiRui
* @Date 2019-04-21 12:12
*/
@Component
public class RedisCaptchaRepository implements CaptchaRepository {
/**
* @see RedisAutoConfiguration#redisTemplate(org.springframework.data.redis.connection.RedisConnectionFactory)
*/
@Autowired
private RedisTemplate<Object,Object> redisTemplate;
/** 驗證碼放入redis規則模式:CODE_{TYPE}_{DEVICEId} */
private final static String CODE_KEY_PATTERN = "CODE_%s_%s";
@Override
public void save(ServletWebRequest request, CaptchaVo code, CaptchaTypeEnum captchaType) {
redisTemplate.opsForValue().set(buildKey(request, captchaType), code, 180, TimeUnit.MINUTES);
}
@Override
public CaptchaVo get(ServletWebRequest request, CaptchaTypeEnum captchaType) {
String key = buildKey(request, captchaType);
// 拿到創建 create() 存儲到session的code驗證碼對象
return (CaptchaVo) redisTemplate.opsForValue().get(key);
}
@Override
public void remove(ServletWebRequest request, CaptchaTypeEnum captchaType) {
String key = buildKey(request, captchaType);
redisTemplate.delete(key);
}
/**
* 構建驗證碼放入redis時的key; 在保存的時候也使用該key
* {@link AbstractCaptchaProcessor#save(org.springframework.web.context.request.ServletWebRequest, com.rui.tiger.auth.core.captcha.CaptchaVo)
* @param validateCodeType
* @return
*/
private String buildKey(ServletWebRequest request, CaptchaTypeEnum validateCodeType) {
String deviceId = request.getHeader("deviceId");
if (StringUtils.isBlank(deviceId)) {
throw new CaptchaException("請在請求頭中攜帶deviceId參數");
}
return String.format(CODE_KEY_PATTERN, validateCodeType, deviceId);
}
}
瀏覽器實現 SessionCaptchaRepository
package com.rui.tiger.auth.browser.captcha;
import com.rui.tiger.auth.core.captcha.CaptchaRepository;
import com.rui.tiger.auth.core.captcha.CaptchaTypeEnum;
import com.rui.tiger.auth.core.captcha.CaptchaVo;
import org.springframework.social.connect.web.HttpSessionSessionStrategy;
import org.springframework.social.connect.web.SessionStrategy;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.ServletWebRequest;
/**
* session存儲實現
* @author CaiRui
* @date 2019-04-22 08:48
*/
@Component
public class SessionCaptchaRepository implements CaptchaRepository {
/** 操作session的工具類 */
private SessionStrategy sessionStrategy = new HttpSessionSessionStrategy();
/** 驗證碼放入session的時候前綴 */
public final static String SESSION_KEY_PREFIX = "SESSION_KEY_FOR_CODE";
/**
* 保存驗證碼
*
* @param request
* @param code
* @param captchaType
*/
@Override
public void save(ServletWebRequest request, CaptchaVo code, CaptchaTypeEnum captchaType) {
sessionStrategy.setAttribute(request, getSessionKey(captchaType), code);
}
/**
* 獲取驗證碼
*
* @param request
* @param captchaType
* @return
*/
@Override
public CaptchaVo get(ServletWebRequest request, CaptchaTypeEnum captchaType) {
String sessionKey = getSessionKey(captchaType);
// 拿到創建 create() 存儲到session的code驗證碼對象
return (CaptchaVo) sessionStrategy.getAttribute(request, sessionKey);
}
/**
* 移除驗證碼
*
* @param request
* @param captchaType
*/
@Override
public void remove(ServletWebRequest request, CaptchaTypeEnum captchaType) {
sessionStrategy.removeAttribute(request, getSessionKey(captchaType));
}
/**
* 構建驗證碼放入session時的key; 在保存的時候也使用該key
* @param validateCodeType
* @return
*/
private String getSessionKey(CaptchaTypeEnum validateCodeType) {
return SESSION_KEY_PREFIX + validateCodeType.toString().toUpperCase();
}
}
之前 AbstractCaptchaProcessor的驗證碼保存邏輯進行調整
com.rui.tiger.auth.core.captcha.AbstractCaptchaProcessor#save
驗證邏輯也調整
com.rui.tiger.auth.core.captcha.AbstractCaptchaProcessor#validate
開啓前面的驗證碼配置 com.rui.tiger.auth.app.TigerResourceServerConfig#configure
ok 我們用postman來開啓測試
獲取短信驗證碼,要注意請求頭要添加設備ID
後臺返回成功日誌
我們再去redis中看看是否正確保存,可以修改redis的key默認存儲策略,這樣key值是以字符存儲
package com.rui.tiger.auth.core.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.serializer.RedisSerializer;
/**
* redis配置
* @author CaiRui
* @date 2019-04-22 12:15
*/
@Configuration
public class RedisConfig {
@Bean
public RedisTemplate<Object,Object> redisTemplate(RedisConnectionFactory connectionFactory){
RedisTemplate<Object,Object> redisTemplate=new RedisTemplate<>();
RedisSerializer stringRedisSerializer=redisTemplate.getStringSerializer();
redisTemplate.setKeySerializer(stringRedisSerializer);
redisTemplate.setConnectionFactory(connectionFactory);
return redisTemplate;
}
}
394115 用這個模擬驗證碼發送短信登錄請求
可以看到後臺成功返回token
下篇我們來重構社交登錄。