springboot使用ThreadLocal登录保存用户信息|入门笔记

写一个拦截器，对请求方法进行拦截，拦截器会从请求的 header 中取 token 信息，如果 token 信息不存在，则证明用户尚未登录，让用户去登录。

如果 token 存在则去 redis 中查找用户的相关信息，我习惯只讲用户的 userCode 和名称这些简单的信息存储在 redis 里。redis 中查不到 userInfo 证明 token 不合法或者 token 是一个游客的 token，同样跳转登录注册界面。如果 userInfo 存在，则讲 userInfo 存储在 ThreadLocal 中，以便其他方法直接获取。

ThreadUtils

package com.rumenz.token;
import  com.rumenz.token.UserInfo;
public class ThreadUtils<T> {
    private static final ThreadLocal<String> tokenHolder = new ThreadLocal<>();
    private static final ThreadLocal<UserInfo> userHolder = new ThreadLocal<>();
    public static void setToken(String token){
        tokenHolder.set(token);
    }
    public static String getToken(){
        return tokenHolder.get();
    }
    public static void setUserHolder(UserInfo user){
        userHolder.set(user);
    }
    public static UserInfo getUserHolder(){
        return userHolder.get();
    }
    public static void remove(){
        tokenHolder.remove();
        userHolder.remove();
    }
}

拦截器

package com.rumenz.token;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport;
@Configuration
public class HealthWebConfigure extends WebMvcConfigurationSupport {
    @Bean
    public LoginInterceptor loginInterceptor(){
        return new LoginInterceptor();
    }
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(loginInterceptor())
                .addPathPatterns("/**")
                .excludePathPatterns("/thirdPartyLogin/sns")
                .excludePathPatterns("/login")
                .excludePathPatterns("/logout");
        super.addInterceptors(registry);
    }
}

package com.rumenz.token;
import com.rumenz.token.utils.*;
import com.rumenz.token.UserInfo;
import org.apache.commons.lang.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class LoginInterceptor implements HandlerInterceptor {
    @Autowired
    private RedisUtil redisUtil;
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        //token存在header中
        String token = request.getHeader("token");
        if(StringUtils.isBlank(token)){
            HttpRespUtil.respContent(response,R.error(PublicResultConstant.INVALID_PARAM_EMPTY.result,PublicResultConstant.INVALID_PARAM_EMPTY.msg));
            return false;
        }
        ThreadUtils.setToken(token);
        //根据token从redis获取用户信息是否存在登录
        UserInfo userInfo = (UserInfo) redisUtil.get(token);
        if(userInfo==null || StringUtils.isBlank(userInfo.getUserCode()) || userInfo.getId()==null){
            HttpRespUtil.respContent(response,R.error(PublicResultConstant.UNAUTHORIZED.result,PublicResultConstant.UNAUTHORIZED.msg));
            return false;
        }
        ThreadUtils.setUserHolder(userInfo);
        return true;
    }
    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
        ThreadUtils.remove();
    }
}

Controller 层用户获取信息时的方法

@RequestMapping("/list")
public R list(){
    UserInfo userHolder = ThreadUtils.getUserHolder();
    if(userHolder!=null && StringUtils.isNotBlank(userHolder.getUserCode())){
        UserDataRecord record = new UserDataRecord();
        record.setUserCode(userHolder.getUserCode());
        List<UserDataRecord> list = userDataRecordService.findUserDataRecord(record);
        return R.ok().put("userDataRecordList",list);
    }
    return R.error(PublicResultConstant.PARAM_ERROR.result, PublicResultConstant.PARAM_ERROR.getMsg());
}