Let’s start with an overnight stay
A project I was working on before last night needs to go live after a revision.
Due to engineering changes involving the payment platform,
Need to be online in the early morning.
The launch process was not smooth due to bad weather,
First, the service reported a null pointer for no reason.
It was found that the service of the three parties was abnormal.
Abnormal data of related party,
Canvass till dawn. One night’s no problem.
Log in to implement power sales
I took a look at the login permission implementation of Spring Security JWT in advance.
User tokens and related permission information need to be stored in JWT for management.
But in this code development,
This is not what the development team leader suggested.
Redis implements login token management
But user token management using Redis implementation,
Seems like the easiest way to do it,
Easy to understand and easy to use.
1. Log in
Verify user name and password when logging in.
Two pieces of logic, passed on the token generation, return.
Put back the error code if you don’t pass.
2 After the verification is successful
There are also two main points.
First, it is the backend generation token, token can use fixed prefix plus UUID,
So once you get that token, every time you put it in the header,
The back end uses interceptors or filters to process each request,
Parse whether the header contains a token if and only if the token exists and also exists in Redis.
To access system resources.
Second, the value of token stored in Redis can be stored in an object, which contains some basic information of the user.
Redis uses expiration time to control how long tokens are valid.
Front-end access control
The user’s permission value can be returned to the front end during login.
Front-end controls front-end permissions based on permission values.
Back-end permission control
In this system, permissions are judged by annotations.
Add specific permission annotations to each method or class,
When the specified method is called in the front end,
Get the user corresponding to the token through the token,
Obtain all permissions of the user based on the user,
Compare permissions and judge permissions.
At this point the system login permission processing is completed.
Work overtime dog
Habitually go to bed late.