流程
前端 → 后端 → 拦截器 → 限流 → AOP → Controller → 刷新 → 退出
前端登录并获取双 JWT
1、前端:用户在前端输入用户名和密码,调用 /auth/login 接口。
fetch("/auth/login", {
method: "POST",
headers: {
"Content-Type": "application/json" },
body: JSON.stringify({
username: "user1", password: "123456" })
})
.then(res => res.json())
.then(data => {
const accessToken = data.accessToken;
const refreshToken = data.refreshToken;
// 保存到前端存储
localStorage.setItem("accessToken", accessToken);
localStorage.setItem("refreshToken", refreshToken);
});
2、后端:服务端返回 accessToken 和 refreshToken
@RestController
@RequestMapping("/auth")
public class AuthController {
@Autowired
private StringRedisTemplate redisTemplate;
@PostMapping("/login")
public Map<String, String> login(@RequestParam String username, @RequestParam String password) {
// 验证用户名密码(示例)
String userId = "1001";
String accessToken = JwtUtil.generateAccessToken(userId);
String refreshToken = JwtUtil.generateRefreshToken(userId);
// 保存 refreshToken 到 Redis
redisTemplate.opsForValue().set("refresh:" + userId, refreshToken, 7, TimeUnit.DAYS);
Map<String, String> result = new HashMap<>