注册

从login页面传递username和password到LoginController，LoginController中调用userService的register方法，对传递过来的username和password进行用户名的合法性(为空、敏感词、特殊字符)检测、密码强度检测，通过检测则调用userDAO的addUser方法将user保存到数据库中。

这里新建了一个LoginTicket表，用来保存和检测登录状态的，每次登录或注册，都会新增或检查相应的Ticket，并进行判断，到这里我们就会想，既然登录或者注册了就要将这个登录的状态保存起来，并且让整个程序随时都能够访问到。
这里是新增了一个HostHolder组件，将其增加到Spring容器中，这样就可以通过依赖注入随时获取到相应属性的状态了。

DROP TABLE IF EXISTS `login_ticket`;
  CREATE TABLE `login_ticket` (
    `id` INT NOT NULL AUTO_INCREMENT,
    `user_id` INT NOT NULL,
    `ticket` VARCHAR(45) NOT NULL,
    `expired` DATETIME NOT NULL,
    `status` INT NULL DEFAULT 0,
    PRIMARY KEY (`id`),
    UNIQUE INDEX `ticket_UNIQUE` (`ticket` ASC)
    ) ENGINE=InnoDB DEFAULT CHARSET=utf8;

@Component
public class HostHolder {
    //为每一条线程分配一个对象
    private static ThreadLocal<User> users = new ThreadLocal<>();

    public User getUser() {
        return users.get();
    }

    public void serUser(User user) {
        users.set(user);
    }

    public void clear() {
        users.remove();
    }
}

登录

和注册差不多

未登录跳转

利用了一个Interceptor，在页面发出请求的时候检测cookie里面是否携带了tiket，如果有，可以继续访问，如果没有就跳转到登录页面。

@Component
public class PassportInterceptor implements HandlerInterceptor {

    @Autowired
    private LoginTicketDAO loginTicketDAO;

    @Autowired
    private UserDAO userDAO;

    @Autowired
    HostHolder hostHolder;

    @Override
    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o) throws Exception {
        String ticket = null;
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies != null) {
            for (Cookie cookie : cookies) {
                if (cookie.getName().equals("ticket")) {
                    ticket = cookie.getValue();
                    break;
                }
            }
        }
        if (ticket != null) {
            LoginTicket loginTicket = loginTicketDAO.selectByTicket(ticket);
            if (loginTicket == null || loginTicket.getStatus() != 0 || loginTicket.getExpired().before(new Date())) {
                return true;
            }
            User user = userDAO.selectById(loginTicket.getUserId());
            hostHolder.serUser(user);
        }
        return true;
    }

    @Override
    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
        if (modelAndView != null) {
            modelAndView.addObject("user", hostHolder.getUser());
        }
    }

    @Override
    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
        hostHolder.clear();
    }
}

总的来说没用到什么新技术，很基础的东西。