spring
大约 5 分钟
@Component
public class Tokeninterceptor implements HandlerInterceptor {
@Resource
UserService userService;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
String token=request.getParameter("token");
System.out.println(token);
//token userid
if(token == null){
throw new RuntimeException("token null");
}
String[] urll={"http://1","http://2","http://3","http://4","http://5","http://6","http://7","http://8","http://9","http://0"};
int a= (int) (Math.random()*10);
Tokenuser tokenuser=userService.getUserIdByToken(token);
User user= userService.getUserByid(tokenuser.getUserid());
user.setAvatarUrl(urll[a]);
UserContext.setCruuser(user);
return true;
}
}
@Configuration
public class WebConfig implements WebMvcConfigurer {
@Resource
Tokeninterceptor tokeninterceptor;
@Override
public void addInterceptors(InterceptorRegistry registry) {
InterceptorRegistration interceptor=registry.addInterceptor(tokeninterceptor);
//"/api/user/createuser",
// "/api/user/create", login
// "/api/user/createuserp", zhuce
// "/api/token/createtoken",
// "/api/sms/createsms" duanxin
interceptor.addPathPatterns("/api/**")
.excludePathPatterns("/error","/api/user/create","/api/user/createuserp","/api/sms/createsms","/upload/file/**");
}
}
Tokeninterceptor 拦截器 对 请求路径 是否有token
WebConfig 拦截器的注册 指定路径拦截与放行
token的使用 用户信息隐藏
@ControllerAdvice
public class CommmonExectionHander {
@ExceptionHandler(Throwable.class)
@ResponseBody
public Map<String,String> RuntiomeExection(Throwable e){
e.printStackTrace();
Map<String,String> map=new HashMap<String,String>();
map.put("msg",e.getMessage());
map.put("error","error");
map.put("data",null);
return map;
}
@ExceptionHandler(BindException.class)
@ResponseBody
public Map<String,String> RuntiomeExection(BindException e){
e.printStackTrace();
Map<String,String> map=new HashMap<String,String>();
map.put("msg",e.getBindingResult().getAllErrors().get(0).getDefaultMessage());
map.put("error","error");
map.put("data",null);
return map;
}
}
CommmonExectionHander 全局异常拦截
public class UserContext {
private static final ThreadLocal<User> cruuser=new ThreadLocal<>();
public static User getCruuser() {
return cruuser.get();
}
public static void setCruuser(User user) {
cruuser.set(user);
}
}
安全传递数据 自定义静态不安全(线程)
@RestController
@RequestMapping("/upload/file")
public class FileController {
@PostMapping("/image")
public String uploadimage(@RequestParam("file") MultipartFile file) throws IOException {
int index= file.getOriginalFilename().lastIndexOf(".");
String extname=file.getOriginalFilename().substring(index+1).toLowerCase(Locale.ROOT);
String allImgFormat="png,jpg,jpeg,gif";
if (!allImgFormat.contains(extname)){
return "111";
}
System.out.println(file);
SimpleDateFormat simpleDateFormat=new SimpleDateFormat("yyyy/MM/");
String subPath=simpleDateFormat.format(new Date());
String savename= subPath+UUID.randomUUID().toString().replaceAll("-","")+"."+extname;
String uploadPath="uploads/";
File dir=new File(uploadPath+subPath);
if(!dir.exists()){
dir.mkdirs();
}
File save=new File(uploadPath+savename);
file.transferTo(save.getAbsoluteFile());
return "";
}
}
文件上传
/**
* 全局拦截器
* 没有登陆 重定向
*/
public class MyInterceptor implements HandlerInterceptor {
/**
* 所有后台请求拦截
*
* 返回true 继续执行请求
* false 中断请求
*/
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
UserInfo userInfo=(UserInfo) request.getSession().getAttribute(Common.USER_INFO);
if (userInfo==null){
//重定向到登录页面
response.sendRedirect("/end/page/login.html");
return false;
}
return true;
}
}
拦截器
页面拦截 限定login页面可访问、
@Configuration
public class Webconfig implements WebMvcConfigurer {
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/**")
.addResourceLocations("classpath:/resources/")
.addResourceLocations("classpath:/static/")
.addResourceLocations("classpath:/static/end")
.addResourceLocations("classpath:/public/");
WebMvcConfigurer.super.addResourceHandlers(registry);
}
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOriginPatterns("*")
.allowedMethods("GET","POST","PUT","DELETE","HEAD","OPTIONS")
.allowCredentials(true)
.maxAge(3600)
.allowedHeaders("*");
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
//拦截 /end/page/** 不拦截/end/page/login.html
registry.addInterceptor(new MyInterceptor())
.addPathPatterns("/end/page/**")
.excludePathPatterns("/end/page/demo.html");
}
}
addResourceHandlers静态文件访问
addCorsMappings同源策略 跨域(拦截器)
addInterceptors MyInterceptor的注册
@Configuration
public class WebCors {
@Bean
public CorsFilter corsFilter(){
CorsConfiguration corsConfiguration=new CorsConfiguration();
corsConfiguration.addAllowedOrigin("*");
corsConfiguration.addAllowedHeader("*");
corsConfiguration.addAllowedMethod("*");
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", corsConfiguration);
return new CorsFilter(source);
}
}
WebCors同源策略 跨域(过滤器)
@Select("<script>" +
"select * from book" +
"<where>" +
" <if test=' name != null and name != \"all\" and name != \" \" ' > " +
"and name like concat('%'+#{name}+'%')" +
"</if>"+
" <if test=' id != null and id != \" \" ' > " +
"and id = #{id}" +
"</if>"+
"</where >"+
"</script> ")
List<Book> SelBookBy(@Param("name") String name,@Param("id") Long id);
//增删改查
@Insert("insert into book(name,price,bookcard,quantity,addtime) values(#{name},#{price},#{bookcard},#{quantity},#{addtime})")
@Options(useGeneratedKeys = true,keyProperty = "id")
void addbook(Book book);
@Delete("delete from book where id = #{id}")
void deletebook(@Param("id") Long id);
@Update("update book set name=#{book.name},price=#{book.price} where id=#{id}")
void updatebook(@Param("id") Long id,@Param("book") Book book);
一些sql语句
package com.javaclimb.xshopping.controller;
import cn.hutool.core.io.FileUtil;
import cn.hutool.core.util.StrUtil;
import com.javaclimb.xshopping.common.Result;
import com.javaclimb.xshopping.entity.NxSystemFileInfo;
import com.javaclimb.xshopping.exception.CustomException;
import com.javaclimb.xshopping.service.NsSystemFileInfoService;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.multipart.MultipartFile;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletResponse;
import java.io.BufferedOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.net.URLEncoder;
/**
* 文件增删改查
*/
@RestController
@RequestMapping(value = "/files")
public class NxSystemFileInfoController {
//文件存储位置 System.getProperty("user.dir")获得主目录
private static final String BASE_PATH=System.getProperty("user.dir")+"/src/main/resources/static/file/";
@Resource
private NsSystemFileInfoService nsSystemFileInfoService;
/**
* 上传
*/
@PostMapping("/upload")
public Result upload(MultipartFile file) throws IOException {
//
String originalName=file.getOriginalFilename();
System.out.println(file);
//
if (originalName==null){
return Result.error("1001","文件不能为空");
}
//
if ( !originalName.contains("png") && !originalName.contains("jpg") && !originalName.contains("gif") && !originalName.contains("jpeg")){
return Result.error("1002","只能上传图片");
}
//文件加时间戳 返回主文件名 + 当前系统时间 + 获取文件扩展名(后缀名)
String fileName= FileUtil.mainName(originalName)+System.currentTimeMillis()+"."+FileUtil.extName(originalName);
//文件上传
FileUtil.writeBytes(file.getBytes(),BASE_PATH+fileName);
//信息入库
NxSystemFileInfo info=new NxSystemFileInfo();
info.setOriginname(originalName);
info.setFilename(fileName);
System.out.println(info);
NxSystemFileInfo addinfo=nsSystemFileInfoService.add(info);
if(addinfo!=null){
return Result.success(addinfo);
}
return Result.error("1003","上传失败");
}
/**
* 删除
*/
@DeleteMapping("/{id}")
public Result delete(@PathVariable long id){
nsSystemFileInfoService.delete(id);
return Result.success();
}
/**
* 根据id查询
*/
@GetMapping("/{id}")
public Result detail(@PathVariable long id){
return Result.success(nsSystemFileInfoService.findById(id));
}
/**
*
* 下载文件
*/
@GetMapping("/download/{id}")
public void download(@PathVariable String id, HttpServletResponse response) throws IOException {
if (StrUtil.isBlank(id) || "null".equals(id)){
throw new CustomException("1001","未上传文件");
}
NxSystemFileInfo nxSystemFileInfo=nsSystemFileInfoService.findById(Long.parseLong(id));
if (nxSystemFileInfo==null){
throw new CustomException("1001","没有该文件");
}
//读取文件
byte[] bytes=FileUtil.readBytes(BASE_PATH+nxSystemFileInfo.getFilename());
response.reset();
response.addHeader("Content-Disposition","attachment;filename="+
URLEncoder.encode(nxSystemFileInfo.getOriginname(),"UTF-8"));
response.addHeader("Content-Length",""+bytes.length);
//BufferedOutputStream 流转换 OutputStream getOutputStream
OutputStream toClient=new BufferedOutputStream(response.getOutputStream());
response.setContentType("application/octet-stream");
toClient.write(bytes);
toClient.flush();
toClient.close();
}
}
package com.example.tallking.common;
import com.fasterxml.jackson.annotation.JsonIgnore;
import lombok.Data;
@Data
public class JsonResult<T> {
private String code;
private String message;
private T data;
public static final String CODE_SUCCESS = "SUCCESS";
public static final String CODE_ERROR = "ERROR";
//成功, 没有数据
public JsonResult() {
this.data = null;
this.code = CODE_SUCCESS;
this.message = "";
}
//成功,有数据
public JsonResult(T data) {
this.data = data;
this.message = "";
this.code = CODE_SUCCESS;
}
//成功或失败,决于status,不携带数据
public JsonResult(boolean status, String message) {
this.data = null;
this.message = message;
this.code = status ? CODE_SUCCESS : CODE_ERROR;
}
public JsonResult(String code, String message) {
this.data = null;
this.message = message;
this.code = code;
}
public JsonResult(String code, String message, T data) {
this.data = data;
this.message = message;
this.code = code;
}
public JsonResult(boolean status, String message, T data) {
this.data = data;
this.message = message;
this.code = status ? CODE_SUCCESS : CODE_ERROR;
}
@JsonIgnore //json忽略此字段
public boolean isSuccess() {
return code.equals(CODE_SUCCESS);
}
}
package com.example.tallking.common;
public class Result<T>{
private String code;
private String message;
private T Data;
public Result(String code, String message, T data) {
this.code = code;
this.message = message;
this.Data = data;
}
public Result() {
}
public Result(T data) {
this.Data = data;
}
/**
* 不带参数的返回 成功
* @return
*/
public static Result success(){
Result result=new Result<>();
result.setCode(ResultCode.SUCCESS.code);
result.setMessage(ResultCode.SUCCESS.message);
return result;
}
/**
* 带参数的返回 成功
* @return
*/
public static <T> Result <T> success(T data){
Result<T> result=new Result<>(data);
result.setCode(ResultCode.SUCCESS.code);
result.setMessage(ResultCode.SUCCESS.message);
return result;
}
/**
* 不带参数的返回 失败
* @return
*/
public static Result error(){
Result result=new Result<>();
result.setCode(ResultCode.ERROR.code);
result.setMessage(ResultCode.ERROR.message);
return result;
}
/**
* 带参数的返回 失败
* @return
*/
public static Result error(String code,String message){
Result result=new Result<>();
result.setCode(code);
result.setMessage(message);
return result;
}
public String getCode() {
return code;
}
public void setCode(String code) {
this.code = code;
}
public String getMessage() {
return message;
}
public void setMessage(String message) {
this.message = message;
}
public T getData() {
return Data;
}
public void setData(T data) {
Data = data;
}
@Override
public String toString() {
return "Result{" +
"code='" + code + '\'' +
", message='" + message + '\'' +
", Data=" + Data +
'}';
}
}
package com.example.tallking.common;
public enum ResultCode {
SUCCESS("success",null),
ERROR("-1","系统异常"),
PARAM_ERROR("1001","参数异常"),
USER_EXIST_ERROR("2001","账户已存在"),
USER_ACCOUNT_ERROR("2002","账户或密码错误"),
USER_NOT_EXIST_ERROR("2003","用户未找到"),
ORDER_PAY_ERROR("3001","库存不足");
public String code;
public String message;
ResultCode(String code, String message) {
this.code = code;
this.message = message;
}
}
Loading...