本文展示了如何在Spring Boot应用中创建一个登录控制器`LoginController`,处理前端POST请求。`User`类定义了用户ID、用户名和密码属性。登录接口通过`@RequestBody`接收用户信息,对输入的用户名进行XSS防护,然后验证账号密码。如果验证失败,返回错误信息,成功则返回成功状态。
1、新建项目
2、com/example/demo/pojo/User
package com.example.demo.pojo;
public class User {
int id ;
String username;
String password;
public int getId() {
return id;
}
public void setId(int id) {
this.id = id;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
3、com/example/demo/controller/LoginController
package com.example.demo.controller;
import com.example.demo.result.Result;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.util.HtmlUtils;
import com.example.demo.pojo.User;
import java.util.Objects;
@Controller
public class LoginController {
// @CrossOrigin 前端配置了跨域,后端不使用跨域注解也可以访问的
@PostMapping(value = "api/login")
@ResponseBody
public Result login(@RequestBody User requestUser) {
System.out.println(requestUser.getUsername());
System.out.println(requestUser.getPassword());
String username = requestUser.getUsername();
// 对 html 标签进行转义,防止 XSS 攻击
username = HtmlUtils.htmlEscape(username);
if (!Objects.equals("admin", username) || !Objects.equals("123456", requestUser.getPassword())) {
String message = "账号密码错误";
return new Result(400);
} else {
return new Result(200);
}
}
}
4、com/example/demo/result/Result
package com.example.demo.result;
public class Result {
private int code;
public Result(int code){
this.code = code;
}
public int getCode() {
return code;
}
public void setCode(int code) {
this.code = code;
}
}
5、main/resources/application.properties
server.port=8443
6、运行项目
mvn spring-boot:run
前端正常访问了后端接口
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
