1.使用SpringMVC方式开发用户信息
1.增加controller层、dao层、service层
在service层增加UserModel
public class UserModel {
private Integer id;
private String name;
private Byte gender;
private Integer age;
private String telphone;
private String regisitMode;
private Integer thirdPartyId;
private String encrptPassword;
}
UserModel需要增加 用户的密码,其通过userPasswordDOMapper从userPasswordDO得到。。。
2创建UserController
@Controller("user")
@RequestMapping("/user")
public class UserController {
@Autowired
private UserService userService;
@RequestMapping("/get")
@ResponseBody
public UserModel getUser(@RequestParam(name = "id") Integer id) {
//调用service服务获取对应id的用户对象并返回给前端
UserModel userModel = userService.getUserById(id);
return userModel;
}
}
3.修改userPasswordDOMapper.xml和.java文件
增加方法 selectByUserId
<select id="selectByUserId" parameterType="java.lang.Integer" resultMap="BaseResultMap">
select
<include refid="Base_Column_List" />
from user_password
where user_id = #{userId,jdbcType=INTEGER}
</select>
userPasswordDO selectByUserId(Integer UserId);
4.编写UserService
@Service
public class UserServiceImpl implements UserService {
@Autowired
private UserDOMapper userDOMapper;
@Autowired
private userPasswordDOMapper userPasswordDOMapper;
@Override
public UserModel getUserById(Integer id) {
//调用UserDOMapper获取到对应的用户dataobject
UserDO userDO = userDOMapper.selectByPrimaryKey(id);
if (userDO == null) {
return null;
}
//通过用户id获取对应的用户加密密码信息
userPasswordDO userPasswordDO = userPasswordDOMapper.selectByUserId(userDO.getId());
return convertFromDataObject(userDO, userPasswordDO);
}
private UserModel convertFromDataObject(UserDO userDO,userPasswordDO userPasswordDO) {
if (userDO == null) {
return null;
}
UserModel userModel = new UserModel();
BeanUtils.copyProperties(userDO, userModel);
if (userPasswordDO != null) {
userModel.setEncrptPassword(userPasswordDO.getEncrptPassword());
}
return userModel;
}
}
5.这种方式存在的问题
直接给前端用户返回了UserModel,使得攻击者可以直接看到密码!!!!
解决办法:
需要在controller层增加一个viewobject模型对象只包括以下信息
public class UserVO {
private Integer id;
private String name;
private Byte gender;
private Integer age;
private String telphone;
}
6.改造controller
public UserVO getUser(@RequestParam(name = "id") Integer id) {
//调用service服务获取对应id的用户对象并返回给前端
UserModel userModel = userService.getUserById(id);
//将核心领域模型用户对象转化为可供UI使用的viewobject
return convertFromModel(userModel);
}
private UserVO convertFromModel(UserModel userModel) {
if (userModel == null) {
return null;
}
UserVO userVO = new UserVO();
BeanUtils.copyProperties(userModel, userVO);
return userVO;
}
2.定义通用的返回对象——返回正确信息
之前的程序一旦出错,只会返回一个白页,并没有错误信息,需要返回一个有意义的错误信息
1.增加一个response包。创建CommonReturnType类
public class CommonReturnType {
//表明对应请求的返回处理结果“success”或“fail”
private String status;
//若status=success,则data内返回前端需要的json数据
//若status=fail,则data内使用通用的错误码格式
private Object data;
//定义一个通用的创建方法
public static CommonReturnType create(Object result) {
return CommonReturnType.create(result, "success");
}
public static CommonReturnType create(Object result,String status) {
CommonReturnType type = new CommonReturnType();
type.setStatus(status);
type.setData(result);
return type;
}
}
2.改造返回值
public CommonReturnType getUser(@RequestParam(name = "id") Integer id) {
//调用service服务获取对应id的用户对象并返回给前端
UserModel userModel = userService.getUserById(id);
//将核心领域模型用户对象转化为可供UI使用的viewobject
UserVO userVO = convertFromModel(userModel);
//返回通用对象
return CommonReturnType.create(userVO);
}
3 定义通用的返回对象——返回错误信息
1.创建error包
2.创建commonError接口
public interface CommonError {
public int getErrCode();
public String getErrMsg();
public CommonError setErrMsg(String errMs);
}
3.创建实现类EmBussinessError
public enum EmBussinessError implements CommonError {
//通用错误类型00001
PARAMETER_VALIDATION_ERROR(00001, "参数不合法"),
//10000开头为用户信息相关错误定义
USER_NOT_EXIST(10001, "用户不存在")
;
private EmBussinessError(int errCode, String errMsg) {
this.errCode = errCode;
this.errMsg = errMsg;
}
private int errCode;
private String errMsg;
@Override
public int getErrCode() {
return this.errCode;
}
@Override
public String getErrMsg() {
return this.errMsg;
}
@Override
public CommonError setErrMsg(String errMsg) {
this.errMsg = errMsg;
return this;
}
}
4.包装器模式实现BussinessException类
//包装器业务异常实现
public class BussinessException extends Exception implements CommonError {
private CommonError commonError;
//直接接受EmBusinessError的传参用于构造业务异常
public BussinessException(CommonError commonError) {
super();
this.commonError = commonError;
}
//接收自定义errMsg的方式构造业务异常
public BussinessException(CommonError commonError, String errMsg) {
super();
this.commonError = commonError;
this.commonError.setErrMsg(errMsg);
}
@Override
public int getErrCode() {
return this.commonError.getErrCode();
}
@Override
public String getErrMsg() {
return this.commonError.getErrMsg();
}
@Override
public CommonError setErrMsg(String errMsg) {
this.commonError.setErrMsg(errMsg);
return this;
}
}
5.抛出异常类
public CommonReturnType getUser(@RequestParam(name = "id") Integer id) throws BusinessException {
//调用service服务获取对应id的用户对象并返回给前端
UserModel userModel = userService.getUserById(id);
//若获取的对应用户信息不存在
if (userModel == null) {
throw new BussinessException(EmBussinessError.USER_NOT_EXIST);
}
//将核心领域模型用户对象转化为可供UI使用的viewobject
UserVO userVO = convertFromModel(userModel);
//返回通用对象
return CommonReturnType.create(userVO);
}
3 定义通用的返回对象——异常处理
1.定义exceptionHandler解决未被controller层吸收的exception
public class BaseController {
//定义exceptionHandler解决未被controller层吸收的exception
@ExceptionHandler(Exception.class)
@ResponseStatus(HttpStatus.OK)
@ResponseBody
public Object handlerException(HttpServletRequest request, Exception ex) {
Map<String, Object> responseData = new HashMap<>();
if (ex instanceof BussinessException) {
BussinessException bussinessException = (BusinessException) ex;
responseData.put("errCode", bussinessException.getErrCode());
responseData.put("errMsg", bussinessException.getErrMsg());
} else {
responseData.put("errCode", EmBussinessError.UNKNOWN_ERROR.getErrCode());
responseData.put("errMsg", EmBussinessError.UNKNOWN_ERROR.getErrMsg());
}
return CommonReturnType.create(responseData, "fail");
}
}
测试: