JeeSite 4.0 front and back separation, interface call, mobile API

introduction

Many friends have asked me to use JeeSite as a separate application, or how to call the API on the mobile phone? Or just want to use JeeSite as a server-side API and only provide a service interface? Then this article must be suitable for you. Let me introduce some of JeeSite's built-in interfaces and if you develop API interfaces yourself to provide services.

Built-in interface

system login

JeeSite's system is logged in by default, and DES encryption is set. If you don't want to encrypt, you can set secretKey to empty, or change the key. The configuration is as follows (jeesite.yml):

shiro:
  loginSubmit:
    # 登录提交信息安全Key，加密用户名、密码、验证码，后再提交（key设置为3个，用逗号分隔）
    secretKey: thinkgem,jeesite,com
    # 设置为空，关闭登录DES加密。
    # secretKey: ~

  # 如果是JS请求可能会有跨域访问问题，可将如下参数设置为，允许的域名，全部域名设置*号，否则设置为空
  accessControlAllowOrigin: '*'

If encryption is enabled, you need to import the DES encryption tool first:

JS：<script src="${ctxStatic}/common/des.js?${_version}"></script>

Java:com.jeesite.common.codec.DesUtils

After the introduction is complete, the encryption can be called by the following methods:

JS：

<script>
var secretKey = '${@Global.getConfig("shiro.loginSubmit.secretKey")}';
var username = DesUtils.encode('system', secretKey);
var password = DesUtils.encode('admin', secretKey);
console.log('&username=' + username + '&password=' + password);
</script>

Java：

String secretKey = Global.getConfig("shiro.loginSubmit.secretKey");
String username = DesUtils.encode("system", secretKey);
String password = DesUtils.encode("admin", secretKey);
System.out.println("&username=" + username + "&password=" + password);

For the above two languages, the output results are the same as follows:

&username=F3EDC7D2C193E0B8DCF554C726719ED2&password=235880C505ACCDA5C581A4F4CDB81DA0

Now we can use this username and password to test login.

Through JS Ajax or through Java HttpClient, make a POST or GET request to the following address to perform login verification:

http://127.0.0.1:8980/js/a/login?__login=true&__ajax=json&username=F3EDC7D2C193E0B8DCF554C726719ED2&password=235880C505ACCDA5C581A4F4CDB81DA0

You can also add login additional parameters as follows:

1、可以指定登录设备类型（在线用户列表区分、登录验证码按设备区分，可根据设备指定session超时时间，默认PC）：
   &param_deviceType=mobileApp
2、可以指定登录的系统（区分不同的菜单，默认default）
   &param_sysCode=mobileApp
3、可以指定登录页面和主框架页的视图（默认：employee）
   &param_userType=member

If the login information is incorrect, the following failure JSON data will be returned:

{
	"username": "F3EDC7D2C193E110B8DCF554C726719ED2",
	"rememberMe": false,
	"rememberUserCode": false,
	"params": "",
	"shiroLoginFailure": "org.apache.shiro.authc.UnknownAccountException",
	"message": "账号或密码错误, 请重试.",
	"isValidCodeLogin": false,
	"result": "false",
	"sessionid":"2a6669501bf24afebcf4ff63eb048a56"
}

If it fails, for the second login, it is recommended to attach a __sid parameter to indicate the same session, such as:

http://127.0.0.1:8980/js/a/login?__login=true&__ajax=json&username=F3EDC7D2C193E0B8DCF554C726719ED2&password=235880C505ACCDA5C581A4F4CDB81DA0&__sid=2a6669501bf24afebcf4ff63eb048a56

Note: If the number of password failures configured by the parameter exceeds the warning value, the returned result information isValidCodeLoginwill change to true. At this time, you need to call the http://127.0.0.1:8980/js/validCode?__sid=2a6669501bf24afebcf4ff63eb048a56address to obtain the verification code picture. Also, please note that the mobile terminal generally calls without cookies. It is recommended to include the __sid parameter in the additional request parameters, otherwise the obtained verification code value will not match your login request session.

If the login information is correct, the following JSON data of successful login is returned:

{
	"user": {
		"id": "system",
		"status": "0",
		"remarks": "",
		"userCode": "system",
		"loginCode": "system",
		"userName": "超级管理员",
		"userType": "none",
		"mgrType": "0",
		"lastLoginIp": "127.0.0.1",
		"lastLoginDate": "2018-03-14 22:34:44",
		"userWeight": 0,
		"oldLastLoginIp": "127.0.0.1",
		"corpName_": "JeeSite",
		"corpCode_": "0",
		"oldLoginDate": "2018-03-14 22:34:44",
		"avatarUrl": "/ctxPath/static/images/user1.jpg"
	},
	"result": "true",
	"message": "登录成功！",
	"sessionid": "5fe9c7c45ded4425b03eff8f78179637"
}

In the successful login information, there is also a sessionid attribute, the attribute value will be used as the credential for your future access to the system, which is equivalent to the token token, for example:

1、获取用户权限信息：
  http://127.0.0.1:8980/js/a/authInfo?__sid=5fe9c7c45ded4425b03eff8f78179637
2、获取用户菜单信息：
  http://127.0.0.1:8980/js/a/menuTree?__sid=5fe9c7c45ded4425b03eff8f78179637
3、重新获取登录信息：
  http://127.0.0.1:8980/js/a/index.json?__sid=5fe9c7c45ded4425b03eff8f78179637
4、获取当前用户信息：
  http://127.0.0.1:8980/js/a/sys/user/info.json?__sid=5fe9c7c45ded4425b03eff8f78179637

system exit

http://127.0.0.1:8980/js/a/logout?__ajax=json&__sid=5fe9c7c45ded4425b03eff8f78179637

Note: In a cookie-free environment, you must specify the sessionid to exit

Return JSON data:

{"result":"true","message":"退出成功！"}

interface discovery

The remaining interfaces will not be explained one by one, and I will give you a method for interface discovery.

All connections add .json or .xml or add __ajax=jsonparameters , or add __ajax=xmlparameters, then automatically return json or xml data instead of view, for example:

The access address of the user list is /a/sys/empUser/list. If it is accessed directly, it will return to the view interface of the page. If the suffix .json is added, it will return the json data required by the view, such as: /a/sys/empUser/ list.json, so the returned data can be used in your front-end split application.

All list-loaded data uses listData as the suffix to obtain data. If the data address of the user list is /a/sys/empUser/listData, JSON data is directly returned.

listData is just a naming convention, what if you find an address that doesn't follow the spec? You can open the Network through the Chrome browser's developer interface (F12), and select XHR in the Filter. Okay, it's ready. This is when you click the query button in the list to monitor the address of the accessed data.

Develop an API interface

Add @ResponseBody to your Controller mapping method to return JSON data without returning a view

Or replace @Controller with @RestController, then apply all mapping methods to return JSON data.

If you want to use both, just add the .json suffix as described in the interface discovery chapter.

In addition, for mobile or high-concurrency applications, traffic is very precious, and a lot of useless data may be returned through common methods. In this case, you'd better override Rest to clean up the useless data as null, and it will not return to the front desk.