First api to write some of the management of basic data of the user. Is the basic user additions and deletions to change search. Should spring boot can easily write this api
first new maven project
Dependencies
The introduction of dependency. The Boot with the latest the Spring
https://docs.spring.io/spring-boot/docs/2.2.0.RELEASE/reference/html/
https://docs.spring.io/spring-boot/docs/2.2.0 .RELEASE / reference / html / using-
spring-boot.html # using-boot-dependency-management search keyword maven. Found here
Copy this
copy into the project in pom.xml. With this dependency. After the introduction of various dependencies when he did not have to write the version number. Because dependencyManagement for us to have the provisions of the version number as well.
<dependencyManagement>
<dependencies>
<dependency>
<!-- Import dependency management from Spring Boot -->
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
<version>2.2.0.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
We want to write a web project to provide an http service. Enter the starter-web to search
Why eclipse can show effective pom
https://zhidao.baidu.com/question/401757501.html
m4eclipse plug-in implementation.
Maven pom.xml file for the complete / Actual / entry into force (effective) of
https://blog.csdn.net/iteye_15147/article/details/82567934
Continue Code
This copy down the search to
be copied to, dependencies inside the label
and remove the version number
Start a web project
Create a package
to create a startup class
New user package
Added user class
user category there are two properties id and name
and then search for lombok bag, searching here about the
copy to the project, and then remove the version number
@Data notes equivalent to adding these annotations. Automatic (persistent class) properties of the class for the method of generating getter pojo, setter method, constructor full parameter, the ToString method of covering the inside of the Object, and the sub-high HashCode method Equals
userController
First do not write business logic, first of all the method declarations
method of CRUD
search a group of users method
Learn attacks
2017 top10 attack
the first is injection attacks. The most common is sql injection.
Examples demonstrate sql injection attacks
The introduction of jdbc
sql injection would certainly need to do jdbc operations. Found some jdbc library.
Configuration database related parameters
now use the default drive is MySql8 of. So driving below the name used here to take note of. This is called the cj.jdbc.Driver name of the new class of MySql8 drive the
drive search mysql also add
the final reserved
Build a database table
On table field
plus a few test data
Within the controller database query
Query user table, the first injection of jdbcTemplate
run the test program
at http tool to request
name is not written finding out what
all users so put all queries to the system. This is the sql injection tool
program breakpoints plus track. or 1 = 1 is always the conditions are met.
Check input parameters to do the first input, write a regular expression to determine the parameters. Another is access control user database.
root user can do anything. Should one of the other user does not have permission to all databases.
With some of the more advanced library database operations such as JPA, Mybatis. Why not Mybaits are also at risk because it is injected into the sql. When used still have some points to note.
JPA virtually no risk.
Use Spring JPA
Dependency is introduced
within the configuration file with jpa related configuration
, if the increase in this property User object inside, will be automatically added to the database fields. If other new objects, the database will automatically be more out of a table. It will remain objects and database synchronization. Development time very convenient. But the general production when not to use it.
In the log you can see sql JPA eventual implementation of
the User class plus Entity annotation, so this pojo classes on database tables and made binding.
Plus a id tell jpa. This book id attribute primary key.
Write an interface. UserRepository. It is the object of data manipulation. We used to operate the User object. Operation User object is the operation of our User table.
Inherit this interface, used to do some dynamic queries
to create a basic CRUD interface. Long indicates the type of the primary key
Continue Controller Code
Injection Repository
This way, we declare him directly within the interface
Run the test
Implementation of the results empty
function achieved while preventing sql injection attack to steal data in our database
sql statement inside the log output
End