一、API安全机制-业务逻辑API
API安全机制.png
@Slf4j
@RestController
@RequestMapping("/users")
public class UserController {
@Autowired
private IRavenUserService userService;
@PostMapping("/save")
public RavenUserInfo create(@RequestBody @Validated RavenUserInfo userInfo) {
RavenUserInfo user = this.userService.create(userInfo);
return user;
}
}
/**
* 是RavenUser 对外的封装
* 负责外界服务
*/
@Data
public class RavenUserInfo {
private Long id;
private String name;
@NotBlank
private String username;
@NotBlank
private String password;
}
- 在RavenUserInfo类中指定了username和password不能为空,在请求中RavenUserInfo参数前指定@Validated,表示RavenUserInfo类中的@NotBlank注解生效
- JSON中username字段为空
{
"name":"zl",
"username":"",
"password":"123456"
}
{
"timestamp": "2020-05-12T13:29:11.982+0000",
"status": 400,
"error": "Bad Request",
"errors": [
{
"codes": [
"NotBlank.ravenUserInfo.username",
"NotBlank.username",
"NotBlank.java.lang.String",
"NotBlank"
],
"arguments": [
{
"codes": [
"ravenUserInfo.username",
"username"
],
"arguments": null,
"defaultMessage": "username",
"code": "username"
}
],
"defaultMessage": "不能为空",
"objectName": "ravenUserInfo",
"field": "username",
"rejectedValue": "",
"bindingFailure": false,
"code": "NotBlank"
}
],
"message": "Validation failed for object='ravenUserInfo'. Error count: 1",
"path": "/users/save"
}
网友评论