源码下载

一、API安全机制-数据库层安全策略 API安全机制.png

在前面说的API安全机制包含业务逻辑外（流控、认证）的安全机制和业务内的安全机制（校验请求的参数和数据库层的字段校验）

• 在与数据库表对应的实体类上添加注解@Column(unique = true)来确定该字段必须是唯一的，可以设置许多关于@Column的属性

/**
 * 负责与数据库对应
 */
@Data
@Entity
@Table(name = "t_user")
public class RavenUser {
    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private Long id;
    private String name;
    @Column(unique = true)
    private String username;
    private String password;

    public RavenUserInfo builderUserInfo() {
        RavenUserInfo userInfo = new RavenUserInfo();
        BeanUtils.copyProperties(this, userInfo);
        return userInfo;
    }
}

• 在保存字段username已有ww的情况时，就会保存

{
    "name":"ww",
    "username":"ww",
    "password":"123456"
}

• 错误

{
    "timestamp": "2020-05-12T14:13:59.505+0000",
    "status": 500,
    "error": "Internal Server Error",
    "message": "could not execute statement; SQL [n/a]; constraint [UK_jhib4legehrm4yscx9t3lirqi]; nested exception is org.hibernate.exception.ConstraintViolationException: could not execute statement",
    "path": "/users/save"
}