EMOS personal tutorial - Chapter 2 building back-end projects from scratch

1 Introduction to this chapter

2 create a SpringBoot project

Change application.properties to application.yml

Configure tomcat

    uri-encoding: UTF-8
      max: 200
      min-spare: 30
    connection-timeout: 5000ms
  port: 8080
    context-path: /emos-wx-api

Configure data connection pool

    type: com.alibaba.druid.pool.DruidDataSource
      driver-class-name: com.mysql.cj.jdbc.Driver
      url: jdbc:mysql://localhost:3306/emos?useUnicode=true&characterEncoding=UTF-8&serverTimezone=Asia/Shanghai
      username: root
      password: 123456
      initial-size: 8
      max-active: 16
      min-idle: 8
      max-wait: 60000
      test-while-idle: true
      test-on-borrow: false
      test-on-return: false

Add configuration in pom.xml


Configure redis data source

    database: 0
    host: localhost
    port: 6379
    password: 123456
        max-active: 1000
        max-wait: -1ms
        max-idle: 16
        min-idle: 8

Configure mongo data source

      host: localhost
      port: 27017
      database: emos
      authentication-database: admin
      username: admin
      password: 123456

3 configure MyBatis

3.1 create database connection

3.2 select the data table to generate MyBatis file

be careful: -Add @ Mapper to dao file to remove the method in the file -The mapper corresponding to the dao file removes the sql operation configuration in the file

3.3 modify yml file and add MyBatis configuration information

  mapper-locations: classpath*:mapper/*.xml
  type-aliases-package: com.example.emos.wx.db.pojo
    log-impl: org.apache.ibatis.logging.stdout.StdOutImpl
    map-underscore-to-camel-case: true

3.4 setting log output

    root: info
    com.example.emos.wx.db.dao: warn
    console: "%d{HH:mm:ss}  %-5level  %msg%n"

4 create a custom exception class

  • Why inherit RuntimeException?
    • Exceptions of type Exception must be handled manually
    • RuntimeException exceptions can be handled automatically or manually
  • Included properties
    • Status code
    • Exception message
package com.example.emos.wx.exception;

import lombok.Data;

public class EmosException extends RuntimeException {
    private String msg;
    private int code = 500;

    public EmosException(String msg) {
        this.msg = msg;

    public EmosException(String msg, Throwable e) {
        super(msg, e);
        this.msg = msg;

    public EmosException(String msg, int code) {
        this.msg = msg;
        this.code = code;

    public EmosException(String msg, int code, Throwable e) {
        super(msg, e);
        this.msg = msg;
        this.code = code;

5 encapsulating Web return objects

  • Java Web projects need a unified data return format
    • Service status code
    • Business message
    • Business data
  • Import httpcomponents Library
    • Many HTTP status codes are defined
    • It eliminates the need for us to customize the status code constant
  • Class R inherits from HashMap
  • Packaging method
    • ok method
    • error method
package com.example.emos.wx.common.util;

import org.apache.http.HttpStatus;

import java.util.HashMap;
import java.util.Map;

public class R extends HashMap<String,Object> {
    public R(){
        put("code", HttpStatus.SC_OK);
    public R put(String key,Object value){
        return this;
    public static R ok(){
        return new R();
    public static R ok(String msg){
        R r=new R();
        return r;
    public static R ok(Map<String,Object> map){
        R r=new R();
        return r;

    public static R error(int code,String msg){
        R r=new R();
        return r;
    public static R error(String msg){
        return error(HttpStatus.SC_INTERNAL_SERVER_ERROR,msg);
    public static R error(){
        return error(HttpStatus.SC_INTERNAL_SERVER_ERROR,"Unknown exception, please contact the administrator");

6. Use Swagger to build REST API

6.1 Swagger2 is used in this course

6.2 adding dependent Libraries


6.3 configuring Swagger

  • (ApiInfoBuilder) defines the basic information of Swagger page
  • (Apis electorbuilder) which methods in classes will appear on Swagger
  • Enable support for JWT
    • List: what parameters do users need to enter
    • AuthorizationScope []: scope of JWT authentication in Swagger
    • List: scope of token
    • List: token context
package com.example.emos.wx.config;
public class SwaggerConfig {}

7 create Web method test Swagger

7.1 writing Web interface TestController

package com.example.emos.wx.controller;

import com.example.emos.wx.common.util.R;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@Api("test Web Interface")
public class TestController {
    @ApiOperation("The simplest test method")
    public R sayHello(){
        return R.ok().put("message", "HelloWorld");

7.2 class declarations should be annotated with @ API

7.3 the web method should be annotated with @ ApiOperation

Test connection:

8. Configure the backend authentication function

8.1 using the Validation Library

8.2 adding dependent Libraries


8.3 create Form class

  • Class declares the @ ApiModel to be added
  • Property declaration to add @ ApiModelProperty
  • Attribute declaration to add validation annotation
    • @NotNull
    • @NotBlank
    • @Min
    • @Max
    • @Range
    • @Pattern

8.4 @ Valid annotation shall be used for validation data

package com.example.emos.wx.controller.form;

import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import lombok.Data;

import javax.validation.constraints.NotBlank;
import javax.validation.constraints.Pattern;

public class TestSayHelloForm {
    @Pattern(regexp = "^[\\u4e00-\\u9fa5]{2,15}$",message = "Does not conform to regular expression")
    @ApiModelProperty("Name: 2-15 chinese")
    private String name;

9 defend against immediate cross site scripting (XSS) attacks

9.1 reasons

  • XSS attack usually refers to injecting malicious instructions into web pages through clever methods by taking advantage of the vulnerability of data saved in the website system, and users will automatically execute malicious scripts when loading web pages.
  • If hackers can execute javaScript on your browser, they can steal cookies or tokens

9.2 importing Hutool dependencies

package com.example.emos.wx.config.xss;
public class  XssHttpServletRequestWrapper extends HttpServletRequestWrapper {}
public class XssFilter implements Filter {}

Add @ ServletComponentScan to EmosWxApiApplication startup class

9.3 data escape in Http request

  • catalog filter
  • Method of overriding Http request
    • HttpServletRequest is an interface that various server manufacturers will implement
    • If we directly inherit the request parent class of each manufacturer, our program will be bound with the manufacturer
    • HttpServletRequestWrapper class
      • Decorator mode is used
      • The decorator encapsulates the manufacturer's Request implementation class
      • You can override the methods in the vendor request object by overriding the methods of the Wrapper class
  • Create a filter and pass the Request object into the Wrapper object

10 testing cross site scripting attacks

11 summary of this chapter

Posted by devman42 on Thu, 04 Nov 2021 19:14:09 -0700