基于javaweb+springboot的学生学科竞赛管理管理系统设计和实现(java+springboot+ssm+maven)
主要技术、spring、 springmvc、 springboot、 mybatis 、 jquery 、 layUI、md5 、bootstarp.js tomcat、、拦截器等项目
主要功能:登录、用户、菜单管理、角色管理、权限管理、立项申请、报名、结、经费管理、审核、统计等
用户登录:输入账号密码和验证码登录登录、登陆后根据用户权限显示不同菜单、角色灵活控制。
适用
课程设计,大作业,毕业设计,项目练习,学习演示等
}
/**
* 获取最原始的request
*/
public static HttpServletRequest getOrgRequest(HttpServletRequest request) {
if (request instanceof XssHttpServletRequestWrapper) {
return ((XssHttpServletRequestWrapper) request).getOrgRequest();
}
return request;
}
}
SQL过滤业务:
/**
* SQL过滤
*
*/
@RequestMapping("sys/oss")
public class SysOssController {
@Autowired
private SysOssService sysOssService;
@Autowired
private SysConfigService sysConfigService;
private final static String KEY = ConfigConstant.CLOUD_STORAGE_CONFIG_KEY;
/**
* 列表
*/
@RequestMapping("/list")
@RequiresPermissions("sys:oss:all")
public R list(@RequestParam Map<String, Object> params){
PageUtils page = sysOssService.queryPage(params);
return R.ok().put("page", page);
}
* 系统用户
*/
@RestController
@RequestMapping("/sys/user")
public class SysUserController extends AbstractController {
@Autowired
private SysUserService sysUserService;
@Autowired
private SysUserRoleService sysUserRoleService;
/**
* 所有用户列表
*/
@RequestMapping("/list")
@RequiresPermissions("sys:user:list")
public R list(@RequestParam Map<String, Object> params){
PageUtils page = sysUserService.queryPage(params);
return R.ok().put("page", page);
}
Assert.isBlank(newPassword, "新密码不为能空");
//原密码
password = ShiroUtils.sha256(password, getUser().getSalt());
//新密码
newPassword = ShiroUtils.sha256(newPassword, getUser().getSalt());
//更新密码
boolean flag = sysUserService.updatePassword(getUserId(), password, newPassword);
if(!flag){
return R.error("原密码不正确");
}
return R.ok();
}
/**
* 删除用户
*/
@SysLog("删除用户")
@RequestMapping("/delete")
@RequiresPermissions("sys:user:delete")
public R delete(@RequestBody Long[] userIds){
if(ArrayUtils.contains(userIds, 1L)){
return R.error("系统管理员不能删除");
String value = super.getParameter(xssEncode(name));
if (StringUtils.isNotBlank(value)) {
value = xssEncode(value);
}
return value;
}
@Override
public String[] getParameterValues(String name) {
String[] parameters = super.getParameterValues(name);
if (parameters == null || parameters.length == 0) {
return null;
}
for (int i = 0; i < parameters.length; i++) {
parameters[i] = xssEncode(parameters[i]);
}
return parameters;
}
@Override
public Map<String,String[]> getParameterMap() {
/**
* 获取最原始的request
*/
public static HttpServletRequest getOrgRequest(HttpServletRequest request) {
if (request instanceof XssHttpServletRequestWrapper) {
return ((XssHttpServletRequestWrapper) request).getOrgRequest();
}
return request;
}
}
SQL过滤业务:
/**
* SQL过滤
*
@RequiresPermissions("sys:user:update")
public R update(@RequestBody SysUserEntity user){
ValidatorUtils.validateEntity(user, UpdateGroup.class);
sysUserService.update(user);
return R.ok();
}
/**
* 删除用户
*/
@SysLog("删除用户")
@RequestMapping("/delete")
@RequiresPermissions("sys:user:delete")
public R delete(@RequestBody Long[] userIds){
@RequiresPermissions("sys:oss:all")
public R saveConfig(@RequestBody CloudStorageConfig config){
//校验类型
ValidatorUtils.validateEntity(config);
if(config.getType() == Constant.CloudService.QINIU.getValue()){
//校验七牛数据
ValidatorUtils.validateEntity(config, QiniuGroup.class);
}else if(config.getType() == Constant.CloudService.ALIYUN.getValue()){
//校验阿里云数据
ValidatorUtils.validateEntity(config, AliyunGroup.class);
}else if(config.getType() == Constant.CloudService.QCLOUD.getValue()){
//校验腾讯云数据
ValidatorUtils.validateEntity(config, QcloudGroup.class);
}
sysConfigService.updateValueByKey(KEY, new Gson().toJson(config));
return R.ok();
}
@SysLog("保存配置")
@RequestMapping("/save")
@RequiresPermissions("sys:config:save")
public R save(@RequestBody SysConfigEntity config){
ValidatorUtils.validateEntity(config);
sysConfigService.saveConfig(config);
return R.ok();
}
/**
* 修改配置
*/
@SysLog("修改配置")
@RequestMapping("/update")
@RequiresPermissions("sys:config:update")
public R update(@RequestBody SysConfigEntity config){
ValidatorUtils.validateEntity(config);
sysConfigService.update(config);
return R.ok();
ValidatorUtils.validateEntity(config, QcloudGroup.class);
}
sysConfigService.updateValueByKey(KEY, new Gson().toJson(config));
return R.ok();
}
/**
* 上传文件
*/
@RequestMapping("/upload")
@RequestMapping("/sys/user")
public class SysUserController extends AbstractController {
@Autowired
private SysUserService sysUserService;
@Autowired
private SysUserRoleService sysUserRoleService;
/**
* 所有用户列表
*/
@RequestMapping("/list")
@RequiresPermissions("sys:user:list")
public R list(@RequestParam Map<String, Object> params){
PageUtils page = sysUserService.queryPage(params);
return R.ok().put("page", page);
}
public R list(@RequestParam Map<String, Object> params){
PageUtils page = sysConfigService.queryPage(params);
return R.ok().put("page", page);
}
/**
* 配置信息
*/
@RequestMapping("/info/{id}")
@RequiresPermissions("sys:config:info")
@ResponseBody
public R info(@PathVariable("id") Long id){
SysConfigEntity config = sysConfigService.getById(id);
return R.ok().put("config", config);
}
/**
* 保存配置
*/
@SysLog("保存配置")
@RequestMapping("/sys/config")
public class SysConfigController extends AbstractController {
@Autowired
private SysConfigService sysConfigService;
/**
* 所有配置列表
*/
@RequestMapping("/list")
@RequiresPermissions("sys:config:list")
public R list(@RequestParam Map<String, Object> params){
PageUtils page = sysConfigService.queryPage(params);
return R.ok().put("page", page);
}
/**
* 配置信息
*/
@RequestMapping("/info/{id}")
@RequiresPermissions("sys:config:info")
}
/**
* 获取登录的用户信息
*/
@RequestMapping("/info")
public R info(){
return R.ok().put("user", getUser());
}
/**
* 修改登录用户密码
*/
@SysLog("修改密码")
public R delete(@RequestBody Long[] ids){
sysConfigService.deleteBatch(ids);
return R.ok();
}
}
文件上传业务:
/**
* 文件上传
*/
@RestController
@RequestMapping("sys/oss")
public class SysOssController {
@Autowired
str = StringUtils.replace(str, "\"", "");
str = StringUtils.replace(str, ";", "");
str = StringUtils.replace(str, "\\", "");
//转换成小写
str = str.toLowerCase();
//非法字符
String[] keywords = {"master", "truncate", "insert", "select", "delete", "update", "declare", "alter", "drop"};
//判断是否包含非法字符
for(String keyword : keywords){
if(str.indexOf(keyword) != -1){
throw new RRException("包含非法字符");
}
}
return str;
}
}
系统用户业务操作:
sysConfigService.update(config);
return R.ok();
}
/**
* 删除配置
*/
@SysLog("删除配置")
value = xssEncode(value);
}
return value;
}
private String xssEncode(String input) {
return htmlFilter.filter(input);
}
/**
* 获取最原始的request
*/
public HttpServletRequest getOrgRequest() {
return orgRequest;
}
/**
* 获取最原始的request
*/
public static HttpServletRequest getOrgRequest(HttpServletRequest request) {
if (request instanceof XssHttpServletRequestWrapper) {
return ((XssHttpServletRequestWrapper) request).getOrgRequest();
}
return request;
return R.ok();
}
}
系统配置信息:
/**
* 系统配置信息
*
*/
@RestController
@RequestMapping("/sys/config")
public class SysConfigController extends AbstractController {
@Autowired
private SysConfigService sysConfigService;
public static String sqlInject(String str){
if(StringUtils.isBlank(str)){
return null;
}
//去掉'|"|;|\字符
str = StringUtils.replace(str, "'", "");
str = StringUtils.replace(str, "\"", "");
str = StringUtils.replace(str, ";", "");
str = StringUtils.replace(str, "\\", "");
//转换成小写
str = str.toLowerCase();
//非法字符
String[] keywords = {"master", "truncate", "insert", "select", "delete", "update", "declare", "alter", "drop"};
//判断是否包含非法字符
for(String keyword : keywords){
if(str.indexOf(keyword) != -1){
throw new RRException("包含非法字符");
return R.ok().put("user", user);
}
/**
* 保存用户
*/
@SysLog("保存用户")
@RequestMapping("/save")
@RequiresPermissions("sys:user:save")
public R save(@RequestBody SysUserEntity user){
ValidatorUtils.validateEntity(user, AddGroup.class);
str = StringUtils.replace(str, "\"", "");
str = StringUtils.replace(str, ";", "");
str = StringUtils.replace(str, "\\", "");
//转换成小写
str = str.toLowerCase();
//非法字符
String[] keywords = {"master", "truncate", "insert", "select", "delete", "update", "declare", "alter", "drop"};
//判断是否包含非法字符
for(String keyword : keywords){
if(str.indexOf(keyword) != -1){
throw new RRException("包含非法字符");
}
}
return str;
}
}
系统用户业务操作:
/**
* 系统用户
*/
@RestController
* 修改用户
*/
@SysLog("修改用户")
@RequestMapping("/update")
@RequiresPermissions("sys:user:update")
public R update(@RequestBody SysUserEntity user){
ValidatorUtils.validateEntity(user, UpdateGroup.class);
sysUserService.update(user);
return R.ok();
}
/**
* 删除用户
*/
@SysLog("删除用户")
@RequestMapping("/delete")
@RequiresPermissions("sys:user:delete")
public R delete(@RequestBody Long[] userIds){
for (int i = 0; i < values.length; i++) {
values[i] = xssEncode(values[i]);
}
map.put(key, values);
}
return map;
}
@Override
public String getHeader(String name) {
String value = super.getHeader(xssEncode(name));
if (StringUtils.isNotBlank(value)) {
value = xssEncode(value);
}
return value;
}
private String xssEncode(String input) {
return htmlFilter.filter(input);
}
/**
* 获取最原始的request
*/
public HttpServletRequest getOrgRequest() {
return orgRequest;
}
return true;
}
@Override
public boolean isReady() {
return true;
}
@Override
public void setReadListener(ReadListener readListener) {
}
@Override
public int read() throws IOException {
return bis.read();
}
};
}
@Override
public String getParameter(String name) {
String value = super.getParameter(xssEncode(name));
if (StringUtils.isNotBlank(value)) {
value = xssEncode(value);
*/
private final static HTMLFilter htmlFilter = new HTMLFilter();
public XssHttpServletRequestWrapper(HttpServletRequest request) {
super(request);
orgRequest = request;
}
@Override
public ServletInputStream getInputStream() throws IOException {
//非json类型,直接返回
if(!MediaType.APPLICATION_JSON_VALUE.equalsIgnoreCase(super.getHeader(HttpHeaders.CONTENT_TYPE))){
return super.getInputStream();
}
//为空,直接返回
String json = IOUtils.toString(super.getInputStream(), "utf-8");
if (StringUtils.isBlank(json)) {
return super.getInputStream();
}
//xss过滤