第十四周总结
Java 学习第十四周总结
一、学习概述
本周学习内容涵盖 Java Web 开发核心技术与数据库操作。在 Java Web 方面,深入学习了会话管理、数据库操作、Maven 项目管理、Spring 框架基础、Spring MVC 框架以及 Web 安全机制;数据库部分则系统学习了 DDL、DML、DQL 等数据库操作语言,并通过案例实践强化了数据库设计与查询能力。通过理论与实践结合,掌握了 Java Web 应用开发的完整流程与数据库操作的核心技能。
二、Java Web 核心技术
- 会话管理技术
Cookie 技术
// 创建与发送Cookie
@WebServlet("/setCookie")
public class CookieServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// 创建Cookie
Cookie cookie = new Cookie("username", "alice");
// 设置有效期为1天(单位:秒)
cookie.setMaxAge(24 * 60 * 60);
// 设置作用路径
cookie.setPath("/");
// 发送Cookie到客户端
response.addCookie(cookie);
response.getWriter().println("Cookie已设置");
}
}
// 获取Cookie
@WebServlet("/getCookie")
public class GetCookieServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (Cookie cookie : cookies) {
if ("username".equals(cookie.getName())) {
response.getWriter().println("用户名: " + cookie.getValue());
break;
}
}
}
}
}
Session 技术
// 使用Session存储用户信息
@WebServlet("/login")
public class LoginServlet extends HttpServlet {
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String username = request.getParameter("username");
String password = request.getParameter("password");
// 验证用户(简化示例)
if ("alice".equals(username) && "123456".equals(password)) {
// 获取Session
HttpSession session = request.getSession();
// 存储用户信息到Session
session.setAttribute("user", username);
// 设置Session超时时间(单位:分钟)
session.setMaxInactiveInterval(30);
response.sendRedirect("home");
} else {
response.sendRedirect("login.html?error=1");
}
}
}
// 验证Session登录状态
@WebServlet("/home")
public class HomeServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
HttpSession session = request.getSession(false);
if (session != null && session.getAttribute("user") != null) {
response.getWriter().println("欢迎, " + session.getAttribute("user"));
} else {
response.sendRedirect("login.html");
}
}
}
2. 数据库操作技术
JDBC 基础操作
public class JdbcDemo {
public static void main(String[] args) {
Connection conn = null;
PreparedStatement pstmt = null;
ResultSet rs = null;
try {
// 1. 加载驱动
Class.forName("com.mysql.cj.jdbc.Driver");
// 2. 建立连接
String url = "jdbc:mysql://localhost:3306/testdb?useSSL=false";
conn = DriverManager.getConnection(url, "root", "password");
// 3. 创建预编译语句
String sql = "SELECT * FROM users WHERE id = ?";
pstmt = conn.prepareStatement(sql);
pstmt.setInt(1, 1);
// 4. 执行查询
rs = pstmt.executeQuery();
// 5. 处理结果
if (rs.next()) {
System.out.println("姓名: " + rs.getString("name"));
System.out.println("邮箱: " + rs.getString("email"));
}
} catch (Exception e) {
e.printStackTrace();
} finally {
// 6. 关闭资源
try {
if (rs != null) rs.close();
if (pstmt != null) pstmt.close();
if (conn != null) conn.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
}
}
数据库连接池(DBCP 示例)
driverClassName=com.mysql.cj.jdbc.Driver
url=jdbc:mysql://localhost:3306/testdb?useSSL=false
username=root
password=password
initialSize=5
maxActive=20
maxIdle=10
minIdle=5
maxWait=5000
public class DBCPExample {
private DataSource dataSource;
public DBCPExample() {
try {
Properties props = new Properties();
props.load(DBCPExample.class.getClassLoader().getResourceAsStream("dbcp.properties"));
BasicDataSource ds = new BasicDataSource();
ds.setDriverClassName(props.getProperty("driverClassName"));
ds.setUrl(props.getProperty("url"));
ds.setUsername(props.getProperty("username"));
ds.setPassword(props.getProperty("password"));
ds.setInitialSize(Integer.parseInt(props.getProperty("initialSize")));
ds.setMaxActive(Integer.parseInt(props.getProperty("maxActive")));
dataSource = ds;
} catch (Exception e) {
e.printStackTrace();
}
}
public void queryUser() {
Connection conn = null;
PreparedStatement pstmt = null;
ResultSet rs = null;
try {
conn = dataSource.getConnection();
String sql = "SELECT * FROM users LIMIT 1";
pstmt = conn.prepareStatement(sql);
rs = pstmt.executeQuery();
if (rs.next()) {
System.out.println("查询成功: " + rs.getString("name"));
}
} catch (SQLException e) {
e.printStackTrace();
} finally {
// 关闭资源(使用DBCP时只需关闭连接,连接会返回池中)
try {
if (rs != null) rs.close();
if (pstmt != null) pstmt.close();
if (conn != null) conn.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
}
}
3. Maven 项目管理
POM.xml 示例
<groupId>com.example</groupId>
<artifactId>java-web-demo</artifactId>
<version>1.0.0</version>
<packaging>war</packaging>
<properties>
<maven.compiler.source>11</maven.compiler.source>
<maven.compiler.target>11</maven.compiler.target>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>
<dependencies>
<!-- Servlet API -->
<dependency>
<groupId>jakarta.servlet</groupId>
<artifactId>jakarta.servlet-api</artifactId>
<version>5.0.0</version>
<scope>provided</scope>
</dependency>
<!-- JSP API -->
<dependency>
<groupId>jakarta.servlet.jsp</groupId>
<artifactId>jakarta.servlet.jsp-api</artifactId>
<version>3.0.1</version>
<scope>provided</scope>
</dependency>
<!-- MySQL驱动 -->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>8.0.28</version>
</dependency>
<!-- DBCP连接池 -->
<dependency>
<groupId>commons-dbcp</groupId>
<artifactId>commons-dbcp</artifactId>
<version>1.4</version>
</dependency>
</dependencies>
<build>
<finalName>java-web-demo</finalName>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
<version>3.3.2</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.10.1</version>
<configuration>
<source>11</source>
<target>11</target>
</configuration>
</plugin>
</plugins>
</build>
// 服务接口
public interface UserService {
void saveUser(String name);
}
// 服务实现
@Service
public class UserServiceImpl implements UserService {
@Autowired
private UserDao userDao;
@Override
public void saveUser(String name) {
userDao.insert(name);
}
}
// 数据访问接口
public interface UserDao {
void insert(String name);
}
// 数据访问实现
@Repository
public class UserDaoImpl implements UserDao {
@Override
public void insert(String name) {
System.out.println("插入用户: " + name);
// 实际项目中会有数据库操作
}
}
// 配置类
@Configuration
@ComponentScan("com.example")
public class AppConfig {
// 配置Bean
@Bean
public DataSource dataSource() {
// 配置数据源
return new EmbeddedDatabaseBuilder()
.setType(EmbeddedDatabaseType.H2)
.build();
}
}
// 使用示例
public class SpringDemo {
public static void main(String[] args) {
ApplicationContext context = new AnnotationConfigApplicationContext(AppConfig.class);
UserService userService = context.getBean(UserService.class);
userService.saveUser("张三");
}
}
面向切面编程(AOP)
// 切面类
@Aspect
@Component
public class LoggingAspect {
// 定义切入点
@Pointcut("execution(* com.example.service...(..))")
public void serviceMethods() {}
// 前置通知
@Before("serviceMethods()")
public void beforeAdvice(JoinPoint joinPoint) {
System.out.println("开始执行方法: " + joinPoint.getSignature().getName());
}
// 后置通知
@AfterReturning(pointcut = "serviceMethods()", returning = "result")
public void afterAdvice(JoinPoint joinPoint, Object result) {
System.out.println("方法执行完毕: " + joinPoint.getSignature().getName() + ", 结果: " + result);
}
// 环绕通知
@Around("serviceMethods()")
public Object aroundAdvice(ProceedingJoinPoint pjp) throws Throwable {
System.out.println("环绕通知 - 进入方法");
long start = System.currentTimeMillis();
Object result = pjp.proceed();
long end = System.currentTimeMillis();
System.out.println("环绕通知 - 方法执行时间: " + (end - start) + "ms");
return result;
}
}
5. Spring MVC 框架
控制器示例
@Controller
@RequestMapping("/users")
public class UserController {
@Autowired
private UserService userService;
// 显示用户列表
@RequestMapping(method = RequestMethod.GET)
public String list(Model model) {
List<User> users = userService.getAllUsers();
model.addAttribute("users", users);
return "user/list"; // 返回视图名称
}
// 显示添加用户表单
@RequestMapping(value = "/add", method = RequestMethod.GET)
public String addForm(Model model) {
model.addAttribute("user", new User());
return "user/form";
}
// 处理添加用户
@RequestMapping(value = "/add", method = RequestMethod.POST)
public String addUser(@ModelAttribute("user") User user, BindingResult result) {
if (result.hasErrors()) {
return "user/form";
}
userService.saveUser(user);
return "redirect:/users";
}
// 获取用户详情(JSON格式)
@RequestMapping(value = "/{id}", method = RequestMethod.GET)
@ResponseBody
public User detail(@PathVariable("id") Long id) {
return userService.getUserById(id);
}
}
Spring MVC 配置
@Configuration
@EnableWebMvc
@ComponentScan("com.example.controller")
public class WebConfig implements WebMvcConfigurer {
@Override
public void configureViewResolvers(ViewResolverRegistry registry) {
InternalResourceViewResolver resolver = new InternalResourceViewResolver();
resolver.setPrefix("/WEB-INF/views/");
resolver.setSuffix(".jsp");
registry.viewResolver(resolver);
}
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/static/**").addResourceLocations("/static/");
}
}
<display-name>Java Web Demo</display-name>
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextClass</param-name>
<param-value>org.springframework.web.context.support.AnnotationConfigWebApplicationContext</param-value>
</init-param>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>com.example.config.WebConfig</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
// CSRF Token生成与验证过滤器
public class CsrfFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
// 生成Token(首次访问时)
HttpSession session = req.getSession();
String csrfToken = (String) session.getAttribute("csrfToken");
if (csrfToken == null) {
csrfToken = UUID.randomUUID().toString();
session.setAttribute("csrfToken", csrfToken);
}
// 将Token添加到响应头
resp.setHeader("X-CSRF-Token", csrfToken);
// 处理POST请求的Token验证
if ("POST".equals(req.getMethod())) {
String tokenFromRequest = req.getHeader("X-CSRF-Token");
if (tokenFromRequest == null || !tokenFromRequest.equals(csrfToken)) {
resp.sendError(HttpServletResponse.SC_FORBIDDEN, "CSRF验证失败");
return;
}
}
chain.doFilter(req, resp);
}
// 初始化与销毁方法省略
}
XSS 防护
// XSS过滤工具类
public class XSSFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
chain.doFilter(new XSSRequestWrapper((HttpServletRequest) request), response);
}
// 请求包装类,过滤参数中的XSS攻击
private class XSSRequestWrapper extends HttpServletRequestWrapper {
public XSSRequestWrapper(HttpServletRequest request) {
super(request);
}
@Override
public String getParameter(String name) {
String value = super.getParameter(name);
return cleanXSS(value);
}
@Override
public String[] getParameterValues(String name) {
String[] values = super.getParameterValues(name);
if (values != null) {
for (int i = 0; i < values.length; i++) {
values[i] = cleanXSS(values[i]);
浙公网安备 33010602011771号