[application.properti...]的搜索结果

...ng custom properties on the user class and how to use database migrations to apply those properties without deleting the data in the ASP.NET Identity database. I also explain how ASP.NET Identity supports the concept of claims and demonstrates how they can be used to flexibly authorize access to action methods. I finish the chapter—and the book—by showing you how ASP.NET Identity makes it easy to authenticate users through third parties. I demonstrate authentication with Google accounts, but ASP.NET Identity has built-in support for Microsoft, Facebook, and Twitter accounts as well. Table 15-1 summarizes this chapter. 本章将完成对ASP.NET Identity的描述，向你展示它所提供的一些高级特性。我将演示，你可以扩展ASP.NET Identity的数据库架构，其办法是在用户类上定义一些自定义属性。也会演示如何使用数据库迁移，这样可以运用自定义属性，而不必删除ASP.NET Identity数据库中的数据。还会解释ASP.NET Identity如何支持声明（Claims）概念，并演示如何将它们灵活地用来对动作方法进行授权访问。最后向你展示ASP.NET Identity很容易通过第三方部件来认证用户，以此结束本章以及本书。将要演示的是使用Google账号认证，但ASP.NET Identity对于Microsoft、Facebook以及Twitter账号，都有内建的支持。表15-1是本章概要。 Table 15-1. Chapter Summary 表15-1. 本章概要 Problem 问题 Solution 解决方案 Listing 清单号 Store additional information about users. 存储用户的附加信息 Define custom user properties. 定义自定义用户属性 1–3, 8–11 Update the database schema without deleting user data. 更新数据库架构而不删除用户数据 Perform a database migration. 执行数据库迁移 4–7 Perform fine-grained authorization. 执行细粒度授权 Use claims. 使用声明（Claims） 12–14 Add claims about a user. 添加用户的声明（Claims） Use the ClaimsIdentity.AddClaims method. 使用ClaimsIdentity.AddClaims方法 15–19 Authorize access based on claim values. 基于声明（Claims）值授权访问 Create a custom authorization filter attribute. 创建一个自定义的授权过滤器注解属性 20–21 Authenticate through a third party. 通过第三方认证 Install the NuGet package for the authentication provider, redirect requests to that provider, and specify a callback URL that creates the user account. 安装认证提供器的NuGet包，将请求重定向到该提供器，并指定一个创建用户账号的回调URL。 22–25 15.1 Preparing the Example Project 15.1 准备示例项目 In this chapter, I am going to continue working on the Users project I created in Chapter 13 and enhanced in Chapter 14. No changes to the application are required, but start the application and make sure that there are users in the database. Figure 15-1 shows the state of my database, which contains the users Admin, Alice, Bob, and Joe from the previous chapter. To check the users, start the application and request the /Admin/Index URL and authenticate as the Admin user. 本章打算继续使用第13章创建并在第14章增强的Users项目。对应用程序无需做什么改变，但需要启动应用程序，并确保数据库中有一些用户。图15-1显示了数据库的状态，它含有上一章的用户Admin、Alice、Bob以及Joe。为了检查用户，请启动应用程序，请求/Admin/Index URL，并以Admin用户进行认证。 Figure 15-1. The initial users in the Identity database 图15-1. Identity数据库中的最初用户 I also need some roles for this chapter. I used the RoleAdmin controller to create roles called Users and Employees and assigned the users to those roles, as described in Table 15-2. 本章还需要一些角色。我用RoleAdmin控制器创建了角色Users和Employees，并为这些角色指定了一些用户，如表15-2所示。 Table 15-2. The Types of Web Forms Code Nuggets 表15-2. 角色及成员（作者将此表的标题写错了——译者注） Role 角色 Members 成员 Users Alice, Joe Employees Alice, Bob Figure 15-2 shows the required role configuration displayed by the RoleAdmin controller. 图15-2显示了由RoleAdmin控制器所显示出来的必要的角色配置。 Figure 15-2. Configuring the roles required for this chapter 图15-2. 配置本章所需的角色 15.2 Adding Custom User Properties 15.2 添加自定义用户属性 When I created the AppUser class to represent users in Chapter 13, I noted that the base class defined a basic set of properties to describe the user, such as e-mail address and telephone number. Most applications need to store more information about users, including persistent application preferences and details such as addresses—in short, any data that is useful to running the application and that should last between sessions. In ASP.NET Membership, this was handled through the user profile system, but ASP.NET Identity takes a different approach. 我在第13章创建AppUser类来表示用户时曾做过说明，基类定义了一组描述用户的基本属性，如E-mail地址、电话号码等。大多数应用程序还需要存储用户的更多信息，包括持久化应用程序爱好以及地址等细节——简言之，需要存储对运行应用程序有用并且在各次会话之间应当保持的任何数据。在ASP.NET Membership中，这是通过用户资料（User Profile）系统来处理的，但ASP.NET Identity采取了一种不同的办法。 Because the ASP.NET Identity system uses Entity Framework to store its data by default, defining additional user information is just a matter of adding properties to the user class and letting the Code First feature create the database schema required to store them. Table 15-3 puts custom user properties in context. 因为ASP.NET Identity默认是使用Entity Framework来存储其数据的，定义附加的用户信息只不过是给用户类添加属性的事情，然后让Code First特性去创建需要存储它们的数据库架构即可。表15-3描述了自定义用户属性的情形。 Table 15-3. Putting Cusotm User Properties in Context 表15-3. 自定义用户属性的情形 Question 问题 Answer 回答 What is it? 什么是自定义用户属性？ Custom user properties allow you to store additional information about your users, including their preferences and settings. 自定义用户属性让你能够存储附加的用户信息，包括他们的爱好和设置。 Why should I care? 为何要关心它？ A persistent store of settings means that the user doesn’t have to provide the same information each time they log in to the application. 设置的持久化存储意味着，用户不必每次登录到应用程序时都提供同样的信息。 How is it used by the MVC framework? 在MVC框架中如何使用它？ This feature isn’t used directly by the MVC framework, but it is available for use in action methods. 此特性不是由MVC框架直接使用的，但它在动作方法中使用是有效的。 15.2.1 Defining Custom Properties 15.2.1 定义自定义属性 Listing 15-1 shows how I added a simple property to the AppUser class to represent the city in which the user lives. 清单15-1演示了如何给AppUser类添加一个简单的属性，用以表示用户生活的城市。 Listing 15-1. Adding a Property in the AppUser.cs File 清单15-1. 在AppUser.cs文件中添加属性 using System;using Microsoft.AspNet.Identity.EntityFramework;namespace Users.Models { public enum Cities {LONDON, PARIS, CHICAGO}public class AppUser : IdentityUser {public Cities City { get; set; } }} I have defined an enumeration called Cities that defines values for some large cities and added a property called City to the AppUser class. To allow the user to view and edit their City property, I added actions to the Home controller, as shown in Listing 15-2. 这里定义了一个枚举，名称为Cities，它定义了一些大城市的值，另外给AppUser类添加了一个名称为City的属性。为了让用户能够查看和编辑City属性，给Home控制器添加了几个动作方法，如清单15-2所示。 Listing 15-2. Adding Support for Custom User Properties in the HomeController.cs File 清单15-2. 在HomeController.cs文件中添加对自定义属性的支持 using System.Web.Mvc;using System.Collections.Generic;using System.Web;using System.Security.Principal;using System.Threading.Tasks;using Users.Infrastructure;using Microsoft.AspNet.Identity;using Microsoft.AspNet.Identity.Owin;using Users.Models;namespace Users.Controllers {public class HomeController : Controller {[Authorize]public ActionResult Index() {return View(GetData("Index"));}[Authorize(Roles = "Users")]public ActionResult OtherAction() {return View("Index", GetData("OtherAction"));}private Dictionary<string, object> GetData(string actionName) {Dictionary<string, object> dict= new Dictionary<string, object>();dict.Add("Action", actionName);dict.Add("User", HttpContext.User.Identity.Name);dict.Add("Authenticated", HttpContext.User.Identity.IsAuthenticated);dict.Add("Auth Type", HttpContext.User.Identity.AuthenticationType);dict.Add("In Users Role", HttpContext.User.IsInRole("Users"));return dict;} [Authorize]public ActionResult UserProps() {return View(CurrentUser);}[Authorize][HttpPost]public async Task<ActionResult> UserProps(Cities city) {AppUser user = CurrentUser;user.City = city;await UserManager.UpdateAsync(user);return View(user);}private AppUser CurrentUser {get {return UserManager.FindByName(HttpContext.User.Identity.Name);} }private AppUserManager UserManager {get {return HttpContext.GetOwinContext().GetUserManager<AppUserManager>();} }} } I added a CurrentUser property that uses the AppUserManager class to retrieve an AppUser instance to represent the current user. I pass the AppUser object as the view model object in the GET version of the UserProps action method, and the POST method uses it to update the value of the new City property. Listing 15-3 shows the UserProps.cshtml view, which displays the City property value and contains a form to change it. 我添加了一个CurrentUser属性，它使用AppUserManager类接收了表示当前用户的AppUser实例。在GET版本的UserProps动作方法中，传递了这个AppUser对象作为视图模型。而在POST版的方法中用它更新了City属性的值。清单15-3显示了UserProps.cshtml视图，它显示了City属性的值，并包含一个修改它的表单。 Listing 15-3. The Contents of the UserProps.cshtml File in the Views/Home Folder 清单15-3. Views/Home文件夹中UserProps.cshtml文件的内容 @using Users.Models@model AppUser@{ ViewBag.Title = "UserProps";}<div class="panel panel-primary"><div class="panel-heading">Custom User Properties</div><table class="table table-striped"><tr><th>City</th><td>@Model.City</td></tr></table></div> @using (Html.BeginForm()) {<div class="form-group"><label>City</label>@Html.DropDownListFor(x => x.City, new SelectList(Enum.GetNames(typeof(Cities))))</div><button class="btn btn-primary" type="submit">Save</button>} Caution Don’t start the application when you have created the view. In the sections that follow, I demonstrate how to preserve the contents of the database, and if you start the application now, the ASP.NET Identity users will be deleted. 警告：创建了视图之后不要启动应用程序。在以下小节中，将演示如何保留数据库的内容，如果现在启动应用程序，将会删除ASP.NET Identity的用户。 15.2.2 Preparing for Database Migration 15.2.2 准备数据库迁移 The default behavior for the Entity Framework Code First feature is to drop the tables in the database and re-create them whenever classes that drive the schema have changed. You saw this in Chapter 14 when I added support for roles: When the application was started, the database was reset, and the user accounts were lost. Entity Framework Code First特性的默认行为是，一旦修改了派生数据库架构的类，便会删除数据库中的数据表，并重新创建它们。在第14章可以看到这种情况，在我添加角色支持时：当重启应用程序后，数据库被重置，用户账号也丢失。 Don’t start the application yet, but if you were to do so, you would see a similar effect. Deleting data during development is usually not a problem, but doing so in a production setting is usually disastrous because it deletes all of the real user accounts and causes a panic while the backups are restored. In this section, I am going to demonstrate how to use the database migration feature, which updates a Code First schema in a less brutal manner and preserves the existing data it contains. 不要启动应用程序，但如果你这么做了，会看到类似的效果。在开发期间删除数据没什么问题，但如果在产品设置中这么做了，通常是灾难性的，因为它会删除所有真实的用户账号，而备份恢复是很痛苦的事。在本小节中，我打算演示如何使用数据库迁移特性，它能以比较温和的方式更新Code First的架构，并保留架构中的已有数据。 The first step is to issue the following command in the Visual Studio Package Manager Console: 第一个步骤是在Visual Studio的“Package Manager Console（包管理器控制台）”中发布以下命令： Enable-Migrations –EnableAutomaticMigrations This enables the database migration support and creates a Migrations folder in the Solution Explorer that contains a Configuration.cs class file, the contents of which are shown in Listing 15-4. 它启用了数据库的迁移支持，并在“Solution Explorer（解决方案资源管理器）”创建一个Migrations文件夹，其中含有一个Configuration.cs类文件，内容如清单15-4所示。 Listing 15-4. The Contents of the Configuration.cs File 清单15-4. Configuration.cs文件的内容 namespace Users.Migrations {using System;using System.Data.Entity;using System.Data.Entity.Migrations;using System.Linq;internal sealed class Configuration: DbMigrationsConfiguration<Users.Infrastructure.AppIdentityDbContext> {public Configuration() {AutomaticMigrationsEnabled = true;ContextKey = "Users.Infrastructure.AppIdentityDbContext";}protected override void Seed(Users.Infrastructure.AppIdentityDbContext context) {// This method will be called after migrating to the latest version.// 此方法将在迁移到最新版本时调用// You can use the DbSet<T>.AddOrUpdate() helper extension method// to avoid creating duplicate seed data. E.g.// 例如，你可以使用DbSet<T>.AddOrUpdate()辅助器方法来避免创建重复的种子数据//// context.People.AddOrUpdate(// p => p.FullName,// new Person { FullName = "Andrew Peters" },// new Person { FullName = "Brice Lambson" },// new Person { FullName = "Rowan Miller" }// );//} }} Tip You might be wondering why you are entering a database migration command into the console used to manage NuGet packages. The answer is that the Package Manager Console is really PowerShell, which is a general-purpose tool that is mislabeled by Visual Studio. You can use the console to issue a wide range of helpful commands. See http://go.microsoft.com/fwlink/?LinkID=108518 for details. 提示：你可能会觉得奇怪，为什么要在管理NuGet包的控制台中输入数据库迁移的命令？答案是“Package Manager Console（包管理控制台）”是真正的PowerShell，这是Visual studio冒用的一个通用工具。你可以使用此控制台发送大量的有用命令，详见http://go.microsoft.com/fwlink/?LinkID=108518。 The class will be used to migrate existing content in the database to the new schema, and the Seed method will be called to provide an opportunity to update the existing database records. In Listing 15-5, you can see how I have used the Seed method to set a default value for the new City property I added to the AppUser class. (I have also updated the class file to reflect my usual coding style.) 这个类将用于把数据库中的现有内容迁移到新的数据库架构，Seed方法的调用为更新现有数据库记录提供了机会。在清单15-5中可以看到，我如何用Seed方法为新的City属性设置默认值，City是添加到AppUser类中自定义属性。（为了体现我一贯的编码风格，我对这个类文件也进行了更新。） Listing 15-5. Managing Existing Content in the Configuration.cs File 清单15-5. 在Configuration.cs文件中管理已有内容 using System.Data.Entity.Migrations;using Microsoft.AspNet.Identity;using Microsoft.AspNet.Identity.EntityFramework;using Users.Infrastructure;using Users.Models;namespace Users.Migrations {internal sealed class Configuration: DbMigrationsConfiguration<AppIdentityDbContext> {public Configuration() {AutomaticMigrationsEnabled = true;ContextKey = "Users.Infrastructure.AppIdentityDbContext";}protected override void Seed(AppIdentityDbContext context) {AppUserManager userMgr = new AppUserManager(new UserStore<AppUser>(context));AppRoleManager roleMgr = new AppRoleManager(new RoleStore<AppRole>(context)); string roleName = "Administrators";string userName = "Admin";string password = "MySecret";string email = "admin@example.com";if (!roleMgr.RoleExists(roleName)) {roleMgr.Create(new AppRole(roleName));}AppUser user = userMgr.FindByName(userName);if (user == null) {userMgr.Create(new AppUser { UserName = userName, Email = email },password);user = userMgr.FindByName(userName);}if (!userMgr.IsInRole(user.Id, roleName)) {userMgr.AddToRole(user.Id, roleName);}foreach (AppUser dbUser in userMgr.Users) {dbUser.City = Cities.PARIS;}context.SaveChanges();} }} You will notice that much of the code that I added to the Seed method is taken from the IdentityDbInit class, which I used to seed the database with an administration user in Chapter 14. This is because the new Configuration class added to support database migrations will replace the seeding function of the IdentityDbInit class, which I’ll update shortly. Aside from ensuring that there is an admin user, the statements in the Seed method that are important are the ones that set the initial value for the City property I added to the AppUser class, as follows: 你可能会注意到，添加到Seed方法中的许多代码取自于IdentityDbInit类，在第14章中我用这个类将管理用户植入了数据库。这是因为这个新添加的、用以支持数据库迁移的Configuration类，将代替IdentityDbInit类的种植功能，我很快便会更新这个类。除了要确保有admin用户之外，在Seed方法中的重要语句是那些为AppUser类的City属性设置初值的语句，如下所示： ...foreach (AppUser dbUser in userMgr.Users) { dbUser.City = Cities.PARIS;}context.SaveChanges();... You don’t have to set a default value for new properties—I just wanted to demonstrate that the Seed method in the Configuration class can be used to update the existing user records in the database. 你不一定要为新属性设置默认值——这里只是想演示Configuration类中的Seed方法，可以用它更新数据库中的已有用户记录。 Caution Be careful when setting values for properties in the Seed method for real projects because the values will be applied every time you change the schema, overriding any values that the user has set since the last schema update was performed. I set the value of the City property just to demonstrate that it can be done. 警告：在用于真实项目的Seed方法中为属性设置值时要小心，因为你每一次修改架构时，都会运用这些值，这会将自执行上一次架构更新之后，用户设置的任何数据覆盖掉。这里设置City属性的值只是为了演示它能够这么做。 Changing the Database Context Class 修改数据库上下文类 The reason that I added the seeding code to the Configuration class is that I need to change the IdentityDbInit class. At present, the IdentityDbInit class is derived from the descriptively named DropCreateDatabaseIfModelChanges<AppIdentityDbContext> class, which, as you might imagine, drops the entire database when the Code First classes change. Listing 15-6 shows the changes I made to the IdentityDbInit class to prevent it from affecting the database. 在Configuration类中添加种植代码的原因是我需要修改IdentityDbInit类。此时，IdentityDbInit类派生于描述性命名的DropCreateDatabaseIfModelChanges<AppIdentityDbContext> 类，和你相像的一样，它会在Code First类改变时删除整个数据库。清单15-6显示了我对IdentityDbInit类所做的修改，以防止它影响数据库。 Listing 15-6. Preventing Database Schema Changes in the AppIdentityDbContext.cs File 清单15-6. 在AppIdentityDbContext.cs文件是阻止数据库架构变化 using System.Data.Entity;using Microsoft.AspNet.Identity.EntityFramework;using Users.Models;using Microsoft.AspNet.Identity; namespace Users.Infrastructure {public class AppIdentityDbContext : IdentityDbContext<AppUser> {public AppIdentityDbContext() : base("IdentityDb") { }static AppIdentityDbContext() {Database.SetInitializer<AppIdentityDbContext>(new IdentityDbInit());}public static AppIdentityDbContext Create() {return new AppIdentityDbContext();} } public class IdentityDbInit : NullDatabaseInitializer<AppIdentityDbContext> {} } I have removed the methods defined by the class and changed its base to NullDatabaseInitializer<AppIdentityDbContext> , which prevents the schema from being altered. 我删除了这个类中所定义的方法，并将它的基类改为NullDatabaseInitializer<AppIdentityDbContext> ，它可以防止架构修改。 15.2.3 Performing the Migration 15.2.3 执行迁移 All that remains is to generate and apply the migration. First, run the following command in the Package Manager Console: 剩下的事情只是生成并运用迁移了。首先，在“Package Manager Console（包管理器控制台）”中执行以下命令： Add-Migration CityProperty This creates a new migration called CityProperty (I like my migration names to reflect the changes I made). A class new file will be added to the Migrations folder, and its name reflects the time at which the command was run and the name of the migration. My file is called 201402262244036_CityProperty.cs, for example. The contents of this file contain the details of how Entity Framework will change the database during the migration, as shown in Listing 15-7. 这创建了一个名称为CityProperty的新迁移（我比较喜欢让迁移的名称反映出我所做的修改）。这会在文件夹中添加一个新的类文件，而且其命名会反映出该命令执行的时间以及迁移名称，例如，我的这个文件名称为201402262244036_CityProperty.cs。该文件的内容含有迁移期间Entity Framework修改数据库的细节，如清单15-7所示。 Listing 15-7. The Contents of the 201402262244036_CityProperty.cs File 清单15-7. 201402262244036_CityProperty.cs文件的内容 namespace Users.Migrations {using System;using System.Data.Entity.Migrations; public partial class Init : DbMigration {public override void Up() {AddColumn("dbo.AspNetUsers", "City", c => c.Int(nullable: false));}public override void Down() {DropColumn("dbo.AspNetUsers", "City");} }} The Up method describes the changes that have to be made to the schema when the database is upgraded, which in this case means adding a City column to the AspNetUsers table, which is the one that is used to store user records in the ASP.NET Identity database. Up方法描述了在数据库升级时，需要对架构所做的修改，在这个例子中，意味着要在AspNetUsers数据表中添加City数据列，该数据表是ASP.NET Identity数据库用来存储用户记录的。 The final step is to perform the migration. Without starting the application, run the following command in the Package Manager Console: 最后一步是执行迁移。无需启动应用程序，只需在“Package Manager Console（包管理器控制台）”中运行以下命令即可： Update-Database –TargetMigration CityProperty The database schema will be modified, and the code in the Configuration.Seed method will be executed. The existing user accounts will have been preserved and enhanced with a City property (which I set to Paris in the Seed method). 这会修改数据库架构，并执行Configuration.Seed方法中的代码。已有用户账号会被保留，且增强了City属性（我在Seed方法中已将其设置为“Paris”）。 15.2.4 Testing the Migration 15.2.4 测试迁移 To test the effect of the migration, start the application, navigate to the /Home/UserProps URL, and authenticate as one of the Identity users (for example, as Alice with the password MySecret). Once authenticated, you will see the current value of the City property for the user and have the opportunity to change it, as shown in Figure 15-3. 为了测试迁移的效果，启动应用程序，导航到/Home/UserProps URL，并以Identity中的用户（例如Alice，口令MySecret）进行认证。一旦已被认证，便会看到该用户City属性的当前值，并可以对其进行修改，如图15-3所示。 Figure 15-3. Displaying and changing a custom user property 图15-3. 显示和个性自定义用户属性 15.2.5 Defining an Additional Property 15.2.5 定义附加属性 Now that database migrations are set up, I am going to define a further property just to demonstrate how subsequent changes are handled and to show a more useful (and less dangerous) example of using the Configuration.Seed method. Listing 15-8 shows how I added a Country property to the AppUser class. 现在，已经建立了数据库迁移，我打算再定义一个属性，这恰恰演示了如何处理持续不断的修改，也为了演示Configuration.Seed方法更有用（至少无害）的示例。清单15-8显示了我在AppUser类上添加了一个Country属性。 Listing 15-8. Adding Another Property in the AppUserModels.cs File 清单15-8. 在AppUserModels.cs文件中添加另一个属性 using System;using Microsoft.AspNet.Identity.EntityFramework; namespace Users.Models {public enum Cities {LONDON, PARIS, CHICAGO} public enum Countries {NONE, UK, FRANCE, USA}public class AppUser : IdentityUser {public Cities City { get; set; }public Countries Country { get; set; }public void SetCountryFromCity(Cities city) {switch (city) {case Cities.LONDON:Country = Countries.UK;break;case Cities.PARIS:Country = Countries.FRANCE;break;case Cities.CHICAGO:Country = Countries.USA;break;default:Country = Countries.NONE;break;} }} } I have added an enumeration to define the country names and a helper method that selects a country value based on the City property. Listing 15-9 shows the change I made to the Configuration class so that the Seed method sets the Country property based on the City, but only if the value of Country is NONE (which it will be for all users when the database is migrated because the Entity Framework sets enumeration columns to the first value). 我已经添加了一个枚举，它定义了国家名称。还添加了一个辅助器方法，它可以根据City属性选择一个国家。清单15-9显示了对Configuration类所做的修改，以使Seed方法根据City设置Country属性，但只当Country为NONE时才进行设置（在迁移数据库时，所有用户都是NONE，因为Entity Framework会将枚举列设置为枚举的第一个值）。 Listing 15-9. Modifying the Database Seed in the Configuration.cs File 清单15-9. 在Configuration.cs文件中修改数据库种子 using System.Data.Entity.Migrations;using Microsoft.AspNet.Identity;using Microsoft.AspNet.Identity.EntityFramework;using Users.Infrastructure;using Users.Models; namespace Users.Migrations {internal sealed class Configuration: DbMigrationsConfiguration<AppIdentityDbContext> {public Configuration() {AutomaticMigrationsEnabled = true;ContextKey = "Users.Infrastructure.AppIdentityDbContext";}protected override void Seed(AppIdentityDbContext context) {AppUserManager userMgr = new AppUserManager(new UserStore<AppUser>(context));AppRoleManager roleMgr = new AppRoleManager(new RoleStore<AppRole>(context)); string roleName = "Administrators";string userName = "Admin";string password = "MySecret";string email = "admin@example.com";if (!roleMgr.RoleExists(roleName)) {roleMgr.Create(new AppRole(roleName));}AppUser user = userMgr.FindByName(userName);if (user == null) {userMgr.Create(new AppUser { UserName = userName, Email = email },password);user = userMgr.FindByName(userName);}if (!userMgr.IsInRole(user.Id, roleName)) {userMgr.AddToRole(user.Id, roleName);} foreach (AppUser dbUser in userMgr.Users) {if (dbUser.Country == Countries.NONE) {dbUser.SetCountryFromCity(dbUser.City);} }context.SaveChanges();} }} This kind of seeding is more useful in a real project because it will set a value for the Country property only if one has not already been set—subsequent migrations won’t be affected, and user selections won’t be lost. 这种种植在实际项目中会更有用，因为它只会在Country属性未设置时，才会设置Country属性的值——后继的迁移不会受到影响，因此不会失去用户的选择。 1. Adding Application Support 1. 添加应用程序支持 There is no point defining additional user properties if they are not available in the application, so Listing 15-10 shows the change I made to the Views/Home/UserProps.cshtml file to display the value of the Country property. 应用程序中如果没有定义附加属性的地方，则附加属性就无法使用了，因此，清单15-10显示了我对Views/Home/UserProps.cshtml文件的修改，以显示Country属性的值。 Listing 15-10. Displaying an Additional Property in the UserProps.cshtml File 清单15-10. 在UserProps.cshtml文件中显示附加属性 @using Users.Models@model AppUser@{ ViewBag.Title = "UserProps";} <div class="panel panel-primary"><div class="panel-heading">Custom User Properties</div><table class="table table-striped"><tr><th>City</th><td>@Model.City</td></tr> <tr><th>Country</th><td>@Model.Country</td></tr></table></div>@using (Html.BeginForm()) {<div class="form-group"><label>City</label>@Html.DropDownListFor(x => x.City, new SelectList(Enum.GetNames(typeof(Cities))))</div><button class="btn btn-primary" type="submit">Save</button>} Listing 15-11 shows the corresponding change I made to the Home controller to update the Country property when the City value changes. 为了在City值变化时能够更新Country属性，清单15-11显示了我对Home控制器所做的相应修改。 Listing 15-11. Setting Custom Properties in the HomeController.cs File 清单15-11. 在HomeController.cs文件中设置自定义属性 using System.Web.Mvc;using System.Collections.Generic;using System.Web;using System.Security.Principal;using System.Threading.Tasks;using Users.Infrastructure;using Microsoft.AspNet.Identity;using Microsoft.AspNet.Identity.Owin;using Users.Models; namespace Users.Controllers {public class HomeController : Controller {// ...other action methods omitted for brevity...// ...出于简化，这里忽略了其他动作方法... [Authorize]public ActionResult UserProps() {return View(CurrentUser);}[Authorize][HttpPost]public async Task<ActionResult> UserProps(Cities city) {AppUser user = CurrentUser;user.City = city;user.SetCountryFromCity(city);await UserManager.UpdateAsync(user);return View(user);}// ...properties omitted for brevity...// ...出于简化，这里忽略了一些属性...} } 2. Performing the Migration 2. 准备迁移 All that remains is to create and apply a new migration. Enter the following command into the Package Manager Console: 剩下的事情就是创建和运用新的迁移了。在“Package Manager Console（包管理器控制台）”中输入以下命令： Add-Migration CountryProperty This will generate another file in the Migrations folder that contains the instruction to add the Country column. To apply the migration, execute the following command: 这将在Migrations文件夹中生成另一个文件，它含有添加Country数据表列的指令。为了运用迁移，可执行以下命令： Update-Database –TargetMigration CountryProperty The migration will be performed, and the value of the Country property will be set based on the value of the existing City property for each user. You can check the new user property by starting the application and authenticating and navigating to the /Home/UserProps URL, as shown in Figure 15-4. 这将执行迁移，Country属性的值将根据每个用户当前的City属性进行设置。通过启动应用程序，认证并导航到/Home/UserProps URL，便可以查看新的用户属性，如图15-4所示。 Figure 15-4. Creating an additional user property 图15-4. 创建附加用户属性 Tip Although I am focused on the process of upgrading the database, you can also migrate back to a previous version by specifying an earlier migration. Use the –Force argument make changes that cause data loss, such as removing a column. 提示：虽然我们关注了升级数据库的过程，但你也可以回退到以前的版本，只需指定一个早期的迁移即可。使用-Force参数进行修改，会引起数据丢失，例如删除数据表列。 15.3 Working with Claims 15.3 使用声明（Claims） In older user-management systems, such as ASP.NET Membership, the application was assumed to be the authoritative source of all information about the user, essentially treating the application as a closed world and trusting the data that is contained within it. 在旧的用户管理系统中，例如ASP.NET Membership，应用程序被假设成是用户所有信息的权威来源，本质上将应用程序视为是一个封闭的世界，并且只信任其中所包含的数据。 This is such an ingrained approach to software development that it can be hard to recognize that’s what is happening, but you saw an example of the closed-world technique in Chapter 14 when I authenticated users against the credentials stored in the database and granted access based on the roles associated with those credentials. I did the same thing again in this chapter when I added properties to the user class. Every piece of information that I needed to manage user authentication and authorization came from within my application—and that is a perfectly satisfactory approach for many web applications, which is why I demonstrated these techniques in such depth. 这是软件开发的一种根深蒂固的方法，使人很难认识到这到底意味着什么，第14章你已看到了这种封闭世界技术的例子，根据存储在数据库中的凭据来认证用户，并根据与凭据关联在一起的角色来授权访问。本章前述在用户类上添加属性，也做了同样的事情。我管理用户认证与授权所需的每一个数据片段都来自于我的应用程序——而且这是许多Web应用程序都相当满意的一种方法，这也是我如此深入地演示这些技术的原因。 ASP.NET Identity also supports an alternative approach for dealing with users, which works well when the MVC framework application isn’t the sole source of information about users and which can be used to authorize users in more flexible and fluid ways than traditional roles allow. ASP.NET Identity还支持另一种处理用户的办法，当MVC框架的应用程序不是有关用户的唯一信息源时，这种办法会工作得很好，而且能够比传统的角色授权更为灵活且流畅的方式进行授权。 This alternative approach uses claims, and in this section I’ll describe how ASP.NET Identity supports claims-based authorization. Table 15-4 puts claims in context. 这种可选的办法使用了“Claims（声明）”，因此在本小节中，我将描述ASP.NET Identity如何支持“Claims-Based Authorization（基于声明的授权）”。表15-4描述了声明（Claims）的情形。 提示：“Claim”在英文字典中不完全是“声明”的意思，根据本文的描述，感觉把它说成“声明”也不一定合适，所以在之后的译文中基本都写成中英文并用的形式，即“声明（Claims）”。根据表15-4中的声明（Claims）的定义：声明（Claims）是关于用户的一些信息片段。一个用户的信息片段当然有很多，每一个信息片段就是一项声明（Claim），用户的所有信息片段合起来就是该用户的声明（Claims）。请读者注意该单词的单复数形式——译者注 Table 15-4. Putting Claims in Context 表15-4. 声明（Claims）的情形 Question 问题 Answer 答案 What is it? 什么是声明（Claims）？ Claims are pieces of information about users that you can use to make authorization decisions. Claims can be obtained from external systems as well as from the local Identity database. 声明（Claims）是关于用户的一些信息片段，可以用它们做出授权决定。声明（Claims）可以从外部系统获取，也可以从本地的Identity数据库获取。 Why should I care? 为何要关心它？ Claims can be used to flexibly authorize access to action methods. Unlike conventional roles, claims allow access to be driven by the information that describes the user. 声明（Claims）可以用来对动作方法进行灵活的授权访问。与传统的角色不同，声明（Claims）让访问能够由描述用户的信息进行驱动。 How is it used by the MVC framework? 如何在MVC框架中使用它？ This feature isn’t used directly by the MVC framework, but it is integrated into the standard authorization features, such as the Authorize attribute. 这不是直接由MVC框架使用的特性，但它集成到了标准的授权特性之中，例如Authorize注解属性。 Tip you don’t have to use claims in your applications, and as Chapter 14 showed, ASP.NET Identity is perfectly happy providing an application with the authentication and authorization services without any need to understand claims at all. 提示：你在应用程序中不一定要使用声明（Claims），正如第14章所展示的那样，ASP.NET Identity能够为应用程序提供充分的认证与授权服务，而根本不需要理解声明（Claims）。 15.3.1 Understanding Claims 15.3.1 理解声明（Claims） A claim is a piece of information about the user, along with some information about where the information came from. The easiest way to unpack claims is through some practical demonstrations, without which any discussion becomes too abstract to be truly useful. To get started, I added a Claims controller to the example project, the definition of which you can see in Listing 15-12. 一项声明（Claim）是关于用户的一个信息片段（请注意这个英文单词的单复数形式——译者注），并伴有该片段出自何处的某种信息。揭开声明（Claims）含义最容易的方式是做一些实际演示，任何讨论都会过于抽象根本没有真正的用处。为此，我在示例项目中添加了一个Claims控制器，其定义如清单15-12所示。 Listing 15-12. The Contents of the ClaimsController.cs File 清单15-12. ClaimsController.cs文件的内容 using System.Security.Claims;using System.Web;using System.Web.Mvc; namespace Users.Controllers {public class ClaimsController : Controller {[Authorize]public ActionResult Index() {ClaimsIdentity ident = HttpContext.User.Identity as ClaimsIdentity;if (ident == null) {return View("Error", new string[] { "No claims available" });} else {return View(ident.Claims);} }} } Tip You may feel a little lost as I define the code for this example. Don’t worry about the details for the moment—just stick with it until you see the output from the action method and view that I define. More than anything else, that will help put claims into perspective. 提示：你或许会对我为此例定义的代码感到有点失望。此刻对此细节不必着急——只要稍事忍耐，当看到该动作方法和视图的输出便会明白。尤为重要的是，这有助于洞察声明（Claims）。 You can get the claims associated with a user in different ways. One approach is to use the Claims property defined by the user class, but in this example, I have used the HttpContext.User.Identity property to demonstrate the way that ASP.NET Identity is integrated with the rest of the ASP.NET platform. As I explained in Chapter 13, the HttpContext.User.Identity property returns an implementation of the IIdentity interface, which is a ClaimsIdentity object when working using ASP.NET Identity. The ClaimsIdentity class is defined in the System.Security.Claims namespace, and Table 15-5 shows the members it defines that are relevant to this chapter. 可以通过不同的方式获得与用户相关联的声明（Claims）。方法之一就是使用由用户类定义的Claims属性，但在这个例子中，我使用了HttpContext.User.Identity属性，目的是演示ASP.NET Identity与ASP.NET平台集成的方式（请注意这句话所表示的含义：用户类的Claims属性属于ASP.NET Identity，而HttpContext.User.Identity属性则属于ASP.NET平台。由此可见，ASP.NET Identity已经融合到了ASP.NET平台之中——译者注）。正如第13章所解释的那样，HttpContext.User.Identity属性返回IIdentity的接口实现，当使用ASP.NET Identity时，该实现是一个ClaimsIdentity对象。ClaimsIdentity类是在System.Security.Claims命名空间中定义的，表15-5显示了它所定义的与本章有关的成员。 Table 15-5. The Members Defined by the ClaimsIdentity Class 表15-5. ClaimsIdentity类所定义的成员 Name 名称 Description 描述 Claims Returns an enumeration of Claim objects representing the claims for the user. 返回表示用户声明（Claims）的Claim对象枚举 AddClaim(claim) Adds a claim to the user identity. 给用户添加一个声明（Claim） AddClaims(claims) Adds an enumeration of Claim objects to the user identity. 给用户添加Claim对象的枚举。 HasClaim(predicate) Returns true if the user identity contains a claim that matches the specified predicate. See the “Applying Claims” section for an example predicate. 如果用户含有与指定谓词匹配的声明（Claim）时，返回true。参见“运用声明（Claims）”中的示例谓词 RemoveClaim(claim) Removes a claim from the user identity. 删除用户的声明（Claim）。 Other members are available, but the ones in the table are those that are used most often in web applications, for reason that will become obvious as I demonstrate how claims fit into the wider ASP.NET platform. 还有一些可用的其它成员，但表中的这些是在Web应用程序中最常用的，随着我演示如何将声明（Claims）融入更宽泛的ASP.NET平台，它们为什么最常用就很显然了。 In Listing 15-12, I cast the IIdentity implementation to the ClaimsIdentity type and pass the enumeration of Claim objects returned by the ClaimsIdentity.Claims property to the View method. A Claim object represents a single piece of data about the user, and the Claim class defines the properties shown in Table 15-6. 在清单15-12中，我将IIdentity实现转换成了ClaimsIdentity类型，并且给View方法传递了ClaimsIdentity.Claims属性所返回的Claim对象的枚举。Claim对象所示表示的是关于用户的一个单一的数据片段，Claim类定义的属性如表15-6所示。 Table 15-6. The Properties Defined by the Claim Class 表15-6. Claim类定义的属性 Name 名称 Description 描述 Issuer Returns the name of the system that provided the claim 返回提供声明（Claim）的系统名称 Subject Returns the ClaimsIdentity object for the user who the claim refers to 返回声明（Claim）所指用户的ClaimsIdentity对象 Type Returns the type of information that the claim represents 返回声明（Claim）所表示的信息类型 Value Returns the piece of information that the claim represents 返回声明（Claim）所表示的信息片段 Listing 15-13 shows the contents of the Index.cshtml file that I created in the Views/Claims folder and that is rendered by the Index action of the Claims controller. The view adds a row to a table for each claim about the user. 清单15-13显示了我在Views/Claims文件夹中创建的Index.cshtml文件的内容，它由Claims控制器中的Index动作方法进行渲染。该视图为用户的每项声明（Claim）添加了一个表格行。 Listing 15-13. The Contents of the Index.cshtml File in the Views/Claims Folder 清单15-13. Views/Claims文件夹中Index.cshtml文件的内容 @using System.Security.Claims@using Users.Infrastructure@model IEnumerable<Claim>@{ ViewBag.Title = "Claims"; }<div class="panel panel-primary"><div class="panel-heading">Claims</div><table class="table table-striped"><tr><th>Subject</th><th>Issuer</th><th>Type</th><th>Value</th></tr>@foreach (Claim claim in Model.OrderBy(x => x.Type)) {<tr><td>@claim.Subject.Name</td><td>@claim.Issuer</td><td>@Html.ClaimType(claim.Type)</td><td>@claim.Value</td></tr>}</table></div> The value of the Claim.Type property is a URI for a Microsoft schema, which isn’t especially useful. The popular schemas are used as the values for fields in the System.Security.Claims.ClaimTypes class, so to make the output from the Index.cshtml view easier to read, I added an HTML helper to the IdentityHelpers.cs file, as shown in Listing 15-14. It is this helper that I use in the Index.cshtml file to format the value of the Claim.Type property. Claim.Type属性的值是一个微软模式（Microsoft Schema）的URI（统一资源标识符），这是特别有用的。System.Security.Claims.ClaimTypes类中字段的值使用的是流行模式（Popular Schema），因此为了使Index.cshtml视图的输出更易于阅读，我在IdentityHelpers.cs文件中添加了一个HTML辅助器，如清单15-14所示。Index.cshtml文件正是使用这个辅助器格式化了Claim.Type属性的值。 Listing 15-14. Adding a Helper to the IdentityHelpers.cs File 清单15-14. 在IdentityHelpers.cs文件中添加辅助器 using System.Web;using System.Web.Mvc;using Microsoft.AspNet.Identity.Owin;using System;using System.Linq;using System.Reflection;using System.Security.Claims;namespace Users.Infrastructure {public static class IdentityHelpers {public static MvcHtmlString GetUserName(this HtmlHelper html, string id) {AppUserManager mgr= HttpContext.Current.GetOwinContext().GetUserManager<AppUserManager>();return new MvcHtmlString(mgr.FindByIdAsync(id).Result.UserName);} public static MvcHtmlString ClaimType(this HtmlHelper html, string claimType) {FieldInfo[] fields = typeof(ClaimTypes).GetFields();foreach (FieldInfo field in fields) {if (field.GetValue(null).ToString() == claimType) {return new MvcHtmlString(field.Name);} }return new MvcHtmlString(string.Format("{0}",claimType.Split('/', '.').Last()));} }} Note The helper method isn’t at all efficient because it reflects on the fields of the ClaimType class for each claim that is displayed, but it is sufficient for my purposes in this chapter. You won’t often need to display the claim type in real applications. 注：该辅助器并非十分有效，因为它只是针对每个要显示的声明（Claim）映射出ClaimType类的字段，但对我要的目的已经足够了。在实际项目中不会经常需要显示声明（Claim）的类型。 To see why I have created a controller that uses claims without really explaining what they are, start the application, authenticate as the user Alice (with the password MySecret), and request the /Claims/Index URL. Figure 15-5 shows the content that is generated. 为了弄明白我为何要先创建一个使用声明（Claims）的控制器，而没有真正解释声明（Claims）是什么的原因，可以启动应用程序，以用户Alice进行认证（其口令是MySecret），并请求/Claims/Index URL。图15-5显示了生成的内容。 Figure 15-5. The output from the Index action of the Claims controller 图15-5. Claims控制器中Index动作的输出 It can be hard to make out the detail in the figure, so I have reproduced the content in Table 15-7. 这可能还难以认识到此图的细节，为此我在表15-7中重列了其内容。 Table 15-7. The Data Shown in Figure 15-5 表15-7. 图15-5中显示的数据 Subject（科目） Issuer（发行者） Type（类型） Value（值） Alice LOCAL AUTHORITY SecurityStamp Unique ID Alice LOCAL AUTHORITY IdentityProvider ASP.NET Identity Alice LOCAL AUTHORITY Role Employees Alice LOCAL AUTHORITY Role Users Alice LOCAL AUTHORITY Name Alice Alice LOCAL AUTHORITY NameIdentifier Alice’s user ID The table shows the most important aspect of claims, which is that I have already been using them when I implemented the traditional authentication and authorization features in Chapter 14. You can see that some of the claims relate to user identity (the Name claim is Alice, and the NameIdentifier claim is Alice’s unique user ID in my ASP.NET Identity database). 此表展示了声明（Claims）最重要的方面，这些是我在第14章中实现传统的认证和授权特性时，一直在使用的信息。可以看出，有些声明（Claims）与用户标识有关（Name声明是Alice，NameIdentifier声明是Alice在ASP.NET Identity数据库中的唯一用户ID号）。 Other claims show membership of roles—there are two Role claims in the table, reflecting the fact that Alice is assigned to both the Users and Employees roles. There is also a claim about how Alice has been authenticated: The IdentityProvider is set to ASP.NET Identity. 其他声明（Claims）显示了角色成员——表中有两个Role声明（Claim），体现出Alice被赋予了Users和Employees两个角色这一事实。还有一个是Alice已被认证的声明（Claim）：IdentityProvider被设置到了ASP.NET Identity。 The difference when this information is expressed as a set of claims is that you can determine where the data came from. The Issuer property for all the claims shown in the table is set to LOCAL AUTHORITY, which indicates that the user’s identity has been established by the application. 当这种信息被表示成一组声明（Claims）时的差别是，你能够确定这些数据是从哪里来的。表中所显示的所有声明的Issuer属性（发布者）都被设置到了LOACL AUTHORITY（本地授权），这说明该用户的标识是由应用程序建立的。 So, now that you have seen some example claims, I can more easily describe what a claim is. A claim is any piece of information about a user that is available to the application, including the user’s identity and role memberships. And, as you have seen, the information I have been defining about my users in earlier chapters is automatically made available as claims by ASP.NET Identity. 因此，现在你已经看到了一些声明（Claims）示例，我可以更容易地描述声明（Claim）是什么了。一项声明（Claim）是可用于应用程序中的有关用户的一个信息片段，包括用户的标识以及角色成员等。而且，正如你所看到的，我在前几章定义的关于用户的信息，被ASP.NET Identity自动地作为声明（Claims）了。 15.3.2 Creating and Using Claims 15.3.2 创建和使用声明（Claims） Claims are interesting for two reasons. The first reason is that an application can obtain claims from multiple sources, rather than just relying on a local database for information about the user. You will see a real example of this when I show you how to authenticate users through a third-party system in the “Using Third-Party Authentication” section, but for the moment I am going to add a class to the example project that simulates a system that provides claims information. Listing 15-15 shows the contents of the LocationClaimsProvider.cs file that I added to the Infrastructure folder. 声明（Claims）比较有意思的原因有两个。第一个原因是应用程序可以从多个来源获取声明（Claims），而不是只能依靠本地数据库关于用户的信息。你将会看到一个实际的示例，在“使用第三方认证”小节中，将演示如何通过第三方系统来认证用户。不过，此刻我只打算在示例项目中添加一个类，用以模拟一个提供声明（Claims）信息的系统。清单15-15显示了我添加到Infrastructure文件夹中LocationClaimsProvider.cs文件的内容。 Listing 15-15. The Contents of the LocationClaimsProvider.cs File 清单15-15. LocationClaimsProvider.cs文件的内容 using System.Collections.Generic;using System.Security.Claims; namespace Users.Infrastructure {public static class LocationClaimsProvider {public static IEnumerable<Claim> GetClaims(ClaimsIdentity user) {List<Claim> claims = new List<Claim>();if (user.Name.ToLower() == "alice") {claims.Add(CreateClaim(ClaimTypes.PostalCode, "DC 20500"));claims.Add(CreateClaim(ClaimTypes.StateOrProvince, "DC"));} else {claims.Add(CreateClaim(ClaimTypes.PostalCode, "NY 10036"));claims.Add(CreateClaim(ClaimTypes.StateOrProvince, "NY"));}return claims;}private static Claim CreateClaim(string type, string value) {return new Claim(type, value, ClaimValueTypes.String, "RemoteClaims");} }} The GetClaims method takes a ClaimsIdentity argument and uses the Name property to create claims about the user’s ZIP code and state. This class allows me to simulate a system such as a central HR database, which would be the authoritative source of location information about staff, for example. GetClaims方法以ClaimsIdentity为参数，并使用Name属性创建了关于用户ZIP码（邮政编码）和州府的声明（Claims）。上述这个类使我能够模拟一个诸如中心化的HR数据库（人力资源数据库）之类的系统，它可能会成为全体职员的地点信息的权威数据源。 Claims are associated with the user’s identity during the authentication process, and Listing 15-16 shows the changes I made to the Login action method of the Account controller to call the LocationClaimsProvider class. 在认证过程期间，声明（Claims）是与用户标识关联在一起的，清单15-16显示了我对Account控制器中Login动作方法所做的修改，以便调用LocationClaimsProvider类。 Listing 15-16. Associating Claims with a User in the AccountController.cs File 清单15-16. AccountController.cs文件中用户用声明的关联 ...[HttpPost][AllowAnonymous][ValidateAntiForgeryToken]public async Task<ActionResult> Login(LoginModel details, string returnUrl) {if (ModelState.IsValid) {AppUser user = await UserManager.FindAsync(details.Name,details.Password);if (user == null) {ModelState.AddModelError("", "Invalid name or password.");} else {ClaimsIdentity ident = await UserManager.CreateIdentityAsync(user,DefaultAuthenticationTypes.ApplicationCookie); ident.AddClaims(LocationClaimsProvider.GetClaims(ident));AuthManager.SignOut();AuthManager.SignIn(new AuthenticationProperties {IsPersistent = false}, ident);return Redirect(returnUrl);} }ViewBag.returnUrl = returnUrl;return View(details);}... You can see the effect of the location claims by starting the application, authenticating as a user, and requesting the /Claim/Index URL. Figure 15-6 shows the claims for Alice. You may have to sign out and sign back in again to see the change. 为了看看这个地点声明（Claims）的效果，可以启动应用程序，以一个用户进行认证，并请求/Claim/Index URL。图15-6显示了Alice的声明（Claims）。你可能需要退出，然后再次登录才会看到发生的变化。 Figure 15-6. Defining additional claims for users 图15-6. 定义用户的附加声明 Obtaining claims from multiple locations means that the application doesn’t have to duplicate data that is held elsewhere and allows integration of data from external parties. The Claim.Issuer property tells you where a claim originated from, which helps you judge how accurate the data is likely to be and how much weight you should give the data in your application. Location data obtained from a central HR database is likely to be more accurate and trustworthy than data obtained from an external mailing list provider, for example. 从多个地点获取声明（Claims）意味着应用程序不必复制其他地方保持的数据，并且能够与外部的数据集成。Claim.Issuer属性（图15-6中的Issuer数据列——译者注）能够告诉你一个声明（Claim）的发源地，这有助于让你判断数据的精确程度，也有助于让你决定这类数据在应用程序中的权重。例如，从中心化的HR数据库获取的地点数据可能要比外部邮件列表提供器获取的数据更为精确和可信。 1. Applying Claims 1. 运用声明（Claims） The second reason that claims are interesting is that you can use them to manage user access to your application more flexibly than with standard roles. The problem with roles is that they are static, and once a user has been assigned to a role, the user remains a member until explicitly removed. This is, for example, how long-term employees of big corporations end up with incredible access to internal systems: They are assigned the roles they require for each new job they get, but the old roles are rarely removed. (The unexpectedly broad systems access sometimes becomes apparent during the investigation into how someone was able to ship the contents of the warehouse to their home address—true story.) 声明（Claims）有意思的第二个原因是，你可以用它们来管理用户对应用程序的访问，这要比标准的角色管理更为灵活。角色的问题在于它们是静态的，而且一旦用户已经被赋予了一个角色，该用户便是一个成员，直到明确地删除为止。例如，这意味着大公司的长期雇员，对内部系统的访问会十分惊人：他们每次在获得新工作时，都会赋予所需的角色，但旧角色很少被删除。（在调查某人为何能够将仓库里的东西发往他的家庭地址过程中发现，有时会出现异常宽泛的系统访问——真实的故事） Claims can be used to authorize users based directly on the information that is known about them, which ensures that the authorization changes when the data changes. The simplest way to do this is to generate Role claims based on user data that are then used by controllers to restrict access to action methods. Listing 15-17 shows the contents of the ClaimsRoles.cs file that I added to the Infrastructure. 声明（Claims）可以直接根据用户已知的信息对用户进行授权，这能够保证当数据发生变化时，授权也随之而变。此事最简单的做法是根据用户数据来生成Role声明（Claim），然后由控制器用来限制对动作方法的访问。清单15-17显示了我添加到Infrastructure中的ClaimsRoles.cs文件的内容。 Listing 15-17. The Contents of the ClaimsRoles.cs File 清单15-17. ClaimsRoles.cs文件的内容 using System.Collections.Generic;using System.Security.Claims; namespace Users.Infrastructure {public class ClaimsRoles {public static IEnumerable<Claim> CreateRolesFromClaims(ClaimsIdentity user) {List<Claim> claims = new List<Claim>();if (user.HasClaim(x => x.Type == ClaimTypes.StateOrProvince&& x.Issuer == "RemoteClaims" && x.Value == "DC")&& user.HasClaim(x => x.Type == ClaimTypes.Role&& x.Value == "Employees")) {claims.Add(new Claim(ClaimTypes.Role, "DCStaff"));}return claims;} }} The gnarly looking CreateRolesFromClaims method uses lambda expressions to determine whether the user has a StateOrProvince claim from the RemoteClaims issuer with a value of DC and a Role claim with a value of Employees. If the user has both claims, then a Role claim is returned for the DCStaff role. Listing 15-18 shows how I call the CreateRolesFromClaims method from the Login action in the Account controller. CreateRolesFromClaims是一个粗糙的考察方法，它使用了Lambda表达式，以检查用户是否具有StateOrProvince声明（Claim），该声明来自于RemoteClaims发行者（Issuer），值为DC。也检查用户是否具有Role声明（Claim），其值为Employees。如果用户这两个声明都有，那么便返回一个DCStaff角色的Role声明。清单15-18显示了如何在Account控制器中的Login动作中调用CreateRolesFromClaims方法。 Listing 15-18. Generating Roles Based on Claims in the AccountController.cs File 清单15-18. 在AccountController.cs中根据声明生成角色 ...[HttpPost][AllowAnonymous][ValidateAntiForgeryToken]public async Task<ActionResult> Login(LoginModel details, string returnUrl) {if (ModelState.IsValid) {AppUser user = await UserManager.FindAsync(details.Name,details.Password);if (user == null) {ModelState.AddModelError("", "Invalid name or password.");} else {ClaimsIdentity ident = await UserManager.CreateIdentityAsync(user,DefaultAuthenticationTypes.ApplicationCookie);ident.AddClaims(LocationClaimsProvider.GetClaims(ident)); ident.AddClaims(ClaimsRoles.CreateRolesFromClaims(ident));AuthManager.SignOut();AuthManager.SignIn(new AuthenticationProperties {IsPersistent = false}, ident);return Redirect(returnUrl);} }ViewBag.returnUrl = returnUrl;return View(details);}... I can then restrict access to an action method based on membership of the DCStaff role. Listing 15-19 shows a new action method I added to the Claims controller to which I have applied the Authorize attribute. 然后我可以根据DCStaff角色的成员，来限制对一个动作方法的访问。清单15-19显示了在Claims控制器中添加的一个新的动作方法，在该方法上已经运用了Authorize注解属性。 Listing 15-19. Adding a New Action Method to the ClaimsController.cs File 清单15-19. 在ClaimsController.cs文件中添加一个新的动作方法 using System.Security.Claims;using System.Web;using System.Web.Mvc;namespace Users.Controllers {public class ClaimsController : Controller {[Authorize]public ActionResult Index() {ClaimsIdentity ident = HttpContext.User.Identity as ClaimsIdentity;if (ident == null) {return View("Error", new string[] { "No claims available" });} else {return View(ident.Claims);} } [Authorize(Roles="DCStaff")]public string OtherAction() {return "This is the protected action";} }} Users will be able to access OtherAction only if their claims grant them membership to the DCStaff role. Membership of this role is generated dynamically, so a change to the user’s employment status or location information will change their authorization level. 只要用户的声明（Claims）承认他们是DCStaff角色的成员，那么他们便能访问OtherAction动作。该角色的成员是动态生成的，因此，若是用户的雇用状态或地点信息发生变化，也会改变他们的授权等级。 提示：请读者从这个例子中吸取其中的思想精髓。对于读物的理解程度，仁者见仁，智者见智，能领悟多少，全凭各人，译者感觉这里的思想有无数的可能。举例说明：（1）可以根据用户的身份进行授权，比如学生在校时是“学生”，毕业后便是“校友”；（2）可以根据用户所处的部门进行授权，人事部用户属于人事团队，销售部用户属于销售团队，各团队有其自己的应用；（3）下一小节的示例是根据用户的地点授权。简言之：一方面用户的各种声明（Claim）都可以用来进行授权；另一方面用户的声明（Claim）又是可以自定义的。于是可能的运用就无法估计了。总之一句话，这种基于声明的授权（Claims-Based Authorization）有无限可能！要是没有我这里的提示，是否所有读者在此处都会有所体会？——译者注 15.3.3 Authorizing Access Using Claims 15.3.3 使用声明（Claims）授权访问 The previous example is an effective demonstration of how claims can be used to keep authorizations fresh and accurate, but it is a little indirect because I generate roles based on claims data and then enforce my authorization policy based on the membership of that role. A more direct and flexible approach is to enforce authorization directly by creating a custom authorization filter attribute. Listing 15-20 shows the contents of the ClaimsAccessAttribute.cs file, which I added to the Infrastructure folder and used to create such a filter. 前面的示例有效地演示了如何用声明（Claims）来保持新鲜和准确的授权，但有点不太直接，因为我要根据声明（Claims）数据来生成了角色，然后强制我的授权策略基于角色成员。一个更直接且灵活的办法是直接强制授权，其做法是创建一个自定义的授权过滤器注解属性。清单15-20演示了ClaimsAccessAttribute.cs文件的内容，我将它添加在Infrastructure文件夹中，并用它创建了这种过滤器。 Listing 15-20. The Contents of the ClaimsAccessAttribute.cs File 清单15-20. ClaimsAccessAttribute.cs文件的内容 using System.Security.Claims;using System.Web;using System.Web.Mvc; namespace Users.Infrastructure {public class ClaimsAccessAttribute : AuthorizeAttribute {public string Issuer { get; set; }public string ClaimType { get; set; }public string Value { get; set; }protected override bool AuthorizeCore(HttpContextBase context) {return context.User.Identity.IsAuthenticated&& context.User.Identity is ClaimsIdentity&& ((ClaimsIdentity)context.User.Identity).HasClaim(x =>x.Issuer == Issuer && x.Type == ClaimType && x.Value == Value);} }} The attribute I have defined is derived from the AuthorizeAttribute class, which makes it easy to create custom authorization policies in MVC framework applications by overriding the AuthorizeCore method. My implementation grants access if the user is authenticated, the IIdentity implementation is an instance of ClaimsIdentity, and the user has a claim with the issuer, type, and value matching the class properties. Listing 15-21 shows how I applied the attribute to the Claims controller to authorize access to the OtherAction method based on one of the location claims created by the LocationClaimsProvider class. 我所定义的这个注解属性派生于AuthorizeAttribute类，通过重写AuthorizeCore方法，很容易在MVC框架应用程序中创建自定义的授权策略。在这个实现中，若用户是已认证的、其IIdentity实现是一个ClaimsIdentity实例，而且该用户有一个带有issuer、type以及value的声明（Claim），它们与这个类的属性是匹配的，则该用户便是允许访问的。清单15-21显示了如何将这个注解属性运用于Claims控制器，以便根据LocationClaimsProvider类创建的地点声明（Claim），对OtherAction方法进行授权访问。 Listing 15-21. Performing Authorization on Claims in the ClaimsController.cs File 清单15-21. 在ClaimsController.cs文件中执行基于声明的授权 using System.Security.Claims;using System.Web;using System.Web.Mvc;using Users.Infrastructure;namespace Users.Controllers {public class ClaimsController : Controller {[Authorize]public ActionResult Index() {ClaimsIdentity ident = HttpContext.User.Identity as ClaimsIdentity;if (ident == null) {return View("Error", new string[] { "No claims available" });} else {return View(ident.Claims);} } [ClaimsAccess(Issuer="RemoteClaims", ClaimType=ClaimTypes.PostalCode,Value="DC 20500")]public string OtherAction() {return "This is the protected action";} }} My authorization filter ensures that only users whose location claims specify a ZIP code of DC 20500 can invoke the OtherAction method. 这个授权过滤器能够确保只有地点声明（Claim）的邮编为DC 20500的用户才能请求OtherAction方法。 15.4 Using Third-Party Authentication 15.4 使用第三方认证 One of the benefits of a claims-based system such as ASP.NET Identity is that any of the claims can come from an external system, even those that identify the user to the application. This means that other systems can authenticate users on behalf of the application, and ASP.NET Identity builds on this idea to make it simple and easy to add support for authenticating users through third parties such as Microsoft, Google, Facebook, and Twitter. 基于声明的系统，如ASP.NET Identity，的好处之一是任何声明都可以来自于外部系统，即使是将用户标识到应用程序的那些声明。这意味着其他系统可以代表应用程序来认证用户，而ASP.NET Identity就建立在这样的思想之上，使之能够简单而方便地添加第三方认证用户的支持，如微软、Google、Facebook、Twitter等。 There are some substantial benefits of using third-party authentication: Many users will already have an account, users can elect to use two-factor authentication, and you don’t have to manage user credentials in the application. In the sections that follow, I’ll show you how to set up and use third-party authentication for Google users, which Table 15-8 puts into context. 使用第三方认证有一些实际的好处：许多用户已经有了账号、用户可以选择使用双因子认证、你不必在应用程序中管理用户凭据等等。在以下小节中，我将演示如何为Google用户建立并使用第三方认证，表15-8描述了事情的情形。 Table 15-8. Putting Third-Party Authentication in Context 表15-8. 第三方认证情形 Question 问题 Answer 回答 What is it? 什么是第三方认证？ Authenticating with third parties lets you take advantage of the popularity of companies such as Google and Facebook. 第三方认证使你能够利用流行公司，如Google和Facebook，的优势。 Why should I care? 为何要关心它？ Users don’t like having to remember passwords for many different sites. Using a provider with large-scale adoption can make your application more appealing to users of the provider’s services. 用户不喜欢记住许多不同网站的口令。使用大范围适应的提供器可使你的应用程序更吸引有提供器服务的用户。 How is it used by the MVC framework? 如何在MVC框架中使用它？ This feature isn’t used directly by the MVC framework. 这不是一个直接由MVC框架使用的特性。 Note The reason I have chosen to demonstrate Google authentication is that it is the only option that doesn’t require me to register my application with the authentication service. You can get details of the registration processes required at http://bit.ly/1cqLTrE. 提示：我选择演示Google认证的原因是，它是唯一不需要在其认证服务中注册我应用程序的公司。有关认证服务注册过程的细节，请参阅http://bit.ly/1cqLTrE。 15.4.1 Enabling Google Authentication 15.4.1 启用Google认证 ASP.NET Identity comes with built-in support for authenticating users through their Microsoft, Google, Facebook, and Twitter accounts as well more general support for any authentication service that supports OAuth. The first step is to add the NuGet package that includes the Google-specific additions for ASP.NET Identity. Enter the following command into the Package Manager Console: ASP.NET Identity带有通过Microsoft、Google、Facebook以及Twitter账号认证用户的内建支持，并且对于支持OAuth的认证服务具有更普遍的支持。第一个步骤是添加NuGet包，包中含有用于ASP.NET Identity的Google专用附件。请在“Package Manager Console（包管理器控制台）”中输入以下命令： Install-Package Microsoft.Owin.Security.Google -version 2.0.2 There are NuGet packages for each of the services that ASP.NET Identity supports, as described in Table 15-9. 对于ASP.NET Identity支持的每一种服务都有相应的NuGet包，如表15-9所示。 Table 15-9. The NuGet Authenticaton Packages 表15-9. NuGet认证包 Name 名称 Description 描述 Microsoft.Owin.Security.Google Authenticates users with Google accounts 用Google账号认证用户 Microsoft.Owin.Security.Facebook Authenticates users with Facebook accounts 用Facebook账号认证用户 Microsoft.Owin.Security.Twitter Authenticates users with Twitter accounts 用Twitter账号认证用户 Microsoft.Owin.Security.MicrosoftAccount Authenticates users with Microsoft accounts 用Microsoft账号认证用户 Microsoft.Owin.Security.OAuth Authenticates users against any OAuth 2.0 service 根据任一OAuth 2.0服务认证用户 Once the package is installed, I enable support for the authentication service in the OWIN startup class, which is defined in the App_Start/IdentityConfig.cs file in the example project. Listing 15-22 shows the change that I have made. 一旦安装了这个包，便可以在OWIN启动类中启用此项认证服务的支持，启动类的定义在示例项目的App_Start/IdentityConfig.cs文件中。清单15-22显示了所做的修改。 Listing 15-22. Enabling Google Authentication in the IdentityConfig.cs File 清单15-22. 在IdentityConfig.cs文件中启用Google认证 using Microsoft.AspNet.Identity;using Microsoft.Owin;using Microsoft.Owin.Security.Cookies;using Owin;using Users.Infrastructure;using Microsoft.Owin.Security.Google;namespace Users {public class IdentityConfig {public void Configuration(IAppBuilder app) {app.CreatePerOwinContext<AppIdentityDbContext>(AppIdentityDbContext.Create);app.CreatePerOwinContext<AppUserManager>(AppUserManager.Create);app.CreatePerOwinContext<AppRoleManager>(AppRoleManager.Create); app.UseCookieAuthentication(new CookieAuthenticationOptions {AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,LoginPath = new PathString("/Account/Login"),}); app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);app.UseGoogleAuthentication();} }} Each of the packages that I listed in Table 15-9 contains an extension method that enables the corresponding service. The extension method for the Google service is called UseGoogleAuthentication, and it is called on the IAppBuilder implementation that is passed to the Configuration method. 表15-9所列的每个包都含有启用相应服务的扩展方法。用于Google服务的扩展方法名称为UseGoogleAuthentication，它通过传递给Configuration方法的IAppBuilder实现进行调用。 Next I added a button to the Views/Account/Login.cshtml file, which allows users to log in via Google. You can see the change in Listing 15-23. 下一步骤是在Views/Account/Login.cshtml文件中添加一个按钮，让用户能够通过Google进行登录。所做的修改如清单15-23所示。 Listing 15-23. Adding a Google Login Button to the Login.cshtml File 清单15-23. 在Login.cshtml文件中添加Google登录按钮 @model Users.Models.LoginModel@{ ViewBag.Title = "Login";}<h2>Log In</h2> @Html.ValidationSummary()@using (Html.BeginForm()) {@Html.AntiForgeryToken();<input type="hidden" name="returnUrl" value="@ViewBag.returnUrl" /><div class="form-group"><label>Name</label>@Html.TextBoxFor(x => x.Name, new { @class = "form-control" })</div><div class="form-group"><label>Password</label>@Html.PasswordFor(x => x.Password, new { @class = "form-control" })</div><button class="btn btn-primary" type="submit">Log In</button>}@using (Html.BeginForm("GoogleLogin", "Account")) {<input type="hidden" name="returnUrl" value="@ViewBag.returnUrl" /><button class="btn btn-primary" type="submit">Log In via Google</button>} The new button submits a form that targets the GoogleLogin action on the Account controller. You can see this method—and the other changes I made the controller—in Listing 15-24. 新按钮递交一个表单，目标是Account控制器中的GoogleLogin动作。可从清单15-24中看到该方法，以及在控制器中所做的其他修改。 Listing 15-24. Adding Support for Google Authentication to the AccountController.cs File 清单15-24. 在AccountController.cs文件中添加Google认证支持 using System.Threading.Tasks;using System.Web.Mvc;using Users.Models;using Microsoft.Owin.Security;using System.Security.Claims;using Microsoft.AspNet.Identity;using Microsoft.AspNet.Identity.Owin;using Users.Infrastructure;using System.Web; namespace Users.Controllers {[Authorize]public class AccountController : Controller {[AllowAnonymous]public ActionResult Login(string returnUrl) {if (HttpContext.User.Identity.IsAuthenticated) {return View("Error", new string[] { "Access Denied" });}ViewBag.returnUrl = returnUrl;return View();}[HttpPost][AllowAnonymous][ValidateAntiForgeryToken]public async Task<ActionResult> Login(LoginModel details, string returnUrl) {if (ModelState.IsValid) {AppUser user = await UserManager.FindAsync(details.Name,details.Password);if (user == null) {ModelState.AddModelError("", "Invalid name or password.");} else {ClaimsIdentity ident = await UserManager.CreateIdentityAsync(user,DefaultAuthenticationTypes.ApplicationCookie); ident.AddClaims(LocationClaimsProvider.GetClaims(ident));ident.AddClaims(ClaimsRoles.CreateRolesFromClaims(ident)); AuthManager.SignOut();AuthManager.SignIn(new AuthenticationProperties {IsPersistent = false}, ident);return Redirect(returnUrl);} }ViewBag.returnUrl = returnUrl;return View(details);} [HttpPost][AllowAnonymous]public ActionResult GoogleLogin(string returnUrl) {var properties = new AuthenticationProperties {RedirectUri = Url.Action("GoogleLoginCallback",new { returnUrl = returnUrl})};HttpContext.GetOwinContext().Authentication.Challenge(properties, "Google");return new HttpUnauthorizedResult();}[AllowAnonymous]public async Task<ActionResult> GoogleLoginCallback(string returnUrl) {ExternalLoginInfo loginInfo = await AuthManager.GetExternalLoginInfoAsync();AppUser user = await UserManager.FindAsync(loginInfo.Login);if (user == null) {user = new AppUser {Email = loginInfo.Email,UserName = loginInfo.DefaultUserName,City = Cities.LONDON, Country = Countries.UK};IdentityResult result = await UserManager.CreateAsync(user);if (!result.Succeeded) {return View("Error", result.Errors);} else {result = await UserManager.AddLoginAsync(user.Id, loginInfo.Login);if (!result.Succeeded) {return View("Error", result.Errors);} }}ClaimsIdentity ident = await UserManager.CreateIdentityAsync(user,DefaultAuthenticationTypes.ApplicationCookie);ident.AddClaims(loginInfo.ExternalIdentity.Claims);AuthManager.SignIn(new AuthenticationProperties {IsPersistent = false }, ident);return Redirect(returnUrl ?? "/");}[Authorize]public ActionResult Logout() {AuthManager.SignOut();return RedirectToAction("Index", "Home");}private IAuthenticationManager AuthManager {get {return HttpContext.GetOwinContext().Authentication;} }private AppUserManager UserManager {get {return HttpContext.GetOwinContext().GetUserManager<AppUserManager>();} }} } The GoogleLogin method creates an instance of the AuthenticationProperties class and sets the RedirectUri property to a URL that targets the GoogleLoginCallback action in the same controller. The next part is a magic phrase that causes ASP.NET Identity to respond to an unauthorized error by redirecting the user to the Google authentication page, rather than the one defined by the application: GoogleLogin方法创建了AuthenticationProperties类的一个实例，并为RedirectUri属性设置了一个URL，其目标为同一控制器中的GoogleLoginCallback动作。下一个部分是一个神奇阶段，通过将用户重定向到Google认证页面，而不是应用程序所定义的认证页面，让ASP.NET Identity对未授权的错误进行响应： ...HttpContext.GetOwinContext().Authentication.Challenge(properties, "Google");return new HttpUnauthorizedResult();... This means that when the user clicks the Log In via Google button, their browser is redirected to the Google authentication service and then redirected back to the GoogleLoginCallback action method once they are authenticated. 这意味着，当用户通过点击Google按钮进行登录时，浏览器被重定向到Google的认证服务，一旦在那里认证之后，便被重定向回GoogleLoginCallback动作方法。 I get details of the external login by calling the GetExternalLoginInfoAsync of the IAuthenticationManager implementation, like this: 我通过调用IAuthenticationManager实现的GetExternalLoginInfoAsync方法，我获得了外部登录的细节，如下所示： ...ExternalLoginInfo loginInfo = await AuthManager.GetExternalLoginInfoAsync();... The ExternalLoginInfo class defines the properties shown in Table 15-10. ExternalLoginInfo类定义的属性如表15-10所示： Table 15-10. The Properties Defined by the ExternalLoginInfo Class 表15-10. ExternalLoginInfo类所定义的属性 Name 名称 Description 描述 DefaultUserName Returns the username 返回用户名 Email Returns the e-mail address 返回E-mail地址 ExternalIdentity Returns a ClaimsIdentity that identities the user 返回标识该用户的ClaimsIdentity Login Returns a UserLoginInfo that describes the external login 返回描述外部登录的UserLoginInfo I use the FindAsync method defined by the user manager class to locate the user based on the value of the ExternalLoginInfo.Login property, which returns an AppUser object if the user has been authenticated with the application before: 我使用了由用户管理器类所定义的FindAsync方法，以便根据ExternalLoginInfo.Login属性的值对用户进行定位，如果用户之前在应用程序中已经认证，该属性会返回一个AppUser对象： ...AppUser user = await UserManager.FindAsync(loginInfo.Login);... If the FindAsync method doesn’t return an AppUser object, then I know that this is the first time that this user has logged into the application, so I create a new AppUser object, populate it with values, and save it to the database. I also save details of how the user logged in so that I can find them next time: 如果FindAsync方法返回的不是AppUser对象，那么我便知道这是用户首次登录应用程序，于是便创建了一个新的AppUser对象，填充该对象的值，并将其保存到数据库。我还保存了用户如何登录的细节，以便下次能够找到他们： ...result = await UserManager.AddLoginAsync(user.Id, loginInfo.Login);... All that remains is to generate an identity the user, copy the claims provided by Google, and create an authentication cookie so that the application knows the user has been authenticated: 剩下的事情只是生成该用户的标识了，拷贝Google提供的声明（Claims），并创建一个认证Cookie，以使应用程序知道此用户已认证： ...ClaimsIdentity ident = await UserManager.CreateIdentityAsync(user,DefaultAuthenticationTypes.ApplicationCookie);ident.AddClaims(loginInfo.ExternalIdentity.Claims);AuthManager.SignIn(new AuthenticationProperties { IsPersistent = false }, ident);... 15.4.2 Testing Google Authentication 15.4.2 测试Google认证 There is one further change that I need to make before I can test Google authentication: I need to change the account verification I set up in Chapter 13 because it prevents accounts from being created with e-mail addresses that are not within the example.com domain. Listing 15-25 shows how I removed the verification from the AppUserManager class. 在测试Google认证之前还需要一处修改：需要修改第13章所建立的账号验证，因为它不允许example.com域之外的E-mail地址创建账号。清单15-25显示了如何在AppUserManager类中删除这种验证。 Listing 15-25. Disabling Account Validation in the AppUserManager.cs File 清单15-25. 在AppUserManager.cs文件中取消账号验证 using Microsoft.AspNet.Identity;using Microsoft.AspNet.Identity.EntityFramework;using Microsoft.AspNet.Identity.Owin;using Microsoft.Owin;using Users.Models; namespace Users.Infrastructure {public class AppUserManager : UserManager<AppUser> {public AppUserManager(IUserStore<AppUser> store): base(store) {}public static AppUserManager Create(IdentityFactoryOptions<AppUserManager> options,IOwinContext context) {AppIdentityDbContext db = context.Get<AppIdentityDbContext>();AppUserManager manager = new AppUserManager(new UserStore<AppUser>(db)); manager.PasswordValidator = new CustomPasswordValidator {RequiredLength = 6,RequireNonLetterOrDigit = false,RequireDigit = false,RequireLowercase = true,RequireUppercase = true}; //manager.UserValidator = new CustomUserValidator(manager) {// AllowOnlyAlphanumericUserNames = true,// RequireUniqueEmail = true//};return manager;} }} Tip you can use validation for externally authenticated accounts, but I am just going to disable the feature for simplicity. 提示：也可以使用外部已认证账号的验证，但这里出于简化，取消了这一特性。 To test authentication, start the application, click the Log In via Google button, and provide the credentials for a valid Google account. When you have completed the authentication process, your browser will be redirected back to the application. If you navigate to the /Claims/Index URL, you will be able to see how claims from the Google system have been added to the user’s identity, as shown in Figure 15-7. 为了测试认证，启动应用程序，通过点击“Log In via Google（通过Google登录）”按钮，并提供有效的Google账号凭据。当你完成了认证过程时，浏览器将被重定向回应用程序。如果导航到/Claims/Index URL，便能够看到来自Google系统的声明（Claims），已被添加到用户的标识中了，如图15-7所示。 Figure 15-7. Claims from Google 图15-7. 来自Google的声明（Claims） 15.5 Summary 15.5 小结 In this chapter, I showed you some of the advanced features that ASP.NET Identity supports. I demonstrated the use of custom user properties and how to use database migrations to preserve data when you upgrade the schema to support them. I explained how claims work and how they can be used to create more flexible ways of authorizing users. I finished the chapter by showing you how to authenticate users via Google, which builds on the ideas behind the use of claims. 本章向你演示了ASP.NET Identity所支持的一些高级特性。演示了自定义用户属性的使用，还演示了在升级数据架构时，如何使用数据库迁移保护数据。我解释了声明（Claims）的工作机制，以及如何将它们用于创建更灵活的用户授权方式。最后演示了如何通过Google进行认证结束了本章，这是建立在使用声明（Claims）的思想基础之上的。 本篇文章为转载内容。原文链接：https://blog.csdn.net/gz19871113/article/details/108591802。 该文由互联网用户投稿提供，文中观点代表作者本人意见，并不代表本站的立场。 作为信息平台，本站仅提供文章转载服务，并不拥有其所有权，也不对文章内容的真实性、准确性和合法性承担责任。 如发现本文存在侵权、违法、违规或事实不符的情况，请及时联系我们，我们将第一时间进行核实并删除相应内容。

...有时候，我们可能在application.properties文件中漏掉了必要的参数设置。 - 权限不足：Hook需要访问目标系统的API接口，但如果权限配置不当，自然会报错。 为了验证我的猜测，我决定先从最简单的配置检查做起。打开atlas-application.properties文件，我仔细核对了以下内容： properties atlas.hook.kafka.enabled=true atlas.hook.kafka.consumer.group=atlas-kafka-group atlas.kafka.bootstrap.servers=localhost:9092 确认无误后，我又检查了Kafka服务是否正常运行，确保Atlas能够连接到它。虽然这一系列操作看起来很基础，但它们往往是排查问题的第一步。 --- 4. 实战演练 动手修复Hook部署失败 接下来，让我们一起动手试试如何修复Hook部署失败吧！首先，我们需要明确一点：问题的根源可能有很多，因此我们需要分步骤逐一排除。 Step 1: 检查依赖关系 假设我们的Hook是基于Hive的，那么首先需要确保Hive的客户端库已经正确添加到了项目中。例如，在Maven项目的pom.xml文件里，我们应该看到类似如下的配置： xml org.apache.hive hive-jdbc 3.1.2 如果版本不对，或者缺少了必要的依赖项，就需要更新或补充。记得每次修改完配置后都要重新构建项目哦！ Step 2: 调试日志级别 为了让日志更加详细，帮助我们定位问题，可以在log4j.properties文件中将日志级别调整为DEBUG级别： properties log4j.rootLogger=DEBUG, console 这样做虽然会让日志输出变得冗长，但却能为我们提供更多有用的信息。 Step 3: 手动测试连接 有时候，Hook部署失败并不是代码本身的问题，而是网络或者环境配置出了差错。这时候，我们可以尝试手动测试一下Atlas与目标系统的连接情况。例如，对于Kafka Hook，可以用下面的命令检查是否能正常发送消息： bash kafka-console-producer.sh --broker-list localhost:9092 --topic test-topic 如果这条命令执行失败，那就可以确定是网络或者Kafka服务的问题了。 --- 5. 总结与反思 成长中的点滴收获 经过这次折腾，我对Apache Atlas有了更深的理解，同时也意识到，任何技术工具都不是万能的，都需要我们投入足够的时间和精力去学习和实践。 最后想说的是，尽管Hook部署失败的经历让我一度感到挫败，但它也教会了我很多宝贵的经验。比如： - 不要害怕出错，错误往往是进步的起点； - 日志是排查问题的重要工具，要学会善加利用； - 团队合作很重要，遇到难题时不妨寻求同事的帮助。 希望这篇文章对你有所帮助，如果你也有类似的经历或见解，欢迎随时交流讨论！我们一起探索技术的世界，共同进步！

...），例如： properties spring: mvc: view: prefix: /WEB-INF/views/ suffix: .jsp 然而，当运行程序并尝试访问Controller中带有相关视图名称的方法（如@GetMapping("/home")映射到WEB-INF/views/homePage.jsp）时，浏览器却无法显示出预期的JSP页面内容，且并未抛出任何异常，而是默认返回了空响应或者错误状态码。 三、问题分析与排查 面对这一看似简单的配置失效问题，我们首先需要进行如下几个方面的排查： 1. 检查视图解析器配置 确保视图解析器org.springframework.web.servlet.view.InternalResourceViewResolver已被正确注册并设置了prefix与suffix属性。检查Spring Boot启动类（如WebMvcConfig.java或Application.java中的WebMvcConfigurer实现）： java @Configuration public class WebMvcConfig implements WebMvcConfigurer { @Override public void configureViewResolvers(ViewResolverRegistry registry) { InternalResourceViewResolver resolver = new InternalResourceViewResolver(); resolver.setPrefix("/WEB-INF/views/"); resolver.setSuffix(".jsp"); registry.viewResolver(resolver); } } 2. 模块间依赖与资源路径映射 确认module-web是否正确引入了module-views的相关JSP文件，并指定了正确的资源路径。查看module-web的pom.xml或build.gradle文件中对视图资源模块的依赖路径： xml com.example module-views 1.0.0 war runtime classes // Gradle dependencies { runtimeOnly 'com.example:module-views:1.0.0' } 以及主启动类（如Application.java)中的静态资源映射配置： java @SpringBootApplication public class Application { @Bean TomcatServletWebServerFactory tomcat() { TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory(); factory.addContextCustomizer((TomcatWebServerContext context) -> { // 将模块视图目录映射到根URL下 context.addWelcomeFile("index.jsp"); WebResourceRoot resourceRoot = new TomcatWebResourceRoot(context, "static", "/"); resourceRoot.addDirectory(new File("src/main/resources/static")); context.setResources(resourceRoot); }); return factory; } public static void main(String[] args) { SpringApplication.run(Application.class, args); } } 3. 检查JSP引擎配置 确保Tomcat服务器配置已启用JSP支持。在module-web对应的application.properties或application.yml文件中配置JSP引擎： properties server.tomcat.jsp-enabled=true server.tomcat.jsp.version=2.3 或者在module-web的pom.xml或build.gradle文件中为Tomcat添加Jasper依赖： xml org.apache.tomcat.embed tomcat-embed-jasper provided // Gradle dependencies { implementation 'org.apache.tomcat.embed:tomcat-embed-jasper:9.0.54' } 4. 控制器与视图名称匹配验证 在完成上述配置后，请务必核实Controller中返回的视图名称与其实际路径是否一致。如果存在命名冲突或者拼写错误，将会导致Spring MVC无法找到预期的JSP视图： java @GetMapping("/home") public String home(Model model) { return "homePage"; // 视图名称应更改为"WEB-INF/views/homePage.jsp" } 四、总结与解决办法 综上所述，Spring Boot返回JSP无效的问题可能源于多个因素的叠加效应，包括但不限于视图解析器配置不完整、模块间依赖关系未正确处理、JSP引擎支持未开启、或Controller与视图名称之间的不对应等。要解决这个问题，需从以上几个方面进行逐一排查和修正。 切记，在面对这类问题时，要保持冷静并耐心地定位问题所在，仔细分析配置文件、源代码和日志输出，才能准确找出症结所在，进而成功解决问题。这不仅让我们实实在在地磨炼了编程功夫，更是让咱们对Spring Boot这家伙的工作内幕有了更深的洞察。这样一来，我们在实际项目中遇到问题时，调试和应对的能力都像坐火箭一样嗖嗖提升啦！

...our final application. The most advanced chart package Classics with some new twists XY charts are now so powerful and flexible, you can plot any data on them. Number, date, duration, or category axes are supported, in all directions. Pie charts are now fully nestable, with support for custom start and end angles, to create half circles. New geo maps Our maps use GeoJSON format. Being open and widely accepted standard it opens up a lot of possibilities and sources for ready-made and custom maps. Furthermore, maps are now very flexible, with multi-series support, configurable down to the nut and bolt. (Maps is and add-on to amCharts 5: Charts which requires separate license) More about amCharts 5: Maps Pictorials Create multi-layer, multi-series pictorial charts. Any SVG path can be used as a shape for your chart. Sankey Diagrams Stunning flow diagrams, in horizontal and vertical. With draggable, fully configurable nodes. Enhanced radar charts With stacked column, bands, axes, and other dramatic enhancements, radar charts are now way more useful. Treemaps Completely zoomable, multi-level, highly configurable. Heatmaps Automatically build heat-maps, with custom axes, color ranges, and awesome new interactive Heat Legend. Create heatmaps using colors, or point size or both. Universal and flexible heat rules allow attaching any value in data to any property or properties on any element. Chord diagrams Visualize your 2-way relational data in a neat circular Chord diagrams. We do have different variations of the classic diagram: Chord, Chord directed, and Chord non-ribbon. True funnel charts amCharts 5 offers true Funnel charts the way they were meant to be. Slice’s area size represents the value, so each step’s influence on overall volume reduction is more prominent than with basic funnels. Trapezoid form can also be configured to further emphasize reduction. Complete it with other visual elements, like fully configurable slice lines, multiple series support, togglable legends, and many many more options. Customizable beauty built-in Powerful theme engine amCharts 5 comes with a bunch of beautiful themes as well as a super flexible theme engine, which you can use. We devised a CSS-like rule-based theme targeting system in themes. Using, creating, customizing themes or standalone rules has never been so easy. The new system allows applying defaults to elements based on their type, features, or position in a virtual element tree. Fresh new look Default looks designed to look fresh, like something out of tomorrow. Carefully selected color schemes and default settings were specifically chosen to make the charts stand out. Silk-smooth animations Every setting – colors, positions, sizes, opacity, and many more – is animatable to ensure smooth transitions. No choppy, stepped animations – everything is fluid, including zoom and toggling of series and other items. Flexibility Element templates Most elements are created using templates: a collection of default settings, events, and adapters. Changing template automatically propagates changes to actual elements, making it easy to do batch updates. Everything’s configurable Numerous configuration options allow inventive uses, bordering on new chart types. Angles, colors, positions, radii, a-n-y-t-h-i-n-g can be set to bend classic and new chart types exactly the way you need them. Element states Easily change how an element looks like under different circumstances, e.g. on some interaction, hover, click, or related to data (eg. column look if a value is down). The engine will automatically apply the required properties as needed, animating between old and new values smoothly. Create and apply custom states via the API. Multi-type multi-axis support Add any number of axes of any type. Create overlaid comparison of different time scales. Use any mix of dimensional values: numbers, dates, categories, or duration. Adapters “Adapters” functionality allows plugging in custom code to dynamically override just about any setting or data value. Text formatting All text labels – tooltips, axis labels, titles, etc. – now support rich text formatting options, like changing colors, font weight, or applying just about any styling option from the CSS arsenal. In addition to formatting support, labels can now contain in-line placeholders for real data, with the ability to apply custom formatting to values. Accessibility & Interactivity Accessibility Accessibility was riding shotgun when amCharts 5 was being developed. All interactive elements are TAB-selectable, with customizable roles, order, and screen-reader texts. Everything that can be moved by touch or mouse, can be moved by keyboard. Everything that can be clicked or toggled, can be interacted with with keyboard, too. Touch support Charts have been designed to work with touch devices out-of-the-box. They will work not only on phones or tablets, but also touch capable computers. Under the hood Built with TypeScript Supports strong type and error checking in TypeScript applications. Enjoy code completion, error checking and dynamic help popups in major IDEs. Full support for TypeScript and ES6 modules. 100% for JavaScript Can be fully used in any vanilla JavaScript application. amCharts 5 does not use or rely on globals, external frameworks or 3rd party libraries. Universal rendering engine Can be used to build dynamic, interactive Canvas-based interfaces and applications. Add various elements to the screen, make them interactive, with a few lines of code. Make them clickable, draggable, hoverable, using built-in interactivity functionality. Our universal layout engine will place, size and arrange elements according to set rules. 本篇文章为转载内容。原文链接：https://blog.csdn.net/john_dwh/article/details/127460821。 该文由互联网用户投稿提供，文中观点代表作者本人意见，并不代表本站的立场。 作为信息平台，本站仅提供文章转载服务，并不拥有其所有权，也不对文章内容的真实性、准确性和合法性承担责任。 如发现本文存在侵权、违法、违规或事实不符的情况，请及时联系我们，我们将第一时间进行核实并删除相应内容。

...figurationProperties(prefix = "app") public class AppConfig { private String name; private int port; // getters and setters... } 2.2 配置文件的常见位置 通常，SpringCloud会从application.properties或application.yml文件中读取配置，这些文件位于项目的src/main/resources目录下。 三、配置文件丢失或错误的后果 3.1 丢失：如果配置文件丢失，应用可能无法找到必要的设置，如数据库连接信息、API地址等，导致启动失败或者运行异常。 3.2 错误：配置文件中的语法错误、键值对不匹配等问题，同样会导致应用无法正常运行，甚至引发难以追踪的运行时错误。 四、如何识别和解决配置问题 4.1 使用Spring Cloud Config客户端检查 Spring Cloud Config客户端提供了命令行工具，如spring-cloud-config-client，可以帮助我们查看当前应用正在尝试使用的配置。 bash $ curl http://localhost:8888/master/configprops 4.2 日志分析 查看应用日志是发现配置错误的重要手段。SpringCloud会记录关于配置加载的详细信息，包括错误堆栈和尝试过的配置项。 4.3 使用IDEA或IntelliJ的Spring Boot插件 这些集成开发环境的插件能实时检查配置文件，帮助我们快速定位问题。 五、配置错误的修复策略 5.1 重新创建或恢复配置文件 确保配置文件存在且内容正确。如果是初次配置，参考官方文档或项目文档创建。 5.2 修正配置语法 检查配置文件的格式，确保所有键值对都是正确的，没有遗漏或多余的部分。 5.3 更新配置属性 如果配置项更改，需要更新到应用的配置服务器，然后重启应用以应用新的配置。 六、预防措施与最佳实践 6.1 版本控制 将配置文件纳入版本控制系统，确保每次代码提交都有相应的配置备份。 6.2 使用环境变量 对于敏感信息，可以考虑使用环境变量替代配置文件，提高安全性。 7. 结语 面对SpringCloud配置文件的丢失或错误，我们需要保持冷静，运用合适的工具和方法，一步步找出问题并修复。记住，无论何时，良好的配置管理都是微服务架构稳定运行的关键。希望这篇文章能帮你解决遇到的问题，让你在SpringCloud的世界里更加游刃有余。

...件 /config/application-github.properties 2.分别修改三个服务下的启动端口号配置文件 /scripts/startup.sh 3.修改apollo-portal服务的下的meta配置：apollo-portal/config/sapollo-env.properties 这里的地址是apollo-configservice的服务地址，分别是不同环境下的服务地址，这里我只配置了（开发-dev）环境下的地址。 6.修改数据库中的meta地址 修改apolloconfigdb数据库中serverconfig表中的eureka.service.url：其中的地址为apollo-configservice的服务地址 7.新建启动和关闭三个服务的shell脚本 start.sh 注意服务的启动顺序 configservice - adminservice - portal !/bin/bash/usr/local/apollo-1.5.1/apollo-configservice/scripts/startup.sh/usr/local/apollo-1.5.1/apollo-adminservice/scripts/startup.sh/usr/local/apollo-1.5.1/apollo-portal/scripts/startup.sh shutdown.sh !/bin/bash/usr/local/apollo-1.5.1/apollo-adminservice/scripts/shutdown.sh/usr/local/apollo-1.5.1/apollo-configservice/scripts/shutdown.sh/usr/local/apollo-1.5.1/apollo-portal/scripts/shutdown.sh 8.启动服务访问apollo 运行start.sh，启动三个服务后：输入如下地址 http://39.108.107.163:8003/ 这是portal的服务地址（注意自己修改的端口号） 默认的用户名 apollo 密码 :admin 登录后看到如下页面代表成功了： 9.下篇文章会讲到springboot整合apollo，请关注博客内容 springboot整合apollo: https://blog.csdn.net/qq_34707456/article/details/103745839 本篇文章为转载内容。原文链接：https://blog.csdn.net/qq_34707456/article/details/103702828。 该文由互联网用户投稿提供，文中观点代表作者本人意见，并不代表本站的立场。 作为信息平台，本站仅提供文章转载服务，并不拥有其所有权，也不对文章内容的真实性、准确性和合法性承担责任。 如发现本文存在侵权、违法、违规或事实不符的情况，请及时联系我们，我们将第一时间进行核实并删除相应内容。

...onf目录下，有一个application.properties文件，我们需要打开这个文件，并查找server.listen.ip这一行。默认情况下，server.listen.ip的值是localhost，这就意味着Nacos只会监听本地的请求。 为了改变这个情况，我们需要将server.listen.ip的值修改为我们想要监听的IP地址。例如，如果我们想让Nacos监听192.168.1.100这个IP地址，那么我们就可以将server.listen.ip的值改为192.168.1.100。 五、验证结果 更改完Nacos的配置文件后，我们需要重启Nacos服务，然后再次尝试访问。这时候，我们就会惊喜地发现，现在咱们已经能够像翻书一样轻松，通过本地直接访问的方式，把Nacos的信息稳稳拿到手啦！ 六、总结 总的来说，当我们遇到Nacos远程访问正常，本地访问失败的问题时，我们首先要检查我们的网络环境，然后查看Nacos服务器的配置文件，最后进行相应的调整即可解决问题。在进行这个操作时，千万要记住这一步：咱们得保证Nacos服务器是个“大敞门”的状态，也就是说，任何网络的访问请求它都能接得住，而不仅仅局限在本机自己的访问。 七、感悟 在编写代码的过程中，我们经常会遇到各种各样的问题，这些问题是我们的学习成长的机会。遇到问题的时候，咱们得拿出积极乐观的劲头儿，敢于像个冒险家一样去摸索、去挑战，甭管它有多难，只有这样，咱们的编程技术才能日益精进，不断突破自我。 以上就是我对这个问题的理解和处理方式，希望对你有所帮助。如果你有任何疑问，欢迎留言交流。谢谢大家！ 参考资料： [1] Nacos官方网站 [2] Spring Cloud官方文档 [3] 阿里云开发者社区

...置文件 conf/application.properties 或者 conf/nacos.properties，根据环境选择相应的文件进行编辑。添加或修改以下内容： properties nacos.core.auth.enabled=true nacos.core.auth.system.admin.password=your_strong_password_here 这里开启了Nacos的核心认证机制，并设置了管理员账户的密码。请确保使用一个足够复杂且安全的密码。 步骤二：重启Nacos服务 更改配置后，需要重启Nacos服务以使新配置生效。通过命令行执行： bash sh ./startup.sh -m standalone 或者如果是Windows环境： cmd cmd startup.cmd -m standalone 现在，当您访问Nacos控制台时，系统将会要求输入用户名和密码，也就是刚才配置的“nacos”账号及其对应密码。 3. 高级安全配置 集成第三方认证 为了进一步提升安全性，可以考虑集成如LDAP、AD或其他OAuth2.0等第三方认证服务。 示例代码：集成LDAP认证 在配置文件中增加如下内容： properties nacos.security.auth.system.type=ldap nacos.security.auth.ldap.url=ldap://your_ldap_server:port nacos.security.auth.ldap.base_dn=dc=example,dc=com nacos.security.auth.ldap.user.search.base=ou=people nacos.security.auth.ldap.group.search.base=ou=groups nacos.security.auth.ldap.username=cn=admin,dc=example,dc=com nacos.security.auth.ldap.password=your_ldap_admin_password 这里的示例展示了如何将Nacos与LDAP服务器进行集成，具体的URL、基础DN以及搜索路径需要根据实际的LDAP环境配置。 4. 探讨与思考 配置安全是个持续的过程，不只是启动初始的安全措施，还包括定期审计和更新策略。在企业级部署这块儿，我们真心实意地建议你们采取更为严苛的身份验证和授权规则。就像这样，比如限制IP访问权限，只让白名单上的IP能进来；再比如，全面启用HTTPS加密通信，确保传输过程的安全性；更进一步，对于那些至关重要的操作，完全可以考虑启动二次验证机制，多上一道保险，让安全性妥妥的。 此外，时刻保持Nacos版本的更新也相当重要，及时修复官方发布的安全漏洞，避免因旧版软件导致的风险。 总之，理解并实践Nacos的安全访问配置，不仅是保护我们自身服务配置信息安全的有力屏障，更是构建健壮、可靠云原生架构不可或缺的一环。希望这篇文能实实在在帮到大家，在实际操作中更加游刃有余地对付这些挑战，让Nacos变成你手中一把趁手的利器，而不是藏在暗处的安全隐患。

...服务端配置文件（如application.properties）中加入必要的配置项，让其知道如何连接到Zipkin服务器。 properties dubbo.application.qos-enable=false dubbo.registry.address=multicast://224.5.6.7:1234 指定Zipkin服务器地址 spring.zipkin.base-url=http://localhost:9411/ 使用Brave作为追踪库 brave.sampler.probability=1.0 这里，spring.zipkin.base-url指定了Zipkin服务器的URL，而brave.sampler.probability=1.0则表示所有请求都会被追踪。 2.3 编写服务接口与实现 假设我们有一个简单的服务接口，用于处理用户订单： java public interface OrderService { String placeOrder(String userId); } 服务实现类如下： java @Service("orderService") public class OrderServiceImpl implements OrderService { @Override public String placeOrder(String userId) { // 模拟业务逻辑 System.out.println("Order placed for user: " + userId); return "Your order has been successfully placed!"; } } 2.4 启动服务并测试 完成上述配置后，启动Dubbo服务端。你可以试试调用placeOrder这个方法，然后看看在Zipkin的界面上有没有出现相应的追踪记录。 3. 深入探讨 从Dubbo到Jaeger的转变 虽然Zipkin是一个优秀的解决方案，但在某些场景下，你可能会发现它无法满足你的需求。例如，如果你需要更高级别的数据采样策略或是对追踪数据有更高的控制权。这时，Jaeger就成为一个不错的选择。Jaeger是Uber开源的分布式追踪系统，它提供了更多的定制选项和更好的性能表现。 将Dubbo与Jaeger集成的过程与Zipkin类似，主要区别在于依赖库的选择和一些配置细节。这里就不详细展开，但你可以按照类似的思路去尝试。 4. 结语 持续优化与未来展望 集成分布式追踪系统无疑为我们的Dubbo服务增添了一双“慧眼”，使我们能够在复杂多变的分布式环境中更加从容不迫。然而，这只是一个开始。随着技术日新月异，咱们得不停地充电，学些新工具新技能，才能跟上这变化的脚步嘛。别忘了时不时地检查和调整你的追踪方法，确保它们跟得上你生意的发展步伐。 希望这篇文章能为你提供一些有价值的启示，让你在Dubbo与分布式追踪系统的世界里游刃有余。记住，每一次挑战都是成长的机会，勇敢地迎接它们吧！

...控制，我们可以通过application.properties或application.yml文件来设置文件上传的目录和大小限制。 properties application.properties spring.servlet.multipart.max-file-size=2MB spring.servlet.multipart.max-request-size=10MB upload.path=/path/to/upload/files 这里，我们设置了单个文件的最大大小为2MB，整个请求的最大大小为10MB，并指定了上传文件的保存路径。 2. 创建Controller处理文件上传 接下来，在你的Spring Boot项目中创建一个控制器（Controller）来处理文件上传请求。下面是一个简单的例子： java import org.springframework.core.io.InputStreamResource; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.multipart.MultipartFile; import java.io.File; import java.io.FileOutputStream; import java.io.IOException; import java.nio.file.Files; import java.nio.file.Paths; @Controller public class FileUploadController { @PostMapping("/upload") public ResponseEntity uploadFile(@RequestParam("file") MultipartFile file) { try { // 检查文件是否存在 if (file.isEmpty()) { return ResponseEntity.badRequest().body("Failed to upload empty file."); } // 获取文件名和类型 String fileName = file.getOriginalFilename(); String contentType = file.getContentType(); // 保存文件到指定路径 File targetFile = new File(upload.path + fileName); Files.copy(file.getInputStream(), Paths.get(targetFile.getAbsolutePath())); return ResponseEntity.ok("File uploaded successfully: " + fileName); } catch (IOException e) { return ResponseEntity.internalServerError().body("Failed to upload file: " + e.getMessage()); } } } 3. 测试文件上传功能 在完成上述配置和编码后，你可以通过Postman或其他HTTP客户端向/upload端点发送一个包含文件的POST请求。确保在请求体中正确添加了文件参数，如： json { "file": "path/to/your/file" } 4. 处理异常与错误 在实际应用中，文件上传可能会遇到各种异常情况，如文件过大、文件类型不匹配、服务器存储空间不足等。在这次的案例里，我们已经用了一段 try-catch 的代码来应对一些常见的错误情况了。就像你在日常生活中遇到小问题时，会先尝试解决，如果解决不了，就会求助于他人或寻找其他方法一样。我们也是这样，先尝试执行一段代码，如果出现预料之外的问题，我们就用 catch 部分来处理这些意外状况，确保程序能继续运行下去，而不是直接崩溃。对于更复杂的场景，例如检查文件类型或大小限制，可以引入更精细的逻辑： java @PostMapping("/upload") public ResponseEntity uploadFile(@RequestParam("file") MultipartFile file) { if (!isValidFileType(file)) { return ResponseEntity.badRequest().body("Invalid file type."); } if (!isValidFileSize(file)) { return ResponseEntity.badRequest().body("File size exceeds limit."); } // ... } private boolean isValidFileType(MultipartFile file) { // Check file type logic here } private boolean isValidFileSize(MultipartFile file) { // Check file size logic here } 结语 通过以上步骤，你不仅能够实现在Spring Boot应用中进行文件上传的基本功能，还能根据具体需求进行扩展和优化。记住，良好的错误处理和用户反馈是提高用户体验的关键。希望这篇文章能帮助你更好地理解和运用Spring Boot进行文件上传操作。嘿，兄弟！你听过这样一句话吗？“实践出真知”，尤其是在咱们做项目的时候，更是得这么干！别管你是编程高手还是设计大师，多试错，多调整，才能找到最适合那个场景的那套方案。就像是做菜一样，不试试加点这个，少放点那个，怎么知道哪个味道最对路呢？所以啊，提升技能，咱们就得在实际操作中摸爬滚打，这样才能把技术玩儿到炉火纯青的地步！

...忘记在dubbo.properties里填对了服务地址？ --- 三、排查报错的具体步骤 接下来，咱们来聊聊怎么排查这些问题。首先，你需要确认服务端是否正常运行。你可以通过以下命令查看服务端的状态： bash netstat -tuln | grep 20880 如果看不到监听的端口，那肯定是服务端没启动成功。 然后，检查服务注册中心是否正常工作。Dubbo支持多种注册中心，比如Zookeeper、Nacos等。如果你用的是Zookeeper，可以试试进入Zookeeper的客户端，看看服务是否已经注册： bash zkCli.sh -server 127.0.0.1:2181 ls /dubbo/com.example.UserService 如果这里看不到服务，那就说明服务注册中心可能有问题。 最后，别忘了检查客户端的配置。客户端的配置文件通常是dubbo-consumer.xml，里面需要填写服务提供者的地址。例如： xml 如果地址写错了，当然就会报错了。 --- 四、代码示例与实际案例分析 下面我给大家举几个具体的例子，让大家更直观地了解Dubbo的报错排查过程。 示例1：服务启动失败 假设你在本地启动服务端时，发现服务一直无法启动，报错如下： Failed to bind URL: dubbo://192.168.1.100:20880/com.example.UserService?anyhost=true&application=demo-provider&dubbo=2.7.8&interface=com.example.UserService&methods=sayHello&pid=12345&side=provider×tamp=123456789 经过检查，你会发现是因为服务端的application.name配置错了。修改后，重新启动服务端，问题就解决了。 示例2：服务找不到 假设你在客户端调用服务时，发现服务找不到，报错如下： No provider available for the service com.example.UserService on the consumer 192.168.1.100 use dubbo version 2.7.8 经过排查，你发现服务注册中心的地址配置错了。正确的配置应该是： xml 示例3：网络不通 假设你在生产环境中，发现客户端和服务端之间的网络不通，报错如下： ConnectException: Connection refused 这时候，你需要检查防火墙设置，确保服务端的端口是开放的。同时，也要检查客户端的网络配置，确保能够访问服务端。 --- 五、总结与感悟 总的来说，Dubbo的报错信息确实有时候让人摸不着头脑，但它并不是不可战胜的。只要你细心排查，结合具体的环境和配置，总能找到问题的根源。 在这个过程中，我学到的东西太多了。比如说啊，别啥都相信默认设置，每一步最好自己动手试一遍，心里才踏实。再比如说，碰到问题的时候，先别忙着去找同事求助，自己多琢磨琢磨，说不定就能找到解决办法了呢！毕竟，编程的乐趣就在于不断解决问题的过程嘛！ 最后，我想说的是，Dubbo虽然复杂，但它真的很棒。希望大家都能掌握它，让它成为我们技术生涯中的一把利器！

...QL client applications. Note that only client applications shipped by MySQL are guaranteed to read this section. If you want your own MySQL client program to honor these values, you need to specify it as an option during the MySQL client library initialization. MySQL客户机应用程序将读取以下选项。注意，只有MySQL提供的客户端应用程序才能阅读本节。如果您希望自己的MySQL客户机程序遵守这些值，您需要在初始化MySQL客户机库时将其指定为一个选项。 [client] pipe= socket=MYSQL port=3306 [mysql] no-beep default-character-set= SERVER SECTION 服务器部分 ---------------------------------------------------------------------- The following options will be read by the MySQL Server. Make sure that you have installed the server correctly (see above) so it reads this file. MySQL服务器将读取以下选项。确保您已经正确安装了服务器(参见上面)，以便它读取这个文件。 server_type=3 [mysqld] The next three options are mutually exclusive to SERVER_PORT below. 下面的三个选项对SERVER_PORT是互斥的。skip-networking enable-named-pipe 共享内存 skip-networking enable-named-pipe shared-memory shared-memory-base-name=MYSQL The Pipe the MySQL Server will use socket=MYSQL The TCP/IP Port the MySQL Server will listen on port=3306 Path to installation directory. All paths are usually resolved relative to this. basedir="C:/Program Files/MySQL/MySQL Server 8.0/" Path to the database root datadir=C:/ProgramData/MySQL/MySQL Server 8.0/Data The default character set that will be used when a new schema or table is created and no character set is defined 创建新模式或表时使用的默认字符集，并且没有定义字符集 character-set-server= The default authentication plugin to be used when connecting to the server 连接到服务器时使用的默认身份验证插件 default_authentication_plugin=caching_sha2_password The default storage engine that will be used when create new tables when 当创建新表时将使用的默认存储引擎 default-storage-engine=INNODB Set the SQL mode to strict 将SQL模式设置为strict sql-mode="STRICT_TRANS_TABLES,NO_ENGINE_SUBSTITUTION" General and Slow logging. 一般和缓慢的日志。 log-output=NONE general-log=0 general_log_file="DESKTOP-NF9QETB.log" slow-query-log=0 slow_query_log_file="DESKTOP-NF9QETB-slow.log" long_query_time=10 Binary Logging. 二进制日志。 log-bin Error Logging. 错误日志记录。 log-error="DESKTOP-NF9QETB.err" Server Id. server-id=1 Indicates how table and database names are stored on disk and used in MySQL. 指示表名和数据库名如何存储在磁盘上并在MySQL中使用。 Value = 0: Table and database names are stored on disk using the lettercase specified in the CREATE TABLE or CREATE DATABASE statement. Name comparisons are case sensitive. You should not set this variable to 0 if you are running MySQL on a system that has case-insensitive file names (such as Windows or macOS). Value = 0:表名和数据库名使用CREATE Table或CREATE database语句中指定的lettercase存储在磁盘上。名称比较区分大小写。如果您在一个具有不区分大小写文件名(如Windows或macOS)的系统上运行MySQL，则不应将该变量设置为0。 Value = 1: Table names are stored in lowercase on disk and name comparisons are not case-sensitive. MySQL converts all table names to lowercase on storage and lookup. This behavior also applies to database names and table aliases. 表名以小写存储在磁盘上，并且名称比较不区分大小写。MySQL在存储和查找时将所有表名转换为小写。此行为也适用于数据库名称和表别名。 Value = 3, Table and database names are stored on disk using the lettercase specified in the CREATE TABLE or CREATE DATABASE statement, but MySQL converts them to lowercase on lookup. Name comparisons are not case sensitive. This works only on file systems that are not case-sensitive! InnoDB table names and view names are stored in lowercase, as for Value = 1.表名和数据库名使用CREATE Table或CREATE database语句中指定的lettercase存储在磁盘上，但是MySQL在查找时将它们转换为小写。名称比较不区分大小写。这只适用于不区分大小写的文件系统!InnoDB表名和视图名以小写存储，Value = 1。 NOTE: lower_case_table_names can only be configured when initializing the server. Changing the lower_case_table_names setting after the server is initialized is prohibited. lower_case_table_names=1 Secure File Priv. 权限安全文件 secure-file-priv="C:/ProgramData/MySQL/MySQL Server 8.0/Uploads" The maximum amount of concurrent sessions the MySQL server will allow. One of these connections will be reserved for a user with SUPER privileges to allow the administrator to login even if the connection limit has been reached. MySQL服务器允许的最大并发会话量。这些连接中的一个将保留给具有超级特权的用户，以便允许管理员登录，即使已经达到连接限制。 max_connections=151 The number of open tables for all threads. Increasing this value increases the number of file descriptors that mysqld requires. Therefore you have to make sure to set the amount of open files allowed to at least 4096 in the variable "open-files-limit" in 为所有线程打开的表的数量。增加这个值会增加mysqld需要的文件描述符的数量。因此，您必须确保在[mysqld_safe]节中的变量“open-files-limit”中将允许打开的文件数量至少设置为4096 section [mysqld_safe] table_open_cache=2000 Maximum size for internal (in-memory) temporary tables. If a table grows larger than this value, it is automatically converted to disk based table This limitation is for a single table. There can be many of them. 内部(内存)临时表的最大大小。如果一个表比这个值大，那么它将自动转换为基于磁盘的表。可以有很多。 tmp_table_size=94M How many threads we should keep in a cache for reuse. When a client disconnects, the client's threads are put in the cache if there aren't more than thread_cache_size threads from before. This greatly reduces the amount of thread creations needed if you have a lot of new connections. (Normally this doesn't give a notable performance improvement if you have a good thread implementation.) 我们应该在缓存中保留多少线程以供重用。当客户机断开连接时，如果之前的线程数不超过thread_cache_size，则将客户机的线程放入缓存。如果您有很多新连接，这将大大减少所需的线程创建量(通常，如果您有一个良好的线程实现，这不会带来显著的性能改进)。 thread_cache_size=10 MyISAM Specific options The maximum size of the temporary file MySQL is allowed to use while recreating the index (during REPAIR, ALTER TABLE or LOAD DATA INFILE. If the file-size would be bigger than this, the index will be created through the key cache (which is slower). MySQL允许在重新创建索引时(在修复、修改表或加载数据时)使用临时文件的最大大小。如果文件大小大于这个值，那么索引将通过键缓存创建(这比较慢)。 myisam_max_sort_file_size=100G If the temporary file used for fast index creation would be bigger than using the key cache by the amount specified here, then prefer the key cache method. This is mainly used to force long character keys in large tables to use the slower key cache method to create the index. myisam_sort_buffer_size=179M Size of the Key Buffer, used to cache index blocks for MyISAM tables. Do not set it larger than 30% of your available memory, as some memory is also required by the OS to cache rows. Even if you're not using MyISAM tables, you should still set it to 8-64M as it will also be used for internal temporary disk tables. 如果用于快速创建索引的临时文件比这里指定的使用键缓存的文件大，则首选键缓存方法。这主要用于强制大型表中的长字符键使用较慢的键缓存方法来创建索引。 key_buffer_size=8M Size of the buffer used for doing full table scans of MyISAM tables. Allocated per thread, if a full scan is needed. 用于对MyISAM表执行全表扫描的缓冲区的大小。如果需要完整的扫描，则为每个线程分配。 read_buffer_size=256K read_rnd_buffer_size=512K INNODB Specific options INNODB特定选项 innodb_data_home_dir= Use this option if you have a MySQL server with InnoDB support enabled but you do not plan to use it. This will save memory and disk space and speed up some things. 如果您启用了一个支持InnoDB的MySQL服务器，但是您不打算使用它，那么可以使用这个选项。这将节省内存和磁盘空间，并加快一些事情。skip-innodb skip-innodb If set to 1, InnoDB will flush (fsync) the transaction logs to the disk at each commit, which offers full ACID behavior. If you are willing to compromise this safety, and you are running small transactions, you may set this to 0 or 2 to reduce disk I/O to the logs. Value 0 means that the log is only written to the log file and the log file flushed to disk approximately once per second. Value 2 means the log is written to the log file at each commit, but the log file is only flushed to disk approximately once per second. 如果设置为1,InnoDB将在每次提交时将事务日志刷新(fsync)到磁盘，这将提供完整的ACID行为。如果您愿意牺牲这种安全性，并且正在运行小型事务，您可以将其设置为0或2，以将磁盘I/O减少到日志。值0表示日志仅写入日志文件，日志文件大约每秒刷新一次磁盘。值2表示日志在每次提交时写入日志文件，但是日志文件大约每秒只刷新一次磁盘。 innodb_flush_log_at_trx_commit=1 The size of the buffer InnoDB uses for buffering log data. As soon as it is full, InnoDB will have to flush it to disk. As it is flushed once per second anyway, it does not make sense to have it very large (even with long transactions).InnoDB用于缓冲日志数据的缓冲区大小。一旦它满了，InnoDB就必须将它刷新到磁盘。由于它无论如何每秒刷新一次，所以将它设置为非常大的值是没有意义的(即使是长事务)。 innodb_log_buffer_size=5M InnoDB, unlike MyISAM, uses a buffer pool to cache both indexes and row data. The bigger you set this the less disk I/O is needed to access data in tables. On a dedicated database server you may set this parameter up to 80% of the machine physical memory size. Do not set it too large, though, because competition of the physical memory may cause paging in the operating system. Note that on 32bit systems you might be limited to 2-3.5G of user level memory per process, so do not set it too high. 与MyISAM不同，InnoDB使用缓冲池来缓存索引和行数据。设置的值越大，访问表中的数据所需的磁盘I/O就越少。在专用数据库服务器上，可以将该参数设置为机器物理内存大小的80%。但是，不要将它设置得太大，因为物理内存的竞争可能会导致操作系统中的分页。注意，在32位系统上，每个进程的用户级内存可能被限制在2-3.5G，所以不要设置得太高。 innodb_buffer_pool_size=20M Size of each log file in a log group. You should set the combined size of log files to about 25%-100% of your buffer pool size to avoid unneeded buffer pool flush activity on log file overwrite. However, note that a larger logfile size will increase the time needed for the recovery process. 日志组中每个日志文件的大小。您应该将日志文件的合并大小设置为缓冲池大小的25%-100%，以避免在覆盖日志文件时出现不必要的缓冲池刷新活动。但是，请注意，较大的日志文件大小将增加恢复过程所需的时间。 innodb_log_file_size=48M Number of threads allowed inside the InnoDB kernel. The optimal value depends highly on the application, hardware as well as the OS scheduler properties. A too high value may lead to thread thrashing. InnoDB内核中允许的线程数。最优值在很大程度上取决于应用程序、硬件以及OS调度程序属性。过高的值可能导致线程抖动。 innodb_thread_concurrency=9 The increment size (in MB) for extending the size of an auto-extend InnoDB system tablespace file when it becomes full. 增量大小(以MB为单位)，用于在表空间满时扩展自动扩展的InnoDB系统表空间文件的大小。 innodb_autoextend_increment=128 The number of regions that the InnoDB buffer pool is divided into. For systems with buffer pools in the multi-gigabyte range, dividing the buffer pool into separate instances can improve concurrency, by reducing contention as different threads read and write to cached pages. InnoDB缓冲池划分的区域数。对于具有多gb缓冲池的系统，将缓冲池划分为单独的实例可以提高并发性，因为不同的线程对缓存页面的读写会减少争用。 innodb_buffer_pool_instances=8 Determines the number of threads that can enter InnoDB concurrently. 确定可以同时进入InnoDB的线程数 innodb_concurrency_tickets=5000 Specifies how long in milliseconds (ms) a block inserted into the old sublist must stay there after its first access before it can be moved to the new sublist. 指定插入到旧子列表中的块必须在第一次访问之后停留多长时间(毫秒)，然后才能移动到新子列表。 innodb_old_blocks_time=1000 It specifies the maximum number of .ibd files that MySQL can keep open at one time. The minimum value is 10. 它指定MySQL一次可以打开的.ibd文件的最大数量。最小值是10。 innodb_open_files=300 When this variable is enabled, InnoDB updates statistics during metadata statements. 当启用此变量时，InnoDB会在元数据语句期间更新统计信息。 innodb_stats_on_metadata=0 When innodb_file_per_table is enabled (the default in 5.6.6 and higher), InnoDB stores the data and indexes for each newly created table in a separate .ibd file, rather than in the system tablespace. 当启用innodb_file_per_table(5.6.6或更高版本的默认值)时，InnoDB将每个新创建的表的数据和索引存储在单独的.ibd文件中，而不是系统表空间中。 innodb_file_per_table=1 Use the following list of values: 0 for crc32, 1 for strict_crc32, 2 for innodb, 3 for strict_innodb, 4 for none, 5 for strict_none. 使用以下值列表:0表示crc32, 1表示strict_crc32, 2表示innodb, 3表示strict_innodb, 4表示none, 5表示strict_none。 innodb_checksum_algorithm=0 The number of outstanding connection requests MySQL can have. This option is useful when the main MySQL thread gets many connection requests in a very short time. It then takes some time (although very little) for the main thread to check the connection and start a new thread. The back_log value indicates how many requests can be stacked during this short time before MySQL momentarily stops answering new requests. You need to increase this only if you expect a large number of connections in a short period of time. MySQL可以有多少未完成连接请求。当MySQL主线程在很短的时间内收到许多连接请求时，这个选项非常有用。然后，主线程需要一些时间(尽管很少)来检查连接并启动一个新线程。back_log值表示在MySQL暂时停止响应新请求之前的短时间内可以堆多少个请求。只有当您预期在短时间内会有大量连接时，才需要增加这个值。 back_log=80 If this is set to a nonzero value, all tables are closed every flush_time seconds to free up resources and synchronize unflushed data to disk. This option is best used only on systems with minimal resources. 如果将该值设置为非零值，则每隔flush_time秒关闭所有表，以释放资源并将未刷新的数据同步到磁盘。这个选项最好只在资源最少的系统上使用。 flush_time=0 The minimum size of the buffer that is used for plain index scans, range index scans, and joins that do not use 用于普通索引扫描、范围索引扫描和不使用索引执行全表扫描的连接的缓冲区的最小大小。 indexes and thus perform full table scans. join_buffer_size=200M The maximum size of one packet or any generated or intermediate string, or any parameter sent by the mysql_stmt_send_long_data() C API function. 由mysql_stmt_send_long_data() C API函数发送的一个包或任何生成的或中间字符串或任何参数的最大大小 max_allowed_packet=500M If more than this many successive connection requests from a host are interrupted without a successful connection, the server blocks that host from performing further connections. 如果在没有成功连接的情况下中断了来自主机的多个连续连接请求，则服务器将阻止主机执行进一步的连接。 max_connect_errors=100 Changes the number of file descriptors available to mysqld. You should try increasing the value of this option if mysqld gives you the error "Too many open files". 更改mysqld可用的文件描述符的数量。如果mysqld给您的错误是“打开的文件太多”，您应该尝试增加这个选项的值。 open_files_limit=4161 If you see many sort_merge_passes per second in SHOW GLOBAL STATUS output, you can consider increasing the sort_buffer_size value to speed up ORDER BY or GROUP BY operations that cannot be improved with query optimization or improved indexing. 如果在SHOW GLOBAL STATUS输出中每秒看到许多sort_merge_passes，可以考虑增加sort_buffer_size值，以加快ORDER BY或GROUP BY操作的速度，这些操作无法通过查询优化或改进索引来改进。 sort_buffer_size=1M The number of table definitions (from .frm files) that can be stored in the definition cache. If you use a large number of tables, you can create a large table definition cache to speed up opening of tables. The table definition cache takes less space and does not use file descriptors, unlike the normal table cache. The minimum and default values are both 400. 可以存储在定义缓存中的表定义的数量(来自.frm文件)。如果使用大量表，可以创建一个大型表定义缓存来加速表的打开。与普通的表缓存不同，表定义缓存占用更少的空间，并且不使用文件描述符。最小值和默认值都是400。 table_definition_cache=1400 Specify the maximum size of a row-based binary log event, in bytes. Rows are grouped into events smaller than this size if possible. The value should be a multiple of 256. 指定基于行的二进制日志事件的最大大小，单位为字节。如果可能，将行分组为小于此大小的事件。这个值应该是256的倍数。 binlog_row_event_max_size=8K If the value of this variable is greater than 0, a replication slave synchronizes its master.info file to disk. (using fdatasync()) after every sync_master_info events. 如果该变量的值大于0，则复制奴隶将其主.info文件同步到磁盘。(在每个sync_master_info事件之后使用fdatasync())。 sync_master_info=10000 If the value of this variable is greater than 0, the MySQL server synchronizes its relay log to disk. (using fdatasync()) after every sync_relay_log writes to the relay log. 如果这个变量的值大于0,MySQL服务器将其中继日志同步到磁盘。(在每个sync_relay_log写入到中继日志之后使用fdatasync())。 sync_relay_log=10000 If the value of this variable is greater than 0, a replication slave synchronizes its relay-log.info file to disk. (using fdatasync()) after every sync_relay_log_info transactions. 如果该变量的值大于0，则复制奴隶将其中继日志.info文件同步到磁盘。(在每个sync_relay_log_info事务之后使用fdatasync())。 sync_relay_log_info=10000 Load mysql plugins at start."plugin_x ; plugin_y". 开始时加载mysql插件。“plugin_x;plugin_y” plugin_load The TCP/IP Port the MySQL Server X Protocol will listen on. MySQL服务器X协议将监听TCP/IP端口。 loose_mysqlx_port=33060 本篇文章为转载内容。原文链接：https://blog.csdn.net/mywpython/article/details/89499852。 该文由互联网用户投稿提供，文中观点代表作者本人意见，并不代表本站的立场。 作为信息平台，本站仅提供文章转载服务，并不拥有其所有权，也不对文章内容的真实性、准确性和合法性承担责任。 如发现本文存在侵权、违法、违规或事实不符的情况，请及时联系我们，我们将第一时间进行核实并删除相应内容。

...决方法： 在配置文件application.properties设置静态资源的访问路径 只有静态资源的访问路径为/static/时，才会处理请求spring.mvc.static-path-pattern=/static/ 重新启动后、完美解决问题 本篇文章为转载内容。原文链接：https://lebron.blog.csdn.net/article/details/117636422。 该文由互联网用户投稿提供，文中观点代表作者本人意见，并不代表本站的立场。 作为信息平台，本站仅提供文章转载服务，并不拥有其所有权，也不对文章内容的真实性、准确性和合法性承担责任。 如发现本文存在侵权、违法、违规或事实不符的情况，请及时联系我们，我们将第一时间进行核实并删除相应内容。

...s配置文件，通常是application.properties。 2. 检查spring.datasource.url字段的值是否正确。 3. 确保数据库服务器已经启动并且可以被访问。 举个例子，假设你的配置文件中原本是这样写的： properties spring.datasource.url=jdbc:mysql://wrong-host:3306/nacos_config?useUnicode=true&characterEncoding=UTF-8&autoReconnect=true 你应该将其修改为正确的数据库地址，比如： properties spring.datasource.url=jdbc:mysql://localhost:3306/nacos_config?useUnicode=true&characterEncoding=UTF-8&autoReconnect=true 3.3 网络问题 网络问题也是导致用户无法访问Nacos服务的一个重要原因。有时因为防火墙设错了或网络配置搞砸了，客户端就可能连不上Nacos服务了。解决这类问题的方法通常是检查网络配置，并确保防火墙规则允许必要的端口通信。 举个例子，如果你的Nacos服务运行在服务器上，并且默认监听9848端口，你需要确保该端口在服务器的防火墙中是开放的。你可以使用以下命令来添加防火墙规则（假设你使用的是Ubuntu系统）： bash sudo ufw allow 9848/tcp 3.4 客户端配置问题 最后，我们需要检查客户端的配置是否正确。客户端得知道怎么连上Nacos服务，这就得搞清楚服务地址和端口号这些配置信息了。如果这些配置项不正确，客户端将无法成功连接到Nacos服务。 举个例子，假设你的客户端配置文件中原本是这样写的： java ConfigService configService = NacosFactory.createConfigService("http://wrong-host:8848"); 你应该将其修改为正确的Nacos服务地址，比如： java ConfigService configService = NacosFactory.createConfigService("http://localhost:8848"); 四、总结与建议 通过以上几个方面的排查，我们可以逐步缩小问题范围，并最终找到导致用户无法访问Nacos服务的原因。在这期间，咱们得保持耐心，还得细心点儿。当然了，该用的工具和技术也别手软，它们可是咱解决问题的好帮手呢！ 希望这篇文章对你有所帮助！如果你还有其他问题或者疑惑，欢迎随时留言讨论。

...开启热部署，可以通过application.properties文件中的配置来实现： properties spring.devtools.restart.enabled=true 三、指定热部署路径 在启用了热部署开关之后，我们还可以指定热部署的路径。一般来说，Spring Boot DevTools会对指定的路径进行监控，一旦发现有代码改动，就会自动重启项目。我们可以指定多个路径进行监控，也可以排除一些不需要监控的路径： properties spring.devtools.restart.additional-paths=src/main/java spring.devtools.restart.exclude=test/ 四、编写代码示例 以上都是理论上的介绍，接下来我们将通过一个简单的Spring Boot项目来进行实战演示。 1. 创建一个新的Spring Boot项目，然后在pom.xml文件中添加Spring Boot DevTools的依赖。 2. 在application.properties文件中开启热部署开关，并指定热部署的路径。 3. 编写一个简单的Controller类，如下所示： java @RestController public class HelloController { @GetMapping("/hello") public String hello() { return "Hello, Spring Boot!"; } } 4. 启动项目，在浏览器中访问http://localhost:8080/hello，可以看到返回的结果为"Hello, Spring Boot!"。 5. 修改HelloController类中的某个方法，保存后关闭IDEA，再次打开项目，可以看到Spring Boot已经自动重启，并且页面上返回的结果已经被修改。 这就是Spring Boot如何实现热部署的过程。总的来说，Spring Boot真够意思，它提供了一种超级便捷的方式来实现热部署，你只需要动动手指做些简单的配置，就能轻轻松松把这事儿给办了。而且你知道吗，Spring Boot DevTools这玩意儿可是一个相当成熟的框架，所以它的性能那叫一个稳如老狗，你完全不用担心热部署的时候会出什么幺蛾子，把程序给整崩溃了这类的问题。因此，我强烈推荐大家在实际开发中使用Spring Boot DevTools来实现热部署。

...Nacos的配置文件application.properties中，我们可以看到以下内容： css spring.datasource.url=jdbc:mysql://localhost:3306/nacos?useUnicode=true&characterEncoding=UTF-8&serverTimezone=UTC spring.datasource.username=nacos spring.datasource.password=nacos 这里可以看到，Nacos的登录信息（用户名和密码）被保存在了MySQL数据库中，其中数据库的名字为nacos，用户名和密码分别为nacos。因此，我们需要先在MySQL中更新这两个用户的信息。 五、操作步骤 接下来，我们就来具体介绍一下如何在MySQL中更新Nacos的登录信息。 1. 登录到MySQL服务器，然后选择名为nacos的数据库。 python mysql -u root -p use nacos; 2. 修改用户名和密码。在这个例子中，我们将用户名改为new-nacos，密码改为new-nacos-password。 sql update user set password='new-nacos-password' where username='nacos'; update user set authentication_string='MD5(new-nacos-password)' where username='new-nacos'; 3. 最后，我们需要刷新MySQL的权限表，以便让Nacos能够正确地识别新的用户名和密码。 bash flush privileges; 六、测试验证 完成上述步骤后，我们就可以尝试重新启动Nacos服务了。要是顺顺利利的话，你现在应该已经成功登录到Nacos的控制台了，而且你改的新密码也妥妥地生效啦！ 七、总结 总的来说，Nacos修改密码后服务无法启动的问题并不难解决，只需要我们按照正确的步骤进行操作就可以了。不过，你要知道，每个人的环境和配置都是独一无二的，所以在实际动手操作时，可能会遇到些微不同的情况。如果你在尝试上述步骤的过程中遇到了任何问题，欢迎随时向我提问，我会尽我所能为你提供帮助。

...java // application.properties spring.datasource.url=jdbc:h2:mem:testdb;DB_CLOSE_DELAY=-1 spring.datasource.driverClassName=org.h2.Driver spring.datasource.username=sa spring.datasource.password= spring.jpa.database-platform=org.hibernate.dialect.H2Dialect 3. 连接失败常见场景及原因分析 3.1 配置错误 （思考过程） 在实际开发中，最直观且常见的问题就是配置错误导致的连接失败。例如，数据库URL格式不正确，或者驱动类名拼写有误等。让我们看一段可能出错的示例： java // 错误配置示例 spring.datasource.url=jdbc:h2:memory:testdb // 注意这里的'memory'而非'mem' 3.2 驱动未加载 （理解过程） 另一种可能导致连接失败的原因是SpringBoot未能正确识别并加载H2数据库驱动。虽然SpringBoot的自动配置功能超级给力，但如果我们在依赖管理这块儿出了岔子，比方说忘记引入那个必备的H2数据库插件，就很可能闹出连接不上的幺蛾子。正确的Maven依赖如下： xml com.h2database h2 runtime 3.3 数据库服务未启动 （探讨性话术） 我们都知道，与数据库建立连接的前提是数据库服务正在运行。但在H2的内存模式下，有时我们会误以为它无需启动服务。其实吧，虽然H2内存数据库会在应用启动时自个儿蹦跶出来，但如果配置的小细节搞错了，那照样会让连接初始化的时候扑街。 4. 解决方案与实践 针对上述情况，我们可以采取以下步骤进行问题排查和解决： - 检查配置：确保application.properties中的数据库URL、驱动类名、用户名和密码等配置项准确无误。 - 检查依赖：确认pom.xml或Gradle构建脚本中已包含H2数据库的依赖。 - 查看日志：通过阅读SpringBoot启动日志，查找关于H2数据库初始化的相关信息，有助于定位问题所在。 - 重启服务：有时候简单地重启应用服务可以解决因环境临时状态导致的问题。 综上所述，面对SpringBoot连接H2数据库失败的问题，我们需要结合具体情况进行细致的排查，并根据不同的错误源采取相应的解决措施。只有这样，才能让H2这位得力助手在我们的项目开发中发挥最大的价值。

...acos/conf/application.properties 找到如下配置项并进行修改： properties spring.cloud.nacos.config.server-addr=127.0.0.1:8848 spring.cloud.nacos.config.file-extension=yaml 2. 创建文件 如果数据文件不存在，需要先创建该文件。可以使用文本编辑器打开一个新文件，并将其保存为“gatewayserver-dev-${server.env}.yaml”。 3. 设置权限 如果文件权限问题导致无法访问，可以尝试更改文件权限，使得用户拥有足够的权限来访问该文件。 bash 更改文件权限 chmod 755 /path/to/gatewayserver-dev-${server.env}.yaml 四、总结 通过以上的分析和解决方案，我们可以看出，Nacos报错“Nacos error, dataId: gatewayserver-dev-${server.env}.yaml”主要是由于文件路径错误、文件不存在或权限问题导致的。要搞定这些问题，关键一步就是得检查和调整相关的设置，确保Nacos能够顺利地访问并妥善管理那些数据文件。 需要注意的是，以上只是针对此特定问题的解决方法，不同情况下可能需要采取不同的策略。所以在使用Nacos的时候，咱们就得不断摸索、积累实战经验，这样一来，碰到各种状况就能更溜地应对了。同时，咱们也得养成一些接地气的编程好习惯，就比如说，记得时不时给重要文件做个“存档”以防万一，还有就是给文件权限安排得明明白白，这样一来，就能有效避免那些手滑、误操作引发的小插曲和大麻烦啦。 五、结尾语 最后，希望大家在使用Nacos时能保持耐心和细心，不断地学习和实践，不断提升自己的技能水平。希望通过这篇分享，能实实在在地帮到那些正被Nacos报错问题搞得焦头烂额的兄弟姐妹们，让大家伙儿都能顺利解决问题，继续愉快地编程之旅。如果您在使用Nacos的过程中还有其他疑问或问题，请随时留言提问，我们会尽力提供帮助和支持！

...着，我们需要创建一个application.properties文件，配置数据库连接信息。 properties spring.datasource.url=jdbc:hsqldb:mem:testdb spring.datasource.driverClassName=org.hsqldb.jdbcDriver spring.datasource.username=sa spring.datasource.password= spring.jpa.hibernate.ddl-auto=create 然后，我们需要创建一个UserRepository接口，定义CRUD操作方法。 java public interface UserRepository extends JpaRepository { } 最后，我们可以在控制器中调用UserRepository的方法，将用户保存到数据库中。 java @RestController public class UserController { private final UserRepository userRepository; public UserController(UserRepository userRepository) { this.userRepository = userRepository; } @PostMapping("/users") public ResponseEntity createUser(@RequestBody User user) { userRepository.save(user); return ResponseEntity.ok().build(); } } 以上就是使用SpringBoot进行数据库迁移的基本步骤。这样子做，我们就能轻轻松松地管理、更新咱们的数据库，确保我们的应用程序能够像老黄牛一样稳稳当当地运行起来，一点儿都不带出岔子的。

...，我们需要在配置文件application.properties中添加如下配置： properties spring.rocketmq.namesrv-address=127.0.0.1:9876 这里的namesrv-address属性表示RocketMQ的命名服务器地址，我们可以通过这个地址获取到Broker节点列表。 接下来，我们就可以开始编写生产者的代码了。下面是一个简单的生产者示例： java import org.apache.rocketmq.client.consumer.DefaultMQPushConsumer; import org.apache.rocketmq.common.message.MessageQueue; import java.util.ArrayList; import java.util.List; public class Producer { public static void main(String[] args) { // 创建一个消息消费者，并设置一个消息消费者组 DefaultMQPushConsumer consumer = new DefaultMQPushConsumer("testGroup"); // 指定NameServer地址 consumer.setNamesrvAddr("localhost:9876"); // 初始化消费者，整个应用生命周期内只需要初始化一次 consumer.start(); // 关闭消费者 consumer.shutdown(); } } 在这个示例中，我们创建了一个名为testGroup的消息消费者组，并指定了NameServer地址为localhost:9876。然后，我们就像启动一辆跑车那样，先给消费者来个“start”热身，让它开始运转起来；最后嘛，就像关上家门一样，我们顺手给它来了个“shutdown”，让这个消费者妥妥地休息了。 五、总结 本文介绍了如何通过Spring Boot集成RocketMQ实现异步任务的消息推送。用这种方式，我们就能轻轻松松地管理好消息队列，让系统的稳定性和扩展性噌噌噌地往上涨。同时，Spring Boot和RocketMQ的结合也使得我们的应用程序更加易于开发和维护。以后啊，我们还可以捣鼓捣鼓其他的通讯工具，比如Kafka、RabbitMQ这些家伙，让咱们的系统的运行速度和稳定性更上一层楼。

...作。然后，我们需要在application.properties文件中添加MongoDB的连接信息： properties spring.data.mongodb.uri=mongodb://localhost:27017/mydb 这行代码的意思是我们的MongoDB服务器位于本地主机的27017端口上，且数据库名为mydb。 5. 使用MongoTemplate操作MongoDB 在配置完成后，我们就可以开始使用MongoTemplate来操作MongoDB了。MongoTemplate是SpringDataMongoDB提供的一个类，它可以帮助我们执行各种数据库操作。下面是一些基本的操作示例： java @Autowired private MongoTemplate mongoTemplate; public void insert(String collectionName, String id, Object entity) { mongoTemplate.insert(entity, collectionName); } public List find(String collectionName, Query query) { return mongoTemplate.find(query, Object.class, collectionName); } 6. 使用Repository操作MongoDB 除了MongoTemplate之外，SpringDataMongoDB还提供了Repository接口，它可以帮助我们更加方便地进行数据库操作。我们完全可以把这个接口“继承”下来，然后自己动手编写几个核心的方法，就像是插入数据、查找信息、更新记录、删除项目这些基本操作，让它们各司其职，活跃在我们的程序里。下面是一个简单的示例： java @Repository public interface UserRepository extends MongoRepository { User findByUsername(String username); void deleteByUsername(String username); default void save(User user) { if (user.getId() == null) { user.setId(UUID.randomUUID().toString()); } super.save(user); } @Query(value = "{'username':?0}") List findByUsername(String username); } 7. 总结 总的来说，SpringBoot与MongoDB的集成是非常简单和便捷的。只需要几步简单的配置，我们就可以使用SpringBoot的强大功能来操作MongoDB。而且你知道吗，SpringDataMongoDB这家伙还藏着不少好东西嘞，像数据映射、查询、聚合这些高级功能，全都是它的拿手好戏。这样一来，我们开发应用程序就能又快又高效，简直像是插上了小翅膀一样飞速前进！所以，如果你正在琢磨着用NoSQL数据库来搭建你的数据存储方案，那我真心实意地拍胸脯推荐你试试SpringBoot配上MongoDB这个黄金组合，准保不会让你失望！

...core/core.properties,classpath:config/redis/redis-config.properties" />--><bean id="propertyConfigurerForProject1" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"><property name="order" value="1" /><property name="ignoreUnresolvablePlaceholders" value="true" /><property name="location"><value>classpath:config/core/core.properties</value></property></bean><mvc:annotation-driven><mvc:message-converters register-defaults="true"><bean class="org.springframework.http.converter.StringHttpMessageConverter"><property name="supportedMediaTypes" value = "text/plain;charset=UTF-8" /></bean></mvc:message-converters></mvc:annotation-driven><!-- 避免IE执行AJAX时,返回JSON出现下载文件 --><bean id="mappingJacksonHttpMessageConverter" class="org.springframework.http.converter.json.MappingJacksonHttpMessageConverter"><property name="supportedMediaTypes"><list><value>text/html;charset=UTF-8</value></list></property></bean><!-- 开启controller注解支持 --><!-- 注：如果base-package=com.avicit 则注解事务不起作用 TODO 读源码 --><context:component-scan base-package="com.zhuguang"></context:component-scan><mvc:view-controller path="/" view-name="redirect:/index" /><beanclass="org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping" /><bean id="handlerAdapter"class="org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter"></bean><beanclass="org.springframework.web.servlet.view.ContentNegotiatingViewResolver"><property name="mediaTypes"><map><entry key="json" value="application/json" /><entry key="xml" value="application/xml" /><entry key="html" value="text/html" /></map></property><property name="viewResolvers"><list><bean class="org.springframework.web.servlet.view.BeanNameViewResolver" /><bean class="org.springframework.web.servlet.view.UrlBasedViewResolver"><property name="viewClass" value="org.springframework.web.servlet.view.JstlView" /><property name="prefix" value="/" /><property name="suffix" value=".jsp" /></bean></list></property></bean><!-- 支持上传文件 --> <!-- 控制器异常处理 --><bean id="exceptionResolver"class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver"><property name="exceptionMappings"><props><prop key="java.lang.Exception">error</prop></props></property></bean><bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource" destroy-method="close"><property name="driverClass"><value>${jdbc.driverClassName}</value></property><property name="jdbcUrl"><value>${jdbc.url}</value></property><property name="user"><value>${jdbc.username}</value></property><property name="password"><value>${jdbc.password}</value></property><property name="minPoolSize" value="10" /><property name="maxPoolSize" value="100" /><property name="maxIdleTime" value="1800" /><property name="acquireIncrement" value="3" /><property name="maxStatements" value="1000" /><property name="initialPoolSize" value="10" /><property name="idleConnectionTestPeriod" value="60" /><property name="acquireRetryAttempts" value="30" /><property name="breakAfterAcquireFailure" value="false" /><property name="testConnectionOnCheckout" value="false" /><property name="acquireRetryDelay"><value>100</value></property></bean><bean id="jdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate"><property name="dataSource" ref="dataSource"></property></bean><bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager"><property name="dataSource" ref="dataSource"/></bean><tx:annotation-driven transaction-manager="transactionManager" proxy-target-class="true" /><aop:aspectj-autoproxy expose-proxy="true"/></beans> logback.xml <?xml version="1.0" encoding="UTF-8"?><!--scan：当此属性设置为true时，配置文件如果发生改变，将会被重新加载，默认值为true。scanPeriod：设置监测配置文件是否有修改的时间间隔，如果没有给出时间单位，默认单位是毫秒当scan为true时，此属性生效。默认的时间间隔为1分钟。debug：当此属性设置为true时，将打印出logback内部日志信息，实时查看logback运行状态。默认值为false。--><configuration scan="false" scanPeriod="60 seconds" debug="false"><!-- 定义日志的根目录 --><!-- <property name="LOG_HOME" value="/app/log" /> --><!-- 定义日志文件名称 --><property name="appName" value="netty"></property><!-- ch.qos.logback.core.ConsoleAppender 表示控制台输出 --><appender name="stdout" class="ch.qos.logback.core.ConsoleAppender"><Encoding>UTF-8</Encoding><!--日志输出格式：%d表示日期时间，%thread表示线程名，%-5level：级别从左显示5个字符宽度%logger{50} 表示logger名字最长50个字符，否则按照句点分割。 %msg：日志消息，%n是换行符--><encoder><pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{50} - %msg%n</pattern></encoder></appender><!-- 滚动记录文件，先将日志记录到指定文件，当符合某个条件时，将日志记录到其他文件 --> <appender name="appLogAppender" class="ch.qos.logback.core.rolling.RollingFileAppender"><Encoding>UTF-8</Encoding><!-- 指定日志文件的名称 --> <file>${appName}.log</file><!--当发生滚动时，决定 RollingFileAppender 的行为，涉及文件移动和重命名TimeBasedRollingPolicy： 最常用的滚动策略，它根据时间来制定滚动策略，既负责滚动也负责出发滚动。--><rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"><!--滚动时产生的文件的存放位置及文件名称 %d{yyyy-MM-dd}：按天进行日志滚动 %i：当文件大小超过maxFileSize时，按照i进行文件滚动--><fileNamePattern>${appName}-%d{yyyy-MM-dd}-%i.log</fileNamePattern><!-- 可选节点，控制保留的归档文件的最大数量，超出数量就删除旧文件。假设设置每天滚动，且maxHistory是365，则只保存最近365天的文件，删除之前的旧文件。注意，删除旧文件是，那些为了归档而创建的目录也会被删除。--><MaxHistory>365</MaxHistory><!-- 当日志文件超过maxFileSize指定的大小是，根据上面提到的%i进行日志文件滚动 注意此处配置SizeBasedTriggeringPolicy是无法实现按文件大小进行滚动的，必须配置timeBasedFileNamingAndTriggeringPolicy--><timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"><maxFileSize>100MB</maxFileSize></timeBasedFileNamingAndTriggeringPolicy></rollingPolicy><!--日志输出格式：%d表示日期时间，%thread表示线程名，%-5level：级别从左显示5个字符宽度 %logger{50} 表示logger名字最长50个字符，否则按照句点分割。 %msg：日志消息，%n是换行符--> <encoder><pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [ %thread ] - [ %-5level ] [ %logger{50} : %line ] - %msg%n</pattern></encoder></appender><!-- logger主要用于存放日志对象，也可以定义日志类型、级别name：表示匹配的logger类型前缀，也就是包的前半部分level：要记录的日志级别，包括 TRACE < DEBUG < INFO < WARN < ERRORadditivity：作用在于children-logger是否使用 rootLogger配置的appender进行输出，false：表示只用当前logger的appender-ref，true：表示当前logger的appender-ref和rootLogger的appender-ref都有效--><!-- <logger name="edu.hyh" level="info" additivity="true"><appender-ref ref="appLogAppender" /></logger> --><!-- root与logger是父子关系，没有特别定义则默认为root，任何一个类只会和一个logger对应，要么是定义的logger，要么是root，判断的关键在于找到这个logger，然后判断这个logger的appender和level。 --><root level="debug"><appender-ref ref="stdout" /><appender-ref ref="appLogAppender" /></root></configuration> 2、余额宝代码 package com.zhuguang.jack.controller;import com.alibaba.fastjson.JSONObject;import com.zhuguang.jack.service.OrderService;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.stereotype.Controller;import org.springframework.web.bind.annotation.RequestMapping;import org.springframework.web.bind.annotation.ResponseBody;@Controller@RequestMapping("/order")public class OrderController {/ @Description TODO @param @return 参数 @return String 返回类型 @throws 模拟银行转账 userID：转账的用户ID amount：转多少钱/@AutowiredOrderService orderService;@RequestMapping("/transfer")public @ResponseBody String transferAmount(String userId, String amount) {try {orderService.updateAmount(Integer.valueOf(amount), userId);}catch (Exception e) {e.printStackTrace();return "===============================transferAmount failed===================";}return "===============================transferAmount successfull===================";} } 消息监听器 package com.zhuguang.jack.listener;import com.alibaba.fastjson.JSONObject;import com.zhuguang.jack.service.OrderService;import org.slf4j.Logger;import org.slf4j.LoggerFactory;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.http.client.SimpleClientHttpRequestFactory;import org.springframework.stereotype.Service;import org.springframework.transaction.annotation.Transactional;import org.springframework.web.client.RestTemplate;import javax.jms.JMSException;import javax.jms.Message;import javax.jms.MessageListener;import javax.jms.ObjectMessage;@Service("queueMessageListener")public class QueueMessageListener implements MessageListener {private Logger logger = LoggerFactory.getLogger(getClass());@AutowiredOrderService orderService;@Transactional(rollbackFor = Exception.class)@Overridepublic void onMessage(Message message) {if (message instanceof ObjectMessage) {ObjectMessage objectMessage = (ObjectMessage) message;try {com.zhuguang.jack.bean.Message message1 = (com.zhuguang.jack.bean.Message) objectMessage.getObject();String userId = message1.getUserId();int count = orderService.queryMessageCountByUserId(userId);if (count == 0) {orderService.updateAmount(message1.getAmount(), message1.getUserId());orderService.insertMessage(message1.getUserId(), message1.getMessageId(), message1.getAmount(), "ok");} else {logger.info("异常转账");}RestTemplate restTemplate = createRestTemplate();JSONObject jo = new JSONObject();jo.put("messageId", message1.getMessageId());jo.put("respCode", "OK");String url = "http://jack.bank_a.com:8080/alipay/order/callback?param="+ jo.toJSONString();restTemplate.getForObject(url,null);} catch (JMSException e) {e.printStackTrace();throw new RuntimeException("异常");} }}public RestTemplate createRestTemplate() {SimpleClientHttpRequestFactory simpleClientHttpRequestFactory = new SimpleClientHttpRequestFactory();simpleClientHttpRequestFactory.setConnectTimeout(3000);simpleClientHttpRequestFactory.setReadTimeout(2000);return new RestTemplate(simpleClientHttpRequestFactory);} } package com.zhuguang.jack.service;public interface OrderService {public void updateAmount(int amount, String userId);public int queryMessageCountByUserId(String userId);public int insertMessage(String userId,String messageId,int amount,String status);} package com.zhuguang.jack.service;import org.slf4j.Logger;import org.slf4j.LoggerFactory;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.http.client.SimpleClientHttpRequestFactory;import org.springframework.jdbc.core.JdbcTemplate;import org.springframework.stereotype.Service;import org.springframework.transaction.annotation.Transactional;import org.springframework.web.client.RestTemplate;@Service@Transactional(rollbackFor = Exception.class)public class OrderServiceImpl implements OrderService {private Logger logger = LoggerFactory.getLogger(getClass());@AutowiredJdbcTemplate jdbcTemplate;/ 更新数据库表，把账户余额减去amountd/@Overridepublic void updateAmount(int amount, String userId) {//1、农业银行转账3000，也就说农业银行jack账户要减3000String sql = "update account set amount = amount + ?,update_time=now() where user_id = ?";int count = jdbcTemplate.update(sql, new Object[] {amount, userId});if (count != 1) {throw new RuntimeException("订单创建失败，农业银行转账失败！");} }public RestTemplate createRestTemplate() {SimpleClientHttpRequestFactory simpleClientHttpRequestFactory = new SimpleClientHttpRequestFactory();simpleClientHttpRequestFactory.setConnectTimeout(3000);simpleClientHttpRequestFactory.setReadTimeout(2000);return new RestTemplate(simpleClientHttpRequestFactory);}@Overridepublic int queryMessageCountByUserId(String messageId) {String sql = "select count() from message where message_id = ?";int count = jdbcTemplate.queryForInt(sql, new Object[]{messageId});return count;}@Overridepublic int insertMessage(String userId, String message_id,int amount, String status) {String sql = "insert into message(user_id,message_id,amount,status) values(?,?,?)";int count = jdbcTemplate.update(sql, new Object[]{userId, message_id,amount, status});if(count == 1) {logger.info("Ok");}return count;} } activemq.xml <?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xmlns:amq="http://activemq.apache.org/schema/core"xmlns:jms="http://www.springframework.org/schema/jms"xmlns:context="http://www.springframework.org/schema/context"xmlns:mvc="http://www.springframework.org/schema/mvc"xsi:schemaLocation="http://www.springframework.org/schema/beanshttp://www.springframework.org/schema/beans/spring-beans-4.1.xsdhttp://www.springframework.org/schema/contexthttp://www.springframework.org/schema/context/spring-context-4.1.xsdhttp://www.springframework.org/schema/mvchttp://www.springframework.org/schema/mvc/spring-mvc-4.1.xsdhttp://www.springframework.org/schema/jmshttp://www.springframework.org/schema/jms/spring-jms-4.1.xsdhttp://activemq.apache.org/schema/corehttp://activemq.apache.org/schema/core/activemq-core-5.12.1.xsd"><context:component-scan base-package="com.zhuguang.jack" /><mvc:annotation-driven /><amq:connectionFactory id="amqConnectionFactory"brokerURL="tcp://192.168.88.131:61616"userName="system"password="manager" /><!-- 配置JMS连接工长 --><bean id="connectionFactory"class="org.springframework.jms.connection.CachingConnectionFactory"><constructor-arg ref="amqConnectionFactory" /><property name="sessionCacheSize" value="100" /></bean><!-- 定义消息队列（Queue） --><bean id="demoQueueDestination" class="org.apache.activemq.command.ActiveMQQueue"><!-- 设置消息队列的名字 --><constructor-arg><value>zg.jack.queue</value></constructor-arg></bean><!-- 显示注入消息监听容器（Queue），配置连接工厂，监听的目标是demoQueueDestination，监听器是上面定义的监听器 --><bean id="queueListenerContainer"class="org.springframework.jms.listener.DefaultMessageListenerContainer"><property name="connectionFactory" ref="connectionFactory" /><property name="destination" ref="demoQueueDestination" /><property name="messageListener" ref="queueMessageListener" /></bean><!-- 配置JMS模板（Queue），Spring提供的JMS工具类，它发送、接收消息。 --><bean id="jmsTemplate" class="org.springframework.jms.core.JmsTemplate"><property name="connectionFactory" ref="connectionFactory" /><property name="defaultDestination" ref="demoQueueDestination" /><property name="receiveTimeout" value="10000" /><!-- true是topic，false是queue，默认是false，此处显示写出false --><property name="pubSubDomain" value="false" /></bean></beans> OK~~~~~~~~~~~~大功告成！！！， 如果大家觉得满意并且对技术感兴趣请加群：171239762， 纯技术交流群，非诚勿扰。 本篇文章为转载内容。原文链接：https://blog.csdn.net/luoyang_java/article/details/84953241。 该文由互联网用户投稿提供，文中观点代表作者本人意见，并不代表本站的立场。 作为信息平台，本站仅提供文章转载服务，并不拥有其所有权，也不对文章内容的真实性、准确性和合法性承担责任。 如发现本文存在侵权、违法、违规或事实不符的情况，请及时联系我们，我们将第一时间进行核实并删除相应内容。