某日编写接口时,脑袋突然灵光一闪,意识到了一个可能会被很多码农甚至程序设计者忽视掉的安全漏洞问题。
请先看下面的代码,先上controller层代码:
package csdn.controller;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
@RequestMapping("/demo")
public class DemoController {
private static final Logger logger = Logger.getLogger(DemoController.class);
@Autowired
private DemoService demoService;
/**
* 用户取消订单接口
userId,下单用户的id
productId,商品id
num,商品数量
*/
@RequestMapping(value = "/order", method = RequestMethod.POST)
@R