SpringBoot 2.7 + Vue3 Fully Separated Frontend and Backend Development Framework

Project Introduction

This project is a continuously updated, completely free and open-source enterprise-level application development framework that adopts a fully separated front-end and back-end architecture, focusing on enhancing non-functional requirements in business development. The front end is built with Vue and Element UI, while the back end leverages Spring Boot, Spring Security, Redis, and JWT tech stacks, integrating a robust authentication and authorization mechanism, supporting multi-terminal login and identity verification.

The system is designed for internet environments, meeting the needs of both B-end and C-end users, and provides high scalability and adaptability. Through plugin-based integration of commonly used middleware and components in enterprise development, module design follows the principle of high cohesion and low coupling, featuring a clear structure and ease of expansion. The code is well-organized and the architecture is concise and clear, making it suitable not only for learning and reference but also for real-world enterprise project development.

Built-in Modules

1. User Management: Manage system operators, complete the creation of user accounts, allocation of permissions, and maintenance of user information.

2. Department Management: Configure multi-level organizational structures of companies and departments, visually displaying them in a tree-like format with support for data permission isolation.

3. Menu Management: Configure system navigation menus, operation permission controls, and button-level permission tags to achieve fine-grained access control.

4. Role Management: Assign menu and operation permissions to different roles, supporting hierarchical data permission scope based on organizational structure.

5. Dictionary Management: Maintain common and relatively fixed classification and label data within the system, enhancing data consistency and maintainability.

6. Parameter Management: Centralize configuration and management of dynamic parameters required for the system, with capabilities for real-time adjustment and activation.

7. Announcement Management: Publish and maintain notice and announcement information within the system, ensuring users stay informed of important updates.

8. Operation Log: Record and query normal system operation logs and error logs, aiding in auditing and troubleshooting.

9. Login Log: Browse user login records, including both successful and abnormal login actions, ensuring secure and controlled system access.

10. Online Users: Real-time monitoring of currently active users in the system, showing their login status and operational behavior.

Development Instructions

Runtime Environment

Tool	Version
Java	1.8、17
Maven	3.6.3 +
Redis	5 +
PostgreSQL	12.16
IDE	IDEA, Eclipse, VS Code

Project Structure

├── java
│   └── net
│       └── vjsp
│           ├── common				-- 	Global common files
│           │   ├── constant			--	Global constants
│           │   ├── enums				--	Global enums
│           │   ├── exception			--	Global exceptions
│           │   ├── model				--	Common encapsulated object entities
│           │   └── util				--	Static utility class
│           ├── framework			--	System framework
│           │   ├── aspectj				--	Business annotations
│           │   │   ├── annotation		-- 	Annotation implementation
│           │   ├── config				--	Configuration classes
│           │   ├── filter				--	Filters
│           │   ├── handler				--	Executors referenced in the configuration file
│           │   ├── model				--	Framework object entities
│           │   ├── security			--	Permission framework components and implementations
│           │   └── service				--	Global dynamic utilities and general methods
│           ├── modules				--	Business modules
│           │   ├── controller			--	Controller layer
│           │   ├── domain				--	Entity classes
│           │   │   ├── convert			--	Converter classes, used for cross-layer data transfer
│           │   │   ├── dto				--	Data encapsulation for third-party calls
│           │   │   ├── form			--	Create and submit form object
│           │   │   ├── po				--	Persistence layer object
│           │   │   ├── query			--	Query object
│           │   │   └── vo				--	List display entity
│           │   ├── mapper				--	Persistence implementation
│           │   └── service				--	Business logic implementation
│           ├── system				--	System module
│           │   ├── common				--	Common controllers: login, upload, download, captcha
│           │   ├── controller			--	Controller layer
│           │   ├── domain				--	Entity classes
│           │   │   ├── convert			--	Converter classes, used for cross-layer data transfer
│           │   │   ├── dto				--	Data encapsulation for third-party calls
│           │   │   ├── form			--	Create and submit form object
│           │   │   ├── po				--	Persistence layer object
│           │   │   ├── query			--	Query object
│           │   │   └── vo				--	List display entity
│           │   ├── mapper				--	Persistence implementation
│           │   └── service				--	Business logic implementation
│           ├── workflow			--	Workflow
│           └── VjspApplication.java	--	System startup class
└── resources							--	Configuration files

Structure Standards

First-level package path	Description
common	Common file package, global variables, exception classes, enumeration classes, static utility classes, and global files unrelated to business
framework	System file package, permission framework, configuration files, interceptors, dependency injection utilities
system	System modules, users, roles, menus, logs, login, etc.
modules	Business modules, other functional modules besides system modules
workflow	Workflow module
resources	Configuration files

Maven Standards

Using springboot Main Version to provide dependent jar packages, which do not require a version number, and other Non-springboot Main Version dependencies that must declare version numbers in property files

Current system non-springboot Main Version providing dependent jar packages as follows:

<properties>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
    <skipTests>true</skipTests>
    <java.version>1.8</java.version>
    <mapstruct.version>1.5.1.Final</mapstruct.version>
    <springdoc.version>1.7.0</springdoc.version>
    <postgresql.version>42.2.20</postgresql.version>
    <mybatis-plus-boot-starter.version>3.5.1</mybatis-plus-boot-starter.version>
    <commons.io.version>2.19.0</commons.io.version>
    <jasypt.version>3.0.5</jasypt.version>
    <bcprov.version>1.73</bcprov.version>
    <poi.version>4.1.2</poi.version>
    <jjwt.version>0.9.0</jjwt.version>
    <fastjson.version>2.0.58</fastjson.version>
    <fastdfs.version>1.27.2</fastdfs.version>
    <s3.version>1.11.792</s3.version>
</properties>

spring-boot-starter-parent version number is: 2.7.0, it is not recommended to replace with other versions due to configuration compatibility issues.

JAR Package List

Name	Version	Usage
spring-boot	2.7.0	Framework main version
spring-boot-starter-web	Same as main framework version	Web container
spring-boot-starter-test	Same as main framework version	Testing
spring-boot-configuration-processor	Same as main framework version	Metadata completion
spring-boot-starter-aop	Same as main framework version	Interceptor
spring-boot-devtools	Same as main framework version	Hot reload tool
spring-boot-starter-security	Same as main framework version	Security authentication
spring-boot-starter-data-redis	Same as main framework version	Data caching
spring-boot-starter-validation	Same as main framework version	Validation framework
lombok	1.18.24	Development utilities library
mybatis-plus-boot-starter	3.5.1	Persistence framework
mybatis-plus-extension	3.5.1	Persistence framework
mybatis-plus	3.5.1	Persistence framework
postgresql	42.3.5	Database driver
springdoc-openapi-ui	1.7.0	Documentation utility
springdoc-openapi-security	1.7.0	Documentation utility
jasypt-spring-boot-starter	3.0.5	Configuration encryption utility
bcprov-jdk15to18	1.73	Cryptographic library
fastjson2	2.0.58	JSON parser
mapstruct	1.5.1.Final	Code generation utility
mapstruct-processor	1.5.1.Final	Code generation utility
poi-ooxml	4.1.2	Excel tool
commons-io	2.19.0	Utility classes
commons-lang3	3.12.0	Utility classes
jjwt	0.9.0	JWT support
fastdfs-client	1.27.2	File storage
aws-java-sdk-s3	1.11.792	File storage

Naming Conventions

All object class names use PascalCase naming convention, no underscores, lowercase camel case, acronyms or other non-standard naming are not allowed.

Object	Use case	Naming convention
Form	Accept request data from frontend POST/PUT calls, validate with @Validated	Ends with Form
DTO	For service-to-service calls, complex data encapsulation or cross-layer data transfer	Ends with DTO
PO	Persistent layer object, mapped by MyBatis	Ends with PO
Query	Encapsulate pagination query parameters, must inherit BaseQuery	Ends with Query
VO	Data view object returned to the frontend	Ends with VO
Convert	Responsible for PO ↔ DTO ↔ VO conversion (implemented through MapStruct)	Ends with Convert
Mapper	Persistent layer, define database operation methods	Ends with Mapper
Service	Business logic interface	Ends with Service
ServiceImpl	Business logic implementation class, calling Mapper with transaction management	Ends with ServiceImpl
Controller	Provide RESTful API interface calls to Service and returns CommonResult<?>	Ends with Controller
Filter	Filter object	Ends with Filter
Config	System configuration class object	Ends with Config
Aspect	Logic aspect implementation object	Ends with Aspect
Properties	Properties configuration file	Ends with Properties
Constants	Constant object	Ends with Constants
Enum	Enumeration object	Ends with Enum

API Specification

Key principles for designing RESTful APIs

• GET /users/123 -> Get information of user with ID 123.
• POST /users -> Create a new user.
• PUT /users/123 -> Fully update user information with ID 123.
• DELETE /users/123 -> Delete the user with ID 123.

API Naming Conventions

Resource Naming Rule: Resources should be nouns and must not contain verbs.

Method Naming Rule:

• POST save -> A method to create a resource
• DELETE remove -> A method to remove a resource
• DELETE batchRemove -> A method to remove resources in bulk
• UPDATE edit -> A method to modify a resource
• GET get -> Method to retrieve a single resource details
• GET page -> Paginated query method
• GET listAll -> Method to list all resources (not paginated)
• GET export -> A method to export data

Request Header Format

Authentication is implemented using JWT, following example below would be the format for passing a token when querying a user:

POST http://127.0.0.1/system/users/listAll
Content-Type: application/json
Authorization: Bearer <jwt_token>

{
  "loginName": "zhangsan"
}

Code Standards [Incomplete]

Controller Layer

1. Mapping rules, global. each method.
2. Audit logs
3. Form validation
4. Return object format
5. Permission control
6. Documentation annotations
7. Method definition
8. Exception handling
9. Access rate limiting
10. Error codes
11. Data desensitization

Business Layer

1. Inheritance relationships
2. IService method list
3. Adding global common service
4. Business service addition
5. Transaction management
6. Pagination
7. Exception handling
8. Cache annotations

Persistence Layer

1. Inheritance relationships
2. BaseMapper method list
3. Adding global common Mapper
4. Business Mapper addition
5. Using custom SQL in Mapper
6. Using custom SQL in XML
7. Idempotent insert and save

Permission Guidelines [Incomplete]

1. Three usage scenarios
   1. Login and need authorization
   2. Login without authorization
   3. No login required (Link: whitelist documentation)
2. Annotation format
3. Maintenance and table correspondence of resource identifiers
4. Injection of permission interception method
5. Permission interception functions

Development Guidelines

1. Functionality or pages belonging to a specific user must implement permission validation
2. Sensitive user data is forbidden to be displayed directly, data must be masked before presentation
3. Any parameter passed from the user’s request must be validated for validity and length
4. Passwords in configuration files need encryption
5. Size limits and header feature code checks for uploaded files

Database Guidelines

Table Creation Standards

1. Table names and field names must use lowercase letters or numbers only, numbers cannot appear first

2. Table names must not be plural

3. Business tables must have default fields

   Business tables default fields, entities inherit SuperEntity, data filling completed automatically by framework

   Non-business tables, such as user role binding tables that don't need to record information like operator or timestamp, should have entities inherit SuperBaseEntity

   Column name	Data Type	Required	Default Value	Description
   id	int8	Yes		Primary key
   create_user_id	int8	Yes	now()	Creator's user ID
   create_time	timestamp(6)	Yes		Creation date
   update_user_id	int8	Yes		Updater's user ID
   update_time	timestamp(6)	Yes		Update time
   del_flag	int2	Yes	0	Deletion status (0 normal, 1 deleted)

4. In the database, physical deletion operations must not be used; logical deletion must be adopted.

5. Do not use the 'is_xxx' naming method for "yes/no" business fields, Data type: int2 (1 represents Yes, 0 represents No)

6. Business unique fields must create indexes

Common Field Types

Here are the commonly used field type settings

Field Name	Data Type	Java Type	Description
id	int8(64)	Long	Primary key, saves snowID
login_name	varchar(100)	String	Login account, string
sex	int2(16)	Integer	User sex (0 male, 1 female)
sort_by	int4(32)	Integer	Order index
brithday	date	java.util.Date	Date Type
create_time	timestamp	java.util.Date	Time Type
account_balance	numeric(15,2)	BigDecimal	Amount of money
details	text	String	Large text, such as logs or metadata

System Configuration Classes

Sensitive Data Masking Configuration (SensitiveJsonSerializer.java)

1. Use case
2. Annotation description
3. Code instance

Filter Configuration (FilterConfig.java)

1. Register the XSS filter

   ## Prevention of Cross-Site Scripting Attacks (XSS)
   xss:
      # Switch for the filter
      enabled: true
      # Excluded URLs (multiple separated by commas)
      excludes: /wechat/callback
      # Matched URL patterns
      urlPatterns: /*

2. Register the Referer filter

   ## Link Anti-leech Configuration
   referer:
      # Link anti-leech switch
      enabled: false
      # List of allowed access domains (separated by commas)
      allowed-domains: localhost,127.0.0.1

CORS Configuration (GlobalCorsConfig.java)

1. Use case
2. Configuration to allow cross-origin requests from specified domains

Serialization Configuration (JacksonConfig.java)

1. Use case: Format time strings
2. Description: Handling precision issues with primary keys

MybatisPlus Automatic Fill Configuration (MybatisPlusAutoConfigure.java)

1. Description of automatic filling attributes
2. Adding new fields to be filled automatically
3. Logic executed during field filling

MybatisPlus Configuration (MyBatisPlusConfig.java)

1. Setting the package scanning path
2. Plugin registration

Redis Configuration (RedisConfig.java)

1. Set RedisTemplate serialization method: Using String for serializing keys and JSON for serializing values. See the... section for more information on how to use the Redis utility class.

2. Set rate limiting script: This is a script implementing a token bucket algorithm for rate limiting. Please refer to the... section for details on how to use it.

   local key = KEYS[1] -- Rate limiting resource KEY
   local now = tonumber(ARGV[1]) -- Unix timestamp for current time (often provided by the client, such as `unixtime * 1000`)
   local ttl = tonumber(ARGV[2]) -- Time window in milliseconds used to set key expiration
   local expired = tonumber(ARGV[3]) -- Expiry time point timestamp (now - time window size)
   local max = tonumber(ARGV[4]) -- Maximum limit per time window
   
   -- 1. Remove all expired data (oldest entries from 0 to expired)
   redis.call('zremrangebyscore', key, 0, expired)
   
   -- 2. Get the number of elements left in the current window (requests in the most recent time window)
   local current = tonumber(redis.call('zcard', key))
   local next = current + 1
   
   -- 3. Determine if rate limit is exceeded
   if next > max then
     return 0; -- 0 indicates being rate limited
   else
     -- 4. If not exceeded - add the current timestamp as both member and score to the zset
     redis.call("zadd", key, now, now)
     -- 5. Give the zset a new TTL (time-to-live)
     redis.call("pexpire", key, ttl)
     return next -- Return current counter value
   end

3. Set annotation cache time

Set TTL time for cached annotations, see... for usage details of caching annotations

## Redis cache rule
redis:
  cache:
    configs:
      # Cache key is: vjsp_dict then validity period is 3600 seconds
      - key: vjsp_dict
        second: 3600
      # Cache key is: vjsp_config then validity period is 3600 seconds
      - key: vjsp_config
        second: 3600

SpringDoc Configuration Class (SpringDocConfig.java)

1. Enabling and disabling

2. Parameter descriptions

   ## SpringDoc Configuration
   springdoc:
     api-docs:
       path: /api-docs
       enabled: true
     swagger-ui:
       path: /swagger-ui.html
       enabled: true
       # Tag sorting method
       tags-sorter: alpha
       # Operation sorting method
       operations-sorter: alpha
       # Permanently maintain authentication status
       persistAuthorization: true
       # Hide models
       default-models-expand-depth: -1
     packages-to-scan: net.vjsp
     paths-to-match: /**
   
   
   # SpringDoc Custom Configuration
   app:
     info:
       title: VJSP API
       description: VJSP API Documentation
       version: 1.0.0
       contact:
         name: VJSP
         email: service@vjsp.cn
         url: https://www.vjsp.net

Thread Pool Configuration (ThreadPoolConfig.java)

1. Use case
2. System default thread pool's name and parameters
3. Example invocation code

Security Configuration (VjspSecurityConfig.java)

1. Injected content

Dependency Injection Utility Libraries

Redis Operation Utility Class

1. Use case
2. Method list + code example

Password Utility Class

1. Injection location, types of encryption available
2. Method list + code example

Static Method Utility Classes

Object Conversion Utility (Convert.java)

Desensitization Utility (DesensitizedUtils.java)

Dictionary Utility (DictUtils.java)

HTML Escaping Utility (EscapeUtils.java)

XSS Filtering Utility (HtmlUtils.java)

HTTP Request Utility (HttpHelper.java)

String Utility (StringUtils.java)

Date Utility (DateUtils.java)

File Utility (FileUtils.java)

IP Utility (IpUtils.java)

JSON Utility (JsonUtils.java)

JWT Utility (JwtUtils.java)

Authentication Utility (SecurityUtil.java)

Base64 Utility (Base64.java)

Secret Key Utility (KeyGeneratorUtils.java)

MD5 Utility (Md5Utils.java)

RSA Utility (RsaUtils.java)

SM4 Utility (SM4Utils.java)

Reflection Utility (ReflectUtils.java)

Excel Utility (ExcelUtils.java)

Spring Utility (SpringUtils.java)

Servlet Utility (ServletUtils.java)

User-Agent Utility (UserAgentUtils.java)