Week 1-8: Spring Boot 学习计划完整项目

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-29 23:45:17 +08:00
commit f95aa18724
201 changed files with 18595 additions and 0 deletions
--- a/week5/pom.xml
+++ b/week5/pom.xml
@@ -0,0 +1,106 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starter-parent</artifactId>
+        <version>3.2.5</version>
+        <relativePath/>
+    </parent>
+
+    <groupId>com.learn</groupId>
+    <artifactId>week5-security</artifactId>
+    <version>1.0.0</version>
+    <name>Week 5: Spring 全家桶核心组件</name>
+
+    <properties>
+        <java.version>17</java.version>
+        <mybatis-plus.version>3.5.6</mybatis-plus.version>
+        <jjwt.version>0.12.5</jjwt.version>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-data-jpa</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.baomidou</groupId>
+            <artifactId>mybatis-plus-spring-boot3-starter</artifactId>
+            <version>${mybatis-plus.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.mysql</groupId>
+            <artifactId>mysql-connector-j</artifactId>
+            <scope>runtime</scope>
+        </dependency>
+
+        <!-- Spring Security -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+
+        <!-- JWT -->
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-api</artifactId>
+            <version>${jjwt.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-impl</artifactId>
+            <version>${jjwt.version}</version>
+            <scope>runtime</scope>
+        </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-jackson</artifactId>
+            <version>${jjwt.version}</version>
+            <scope>runtime</scope>
+        </dependency>
+
+        <!-- Spring Cache + Redis -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-data-redis</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-cache</artifactId>
+        </dependency>
+
+        <!-- Actuator 监控 -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-actuator</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-validation</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+            </plugin>
+        </plugins>
+    </build>
+</project>
--- a/week5/sql/init.sql
+++ b/week5/sql/init.sql
@@ -0,0 +1,56 @@
+-- =============================================
+-- Week 5：学生管理系统 v2 数据库初始化
+-- 新增：users 表（认证）+ 逻辑删除 + RBAC
+-- =============================================
+
+CREATE DATABASE IF NOT EXISTS week5_student
+    DEFAULT CHARACTER SET utf8mb4
+    DEFAULT COLLATE utf8mb4_unicode_ci;
+
+USE week5_student;
+
+-- 学生表（增加 deleted 字段用于逻辑删除，第 7 天）
+DROP TABLE IF EXISTS student;
+CREATE TABLE student (
+    id          BIGINT       NOT NULL AUTO_INCREMENT  COMMENT '主键ID',
+    name        VARCHAR(20)  NOT NULL                 COMMENT '姓名',
+    age         INT          NOT NULL                 COMMENT '年龄',
+    email       VARCHAR(50)  NOT NULL                 COMMENT '邮箱',
+    score       INT          NOT NULL DEFAULT 0       COMMENT '成绩 0-100',
+    deleted     TINYINT      NOT NULL DEFAULT 0       COMMENT '逻辑删除 0-未删 1-已删',
+    create_time DATETIME     NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    update_time DATETIME     NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+    PRIMARY KEY (id),
+    INDEX idx_name (name),
+    INDEX idx_score (score)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='学生表';
+
+-- 用户表（Spring Security 认证用，第 2-3 天）
+DROP TABLE IF EXISTS users;
+CREATE TABLE users (
+    id          BIGINT       NOT NULL AUTO_INCREMENT,
+    username    VARCHAR(50)  NOT NULL UNIQUE           COMMENT '用户名',
+    password    VARCHAR(200) NOT NULL                  COMMENT 'BCrypt 加密后的密码',
+    role        VARCHAR(20)  NOT NULL DEFAULT 'USER'   COMMENT '角色：ADMIN / USER',
+    enabled     TINYINT      NOT NULL DEFAULT 1        COMMENT '是否启用',
+    create_time DATETIME     NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    PRIMARY KEY (id)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='用户表';
+
+-- 预置学生数据
+INSERT INTO student (name, age, email, score) VALUES
+('张三', 20, 'zhangsan@mail.com', 85),
+('李四', 22, 'lisi@mail.com',    92),
+('王五', 19, 'wangwu@mail.com',  78),
+('赵六', 21, 'zhaoliu@mail.com', 88),
+('孙七', 23, 'sunqi@mail.com',   95),
+('周八', 20, 'zhouba@mail.com',  73),
+('吴九', 22, 'wujiu@mail.com',   81),
+('郑十', 21, 'zhengshi@mail.com',90);
+
+-- 用户数据由应用启动时通过 Java 代码自动初始化（保证 BCrypt 哈希正确）
+-- 默认账号：admin / 123456（ADMIN）、user / 123456（USER）
+
+SELECT 'student' AS tbl, COUNT(*) AS cnt FROM student
+UNION ALL
+SELECT 'users', COUNT(*) FROM users;
--- a/week5/src/main/java/com/learn/Week5Application.java
+++ b/week5/src/main/java/com/learn/Week5Application.java
@@ -0,0 +1,13 @@
+package com.learn;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.cache.annotation.EnableCaching;
+
+@SpringBootApplication
+@EnableCaching               // 开启 Spring Cache（第 4 天）
+public class Week5Application {
+    public static void main(String[] args) {
+        SpringApplication.run(Week5Application.class, args);
+    }
+}
--- a/week5/src/main/java/com/learn/annotation/ScoreValidator.java
+++ b/week5/src/main/java/com/learn/annotation/ScoreValidator.java
@@ -0,0 +1,19 @@
+package com.learn.annotation;
+
+import jakarta.validation.ConstraintValidator;
+import jakarta.validation.ConstraintValidatorContext;
+
+/**
+ * @ValidScore 的校验逻辑实现
+ *
+ * isValid 方法返回 true 表示校验通过，false 表示校验失败。
+ * ConstraintValidatorContext 用于自定义错误消息。
+ */
+public class ScoreValidator implements ConstraintValidator<ValidScore, Integer> {
+
+    @Override
+    public boolean isValid(Integer value, ConstraintValidatorContext context) {
+        if (value == null) return true;   // null 由 @NotNull 处理
+        return value >= 0 && value <= 100;
+    }
+}
--- a/week5/src/main/java/com/learn/annotation/ValidScore.java
+++ b/week5/src/main/java/com/learn/annotation/ValidScore.java
@@ -0,0 +1,31 @@
+package com.learn.annotation;
+
+import jakarta.validation.Constraint;
+import jakarta.validation.Payload;
+import java.lang.annotation.*;
+
+/**
+ * 自定义校验注解（第 6 天）
+ *
+ * 功能等价于 @Min(0) @Max(100)，但演示了自定义注解的完整流程：
+ *   1. 定义注解 @ValidScore
+ *   2. 编写校验器 ScoreValidator（实现 ConstraintValidator）
+ *   3. 在实体类字段上使用 @ValidScore
+ *
+ * @Constraint(validatedBy = ...) 将注解和校验器绑定
+ */
+@Documented
+@Constraint(validatedBy = ScoreValidator.class)
+@Target({ElementType.FIELD, ElementType.PARAMETER})
+@Retention(RetentionPolicy.RUNTIME)
+public @interface ValidScore {
+
+    // 校验失败时的默认错误消息
+    String message() default "成绩必须在 0-100 之间";
+
+    // 分组校验（后续学习，此处用默认）
+    Class<?>[] groups() default {};
+
+    // Payload（扩展用，此处用默认）
+    Class<? extends Payload>[] payload() default {};
+}
--- a/week5/src/main/java/com/learn/config/DataInitializer.java
+++ b/week5/src/main/java/com/learn/config/DataInitializer.java
@@ -0,0 +1,41 @@
+package com.learn.config;
+
+import com.learn.entity.User;
+import com.learn.repository.jpa.UserRepository;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.boot.CommandLineRunner;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@Configuration
+public class DataInitializer implements CommandLineRunner {
+
+    private static final Logger log = LoggerFactory.getLogger(DataInitializer.class);
+    private final UserRepository userRepo;
+    private final PasswordEncoder encoder;
+
+    public DataInitializer(UserRepository userRepo, PasswordEncoder encoder) {
+        this.userRepo = userRepo;
+        this.encoder = encoder;
+    }
+
+    @Override
+    public void run(String... args) {
+        if (userRepo.count() > 0) return;  // 已有数据则跳过
+
+        User admin = new User();
+        admin.setUsername("admin");
+        admin.setPassword(encoder.encode("123456"));
+        admin.setRole("ADMIN");
+        userRepo.save(admin);
+
+        User user = new User();
+        user.setUsername("user");
+        user.setPassword(encoder.encode("123456"));
+        user.setRole("USER");
+        userRepo.save(user);
+
+        log.info("默认用户已创建: admin/123456 (ADMIN), user/123456 (USER)");
+    }
+}
--- a/week5/src/main/java/com/learn/config/MyBatisPlusConfig.java
+++ b/week5/src/main/java/com/learn/config/MyBatisPlusConfig.java
@@ -0,0 +1,21 @@
+package com.learn.config;
+
+import com.baomidou.mybatisplus.annotation.DbType;
+import com.baomidou.mybatisplus.extension.plugins.MybatisPlusInterceptor;
+import com.baomidou.mybatisplus.extension.plugins.inner.PaginationInnerInterceptor;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+public class MyBatisPlusConfig {
+
+    @Bean
+    public MybatisPlusInterceptor mybatisPlusInterceptor() {
+        MybatisPlusInterceptor interceptor = new MybatisPlusInterceptor();
+        PaginationInnerInterceptor p = new PaginationInnerInterceptor(DbType.MYSQL);
+        p.setOverflow(true);
+        p.setMaxLimit(100L);
+        interceptor.addInnerInterceptor(p);
+        return interceptor;
+    }
+}
--- a/week5/src/main/java/com/learn/config/SecurityConfig.java
+++ b/week5/src/main/java/com/learn/config/SecurityConfig.java
@@ -0,0 +1,66 @@
+package com.learn.config;
+
+import com.learn.security.JwtAuthFilter;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+/**
+ * Spring Security 配置（第 1-3 天）
+ *
+ * 核心设计：
+ *   1. 无状态会话（JWT，不依赖 Cookie/Session）
+ *   2. 自定义 JWT 过滤器在 UsernamePasswordAuthenticationFilter 之前执行
+ *   3. RBAC：ADMIN 可增删改，USER 只能查
+ *   4. 公开 /api/auth/** 和 Actuator 端点
+ */
+@Configuration
+@EnableWebSecurity
+@EnableMethodSecurity          // 开启方法级安全注解（第 3 天）
+public class SecurityConfig {
+
+    private final JwtAuthFilter jwtAuthFilter;
+
+    public SecurityConfig(JwtAuthFilter jwtAuthFilter) {
+        this.jwtAuthFilter = jwtAuthFilter;
+    }
+
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http
+            .csrf(csrf -> csrf.disable())                    // 前后端分离，禁用 CSRF
+            .sessionManagement(sm -> sm
+                .sessionCreationPolicy(SessionCreationPolicy.STATELESS))  // 无状态
+            .authorizeHttpRequests(auth -> auth
+                // 公开接口
+                .requestMatchers("/api/auth/**").permitAll()
+                .requestMatchers("/actuator/**").permitAll()
+                .requestMatchers("/", "/index.html", "/css/**", "/js/**").permitAll()
+                // 查询：USER 及以上
+                .requestMatchers(HttpMethod.GET, "/api/students/**").hasAnyRole("ADMIN", "USER")
+                // 增删改：仅 ADMIN（第 3 天 RBAC）
+                .requestMatchers(HttpMethod.POST, "/api/students/**").hasRole("ADMIN")
+                .requestMatchers(HttpMethod.PUT, "/api/students/**").hasRole("ADMIN")
+                .requestMatchers(HttpMethod.DELETE, "/api/students/**").hasRole("ADMIN")
+                // 其他请求需认证
+                .anyRequest().authenticated()
+            )
+            // 在用户名密码过滤器之前插入 JWT 过滤器
+            .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class);
+
+        return http.build();
+    }
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();   // BCrypt 加密，不可逆
+    }
+}
--- a/week5/src/main/java/com/learn/controller/AuthController.java
+++ b/week5/src/main/java/com/learn/controller/AuthController.java
@@ -0,0 +1,50 @@
+package com.learn.controller;
+
+import com.learn.dto.ApiResponse;
+import com.learn.dto.LoginRequest;
+import com.learn.service.AuthService;
+import jakarta.validation.Valid;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.Map;
+
+/**
+ * 认证接口（第 2 天）
+ *
+ * POST /api/auth/register  —— 注册
+ * POST /api/auth/login     —— 登录，返回 JWT
+ *
+ * 这些接口在 SecurityConfig 中设置了 permitAll()，无需认证即可访问。
+ */
+@RestController
+@RequestMapping("/api/auth")
+public class AuthController {
+
+    private final AuthService authService;
+
+    public AuthController(AuthService authService) {
+        this.authService = authService;
+    }
+
+    @PostMapping("/register")
+    public ResponseEntity<ApiResponse<Map<String, Object>>> register(@RequestBody Map<String, String> body) {
+        try {
+            Map<String, Object> result = authService.register(
+                    body.get("username"), body.get("password"));
+            return ResponseEntity.ok(ApiResponse.success("注册成功", result));
+        } catch (RuntimeException e) {
+            return ResponseEntity.badRequest().body(ApiResponse.badRequest(e.getMessage()));
+        }
+    }
+
+    @PostMapping("/login")
+    public ResponseEntity<ApiResponse<Map<String, Object>>> login(@Valid @RequestBody LoginRequest req) {
+        try {
+            Map<String, Object> result = authService.login(req);
+            return ResponseEntity.ok(ApiResponse.success("登录成功", result));
+        } catch (RuntimeException e) {
+            return ResponseEntity.status(401).body(ApiResponse.error(401, e.getMessage()));
+        }
+    }
+}
--- a/week5/src/main/java/com/learn/controller/StudentController.java
+++ b/week5/src/main/java/com/learn/controller/StudentController.java
@@ -0,0 +1,84 @@
+package com.learn.controller;
+
+import com.learn.dto.ApiResponse;
+import com.learn.entity.Student;
+import com.learn.service.StudentServiceSelector;
+import jakarta.validation.Valid;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.web.bind.annotation.*;
+
+import java.security.Principal;
+
+@RestController
+@RequestMapping("/api/students")
+public class StudentController {
+
+    private final StudentServiceSelector service;
+
+    public StudentController(StudentServiceSelector service) { this.service = service; }
+
+    // ---- 查询（USER + ADMIN 均可）----
+
+    @GetMapping
+    public ApiResponse<java.util.List<Student>> list(
+            @RequestParam(required = false) String keyword) {
+        java.util.List<Student> students = (keyword != null && !keyword.trim().isEmpty())
+                ? service.search(keyword) : service.list();
+        return ApiResponse.success(students)
+                .put("total", students.size())
+                .put("orm", service.getActiveMode());
+    }
+
+    @GetMapping("/{id}")
+    public ResponseEntity<ApiResponse<Student>> getById(@PathVariable Long id) {
+        Student s = service.getById(id);
+        if (s != null) return ResponseEntity.ok(ApiResponse.success(s));
+        return ResponseEntity.status(HttpStatus.NOT_FOUND)
+                .body(ApiResponse.notFound("学生不存在"));
+    }
+
+    @GetMapping("/stats/excellent")
+    public ApiResponse<Long> statsExcellent(@RequestParam(defaultValue = "85") int min) {
+        return ApiResponse.success(service.countExcellent(min));
+    }
+
+    // ---- 新增（仅 ADMIN）----
+
+    @PostMapping
+    public ResponseEntity<ApiResponse<Student>> add(@Valid @RequestBody Student student) {
+        return ResponseEntity.status(HttpStatus.CREATED)
+                .body(ApiResponse.created(service.add(student)));
+    }
+
+    // ---- 更新（仅 ADMIN）----
+
+    @PutMapping("/{id}")
+    public ResponseEntity<ApiResponse<Student>> update(
+            @PathVariable Long id, @Valid @RequestBody Student student) {
+        return service.update(id, student)
+                .map(u -> ResponseEntity.ok(ApiResponse.success("更新成功", u)))
+                .orElse(ResponseEntity.status(HttpStatus.NOT_FOUND)
+                        .body(ApiResponse.notFound("学生不存在")));
+    }
+
+    // ---- 删除（仅 ADMIN，MP 模式下为逻辑删除）----
+
+    @DeleteMapping("/{id}")
+    @PreAuthorize("hasRole('ADMIN')")    // 方法级权限控制（第 3 天）
+    public ResponseEntity<ApiResponse<?>> delete(@PathVariable Long id) {
+        return service.delete(id)
+                ? ResponseEntity.ok(ApiResponse.success("删除成功", null))
+                : ResponseEntity.status(HttpStatus.NOT_FOUND)
+                        .body(ApiResponse.notFound("学生不存在"));
+    }
+
+    // ---- 当前用户信息 ----
+
+    @GetMapping("/me")
+    public ApiResponse<String> me(Principal principal) {
+        return ApiResponse.success("当前用户: " + principal.getName()
+                + " | ORM: " + service.getActiveMode());
+    }
+}
--- a/week5/src/main/java/com/learn/dto/ApiResponse.java
+++ b/week5/src/main/java/com/learn/dto/ApiResponse.java
@@ -0,0 +1,33 @@
+package com.learn.dto;
+
+import java.util.HashMap;
+import java.util.Map;
+
+public class ApiResponse<T> {
+    private int code;
+    private String message;
+    private T data;
+    private Map<String, Object> extra;
+
+    public static <T> ApiResponse<T> success(T data) { return build(200, "success", data); }
+    public static <T> ApiResponse<T> success(String msg, T data) { return build(200, msg, data); }
+    public static <T> ApiResponse<T> created(T data) { return build(201, "创建成功", data); }
+    public static <T> ApiResponse<T> error(int code, String msg) { return build(code, msg, null); }
+    public static <T> ApiResponse<T> notFound(String msg) { return error(404, msg); }
+    public static <T> ApiResponse<T> badRequest(String msg) { return error(400, msg); }
+
+    public ApiResponse<T> put(String key, Object value) {
+        if (extra == null) extra = new HashMap<>();
+        extra.put(key, value); return this;
+    }
+
+    private static <T> ApiResponse<T> build(int code, String msg, T data) {
+        ApiResponse<T> r = new ApiResponse<>();
+        r.code = code; r.message = msg; r.data = data; return r;
+    }
+
+    public int getCode() { return code; }
+    public String getMessage() { return message; }
+    public T getData() { return data; }
+    public Map<String, Object> getExtra() { return extra; }
+}
--- a/week5/src/main/java/com/learn/dto/LoginRequest.java
+++ b/week5/src/main/java/com/learn/dto/LoginRequest.java
@@ -0,0 +1,15 @@
+package com.learn.dto;
+
+import jakarta.validation.constraints.NotBlank;
+
+public class LoginRequest {
+    @NotBlank(message = "用户名不能为空")
+    private String username;
+    @NotBlank(message = "密码不能为空")
+    private String password;
+
+    public String getUsername() { return username; }
+    public void setUsername(String username) { this.username = username; }
+    public String getPassword() { return password; }
+    public void setPassword(String password) { this.password = password; }
+}
--- a/week5/src/main/java/com/learn/entity/Student.java
+++ b/week5/src/main/java/com/learn/entity/Student.java
@@ -0,0 +1,77 @@
+package com.learn.entity;
+
+import com.baomidou.mybatisplus.annotation.*;
+import jakarta.persistence.*;
+import jakarta.validation.constraints.*;
+import java.io.Serializable;
+import java.time.LocalDateTime;
+
+@Entity
+@Table(name = "student")
+@TableName("student")
+public class Student implements Serializable {
+    private static final long serialVersionUID = 1L;
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    @TableId(type = IdType.AUTO)
+    private Long id;
+
+    @NotBlank(message = "姓名不能为空")
+    @Size(min = 1, max = 20)
+    @Column(name = "name", length = 20, nullable = false)
+    @TableField("name")
+    private String name;
+
+    @Min(1) @Max(150)
+    @Column(name = "age", nullable = false)
+    @TableField("age")
+    private int age;
+
+    @NotBlank @Email
+    @Column(name = "email", length = 50, nullable = false)
+    @TableField("email")
+    private String email;
+
+    @com.learn.annotation.ValidScore          // 第 6 天：自定义校验注解
+    @Column(name = "score", nullable = false)
+    @TableField("score")
+    private int score;
+
+    /** 逻辑删除标记（第 7 天）: 0=未删, 1=已删 */
+    @TableLogic                              // MyBatis-Plus 逻辑删除
+    @Column(name = "deleted")
+    @TableField("deleted")
+    private Integer deleted = 0;
+
+    @Column(name = "create_time", insertable = false, updatable = false)
+    @TableField("create_time")
+    private LocalDateTime createTime;
+
+    @Column(name = "update_time", insertable = false, updatable = false)
+    @TableField("update_time")
+    private LocalDateTime updateTime;
+
+    public Student() {}
+
+    public Student(Long id, String name, int age, String email, int score) {
+        this.id = id; this.name = name; this.age = age; this.email = email; this.score = score;
+    }
+
+    public Long getId() { return id; }
+    public void setId(Long id) { this.id = id; }
+    public String getName() { return name; }
+    public void setName(String name) { this.name = name; }
+    public int getAge() { return age; }
+    public void setAge(int age) { this.age = age; }
+    public String getEmail() { return email; }
+    public void setEmail(String email) { this.email = email; }
+    public int getScore() { return score; }
+    public void setScore(int score) { this.score = score; }
+    public Integer getDeleted() { return deleted; }
+    public void setDeleted(Integer deleted) { this.deleted = deleted; }
+    public LocalDateTime getCreateTime() { return createTime; }
+    public void setCreateTime(LocalDateTime createTime) { this.createTime = createTime; }
+    public LocalDateTime getUpdateTime() { return updateTime; }
+    public void setUpdateTime(LocalDateTime updateTime) { this.updateTime = updateTime; }
+}
--- a/week5/src/main/java/com/learn/entity/User.java
+++ b/week5/src/main/java/com/learn/entity/User.java
@@ -0,0 +1,44 @@
+package com.learn.entity;
+
+import jakarta.persistence.*;
+import java.io.Serializable;
+import java.time.LocalDateTime;
+
+@Entity
+@Table(name = "users")
+public class User implements Serializable {
+    private static final long serialVersionUID = 1L;
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Long id;
+
+    @Column(nullable = false, unique = true, length = 50)
+    private String username;
+
+    @Column(nullable = false, length = 200)
+    private String password;   // BCrypt 加密后的密文
+
+    @Column(nullable = false, length = 20)
+    private String role;       // ADMIN / USER（第 3 天 RBAC）
+
+    @Column(nullable = false)
+    private Integer enabled = 1;
+
+    @Column(name = "create_time", insertable = false, updatable = false)
+    private LocalDateTime createTime;
+
+    public User() {}
+
+    public Long getId() { return id; }
+    public void setId(Long id) { this.id = id; }
+    public String getUsername() { return username; }
+    public void setUsername(String username) { this.username = username; }
+    public String getPassword() { return password; }
+    public void setPassword(String password) { this.password = password; }
+    public String getRole() { return role; }
+    public void setRole(String role) { this.role = role; }
+    public Integer getEnabled() { return enabled; }
+    public void setEnabled(Integer enabled) { this.enabled = enabled; }
+    public LocalDateTime getCreateTime() { return createTime; }
+}
--- a/week5/src/main/java/com/learn/exception/GlobalExceptionHandler.java
+++ b/week5/src/main/java/com/learn/exception/GlobalExceptionHandler.java
@@ -0,0 +1,43 @@
+package com.learn.exception;
+
+import com.learn.dto.ApiResponse;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.web.bind.MethodArgumentNotValidException;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.bind.annotation.RestControllerAdvice;
+
+import java.util.stream.Collectors;
+
+@RestControllerAdvice
+public class GlobalExceptionHandler {
+
+    private static final Logger log = LoggerFactory.getLogger(GlobalExceptionHandler.class);
+
+    /** 参数校验失败 */
+    @ExceptionHandler(MethodArgumentNotValidException.class)
+    public ResponseEntity<ApiResponse<?>> handleValidation(MethodArgumentNotValidException ex) {
+        String detail = ex.getBindingResult().getFieldErrors().stream()
+                .map(e -> e.getField() + ": " + e.getDefaultMessage())
+                .collect(Collectors.joining("; "));
+        return ResponseEntity.badRequest().body(ApiResponse.badRequest("参数校验失败: " + detail));
+    }
+
+    /** 权限不足（第 3 天） */
+    @ExceptionHandler(AccessDeniedException.class)
+    public ResponseEntity<ApiResponse<?>> handleAccessDenied(AccessDeniedException ex) {
+        return ResponseEntity.status(HttpStatus.FORBIDDEN)
+                .body(ApiResponse.error(403, "权限不足: 只有 ADMIN 可以执行此操作"));
+    }
+
+    /** 兜底 */
+    @ExceptionHandler(Exception.class)
+    public ResponseEntity<ApiResponse<?>> handleAll(Exception ex) {
+        log.error("未处理异常", ex);
+        return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
+                .body(ApiResponse.error(500, "服务器错误: " + ex.getMessage()));
+    }
+}
--- a/week5/src/main/java/com/learn/repository/jpa/StudentJpaRepository.java
+++ b/week5/src/main/java/com/learn/repository/jpa/StudentJpaRepository.java
@@ -0,0 +1,21 @@
+package com.learn.repository.jpa;
+
+import com.learn.entity.Student;
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Query;
+import org.springframework.data.repository.query.Param;
+import org.springframework.stereotype.Repository;
+
+import java.util.List;
+
+@Repository
+public interface StudentJpaRepository extends JpaRepository<Student, Long> {
+
+    List<Student> findByNameContaining(String keyword);
+
+    @Query("SELECT s FROM Student s WHERE (s.name LIKE %:kw% OR s.email LIKE %:kw%) AND s.deleted = 0")
+    List<Student> search(@Param("kw") String keyword);
+
+    @Query("SELECT s FROM Student s WHERE s.score >= :min AND s.deleted = 0 ORDER BY s.score DESC")
+    List<Student> excellent(@Param("min") int minScore);
+}
--- a/week5/src/main/java/com/learn/repository/jpa/UserRepository.java
+++ b/week5/src/main/java/com/learn/repository/jpa/UserRepository.java
@@ -0,0 +1,13 @@
+package com.learn.repository.jpa;
+
+import com.learn.entity.User;
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.stereotype.Repository;
+
+import java.util.Optional;
+
+@Repository
+public interface UserRepository extends JpaRepository<User, Long> {
+    Optional<User> findByUsername(String username);
+    boolean existsByUsername(String username);
+}
--- a/week5/src/main/java/com/learn/repository/mp/StudentMapper.java
+++ b/week5/src/main/java/com/learn/repository/mp/StudentMapper.java
@@ -0,0 +1,9 @@
+package com.learn.repository.mp;
+
+import com.baomidou.mybatisplus.core.mapper.BaseMapper;
+import com.learn.entity.Student;
+import org.apache.ibatis.annotations.Mapper;
+
+@Mapper
+public interface StudentMapper extends BaseMapper<Student> {
+}
--- a/week5/src/main/java/com/learn/security/JwtAuthFilter.java
+++ b/week5/src/main/java/com/learn/security/JwtAuthFilter.java
@@ -0,0 +1,79 @@
+package com.learn.security;
+
+import com.learn.entity.User;
+import com.learn.repository.jpa.UserRepository;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+import java.util.List;
+import java.util.Optional;
+
+/**
+ * JWT 认证过滤器（第 2 天）
+ *
+ * 每个请求到达时，从 Authorization 头提取 JWT Token，
+ * 解析出用户名和角色，设置到 Spring Security 上下文中。
+ *
+ * OncePerRequestFilter：保证每个请求只过滤一次。
+ */
+@Component
+public class JwtAuthFilter extends OncePerRequestFilter {
+
+    private final JwtUtil jwtUtil;
+    private final UserRepository userRepo;
+
+    public JwtAuthFilter(JwtUtil jwtUtil, UserRepository userRepo) {
+        this.jwtUtil = jwtUtil;
+        this.userRepo = userRepo;
+    }
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request,
+                                    HttpServletResponse response,
+                                    FilterChain chain) throws ServletException, IOException {
+        // 1. 提取 Token
+        String token = extractToken(request);
+        if (token == null || !jwtUtil.validateToken(token)) {
+            chain.doFilter(request, response);
+            return;
+        }
+
+        // 2. 解析用户名
+        String username = jwtUtil.getUsername(token);
+
+        // 3. 查数据库确认用户仍存在且启用
+        Optional<User> userOpt = userRepo.findByUsername(username);
+        if (userOpt.isEmpty() || userOpt.get().getEnabled() == 0) {
+            chain.doFilter(request, response);
+            return;
+        }
+
+        // 4. 将认证信息设置到 Spring Security 上下文
+        String role = jwtUtil.getRole(token);
+        List<SimpleGrantedAuthority> authorities = List.of(
+                new SimpleGrantedAuthority("ROLE_" + role)
+        );
+
+        UsernamePasswordAuthenticationToken auth =
+                new UsernamePasswordAuthenticationToken(username, null, authorities);
+        SecurityContextHolder.getContext().setAuthentication(auth);
+
+        chain.doFilter(request, response);
+    }
+
+    private String extractToken(HttpServletRequest request) {
+        String header = request.getHeader("Authorization");
+        if (header != null && header.startsWith("Bearer ")) {
+            return header.substring(7).trim();
+        }
+        return null;
+    }
+}
--- a/week5/src/main/java/com/learn/security/JwtUtil.java
+++ b/week5/src/main/java/com/learn/security/JwtUtil.java
@@ -0,0 +1,81 @@
+package com.learn.security;
+
+import io.jsonwebtoken.*;
+import io.jsonwebtoken.security.Keys;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+
+import javax.crypto.SecretKey;
+import java.nio.charset.StandardCharsets;
+import java.util.Date;
+
+/**
+ * JWT 工具类（第 2 天）
+ *
+ * 三个核心方法：
+ *   generateToken(username, role) → 生成 Token
+ *   getUsername(token)            → 从 Token 解析用户名
+ *   validateToken(token)          → 验证 Token 是否有效
+ *
+ * JWT 结构：header.payload.signature
+ *   header:  {"alg": "HS256"}
+ *   payload: {"sub": "admin", "role": "ADMIN", "exp": 1234567890}
+ *   signature: HMAC-SHA256(header + "." + payload, secret)
+ */
+@Component
+public class JwtUtil {
+
+    private final SecretKey key;
+    private final long expiration;
+
+    public JwtUtil(@Value("${jwt.secret}") String secret,
+                   @Value("${jwt.expiration}") long expiration) {
+        // 确保密钥至少 256 位（32 字节）
+        String paddedSecret = secret;
+        if (paddedSecret.length() < 32) {
+            paddedSecret = String.format("%-32s", secret).replace(' ', '0');
+        }
+        this.key = Keys.hmacShaKeyFor(paddedSecret.getBytes(StandardCharsets.UTF_8));
+        this.expiration = expiration;
+    }
+
+    /** 生成 Token */
+    public String generateToken(String username, String role) {
+        Date now = new Date();
+        return Jwts.builder()
+                .subject(username)
+                .claim("role", role)
+                .issuedAt(now)
+                .expiration(new Date(now.getTime() + expiration))
+                .signWith(key)
+                .compact();
+    }
+
+    /** 从 Token 中提取用户名 */
+    public String getUsername(String token) {
+        return parse(token).getSubject();
+    }
+
+    /** 从 Token 中提取角色 */
+    public String getRole(String token) {
+        return parse(token).get("role", String.class);
+    }
+
+    /** 验证 Token 是否有效 */
+    public boolean validateToken(String token) {
+        try {
+            parse(token);
+            return true;
+        } catch (JwtException | IllegalArgumentException e) {
+            return false;
+        }
+    }
+
+    private Claims parse(String token) {
+        return Jwts.parser()
+                .verifyWith(key)
+                .build()
+                .parseSignedClaims(token)
+                .getPayload();
+    }
+}
--- a/week5/src/main/java/com/learn/service/AuthService.java
+++ b/week5/src/main/java/com/learn/service/AuthService.java
@@ -0,0 +1,70 @@
+package com.learn.service;
+
+import com.learn.dto.LoginRequest;
+import com.learn.entity.User;
+import com.learn.repository.jpa.UserRepository;
+import com.learn.security.JwtUtil;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.stereotype.Service;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * 认证服务（第 2-3 天）
+ *
+ * 注册：创建用户（BCrypt 加密密码）
+ * 登录：验证密码 → 签发 JWT
+ */
+@Service
+public class AuthService {
+
+    private final UserRepository userRepo;
+    private final PasswordEncoder encoder;
+    private final JwtUtil jwtUtil;
+
+    public AuthService(UserRepository userRepo, PasswordEncoder encoder, JwtUtil jwtUtil) {
+        this.userRepo = userRepo;
+        this.encoder = encoder;
+        this.jwtUtil = jwtUtil;
+    }
+
+    /** 注册（默认 USER 角色） */
+    public Map<String, Object> register(String username, String password) {
+        if (userRepo.existsByUsername(username)) {
+            throw new RuntimeException("用户名已存在");
+        }
+        User user = new User();
+        user.setUsername(username);
+        user.setPassword(encoder.encode(password));   // BCrypt 加密
+        user.setRole("USER");
+        userRepo.save(user);
+
+        String token = jwtUtil.generateToken(username, "USER");
+        Map<String, Object> result = new HashMap<>();
+        result.put("token", token);
+        result.put("role", "USER");
+        return result;
+    }
+
+    /** 登录 */
+    public Map<String, Object> login(LoginRequest req) {
+        User user = userRepo.findByUsername(req.getUsername())
+                .orElseThrow(() -> new RuntimeException("用户名或密码错误"));
+
+        if (!encoder.matches(req.getPassword(), user.getPassword())) {
+            throw new RuntimeException("用户名或密码错误");
+        }
+
+        if (user.getEnabled() == 0) {
+            throw new RuntimeException("账号已被禁用");
+        }
+
+        String token = jwtUtil.generateToken(user.getUsername(), user.getRole());
+        Map<String, Object> result = new HashMap<>();
+        result.put("token", token);
+        result.put("role", user.getRole());
+        result.put("username", user.getUsername());
+        return result;
+    }
+}
--- a/week5/src/main/java/com/learn/service/StudentServiceSelector.java
+++ b/week5/src/main/java/com/learn/service/StudentServiceSelector.java
@@ -0,0 +1,44 @@
+package com.learn.service;
+
+import com.learn.entity.Student;
+import com.learn.service.jpa.StudentJpaService;
+import com.learn.service.mp.StudentMpService;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Service;
+
+import java.util.List;
+import java.util.Optional;
+
+@Service
+public class StudentServiceSelector {
+
+    private final StudentJpaService jpa;
+    private final StudentMpService mp;
+
+    @Value("${orm.mode:jpa}")
+    private String mode;
+
+    public StudentServiceSelector(StudentJpaService jpa, StudentMpService mp) {
+        this.jpa = jpa; this.mp = mp;
+    }
+
+    private boolean useJpa() { return !"mp".equalsIgnoreCase(mode); }
+
+    public Student add(Student s) { return useJpa() ? jpa.add(s) : mp.add(s); }
+
+    public List<Student> list() { return useJpa() ? jpa.list() : mp.list(); }
+
+    public Student getById(Long id) { return useJpa() ? jpa.getById(id) : mp.getById(id); }
+
+    public List<Student> search(String kw) { return useJpa() ? jpa.search(kw) : mp.search(kw); }
+
+    public Optional<Student> update(Long id, Student s) { return useJpa() ? jpa.update(id, s) : mp.update(id, s); }
+
+    public boolean delete(Long id) { return useJpa() ? jpa.delete(id) : mp.delete(id); }
+
+    public long count() { return useJpa() ? jpa.count() : mp.count(); }
+
+    public long countExcellent(int min) { return useJpa() ? jpa.countExcellent(min) : mp.countExcellent(min); }
+
+    public String getActiveMode() { return useJpa() ? "JPA" : "MyBatis-Plus"; }
+}
--- a/week5/src/main/java/com/learn/service/jpa/StudentJpaService.java
+++ b/week5/src/main/java/com/learn/service/jpa/StudentJpaService.java
@@ -0,0 +1,60 @@
+package com.learn.service.jpa;
+
+import com.learn.entity.Student;
+import com.learn.repository.jpa.StudentJpaRepository;
+import org.springframework.cache.annotation.CacheEvict;
+import org.springframework.cache.annotation.Cacheable;
+import org.springframework.data.domain.Sort;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import java.util.List;
+import java.util.Optional;
+
+@Service
+public class StudentJpaService {
+
+    private final StudentJpaRepository repo;
+
+    public StudentJpaService(StudentJpaRepository repo) { this.repo = repo; }
+
+    @Transactional
+    @CacheEvict(value = "students", allEntries = true)  // 新增时清空缓存
+    public Student add(Student s) { return repo.save(s); }
+
+    @Transactional(readOnly = true)
+    @Cacheable(value = "students", key = "'list'")       // 缓存查询结果
+    public List<Student> list() { return repo.findAll(Sort.by(Sort.Direction.DESC, "score")); }
+
+    @Transactional(readOnly = true)
+    @Cacheable(value = "students", key = "#id")
+    public Student getById(Long id) { return repo.findById(id).orElse(null); }
+
+    @Transactional(readOnly = true)
+    public List<Student> search(String kw) { return repo.search(kw); }
+
+    @Transactional
+    @CacheEvict(value = "students", allEntries = true)
+    public Optional<Student> update(Long id, Student updated) {
+        return repo.findById(id).map(existing -> {
+            if (updated.getName() != null) existing.setName(updated.getName());
+            if (updated.getAge() > 0) existing.setAge(updated.getAge());
+            if (updated.getEmail() != null) existing.setEmail(updated.getEmail());
+            if (updated.getScore() >= 0) existing.setScore(updated.getScore());
+            return repo.save(existing);
+        });
+    }
+
+    @Transactional
+    @CacheEvict(value = "students", allEntries = true)
+    public boolean delete(Long id) {
+        if (repo.existsById(id)) { repo.deleteById(id); return true; }
+        return false;
+    }
+
+    @Transactional(readOnly = true)
+    public long count() { return repo.count(); }
+
+    @Transactional(readOnly = true)
+    public long countExcellent(int min) { return repo.excellent(min).size(); }
+}
--- a/week5/src/main/java/com/learn/service/mp/StudentMpService.java
+++ b/week5/src/main/java/com/learn/service/mp/StudentMpService.java
@@ -0,0 +1,77 @@
+package com.learn.service.mp;
+
+import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
+import com.learn.entity.Student;
+import com.learn.repository.mp.StudentMapper;
+import org.springframework.cache.annotation.CacheEvict;
+import org.springframework.cache.annotation.Cacheable;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import java.util.List;
+import java.util.Optional;
+
+@Service
+public class StudentMpService {
+
+    private final StudentMapper mapper;
+
+    public StudentMpService(StudentMapper mapper) { this.mapper = mapper; }
+
+    @Transactional
+    @CacheEvict(value = "students", allEntries = true)
+    public Student add(Student s) { mapper.insert(s); return s; }
+
+    @Transactional(readOnly = true)
+    @Cacheable(value = "students", key = "'list'")
+    public List<Student> list() {
+        LambdaQueryWrapper<Student> w = new LambdaQueryWrapper<>();
+        w.orderByDesc(Student::getScore);
+        return mapper.selectList(w);
+    }
+
+    @Transactional(readOnly = true)
+    @Cacheable(value = "students", key = "#id")
+    public Student getById(Long id) {
+        return mapper.selectById(id);
+    }
+
+    @Transactional(readOnly = true)
+    public List<Student> search(String kw) {
+        LambdaQueryWrapper<Student> w = new LambdaQueryWrapper<>();
+        w.like(Student::getName, kw).or().like(Student::getEmail, kw);
+        w.orderByDesc(Student::getScore);
+        return mapper.selectList(w);
+    }
+
+    @Transactional
+    @CacheEvict(value = "students", allEntries = true)
+    public Optional<Student> update(Long id, Student updated) {
+        Student existing = mapper.selectById(id);
+        if (existing == null) return Optional.empty();
+        if (updated.getName() != null) existing.setName(updated.getName());
+        if (updated.getAge() > 0) existing.setAge(updated.getAge());
+        if (updated.getEmail() != null) existing.setEmail(updated.getEmail());
+        if (updated.getScore() >= 0) existing.setScore(updated.getScore());
+        mapper.updateById(existing);
+        return Optional.of(existing);
+    }
+
+    @Transactional
+    @CacheEvict(value = "students", allEntries = true)
+    public boolean delete(Long id) {
+        return mapper.deleteById(id) > 0;  // 逻辑删除：MP 自动将 deleted 设为 1
+    }
+
+    @Transactional(readOnly = true)
+    public long count() {
+        return mapper.selectCount(null);
+    }
+
+    @Transactional(readOnly = true)
+    public long countExcellent(int min) {
+        LambdaQueryWrapper<Student> w = new LambdaQueryWrapper<>();
+        w.ge(Student::getScore, min);
+        return mapper.selectCount(w);
+    }
+}
--- a/week5/src/main/resources/application.yml
+++ b/week5/src/main/resources/application.yml
@@ -0,0 +1,69 @@
+spring:
+  application:
+    name: week5-security
+
+  datasource:
+    url: jdbc:mysql://localhost:3306/week5_student?useUnicode=true&characterEncoding=utf-8&serverTimezone=Asia/Shanghai
+    username: root
+    password: 1365957941@Wfj
+    driver-class-name: com.mysql.cj.jdbc.Driver
+
+  jpa:
+    hibernate:
+      ddl-auto: none
+    show-sql: true
+    properties:
+      hibernate:
+        format_sql: true
+        dialect: org.hibernate.dialect.MySQLDialect
+
+  # Redis（第 4 天，本地未安装 Redis 时可注释掉）
+  data:
+    redis:
+      host: localhost
+      port: 6379
+      password: 1365957941@Wfj
+      timeout: 3000ms
+
+  cache:
+    type: redis
+    redis:
+      time-to-live: 60000      # 缓存有效期 60 秒
+      cache-null-values: false
+
+mybatis-plus:
+  configuration:
+    log-impl: org.apache.ibatis.logging.stdout.StdOutImpl
+    map-underscore-to-camel-case: true
+  global-config:
+    db-config:
+      id-type: auto
+      logic-delete-field: deleted     # 逻辑删除字段（第 7 天）
+      logic-delete-value: 1           # 已删除 = 1
+      logic-not-delete-value: 0       # 未删除 = 0
+
+# JWT 配置
+jwt:
+  secret: week5-jwt-secret-key-for-student-management-system
+  expiration: 86400000               # 24 小时（毫秒）
+
+# Actuator（第 5 天）
+management:
+  endpoints:
+    web:
+      exposure:
+        include: health,info,beans,env,mappings
+  endpoint:
+    health:
+      show-details: always
+
+# ORM 模式
+orm:
+  mode: jpa
+
+logging:
+  level:
+    com.learn: DEBUG
+
+server:
+  port: 8080
--- a/week5/src/main/resources/static/css/style.css
+++ b/week5/src/main/resources/static/css/style.css
@@ -0,0 +1,149 @@
+/* ========== 基础重置 ========== */
+*, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
+
+body {
+    font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", "PingFang SC", "Microsoft YaHei", sans-serif;
+    background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
+    min-height: 100vh; padding: 20px; color: #333;
+}
+
+.container {
+    max-width: 1100px; margin: 0 auto;
+}
+
+/* ========== 头部 ========== */
+header {
+    text-align: center; padding: 30px 20px 20px;
+}
+header h1 { font-size: 2em; color: #fff; margin-bottom: 6px; }
+.subtitle { color: rgba(255,255,255,0.75); font-size: 0.95em; }
+
+.main-header {
+    display: flex; justify-content: space-between; align-items: center;
+    padding: 20px; background: #fff; border-radius: 12px 12px 0 0;
+    box-shadow: 0 2px 8px rgba(0,0,0,0.1);
+}
+.main-header h1 { font-size: 1.4em; color: #333; margin-bottom: 0; }
+.main-header .subtitle { color: #999; margin-top: 2px; }
+
+/* ========== 登录/注册卡片 ========== */
+.login-card {
+    background: #fff; border-radius: 12px; padding: 36px 30px;
+    max-width: 420px; margin: 0 auto;
+    box-shadow: 0 8px 32px rgba(0,0,0,0.12);
+}
+.login-card h2 { font-size: 1.3em; margin-bottom: 18px; color: #333; }
+.hint { color: #999; font-size: 0.85em; margin-bottom: 14px; }
+.hint.small { font-size: 0.8em; text-align: center; }
+.hint a { color: #667eea; text-decoration: none; }
+
+/* ========== 表单 ========== */
+.form-group { margin-bottom: 14px; }
+.form-group label { display: block; font-size: 0.85em; color: #666; margin-bottom: 4px; font-weight: 500; }
+.form-group input, .form-group select {
+    width: 100%; padding: 10px 12px; border: 1.5px solid #e0e0e0;
+    border-radius: 8px; font-size: 0.95em; transition: border-color 0.2s;
+}
+.form-group input:focus {
+    outline: none; border-color: #667eea; box-shadow: 0 0 0 3px rgba(102,126,234,0.15);
+}
+.form-row { display: flex; gap: 12px; }
+.form-row .form-group { flex: 1; }
+
+/* ========== 按钮 ========== */
+.btn {
+    display: inline-flex; align-items: center; justify-content: center;
+    padding: 10px 20px; border: none; border-radius: 8px; font-size: 0.93em;
+    cursor: pointer; transition: all 0.2s; text-decoration: none;
+}
+.btn-primary { background: #667eea; color: #fff; }
+.btn-primary:hover { background: #5a6fd6; }
+.btn-outline { background: #fff; color: #667eea; border: 1.5px solid #667eea; }
+.btn-outline:hover { background: #f0f2ff; }
+.btn-danger { background: #e74c3c; color: #fff; padding: 5px 12px; font-size: 0.82em; }
+.btn-danger:hover { background: #c0392b; }
+.btn-edit { background: #2ecc71; color: #fff; padding: 5px 12px; font-size: 0.82em; margin-right: 6px; }
+.btn-edit:hover { background: #27ae60; }
+.btn-sm { padding: 6px 14px; font-size: 0.82em; }
+.btn-block { display: block; width: 100%; }
+
+/* ========== 工具栏 ========== */
+.toolbar {
+    background: #fff; padding: 14px 20px; display: flex; gap: 10px;
+    border-top: 1px solid #f0f0f0; align-items: center;
+}
+.toolbar input {
+    flex: 1; padding: 9px 12px; border: 1.5px solid #e0e0e0; border-radius: 8px;
+    font-size: 0.93em;
+}
+.toolbar input:focus { outline: none; border-color: #667eea; }
+
+/* ========== 表格 ========== */
+.table-wrap {
+    background: #fff; padding: 0 20px 20px; overflow-x: auto;
+}
+table { width: 100%; border-collapse: collapse; font-size: 0.93em; }
+thead th {
+    text-align: left; padding: 12px 10px; border-bottom: 2px solid #667eea;
+    color: #667eea; font-weight: 600; white-space: nowrap;
+}
+tbody td {
+    padding: 12px 10px; border-bottom: 1px solid #f0f0f0;
+}
+tbody tr:hover { background: #f8f9ff; }
+.loading, .empty { text-align: center; color: #999; padding: 40px 0 !important; }
+
+/* ========== 成绩徽章 ========== */
+.badge {
+    display: inline-block; padding: 3px 10px; border-radius: 12px;
+    font-size: 0.82em; font-weight: 600; color: #fff;
+}
+.badge-excellent { background: #2ecc71; }
+.badge-good { background: #3498db; }
+.badge-normal { background: #f39c12; }
+.badge-poor { background: #e74c3c; }
+
+/* ========== 统计卡片 ========== */
+.stats {
+    background: #fff; padding: 16px 20px; border-radius: 0 0 12px 12px;
+    display: flex; gap: 14px; border-top: 1px solid #f0f0f0;
+    box-shadow: 0 2px 8px rgba(0,0,0,0.1);
+}
+.stat-card {
+    flex: 1; text-align: center; padding: 14px 10px; border-radius: 8px;
+    background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
+}
+.stat-value { display: block; font-size: 1.6em; font-weight: 700; color: #fff; }
+.stat-label { display: block; font-size: 0.78em; color: rgba(255,255,255,0.8); margin-top: 4px; }
+
+/* ========== 错误消息 ========== */
+.error-msg { color: #e74c3c; font-size: 0.85em; margin-bottom: 10px; min-height: 1.2em; }
+.error-bar {
+    background: #fff3cd; color: #856404; padding: 10px 20px; border-left: 4px solid #ffc107;
+    font-size: 0.88em;
+}
+
+/* ========== 弹窗 ========== */
+.modal-overlay {
+    position: fixed; top: 0; left: 0; width: 100%; height: 100%;
+    background: rgba(0,0,0,0.45); display: flex; justify-content: center;
+    align-items: center; z-index: 1000; opacity: 0; pointer-events: none;
+    transition: opacity 0.25s;
+}
+.modal-overlay.show { opacity: 1; pointer-events: auto; }
+.modal {
+    background: #fff; border-radius: 12px; padding: 28px 30px; width: 90%; max-width: 480px;
+    box-shadow: 0 16px 48px rgba(0,0,0,0.2);
+}
+.modal h2 { margin-bottom: 18px; font-size: 1.2em; }
+.modal-actions { display: flex; gap: 10px; justify-content: flex-end; margin-top: 20px; }
+
+/* ========== 响应式 ========== */
+@media (max-width: 600px) {
+    body { padding: 10px; }
+    .login-card { padding: 24px 18px; }
+    .form-row { flex-direction: column; gap: 0; }
+    .main-header { flex-direction: column; gap: 10px; }
+    .toolbar { flex-wrap: wrap; }
+    .stats { flex-direction: column; }
+}
--- a/week5/src/main/resources/static/index.html
+++ b/week5/src/main/resources/static/index.html
@@ -0,0 +1,105 @@
+<!DOCTYPE html>
+<html lang="zh-CN">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>学生管理系统 v2</title>
+    <link rel="stylesheet" href="css/style.css">
+</head>
+<body>
+
+<!-- 登录面板 -->
+<div class="container" id="login-panel">
+    <header>
+        <h1>📚 学生管理系统 v2</h1>
+        <p class="subtitle">Spring Security + JWT + Redis</p>
+    </header>
+    <div class="login-card">
+        <h2>登录</h2>
+        <p class="hint">默认账号：admin/123456 (管理员) 或 user/123456 (普通用户)</p>
+        <div class="form-group">
+            <input type="text" id="login-username" placeholder="用户名" autofocus>
+        </div>
+        <div class="form-group">
+            <input type="password" id="login-password" placeholder="密码">
+        </div>
+        <div class="error-msg" id="login-error"></div>
+        <button class="btn btn-primary btn-block" onclick="doLogin()">登录</button>
+        <p class="hint small" style="margin-top:12px">
+            没有账号？<a href="#" onclick="showRegister()">注册</a>
+        </p>
+    </div>
+</div>
+
+<!-- 注册面板 -->
+<div class="container" id="register-panel" style="display:none">
+    <header><h1>📚 注册</h1></header>
+    <div class="login-card">
+        <h2>注册新账号</h2>
+        <div class="form-group"><input type="text" id="reg-username" placeholder="用户名"></div>
+        <div class="form-group"><input type="password" id="reg-password" placeholder="密码"></div>
+        <div class="error-msg" id="reg-error"></div>
+        <button class="btn btn-primary btn-block" onclick="doRegister()">注册</button>
+        <p class="hint small" style="margin-top:12px"><a href="#" onclick="showLogin()">返回登录</a></p>
+    </div>
+</div>
+
+<!-- 主面板 -->
+<div class="container" id="main-panel" style="display:none">
+    <header class="main-header">
+        <div>
+            <h1>📚 学生管理系统 v2</h1>
+            <span id="user-info"></span>
+        </div>
+        <button class="btn btn-outline btn-sm" onclick="logout()">退出</button>
+    </header>
+
+    <div class="toolbar">
+        <input type="text" id="keyword" placeholder="搜索..." onkeyup="if(event.key==='Enter')search()">
+        <button class="btn btn-primary" id="btn-add" onclick="showForm(null)">+ 新增</button>
+        <button class="btn btn-outline" onclick="loadStudents()">刷新</button>
+    </div>
+
+    <div class="error-bar" id="error-bar" style="display:none"></div>
+
+    <div class="table-wrap">
+        <table>
+            <thead>
+                <tr>
+                    <th>ID</th><th>姓名</th><th>年龄</th><th>邮箱</th><th>成绩</th><th>操作</th>
+                </tr>
+            </thead>
+            <tbody id="table-body"></tbody>
+        </table>
+    </div>
+
+    <div class="stats" id="stats-bar">
+        <div class="stat-card"><span class="stat-value" id="stat-total">-</span><span class="stat-label">总数</span></div>
+        <div class="stat-card"><span class="stat-value" id="stat-excellent">-</span><span class="stat-label">优秀(≥85)</span></div>
+        <div class="stat-card"><span class="stat-value" id="stat-orm">-</span><span class="stat-label">ORM 引擎</span></div>
+    </div>
+</div>
+
+<!-- 弹窗 -->
+<div class="modal-overlay" id="modal-overlay">
+    <div class="modal">
+        <h2 id="modal-title">新增学生</h2>
+        <form id="student-form" onsubmit="submitForm(event)">
+            <input type="hidden" id="form-id">
+            <div class="form-group"><label>姓名 *</label><input type="text" id="form-name" required maxlength="20"></div>
+            <div class="form-row">
+                <div class="form-group"><label>年龄 *</label><input type="number" id="form-age" required min="1" max="150"></div>
+                <div class="form-group"><label>成绩 *</label><input type="number" id="form-score" required min="0" max="100"></div>
+            </div>
+            <div class="form-group"><label>邮箱 *</label><input type="email" id="form-email" required></div>
+            <div class="modal-actions">
+                <button type="button" class="btn btn-outline" onclick="closeModal()">取消</button>
+                <button type="submit" class="btn btn-primary">保存</button>
+            </div>
+        </form>
+    </div>
+</div>
+
+<script src="js/app.js"></script>
+</body>
+</html>
--- a/week5/src/main/resources/static/js/app.js
+++ b/week5/src/main/resources/static/js/app.js
@@ -0,0 +1,210 @@
+const BASE = '/api';
+let token = localStorage.getItem('wk5_token') || '';
+let role  = localStorage.getItem('wk5_role') || '';
+
+document.addEventListener('DOMContentLoaded', () => {
+    if (token) { showMain(); loadStudents(); checkRoleUI(); }
+});
+
+// ==================== 认证 ====================
+
+async function doLogin() {
+    const username = document.getElementById('login-username').value.trim();
+    const password = document.getElementById('login-password').value.trim();
+    if (!username || !password) { showLoginError('请输入用户名和密码'); return; }
+
+    try {
+        const resp = await fetch(BASE + '/auth/login', {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({ username, password })
+        });
+        const result = await resp.json();
+        if (resp.ok && result.code === 200) {
+            token = result.data.token;
+            role = result.data.role;
+            localStorage.setItem('wk5_token', token);
+            localStorage.setItem('wk5_role', role);
+            showMain(); loadStudents(); checkRoleUI();
+        } else {
+            showLoginError(result.message || '登录失败');
+        }
+    } catch (e) { showLoginError('连接失败: ' + e.message); }
+}
+
+async function doRegister() {
+    const username = document.getElementById('reg-username').value.trim();
+    const password = document.getElementById('reg-password').value.trim();
+    if (!username || !password) { document.getElementById('reg-error').textContent = '请输入用户名和密码'; return; }
+
+    try {
+        const resp = await fetch(BASE + '/auth/register', {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({ username, password })
+        });
+        const result = await resp.json();
+        if (resp.ok && result.code === 200) {
+            token = result.data.token;
+            role = result.data.role;
+            localStorage.setItem('wk5_token', token);
+            localStorage.setItem('wk5_role', role);
+            showMain(); loadStudents(); checkRoleUI();
+        } else {
+            document.getElementById('reg-error').textContent = result.message || '注册失败';
+        }
+    } catch (e) { document.getElementById('reg-error').textContent = '连接失败'; }
+}
+
+function showLoginError(msg) { document.getElementById('login-error').textContent = msg; }
+
+function showLogin() {
+    document.getElementById('login-panel').style.display = 'block';
+    document.getElementById('register-panel').style.display = 'none';
+    document.getElementById('main-panel').style.display = 'none';
+}
+function showRegister() {
+    document.getElementById('login-panel').style.display = 'none';
+    document.getElementById('register-panel').style.display = 'block';
+}
+function showMain() {
+    document.getElementById('login-panel').style.display = 'none';
+    document.getElementById('register-panel').style.display = 'none';
+    document.getElementById('main-panel').style.display = 'block';
+}
+
+function logout() {
+    localStorage.removeItem('wk5_token'); localStorage.removeItem('wk5_role');
+    token = ''; role = ''; showLogin();
+}
+
+/** 根据角色显示/隐藏操作按钮 */
+function checkRoleUI() {
+    document.getElementById('user-info').textContent = '当前: ' + (role || '-') + ' | ';
+    document.getElementById('btn-add').style.display = (role === 'ADMIN') ? '' : 'none';
+}
+
+// ==================== 请求封装 ====================
+
+async function api(url, options) {
+    options = options || {};
+    options.headers = options.headers || {};
+    options.headers['Authorization'] = 'Bearer ' + token;
+
+    const resp = await fetch(url, options);
+    const result = await resp.json();
+
+    if (resp.status === 403) {
+        showError('权限不足：需要 ADMIN 角色'); return null;
+    }
+    if ((resp.status === 401 || resp.status === 403) && result.code !== 200) {
+        logout(); showError('认证失败，请重新登录'); return null;
+    }
+    if (result.extra && result.extra.orm) {
+        document.getElementById('stat-orm').textContent = result.extra.orm;
+    }
+    return result;
+}
+
+function showError(msg) {
+    const bar = document.getElementById('error-bar');
+    bar.textContent = '⚠ ' + msg; bar.style.display = 'block';
+    setTimeout(() => bar.style.display = 'none', 4000);
+}
+
+// ==================== 数据 ====================
+
+async function loadStudents(keyword) {
+    const tbody = document.getElementById('table-body');
+    tbody.innerHTML = '<tr><td colspan="6" class="loading">加载中...</td></tr>';
+
+    let url = BASE + '/students';
+    if (keyword) url += '?keyword=' + encodeURIComponent(keyword);
+
+    const result = await api(url);
+    if (!result) { tbody.innerHTML = '<tr><td colspan="6" class="empty">加载失败</td></tr>'; return; }
+
+    const students = result.data;
+    if (!students || students.length === 0) {
+        tbody.innerHTML = '<tr><td colspan="6" class="empty">暂无数据</td></tr>';
+    } else {
+        tbody.innerHTML = students.map(s => {
+            let cls = 'badge-poor';
+            if (s.score >= 90) cls = 'badge-excellent';
+            else if (s.score >= 80) cls = 'badge-good';
+            else if (s.score >= 60) cls = 'badge-normal';
+            const actions = role === 'ADMIN'
+                ? `<button class="btn-edit" onclick="showForm(${s.id})">编辑</button>
+                   <button class="btn-danger" onclick="deleteStudent(${s.id})">删除</button>`
+                : '<span style="color:#ccc">--</span>';
+            return `<tr>
+                <td>${s.id}</td><td><strong>${escapeHtml(s.name)}</strong></td>
+                <td>${s.age}</td><td>${escapeHtml(s.email)}</td>
+                <td><span class="badge ${cls}">${s.score}</span></td>
+                <td>${actions}</td></tr>`;
+        }).join('');
+    }
+
+    document.getElementById('stat-total').textContent = result.extra?.total ?? students.length;
+
+    const statResp = await api(BASE + '/students/stats/excellent?min=85');
+    if (statResp) document.getElementById('stat-excellent').textContent = statResp.data;
+}
+
+function search() { loadStudents(document.getElementById('keyword').value.trim() || undefined); }
+
+// ==================== 表单 ====================
+
+async function showForm(id) {
+    document.getElementById('form-id').value = ''; document.getElementById('student-form').reset();
+    if (id) {
+        document.getElementById('modal-title').textContent = '编辑学生';
+        const result = await api(BASE + '/students/' + id);
+        if (!result) return;
+        const s = result.data;
+        document.getElementById('form-id').value = s.id;
+        document.getElementById('form-name').value = s.name;
+        document.getElementById('form-age').value = s.age;
+        document.getElementById('form-email').value = s.email;
+        document.getElementById('form-score').value = s.score;
+    } else {
+        document.getElementById('modal-title').textContent = '新增学生';
+    }
+    document.getElementById('modal-overlay').classList.add('show');
+}
+
+async function submitForm(e) {
+    e.preventDefault();
+    const id = document.getElementById('form-id').value;
+    const body = {
+        name: document.getElementById('form-name').value.trim(),
+        age: parseInt(document.getElementById('form-age').value),
+        email: document.getElementById('form-email').value.trim(),
+        score: parseInt(document.getElementById('form-score').value)
+    };
+
+    let result;
+    if (id) {
+        result = await api(BASE + '/students/' + id, {
+            method: 'PUT', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify(body)
+        });
+    } else {
+        result = await api(BASE + '/students', {
+            method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify(body)
+        });
+    }
+    if (result) { closeModal(); loadStudents(); }
+}
+
+async function deleteStudent(id) {
+    if (!confirm('确认删除？（MP 模式下为逻辑删除）')) return;
+    const result = await api(BASE + '/students/' + id, { method: 'DELETE' });
+    if (result) loadStudents();
+}
+
+function closeModal() { document.getElementById('modal-overlay').classList.remove('show'); }
+document.addEventListener('click', e => { if (e.target.id === 'modal-overlay') closeModal(); });
+document.addEventListener('keydown', e => {
+    if (e.key === 'Enter' && document.getElementById('login-panel').style.display !== 'none') doLogin();
+});
+function escapeHtml(t) { const d = document.createElement('div'); d.textContent = t; return d.innerHTML; }
--- a/week5/教案.md
+++ b/week5/教案.md
@@ -0,0 +1,216 @@
+# Week 5：Spring 全家桶核心组件 —— 安全、缓存、监控与进阶
+
+**目标**：在 Week 4 的全栈项目基础上，引入 Spring Security + JWT 实现认证授权，集成 Redis 缓存，接入 Actuator 监控，自定义校验注解，掌握 MyBatis-Plus 逻辑删除与分页。
+
+**前置**：已完成 Week 4 的 Spring Boot + ORM 双轨 + MVC 全栈项目。
+
+**学习成果**：一个完整的"学生管理系统 v2"，具备：
+- JWT 令牌认证（登录 / 注册）
+- RBAC 角色控制（ADMIN 可增删改，USER 只读）
+- Redis 缓存加速查询
+- Actuator 健康检查与监控
+- @ValidScore 自定义校验注解
+- MyBatis-Plus 逻辑删除
+
+---
+
+## Day 1：Spring Security 架构 & 过滤器链
+
+**知识点**：
+- Spring Security 核心概念：Authentication（认证）vs Authorization（授权）
+- SecurityFilterChain：过滤器链的工作原理
+- 关键过滤器：UsernamePasswordAuthenticationFilter、SecurityContextHolder
+- 无状态会话（STATELESS）vs 有状态会话
+- CSRF 的概念及何时禁用（前后端分离 API）
+- BCrypt 密码编码器的不可逆特性
+
+**动手 → 理解**：
+1. 阅读 `SecurityConfig.java`：逐行理解每条配置的意图
+2. 用 Postman / 浏览器测试：不登录直接访问 `/api/students`，观察 401 响应
+3. 去掉 `@Bean` 的 SecurityFilterChain，对比默认行为（表单登录页）
+4. 尝试把 `sessionCreationPolicy` 改回 `IF_REQUIRED`，观察 JSESSIONID 的出现
+
+**核心文件**：
+- `config/SecurityConfig.java` — 安全配置入口
+- `service/AuthService.java` — 认证逻辑（login / register）
+
+**思考题**：为什么要用 `requestMatchers(...).permitAll()` 放行 `/api/auth/**`？不放行会怎样？
+
+---
+
+## Day 2：JWT 认证 —— 登录 / 注册
+
+**知识点**：
+- JWT（JSON Web Token）结构：Header.Payload.Signature
+- 对称密钥签名：HMAC-SHA256
+- JJWT 库的使用：`Jwts.builder()` 生成，`Jwts.parser().verifyWith()` 验证
+- Claims：subject、issuedAt、expiration、自定义 claim（role）
+- 前端 Token 存储：localStorage vs sessionStorage vs Cookie 的权衡
+- OncePerRequestFilter：为什么用它而不是普通 Filter
+
+**动手 → 理解**：
+1. 用浏览器 DevTools Application 面板查看 localStorage 中的 `wk5_token`
+2. 把 token 粘贴到 [jwt.io](https://jwt.io) 在线解析，观察 payload 内容
+3. 修改 `application.yml` 中 `jwt.expiration` 为 60000（1分钟），等一分钟再刷新页面
+4. 手动篡改 localStorage 中 token 的某一个字符，观察 401 错误
+
+**核心文件**：
+- `security/JwtUtil.java` — Token 生成与解析工具
+- `security/JwtAuthFilter.java` — 过滤器：从请求头提取并验证 Token
+- `config/DataInitializer.java` — 启动时创建默认用户
+
+**思考题**：JWT 的三个部分中，哪个是"不可伪造"的关键？为什么？
+
+---
+
+## Day 3：RBAC 方法级安全 —— 权限控制
+
+**知识点**：
+- RBAC（Role-Based Access Control）：角色 → 权限 → 资源
+- `@EnableMethodSecurity` 开启方法级注解
+- `@PreAuthorize("hasRole('ADMIN')")` 的 SpEL 表达式
+- SecurityContextHolder：如何在 Controller 中获取当前用户
+- `Principal` 参数注入
+- 权限不足时的 AccessDeniedException → 全局异常处理返回 403
+
+**动手 → 理解**：
+1. 用 user/123456 登录，尝试新增学生，观察后台日志中的 AccessDeniedException
+2. 在前端查看：USER 角色的"新增"按钮为何消失（app.js 中的 `checkRoleUI()`）
+3. 在 `StudentController.java` 的 `deleteStudent` 方法上暂时注释掉 `@PreAuthorize`，用 USER 登录后通过 fetch 发送 DELETE 请求验证 SecurityConfig 的 URL 级别拦截
+4. 登录 admin 后访问 `/api/students/me`，查看返回的 Principal 信息
+
+**核心文件**：
+- `controller/StudentController.java` → `@PreAuthorize` 注解
+- `exception/GlobalExceptionHandler.java` → AccessDeniedException 处理
+
+**思考题**：URL 级别拦截（SecurityConfig）和方法级拦截（@PreAuthorize）各有什么适用场景？
+
+---
+
+## Day 4：Redis 缓存集成
+
+**知识点**：
+- Spring Cache 抽象：`@EnableCaching`、`@Cacheable`、`@CacheEvict`
+- Redis 作为缓存后端 vs 默认 ConcurrentHashMap
+- 缓存 Key 的 SpEL 表达式：`#id`、`'list'`
+- `@CacheEvict(allEntries = true)` 的使用场景和风险
+- application.yml 中的 Redis 连接配置
+- Redis 命令行基本操作：`KEYS *`、`GET key`、`DEL key`
+
+**动手 → 理解**：
+1. 启动项目，访问 `/api/students` 两次，观察第二次的响应速度变化
+2. 用 `redis-cli KEYS *` 查看 Spring Cache 生成的 Key 格式
+3. 用 `redis-cli GET "students::list"` 查看缓存的序列化数据
+4. 新增一个学生后，再次 `KEYS *` 观察缓存是否被清空
+5. 暂时关掉 Redis 服务，观察应用是否还能正常启动（`spring.cache.type: none`）
+
+**核心文件**：
+- `service/jpa/StudentJpaService.java` — JPA 服务的缓存注解
+- `service/mp/StudentMpService.java` — MP 服务的缓存注解
+- `application.yml` — Redis 与 Cache 配置
+
+**思考题**：为什么新增/修改/删除时要 `allEntries = true` 清理全部缓存，而不是只清理单条？
+
+---
+
+## Day 5：Actuator 应用监控
+
+**知识点**：
+- Spring Boot Actuator 的端点（Endpoints）：health、info、beans、env、mappings
+- `/actuator/health`：应用健康状态（UP / DOWN）
+- `/actuator/beans`：Spring 容器中所有 Bean 的列表和依赖关系
+- `/actuator/env`：运行时环境变量和配置属性
+- `/actuator/mappings`：所有 URL 映射（Controller + Filter）
+- 生产环境中端点的安全控制
+
+**动手 → 理解**：
+1. 浏览器访问 `http://localhost:8080/actuator` 查看所有可用端点
+2. 访问 `/actuator/health`，观察 JSON 中的 `status: "UP"`
+3. 访问 `/actuator/beans`，搜索 "jwt" 或 "security" 找到相关 Bean
+4. 访问 `/actuator/mappings`，找到自己写的 StudentController 的映射信息
+5. 在 `application.yml` 中把 `include` 改为只保留 `health,info`，重启再访问 `/actuator`
+
+**核心文件**：
+- `application.yml` → `management.endpoints.web.exposure.include`
+- `pom.xml` → `spring-boot-starter-actuator`
+
+**思考题**：为什么不应该在生产环境暴露 `/actuator/env`？里面会有什么敏感信息？
+
+---
+
+## Day 6：自定义校验注解 —— @ValidScore
+
+**知识点**：
+- Bean Validation（JSR 380）的扩展机制
+- `@Constraint(validatedBy = ...)` 元注解
+- `ConstraintValidator<A, T>` 接口：`initialize()` + `isValid()`
+- 自定义注解的三要素：`message`、`groups`、`payload`
+- `ConstraintValidatorContext` 自定义错误消息
+- `@ValidScore` + `@NotNull` 的配合使用
+
+**动手 → 理解**：
+1. 阅读 `ScoreValidator.java` 的 `isValid` 方法，理解 null 的处理逻辑
+2. 在前端新增学生时，输入成绩 150 并提交，观察后端返回的校验错误
+3. 修改 `@ValidScore` 的 `message` 默认值为中文提示，观察返回的 JSON
+4. 尝试把 `@ValidScore` 应用到 `Student` 实体的 `score` 字段（DTO 校验 vs 实体校验的区别）
+5. 动手写一个新的自定义注解 `@ValidEmail`，校验邮箱格式
+
+**核心文件**：
+- `annotation/ValidScore.java` — 自定义注解定义
+- `annotation/ScoreValidator.java` — 校验逻辑实现
+
+**思考题**：`isValid` 中对 null 返回 true，而不做 null 判断。如果调用方忘记加 `@NotNull`，会发生什么？
+
+---
+
+## Day 7：MyBatis-Plus 进阶 —— 逻辑删除 & LambdaQueryWrapper
+
+**知识点**：
+- 逻辑删除 vs 物理删除：概念差异与适用场景
+- `@TableLogic`：标记逻辑删除字段
+- `mybatis-plus.global-config.db-config.logic-delete-field` 全局配置
+- 逻辑删除的 SQL 行为：DELETE → UPDATE SET deleted=1；SELECT 自动追加 deleted=0
+- JPA 如何手动实现逻辑删除（@Query 中添加 `s.deleted = 0`）
+- LambdaQueryWrapper 条件构造：`.eq()`、`.like()`、`.orderByDesc()`、`.between()`
+- 分页拦截器 PaginationInnerInterceptor 的 `overflow` 和 `maxLimit` 配置
+
+**动手 → 理解**：
+1. 用 XML (MyBatisPlusConfig) 配置逻辑删除 vs 用 `@TableLogic` 注解的效果对比
+2. 在 MySQL 中执行 `SELECT * FROM student WHERE deleted = 1`，验证逻辑删除后的数据是否存在
+3. 对比 MP 服务（自动过滤 deleted）和 JPA 服务（手动写 deleted=0 条件）的实现差异
+4. 尝试修改 `maxLimit` 为 5，观察分页查询被限制的效果
+5. 在 LambdaQueryWrapper 上尝试组合条件：`like(Student::getName, keyword).between(Student::getAge, 18, 25)`
+
+**核心文件**：
+- `config/MyBatisPlusConfig.java` — 分页拦截器 + 逻辑删除全局配置
+- `service/mp/StudentMpService.java` — MP 服务的 LambdaQueryWrapper 使用
+- `service/jpa/StudentJpaService.java` — JPA 手动逻辑删除的 @Query 写法
+- `application.yml` → `mybatis-plus.global-config.db-config`
+
+**思考题**：逻辑删除和物理删除各适用于什么业务场景？为什么 Week 5 选择了逻辑删除？
+
+---
+
+## Week 5 总结
+
+| 维度 | Week 4（v1） | Week 5（v2） |
+|------|-------------|-------------|
+| 认证 | 固定 Token 字符串 | JWT 动态签发 + 过期控制 |
+| 授权 | 无角色概念 | RBAC（ADMIN / USER） |
+| 安全框架 | 手写 Interceptor | Spring Security + FilterChain |
+| 缓存 | 无 | Redis + Spring Cache 注解 |
+| 监控 | 无 | Actuator 端点 |
+| 校验 | @Min/@Max 内置注解 | 自定义 @ValidScore |
+| 数据库 | MP/JPA 直接操作 | MP 逻辑删除 + JPA 手动兼容 |
+
+**环境保障**：
+- MySQL 8.0+，数据库 `gc_plan`，表 `student` + `users`
+- Redis 需运行在 localhost:6379（默认端口）
+- `DataInitializer` 在首次启动时自动创建 admin/123456 和 user/123456
+- 如需重置：删除 users 表中记录，重启应用即可重新初始化
+
+**附加练习**：
+1. 给 USER 角色新增一个权限：可以查看但不能修改自己的详细信息
+2. 用 Redis 缓存 JWT Token，实现"黑名单"注销功能
+3. 在 Actuator 中增加自定义 HealthIndicator（检查 Redis 连接状态）
+4. 把 @ValidScore 扩展为支持不同学科的不同分数范围