04.AdminLTE的基本介绍
05.SSM整合案例的基本介绍
06.产品操作
07.订单操作
08.权限控制
09.用户和角色操作
10.权限关联
11.AOP日志
09.用户和角色操作
1. 用户操作-查询所有用户
3.3.1.用户查询页面 user-list.jsp
请在资料中查看具体代码
<table id="dataList"
class="table table-bordered table-striped table-hover dataTable">
<thead>
<tr>
<th class="" style="padding-right: 0px"><input
id="selall" type="checkbox" class="icheckbox_square-blue">
th>
<th class="sorting_asc">IDth>
<th class="sorting_desc">用户名th>
<th class="sorting_asc sorting_asc_disabled">邮箱th>
<th class="sorting_desc sorting_desc_disabled">联系电话th>
<th class="sorting">状态th>
<th class="text-center">操作th>
tr>
thead>
<tbody>
<c:forEach items="${userList}" var="user" varStatus="s">
<tr>
<td><input name="ids" type="checkbox" id="${s.index}" value="${user.id}">td>
<td>${user.id }td>
<td>${user.username }td>
<td>${user.email }td>
<td>${user.phoneNum }td>
<td>${user.statusStr }td>
<td class="text-center">
<a href="${pageContext.request.contextPath}/user/findById.do?id=${user.id}" class="btn bg-olive btn-xs">详情a>
<a href="${pageContext.request.contextPath}/user/findUserByIdAndAllRole.do?id=${user.id}" class="btn bg-olive btn-xs">添加角色a>
td>
tr>
c:forEach>
tbody>
视图层 UserController
@Controller @RequestMapping(value = "/user") public class UsersController { @Autowired private IUserService userService; @RequestMapping("/findAll.do") public ModelAndView findAll() throws Exception{ ModelAndView mv = new ModelAndView("user-list2"); //获取一个添加对象 ListuserList = userService.findAll(); //attributeName取决于jsp页面上的EL表达式{}里面的字符串 mv.addObject("userList",userList); return mv; } }
UserServiceImpl
新添加的部分代码:
// 查询所有用户 @Override public ListfindAll() throws Exception { return userDao.findAll(); }
持久层 IUserDao
新添加的部分代码:
/** * 查询所有用户 * @return * @throws Exception */ @Select("select * from USERS") public ListfindAll() throws Exception;
user-list.jsp里面的一个按钮控件通过onclick 实现跳转请求
<div class="pull-left">
<div class="form-group form-inline">
<div class="btn-group">
<button type="button" class="btn btn-default" title="新建" onclick="location.href='${pageContext.request.contextPath}/pages/user-add.jsp'">
<i class="fa fa-file-o">i> 新建
button>
<button type="button" class="btn btn-default" title="刷新">
<i class="fa fa-refresh">i> 刷新
button>
div>
div>
div>
user-add.jsp里面关键信息如下:
form表单的action属性
<form action="${pageContext.request.contextPath}/user/save.do"
method="post">
3.4 用户添加
DAO层
/** * 添加一个新用户 * @param userInfo */ @Insert({"insert into USERS(username,email,password,phoneNum,status)", "values(#{username},#{email},#{password},#{phoneNum},#{status})"}) public void save(UserInfo userInfo) throws Exception;
Utils工具类
package cn.bjut.ssm.utils; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; public class BCryptPasswordEncoderUtils { private static BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder(); //工具类的方法最好用static关键字修饰 //明文转换成密文工具类 public static String encodePassword(String password){ return bCryptPasswordEncoder.encode(password); } }
Service层
//添加一个新用户 @Override public void save(UserInfo userInfo) throws Exception { //对密码进行加密处理 userInfo.setPassword(bCryptPasswordEncoder.encode(userInfo.getPassword())); userDao.save(userInfo); //返回void return ; }
Controller层
//添加用户(后自动请求查询所有用户) @RequestMapping("/save.do") public String save(UserInfo userInfo)throws Exception{ userService.save(userInfo); //返回字符串为当前控制类的注解@RequestMapping后面小括号里的内容 return "redirect:findAll.do"; }
修改oracle数据库中表的varchar2字段类型长度
package cn.bjut.ssm.utils; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; public class BCryptPasswordEncoderUtils { private static BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder(); //工具类的方法最好用static关键字修饰 //明文转换成密文工具类 public static String encodePassword(String password){ return bCryptPasswordEncoder.encode(password); } //构造一个主方法用于转换之前明文密码获得加密后的字符串 public static void main(String[] args) { //之前明文密码:itheima //$2a$10$ylUiLsD7W.hqjGIsND9/CeuKRxz4.4oHsyZulKtfErHzL5WAkOqtW String code = BCryptPasswordEncoderUtils.encodePassword("itheima"); //打印到控制台 System.out.println(code); } }
-- 查询表users的数据 select * from users t; -- 插入之前的明文密码的转换字符串密文 update USERS set PASSWORD ='$2a$10$ylUiLsD7W.hqjGIsND9/CeuKRxz4.4oHsyZulKtfErHzL5WAkOqtW' where USERNAME = 'ssm08'; -- 提交事务 commit;
spring-security.xml
xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<security:http pattern="/login.jsp" security="none"/>
<security:http pattern="/failer.jsp" security="none"/>
<security:http pattern="/css/**" security="none"/>
<security:http pattern="/img/**" security="none"/>
<security:http pattern="/images/**" security="none"/>
<security:http pattern="/plugins/**" security="none"/>
<security:http auto-config="false" use-expressions="true" >
<security:intercept-url pattern="/**" access="hasAnyRole('ROLE_USER','ROLE_ADMIN')"/>
<security:form-login
login-page="/login.jsp"
login-processing-url="/login"
username-parameter="username" password-parameter="password"
default-target-url="/index.jsp"
authentication-failure-url="/failer.jsp"
authentication-success-forward-url="/index.jsp"
/>
<security:csrf disabled="true"/>
<security:logout invalidate-session="true" logout-url="/logout.do" logout-success-url="/login.jsp" />
security:http>
<security:authentication-manager>
<security:authentication-provider user-service-ref="userService">
<security:password-encoder ref="passwordEncoder"/>
security:authentication-provider>
security:authentication-manager>
<bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>
beans>
Service层的 实现了接口UserDetailsService的实现类
cn.bjut.ssm.service.impl.UserServiceImpl
@Service(value = "userService") @Transactional //注解的方式使用spring事务管理 public class UserServiceImpl implements IUserService { @Autowired private IUserDao userDao; @Autowired //注入加密类 private BCryptPasswordEncoder bCryptPasswordEncoder; @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { //UserInfo是domain包下的实体类 UserInfo userInfo = null; try{ userInfo = userDao.findByUsername(username); } catch(Exception e){ e.printStackTrace(); } //把自己查询到的实体类中的认证信息封装成UserDetails //"{noop}"使用密码明文的必要前缀 // User user = new User(userInfo.getUsername(),"{noop}"+userInfo.getPassword(),getAuthority(userInfo.getRoles())); User user = new User(userInfo.getUsername(),userInfo.getPassword(),userInfo.getStatus() ==0 ?false:true,true,true,true,getAuthority(userInfo.getRoles())); return user; } //这个成员方法作用就是返回一个List集合,集合中装入的是角色描述。 //实际项目中应该是从数据库中获取role描述后封装到这个方法体里面。 public ListgetAuthority(List roles){ List list = new ArrayList<>(); //增强for循环 for (Role role :roles){ // new 匿名对象 list.add(new SimpleGrantedAuthority("ROLE_"+role.getRoleName())); } return list; } // 查询所有用户 @Override public List findAll() throws Exception { return userDao.findAll(); } //添加一个新用户 @Override public void save(UserInfo userInfo) throws Exception { //对密码进行加密处理 userInfo.setPassword(bCryptPasswordEncoder.encode(userInfo.getPassword())); userDao.save(userInfo); //返回void return ; } }
6.用户操作-用户详情服务器端代码实现
user-list.jsp
<a href="${pageContext.request.contextPath}/user/findById.do?id=${user.id}" class="btn bg-olive btn-xs">详情a> <a href="${pageContext.request.contextPath}/user/findUserByIdAndAllRole.do?id=${user.id}" class="btn bg-olive btn-xs">添加角色a> td>
详情 按钮可以向服务器提交一个GET方式的请求。
视图层
@Controller @RequestMapping(value = "/user") public class UsersController { @Autowired private IUserService userService; @RequestMapping("/findById.do") public ModelAndView findById(String id)throws Exception{ ModelAndView mv = new ModelAndView(); //获取一个Object UserInfo userInfo = userService.findById(id); mv.addObject("user",userInfo); mv.setViewName("user-show2"); return mv; }
Service层
@Service(value = "userService") @Transactional //注解的方式使用spring事务管理 public class UserServiceImpl implements IUserService { @Autowired private IUserDao userDao; @Autowired //注入加密类 private BCryptPasswordEncoder bCryptPasswordEncoder; @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { //UserInfo是domain包下的实体类 UserInfo userInfo = null; try{ userInfo = userDao.findByUsername(username); } catch(Exception e){ e.printStackTrace(); } //把自己查询到的实体类中的认证信息封装成UserDetails //"{noop}"使用密码明文的必要前缀 // User user = new User(userInfo.getUsername(),"{noop}"+userInfo.getPassword(),getAuthority(userInfo.getRoles())); User user = new User(userInfo.getUsername(),userInfo.getPassword(),userInfo.getStatus() ==0 ?false:true,true,true,true,getAuthority(userInfo.getRoles())); return user; } //这个成员方法作用就是返回一个List集合,集合中装入的是角色描述。 //实际项目中应该是从数据库中获取role描述后封装到这个方法体里面。 public ListgetAuthority(List roles){ List list = new ArrayList<>(); //增强for循环 for (Role role :roles){ // new 匿名对象 list.add(new SimpleGrantedAuthority("ROLE_"+role.getRoleName())); } return list; } // 查询所有用户 @Override public List findAll() throws Exception { return userDao.findAll(); } //添加一个新用户 @Override public void save(UserInfo userInfo) throws Exception { //对密码进行加密处理 userInfo.setPassword(bCryptPasswordEncoder.encode(userInfo.getPassword())); userDao.save(userInfo); //返回void return ; } //通过ID查询用户详情 @Override public UserInfo findById(String id) throws Exception{ return userDao.findByUserId(id); } }
IUserDAO
//通过用户ID查询Role的详情 @Select("select id,username,phoneNum,status from USERS where id = #{ UserId }") @Results({ @Result(property = "id",column = "id",id = true), @Result(property = "username",column = "username"), @Result(property = "phoneNum",column = "phoneNum"), @Result(property = "status",column = "status"), //通过中间表查询多对多关系,返回一个其它实体类的List集合 @Result(property = "roles",column = "id",javaType =java.util.List.class,many = @Many(select = "cn.bjut.ssm.dao.IRoleDao.findRoleByUserId")) }) public UserInfo findByUserId(String UserId) throws Exception;
IRoleDao
public interface IRoleDao { //根据用户ID查询出所有对应的角色 @Select("select * from ROLE where id in( select ROLEID from USERS_ROLE where USERID = #{userId})") @Results({ @Result(id = true,property = "id",column = "id"), @Result(property = "roleName",column = "roleName"), @Result(property = "roleDesc",column = "roleDesc"), @Result(property = "permissions",column = "id",javaType = java.util.List.class,many = @Many(select = "cn.bjut.ssm.dao.IPermissionDao.findPermissionByRoleId")) }) public ListfindRoleByUserId(String userId) throws Exception; }
IPermissionDao
public interface IPermissionDao { //多对多表的查询,先查询中间表作为结果集。 @Select("select * from PERMISSION where id in(select permissionId from role_permission where roleId = #{ roleId})") public ListfindPermissionByRoleId(String roleId) throws Exception; }
user-show.jsp
<div class="tab-pane" id="tab-treetable">
<table id="collapse-table"
class="table table-bordered table-hover dataTable">
<thead>
<tr>
<th>名称th>
<th>描述th>
tr>
thead>
<tr data-tt-id="0">
<td colspan="2">${user.username}td>
tr>
<tbody>
<c:forEach items="${user.roles}" var="role" varStatus="s">
<tr data-tt-id="${s.index +1 }" data-tt-parent-id="0" >
<td>${role.roleName }td>
<td>${role.roleDesc }td>
tr>
<c:forEach items="${role.permissions}" var="permission">
<tr data-tt-id="1-1" data-tt-parent-id="${s.index +1 }">
<td>${permission.permissionName}td>
<td>${permission.url}td>
tr>
c:forEach>
c:forEach>
tbody>
table>
div>
9.角色操作-查询所有角色
在aside.jsp文件内有侧边栏导航的链接地址,这些就是Controller层的@RequestMapping注解后面的value值。
ssm_web子模块新建一个RoleController实现。
DAO层 IRoleDao
@Select("select * from ROLE ")
@Results({
@Result(id = true,property = "id",column = "id"),
@Result(property = "roleName",column = "roleName"),
@Result(property = "roleDesc",column = "roleDesc"),
})
//查询所有的Role信息返回一个List集合
public List findAll()throws Exception;
Service层 RoleServiceImpl
@Service @Transactional //注解的方式使用spring事务管理 public class RoleServiceImpl implements IRoleService { @Autowired private IRoleDao roleDao; //查询所有Role的Service层实现 @Override public ListfindAll() throws Exception { return roleDao.findAll(); } }
视图层 RoleController
/** * 角色管理Controller */ @Controller @RequestMapping(name ="/role") public class RoleController { @Autowired private IRoleService roleService; //查询所有角色 @RequestMapping ("/findAll.do") public ModelAndView findAll() throws Exception{ ModelAndView mv = new ModelAndView(); ListroleList = roleService.findAll(); mv.addObject("roleList",roleList); mv.setViewName("role-list2"); return mv; } }
@RequestMapping (value="{
} ") 可以支持通配符* 的请求路径的数组。
Controller层
/** * 角色管理Controller */ @Controller @RequestMapping("/role") public class RoleController { @Autowired private IRoleService roleService; //新建保存一个Role @RequestMapping(value = { "/save.do" }) public String saveRole(Role role) throws Exception{ roleService.saveRole( role); return "redirect:findAll.do"; }
DAO层
public interface IRoleDao { //插入一条Role完整信息 @Insert({"insert into ROLE (roleName,roleDesc) ", "values(#{roleName},#{roleDesc})"}) public void saveRole(Role role)throws Exception;
PL/SQL Developer插入两条PERMISSION表的数据以供后续测试使用。
-- 查询PERMISSION表中所有数据 select * from permission t -- 添加两条测试记录到PERMISSION表 insert into permission ( permissionname, URL ) values('user findAll','/user/findAll.do'); insert into permission ( permissionname, URL ) values('user findByID','/user/findById.do'); commit;
在WEB-INF/pages/目录下copy一份 permission-list.jsp作为前端显示的页面。
@Controller @RequestMapping(value="/permission") public class PermissionController { @Autowired private IPermissionService permissionService; @RequestMapping("/findAll.do") public ModelAndView findAll() throws Exception{ ModelAndView mv = new ModelAndView(); ListpermissionList = permissionService.findAll(); mv.addObject("permissionList",permissionList); mv.setViewName("permission-list2"); return mv; } }
DAO层的接口 IPermissionDao
public interface IPermissionDao { //查询所有权限 @Select("select * from PERMISSION") public ListfindAll() throws Exception;
====================
end