环境的搭建1
解决maven项目创建过慢的问题
archetypeCatalog
internal
Ctrl + Shift + Alt + S打开文件结构
关于pageContext.request.contextPath
对于jsp文件
${pageContext.request.contextPath}是JSP取得绝对路径的方法,等价于<%=request.getContextPath()%> 。
也就是取出部署的应用程序名或者是当前的项目名称
比如我的项目名称是demo1在浏览器中输入为http://localhost:8080/demo1/a.jsp ${pageContext.request.contextPath}或<%=request.getContextPath()%>取出来的就是/demo1,而"/"代表的含义就是http://localhost:8080
故有时候项目中这样写${pageContext.request.contextPath}/a.jsp
商品的处理
商品Model中日期问题 添加注解
@DateTimeFormat(pattern="yyyy-MM-dd HH:mm")
private Date departureTime; // 出发时间
订单的处理
关于分页的处理
用户的处理
1
2
3用户添加的操作代码
权限的处理
权限操作表分析
spring security极速入门
创建demo的spring security的工程
pom.xml
4.0.0
com.itheima.security
spring_security
1.0-SNAPSHOT
war
spring_security Maven Webapp
http://www.example.com
5.0.2.RELEASE
5.0.1.RELEASE
org.springframework
spring-core
${spring.version}
org.springframework
spring-web
${spring.version}
org.springframework
spring-webmvc
${spring.version}
org.springframework
spring-context-support
${spring.version}
org.springframework
spring-test
${spring.version}
org.springframework
spring-jdbc
${spring.version}
org.springframework.security
spring-security-web
${spring.security.version}
org.springframework.security
spring-security-config
${spring.security.version}
javax.servlet
javax.servlet-api
3.1.0
provided
org.apache.maven.plugins
maven-compiler-plugin
3.2
1.8
1.8
UTF-8
org.apache.tomcat.maven
tomcat7-maven-plugin
8090
/
创建web.xml
SpringSecurity314
contextConfigLocation
classpath:spring-security.xml
org.springframework.web.context.ContextLoaderListener
springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
springSecurityFilterChain
/*
index.html
index.htm
index.jsp
default.html
default.htm
default.jsp
创建spring-security.xml
webapp下创建login.html failer.html success.html
login.html
Insert title here
failer.html
Title
failer.html
success.html
Title
success.html
spring security快速入门
ssm的pom.xml
org.springframework.security
spring-security-web
${spring.security.version}
org.springframework.security
spring-security-config
${spring.security.version}
org.springframework.security
spring-security-core
${spring.security.version}
org.springframework.security
spring-security-taglibs
${spring.security.version}
ssm_web的web.xml
spring security自定义页面
用户操作,登录流程
登录一
在pom.xml中添加spring security的依赖
org.springframework.security
spring-security-web
${spring.security.version}
org.springframework.security
spring-security-config
${spring.security.version}
org.springframework.security
spring-security-core
${spring.security.version}
org.springframework.security
spring-security-taglibs
${spring.security.version}
web下的resources下的spring-security.xml xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
web项目下的webapp下的WEB_INF的web.xml
springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
springSecurityFilterChain
/*
登录二
UserServiceImpl.java
登录三
登录四
如果是查询数据库的里边的权限
用户退出
权限关联和控制
概述
用户关联角色
角色关联权限
方法级别权限控制
1 开启注解
2 JSR250
3 SECURED注解
角色名必须写全,并且不用导入依赖
4基于表达式的
页面级别权限控制
用以下的标签的话要修改
AOP日志
域对象操作和基本操作介绍
前置通知操作
后置通知操作1
后置通知操作2
LogAop.java
package com.itheima.ssm.controller;
import com.itheima.ssm.domain.SysLog;
import com.itheima.ssm.service.ISysLogService;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.After;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.stereotype.Component;
import org.springframework.web.bind.annotation.RequestMapping;
import javax.servlet.http.HttpServletRequest;
import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
import java.util.Date;
@Component
@Aspect
public class LogAop {
@Autowired
private HttpServletRequest request;
@Autowired
private ISysLogService sysLogService;
private Date visitTime; //开始时间
private Class clazz; //访问的类
private Method method;//访问的方法
//前置通知 主要是获取开始时间,执行的类是哪一个,执行的是哪一个方法
@Before("execution(* com.itheima.ssm.controller.*.*(..))")
public void doBefore(JoinPoint jp) throws NoSuchMethodException {
visitTime = new Date();//当前时间就是开始访问的时间
clazz = jp.getTarget().getClass(); //具体要访问的类
String methodName = jp.getSignature().getName(); //获取访问的方法的名称
Object[] args = jp.getArgs();//获取访问的方法的参数
//获取具体执行的方法的Method对象
if (args == null || args.length == 0) {
method = clazz.getMethod(methodName); //只能获取无参数的方法
} else {
Class[] classArgs = new Class[args.length];
for (int i = 0; i < args.length; i++) {
classArgs[i] = args[i].getClass();
}
clazz.getMethod(methodName, classArgs);
}
}
//后置通知
@After("execution(* com.itheima.ssm.controller.*.*(..))")
public void doAfter(JoinPoint jp) throws Exception {
long time = new Date().getTime() - visitTime.getTime(); //获取访问的时长
String url = "";
//获取url
if (clazz != null && method != null && clazz != LogAop.class) {
//1.获取类上的@RequestMapping("/orders")
RequestMapping classAnnotation = (RequestMapping) clazz.getAnnotation(RequestMapping.class);
if (classAnnotation != null) {
String[] classValue = classAnnotation.value();
//2.获取方法上的@RequestMapping(xxx)
RequestMapping methodAnnotation = method.getAnnotation(RequestMapping.class);
if (methodAnnotation != null) {
String[] methodValue = methodAnnotation.value();
url = classValue[0] + methodValue[0];
//获取访问的ip
String ip = request.getRemoteAddr();
//获取当前操作的用户
SecurityContext context = SecurityContextHolder.getContext();//从上下文中获了当前登录的用户
User user = (User) context.getAuthentication().getPrincipal();
String username = user.getUsername();
//将日志相关信息封装到SysLog对象
SysLog sysLog = new SysLog();
sysLog.setExecutionTime(time); //执行时长
sysLog.setIp(ip);
sysLog.setMethod("[类名] " + clazz.getName() + "[方法名] " + method.getName());
sysLog.setUrl(url);
sysLog.setUsername(username);
sysLog.setVisitTime(visitTime);
//调用Service完成操作
sysLogService.save(sysLog);
}
}
}
}}
日志添加
问题处理
查询日志流程
