spring3.0 MVC初步4-spring security REST

一、SpEl表达式

1、配置事务时用过一个AspectJ’s pointcut expression language：

 
      pointcut="execution(* *..IUserService.*(..))"
   advice-ref="txAdvice"/>
 

2、配置安全时用SpEl表达式
    hasRole('ROLE_管理员')"/>
    isAuthenticated()"/>

二、视图层安全元素
<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>

欢迎您：principal.username" />

三、web请求权限控制
   
   
   
   
   

四、视图层权限控制

<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>

<security:authorize access="hasRole('ROLE_管理员')">
用户管理

角色管理

单位管理

数据归属管理

五、方法层权限控制

@Secured("ROLE_SPITTER")
public void addSpittle(Spittle spittle) {
// ...
}

六、REST

1、涵义：Representational State Transfer (REST)

REST URL：http://t18:3000/s4/user/4

对照struts2的url：http://t18:3000/s4/LoadUserAction.action?user.userId=4

2、控制器能处理所有http请求，包括GET, PUT, DELETE,  POST

3、@PathVariable注解使控制器能处理参数化URL

4、spring标签与HeddenHttpMethodFilter过滤器共同协作，使通过普通浏览器就能支持PUT和DELETE方法。

web.xml增加

 
  httpMethodFilter
  org.springframework.web.filter.HiddenHttpMethodFilter
 
 
  httpMethodFilter
  /*
 

a、取数据GET http://t18:3000/s4/user/4
 @RequestMapping(value="{userId}", method=RequestMethod.GET)
 public String get(@PathVariable("userId") Short userId, Model model){
  User u = service.loadUser(userId);
  model.addAttribute(u);
  return "user/edit";
 }

b、显示用来修改PUT
    PUT" modelAttribute="user">
         登录名

   密码

   真实姓名

         电话

         手机

         email

         
   

c、修改PUT

 @RequestMapping(value="{userId}", method=RequestMethod.PUT)
 public String update(@PathVariable Integer userId, @Valid User user){
  service.saveUser(user);
  return "redirect:/user/page/1";
 }

d、删除DELETE

                            DELETE" action="user/${u.userId }">
                           
                           

 @RequestMapping(value="{userId}", method=RequestMethod.DELETE)
 public String delete(@PathVariable("userId") short userId){
  User user = service.loadUser(userId);
  service.deleteUser(user);
  return "redirect:/user/page/1";
 }
 

e、准备添加
 
 @RequestMapping( method=RequestMethod.GET, params="new")
 public String prepare(Model model){
  model.addAttribute(new User());
  return "user/edit";
 }

f、添加页面用POST提交，控制器：
 @RequestMapping(method=RequestMethod.POST)
 public String  add(@Valid User user, BindingResult result)
   throws BindException{
  if(result.hasErrors()){
   throw new BindException(result);
  }
  service.addUser(user);
  return "redirect:/user/page/1";
 }

七、REST分页

http://t18:3000/s4/user/page/3

1、分页类
public class Page implements IPageUtil{
 private int curPage=1,toPage=1,everyCount=15;
 private long pageCount,count;
 boolean hasNext,hasPrevious;
 private List data = new ArrayList();
 
 public Page(){
  
 }
 
 public Page(int toPage, long count, int everyCount, List data){
  this.toPage = toPage;
  this.count = count;
  this.everyCount = everyCount;
  this.curPage = getCurPage(count, everyCount);
  this.data = data;
 }

 public int getCurPage(long theCount){
 }
 public int getCurPage(long theCount,int n){
 }
...
}

2、dao支持

 public Page findPagedListObject(String hql, int toPage, long count, int everyCount){
  Query query = getCurrentSession().createQuery(hql);
     if (toPage <= 0) toPage = 1;
     int first = (toPage-1) * everyCount;
     int max = everyCount;
     query.setFirstResult(first+1);
        query.setMaxResults(first + max);
        List l = query.list();
        Page page = new Page(toPage, count, everyCount, l);
        return page;
 }

3、service支持

 public Page listPagedUsers(int toPage, long count, int everyCount){
   return dao.findPagedListObject("from User u", toPage, count, everyCount);
 }

4、控制器

 @RequestMapping(value="/page/{toPage}", method = RequestMethod.GET)
 public String list(
   @PathVariable("toPage") int toPage,
   HttpServletRequest request,
   Model model){
  Page page = service.findPagedUsers(request, toPage, service.countUser(request),3);
  model.addAttribute("page", page);
  
  return "user/list";
 }
5、页面显示数据时，取${page.data}即可，分页页面可共用