Java Web基础入门第七十八讲 Filter(过滤器)——Filter(过滤器)常见应用(三):权限管理系统(中)

最新推荐文章于 2021-05-12 10:40:14 发布
最新推荐文章于 2021-05-12 10:40:14 发布
阅读量3k 收藏 14
点赞数 3
分类专栏: Java Web基础入门 文章标签: Java-Web基础
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/yerenyuan_pku/article/details/52517160
版权

前言:由于开发一个简陋的权限管理系统,用一篇文章记录我的所思所想,会导致篇幅太长,不易观看,所以我索性一分为三,做成三篇文章。这篇博文承接上一篇文章——《Java Web基础入门第七十七讲 Filter(过滤器)——Filter(过滤器)常见应用(三):权限管理系统(上)》。在上一篇文章中,我们已经开发好了domain层、dao层以及service层,现在我们来开发web层。

权限管理系统的设计和分析

开发web层

我们使用权限管理系统,一般是在后台管理页面,因此我们首先在WebRoot根目录下新建一个后台管理页面——manager.jsp,为了能让该页面显示的更加优美,我们可以采用分帧技术来设计。这样,manager.jsp页面的内容如下:

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>后台管理页面(采用分帧技术)</title>
</head>
<frameset rows="22%,*">
	<frame name="head" src="${pageContext.request.contextPath }/security/head.jsp" />
	<frameset cols="15%,*">
		<frame name="left" src="${pageContext.request.contextPath }/security/left.jsp" />
		<frame name="main" src="" />
	</frameset>
</frameset>
</html>

接下来我们就在WebRoot根目录下的security目录中新建一个表示页头的页面——head.jsp,这样的页面的内容很简单,如下:

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>权限后台管理页面的页头</title>
</head>
<body style="text-align: center;">
	<h1>权限后台管理</h1>
</body>
</html>

再接下来我们还要在WebRoot根目录下的security目录中新建一个代表左侧导航栏的页面——left.jsp。

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>左侧导航</title>
</head>
<body>
	<a href="${pageContext.request.contextPath }/PrivilegeServlet?method=getAll" target="main">权限管理</a>
	<br/><br/>
	<a href="${pageContext.request.contextPath }/ResourceServlet?method=getAll" target="main">资源管理</a>
	<br/><br/>
	<a href="${pageContext.request.contextPath }/RoleServlet?method=getAll" target="main">角色管理</a>
	<br/><br/>
	<a href="${pageContext.request.contextPath }/UserServlet?method=getAll" target="main">用户管理</a>
</body>
</html>

管理员点击权限管理超链接时,本应交给一个诸如ListPrivilegeServlet这样的Servlet去处理,即获取所有权限。随之而来的代码就应该是这样的:
在这里插入图片描述
上面的代码隐式地规定了每一个请求对应一个Servlet,这样做并不好。就以权限管理模块为例:

  • 管理员点击权限管理超链接时,该请求就要有一个对应的Servlet来处理,诸如ListPrivilegeServlet;
  • 管理员点击添加权限超链接时,该请求就要有一个对应的Servlet来处理,以此提供一个添加权限的页面,诸如AddPrivilegeUIServlet;
  • 管理员点击添加权限按钮时,该请求就要有一个对应的Servlet来处理,诸如AddPrivilegeServlet。

以此类推,那么资源管理模块、角色管理模块以及用户管理模块等等都要有大量的相应处理的Servlet。试问你在cn.liayun.web.controller包中写几十个Servlet,你恶心不恶心啊!所以为了避免这种情况的发生,我们可以这样来写:
在这里插入图片描述
就用一个Servlet,诸如PrivilegeServlet来处理所有与权限相关的请求,如若这样,那么每一个模块就只对应一个Servlet,也就是说我们只需要在cn.liayun.web.controller包中写4个Servlet就够了,你说这样爽不爽呢?
同样以权限管理模块为例,如果就用一个PrivilegeServlet来处理所有与权限相关的请求,只须在相应请求URL后面跟上method参数,然后在PrivilegeServlet中根据相应请求URL后面的method参数的值,将请求派发给对应的方法去处理。例如,left.jsp页面中有这样的一个超链接:
在这里插入图片描述
那么在PrivilegeServlet中的代码就应是这样的:
在这里插入图片描述
到这里,权限管理这一模块的设计终于该登上历史舞台了。

权限管理模块的设计

当我们点击权限管理这一超链接时,就应将请求交给PrivilegeServlet。又由于请求URL后面的method参数的值是getAll,因此要把请求派发给getAll方法处理,这样PrivilegeServlet的代码就应该为:

package cn.liayun.web.controller;

import java.io.IOException;
import java.util.List;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import cn.liayun.domain.Privilege;
import cn.liayun.service.SecurityService;

//这个Servlet处理所有权限相关的请求
@WebServlet("/PrivilegeServlet")
public class PrivilegeServlet extends HttpServlet {
	
	private SecurityService service = new SecurityService();
	
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		String method = request.getParameter("method");
		if ("getAll".equals(method)) {
			getAll(request, response);
		}
	}

	private void getAll(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		List<Privilege> list = service.getAllPrivilege();
		request.setAttribute("list", list);
		request.getRequestDispatcher("/security/listprivilege.jsp").forward(request, response);
	}

	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		doGet(request, response);
	}

}

顺其自然地,我们接下来应在WebRoot根目录下的security目录中新建一个展示权限列表的页面——listprivilege.jsp。

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>权限列表</title>
</head>
<body>
	<br/><br/>
	<table width="60%" align="center">
		<tr>
			<td></td>
			<td></td>
			<td align="right">
				<a href="${pageContext.request.contextPath }/PrivilegeServlet?method=addUI">添加权限</a>
			</td>
		</tr>
	</table>
	
	<table width="60%" border="1px" align="center">
		<tr>
			<td>权限名称</td>
			<td>权限描述</td>
			<td>操作</td>
		</tr>
		
		<c:forEach var="p" items="${list }"> 
			<tr>
				<td>${p.name }</td>
				<td>${p.description }</td>
				<td>
					<a href="#">删除</a>
					<a href="#">修改</a>
				</td>
			</tr>
		</c:forEach>
	</table>
</body>
</html>

我们要添加一个权限,就应该点击添加权限的超链接,接着给我们提供一个添加权限的页面,同样地该请求也要交给PrivilegeServlet,又由于请求URL后面的method参数的值是addUI,因此要把请求派发给addUI方法处理,这样PrivilegeServlet的代码就应该为:

package cn.liayun.web.controller;

import java.io.IOException;
import java.util.List;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import cn.liayun.domain.Privilege;
import cn.liayun.service.SecurityService;

//这个Servlet处理所有权限相关的请求
@WebServlet("/PrivilegeServlet")
public class PrivilegeServlet extends HttpServlet {
	
	private SecurityService service = new SecurityService();
	
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		String method = request.getParameter("method");
		if ("getAll".equals(method)) {
			getAll(request, response);
		}
		if ("addUI".equals(method)) {
			addUI(request, response);
		}
	}

	//为添加权限提供添加界面
	private void addUI(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		request.getRequestDispatcher("/security/addprivilege.jsp").forward(request, response);
	}

	private void getAll(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		List<Privilege> list = service.getAllPrivilege();
		request.setAttribute("list", list);
		request.getRequestDispatcher("/security/listprivilege.jsp").forward(request, response);
	}

	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		doGet(request, response);
	}

}

接下来,我们应在WebRoot根目录下的security目录中新建一个添加权限的页面——addprivilege.jsp。

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>添加权限界面</title>
</head>
<body>
	<form action="${pageContext.request.contextPath }/PrivilegeServlet?method=add" method="post">
		<table>
			<tr>
				<td>权限名称</td>
				<td>
					<input type="text" name="name" />
				</td>
			</tr>
			<tr>
				<td>权限描述</td>
				<td>
					<textarea rows="5" cols="50" name="description"></textarea>
				</td>
			</tr>
			<tr>
				<td></td>
				<td>
					<input type="submit" value="添加权限" />
				</td>
			</tr>
		</table>
	</form>
</body>
</html>

当我们在以上页面中填写完一个权限的详细信息之后,点击添加权限按钮,请求也应交给PrivilegeServlet,又由于请求URL后面的method参数的值是add,因此要把请求派发给add方法处理,这样PrivilegeServlet的代码就应该为:

package cn.liayun.web.controller;

import java.io.IOException;
import java.util.List;
import java.util.UUID;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import cn.liayun.domain.Privilege;
import cn.liayun.service.SecurityService;
import cn.liayun.utils.WebUtils;

//这个Servlet处理所有权限相关的请求
@WebServlet("/PrivilegeServlet")
public class PrivilegeServlet extends HttpServlet {
	
	private SecurityService service = new SecurityService();
	
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		String method = request.getParameter("method");
		if ("getAll".equals(method)) {
			getAll(request, response);
		}
		if ("add".equals(method)) {
			add(request, response);
		}
		if ("addUI".equals(method)) {
			addUI(request, response);
		}
	}

	//为添加权限提供添加界面
	private void addUI(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		request.getRequestDispatcher("/security/addprivilege.jsp").forward(request, response);
	}

	private void getAll(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		List<Privilege> list = service.getAllPrivilege();
		request.setAttribute("list", list);
		request.getRequestDispatcher("/security/listprivilege.jsp").forward(request, response);
	}
	
	private void add(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		try {
			Privilege p = WebUtils.request2Bean(request, Privilege.class);
			p.setId(UUID.randomUUID().toString());
			service.addPrivilege(p);
			
			request.setAttribute("message", "添加成功!!");
		} catch (Exception e) {
			e.printStackTrace();
			request.setAttribute("message", "添加失败!!");
		}
		request.getRequestDispatcher("/message.jsp").forward(request, response);
	}


	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		doGet(request, response);
	}

}

可能小伙伴心里要不爽了,妈的,add()方法中怎么又多出来了一个WebUtils类,这是从哪个缝里蹦出来的,不要担心,我来慢慢讲解,WebUtils类是一个工具类,它的职责就是将请求参数给封装到一个JavaBean中,故应在cn.liayun.utils包下新建该类,该工具类的具体代码如下:

package cn.liayun.utils;

import java.util.Map;

import javax.servlet.http.HttpServletRequest;

import org.apache.commons.beanutils.BeanUtils;

public class WebUtils {

	public static <T> T request2Bean(HttpServletRequest request, Class<T> beanClass) {
		try {
			T t = beanClass.newInstance();
			Map<String, String[]> map = request.getParameterMap();
			BeanUtils.populate(t, map);
			return t;
		} catch (Exception e) {
			throw new RuntimeException(e);
		}
	}
	 
}

千万不要忘了在WebRoot根目录下新建一个全局消息显示页面——message.jsp,该页面的内容如下:

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>全局消息显示页面</title>
</head>
<body>
	${message }
</body>
</html>

至此,我们的权限管理模块就设计完毕了。如果大家想要测试的话,千万不要忘了解决全站中文乱码,因为我在PrivilegeServlet中没有写代码解决全站中文乱码,所以就应该给全站配一个解决全站中文乱码的过滤器。
在这里插入图片描述
温馨提示:这样的过滤器我写过很多遍了,实在无心再写了,你若是第一次编写,可参考我前面的文章。
这样的过滤器写好之后,还要在web.xml文件中配置哟!
在这里插入图片描述
写到这里,那你放心大胆去测试吧!接下来我们就要设计资源管理模块了。

资源管理模块的设计

当我们点击资源管理这一超链接时,就应将请求交给ResourceServlet。又由于请求URL后面的method参数的值是getAll,因此要把请求派发给getAll方法处理,这样ResourceServlet的代码就应该为:

package cn.liayun.web.controller;

import java.io.IOException;
import java.util.List;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import cn.liayun.domain.Resource;
import cn.liayun.service.SecurityService;

@WebServlet("/ResourceServlet")
public class ResourceServlet extends HttpServlet {
	
	private SecurityService service = new SecurityService();
	
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		String method = request.getParameter("method");
		if ("getAll".equals(method)) {
			getAll(request, response);
		}		
	}

	private void getAll(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		List<Resource> list = service.getAllResource();
		request.setAttribute("list", list);
		request.getRequestDispatcher("/security/listresource.jsp").forward(request, response);
	}

	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		// TODO Auto-generated method stub
		doGet(request, response);
	}

}

顺其自然地,我们接下来应在WebRoot根目录下的security目录中新建一个展示资源列表的页面——listresource.jsp。

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>资源列表</title>
</head>
<body>
	<br/><br/>
	<table width="80%" align="center">
		<tr>
			<td></td>
			<td></td>
			<td align="right">
				<a href="${pageContext.request.contextPath }/ResourceServlet?method=addUI">添加资源</a>
			</td>
		</tr>
	</table>
	
	<table width="80%" border="1px" align="center">
		<tr>
			<td>资源uri</td>
			<td>控制资源的权限</td>
			<td>资源描述</td>
			<td>操作</td>
		</tr>
		
		<c:forEach var="r" items="${list }"> 
			<tr>
				<td>${r.uri }</td>
				<td>${r.privilege.name }</td>
				<td>${r.description }</td>
				<td>
					<a href="${pageContext.request.contextPath }/ResourceServlet?method=forUpdatePrivilegeUI&id=${r.id}">修改资源的权限</a>
					<a href="#">删除</a>
				</td>
			</tr>
		</c:forEach>
	</table>
</body>
</html>

我们要添加一个资源,就应该点击添加资源的超链接,接着给我们提供一个添加资源的页面,同样地该请求也要交给ResourceServlet,又由于请求URL后面的method参数的值是addUI,因此要把请求派发给addUI方法处理,这样ResourceServlet的代码就应该为:

package cn.liayun.web.controller;

import java.io.IOException;
import java.util.List;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import cn.liayun.domain.Resource;
import cn.liayun.service.SecurityService;

@WebServlet("/ResourceServlet")
public class ResourceServlet extends HttpServlet {
	
	private SecurityService service = new SecurityService();
	
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		String method = request.getParameter("method");
		if ("getAll".equals(method)) {
			getAll(request, response);
		}
		if ("addUI".equals(method)) {
			addUI(request, response);
		}
	}

	private void addUI(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		request.getRequestDispatcher("/security/addresource.jsp").forward(request, response);
	}

	private void getAll(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		List<Resource> list = service.getAllResource();
		request.setAttribute("list", list);
		request.getRequestDispatcher("/security/listresource.jsp").forward(request, response);
	}

	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		// TODO Auto-generated method stub
		doGet(request, response);
	}

}

接下来,我们应在WebRoot根目录下的security目录中新建一个添加资源的页面——addresource.jsp。

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>添加资源界面</title>
</head>
<body>
	<form action="${pageContext.request.contextPath }/ResourceServlet?method=add" method="post">
		<table>
			<tr>
				<td>资源uri</td>
				<td>
					<input type="text" name="uri" />
				</td>
			</tr>
			<tr>
				<td>资源描述</td>
				<td>
					<textarea rows="5" cols="50" name="description"></textarea>
				</td>
			</tr>
			<tr>
				<td></td>
				<td>
					<input type="submit" value="添加资源" />
				</td>
			</tr>
		</table>
	</form>
</body>
</html>

当我们在以上页面中填写完一个资源的详细信息之后,点击添加资源按钮,请求也应交给ResourceServlet,又由于请求URL后面的method参数的值是add,因此要把请求派发给add方法处理,这样ResourceServlet的代码就应该为:

package cn.liayun.web.controller;

import java.io.IOException;
import java.util.List;
import java.util.UUID;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import cn.liayun.domain.Resource;
import cn.liayun.service.SecurityService;
import cn.liayun.utils.WebUtils;

@WebServlet("/ResourceServlet")
public class ResourceServlet extends HttpServlet {
	
	private SecurityService service = new SecurityService();
	
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		String method = request.getParameter("method");
		if ("getAll".equals(method)) {
			getAll(request, response);
		}
		if ("addUI".equals(method)) {
			addUI(request, response);
		}
		if ("add".equals(method)) {
			add(request, response);
		}
	}

	private void add(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		try {
			Resource r = WebUtils.request2Bean(request, Resource.class);
			r.setId(UUID.randomUUID().toString());
			service.addResource(r);
			request.setAttribute("message", "添加成功!!");
		} catch (Exception e) {
			e.printStackTrace();
			request.setAttribute("message", "添加失败!!");
		}
		request.getRequestDispatcher("/message.jsp").forward(request, response);
	}

	private void addUI(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		request.getRequestDispatcher("/security/addresource.jsp").forward(request, response);
	}

	private void getAll(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		List<Resource> list = service.getAllResource();
		request.setAttribute("list", list);
		request.getRequestDispatcher("/security/listresource.jsp").forward(request, response);
	}

	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		// TODO Auto-generated method stub
		doGet(request, response);
	}

}

当添加完一个资源后,就要给其授予一个权限,我们可以在listresource.jsp页面点击修改资源的权限超链接,这时,请求也应交给ResourceServlet,该请求URL后面不仅要携带method参数,而且还要携带要修改资源的id。由于请求URL后面的method参数的值是forUpdatePrivilegeUI,因此要把请求派发给forUpdatePrivilegeUI方法处理,这样ResourceServlet的代码就应该为:

package cn.liayun.web.controller;

import java.io.IOException;
import java.util.List;
import java.util.UUID;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import cn.liayun.domain.Privilege;
import cn.liayun.domain.Resource;
import cn.liayun.service.SecurityService;
import cn.liayun.utils.WebUtils;

@WebServlet("/ResourceServlet")
public class ResourceServlet extends HttpServlet {
	
	private SecurityService service = new SecurityService();
	
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		String method = request.getParameter("method");
		if ("getAll".equals(method)) {
			getAll(request, response);
		}
		if ("addUI".equals(method)) {
			addUI(request, response);
		}
		if ("add".equals(method)) {
			add(request, response);
		}
		
		//为更新一个资源的权限提供UI界面
		if ("forUpdatePrivilegeUI".equals(method)) {
			forUpdatePrivilegeUI(request, response);
		}
	}
	
	//为更新资源权限提供UI界面
	private void forUpdatePrivilegeUI(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		String resourceid = request.getParameter("id");
		Resource r = service.findResourceByID(resourceid);
		
		//得到系统的所有权限
		List<Privilege> list = service.getAllPrivilege();
		request.setAttribute("resource", r);
		request.setAttribute("list", list);
		request.getRequestDispatcher("/security/updateResourcePrivilege.jsp").forward(request, response);
	}

	private void add(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		try {
			Resource r = WebUtils.request2Bean(request, Resource.class);
			r.setId(UUID.randomUUID().toString());
			service.addResource(r);
			request.setAttribute("message", "添加成功!!");
		} catch (Exception e) {
			e.printStackTrace();
			request.setAttribute("message", "添加失败!!");
		}
		request.getRequestDispatcher("/message.jsp").forward(request, response);
	}

	private void addUI(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		request.getRequestDispatcher("/security/addresource.jsp").forward(request, response);
	}

	private void getAll(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		List<Resource> list = service.getAllResource();
		request.setAttribute("list", list);
		request.getRequestDispatcher("/security/listresource.jsp").forward(request, response);
	}

	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		// TODO Auto-generated method stub
		doGet(request, response);
	}

}

紧接着,我们就要在WebRoot根目录下的security目录中新建一个更新资源的权限的页面——updateResourcePrivilege.jsp。

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>更新资源的权限</title>
</head>
<body>
	<table border="1px" width="40%">
		<tr>
			<td>资源uri</td>
			<td>${resource.uri }</td>
		</tr>
		<tr>
			<td>资源描述</td>
			<td>${resource.description }</td>
		</tr>
		<tr>
			<td>资源原有权限</td>
			<td>${resource.privilege.name }</td>
		</tr>
		<tr>
			<td>须授予的权限</td>
			<td>
				<!-- 当下面表单提交时,会给服务器带去资源id以及要授予的权限id -->
				<form action="${pageContext.request.contextPath }/ResourceServlet?method=updatePrivilege" method="post">
					<input type="hidden" name="rid" value="${resource.id }" />
					<c:forEach var="p" items="${list }">
						<input type="radio" name="pid" value="${p.id }" />${p.name }<br/>
					</c:forEach>
					<input type="submit" value="更新权限" />
				</form>
			</td>
		</tr>
	</table>
</body>
</html>

当我们给资源选中一个权限之后,点击更新权限的按钮,请求也应交给ResourceServlet,又由于请求URL后面的method参数的值是updatePrivilege,因此要把请求派发给updatePrivilege方法处理,这样ResourceServlet的代码就应该为:

package cn.liayun.web.controller;

import java.io.IOException;
import java.util.List;
import java.util.UUID;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import cn.liayun.domain.Privilege;
import cn.liayun.domain.Resource;
import cn.liayun.service.SecurityService;
import cn.liayun.utils.WebUtils;

@WebServlet("/ResourceServlet")
public class ResourceServlet extends HttpServlet {
	
	private SecurityService service = new SecurityService();
	
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		String method = request.getParameter("method");
		if ("getAll".equals(method)) {
			getAll(request, response);
		}
		if ("addUI".equals(method)) {
			addUI(request, response);
		}
		if ("add".equals(method)) {
			add(request, response);
		}
		
		//为更新一个资源的权限提供UI界面
		if ("forUpdatePrivilegeUI".equals(method)) {
			forUpdatePrivilegeUI(request, response);
		}
		
		//更新资源的权限
		if ("updatePrivilege".equals(method)) {
			updatePrivilege(request, response);
		}
		
	}

	private void updatePrivilege(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		try {
			String resourceid = request.getParameter("rid");
			String privilegeid = request.getParameter("pid");
			
			service.updateResourcePrivilege(resourceid, privilegeid);
			request.setAttribute("message", "更新成功!!");
		} catch (Exception e) {
			e.printStackTrace();
			request.setAttribute("message", "更新失败!!");
		}
		request.getRequestDispatcher("/message.jsp").forward(request, response);
	}
	
	//为更新资源权限提供UI界面
	private void forUpdatePrivilegeUI(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		String resourceid = request.getParameter("id");
		Resource r = service.findResourceByID(resourceid);
		
		//得到系统的所有权限
		List<Privilege> list = service.getAllPrivilege();
		request.setAttribute("resource", r);
		request.setAttribute("list", list);
		request.getRequestDispatcher("/security/updateResourcePrivilege.jsp").forward(request, response);
	}

	private void add(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		try {
			Resource r = WebUtils.request2Bean(request, Resource.class);
			r.setId(UUID.randomUUID().toString());
			service.addResource(r);
			request.setAttribute("message", "添加成功!!");
		} catch (Exception e) {
			e.printStackTrace();
			request.setAttribute("message", "添加失败!!");
		}
		request.getRequestDispatcher("/message.jsp").forward(request, response);
	}

	private void addUI(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		request.getRequestDispatcher("/security/addresource.jsp").forward(request, response);
	}

	private void getAll(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		List<Resource> list = service.getAllResource();
		request.setAttribute("list", list);
		request.getRequestDispatcher("/security/listresource.jsp").forward(request, response);
	}

	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		// TODO Auto-generated method stub
		doGet(request, response);
	}

}

至此,我们的资源管理模块就已设计完毕了,欢迎您测试!接下来,我们就来设计角色管理模块。

角色管理模块的设计

当我们点击角色管理这一超链接时,就应将请求交给RoleServlet。又由于请求URL后面的method参数的值是getAll,因此要把请求派发给getAll方法处理,这样RoleServlet的代码就应该为:

package cn.liayun.web.controller;

import java.io.IOException;
import java.util.List;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import cn.liayun.domain.Role;
import cn.liayun.service.SecurityService;

@WebServlet("/RoleServlet")
public class RoleServlet extends HttpServlet {
	
	private SecurityService service = new SecurityService();
	
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		String method = request.getParameter("method");
		if ("getAll".equals(method)) {
			getAll(request, response);
		}
	}
	
	private void getAll(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		List<Role> list = service.getAllRole();
		request.setAttribute("list", list);
		request.getRequestDispatcher("/security/listrole.jsp").forward(request, response);
	}

	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		doGet(request, response);
	}

}

顺其自然地,我们接下来应在WebRoot根目录下的security目录中新建一个展示角色列表的页面——listrole.jsp。

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>角色列表</title>
</head>
<body>
	<br/><br/>
	<table width="80%" align="center">
		<tr>
			<td></td>
			<td></td>
			<td align="right">
				<a href="${pageContext.request.contextPath }/RoleServlet?method=addUI">添加角色</a>
			</td>
		</tr>
	</table>
	
	<table width="80%" border="1px" align="center">
		<tr>
			<td>角色名称</td>
			<td>角色描述</td>
			<td>操作</td>
		</tr>
		
		<c:forEach var="role" items="${list }"> 
			<tr>
				<td>${role.name }</td>
				<td>${role.description }</td>
				<td>
					<a href="${pageContext.request.contextPath }/RoleServlet?method=forUpdateRolePrivilegeUI&id=${role.id}">为角色授予权限</a>
					<a href="#">删除</a>
					<a href="#">修改</a>
				</td>
			</tr>
		</c:forEach>
	</table>
</body>
</html>

我们要添加一个角色,就应该点击添加角色的超链接,接着给我们提供一个添加角色的页面,同样地该请求也要交给RoleServlet,又由于请求URL后面的method参数的值是addUI,因此要把请求派发给addUI方法处理,这样RoleServlet的代码就应该为:

package cn.liayun.web.controller;

import java.io.IOException;
import java.util.List;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import cn.liayun.domain.Role;
import cn.liayun.service.SecurityService;

@WebServlet("/RoleServlet")
public class RoleServlet extends HttpServlet {
	
	private SecurityService service = new SecurityService();
	
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		String method = request.getParameter("method");
		if ("getAll".equals(method)) {
			getAll(request, response);
		}
		if ("addUI".equals(method)) {
			addUI(request, response);
		}
	}

	private void addUI(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		request.getRequestDispatcher("/security/addrole.jsp").forward(request, response);
	}

	private void getAll(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		List<Role> list = service.getAllRole();
		request.setAttribute("list", list);
		request.getRequestDispatcher("/security/listrole.jsp").forward(request, response);
	}

	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		doGet(request, response);
	}

}

接下来,我们应在WebRoot根目录下的security目录中新建一个添加角色的页面——addrole.jsp。

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>添加角色界面</title>
</head>
<body>
	<form action="${pageContext.request.contextPath }/RoleServlet?method=add" method="post">
		<table>
			<tr>
				<td>角色名称</td>
				<td>
					<input type="text" name="name" />
				</td>
			</tr>
			<tr>
				<td>角色描述</td>
				<td>
					<textarea rows="5" cols="50" name="description"></textarea>
				</td>
			</tr>
			<tr>
				<td></td>
				<td>
					<input type="submit" value="添加角色" />
				</td>
			</tr>
		</table>
	</form>
</body>
</html>

当我们在以上页面中填写完一个角色的详细信息之后,点击添加角色按钮,请求也应交给RoleServlet,又由于请求URL后面的method参数的值是add,因此要把请求派发给add方法处理,这样RoleServlet的代码就应该为:

package cn.liayun.web.controller;

import java.io.IOException;
import java.util.List;
import java.util.UUID;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import cn.liayun.domain.Role;
import cn.liayun.service.SecurityService;
import cn.liayun.utils.WebUtils;

@WebServlet("/RoleServlet")
public class RoleServlet extends HttpServlet {
	
	private SecurityService service = new SecurityService();
	
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		String method = request.getParameter("method");
		if ("getAll".equals(method)) {
			getAll(request, response);
		}
		if ("addUI".equals(method)) {
			addUI(request, response);
		}
		if ("add".equals(method)) {
			add(request, response);
		}
	}

	private void add(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		try {
			Role role = WebUtils.request2Bean(request, Role.class);
			role.setId(UUID.randomUUID().toString());//还可编写一个Generic类
			service.addRole(role);
			
			request.setAttribute("message", "添加成功!!");
		} catch (Exception e) {
			e.printStackTrace();
			request.setAttribute("message", "添加失败!!");
		}
		request.getRequestDispatcher("/message.jsp").forward(request, response);
	}

	private void addUI(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		request.getRequestDispatcher("/security/addrole.jsp").forward(request, response);
	}

	private void getAll(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		List<Role> list = service.getAllRole();
		request.setAttribute("list", list);
		request.getRequestDispatcher("/security/listrole.jsp").forward(request, response);
	}

	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		doGet(request, response);
	}

}

其实这儿还隐藏着一个优化技巧,由于这四个对象都要生成id,每次都这样写这句代码xxx.setId(UUID.randomUUID().toString());显然很麻烦,势必是要优化的,我们可以对这四个对象的共同属性id进行抽取,提取出这四者的父类。于是,我们在cn.liayun.domain包下创建这四者的父类——Generic类。
在这里插入图片描述
Generic类的具体代码如下:

package cn.liayun.domain;

import java.util.UUID;

public class Generic {
	
	private String id;
	
	public Generic() {
		this.id = UUID.randomUUID().toString();
	}

	public String getId() {
		return id;
	}

	public void setId(String id) {
		this.id = id;
	}
	
}

这样其他四个类都来继承Generic类,例如Role类继承Generic类。

package cn.liayun.domain;

import java.util.HashSet;
import java.util.Set;

public class Role extends Generic {

	private String name;
	private String description;
	
	private Set<Privilege> privileges = new HashSet<Privilege>();

	public String getName() {
		return name;
	}

	public void setName(String name) {
		this.name = name;
	}

	public String getDescription() {
		return description;
	}

	public void setDescription(String description) {
		this.description = description;
	}

	public Set<Privilege> getPrivileges() {
		return privileges;
	}

	public void setPrivileges(Set<Privilege> privileges) {
		this.privileges = privileges;
	}
	
}

这样优化之后,XxxServlet里面的add方法,就可省略这句xxx.setId(UUID.randomUUID().toString());代码了,有人可能会这样优化,所以我们也要多学习学习。但是事已至此,我们都已经写了这么远了,因此我们不做这样的优化了。
当添加完一个角色后,就要给其授予权限了,我们可以在listrole.jsp页面中点击为角色授予权限的超链接,这时,请求也应交给RoleServlet,该请求URL后面不仅要携带method参数,而且还要携带角色的id。由于请求URL后面的method参数的值是forUpdateRolePrivilegeUI,因此要把请求派发给forUpdateRolePrivilegeUI方法处理,这样RoleServlet的代码就应该为:

package cn.liayun.web.controller;

import java.io.IOException;
import java.util.List;
import java.util.UUID;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import cn.liayun.domain.Privilege;
import cn.liayun.domain.Role;
import cn.liayun.service.SecurityService;
import cn.liayun.utils.WebUtils;

@WebServlet("/RoleServlet")
public class RoleServlet extends HttpServlet {
	
	private SecurityService service = new SecurityService();
	
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		String method = request.getParameter("method");
		if ("getAll".equals(method)) {
			getAll(request, response);
		}
		if ("addUI".equals(method)) {
			addUI(request, response);
		}
		if ("add".equals(method)) {
			add(request, response);
		}
		if ("forUpdateRolePrivilegeUI".equals(method)) {
			forUpdateRolePrivilegeUI(request, response);
		}
	}

	//为更新角色的权限提供UI界面
	private void forUpdateRolePrivilegeUI(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		String roleid = request.getParameter("id");
		Role r = service.findRole(roleid);
		
		List<Privilege> list = service.getAllPrivilege();
		request.setAttribute("role", r);
		request.setAttribute("list", list);
		
		request.getRequestDispatcher("/security/updateRolePrivilege.jsp").forward(request, response);
	}

	private void add(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		try {
			Role role = WebUtils.request2Bean(request, Role.class);
			role.setId(UUID.randomUUID().toString());//还可编写一个Generic类
			service.addRole(role);
			
			request.setAttribute("message", "添加成功!!");
		} catch (Exception e) {
			e.printStackTrace();
			request.setAttribute("message", "添加失败!!");
		}
		request.getRequestDispatcher("/message.jsp").forward(request, response);
	}

	private void addUI(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		request.getRequestDispatcher("/security/addrole.jsp").forward(request, response);
	}

	private void getAll(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		List<Role> list = service.getAllRole();
		request.setAttribute("list", list);
		request.getRequestDispatcher("/security/listrole.jsp").forward(request, response);
	}

	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		doGet(request, response);
	}

}

紧接着,我们就要在WebRoot根目录下的security目录中新建一个更新角色权限的页面——updateRolePrivilege.jsp。

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>更新角色的权限</title>
</head>
<body>
	<table border="1px" width="40%">
		<tr>
			<td>角色名称</td>
			<td>${role.name }</td>
		</tr>
		<tr>
			<td>角色描述</td>
			<td>${role.description }</td>
		</tr>
		<tr>
			<td>角色原有权限</td>
			<td>
				<c:forEach var="p" items="${role.privileges }">
					${p.name }<br/>
				</c:forEach>
			</td>
		</tr>
		<tr>
			<td>须授予的权限</td>
			<td>
				<!-- 当下面表单提交时,会给服务器带去角色id以及要授予的权限id -->
				<form action="${pageContext.request.contextPath }/RoleServlet?method=updatePrivilege" method="post">
					<input type="hidden" name="roleid" value="${role.id }" />
					<c:forEach var="p" items="${list }">
						<input type="checkbox" name="pid" value="${p.id }" />${p.name }<br/>
					</c:forEach>
					<input type="submit" value="更新权限" />
				</form>
			</td>
		</tr>
	</table>
</body>
</html>

当我们给角色选中若干个权限之后,点击更新权限的按钮,请求也应交给RoleServlet,又由于请求URL后面的method参数的值是updatePrivilege,因此要把请求派发给updatePrivilege方法处理,这样RoleServlet的代码就应该为:

package cn.liayun.web.controller;

import java.io.IOException;
import java.util.List;
import java.util.UUID;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import cn.liayun.domain.Privilege;
import cn.liayun.domain.Role;
import cn.liayun.service.SecurityService;
import cn.liayun.utils.WebUtils;

@WebServlet("/RoleServlet")
public class RoleServlet extends HttpServlet {
	
	private SecurityService service = new SecurityService();
	
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		String method = request.getParameter("method");
		if ("getAll".equals(method)) {
			getAll(request, response);
		}
		if ("addUI".equals(method)) {
			addUI(request, response);
		}
		if ("add".equals(method)) {
			add(request, response);
		}
		if ("forUpdateRolePrivilegeUI".equals(method)) {
			forUpdateRolePrivilegeUI(request, response);
		}
		if ("updatePrivilege".equals(method)) {
			updatePrivilege(request, response);
		}
	}
	
	private void updatePrivilege(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		try {
			String roleid = request.getParameter("roleid");
			String[] pids = request.getParameterValues("pid");
			//System.out.println(pids);
			service.updateRolePrivilege(roleid, pids);
			request.setAttribute("message", "更新成功!!");
		} catch (Exception e) {
			e.printStackTrace();
			request.setAttribute("message", "更新失败!!");
		}
		request.getRequestDispatcher("/message.jsp").forward(request, response);
	}

	//为更新角色的权限提供UI界面
	private void forUpdateRolePrivilegeUI(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		String roleid = request.getParameter("id");
		Role r = service.findRole(roleid);
		
		List<Privilege> list = service.getAllPrivilege();
		request.setAttribute("role", r);
		request.setAttribute("list", list);
		
		request.getRequestDispatcher("/security/updateRolePrivilege.jsp").forward(request, response);
	}

	private void add(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		try {
			Role role = WebUtils.request2Bean(request, Role.class);
			role.setId(UUID.randomUUID().toString());//还可编写一个Generic类
			service.addRole(role);
			
			request.setAttribute("message", "添加成功!!");
		} catch (Exception e) {
			e.printStackTrace();
			request.setAttribute("message", "添加失败!!");
		}
		request.getRequestDispatcher("/message.jsp").forward(request, response);
	}

	private void addUI(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		request.getRequestDispatcher("/security/addrole.jsp").forward(request, response);
	}

	private void getAll(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		List<Role> list = service.getAllRole();
		request.setAttribute("list", list);
		request.getRequestDispatcher("/security/listrole.jsp").forward(request, response);
	}

	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		doGet(request, response);
	}

}

至此,我们的角色管理模块就已设计完毕,欢迎您测试!最后我们来设计最后一个模块——用户管理模块。

用户管理模块的设计

当我们点击用户管理这一超链接时,就应将请求交给UserServlet。又由于请求URL后面的method参数的值是getAll,因此要把请求派发给getAll方法处理,这样UserServlet的代码就应该为:

package cn.liayun.web.controller;

import java.io.IOException;
import java.util.List;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import cn.liayun.domain.User;
import cn.liayun.service.SecurityService;

@WebServlet("/UserServlet")
public class UserServlet extends HttpServlet {
	private SecurityService service = new SecurityService();
	
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		String method = request.getParameter("method");
		if ("getAll".equals(method)) {
			getAll(request, response);
		}
	}

	private void getAll(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		List<User> list = service.getAllUser();
		request.setAttribute("list", list);
		request.getRequestDispatcher("/security/listuser.jsp").forward(request, response);
	}

	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		doGet(request, response);
	}

}

顺其自然地,我们接下来应在WebRoot根目录下的security目录中新建一个展示用户列表的页面——listuser.jsp。

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>用户列表</title>
</head>
<body>
	<br/><br/>
	<table width="80%" align="center">
		<tr>
			<td></td>
			<td></td>
			<td align="right">
				<a href="${pageContext.request.contextPath }/UserServlet?method=addUI">添加用户</a>
			</td>
		</tr>
	</table>
	
	<table width="80%" border="1px" align="center">
		<tr>
			<td>用户名称</td>
			<td>用户密码</td> <!-- 后台管理员可以看到用户的密码,这个倒无所谓 -->
			<td>用户描述</td>
			<td>操作</td>
		</tr>
		
		<c:forEach var="user" items="${list }"> 
			<tr>
				<td>${user.username }</td>
				<td>${user.password }</td>
				<td>${user.description }</td>
				<td>
					<a href="${pageContext.request.contextPath }/UserServlet?method=forUpdateUserRoleUI&id=${user.id}">为用户授予角色</a>
					<a href="#">删除</a>
					<a href="#">修改</a>
				</td>
			</tr>
		</c:forEach>
	</table>
</body>
</html>

我们要添加一个用户,就应该点击添加用户的超链接,接着给我们提供一个添加用户的页面,同样地该请求也要交给UserServlet,又由于请求URL后面的method参数的值是addUI,因此要把请求派发给addUI方法处理,这样UserServlet的代码就应该为:

package cn.liayun.web.controller;

import java.io.IOException;
import java.util.List;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import cn.liayun.domain.User;
import cn.liayun.service.SecurityService;

@WebServlet("/UserServlet")
public class UserServlet extends HttpServlet {
	private SecurityService service = new SecurityService();
	
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		String method = request.getParameter("method");
		if ("getAll".equals(method)) {
			getAll(request, response);
		}
		if ("addUI".equals(method)) {
			addUI(request, response);
		}
	}

	private void addUI(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		request.getRequestDispatcher("/security/adduser.jsp").forward(request, response);
	}

	private void getAll(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		List<User> list = service.getAllUser();
		request.setAttribute("list", list);
		request.getRequestDispatcher("/security/listuser.jsp").forward(request, response);
	}

	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		doGet(request, response);
	}

}

接下来,我们应在WebRoot根目录下的security目录中新建一个添加用户的页面——adduser.jsp。

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>添加用户界面</title>
</head>
<body>
	<form action="${pageContext.request.contextPath }/UserServlet?method=add" method="post">
		<table>
			<tr>
				<td>用户名称</td>
				<td>
					<input type="text" name="username" />
				</td>
			</tr>
			<tr>
				<td>用户密码</td>
				<td>
					<input type="text" name="password" />
				</td>
			</tr>
			<tr>
				<td>用户描述</td>
				<td>
					<textarea rows="5" cols="50" name="description"></textarea>
				</td>
			</tr>
			<tr>
				<td></td>
				<td>
					<input type="submit" value="添加用户" />
				</td>
			</tr>
		</table>
	</form>
</body>
</html>

当我们在以上页面中填写完一个用户的详细信息之后,点击添加用户按钮,请求也应交给UserServlet,又由于请求URL后面的method参数的值是add,因此要把请求派发给add方法处理,这样UserServlet的代码就应该为:

package cn.liayun.web.controller;

import java.io.IOException;
import java.util.List;
import java.util.UUID;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import cn.liayun.domain.User;
import cn.liayun.service.SecurityService;
import cn.liayun.utils.WebUtils;

@WebServlet("/UserServlet")
public class UserServlet extends HttpServlet {
	private SecurityService service = new SecurityService();
	
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		String method = request.getParameter("method");
		if ("getAll".equals(method)) {
			getAll(request, response);
		}
		if ("addUI".equals(method)) {
			addUI(request, response);
		}
		if ("add".equals(method)) {
			add(request, response);
		}
	}

	private void add(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		try {
			User user = WebUtils.request2Bean(request, User.class);
			user.setId(UUID.randomUUID().toString());
			service.addUser(user);
			
			request.setAttribute("message", "添加成功!!");
		} catch (Exception e) {
			e.printStackTrace();
			request.setAttribute("message", "添加失败!!");
		}
		request.getRequestDispatcher("/message.jsp").forward(request, response);
	}

	private void addUI(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		request.getRequestDispatcher("/security/adduser.jsp").forward(request, response);
	}

	private void getAll(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		List<User> list = service.getAllUser();
		request.setAttribute("list", list);
		request.getRequestDispatcher("/security/listuser.jsp").forward(request, response);
	}

	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		doGet(request, response);
	}

}

当添加完一个用户后,就要给其授予角色了,我们可以在listuser.jsp页面点击为用户授予角色的超链接,这时,请求也应交给UserServlet,该请求URL后面不仅要携带method参数,而且还要携带用户的id。由于请求URL后面的method参数的值是forUpdateUserRoleUI,因此要把请求派发给forUpdateUserRoleUI方法处理,这样UserServlet的代码就应该为:

package cn.liayun.web.controller;

import java.io.IOException;
import java.util.List;
import java.util.UUID;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import cn.liayun.domain.Role;
import cn.liayun.domain.User;
import cn.liayun.service.SecurityService;
import cn.liayun.utils.WebUtils;

@WebServlet("/UserServlet")
public class UserServlet extends HttpServlet {
	private SecurityService service = new SecurityService();
	
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		String method = request.getParameter("method");
		if ("getAll".equals(method)) {
			getAll(request, response);
		}
		if ("addUI".equals(method)) {
			addUI(request, response);
		}
		if ("add".equals(method)) {
			add(request, response);
		}
		
		if ("forUpdateUserRoleUI".equals(method)) {
			forUpdateUserRoleUI(request, response);
		}
	}

	private void forUpdateUserRoleUI(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		String userid = request.getParameter("id");
		User user = service.findUser(userid);
		
		List<Role> list = service.getAllRole();
		request.setAttribute("user", user);
		request.setAttribute("list", list);
		request.getRequestDispatcher("/security/updateUserRole.jsp").forward(request, response);
	}

	private void add(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		try {
			User user = WebUtils.request2Bean(request, User.class);
			user.setId(UUID.randomUUID().toString());
			service.addUser(user);
			
			request.setAttribute("message", "添加成功!!");
		} catch (Exception e) {
			e.printStackTrace();
			request.setAttribute("message", "添加失败!!");
		}
		request.getRequestDispatcher("/message.jsp").forward(request, response);
	}

	private void addUI(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		request.getRequestDispatcher("/security/adduser.jsp").forward(request, response);
	}

	private void getAll(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		List<User> list = service.getAllUser();
		request.setAttribute("list", list);
		request.getRequestDispatcher("/security/listuser.jsp").forward(request, response);
	}

	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		doGet(request, response);
	}

}

紧接着,我们就要在WebRoot根目录下的security目录中新建一个更新用户角色的页面——updateUserRole.jsp。

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>更新用户的角色</title>
</head>
<body>
	<table border="1px" width="40%">
		<tr>
			<td>用户名</td>
			<td>${user.username }</td>
		</tr>
		<tr>
			<td>用户描述</td>
			<td>${user.description }</td>
		</tr>
		<tr>
			<td>用户原有角色</td>
			<td>
				<c:forEach var="r" items="${user.roles }">
					${r.name }<br/>
				</c:forEach>
			</td>
		</tr>
		<tr>
			<td>须授予的角色</td>
			<td>
				<!-- 当下面表单提交时,会给服务器带去用户id以及要授予的角色id -->
				<form action="${pageContext.request.contextPath }/UserServlet?method=updateRole" method="post">
					<input type="hidden" name="userid" value="${user.id }" />
					<c:forEach var="r" items="${list }">
						<input type="checkbox" name="rid" value="${r.id }" />${r.name }<br/>
					</c:forEach>
					<input type="submit" value="更新角色" />
				</form>
			</td>
		</tr>
	</table>
</body>
</html>

当我们给用户选中若干个角色之后,点击更新角色的按钮,请求也应交给UserServlet,又由于请求URL后面的method参数的值是updateRole,因此要把请求派发给updateRole方法处理,这样UserServlet的代码就应该为:

package cn.liayun.web.controller;

import java.io.IOException;
import java.util.List;
import java.util.UUID;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import cn.liayun.domain.Role;
import cn.liayun.domain.User;
import cn.liayun.service.SecurityService;
import cn.liayun.utils.WebUtils;

@WebServlet("/UserServlet")
public class UserServlet extends HttpServlet {
	private SecurityService service = new SecurityService();
	
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		String method = request.getParameter("method");
		if ("getAll".equals(method)) {
			getAll(request, response);
		}
		if ("addUI".equals(method)) {
			addUI(request, response);
		}
		if ("add".equals(method)) {
			add(request, response);
		}
		
		if ("forUpdateUserRoleUI".equals(method)) {
			forUpdateUserRoleUI(request, response);
		}
		if ("updateRole".equals(method)) {
			updateRole(request, response);
		}
	}

	private void updateRole(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		try {
			String userid = request.getParameter("userid");
			String[] rids = request.getParameterValues("rid");
			service.updateUserRole(userid, rids);
			request.setAttribute("message", "更新成功!!");
		} catch (Exception e) {
			e.printStackTrace();
			request.setAttribute("message", "更新失败!!");
		}
		request.getRequestDispatcher("/message.jsp").forward(request, response);
	}

	private void forUpdateUserRoleUI(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		String userid = request.getParameter("id");
		User user = service.findUser(userid);
		
		List<Role> list = service.getAllRole();
		request.setAttribute("user", user);
		request.setAttribute("list", list);
		request.getRequestDispatcher("/security/updateUserRole.jsp").forward(request, response);
	}

	private void add(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		try {
			User user = WebUtils.request2Bean(request, User.class);
			user.setId(UUID.randomUUID().toString());
			service.addUser(user);
			
			request.setAttribute("message", "添加成功!!");
		} catch (Exception e) {
			e.printStackTrace();
			request.setAttribute("message", "添加失败!!");
		}
		request.getRequestDispatcher("/message.jsp").forward(request, response);
	}

	private void addUI(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		request.getRequestDispatcher("/security/adduser.jsp").forward(request, response);
	}

	private void getAll(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		List<User> list = service.getAllUser();
		request.setAttribute("list", list);
		request.getRequestDispatcher("/security/listuser.jsp").forward(request, response);
	}

	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		doGet(request, response);
	}

}

至此,我们的用户管理模块就已设计完毕,欢迎您测试!下一篇文章我们重点关注权限的实现。

李阿昀
关注
专栏目录
nested exception is org.apache.ibatis.reflection.ReflectionException
qq_39736176的博客
09-30 3万+
错误情况 Request processing failed; nested exception is org.mybatis.spring.MyBatisSystemException: nested exception is org.apache.ibatis.reflection.ReflectionException: Could not set property 'paperId' o...
Java Web基础入门第七十九 Filter(过滤器)——Filter(过滤器)常见应用():权限管理系统(下)
热门推荐
李阿昀的博客
09-13 1万+
上一篇文章Filter(过滤器)常见应用()——权限管理系统(二)已经开发好了web层的一大部分,做的所有这些工作都是为了这一步——权限实现,是时候使用Filter实现URL级别的权限认证了。权限管理系统的设计和分析开发web权限实现现在我们来编写一个过滤器来实现URL级别的权限认证,要在cn.itcast.web.filter包下创建一个Filter——SecurityFilter.java
权限管理过滤器filter,session,页面或者哪个文件下的所有页面进行登陆过滤...
黑色头发
08-13 333
2007-12-27 22:39JAVA源文件: package org.filter.system; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.S...
权限过滤器Filter
熊佳佳的技术笔记
03-22 144
[code="java"]package com.baitw.struts.utils; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet...
java ssm 水果商城项目
weixin_44577346的博客
05-12 593
spring、springmvc、mybatis整合的配置文件编写 目录spring、springmvc、mybatis整合的配置文件编写web.xml编写spring配置文件编写springmvc.xml编写sqlMapConfig.xml编写 web.xml编写 web.xml文件配置如下 <?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instanc
Java Web基础入门第七十九 Filter(过滤器)——Filter(过滤器)常见应用():权限管理系统(下)-附件资源
03-02
Java Web基础入门第七十九 Filter(过滤器)——Filter(过滤器)常见应用():权限管理系统(下)-附件资源
Java-filter过滤器在项目开发应用.docx
最新发布
12-13
Java-filter过滤器在项目开发应用 Java-filter过滤器是一种Java EE规范的一种组件,用于拦截和处理Servlet请求和响应。在项目开发Java-filter过滤器可以应用于解决各种问题,以下是其的两种应用: ...
Java Web Filter 过滤器学习教程(推荐)
09-02
Java Web Filter过滤器是Servlet技术的关键组件,它允许开发者在请求到达目标资源(如Servlet、JSP或静态文件)之前和之后进行拦截处理。这种技术对于实现多种高级功能非常有用,比如权限控制、内容过滤、日志记录...
Java Web基础入门第七十七 Filter(过滤器)——Filter(过滤器)常见应用():权限管理系统(上)
李阿昀的博客
09-12 6130
我们要设计的权限管理系统,要使用Filter实现URL级别的权限认证。那我们不禁就要想设计出的权限管理系统应该使用在哪种情景呢?我想应该是这样的一种情景吧:在实际开发我们经常把一些执行敏感操作的servlet映射到一些特殊目录,并用filter把这些特殊目录保护起来,限制只能拥有相应访问权限的用户才能访问这些目录下的资源。从而在我们系统实现一种URL级别的权限功能。而且为使Filter具有通
博客后台管理系统(servlet)
05-21
博客后台管理系统 servlet 实现 你值得拥有
Member:基于Jsp + Servlet + MySQL的会员管理系统
03-11
成员 会员是一个会员管理系统,为企业在自己的网站上吸引,管理自己的客户资源以及注册会员而开发,从而使企业与自己的用户建立良好的沟通与互动。 主要技术 JSP,Servlet,Java Bean,JDBC前端:JQuery,EasyUI数据库:MySQL 功能 前台:完成登录,注册,查看个人信息,公告,交易明细,进行点卡冲值,下载资源,添加评论以及相册等功能。 ,发布公告,点卡生成等功能。 ###部分演示 ###开发周期每周 ###负责模块此项目由2个开发人员参与开发,本人负责Java编码以及使用EasyUI进行界面的构建和开发。 ###总结与收获通过在短短一周实训时间开发完成了该项目,提高了快速定位并解决问题的能力,掌握了使用Java技术进行网络开发的相关知识。
用户角色管理项目源码
09-16
1:集成最新,最流行,,最成熟悉的技术框架 springMVC4.1.4,spring4.1.4,mybaits3.2.8,MySQL5.6 2:前端界面采用当前最流行的响应式布局设计 bootstrap3,html5,CSS3,JQueryAjax 特点: 1:基于mybaits插件完成对于基本的增,删,改,查的功能,不需要写任何SQL语句,代码一键调用即可.具有很好的灵活性,方便性,快速性.这样就大大减少代码开发时间,提高开发效率,为企业或个人有效率地节约人力资源的成本! 2:对JAVA的封装,多态,继承特性做了充分的运用,其也用到了JAVA的一个重要机制--反射机制! 3:对于简单业务的单表增,删,改,查只需要一个entity,不需要写任何的controller,service,mapper等代码,也不需要任何的sql语句,让程序员更专注于前端 4:具有安全,可靠能快速,方便,高效地进行开发 5:系统具有可扩展性,可控性,通用性强的基础 6:基础的业务性不强的列表界面采取直接配置方式,不需要写任何代码,直接生成界面,具有快捷,快速,方便地查看实时功能效果 7:集成监控功能,随时监控系统内存,CPU,磁盘的最新变化 8:新增告警邮件触发功能,让用户随时了解服务器状况 目标: 1:提升开发效率,规范开发标准 2:提高质量,降低复杂度 3:打造一个开发简单.效率快..性能好.. 易上手的框架 兼容性: 1:设备:兼容IPAD,手机,电脑,笔记本等等 2:界面:兼容IE8+,firefox,google等等 3:数据库:兼容MySQL,oracel,sqlserver2008 通用性: 让项目只注重业务,为企业或个人有效率地节约人力资源的成本! 1:系统具有最基本的用户,角色,资源,权限管理,日志管理等通用性功能,企业或个人可直接在此基础上进行开发,扩展,添加各自的需求和业务功能!
javaweb权限管理系统(附数据库)
11-11
权限管理系统,个主要模块,用户管理,权限管理,和角色管理,可以自由动态的分配权限,前端模板使用的layuimini,后端mybatis和servlet.
基于角色的权限(easyUI+servlet)
08-21
基于角色的权限(easyUI+servlet)
servlet的用户管理系统
04-26
servlet版本的用户管理系统 包括源码和数据表 适合初学者使用
基于servlet的在线商城后台管理系统
09-06
内有资源代码,数据库建表和设计语句。主要功能为后台管理员对用户信息、商品信息、商品类别、订单信息、留言信息等的管理,功能大致齐全,适合初学者参考学习。
java 使用过滤器控制用户访问权限
云想慕尘的专栏
07-31 5776
控制器类package com.crm.filter;import java.io.IOException;import java.io.PrintWriter;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet
CRM系统的查找字段控件的过滤
loginnamess的博客
12-22 1513
CRM如何过滤查找类型的控件 1.项目场景: 提示:在crm系统过滤查找类型的控件 # 2.问题描述: :在一次做项目是发现查找类型的控件过滤在每次过滤时只是在原有的基础过滤 而不是清空原有的过滤 使用当前的过滤:我原本是这样写的 setEntityOrzOrOffice(entityName: string, isSetFirstValue = false) { if (ent.type !== 1) return // 查找多对多关系 var odata = $select=${entityNa
权限角色管理模块
johncools的博客
03-29 2492
在开发很多项目的时候,都会用到用户权限管理,我也在很多项目里做过权限控制,所以,我也总结出一套条理清晰的角色权限控制体系.并且完善,减少模块的耦合度,做成一个独立的模块,用在很多项目里.先来看看管理界面的效果图:1.系统管理菜单2.权限管理。设置权限类别和权限信息。3. 角色管理4. 为角色分配权限。5.为用户分配角色有时间我会再想想多层权限控制的问题,
Java Web过滤器技术详解:实现Filter接口与应用案例
案例,基于过滤器的用户权限控制是一个常见应用场景,通过过滤器判断用户是否具有访问特定资源的权限,若无权限则阻止请求继续。文乱码解决的过滤器会在请求和响应之间转换编码,确保数据正确显示。禁止未授权...
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

李阿昀

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值