学习filter,用户批量删除功能以及角色权限管理功能
一、filter
实现用户登录后才能进行后续操作,即用户完成登录操作后,浏览器读取到用户信息,才不会拦截访问管理页面的请求,给访问放行。这就需要写一个过滤器:
在UserController的login方法中增加HttpSession session参数,在id!=-1的判断条件中加入:
session.setAttribute("user",user);
接下来写过滤器,定义过滤的规则:
新建package:filter,在filter中新建LoginFilter类,让它继承java中的filter,实现doFilter接口的方法:
package com.zhongruan.filter;
import com.zhongruan.bean.User;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
public class LoginFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request=(HttpServletRequest) servletRequest;
HttpServletResponse response=(HttpServletResponse) servletResponse;
HttpSession session=request.getSession();
User user=(User) session.getAttribute("user");
String uri=request.getRequestURI();
System.out.println("uri************"+uri);
System.out.println("uri.indexOf************"+uri.indexOf("login.do"));
if(user==null && uri.indexOf("login.do")==-1){
response.sendRedirect(request.getContextPath()+"../login_page.jsp");
}else {
filterChain.doFilter(request,response);
}
}
@Override
public void destroy() {
}
}
接下来在web.xml配置文件中配置filter:
<filter>
<filter-name>loginFilter</filter-name>
<filter-class>com.zhongruan.filter.LoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>loginFilter</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
接下来运行项目,检查运行结果:
项目运行后来到登录界面:
不输入账号密码,直接在地址栏输入目标地址:
回车后,发现重定向到了本页面,地址栏显示为:
输入密码账号登录后,才可以正常进入管理页面。
二、用户批量删除功能:
在UserDao中写接口:
void deleteAll(@Param("ids")List<Integer> ids);
在UserMapper中写对数据库操作的语句:
<delete id="deleteAll" parameterType="list">
delete from tb_user where id in
<foreach collection="ids" item="id" open="(" close=")" separator=",">
#{id}
</foreach>
</delete>
在UserService中增加接口:
void deleteAll(List<Integer> ids);
在UserServiceImpl中实现deleteAll方法:
@Override
public void deleteAll(List<Integer> ids) {
System.out.println("service in"+ids);
userDao.deleteAll(ids);
System.out.println("service end");
}
在UserController中增加方法:
@RequestMapping("deleteAll.do")
public String deleteAll(String userList){
System.out.println("userList:"+userList);
String[] str=userList.split(",");
List<Integer> ids=new ArrayList<>();
for (String s:str){
ids.add(Integer.parseInt(s));
}
userService.deleteAll(ids);
return "redirect:findAll.do";
}
在user-list中,为删除键的onclick()动作增加一个响应的方法deleteAll():
function deleteAll() {
var checkedNum=$("input[name='ids']:checked").length;
alert(checkedNum);
if(checkedNum==0){
alert("请至少选择一个进行删除!!!");
return;
}
if(confirm("确认要删除这些用户吗?")){
var userList=new Array();
$("input[name='ids']:checked").each(
function () {
userList.push($(this).val())
}
);
alert(userList);
$.ajax({
type:"post",
url: "${pageContext.request.contextPath}/user/deleteAll.do",
data:{userList:userList.toString()},
success:function () {
alert("删除成功");
location.reload();
},
error:function () {
alert("删除失败");
}
});
}
运行项目:选中第8 , 9项数据,点击左上角删除键:
网页提示:
三、角色权限管理模块
在bean中新建Role角色类和UserRole角色关系类:
package com.zhongruan.bean;
public class Role {
private int id;
private String rolename;
private String roledesc;
public int getId() {
return id;
}
public void setId(int id) {
this.id = id;
}
public String getRolename() {
return rolename;
}
public void setRolename(String rolename) {
this.rolename = rolename;
}
public String getRoledesc() {
return roledesc;
}
public void setRoledesc(String roledesc) {
this.roledesc = roledesc;
}
@Override
public String toString() {
return "Role{" +
"id=" + id +
", rolename='" + rolename + '\'' +
", roledesc='" + roledesc + '\'' +
'}';
}
}
package com.zhongruan.bean;
import com.zhongruan.dao.UserDao;
public class UserRole {
private int id;
private int userId;
private int roleId;
public UserRole(int id,int userId,int roleId){
this.id=id;
this.userId=userId;
this.roleId=roleId;
}
public UserRole() {
}
public int getId() {
return id;
}
public void setId(int id) {
this.id = id;
}
public int getUserId() {
return userId;
}
public void setUserId(int userId) {
this.userId = userId;
}
public int getRoleId() {
return roleId;
}
public void setRoleId(int roleId) {
this.roleId = roleId;
}
@Override
public String toString() {
return "UserRole{" +
"id=" + id +
", userId=" + userId +
", roleId=" + roleId +
'}';
}
}
在数据库中新建tb_role和user_role两张表:
在Dao层新建RoleDao接口
package com.zhongruan.dao;
import com.zhongruan.bean.Role;
import com.zhongruan.bean.UserRole;
import java.util.List;
public interface RoleDao {
List<Integer> findRoleIdByUserId(int userId);
List<Role> findRoleByUserId(int id);
void addRole(UserRole userRole);
}
在mapper中新建RoleMapper.xml,实现对数据库的操作:
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<mapper namespace="com.zhongruan.dao.RoleDao" >
<select id="findRoleIdByUserId" parameterType="int" resultType="int">
select roleId from user_role where userId=#{userId};
</select>
<select id="findRoleByUserId" parameterType="int" resultType="role">
select * from tb_role where id not in (select roleId from user_role where userId =#{id});
</select>
<insert id="addRole" parameterType="userRole">
insert into user_role (userId,roleId) values (#{userId},#{roleId});
</insert>
</mapper>
在Service中新建RoleService接口:
package com.zhongruan.service;
import com.zhongruan.bean.Role;
import java.util.List;
public interface RoleService {
List<Integer> findRoleId(int userId);
List<Role> findRoleByUserId(int id);
void add(List<Integer> ids,String userId);
}
在RoleServiceImpl中实现接口:
package com.zhongruan.service.impl;
import com.zhongruan.bean.Role;
import com.zhongruan.bean.UserRole;
import com.zhongruan.dao.RoleDao;
import com.zhongruan.service.RoleService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import java.util.List;
@Service
public class RoleServiceImpl implements RoleService {
@Autowired
private RoleDao roleDao;
@Override
public List<Integer> findRoleId(int userId) {
return roleDao.findRoleIdByUserId(userId);
}
@Override
public List<Role> findRoleByUserId(int id) {
return roleDao.findRoleByUserId(id);
}
@Override
public void add(List<Integer> ids, String userId) {
for(int roleId:ids){
UserRole userRole = new UserRole();
userRole.setUserId(Integer.parseInt(userId));
userRole.setRoleId(roleId);
roleDao.addRole(userRole);
}
}
}
接下来在UserController中增加toAddRole和add方法:
@RequestMapping("toAddRole.do")
public ModelAndView toAddRole(int id){
List<Role> roleList=roleService.findRoleByUserId(id);
ModelAndView mv=new ModelAndView();
mv.addObject("roles",roleList);
mv.addObject("id",id);
mv.setViewName("user-role-add");
return mv;
}
@RequestMapping("addRole.do")
@ResponseBody
public String add(String roleList,String userId){
String[] strs= roleList.split(",");
List<Integer> ids=new ArrayList<>();
for (String s:strs){
ids.add(Integer.parseInt(s));
}
roleService.add(ids,userId);
return "";
}
然后在user-list中相应的位置增加“添加角色”的按钮:
<a href="/user/toUpdate.do?id=${user.id}" class="btn bg-olive btn-xs">更新</a>
<a href="/user/deleteById.do?id=${user.id}" class="btn bg-olive btn-xs">删除</a>
<% List<Integer> roleIds=(List<Integer>) session.getAttribute("roleIds");%>
<% if(roleIds.contains(1)){%>
<a href="/user/toAddRole.do?id=${user.id}" class="btn bg-olive btn-xs">添加角色</a>
<% } %>
再回到UserController中的login方法,在if(id!=-1)的判断条件下增加:
List<Integer> roleIds=roleService.findRoleId(id);
session.setAttribute("roleIds",roleIds);
用户在登录的时候,系统就会判断用户是什么角色,并且把它对应的角色信息存储下来,页面当中再读取session中的角色信息,如果发现角色id里包括1,即为管理员身份的话,那么隐藏的“添加角色按钮”就会显示出来,即允许管理员进行添加角色的操作。
运行结果如图:这里是管理员登录:
点击添加角色按钮,页面允许再绑定普通用户身份。管理员身份不显示是因为该用户本身就是管理员了,所以不需要再绑定了:
将普通用户身份也绑定后,再次点击添加角色按钮,可以看到,已经没有可供选择的角色身份了,因为两个角色都已经与该用户绑定:
今天学习内容比较多,需要好好消化,接下来也要好好努力。