spring3.0 MVC初步4-spring security REST

一、SpEl表达式

1、配置事务时用过一个AspectJ’s pointcut expression language：

 <aop:config>
  <aop:advisor
   pointcut="execution(* *..IUserService.*(..))"
   advice-ref="txAdvice"/>
 </aop:config>

2、配置安全时用SpEl表达式
    <intercept-url pattern="/user/**" access="hasRole('ROLE_管理员')"/>
    <intercept-url pattern="/**" access="isAuthenticated()"/>

二、视图层安全元素
<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>

欢迎您：<security:authentication property="principal.username" />

三、web请求权限控制
    <intercept-url pattern="/user/**" access="hasRole('ROLE_管理员')"/>
    <intercept-url pattern="/role/**" access="hasRole('ROLE_管理员')"/>
    <intercept-url pattern="/unit/**" access="hasRole('ROLE_管理员')"/>
    <intercept-url pattern="/belong/**" access="hasRole('ROLE_管理员')"/>
    <intercept-url pattern="/**" access="isAuthenticated()"/>

四、视图层权限控制

<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>

<security:authorize access="hasRole('ROLE_管理员')">
<a href="user/page/1">用户管理</a><br/>
<a href="role">角色管理</a><br/>
<a href="unit">单位管理</a><br/>
<a href="belong">数据归属管理</a>
</security:authorize>

五、方法层权限控制

@Secured("ROLE_SPITTER")
public void addSpittle(Spittle spittle) {
// ...
}

六、REST

1、涵义：Representational State Transfer (REST)

REST URL：http://t18:3000/s4/user/4

对照struts2的url：http://t18:3000/s4/LoadUserAction.action?user.userId=4

2、控制器能处理所有http请求，包括GET, PUT, DELETE,  POST

3、@PathVariable注解使控制器能处理参数化URL

4、spring标签<sf:form method="PUT">与HeddenHttpMethodFilter过滤器共同协作，使通过普通浏览器就能支持PUT和DELETE方法。

web.xml增加

 <filter>
  <filter-name>httpMethodFilter</filter-name>
  <filter-class>org.springframework.web.filter.HiddenHttpMethodFilter</filter-class>
 </filter>
 <filter-mapping>
  <filter-name>httpMethodFilter</filter-name>
  <url-pattern>/*</url-pattern>
 </filter-mapping>

a、取数据GET http://t18:3000/s4/user/4
 @RequestMapping(value="{userId}", method=RequestMethod.GET)
 public String get(@PathVariable("userId") Short userId, Model model){
  User u = service.loadUser(userId);
  model.addAttribute(u);
  return "user/edit";
 }

b、显示用来修改PUT
    <sf:form method="PUT" modelAttribute="user">
         登录名<sf:input path="logName" /><br/>
   密码<sf:input path="password"/><br/>
   真实姓名<sf:input path="userName"/><br/>
         电话<sf:input path="phone" /><br/>
         手机<sf:input path="mobilePhone"/><br/>
         email<sf:input path="email"/><br/>
         <input type="submit" value="保存" />
    </sf:form>

c、修改PUT

 @RequestMapping(value="{userId}", method=RequestMethod.PUT)
 public String update(@PathVariable Integer userId, @Valid User user){
  service.saveUser(user);
  return "redirect:/user/page/1";
 }

d、删除DELETE

                            <sf:form method="DELETE" action="user/${u.userId }">
                            <input type="submit" value="删除"/>
                            </sf:form>

 @RequestMapping(value="{userId}", method=RequestMethod.DELETE)
 public String delete(@PathVariable("userId") short userId){
  User user = service.loadUser(userId);
  service.deleteUser(user);
  return "redirect:/user/page/1";
 }
 

e、准备添加
 
 @RequestMapping( method=RequestMethod.GET, params="new")
 public String prepare(Model model){
  model.addAttribute(new User());
  return "user/edit";
 }

f、添加页面用POST提交，控制器：
 @RequestMapping(method=RequestMethod.POST)
 public String  add(@Valid User user, BindingResult result)
   throws BindException{
  if(result.hasErrors()){
   throw new BindException(result);
  }
  service.addUser(user);
  return "redirect:/user/page/1";
 }

七、REST分页

http://t18:3000/s4/user/page/3

1、分页类
public class Page implements IPageUtil{
 private int curPage=1,toPage=1,everyCount=15;
 private long pageCount,count;
 boolean hasNext,hasPrevious;
 private List<?> data = new ArrayList();
 
 public Page(){
  
 }
 
 public Page(int toPage, long count, int everyCount, List data){
  this.toPage = toPage;
  this.count = count;
  this.everyCount = everyCount;
  this.curPage = getCurPage(count, everyCount);
  this.data = data;
 }

 public int getCurPage(long theCount){
 }
 public int getCurPage(long theCount,int n){
 }
...
}

2、dao支持

 public Page findPagedListObject(String hql, int toPage, long count, int everyCount){
  Query query = getCurrentSession().createQuery(hql);
     if (toPage <= 0) toPage = 1;
     int first = (toPage-1) * everyCount;
     int max = everyCount;
     query.setFirstResult(first+1);
        query.setMaxResults(first + max);
        List l = query.list();
        Page page = new Page(toPage, count, everyCount, l);
        return page;
 }

3、service支持

 public Page listPagedUsers(int toPage, long count, int everyCount){
   return dao.findPagedListObject("from User u", toPage, count, everyCount);
 }

4、控制器

 @RequestMapping(value="/page/{toPage}", method = RequestMethod.GET)
 public String list(
   @PathVariable("toPage") int toPage,
   HttpServletRequest request,
   Model model){
  Page page = service.findPagedUsers(request, toPage, service.countUser(request),3);
  model.addAttribute("page", page);
  
  return "user/list";
 }
5、页面显示数据时，取${page.data}即可，分页页面可共用