准备工作做好后就可以进行简单的coding了:
三个表 userinfo;roleinfo;userrole
使用多对多的配置方式来实现实体对应:
UserInfo:
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
@Entity
@Proxy(lazy = false)
//@Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
public class UserInfo implements UserDetails {
private static final long serialVersionUID = 4081982980296385637L;
@Id
@Column(length=32)
@GeneratedValue(generator="system-uuid")
@GenericGenerator(name="system-uuid", strategy = "uuid.hex")
private String id;
private String username;
private String password;
private String mobile;
private String email;
@Temporal(TemporalType.DATE)
private Date accountExpireDate;
@Temporal(TemporalType.DATE)
private Date credentialsExpireDate;
private byte state;
@ManyToMany(targetEntity = RoleInfo.class, fetch = FetchType.EAGER)
@JoinTable(name = "UserRole", joinColumns = @JoinColumn(name = "userId"), inverseJoinColumns = @JoinColumn(name = "roleId"))
@Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private Set<RoleInfo> roles;
public UserInfo() {
super();
}
public void setAccountNonLocked(boolean isNonLocked) {
if(isNonLocked == true) this.state = 2;
}
public void setEnabled(boolean isEnabled) {
if(isEnabled == true) this.state = 1;
}
public void setRecvMsg(boolean isRecvMsg) {
if(isRecvMsg ^ isRecvMsg()) this.state = (byte) (this.state ^ (byte)0x10);
}
public boolean isRecvMsg() {
return (byte)(state & (byte)0x10) > 0;
}
public Set<RoleInfo> getRoles() {
return roles;
}
public void setRoles(Set<RoleInfo> roles) {
this.roles = roles;
}
public Collection<? extends GrantedAuthority> getAuthorities() {
List<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>(roles.size());
for(RoleInfo role : roles) {
grantedAuthorities.add(new SimpleGrantedAuthority(role.getValue()));
}
return grantedAuthorities;
}
public boolean isAccountNonLocked() {
if(state == 2)return true;
return false;
}
public boolean isEnabled() {
if(state == 1)return true;
return false;
}
}
用户实体需要实现UserDetails,并且在该实体中进行一些用户校验和权限赋值。
默认需要实现下列方法:
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
// TODO Auto-generated method stub
return null;
}
@Override
public boolean isAccountNonExpired() {
// TODO Auto-generated method stub
return false;
}
@Override
public boolean isAccountNonLocked() {
// TODO Auto-generated method stub
return false;
}
@Override
public boolean isCredentialsNonExpired() {
// TODO Auto-generated method stub
return false;
}
@Override
public boolean isEnabled() {
// TODO Auto-generated method stub
return false;
}
持久层接口:
@Component
public class UserDAO extends GenericDAO<UserInfo,String> {
}
JPA的泛型DAO基类(GenericDAO):
public class GenericDAO<T, ID extends Serializable> extends JpaDaoSupport
{
private Class<T> entityClass;
@SuppressWarnings("unchecked")
public GenericDAO() {
this.entityClass = (Class<T>) ((ParameterizedType) getClass().getGenericSuperclass()).getActualTypeArguments()[0];
}
public T findById(ID id) throws ObjectRetrievalFailureException{
Assert.notNull(id);
return (T) getJpaTemplate().find(entityClass, id);
}
@SuppressWarnings("unchecked")
public List<T> findAll() {
final String queryString = "select model from "+ entityClass.getSimpleName() +" model";
return (List<T>) getJpaTemplate().find(queryString);
}
public List<T> findByProperty(String propertyName, final Object value) {
final String queryString = "select model from " + entityClass.getSimpleName()
+ " model where model." + propertyName + "= ?";
System.out.println("auth step1 findByProperty:"+queryString+" username="+value);
return findByQueryString(queryString, value);
}
@SuppressWarnings("unchecked")
public List<T> findByQueryString(final String queryString, final Object... values) {
Assert.hasText(queryString);
return getJpaTemplate().executeFind(new JpaCallback() {
public Object doInJpa(EntityManager em) throws PersistenceException {
return (List<T>)createQuery(em, queryString, values).getResultList();
}
});
}
public Query createQuery(EntityManager em, String queryString, Object... values) {
Assert.hasText(queryString);
Query query = em.createQuery(queryString);
if (values != null)
for (int i = 0; i < values.length; i++)
query.setParameter(i + 1, values[i]);
return query;
}
public T save(T entity){
return getJpaTemplate().merge(entity);
}
public void remove(T entity){
getJpaTemplate().remove(entity);
}
public void remove(ID id) {
remove(findById(id));
}
// @SuppressWarnings("unchecked")
// public Page pagedQuery(final String queryString, int pageNo, final int pageSize, final Object... values) {
// return pagedQuery(queryString, pageNo, pageSize, 0, values);
// }
@SuppressWarnings("unused")
private static String removeSelect(String queryString) {
Assert.hasText(queryString);
int beginPos = queryString.toLowerCase().indexOf("from");
Assert.isTrue(beginPos != -1, " queryString : " + queryString + " must has a keyword 'from'");
return queryString.substring(beginPos);
}
@SuppressWarnings("unused")
private static String removeOrders(String queryString) {
Assert.hasText(queryString);
Pattern pattern = Pattern.compile("order\\s*by[\\w|\\W|\\s|\\S]*", Pattern.CASE_INSENSITIVE);
Matcher matcher = pattern.matcher(queryString);
StringBuffer stringBuffer = new StringBuffer();
while (matcher.find()) {
matcher.appendReplacement(stringBuffer, "");
}
matcher.appendTail(stringBuffer);
return stringBuffer.toString();
}
}
创建 service层:
顺便提一下 spring的事务分类:
Spring在TransactionDefinition接口中规定了7种类型的事务传播行为,
Propagation 传播
事务传播行为类型 说明
PROPAGATION_REQUIRED
如果当前没有事务,就新建一个事务,如果已经存在一个事务中,加入到这个事务中。这是最常见的选择。
PROPAGATION_SUPPORTS
支持当前事务,如果当前没有事务,就以非事务方式执行。
PROPAGATION_MANDATORY
使用当前的事务,如果当前没有事务,就抛出异常。
PROPAGATION_REQUIRES_NEW
新建事务,如果当前存在事务,把当前事务挂起。
PROPAGATION_NOT_SUPPORTED
以非事务方式执行操作,如果当前存在事务,就把当前事务挂起。
PROPAGATION_NEVER
以非事务方式执行,如果当前存在事务,则抛出异常。
PROPAGATION_NESTED
如果当前存在事务,则在嵌套事务内执行。如果当前没有事务,则执行与PROPAGATION_REQUIRED类似的操作。
@Transactional(readOnly = true)
public interface IUserService {
@Secured("ROLE_ADMIN") //对于方法的细粒度权限控制
public abstract List<User> readUsers();
@Secured("ROLE_ADMIN")
@Transactional(readOnly = false, propagation = Propagation.REQUIRES_NEW)
public abstract String saveUser(User user);
@Secured("ROLE_ADMIN")
@Transactional(readOnly = false, propagation = Propagation.REQUIRES_NEW)
public abstract void deleteUser(String id);
@Secured("ROLE_ADMIN")
public List<Middle> readUserRole(String id);
}
@Component
public class UserService implements IUserService {
private UserDAO userDAO;
private RoleDAO roleDAO;
public List<User> readUsers() {
List<User> result = new ArrayList<User>();
try {
for (UserInfo userInfo : userDAO.findAll()) {
User user = new User();
String[] ignoreProperties = { "roles" };
BeanUtils.copyProperties(userInfo, user, ignoreProperties);
result.add(user);
}
} catch (RuntimeException e) {
throw new RuntimeException(e);
}
return result;
}
public void deleteUser(String id) {
try {
this.userDAO.remove(id);
} catch (RuntimeException e) {
throw new RuntimeException(e);
}
}
public String saveUser(User user) {
try {
UserInfo userInfo = new UserInfo();
String[] ignoreProperties = { "accountExpireDate",
"credentialsExpireDate", "roles", "groups" };
BeanUtils.copyProperties(user, userInfo, ignoreProperties);
userInfo.setAccountExpireDate(user.getAccountExpireDate());
UserInfo ui = userDAO.save(userInfo);
return ui.getId();
} catch (RuntimeException e) {
throw new RuntimeException(e);
}
}
public List<Middle> readUserRole(String id) {
List<Middle> result = new ArrayList<Middle>();
UserInfo userInfo = userDAO.findById(id);
//Assert.isNull(userInfo);
Set<RoleInfo> roles = userInfo.getRoles();
for(RoleInfo roleInfo :roleDAO.findAll()) {
Middle userRole = new Middle();
BeanUtils.copyProperties(roleInfo, userRole);
userRole.setMark(roles.contains(roleInfo));
result.add(userRole);
}
return result;
}
public UserDAO getUserDAO() {
return userDAO;
}
public void setUserDAO(UserDAO userDAO) {
this.userDAO = userDAO;
}
public RoleDAO getRoleDAO() {
return roleDAO;
}
public void setRoleDAO(RoleDAO roleDAO) {
this.roleDAO = roleDAO;
}
}
三个表 userinfo;roleinfo;userrole
使用多对多的配置方式来实现实体对应:
UserInfo:
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
@Entity
@Proxy(lazy = false)
//@Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
public class UserInfo implements UserDetails {
private static final long serialVersionUID = 4081982980296385637L;
@Id
@Column(length=32)
@GeneratedValue(generator="system-uuid")
@GenericGenerator(name="system-uuid", strategy = "uuid.hex")
private String id;
private String username;
private String password;
private String mobile;
private String email;
@Temporal(TemporalType.DATE)
private Date accountExpireDate;
@Temporal(TemporalType.DATE)
private Date credentialsExpireDate;
private byte state;
@ManyToMany(targetEntity = RoleInfo.class, fetch = FetchType.EAGER)
@JoinTable(name = "UserRole", joinColumns = @JoinColumn(name = "userId"), inverseJoinColumns = @JoinColumn(name = "roleId"))
@Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
private Set<RoleInfo> roles;
public UserInfo() {
super();
}
public void setAccountNonLocked(boolean isNonLocked) {
if(isNonLocked == true) this.state = 2;
}
public void setEnabled(boolean isEnabled) {
if(isEnabled == true) this.state = 1;
}
public void setRecvMsg(boolean isRecvMsg) {
if(isRecvMsg ^ isRecvMsg()) this.state = (byte) (this.state ^ (byte)0x10);
}
public boolean isRecvMsg() {
return (byte)(state & (byte)0x10) > 0;
}
public Set<RoleInfo> getRoles() {
return roles;
}
public void setRoles(Set<RoleInfo> roles) {
this.roles = roles;
}
public Collection<? extends GrantedAuthority> getAuthorities() {
List<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>(roles.size());
for(RoleInfo role : roles) {
grantedAuthorities.add(new SimpleGrantedAuthority(role.getValue()));
}
return grantedAuthorities;
}
public boolean isAccountNonLocked() {
if(state == 2)return true;
return false;
}
public boolean isEnabled() {
if(state == 1)return true;
return false;
}
}
用户实体需要实现UserDetails,并且在该实体中进行一些用户校验和权限赋值。
默认需要实现下列方法:
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
// TODO Auto-generated method stub
return null;
}
@Override
public boolean isAccountNonExpired() {
// TODO Auto-generated method stub
return false;
}
@Override
public boolean isAccountNonLocked() {
// TODO Auto-generated method stub
return false;
}
@Override
public boolean isCredentialsNonExpired() {
// TODO Auto-generated method stub
return false;
}
@Override
public boolean isEnabled() {
// TODO Auto-generated method stub
return false;
}
持久层接口:
@Component
public class UserDAO extends GenericDAO<UserInfo,String> {
}
JPA的泛型DAO基类(GenericDAO):
public class GenericDAO<T, ID extends Serializable> extends JpaDaoSupport
{
private Class<T> entityClass;
@SuppressWarnings("unchecked")
public GenericDAO() {
this.entityClass = (Class<T>) ((ParameterizedType) getClass().getGenericSuperclass()).getActualTypeArguments()[0];
}
public T findById(ID id) throws ObjectRetrievalFailureException{
Assert.notNull(id);
return (T) getJpaTemplate().find(entityClass, id);
}
@SuppressWarnings("unchecked")
public List<T> findAll() {
final String queryString = "select model from "+ entityClass.getSimpleName() +" model";
return (List<T>) getJpaTemplate().find(queryString);
}
public List<T> findByProperty(String propertyName, final Object value) {
final String queryString = "select model from " + entityClass.getSimpleName()
+ " model where model." + propertyName + "= ?";
System.out.println("auth step1 findByProperty:"+queryString+" username="+value);
return findByQueryString(queryString, value);
}
@SuppressWarnings("unchecked")
public List<T> findByQueryString(final String queryString, final Object... values) {
Assert.hasText(queryString);
return getJpaTemplate().executeFind(new JpaCallback() {
public Object doInJpa(EntityManager em) throws PersistenceException {
return (List<T>)createQuery(em, queryString, values).getResultList();
}
});
}
public Query createQuery(EntityManager em, String queryString, Object... values) {
Assert.hasText(queryString);
Query query = em.createQuery(queryString);
if (values != null)
for (int i = 0; i < values.length; i++)
query.setParameter(i + 1, values[i]);
return query;
}
public T save(T entity){
return getJpaTemplate().merge(entity);
}
public void remove(T entity){
getJpaTemplate().remove(entity);
}
public void remove(ID id) {
remove(findById(id));
}
// @SuppressWarnings("unchecked")
// public Page pagedQuery(final String queryString, int pageNo, final int pageSize, final Object... values) {
// return pagedQuery(queryString, pageNo, pageSize, 0, values);
// }
@SuppressWarnings("unused")
private static String removeSelect(String queryString) {
Assert.hasText(queryString);
int beginPos = queryString.toLowerCase().indexOf("from");
Assert.isTrue(beginPos != -1, " queryString : " + queryString + " must has a keyword 'from'");
return queryString.substring(beginPos);
}
@SuppressWarnings("unused")
private static String removeOrders(String queryString) {
Assert.hasText(queryString);
Pattern pattern = Pattern.compile("order\\s*by[\\w|\\W|\\s|\\S]*", Pattern.CASE_INSENSITIVE);
Matcher matcher = pattern.matcher(queryString);
StringBuffer stringBuffer = new StringBuffer();
while (matcher.find()) {
matcher.appendReplacement(stringBuffer, "");
}
matcher.appendTail(stringBuffer);
return stringBuffer.toString();
}
}
创建 service层:
顺便提一下 spring的事务分类:
Spring在TransactionDefinition接口中规定了7种类型的事务传播行为,
Propagation 传播
事务传播行为类型 说明
PROPAGATION_REQUIRED
如果当前没有事务,就新建一个事务,如果已经存在一个事务中,加入到这个事务中。这是最常见的选择。
PROPAGATION_SUPPORTS
支持当前事务,如果当前没有事务,就以非事务方式执行。
PROPAGATION_MANDATORY
使用当前的事务,如果当前没有事务,就抛出异常。
PROPAGATION_REQUIRES_NEW
新建事务,如果当前存在事务,把当前事务挂起。
PROPAGATION_NOT_SUPPORTED
以非事务方式执行操作,如果当前存在事务,就把当前事务挂起。
PROPAGATION_NEVER
以非事务方式执行,如果当前存在事务,则抛出异常。
PROPAGATION_NESTED
如果当前存在事务,则在嵌套事务内执行。如果当前没有事务,则执行与PROPAGATION_REQUIRED类似的操作。
@Transactional(readOnly = true)
public interface IUserService {
@Secured("ROLE_ADMIN") //对于方法的细粒度权限控制
public abstract List<User> readUsers();
@Secured("ROLE_ADMIN")
@Transactional(readOnly = false, propagation = Propagation.REQUIRES_NEW)
public abstract String saveUser(User user);
@Secured("ROLE_ADMIN")
@Transactional(readOnly = false, propagation = Propagation.REQUIRES_NEW)
public abstract void deleteUser(String id);
@Secured("ROLE_ADMIN")
public List<Middle> readUserRole(String id);
}
@Component
public class UserService implements IUserService {
private UserDAO userDAO;
private RoleDAO roleDAO;
public List<User> readUsers() {
List<User> result = new ArrayList<User>();
try {
for (UserInfo userInfo : userDAO.findAll()) {
User user = new User();
String[] ignoreProperties = { "roles" };
BeanUtils.copyProperties(userInfo, user, ignoreProperties);
result.add(user);
}
} catch (RuntimeException e) {
throw new RuntimeException(e);
}
return result;
}
public void deleteUser(String id) {
try {
this.userDAO.remove(id);
} catch (RuntimeException e) {
throw new RuntimeException(e);
}
}
public String saveUser(User user) {
try {
UserInfo userInfo = new UserInfo();
String[] ignoreProperties = { "accountExpireDate",
"credentialsExpireDate", "roles", "groups" };
BeanUtils.copyProperties(user, userInfo, ignoreProperties);
userInfo.setAccountExpireDate(user.getAccountExpireDate());
UserInfo ui = userDAO.save(userInfo);
return ui.getId();
} catch (RuntimeException e) {
throw new RuntimeException(e);
}
}
public List<Middle> readUserRole(String id) {
List<Middle> result = new ArrayList<Middle>();
UserInfo userInfo = userDAO.findById(id);
//Assert.isNull(userInfo);
Set<RoleInfo> roles = userInfo.getRoles();
for(RoleInfo roleInfo :roleDAO.findAll()) {
Middle userRole = new Middle();
BeanUtils.copyProperties(roleInfo, userRole);
userRole.setMark(roles.contains(roleInfo));
result.add(userRole);
}
return result;
}
public UserDAO getUserDAO() {
return userDAO;
}
public void setUserDAO(UserDAO userDAO) {
this.userDAO = userDAO;
}
public RoleDAO getRoleDAO() {
return roleDAO;
}
public void setRoleDAO(RoleDAO roleDAO) {
this.roleDAO = roleDAO;
}
}
340
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
