数据库设计
登录验证
public class ViewController {
@Autowired
private DocumentService document;
@Autowired
DepartmentService department;
String admin="admin";
String adminpass="123456";
@RequestMapping("/login")
public String login(HttpServletRequest req,Map<String, Object> map ) {
String name = req.getParameter("name");
String pass = req.getParameter("pass");
//管理员还是普通用户
String type = req.getParameter("type");
if(type.equals("部门")) {
if(!department.isExist(name)) {
map.put("msg", "用户名不存在!");
return "login";
}
List<Map<String, Object>> result = department.getDepartment(name).getResult();
Map<String, Object> depart = result.get(0);
String d_name = (String) depart.get("name");
String d_pass = (String) depart.get("pass");
if(!d_name.equals(d_name)||!d_pass.equals(d_pass)) {
map.put("msg", "部门不存在或密码错误!");
return "login";
}
HttpSession session = req.getSession();
session.setAttribute("type", "depart");
session.setAttribute("id", map.get("id"));
session.setAttribute("name", d_name);
return "departmain";
}else {
if(!name.equals(admin)||!pass.equals(adminpass)) {
map.put("msg", "管理员不存在或密码错误");
return "login";
}
HttpSession session = req.getSession();
session.setAttribute("type", "admin");
session.setAttribute("name", name);
return "adminmain";
}
}
}
文件上传
private DocumentDao document;
private static String realPath="d:\\Downloads\\";//文件的保存目录
private Result result=null;
//事务开始
@Override
public Result addDocument(String depart_id, String readclass, String remarks,MultipartFile file) {
// TODO Auto-generated method stub
result=new Result();
String path=null;
String filename=null;
File save_file=null;
String date=null;
try {
if(file.isEmpty()) {
result.addMsg("上传文件不能为空!");
return result;
}
//获取文件名字
filename = file.getOriginalFilename();
int index=filename.lastIndexOf(".");
String extendname=filename.substring(index);
//文件真实保存名字,防止重名等
path=filename.substring(0, index)+"_"+document.selectMaxId()+extendname;
date=getDate.Date();
//文件保存
save_file=new File(realPath+path);
if(!save_file.getParentFile().exists()) {
save_file.getParentFile().mkdir();
}
file.transferTo(save_file);
} catch (IllegalStateException e) {
// TODO Auto-generated catch block
e.printStackTrace();
result.addMsg("保存文件出错:IllegalStateException!");
return result;
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
result.addMsg("保存文件出错:IOException!");
return result;
}
//文件保存过后信息添加到数据库
document.addDocument(filename, depart_id, readclass, date, path, remarks);
result.addMsg("文件上传成功");
return result;
}
session验证
public class DepartmentFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest req=(HttpServletRequest) request;
HttpServletResponse res=(HttpServletResponse) response;
System.out.println("zhixing");
//是否需要登录
if(ifNeedLogin(req)) {
HttpSession session = req.getSession();
String id = (String) session.getAttribute("id");
String type=(String) session.getAttribute("type");
//获取请求类型ajax不需要登录
String requestType=req.getHeader("X-Requested-With");
if("XMLHttprequest".equals(requestType)) {
response.getWriter().write("你还没有登录!");
return;
//是否是部门
}else if(!"department".equals(type)) {
res.sendRedirect("/erro");
return;
}
else if(null==id||"".equals(id)) {
res.sendRedirect("/login");
return;
}else {
chain.doFilter(request, response);
}
}
chain.doFilter(request, response);
}
private boolean ifNeedLogin(HttpServletRequest request) {
//不需要登录验证的url
String[] paths=new String[] {
"/login","/fileuploadpage"
};
//获取请求路径
String path=request.getServletPath();
System.out.println("path"+path);
//判断是否需要验证
for (String p : paths) {
if(path.equals(path))
return false;
}
return true;
}
}