1.Ajax
失去焦点:
onchange="user(this)"
2.ajax的post传参: (之前我错在没写xhr.setRequestHeader和send发送参数多加了url错误)
function user(ip){
var value = ip.value;
xhr.open("post","${pageContext.request.contextPath}/user/queryone");
xhr.setRequestHeader("context-type","application/x-www-form-urlencoded");
xhr.send("username="+value);
}
3.ajax的get传值
function user(ip){
var value = ip.value;
xhr.open("get","${pageContext.request.contextPath}/user/queryone?username="+value);
xhr.send();
}
4.回调监听 (之前我错在参数ve没写,status 和 readyState 关键词大小写出错,不能进入底层,还有对于结果的判断一直出错,接收不到else条件的结果,原因可能是在Controller中先name.equals(username)后name==null判断,导致第二个null条件不执行,也不返回结果。)
xhr.onreadystatechange = function(ve){
if(xhr.status == 200 && xhr.readyState == 4){
var result = xhr.responseText;
var sp = document.getElementById("user");
if(result == "1"){
sp.innerHTML = "账号已注册";
}else {
sp.innerHTML = "账号可以注册!"
}
}
}
5.Controller中关于ajax返回值得书写: (第一点:我错在了返回值类型为void,但是我写的是String,页面转发,错误认知:因为Ajax是局部刷新,所以不可转发,第二点:我错在了查询数据库的Sql语句的resultType="String",我写成了User类型,导致没返回值并且不报错,第三点:我错在了null值判断和.equals判断,这样不执行null的条件,只返回为重复的时候提示)
@Autowired
private UserService userService;
@PostMapping("/queryone")
public void queryone(String username, HttpServletResponse response) throws IOException {
String n = userService.queryone(username);
Println.test(n);
PrintWriter writer = response.getWriter();
if(n == null){
writer.print("2");
}else if(n.equals(username)){
writer.print("1");
}else {}
}
Ajax:
在回调方法中,如果要调用标签的id时,要注意时:
不可再写(this).next.text("xxxxx");
要写标签的id名:("#id").next.text("xxxxx");
原因在于:内部不识别this是document的。
6.书写验证码登录时,要将用户输入的内容和验证码内容统一转换成大写或者小写
toLowerCase: 转成小写
toUpperCase: 转成大写
7.Spring运行原理图 (详情见同文件夹spring原理)
8.shiro拦截+注册(+盐)+登录验证(盐)
spring中的Controller中的handler方法其中注册的加盐是在器service中进行的,登录的验证,在controller中调用Myrealm类将前端的用户名和密码传给Myrealm,但是真正验证登录成功与否是在方法类MyRealm类中完成。
(1)UserController中的注册和登录代码:
package com.qianfeng.controller;
import com.qianfeng.Utils.Println;
import com.qianfeng.pojo.User;
import com.qianfeng.service.UserService;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
/**
* author:刘强
* date:2019/8/2615:44
* description:后端控制器
*/
@Controller
@RequestMapping("/user")
public class UserController {
@Autowired
private UserService userService;
@PostMapping("/queryone")
public void queryone(String username, HttpServletResponse response) throws IOException {
//ajax验证账号是否重复
String n = userService.queryone(username);
Println.test(n);
PrintWriter writer = response.getWriter();
if(n == null){
writer.print("2");
}else if(n.equals(username)){
writer.print("1");
}else {}
}
//用户注册业务
@RequestMapping("/insert")
public String insert(User user){
userService.insert(user);
return "login";
}
//用户登录业务
@RequestMapping("/login")
public String query(User user){
//1.SecurityUtils.getSubject();得到Subject这个工具的对象
Subject subject = SecurityUtils.getSubject();
//利用对象将前端传来的账户和密码放入login()方法中,
subject.login(new UsernamePasswordToken(user.getUsername(),user.getPassword()));
String uname = (String)subject.getPrincipal();//获取
Println.test(uname);//输出工具类,if(true){System.out.println(object)}
return "error";
}
//shiro拦截强制用户登录业务 实现功能是跳转到登录页面
@RequestMapping("/login/page")
public String loginpage(){
Println.test("要求用户必须登录业务。。。");
return "login";
}
//用户修改 访问此修改功能时,要先经过shiro的安全效验
//管理员删除 访问此删除功能时,要先经过shiro的安全效验
}
(2)service中的注册和登录代码
package com.qianfeng.service;
import com.qianfeng.Utils.Println;
import com.qianfeng.dao.UserDAO;
import com.qianfeng.pojo.User;
import org.apache.shiro.crypto.hash.Sha256Hash;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import java.util.UUID;
/**
* author:刘强
* date:2019/8/2615:41
* description:业务逻辑具体执行代码
*/
@Service
public class UserServiceImpl implements UserService{
@Autowired
private UserDAO userDAO;
//注册时用户名是否重复的检验!
@Override
public String queryone(String name) {
return userDAO.queryone(name);
}
//注册插入数据
@Override
public void insert(User user) {
//user信息的处理,username,password,salt,state
user.setData1("1");//设置用户状态:0 封禁,1 正常
//设置随机盐
user.setSalt(UUID.randomUUID().toString());
//设置加密属性,sha256算法,随机盐,迭代1000次 且将用户信息(包括密码的密文 和 盐)存入数据库 获得密文
String password2 = new Sha256Hash(user.getPassword(), user.getSalt(), 1000).toBase64();//密文采取64位制
user.setPassword(password2);
userDAO.insert(user);
}
//登录查询 用户名
@Override
public User query(String username) {
return userDAO.query(username);
}
}
(3)MyRealm登录验证
package com.qianfeng.realm;
import com.qianfeng.Utils.Println;
import com.qianfeng.pojo.User;
import com.qianfeng.service.PermissionService;
import com.qianfeng.service.RoleService;
import com.qianfeng.service.UserService;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import java.util.List;
/**
* author:刘强
* date:2019/8/2722:46
* description:权限管理的具体实现方法
*/
public class MyRealm extends AuthorizingRealm {
private UserService userService;
private RoleService roleService;
private PermissionService permService;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
Println.test("根据用户名查询角色和权限执行了。。。");
//通过username查询角色和权限
String username = (String) principals.getPrimaryPrincipal();
List<String> roleNames = roleService.queryRole(username);
List<String> permissionNames = permService.querypermission(username);
//封装数据
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
info.addRoles(roleNames);
info.addStringPermissions(permissionNames);
return info;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
//通过username查询用户
String username = ((UsernamePasswordToken)token).getUsername();
Println.test("MyRealm权限控制中通过username查询用户。。。");
User user = userService.query(username);
if(user!=null){
if("0".equals(user.getData1())){
throw new LockedAccountException("user locked");
}
return new SimpleAuthenticationInfo(user.getUsername(),
user.getPassword(),
ByteSource.Util.bytes(user.getSalt()),
this.getName());
}
//没有查询到对应用户名的 账户
return null;
}
public UserService getUserService() {
return userService;
}
public void setUserService(UserService userService) {
this.userService = userService;
}
public RoleService getRoleService() {
return roleService;
}
public void setRoleService(RoleService roleService) {
this.roleService = roleService;
}
public PermissionService getPermService() {
return permService;
}
public void setPermService(PermissionService permService) {
this.permService = permService;
}
}