AdminInfo.java
package bean;
import java.util.Set;
public class AdminInfo {
private Integer adminId;
private String adminName;
private String adminPass;
private String adminImg;
private Integer adminState;
//描述多对多情况
private Set<PowerInfo> powerSet;
public AdminInfo(){
}
public Integer getAdminId() {
return adminId;
}
public void setAdminId(Integer adminId) {
this.adminId = adminId;
}
public String getAdminName() {
return adminName;
}
public void setAdminName(String adminName) {
this.adminName = adminName;
}
public String getAdminPass() {
return adminPass;
}
public void setAdminPass(String adminPass) {
this.adminPass = adminPass;
}
public String getAdminImg() {
return adminImg;
}
public void setAdminImg(String adminImg) {
this.adminImg = adminImg;
}
public Integer getAdminState() {
return adminState;
}
public void setAdminState(Integer adminState) {
this.adminState = adminState;
}
public Set<PowerInfo> getPowerSet() {
return powerSet;
}
public void setPowerSet(Set<PowerInfo> powerSet) {
this.powerSet = powerSet;
}
@Override
public String toString() {
return "AdminInfo{" +
"adminId=" + adminId +
", adminName='" + adminName + '\'' +
", adminPass='" + adminPass + '\'' +
", adminImg='" + adminImg + '\'' +
", adminState=" + adminState +
'}';
}
}
PowerInfo.java
package bean;
import java.util.Set;
public class PowerInfo {
private Integer powerId;
private String powerName;
private String powerUrl;
private Integer powerState;
private Set<AdminInfo> adminSet;
public PowerInfo(){
}
public Integer getPowerId() {
return powerId;
}
public void setPowerId(Integer powerId) {
this.powerId = powerId;
}
public String getPowerName() {
return powerName;
}
public void setPowerName(String powerName) {
this.powerName = powerName;
}
public String getPowerUrl() {
return powerUrl;
}
public void setPowerUrl(String powerUrl) {
this.powerUrl = powerUrl;
}
public Integer getPowerState() {
return powerState;
}
public void setPowerState(Integer powerState) {
this.powerState = powerState;
}
public Set<AdminInfo> getAdminSet() {
return adminSet;
}
public void setAdminSet(Set<AdminInfo> adminSet) {
this.adminSet = adminSet;
}
@Override
public String toString() {
return "PowerInfo{" +
"powerId=" + powerId +
", powerName='" + powerName + '\'' +
", powerUrl='" + powerUrl + '\'' +
", powerState=" + powerState +
'}';
}
}
AdminMapper.java
package mapper;
import bean.AdminInfo;
public interface AdminMapper {
AdminInfo checkAdminLogin(AdminInfo ai);
String checkAdminLoginPower(String name);
}
AdminMapper.xml
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="mapper.AdminMapper">
<select id="checkAdminLogin" parameterType="bean.AdminInfo" resultType="bean.AdminInfo">
select * from admininfo where adminname=#{adminName} and adminpass = md5(#{adminPass})
</select>
<select id="checkAdminLoginPower" resultType="java.lang.String">
SELECT * FROM adminpowerinfo WHERE adminid = (SELECT adminid FROM admininfo WHERE adminname=#{name}) AND powerid = 1;
</select>
</mapper>
PowerMapper.java
package mapper;
import bean.PowerInfo;
import java.util.Set;
public interface PowerMapper {
Set<PowerInfo> printAllPower(Integer adminId);
}
PowerMapper.xml
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="mapper.PowerMapper">
<select id="printAllPower" resultType="bean.PowerInfo" >
select * from powerinfo where powerid in(select powerid from adminpowerinfo where adminid = #{adminId})
</select>
</mapper>
SessionUtil.java
public class SessionUtil {
public static InputStream is = SessionUtil.class.getClassLoader().getResourceAsStream("config.xml");
public static SqlSessionFactory session = new SqlSessionFactoryBuilder().build(is);
}
AdminServlet.java
@WebServlet("/admin.do")
public class AdminServlet extends HttpServlet {
private AdminBiz ab = new AdminBizImpl();
private PowerBiz pb = new PowerBizImpl();
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
String type = req.getParameter("type");
if ("login".equals(type)){
login(req,resp);
}else if ("isLogin".equals(type)){
isLogin(req,resp);
}else if ("getPower".equals(type)){
getPower(req,resp);
}
}
public void login(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
String name = req.getParameter("name");
String pass = req.getParameter("pass");
AdminInfo ai = new AdminInfo();
ai.setAdminName(name);
ai.setAdminPass(pass);
ai = ab.checkAdminLogin(ai);
HttpSession session = req.getSession();
if (ai == null){//登陆失败
String str = "<label style='color:red'>你的账号或者密码错误!</label>";
session.setAttribute("ERROR_MSG",str);
resp.sendRedirect("login.html");
}else{//登陆成功
session.removeAttribute("ERROR_MSG");
session.setAttribute("ADMIN_INFO",ai);
resp.sendRedirect("index.html");
}
}
public void isLogin(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
HttpSession session = req.getSession();
Object obj = session.getAttribute("ERROR_MSG");
resp.setContentType("text/html;charset=utf-8");
PrintWriter out = resp.getWriter();
if (obj!=null){
out.print(obj);
}else{
out.print(1);
}
}
public void getPower(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
HttpSession session = req.getSession();
AdminInfo ai = (AdminInfo)session.getAttribute("ADMIN_INFO");
Set<PowerInfo> set = ai.getPowerSet();
resp.setContentType("application/json;charset=utf-8");
PrintWriter out = resp.getWriter();
out.print(JSONArray.toJSONString(set));
}
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doPost(req, resp);
}
}
login.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>后台登录页面</title>
<script src="js/jquery-3.4.1.min.js"></script>
<style>
#table{
margin: auto;
border: 1px gray solid;
text-align: center;
}
</style>
<script>
$(document).ready(function () {
$.post("admin.do",{"type":"isLogin"},function (data) {
if(data==1){
var str = "<label style='color:red'>请登录后访问!</label>";
$("#loginMsg").html(str);
}else{
$("#loginMsg").html(data);
}
});
});
</script>
</head>
<body>
<form action="admin.do" method="post">
<table id="table" border="1" align="center" width="30%">
<caption id="loginMsg"></caption>
<tr>
<th>账号</th>
<td><input type="text" name="name" placeholder="请输入账号"/></td>
</tr>
<tr>
<th>密码:</th>
<td><input type="password" name="pass" placeholder="请输入密码"/></td>
</tr>
<input type="hidden" name="type" value="login"/>
<tr>
<th colspan="2">
<button>登录</button>
</th>
</tr>
</table>
</form>
</body>
</html>
index.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
<script src="js/jquery-3.4.1.min.js"></script>
<script>
$(document).ready(function () {
$.post("admin.do",{"type":"getPower"},function (data) {
for (var i = 0; i < data.length; i++) {
var o = data[i];
$("#divs").append(o.powerName+"<br/>");
}
});
});
</script>
</head>
<body>
这里是后台管理页面
<hr style="color: red" size="20px"/>
<div id="divs">
</div>
</body>
</html>
CheckAdminLoginFilter.java
@WebFilter("/*")
public class CheckAdminLoginFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest)servletRequest;
HttpServletResponse response = (HttpServletResponse)servletResponse;
String uri = request.getRequestURI();
uri = uri.substring(uri.lastIndexOf('/')+1);
//除了login.html之外的.html请求都进行拦截
if (uri.endsWith(".html")||uri==null){
if ("login.html".equals(uri)){
filterChain.doFilter(servletRequest, servletResponse);
}else{
HttpSession session = request.getSession();
Object obj = session.getAttribute("ADMIN_INFO");
if (obj == null){
session.setAttribute("ERROR_MSG",1);
response.sendRedirect("login.html");
}else{
filterChain.doFilter(servletRequest, servletResponse);
}
}
}else{
filterChain.doFilter(servletRequest, servletResponse);
}
}
@Override
public void destroy() {
}
}
CheckAdminLoginPowerFilter.java
/*
1.这个过滤器只是拦截登录操作
2.会在登录前,判断用户是否有登录权限
3.如果没有登录权限,返回登录页面,并提示
4.有登录权限,继续
*/
@WebFilter("*.do")
public class CheckAdminLoginPowerFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest)servletRequest;
HttpServletResponse response = (HttpServletResponse)servletResponse;
String uri = request.getRequestURI();
uri = uri.substring(uri.lastIndexOf('/')+1);
if ("admin.do".equals(uri)){
String type = request.getParameter("type");
if ("login".equals(type)){//判断是否有权限
AdminBiz ab = new AdminBizImpl();
String name = request.getParameter("name");
String tt = ab.checkAdminLoginPower(name);
HttpSession session = request.getSession();
if (tt != null){//说明有权限
filterChain.doFilter(servletRequest, servletResponse);
//判断是否登陆成功,打印拥有的权限
Object obj = session.getAttribute("ADMIN_INFO");
if (obj != null) {//说明登陆成功,打印所有权限
AdminInfo adminInfo = (AdminInfo) obj;
Integer adminId = adminInfo.getAdminId();
PowerBiz powerBiz = new PowerBizImpl();
Set<PowerInfo> set = powerBiz.findAllPower(adminId);
adminInfo.setPowerSet(set);
session.setAttribute("ADMIN_INFO", adminInfo);
}
}else{
String pp = "<label style='color:red'>你没有登录权限!</label>";
response.setContentType("text/html;charset=utf-8");
session.setAttribute("ERROR_MSG", pp);
response.sendRedirect("login.html");
}
}else{
filterChain.doFilter(servletRequest, servletResponse);
}
}else{
filterChain.doFilter(servletRequest, servletResponse);
}
}
@Override
public void destroy() {
}
}
config.xml
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE configuration PUBLIC "-//mybatis.org//DTD Config 3.0//EN" "http://mybatis.org/dtd/mybatis-3-config.dtd">
<configuration>
<settings><!--控制台可以输出sql语句-->
<setting name="logImpl" value="STDOUT_LOGGING"/>
</settings>
<environments default="development"> <!--development:开发模式-->
<environment id="development">
<transactionManager type="JDBC"/>
<!--配置数据库连接信息-->
<dataSource type="POOLED">
<property name="driver" value="com.mysql.cj.jdbc.Driver"/>
<property name="url" value="jdbc:mysql://localhost:3306/db6?characterEncoding=utf8&useSSL=false&serverTimezone=UTC&rewriteBatchedStatements=true"/>
<property name="username" value="xxxx"/>
<property name="password" value="xxxx"/>
</dataSource>
</environment>
</environments>
<mappers>
<mapper resource="mapper/AdminMapper.xml"/>
<mapper resource="mapper/PowerMapper.xml"/>
</mappers>
</configuration>