- 普通用户登录
在浏览器输入:http://localhost:8080
对应web.xml
- <!-- Spring 刷新Introspector防止内存泄露 -->
- <listener>
- <listener-class>org.springframework.web.util.IntrospectorCleanupListener</listener-class>
- </listener>
- <session-config>
- <!-- session超时定义,单位为分钟 -->
- <session-timeout>20</session-timeout>
- </session-config>
- <welcome-file-list>
- <welcome-file>index.html</welcome-file>
- <welcome-file>index.shtml</welcome-file>
- <welcome-file>index.jhtml</welcome-file>
- </welcome-file-list>
- <error-page>
- <error-code>403</error-code>
- <location>/WEB-INF/error/403.html</location>
- </error-page>
- <error-page>
- <error-code>404</error-code>
- <location>/404.html</location>
- </error-page>
打开首页面: ROOT/index.html,此页面在intall的时候生成,内容为演示站点的首页信息。
此页面根据初始化的数据生成,为静态页面。具体如何生成,在后面的分析中补上。
- 登录管理页面
在浏览器输入:http://localhost:8080/jeeadmin/jeecms/index.do
web.xml中的配置:
- ...
- <servlet>
- <servlet-name>JeeCmsAdmin</servlet-name>
- <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
- <init-param>
- <param-name>contextConfigLocation</param-name>
- <param-value>/WEB-INF/config/jeecms-servlet-admin.xml</param-value>
- </init-param>
- <load-on-startup>1</load-on-startup>
- </servlet>
- ...
- <servlet-mapping>
- <servlet-name>JeeCmsAdmin</servlet-name>
- <url-pattern>/jeeadmin/jeecms/*</url-pattern>
- </servlet-mapping>
- ...
- /WEB-INF/config/jeecms-servlet-admin.xml
/jeeadmin/jeecms/* 转向 jeecms-servlet-admin.xml
这个是标准的spring 配置文件,这个文件中include了action的配置文件jeecms-servlet-admin-action.xml.
用户登录时要进行一系列的操作,拦截器配置如下:
AdminLocaleInterceptor:本地化信息拦截器
FireWallInterceptor:防火墙拦截器,目前还不知道干啥用??
后面重点分析adminContextInterception
- <bean class="org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping">
- <property name="interceptors">
- <list>
- <ref bean="adminContextInterceptor"/>
- <ref bean="adminLocaleIntercept"/>
- <ref bean="fireWallInterceptor"/>
- </list>
- </property>
- </bean>
- <bean id="adminContextInterceptor" class="com.jeecms.cms.web.AdminContextInterceptor">
- <property name="auth" value="true"/>
- <property name="loginUrl" value="/jeeadmin/jeecms/login.do"/>
- <property name="returnUrl" value="/jeeadmin/jeecms/index.do"/>
- <property name="excludeUrls">
- <list>
- <value>/login.do</value>
- <value>/logout.do</value>
- </list>
- </property>
- </bean>
- <bean id="adminLocaleIntercept" class="com.jeecms.cms.web.AdminLocaleInterceptor"/>
- <bean id="fireWallInterceptor" class="com.jeecms.cms.web.FireWallInterceptor">
- </bean>
表示层配置,页面的存放在/jeecms_sys/*.html,并指定为UTF-8格式。
- <bean id="freemarkerViewResolver" class="com.jeecms.common.web.springmvc.RichFreeMarkerViewResolver">
- <property name="prefix" value="/jeecms_sys/"/>
- <property name="suffix" value=".html"/>
- <property name="contentType" value="text/html; charset=UTF-8"/>
- <property name="exposeRequestAttributes" value="false"/>
- <property name="exposeSessionAttributes" value="false"/>
- <property name="exposeSpringMacroHelpers" value="true"/>
- </bean>
- AdminContextInterceptor
包路径:com.jeecms.cms.web.AdminContextInterceptor
1、将提交url 为/login.do和/logout.do ,interceptor 不做任何验证。
2、用户 user 为null时,跳转到登陆页面 /login.do。
3、如果user不是admin,则跳出error页面提示,用户无此权限。message="login.notAdmin"
4、或者不属于该站点的admin。 message="login.notInSite"
5、判断user是否有访问权限,如果没有则提示无权访问 message="login.notPermission"
将用户权限信息放入view属性中:role的信息从数据库中获取。
- @Override
- public void postHandle(HttpServletRequest request,
- HttpServletResponse response, Object handler, ModelAndView mav)
- throws Exception {
- CmsUser user = CmsUtils.getUser(request);
- // 不控制权限时perm为null,PermistionDirective标签将以此作为依据不处理权限问题。
- if (auth && user != null && !user.isSuper() && mav != null
- && mav.getModelMap() != null && mav.getViewName() != null
- && !mav.getViewName().startsWith("redirect:")) {
- mav.getModelMap().addAttribute(PERMISSION_MODEL, user.getPerms());
- }
- }
拦截器执行完毕后,清除线程变量:
- @Override
- public void afterCompletion(HttpServletRequest request,
- HttpServletResponse response, Object handler, Exception ex)
- throws Exception {
- // Sevlet容器有可能使用线程池,所以必须手动清空线程变量。
- CmsThreadVariable.removeUser();
- CmsThreadVariable.removeSite();
- }
另:在此类中,还可以发现jeecms是支持多站点管理的,,,具体还没详细分析。
拦截器执行完毕后,如果session中有用户信息则进入index.do,如果用户未登录则进入login.do页面。
对应的action的配置分别为:
- <bean id="cmsLoginAct" class="com.jeecms.cms.action.admin.CmsLoginAct"/>
- <bean id="welcomeAct" class="com.jeecms.cms.action.admin.WelcomeAct"/>
- CmsLoginAct
这个action中处理了如下操作:
1、打开login页面,如果存在认证ID,则打开logon页面(即用户已经登陆状态),否则打开login页面。
??logon在哪里配置。。。
- @RequestMapping(value = "/login.do", method = RequestMethod.GET)
- public String input(HttpServletRequest request,
- HttpServletResponse response, ModelMap model) {
- String processUrl = RequestUtils.getQueryParam(request, PROCESS_URL);
- String returnUrl = RequestUtils.getQueryParam(request, RETURN_URL);
- String message = RequestUtils.getQueryParam(request, MESSAGE);
- String authId = (String) session.getAttribute(request, AUTH_KEY);
- if (authId != null) {
- // 存在认证ID
- Authentication auth = authMng.retrieve(authId);
- // 存在认证信息,且未过期
- if (auth != null) {
- String view = getView(processUrl, returnUrl, auth.getId());
- if (view != null) {
- return view;
- } else {
- model.addAttribute("auth", auth);
- return "logon";
- }
- }
- }
- writeCookieErrorRemaining(null, request, response, model);
- if (!StringUtils.isBlank(processUrl)) {
- model.addAttribute(PROCESS_URL, processUrl);
- }
- if (!StringUtils.isBlank(returnUrl)) {
- model.addAttribute(RETURN_URL, returnUrl);
- }
- if (!StringUtils.isBlank(message)) {
- model.addAttribute(MESSAGE, message);
- }
- return "login";
- }
2、login的提交
- @RequestMapping(value = "/login.do", method = RequestMethod.POST)
- public String submit(String username, String password, String captcha,
- String processUrl, String returnUrl, String message,
- HttpServletRequest request, HttpServletResponse response,
- ModelMap model) {
- Integer errorRemaining = unifiedUserMng.errorRemaining(username);
- WebErrors errors = validateSubmit(username, password, captcha,
- errorRemaining, request, response);
- 。。。
3、logout提交
- @RequestMapping(value = "/logout.do")
- public String logout(HttpServletRequest request,
- HttpServletResponse response) {
- String authId = (String) session.getAttribute(request, AUTH_KEY);
- if (authId != null) {
- authMng.deleteById(authId);
- session.logout(request, response);
- }
- String processUrl = RequestUtils.getQueryParam(request, PROCESS_URL);
- String returnUrl = RequestUtils.getQueryParam(request, RETURN_URL);
- String view = getView(processUrl, returnUrl, authId);
- if (view != null) {
- return view;
- } else {
- return "redirect:login.jspx";
- }
- }
- WelcomeAct
1、index.do--对应/jeecms_sys/index.html
- @RequestMapping("/index.do")
- public String index() {
- return "index";
- }
2、index.html
top.do 和main.do 组成
main.html 有left.do 和right.do
3、...
此类比较简单,不再详述,主要就是描述了用户登录后台的页面的组装。