这里写自定义目录标题
一、OA
OA:办公自动化(Office Automation)是将现代化办公和计算机技术结合起来的一种新型的办公方式
RBAC:基于角色的权限控制模型(Role-Based Access Control),是实施面向企业安全策略的一种有效的访问控制方式。
二、实现员工信息管理系统
1.在数据库中创建emp,user,role,privilege表,并添加一些数据,放入java代码下的src包
2.创建emp,user(要封装角色对象),role(要封装权限集合),privilege实体类(JavaBean),提供set,get方法,有参无参构造,toString方法
3.登录页面login.jsp,用户输入账号密码,点击登录按钮(添加login函数),使用jquery(需要jquery.js)通过表单中 name 属性获得用户输入数据,通过ajax异步请求(用户体验感更好,错误之后不会刷新之前填写的记录)一起被发送给服务器,将用户信息保存到session中,在数据库中查找是否能找到用户信息,如果能找到则登录成功,并且返回是否成功的data信息,跳转到http://localhost:8080/ems_rbac3/pages/index.jsp主页面中。
4.service业务逻辑层,用户登录校验,用username查询用户,用查到的用户的roleid,查找权限封装到权限集合中,并且将user用户(强制登录)和权限(菜单栏)保存到session中,登录后返回字符串
5.dao数据处理层,通过用户名关联user_role表查询用户信息,通过roleid关联role_pri表获得角色的权限信息,特别要注意父id的获取,父id在数据库中为null,而通过rs.getInt()获得的值为0.
6.主页面(index.jsp)使用结构化框架frameset,分为上方导航栏(top.jsp),左边菜单栏(left.jsp),中间主页面(welcome.jsp)
7.top.jsp:通过存在session中的用户信息,得到用户名,并添加注销函数(通过ajax请求将存在session里面的用户信息清除),注销成功,跳转到login.jsp,ajax请求从top.jsp发起,返回也返回到top.jsp页面,所有如果用location.href="<%=path%>/login.jsp";会使登录页面被放在top.jsp中,所以需要先找到top.jsp的父窗口index.jsp,从父窗口再跳入login.jsp,window.parent.location.href="<%=path%>/login.jsp";
8.logout.do:在actionServlet.java中,注销功能,将存在session里面的信息消除
9.welcome.jsp,欢迎页面,展示文字
10.left.jsp:菜单栏(权限,将获得的权限保存到session中),一级菜单和二级菜单(先将装二级菜单的盒子都隐藏起来,点击对应的一级菜单,使两个装二级菜单的盒子都慢慢的隐藏起来,再将对应一级菜单的二级菜单盒子显示),点击菜单栏对应的二级菜单的超链接,使用target属性,属性值为main(main是index.jsp框架的name属性的值),跳转成另一个二级菜单对应的servlet页面,并且展示在主页面中(index.jsp的welcome.jsp部分)
11.listEmp.jsp:查询员工,根据登录用户的角色来对编辑中的删除和修改进行权限限定(如果是管理员就可以拥有这些权限,如果是员工就没有这些权限)
12.loginFilter.java(实现Filter的接口)对pages下的jsp页面进行过滤,判断当前请求是否登录过,未登录重定向到login.jsp,能找到用户名,就使过滤链通过,每次访问pages页面之间都看一下有没有登录,session中有没有保存用户
13.ExceptionFilter.java(实现Filter的接口)对异常进行过滤,先放过,若检测到servlet出现异常,就捕捉异常,并且转发到error.jsp
1.sql包
保存sql命令,以便后期理解代码和在另一台电脑创建sql,使程序能运作起来
emp.sql
-- 创建mybase1数据库
create database mybase1;
-- 创建emp员工表
create table emp(
id int(4) primary key auto_increment,
name varchar(20),
salary double(7,2),
age int(3)
);
-- 添加员工记录
insert into emp values(1,'zs',8000.0,30);
insert into emp values(2,'ls',7000.0,25);
rbacmybase.sql
五张表,可以使用PowerDesigner自动建表
用户和角色,多对多关系,将用户和角色的关系形成一张表,里面就用户id和角色id两个字段
角色和权限,多对多关系,将角色和权限的关系也形成一张表,里面就角色id和权限id两个字段
-- 添加priurl,权限地址的目的是为以后点击子权限要能跳转到一个servlet页面中
-- 添加pid,父权限是为了控制父权限为一级菜单和子权限为二级菜单,点击一级菜单只会打开下面的二级菜单,点击二级菜单会根据priurl跳转到对应的servlet页面
-- 用户表
create table user(
userid int not null auto_increment primary key,
username varchar(20) not null,
password varchar(6) not null
);
-- 角色表
create table role(
roleid int not null auto_increment primary key,
rolename varchar(20) not null
);
-- 权限表
create table privilege(
priid int not null auto_increment primary key,
priname varchar(20) not null,
priurl varchar(55),
pid int
);
-- 角色用户表
create table user_role(
userid int not null,
roleid int not null
);
-- 角色权限表
create table role_pri(
roleid int not null,
priid int not null
);
insert into user(username,password) values("admin","admin");
insert into user(username,password) values("user1","user1");
insert into role(rolename) values("管理员");
insert into role(rolename) values("普通用户");
-- 第一个用户是admin,角色是管理员
-- 第二个用户是user1,角色是普通用户
insert into user_role(userid,roleid) values(1,1);
insert into user_role(userid,roleid) values(2,2);
insert into privilege(priname,priurl,pid) values("员工管理","emp管理",null);
insert into privilege(priname,priurl,pid) values("添加员工","addEmp.jsp",1);
insert into privilege(priname,priurl,pid) values("查询员工","listEmp.jsp",1);
insert into privilege(priname,priurl,pid) values("用户管理","user管理",null);
insert into privilege(priname,priurl,pid) values("添加用户","addUser.jsp",4);
insert into privilege(priname,priurl,pid) values("查询用户","queryUser.jsp",4);
-- admin ,管理员的权限是1,2,3,4,5,6都可以访问
insert into role_pri(roleid,priid) values(1,1);
insert into role_pri(roleid,priid) values(1,2);
insert into role_pri(roleid,priid) values(1,3);
insert into role_pri(roleid,priid) values(1,4);
insert into role_pri(roleid,priid) values(1,5);
insert into role_pri(roleid,priid) values(1,6);
-- user1,普通员工的权限是1,3,4,6只能查询
insert into role_pri(roleid,priid) values(2,1);
insert into role_pri(roleid,priid) values(2,3);
insert into role_pri(roleid,priid) values(2,4);
insert into role_pri(roleid,priid) values(2,6);
2.enity包
ORM思想创建实体类,属性私有化,数据类型为包装类,提供get,set方法,有参无参构造,重写toString方法
Emp.java,员工实体类
package enity;
public class Emp {
private Integer id;
private String name;
private Double salary;
private Integer age;
public Integer getId() {
return id;
}
public void setId(Integer id) {
this.id = id;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public Double getSalary() {
return salary;
}
public void setSalary(Double salary) {
this.salary = salary;
}
public Integer getAge() {
return age;
}
public void setAge(Integer age) {
this.age = age;
}
@Override
public String toString() {
return "Emp [id=" + id + ", name=" + name + ", salary=" + salary
+ ", age=" + age + "]";
}
public Emp(Integer id, String name, Double salary, Integer age) {
super();
this.id = id;
this.name = name;
this.salary = salary;
this.age = age;
}
public Emp() {}
}
User.java,用户实体类
一个用户对应一个角色,添加员工Role属性,以便查询用户对应的角色
package enity;
public class User {
private Integer userid;
private String username;
private String password;
//一个用户对应一个角色,添加员工Role属性,以便查询用户对应的角色
//为了通过userid,找到roleid,而找到role对象,一起封装到User对象中
private Role role;
public Integer getUserid() {
return userid;
}
public void setUserid(Integer userid) {
this.userid = userid;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public Role getRole() {
return role;
}
public void setRole(Role role) {
this.role = role;
}
public User(Integer userid, String username, String password, Role role) {
super();
this.userid = userid;
this.username = username;
this.password = password;
this.role = role;
}
public User() {
super();
}
@Override
public String toString() {
return "User [userid=" + userid + ", username=" + username+ ", password=" + password + ", role=" + role + "]";
}
}
Role.java:角色实体类
一个角色对应多个权限,创建一个权限的集合,以便查询角色对应的权限
package enity;
import java.util.List;
public class Role {
private Integer roleid;
private String rolename;
//一个角色对应多个权限,创建一个权限的集合,以便查询角色对应的权限
private List<Privilege> privileges;
public Integer getRoleid() {
return roleid;
}
public void setRoleid(Integer roleid) {
this.roleid = roleid;
}
public String getRolename() {
return rolename;
}
public void setRolename(String rolename) {
this.rolename = rolename;
}
public List<Privilege> getPrivileges() {
return privileges;
}
public void setPrivileges(List<Privilege> privileges) {
this.privileges = privileges;
}
public Role(Integer roleid, String rolename, List<Privilege> privileges) {
super();
this.roleid = roleid;
this.rolename = rolename;
this.privileges = privileges;
}
public Role() {
super();
}
@Override
public String toString() {
return "Role [roleid=" + roleid + ", rolename=" + rolename+ ", privileges=" + privileges + "]";
}
}
Privilege.java,权限实体类
package enity;
public class Privilege {
private Integer priid;
private String priname;
private String priurl;
private Integer pid;//父id
public Integer getPriid() {
return priid;
}
public void setPriid(Integer priid) {
this.priid = priid;
}
public String getPriname() {
return priname;
}
public void setPriname(String priname) {
this.priname = priname;
}
public String getPriurl() {
return priurl;
}
public void setPriurl(String priurl) {
this.priurl = priurl;
}
public Integer getPid() {
return pid;
}
public void setPid(Integer pid) {
this.pid = pid;
}
public Privilege(Integer priid, String priname, String priurl, Integer pid) {
super();
this.priid = priid;
this.priname = priname;
this.priurl = priurl;
this.pid = pid;
}
public Privilege() {
super();
}
@Override
public String toString() {
return "Privilege [priid=" + priid + ", priname=" + priname+ ", priurl=" + priurl + ", pid=" + pid + "]";
}
}
3.conf包:配置文件
封装加载驱动,获取连接,释放资源,提高代码复用性
dbcp.properties,存储多个不同的连接池
driverClassName=com.mysql.jdbc.Driver
url=jdbc\:mysql\://localhost\:3306/mybase1
username=root
password=root123
initialSize=10
maxActive=50
maxId=20
minId=5
maxWait=60000
connectionProperties=useUnicode\=true;characterEncoding\=utf-8
defaultAutoCommit=true
defaultTransactionlsolation=READ_COMMITTED
4.util包:Jdbc工具类
JdbcUtil.java:存放加载驱动,获取连接,关闭资源
package util;
import java.io.IOException;
import java.io.InputStream;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.util.Properties;
import javax.sql.DataSource;
import org.apache.commons.dbcp.BasicDataSourceFactory;
public class JdbcUtil {
static DataSource pool=null;
static Properties pro=new Properties();
private static ThreadLocal<Connection> tdl=new ThreadLocal<Connection>();
static{
InputStream is=null;
try {
is = JdbcUtil.class.getResourceAsStream("/conf/dbcp.properties");
pro.load(is);
pool=BasicDataSourceFactory.createDataSource(pro);
} catch (Exception e) {
e.printStackTrace();
}finally{
try {
is.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
public static Connection getConnection() throws Exception{
Connection conn = tdl.get();
if(conn==null){
conn=pool.getConnection();
tdl.set(conn);
}
return conn;
}
public static void release(ResultSet rs,PreparedStatement pstm,Connection conn) throws Exception{
if(rs!=null) rs.close();
if(pstm!=null) pstm.close();
if(conn!=null){
conn.close();
tdl.remove();
}
}
}
JdbcTemplate.java:减少dao层代码冗余,增删改查
package util;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.util.ArrayList;
import java.util.List;
import rowmapper.RowMapper;
public class JdbcTemplate<T> {
Connection conn = null;
PreparedStatement pstm =null;
ResultSet rs=null;
//查询一条结果
public T queryForObject(String sql,RowMapper<T> rm,Object...args){
T t=null;
try {
conn = JdbcUtil.getConnection();
pstm = conn.prepareStatement(sql);
if(args.length!=0){
for(int i=0;i<args.length;i++){
pstm.setObject(i+1, args[i]);
}
}
rs = pstm.executeQuery();
if(rs.next()){
t=rm.mapperRow(rs);
}
} catch (Exception e) {
System.out.println("JdbcTemplate1数据库连接出现异常");
}finally{
try {
JdbcUtil.release(rs, pstm, conn);
} catch (Exception e) {
System.out.println("JdbcTemplate1释放资源出现异常");
}
}
return t;
}
//查询多条结果
public List<T> queryForList(String sql,RowMapper<T> rm,Object...args){
List<T> list=null;
try {
conn = JdbcUtil.getConnection();
pstm = conn.prepareStatement(sql);
if(args.length!=0){
for(int i=0;i<args.length;i++){
pstm.setObject(i+1, args[i]);
}
}
rs = pstm.executeQuery();
list=new ArrayList();
while(rs.next()){
T t=rm.mapperRow(rs);
list.add(t);
}
} catch (Exception e) {
System.out.println("JdbcTemplate2数据库连接出现异常");
}finally{
try {
JdbcUtil.release(rs, pstm, conn);
} catch (Exception e) {
System.out.println("JdbcTemplate2释放资源出现异常");
}
}
return list;
}
//增删改操作
//如果sql是完整的就不需要有参数,若sql是半成品args.length!=0则需要有参数,Object...args,是可变长参数,可以理解为数组,可以没有参数,也可以有一个两个三个参数
public void update(String sql,Object...args){
try {
conn =JdbcUtil.getConnection();
pstm = conn.prepareStatement(sql);
if(args.length!=0){
for(int i=0;i<args.length;i++){
pstm.setObject(i+1, args[i]);
}
}
pstm.executeUpdate();
} catch (Exception e) {
System.out.println("JdbcTemplate3数据库发生异常");
}finally{
try {
JdbcUtil.release(null, pstm, conn);
} catch (Exception e) {
System.out.println("JdbcTemplate3释放资源出现异常");
}
}
}
}
5.rowmapper包:封装结果集对象
接口RowMapper.java和实现类RowMapperImpl.java
package rowmapper;
import java.sql.ResultSet;
public interface RowMapper<T> {
//处理结果集
public T mapperRow(ResultSet rs);
}
package rowmapper;
import java.sql.ResultSet;
import enity.Emp;
public class RowMapperImpl implements RowMapper {
//处理结果集,并封装成对象
@Override
public Emp mapperRow(ResultSet rs) {
Emp emp=new Emp();
try {
emp.setId(rs.getInt(1));
emp.setName(rs.getString(2));
emp.setSalary(rs.getDouble(3));
emp.setAge(rs.getInt(4));
} catch (Exception e) {
e.printStackTrace();
}
return emp;
}
}
6.service包:逻辑处理层
接口UserService.java和UserServiceImpl.java(用户逻辑层)
package service;
import javax.servlet.http.HttpServletRequest;
public interface UserService {
String login(HttpServletRequest request, String username, String password);
}
package service;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import dao.UserDao;
import dao.UserDaoImpl;
import enity.Privilege;
import enity.Role;
import enity.User;
public class UserServiceImpl implements UserService {
UserDao userDao=new UserDaoImpl();
//完成登录的操作
//用户登录校验,通过用户名从数据库中查找用户信息,如果能查出来再做后续的判断
@Override
public String login(HttpServletRequest request, String username,String password) {
//登录后返回字符串
System.out.println(password);
String loginRS="success";
User user=userDao.queryByUsername(username);
if(user==null){
loginRS="用户名不存在";
}else if(!user.getPassword().equals(password)){
loginRS="密码不正确";
}else{
//登录成功
//将用户信息存入session,是为了强制登录,未验证成功就不允许访问
request.getSession().setAttribute("user",user);
//获得用户所对应的角色
Integer roleid = user.getRole().getRoleid();
//根据角色id关联role_pri表查看拥有的权限,用来展示导航栏
List<Privilege> pris=userDao.queryPriByRoleId(roleid);
//将用户权限绑定到session中,是为了在首页面显示权限菜单的
request.getSession().setAttribute("pris",pris);
}
return loginRS;
}
}
7.dao包:直接数据库访问对象接口及实现类
接口EmpDao.java和实现类EmpDaoImpl.java
package dao;
import java.util.List;
import enity.Emp;
public interface EmpDao {
//查询所有员工信息
public List<Emp> queryEmpAll();
//添加员工信息
public void addEmp(Emp emp);
//根据想要修改的id,查询原有的信息
public Emp queryEmpById(int id);
//修改员工信息
public void updateEmp(Emp emp);
//通过id删除员工信息
public void deleteEmp(int id);
}
package dao;
import java.util.List;
import rowmapper.RowMapperImpl;
import util.JdbcTemplate;
import enity.Emp;
public class EmpDaoImpl implements EmpDao {
JdbcTemplate template=new JdbcTemplate();
//查询所有员工信息
@Override
public List<Emp> queryEmpAll() {
List<Emp> list = template.queryForList("select * from emp", new RowMapperImpl());
return list;
}
//添加员工信息
@Override
public void addEmp(Emp emp) {
template.update("insert into emp(id,name,salary,age) values(?,?,?,?)", emp.getId(),emp.getName(),emp.getSalary(),emp.getAge());
}
//根据想要修改的id,查询原有的信息
@Override
public Emp queryEmpById(int id) {
Emp emp = (Emp)template.queryForObject("select * from emp where id=?", new RowMapperImpl(), id);
return emp;
}
//修改员工信息
@Override
public void updateEmp(Emp emp) {
template.update("update emp set name=?,salary=?,age=? where id=?", emp.getName(),emp.getSalary(),emp.getAge(),emp.getId());
}
//通过id删除员工信息
@Override
public void deleteEmp(int id) {
template.update("delete from emp where id=?", id);
}
}
接口UserDao.java和实现类UserDaoImpl.java
package dao;
import java.util.List;
import enity.Privilege;
import enity.User;
public interface UserDao {
//通过用户名从数据库中查找用户信息
User queryByUsername(String username);
//根据角色id关联role_pri查询拥有的权限,用来展示菜单栏
List<Privilege> queryPriByRoleId(Integer roleid);
}
package dao;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.util.ArrayList;
import java.util.List;
import rowmapper.RowMapper;
import util.JdbcTemplate;
import util.JdbcUtil;
import enity.Privilege;
import enity.Role;
import enity.User;
public class UserDaoImpl implements UserDao {
Connection conn=null;
PreparedStatement pstm=null;
ResultSet rs=null;
JdbcTemplate template=new JdbcTemplate();
//通过用户名从数据库中查找用户信息[用户里面还要包含这个用户的角色,要使用表的关联查找]
@Override
public User queryByUsername(String username) {
User user=new User();
try {
conn=JdbcUtil.getConnection();
String sql="select user.*,role.* from user left join user_role on (user.userid=user_role.userid) left join role on (user_role.roleid=role.roleid) where username=?;";
pstm=conn.prepareStatement(sql);
pstm.setString(1, username);
rs=pstm.executeQuery();
if(rs.next()){
user.setUserid(rs.getInt(1));
user.setUsername(rs.getString(2));
user.setPassword(rs.getString(3));
//将用sql语句查出来的第4,5个对象(roleid,rolename)和空权限封装成user的第4个参数Role
user.setRole(new Role(rs.getInt(4),rs.getString(5),null));
}
} catch (Exception e) {
e.printStackTrace();
}finally{
try {
JdbcUtil.release(rs, pstm, conn);
} catch (Exception e) {
e.printStackTrace();
}
}
return user;
}
//根据角色id查询拥有的权限集合,用来展示导航栏
@Override
public List<Privilege> queryPriByRoleId(Integer roleid) {
List<Privilege> pris=null;
try {
conn=JdbcUtil.getConnection();
String sql="select privilege.* from role left join role_pri on (role.roleid=role_pri.roleid) left join privilege on (role_pri.priid=privilege.priid) where role.roleid=?";
pstm=conn.prepareStatement(sql);
pstm.setInt(1, roleid);
rs=pstm.executeQuery();
pris=new ArrayList<Privilege>();
while(rs.next()){
Privilege pri=new Privilege();
pri.setPriid(rs.getInt(1));
pri.setPriname(rs.getString(2));
pri.setPriurl(rs.getString(3));
//过滤,根据rs第四个参数pid的结果,判断父权限是否存在,封装成不同的Privilege对象
//因为如果数据库中记录的数值为null,getint返回的数值是0,而不是null
if(rs.getObject(4)==null){
pri.setPid(null);
}else{
pri.setPid(rs.getInt(4));
}
pris.add(pri);
}
} catch (Exception e) {
e.printStackTrace();
}finally{
try {
JdbcUtil.release(rs, pstm, conn);
} catch (Exception e) {
e.printStackTrace();
}
}
return pris;
}
}
8.web包:servlet控制层,接收用户传来的参数,并且最后做出响应
ActionServlet.java的servlet文件
package web;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.List;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import service.UserService;
import service.UserServiceImpl;
import dao.EmpDao;
import dao.EmpDaoImpl;
import enity.Emp;
public class ActionServlet extends HttpServlet {
@Override
protected void service(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException {
EmpDao empDao=new EmpDaoImpl();
UserService userService=new UserServiceImpl();
request.setCharacterEncoding("utf-8");
response.setContentType("text/html;charset=utf-8");
PrintWriter out = response.getWriter();
//获取请求资源路径ems_rbac/addEmp.do
String url=request.getRequestURI();
//切分URL地址,保留addEmp
String uri=url.substring(url.lastIndexOf("/")+1,url.lastIndexOf("."));
if(uri.equals("queryEmp")){
//查询所有员工记录
List<Emp> list=empDao.queryEmpAll();
//将员工记录保存到request作用域中,转发到一个查询表单的页面listEmp.jsp
request.setAttribute("employees", list);
request.getRequestDispatcher("/pages/listEmp.jsp").forward(request,response);
}else if(uri.equals("loadEmp")){
//根据id查询员工信息
String id = request.getParameter("id");
Emp emp=empDao.queryEmpById(Integer.parseInt(id));
//将员工信息保存到request作用域,转发到一个修改表单的页面loadEmp.jsp
request.setAttribute("employee", emp);
request.getRequestDispatcher("/pages/loadEmp.jsp").forward(request,response);
}else if(uri.equals("updateEmp")){
//修改
//获得修改后的Emp信息
String id=request.getParameter("id");
String name = request.getParameter("name");
String salary = request.getParameter("salary");
String age = request.getParameter("age");
Emp emp=new Emp(Integer.parseInt(id),name,Double.parseDouble(salary),Integer.parseInt(age));
//修改用户信息
empDao.updateEmp(emp);
//修改成功后重定向到查询所有员工
response.sendRedirect("queryEmp.do");
}else if(uri.equals("addEmp")){
//添加
String name = request.getParameter("name");
String salary=request.getParameter("salary");
String age = request.getParameter("age");
Emp emp=new Emp(null,name,Double.parseDouble(salary),Integer.parseInt(age));
empDao.addEmp(emp);
//添加成功,重定向到queryEmp
response.sendRedirect("queryEmp.do");
}else if(uri.equals("deleteEmp")){
//通过id删除员工
String id=request.getParameter("id");
String name = request.getParameter("name");
empDao.deleteEmp(Integer.parseInt(id));
//删除成功后重定向到查询所有员工
response.sendRedirect("queryEmp.do");
}else if(uri.equals("login")){
//登录
String username=request.getParameter("username");
String password=request.getParameter("password");
//把request也传到service,业务逻辑层,因为service没有request对象,只有把request传过去才可以获得session,
//并且在session中存储当前用户的信息,和权限的一些信息
//loginRS为判断ajax登录是否成功的结果
String loginRS=userService.login(request,username,password);
//将登录结果字符串返回
out.write(loginRS);
}else if(uri.equals("logout")){
//ajax对象,清除session
request.getSession().invalidate();
}
}
}
LoginFilter.java的类,作为登录的过滤器
继承javax.servlet.Filter接口,如果登录不成功不能访问页面
package web;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
//写一个登录页面的过滤器,使不登录就无法访问内部页面
//创建LoginFilter.java类,继承javax.servlet.Filter的接口,doFilter里面写的是过滤的具体内容
public class LoginFilter implements Filter {
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest request1, ServletResponse response1,FilterChain chain) throws IOException, ServletException {
//判断当前请求是否登录过,没有登录就重定向到login.jsp页面
HttpServletRequest request=(HttpServletRequest)request1;
HttpServletResponse response=(HttpServletResponse)response1;
Object user = request.getSession().getAttribute("user");
if(user==null){
response.sendRedirect(request.getContextPath()+"/login.jsp");
}else{
//如果带过来的有用户,就使过滤链通过
chain.doFilter(request,response);
}
}
@Override
public void init(FilterConfig arg0) throws ServletException {
}
}
ExceptionFilter.java的类,作为捕捉异常的过滤器
继承javax.servlet.Filter接口,如果出现异常,显示该页面
package web;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class ExceptionFilter implements Filter {
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest request1, ServletResponse response1,FilterChain chain) throws IOException, ServletException {
//如果检测到servlet出现异常,转发到error.jsp页面
HttpServletRequest request=(HttpServletRequest)request1;
HttpServletResponse response=(HttpServletResponse)response1;
try{
//先放过,如果放过出错了,就捕捉异常,重定向到error.jsp
chain.doFilter(request, response);
}catch(Exception e){
request.setAttribute("msg", "出现异常");
request.getRequestDispatcher(request.getContextPath()+"/error.jsp").forward(request,response);
}
}
@Override
public void init(FilterConfig arg0) throws ServletException {
}
}
9.WebRoot
error.jsp:遇到错误的展示页面
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<html>
<head>
<meta http-equiv="content-Type" content="text/html; charset=utf-8">
</head>
<body>
<font color="red" size="40px">${msg}</font>
<br/>
<a href="javascript:history.back();">返回上一级操作</a>
</body>
</html>
index.jsp
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>My JSP 'index.jsp' starting page</title>
</head>
<body>
This is my JSP page. <br>
</body>
</html>
login.jsp,登录页面
点击登录按钮会通过ajax发起请求到login.do,再由login.do进行操作,通过out.write(loginRS)返回一个ajax登录是否成功的结果。
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<!-- 获取项目名 -->
<%String path=request.getContextPath();%>
<html>
<head>
<meta http-equiv="content-Type" content="text/html; charset=utf-8">
<style type="text/css">
body{
background-color: #F3F3F3;
}
#header{
background-color: #3C404B;
width:400px;
height: 50px;
position: relative;
top: 100px;
left: 500px;
}
#body{
background-color: white;
width:400px;
height: 200px;
position: relative;
top: 120px;
left: 500px;
}
#span1{
position: relative;
top: 10px;
left: 10px;
color: white;
}
#span2{
margin-right: 300px;
color: #979797;
}
#input1{
border: 1px #3C404A solid;
background-color: #FAF9BB;
width: 360px;
height: 27px;
}
#input2{
margin-left: 320px;
}
</style>
<script type="text/javascript" src="js/jquery.js"></script>
<script type="text/javascript">
function login(){
//通过input的name值获得用户名和密码
var username=$("input[name='username']").val();
var password=$("input[name='password']").val();
//发起Ajax请求到login.do
$.ajax({
url:"login.do",
type:"post",
data:'username='+username+'&password='+password,
success:function(data){
if(data=='success'){
//登录成功,打开展示页面
//location.href="/ems_rbac/pages/index.jsp";
//request.getContextPath()获得path(项目名)后可以直接用jsp代码来使用项目名
//以便动态的获得项目的名字,来拼接上路径
location.href="<%=path%>/pages/index.jsp";
}else{
//登录失败
alert(data);
}
}
})
}
</script>
</head>
<body>
<div id="header"><span id="span1">登录</span></div>
<div id="body">
<form action="login.do" method="post" align="center">
<br/><span id="span2">账号:</span><br/>
//表单中的 input 标签必须设置 name 属性,提交表单时,用户输入的数据会通过ajax请求一起被发送给服务器
<input type="text" name="username" value="admin" id="input1"/><br/><br/>
<span id="span2">密码:</span><br/>
<input type="password" name="password" value="admin" id="input1"/><br/><br/>
<input type="button" value="登录" id="input2" οnclick="login()"/>
</form>
</div>
</body>
</html>
10.WebRoot/js
引入jquery文件,以便使用ajax请求
11.WebRoot/pages
index.jsp,登录进去后看到的是index.jsp主页面
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<meta http-equiv="content-Type" content="text/html;charset=utf-8">
<title>图书信息管理系统</title>
<!-- frameset不支持html,head,body标签,使用时要去掉 -->
<frameset rows="90,*" border="0">
<frame src="top.jsp" name="top"/>
<frameset cols="180,*">
<frame src="left.jsp" name="left">
<frame src="welcome.jsp" name="main">
</frameset>
</frameset>
<noframes>如果浏览器不支持frameset框架标签,就会出现!</noframes>
welcome.jsp,index.jsp页面的欢迎页面
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<html>
<head>
<meta http-equiv="content-Type" content="text/html; charset=utf-8">
</head>
<body style="margin:60px auto; background-color:#F7F7F7;">
<h2 align="center">欢迎进入员工信息管理系统!</h2>
<hr/>
<p><h3 align="center">员工信息管理系统简介</h3></p>
<span style="position:relative; left:370px;">
<p> 本项目是采用JSP技术(JSP+Servlet+JavaBean+MysQL )开发一个简单的高校学生管理</p>
<p>WEB版软件。高校学生管理系统围绕学生进行信息化管理,包括学生的基本信息,学生学习情</p>
<p>况及成绩信息。</p>
<p> 学生进入学校学习后,需要建立个人档案信息,并需要分专业、班级进行学习,而学校</p>
<p>各专业均有自己的教学体系及相应的学习课程,需要安排教师进行日常的教学活动,学生修</p>
<p>完规定的学习任务与相应的学分后方可毕业,本项目就是对上述业务进行网络信息化管理。</p>
<p> 另外,为了使软件能正常有序地运行,需要管理员在软件后台对各操作员进行权限管理</p>
<p>与控制。</p>
</span>
</body>
</html>
top.jsp,index.jsp的顶部页面
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<!-- 获得项目名 -->
<%String path=request.getContextPath();%>
<html>
<head>
<meta http-equiv="content-Type" content="text/html; charset=utf-8">
<script type="text/javascript" src="<%=path%>/js/jquery.js"></script>
<style type="text/css">
.div1{
color:#BBB8B1;
font-family:'黑体';
font-size:20px;
margin-top:28px;
margin-left:12px;
float:left;
}
.div2{
color:#BBB8B1;
font-family:'黑体';
font-size:16px;
margin-top:28px;
margin-left:12px;
float:right;
}
</style>
<script>
function logout(){
//发送post请求到ems_rbac3/logout.do中
$.post("<%=path%>/logout.do");
alert("注销成功");
//先跳转到父窗口,才能找到最大的index.jsp窗口
window.parent.location.href="<%=path%>/login.jsp";
}
</script>
</head>
<body style="background-color: #363636;">
<div class="div1">员工管理系统</div>
<div class="div2">
<span class="span1">${sessionScope.user.username} | 个人中心 | <a href="#" οnclick="logout()" style="color:#BBB8B1; text-decoration:none;">注销</a></span>
</div>
</body>
</html>
left.jsp,index.jsp的左边页面
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<%String path=request.getContextPath();%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<html>
<head>
<meta http-equiv="content-Type" content="text/html; charset=utf-8">
<script type="text/javascript" src="<%=path%>/js/jquery.js"></script>
<style type="text/css">
body{
background-color: #444444;
color:white;
margin-top:12px;
}
.parent{
height:45px;
line-height:45px;
padding-left:28px;
font-size:14px;
border:#999;
color:#BBB8B1;
}
.son{
height:35px;
line-height:35px;
padding-left:48px;
font-size:12px;
color:#BBB8B1;
background-color :#363636;
}
.box{
display:none;
}
</style>
<script type="text/javascript">
$(function(){
$(".parent").click(function(){
$(".box").hide(300);
$(this).next().show(300);
});
});
</script>
</head>
<body>
<!-- 从session中获取当前用户的权限,并遍历 -->
<c:forEach items="${sessionScope.pris}" var="parentpri" varStatus="s">
<c:if test="${empty parentpri.pid}" var="r" scope="request">
<!-- 没有父id的权限,展示的时候作为一级菜单 -->
<div class="parent">
${parentpri.priname}
</div>
<!-- 有父id的权限,展示的时候作为二级菜单,而且要跟在相应的一级菜单下 -->
<div class="box">
<c:forEach items="${pris}" var="sonpri">
<c:if test="${!empty sonpri.pid && sonpri.pid==parentpri.priid}">
<div class="son">
<!-- target属性放main,main是index.jsp框架的name属性的值 -->
<a href="${sonpri.priurl}" target="main" style="text-decoration:none; color:#BBB8B1;">${sonpri.priname}</a>
</div>
</c:if>
</c:forEach>
</div>
</c:if>
</c:forEach>
</body>
</html>
addEmp.jsp,添加员工页面
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<html>
<head>
<meta http-equiv="content-Type" content="text/html; charset=utf-8">
</head>
<body style="margin-top:10px; font-size:30px;">
<div align="center">
<h3>添加员工</h3>
<form action="addEmp.do" method="post">
姓名:<input type="text" name="name"/><br/>
薪水:<input type="text" name="salary"/><br/>
年龄:<input type="text" name="age"><br/>
<input type="submit" value="提交"/>
</form>
</div>
</body>
</html>
listEmp.jsp:查询员工页面
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<html>
<head>
<meta http-equiv="content-Type" content="text/html; charset=utf-8">
<style type="text/css">
.s0{
color:red;
}
.s1{
color:blue;
}
</style>
</head>
<body style="margin-top:10px; font-size:30px;">
<div align="center">
<h3>员工列表</h3>
<input type="button" value="查询员工" οnclick="location='queryEmp.do'"/>
<table border='1' width='60%' cellspacing='0' cellpadding='0'>
<tr>
<td>主键</td>
<td>姓名</td>
<td>薪水</td>
<td>年龄</td>
<td>操作</td>
</tr>
<c:forEach items="${requestScope.employees}" var="employee" varStatus="s">
<tr class="s${s.index%2}">
<td>${employee.id}</td>
<td>${employee.name}</td>
<td>${employee.salary}</td>
<td>${employee.age}</td>
<td align="center">
<!-- 根据登录用户的角色来决定操作连接是否展示,或是否生效 -->
<c:if test="${sessionScope.user.role.rolename=='管理员'}" var="r">
<a href="deleteEmp.do?id=${employee.id}" οnclick='return confirm("是否确定删除+${employee.name}")'>删除</a>
<a href="loadEmp.do?id=${employee.id}">修改</a>
</c:if>
<c:if test="${!r}"><span style="color:#A3A3A3;">/</span></c:if>
</td>
</tr>
</c:forEach>
</table>
<br/>
</div>
</body>
</html>
loadEmp.java:修改员工页面
<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<html>
<head>
<meta http-equiv="content-Type" content="text/html; charset=utf-8">
</head>
<body style="margin-top:10px; font-size:30px;">
<div align="center">
<h3>修改员工</h3>
<form action='updateEmp.do' method='post'>
<input type='hidden' name='id' value='${employee.id}'/>
<input type='text' name='name' value='${employee.name}'/><br/>
<input type='text' name='salary' value='${employee.salary}'/><br/>
<input type='text' name='age' value='${employee.age}'/><br/>
<input type='submit' value='提交'>
</form>
</div>
</body>
</html>
11.WebRoot/WEB-INF/lib
添加jdbc连接池包commons-collections/dbcp/pool *** .jar,和数据库连接包mysql-connector-java-**-bin.jar
12.WebRoot/WEB-INF/web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<!--登录过滤器,每次访问pages页面之间都看一下有没有登录,session中有没有保存用户-->
<filter>
<filter-name>loginFilter</filter-name>
<filter-class>web.LoginFilter</filter-class>
</filter>
<!--主要捕捉servlet里面的异常-->
<filter>
<filter-name>excptionFilter</filter-name>
<filter-class>web.ExceptionFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>excptionFilter</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>loginFilter</filter-name>
<url-pattern>/pages/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>ActionServlet</servlet-name>
<servlet-class>web.ActionServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>ActionServlet</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
</web-app>
439
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
