第一步:持久层Dao代码实现:
Dao层参数对应于数据库,username或者id作为唯一标识,password是数据库中已加密过的旧密码,salt是盐值。
public interface SysUserDao {
/**
* 修改密码操作 有多个参数以及一个参数用在动态sql中需要加@Param
* Dao层参数来自数据库
* @param username 用户名
* @param password 旧密码
* @param salt 盐值
* @return
*/
public int updateUserPwd(@Param("username") String username,
@Param("password")String password,
@Param("salt")String salt);
}
第二步:编写对应的mapper文件:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.db.sys.dao.SysUserDao">
<!-- 根据用户名更新用户密码以及盐值 -->
<update id="updateUserPwd">
update sys_users
set
password=#{password},
salt=#{salt},
modifiedTime=now()
where
username=#{username}
</update>
</mapper>
第三步:业务层接口实现:
业务层参数来自于控制层
public interface SysUserService {
/**
* 修改用户密码
* @param password 输入的没加密的旧密码
* @param newPwd 输入的没加密的新密码
* @param cfgPwd 确认密码
* @return
*/
int updateUserPwd(String password,String newPwd,String cfgPwd);
}
第四步:业务层实现类:
@Service
public class SysUserServiceImpl implements SysUserService {
@Autowired
private SysUserDao sysUserDao;
@Override
public int updateUserPwd(String password, String newPwd, String cfgPwd) {
//1.对参数进行非空验证
if(password==null || password.length()==0) {
throw new IllegalArgumentException("请输入旧密码!");
}
if(newPwd==null || newPwd.length()==0) {
throw new IllegalArgumentException("请输入新密码!");
}
if(cfgPwd==null || cfgPwd.length()==0) {
throw new IllegalArgumentException("请确认新密码!");
}
//2.验证参数的合法性、
//2.1判断两次输入的新密码是否一致
if(!newPwd.equals(cfgPwd)) {
throw new IllegalArgumentException("两次输入密码不一致!");
}
//2.2判断旧密码是否跟登录密码一致
//2.2.1 先获取用户的登陆身份通过shiro认证管理工具获得
SysUser user = (SysUser) SecurityUtils.getSubject().getPrincipal();
SimpleHash sh = new SimpleHash("MD5", password, user.getSalt());
//sh.toHex()是将加密后的密码转换为16进制
if(!user.getPassword().equals(sh.toHex())) {
throw new IllegalArgumentException("输入的旧密码不正确!");
}
//2.3判断新旧密码是否一致
if(password.equals(newPwd)) {
throw new IllegalArgumentException("新密码不能与旧密码相同!");
}
//3.更新密码
String salt = UUID.randomUUID().toString();
sh = new SimpleHash("MD5", newPwd, salt);
int rows = sysUserDao.updateUserPwd(user.getUsername(), sh.toHex(), salt);
return rows;
}
}
第五步:控制层代码实现:
控制层参数跟页面相对应
@Controller
@RequestMapping("/user/")
public class SysUserController {
//返回一个修改页面
@RequestMapping("doUpdatePwdUI")
public String doUpdatePwdUI() {
return "sys/pwd_edit";
}
@RequestMapping("doUpdatePassword")
@ResponseBody
public JsonResult doUpdatePassword(String password,String newPwd,String cfgPwd) {
sysUserService.updateUserPwd(password, newPwd, cfgPwd);
return new JsonResult("update ok!");
}
}
第六步:前端页面实现:
<!-- Horizontal Form -->
<div class="box box-info">
<div class="box-header with-border">
<h3 class="box-title">修改密码</h3>
</div>
<!-- /.box-header -->
<!-- form start -->
<form class="form-horizontal">
<div class="box-body">
<div class="form-group">
<label for="pwdId" class="col-sm-2 control-label">旧密码</label>
<div class="col-sm-10">
<input type="password" class="form-control" name="password" id="pwdId" placeholder="旧密码">
</div>
</div>
<div class="form-group">
<label for="newPwdId" class="col-sm-2 control-label">新密码</label>
<div class="col-sm-10">
<input type="password" class="form-control" name="newPwd" id="newPwdId" placeholder="新密码">
</div>
</div>
<div class="form-group">
<label for="cfgPwdId" class="col-sm-2 control-label">确认密码</label>
<div class="col-sm-10">
<input type="password" class="form-control" name="cfgPwd" id="cfgPwdId" placeholder="确认密码">
</div>
</div>
</div>
<!-- /.box-body -->
<div class="box-footer">
<button type="button" class="btn btn-default btn-cancel">Cancel</button>
<button type="button" class="btn btn-info pull-right btn-save">Save</button>
</div>
<!-- /.box-footer -->
</form>
</div>
<script type="text/javascript">
$(function(){
$(".box-footer").on("click",".btn-save",doUpdatePwd)
})
function doUpdatePwd(){
//debugger;
//1.params
var params = {
"password":$("#pwdId").val(),
"newPwd":$("#newPwdId").val(),
"cfgPwd":$("#cfgPwdId").val()
}
//2.url
var url = "user/doUpdatePassword.do";
//3.ajax提交异步请求
$.post(url,params,function(result){
if(result.state==1){
alert(result.message)
}
})
}
</script>
然后将页面加载到主页面。