权限管理

day19/WebRoot/1.jsp

@@ -0,0 +1,17 @@
+<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
+
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+  <head>
+
+    <title>My JSP '1.jsp' starting page</title>
+
+  </head>
+
+  <body>
+    欢迎您:${user.username}<br/><br/><br/>
+    <a href="/day19/manager/AddProduct">添加商品</a>
+    <a href="/day19/manager/UpdateProduct">修改商品</a>
+    <a href="/day19/manager/DeleteProduct">删除商品</a>
+  </body>
+</html>

day19/WebRoot/WEB-INF/web.xml

@@ -12,6 +12,15 @@
   	<url-pattern>/*</url-pattern>
   </filter-mapping>
 
+  <filter>
+  	<filter-name>CheckPrivilegeFilter</filter-name>
+  	<filter-class>vvr.web.filter.CheckPrivilegeFilter</filter-class>
+  </filter>
+  <filter-mapping>
+  	<filter-name>CheckPrivilegeFilter</filter-name>
+  	<url-pattern>/manager/*</url-pattern>
+  </filter-mapping>
+
   <servlet>
     <servlet-name>ListPrivilegeServlet</servlet-name>
     <servlet-class>vvr.web.control.ListPrivilegeServlet</servlet-class>
@@ -44,6 +53,21 @@
     <servlet-name>AddUserServlet</servlet-name>
     <servlet-class>vvr.web.control.AddUserServlet</servlet-class>
   </servlet>
+  <servlet>
+    <servlet-name>AddUserRoleUIServlet</servlet-name>
+    <servlet-class>vvr.web.UI.AddUserRoleUIServlet</servlet-class>
+  </servlet>
+  <servlet>
+    <servlet-name>AddUserRoleServlet</servlet-name>
+    <servlet-class>vvr.web.control.AddUserRoleServlet</servlet-class>
+  </servlet>
+  <servlet>
+    <servlet-name>LoginServlet</servlet-name>
+    <servlet-class>vvr.web.control.LoginServlet</servlet-class>
+  </servlet>
+
+
+
 
 
 
@@ -84,6 +108,18 @@
     <servlet-name>AddUserServlet</servlet-name>
     <url-pattern>/AddUserServlet</url-pattern>
   </servlet-mapping>
+  <servlet-mapping>
+    <servlet-name>AddUserRoleUIServlet</servlet-name>
+    <url-pattern>/AddUserRoleUIServlet</url-pattern>
+  </servlet-mapping>
+  <servlet-mapping>
+    <servlet-name>AddUserRoleServlet</servlet-name>
+    <url-pattern>/AddUserRoleServlet</url-pattern>
+  </servlet-mapping>
+  <servlet-mapping>
+    <servlet-name>LoginServlet</servlet-name>
+    <url-pattern>/LoginServlet</url-pattern>
+  </servlet-mapping>
   <welcome-file-list>
     <welcome-file>index.html</welcome-file>
     <welcome-file>index.htm</welcome-file>

day19/WebRoot/jsp/addUserRoles.jsp

@@ -0,0 +1,42 @@
+<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+  <head>
+
+    <title>My JSP 'addUserRoles.jsp' starting page</title>
+
+  </head>
+
+  <body style="text-align: center;">
+    <table align="center" border="1" width="60%">
+    	<tr>
+    		<td>用户名称：</td>
+    		<td>${user.username}</td>
+    	</tr>
+
+    	<tr>
+    		<td>当前角色</td>
+    		<td>
+    			<c:forEach var="ur" items="${userRoles}">
+    				${ur.name}<br/>
+    			</c:forEach>
+    		</td>
+    	</tr>
+
+    	<tr>
+    		<td>系统角色</td>
+    		<td>
+    			<form action="${pageContext.request.contextPath }/AddUserRoleServlet" method="post">
+    				<input type="hidden" name="user_id" value="${user.id }">
+    				<c:forEach var="r" items="${roles}">
+						<input type="checkbox" name="role_id" value="${r.id}">${r.name}<br/>
+    				</c:forEach>
+    				<input type="submit" value="授予角色">
+    			</form>
+    		</td>
+    	</tr>
+    </table>
+  </body>
+</html>

day19/WebRoot/login.jsp

@@ -0,0 +1,20 @@
+<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
+
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+  <head>
+
+    <title>My JSP 'login.jsp' starting page</title>
+
+  </head>
+
+   <body>
+
+    <form action="${pageContext.request.contextPath }/LoginServlet" method="post">
+    	用户名：<input type="text" name="username"><br/>
+    	密码：<input type="text" name="password"><br/>
+    	<input type="submit" value="登陆">
+    </form>
+
+  </body>
+</html>

day19/src/vvr/domain/Privilege.java

@@ -18,6 +18,18 @@ public class Privilege {
 	private String id;
 	private String name;
 	private String description;
+
+	public Privilege(){
+
+	}
+
+	public Privilege(String name){
+		this.name = name;
+	}
+
+
+
+
 	public String getId() {
 		return id;
 	}
@@ -36,6 +48,34 @@ public String getDescription() {
 	public void setDescription(String description) {
 		this.description = description;
 	}
+
+	@Override
+	public int hashCode() {
+		final int prime = 31;
+		int result = 1;
+		result = prime * result + ((name == null) ? 0 : name.hashCode());
+		return result;
+	}
+
+	@Override
+	public boolean equals(Object obj) {
+		if (this == obj)
+			return true;
+		if (obj == null)
+			return false;
+		if (getClass() != obj.getClass())
+			return false;
+		Privilege other = (Privilege) obj;
+		if (name == null) {
+			if (other.name != null)
+				return false;
+		} else if (!name.equals(other.name))
+			return false;
+		return true;
+	}
+
+
+
 
 
 }

day19/src/vvr/service/SecurityService.java

@@ -1,7 +1,9 @@
 package vvr.service;
 
 import java.util.ArrayList;
+import java.util.HashSet;
 import java.util.List;
+import java.util.Set;
 
 import vvr.dao.PrivilegeDao;
 import vvr.dao.RoleDao;
@@ -58,9 +60,9 @@ public void updateRolePrivilege(String role_id,String[] privilege_id){
 		Role role = rdao.find(role_id);
 
 		List<Privilege> list = new ArrayList<Privilege>();
-
-		for(String p_id : privilege_id){
-			Privilege privilege = pdao.find(p_id);
+		for(int i = 0;privilege_id != null && i < privilege_id.length;i++){
+			
+			Privilege privilege = pdao.find(privilege_id[i]);
 			list.add(privilege);
 		}
 
@@ -92,11 +94,34 @@ public void updateUserRoles(String user_id,String[] roles_id){
 
 		User user = udao.find(user_id);
 		List<Role> roles = new ArrayList<Role>();
-		for(String rid : roles_id){
-			Role role = rdao.find(rid);
+		for(int i = 0;roles_id != null && i < roles_id.length;i++){
+
+			Role role = rdao.find(roles_id[i]);
 			roles.add(role);
 		}
 
 		udao.updateUserRoles(user, roles);
 	}
+
+	public Set getUserAllPrivilege(String user_id) {
+
+		Set allPrivilege = new HashSet();
+
+		//得到用户拥有的角色
+		List<Role> user_roles = udao.getUserRoles(user_id);
+
+		//得到角色拥有的权限
+		for(Role r : user_roles){
+			List role_privilege = rdao.getRolePrivileges(r.getId());
+			allPrivilege.addAll(role_privilege); //addAll()方法可以添加一个集合
+		}
+
+		return allPrivilege;
+
+	}
+
+	public User login(String username, String password) {
+		return udao.find(username, password);
+
+	}
 }

day19/src/vvr/web/UI/AddUserRoleUIServlet.java

@@ -0,0 +1,43 @@
+package vvr.web.UI;
+
+import java.io.IOException;
+import java.util.List;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import vvr.domain.Privilege;
+import vvr.domain.Role;
+import vvr.domain.User;
+import vvr.service.SecurityService;
+
+public class AddUserRoleUIServlet extends HttpServlet {
+
+	public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+		this.doPost(request, response);
+	}
+
+	public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+		SecurityService service = new SecurityService();
+
+		//得到用户信息
+		String user_id = request.getParameter("user_id");
+		User user = service.findUser(user_id);
+		request.setAttribute("user", user);
+
+		//得到用户当前拥有的角色
+		List<Role> userRoles = service.getUserRoles(user_id);
+		request.setAttribute("userRoles", userRoles);
+
+		//得到系统的所有角色
+		List<Role> roles = service.getAllRoles();
+		request.setAttribute("roles", roles);
+
+		request.getRequestDispatcher("/jsp/addUserRoles.jsp").forward(request, response);
+	}
+
+}

day19/src/vvr/web/control/AddUserRoleServlet.java

@@ -0,0 +1,37 @@
+package vvr.web.control;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import vvr.service.SecurityService;
+
+public class AddUserRoleServlet extends HttpServlet {
+
+	public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+		this.doPost(request, response);
+	}
+
+	public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+		try{
+
+			SecurityService service = new SecurityService();
+
+			String user_id = request.getParameter("user_id");
+			String[] role_id = request.getParameterValues("role_id");
+
+			service.updateUserRoles(user_id, role_id);
+			request.setAttribute("message", "授权成功！！！");
+		}catch (Exception e) {
+			e.printStackTrace();
+			request.setAttribute("message", "授权失败！！！");
+		}
+		request.getRequestDispatcher("/message.jsp").forward(request, response);
+	}
+
+}

day19/src/vvr/web/control/LoginServlet.java

@@ -0,0 +1,31 @@
+package vvr.web.control;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import vvr.domain.User;
+import vvr.service.SecurityService;
+
+public class LoginServlet extends HttpServlet {
+
+	public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+		this.doPost(request, response);
+	}
+
+	public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+		String username = request.getParameter("username");
+		String password = request.getParameter("password");
+
+		SecurityService service = new SecurityService();
+		User user = service.login(username,password);
+		request.getSession().setAttribute("user", user);
+		request.getRequestDispatcher("/1.jsp").forward(request, response);
+	}
+
+}