zoukankan      html  css  js  c++  java

  • java框架的理解

    1.权限拦截器

    通过spring-mvc.xml来配置

    <!-- 拦截器 -->
    <mvc:interceptors>
        <!-- 多个拦截器,顺序执行 -->
        <bean class=" org.eking.framework.web.system.interceptor.PermissionInterceptor"></bean>
        <bean class="org.eking.framework.web.system.interceptor.SecurityInterceptor"></bean>
        <bean class="org.eking.framework.web.system.interceptor.SysLogInterceptor"></bean>
    </mvc:interceptors>
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        
        if (handler instanceof HessianServiceExporter) {
            // TODO xie-qing 什么都不处理,后面再加上权限的验证
            return true;
        }
        
        HandlerMethod handlerMethod = (HandlerMethod) handler;
        Method method = handlerMethod.getMethod();
        String action = request.getRequestURI();
        action = action.substring(action.lastIndexOf("/")+1);
        String ctx = WebUtils.getContextPath(request);
        
        // 1、 判断方法前是否有权限注解,有就做权限匹配,没有就放行
        if (method.isAnnotationPresent(Permission.class)) {
            // 2、判断用户是否登录
            SysUser currentUser = (SysUser) request.getSession().getAttribute(Constants.CURRENT_USER);
            if (currentUser == null) {
                PrintWriter out = response.getWriter();
                out.print("<script type='text/javascript'>top.location='"+ctx+"/'</script>");
                out.close();
                return false;
            }
            
            // 3、  取出注解的权限值
            Permission permission = method.getAnnotation(Permission.class);
            // 4、  与系统管理员拥有的权限进行匹配
            boolean hasPrivilege = hasPrivilege(currentUser.getSysAuthoritys(), permission.name());
            
            if (hasPrivilege) { // 4.1 拥有
                return true;
            } else { // 4.2 不 拥有
                log.info("您没有操作" + permission.name() + "的权限!");
                // 弹出警告
                WebUtils.alertMsg(response, "您没有操作权限!");
                return false;
            }
        }
        
        return true;
    }

    2.在Login登陆的时候先判定sysuser是否存在,md5加密来判定密码是否相等

    <!-- 根据系统用户Id获取该用户拥有的权限集合 -->
    <select id="getSysAuthoritysByUserId" resultMap="baseSysAuthorityResultMap" parameterType="string">
        SELECT * FROM SYS_AUTHORITY SA, (
          SELECT * FROM SYS_ROLE_AUTHORITY WHERE ROLE_ID IN (
            SELECT A.ROLE_ID FROM SYS_ROLE A 
                  JOIN SYS_USER_ROLE B ON A.ROLE_ID = B.ROLE_ID
              WHERE B.USER_ID = #{value}
          )
        ) TEMP 
        WHERE SA.AUTHORITY_ID=TEMP.AUTHORITY_ID
    </select>

    3.index页面用frameset来嵌套对应的frame

    <frameset rows="90,*,55" border="0">
    <frame src="${ctx}/login/toTop.do" name="top" />
    <frameset cols="200,*">  
        <frame src="${ctx}/login/toLeft.do" name="left" />
        <frame src="${ctx}/login/toRight.do" name="right" />
    </frameset>  
    <frame src="${ctx}/login/toBottom.do" name="bottom" />
</frameset>

    4.初始化index页面的left页面权限菜单数据

    @RequestMapping("/tree") @DoLog(cnContent = "权限树初始化", value = false) //@Permission(name = "login.tree")
    public String tree(HttpServletRequest request, HttpServletResponse response, ZTreeComm zTree) throws Exception {
        try {
            //1、获取登陆人的信息
            SysUser currentUser = getLoginUser(request);
            // 2.根据id获取权限列表,id为空时获取父权限列表(limit=roleid)
            List<ZTreeComm> tree = sysUserService.initAuthorityTree(zTree, currentUser);
            // 3.设置父节点
            List<ZTreeComm> votree = new ArrayList<ZTreeComm>();
            for (int i = 0; i < tree.size(); i++) {
                ZTreeComm ztree = (ZTreeComm) tree.get(i);
                int total = sysUserService.isParent(ztree);
                ztree.setIsParent(total != 0 ? Constants.IS_TRUE : Constants.IS_FALSE);
                votree.add(ztree);
            }
            //4、list排序。
            Collections.sort(votree, new Comparator<ZTreeComm>() {
                public int compare(ZTreeComm arg0, ZTreeComm arg1) {
                    return arg0.getSortNo().compareTo(arg1.getSortNo());
                }
            });
            return this.ajax(response, votree);
        } catch (Exception e) {
            this.logException(e);
            return this.ajax(response, "系统出现异常: [" + e.getMessage() + "] 请与管理员联系!");
        }
    }
    public List<ZTreeComm> initAuthorityTree(ZTreeComm ztree, SysUser sysUser) throws Exception {
        //1、获取角色字符串
        List<SysRole> sysRoles = sysUser.getSysRoles();
        String roleId = "";
        if (CollectionHelp.isNotBank(sysRoles)) {
            for (Object obj : sysRoles) {
                SysRole role = (SysRole) obj;
                if (Constants.STATUS_ACTIVE.equals(role.getStatus())) {
                    roleId = role.getRoleId() + "," + roleId;
                }
            }
        }
        ztree.setDiyParams(roleId); //因为ztree并没有roleid的属性,所以使用ztree的空属性
        //2、根据ztree,获取权限信息
        List<ZTreeComm> dataList = new ArrayList<ZTreeComm>();
        if (StringUtils.isEmpty(ztree.getId())) {
            //id为空,初始加载,查询根节点. where parent_dept_id is null
            dataList = sqlSessionTemplate.selectList(SecurityMgrConstants.ZTREE_COMMON_MAPPER_NAMESPACE + ".getAuthorityRoot", ztree);
        } else {
            //id不为空,为下拉,查询子节点 . where parent_dept_id =id
            dataList = sqlSessionTemplate.selectList(SecurityMgrConstants.ZTREE_COMMON_MAPPER_NAMESPACE + ".getAuthorityById", ztree);
        }
        return dataList;
    }
    <!-- 查询部门根节点 -->
    <select id="getAuthorityRoot" resultMap="authorityTreeResultMap" parameterType="ZTreeComm">
        SELECT * FROM SYS_AUTHORITY WHERE AUTHORITY_ID IN(
            SELECT AUTHORITY_ID FROM SYS_ROLE_AUTHORITY WHERE INSTR(#{diyParams},ROLE_ID)>0
        )
        AND PARENT_ID IS NULL AND AUTHORITY_TYPE='2'
    </select>

    <!-- 查询部门子节点 -->
    <select id="getAuthorityById" resultMap="authorityTreeResultMap" parameterType="ZTreeComm">
        SELECT * FROM SYS_AUTHORITY WHERE AUTHORITY_ID IN(
            SELECT AUTHORITY_ID FROM SYS_ROLE_AUTHORITY WHERE INSTR(#{diyParams},ROLE_ID)>0
        )
        AND PARENT_ID=#{id} AND AUTHORITY_TYPE='2'
    </select>

    instr(string1,string2[,start_position[,nth_appearence]])

    string1:要在此字符串中查找。

    string2:要在string1中查找的字符串。

    start_position:从string1开始查找的位置。可选,默认为1,正数时,从左到右检索,负数时,从右到左检索。

    nth_appearence:查找第几次出现string2。可选,默认为1,不能为负。

    注:如果没有查找到,返回0。

    例如:

    select instr('abcd','a') from dual; --返回1
    select instr('abcd','c') from dual; --返回3
    select instr('abcd','e') from dual;    --返回0

    该函数可以用于模糊查询以及判断包含关系:

    例如:

    ① select code, name, dept, occupation  from staff  where instr(code, '001') > 0;

    等同于

    select code, name, dept, occupation  from staff  where code like '%001%' ;

    ② select ccn,mas_loc from mas_loc where instr('FH,FHH,FHM',ccn)>0;

    等同于

    select ccn,mas_loc from mas_loc where ccn in ('FH','FHH','FHM');
  • 相关阅读:
    Log4Net使用指南
    Log4net 写文件日志与数据库日志
    JSON-Schema 最科学的表单验证模式
    番茄时间工作法
    css 温故而知新 1px的问题
    $.ajax 温故而知新坑
    H5中滚动卡顿的问题
    横向思维
    Wd 西部数据
    使用AlloyLever来搞定开发调试发布,错误监控上报,用户问题定位
  • 原文地址:https://www.cnblogs.com/ilooking/p/5531172.html
Copyright © 2011-2022 走看看