大XX项目权限查询及增删改

s首先我要说说我的大Xx项目功能当然有权限登录，二级菜单，增删改查和分页。

虽然功能不算多但是我来写一下我的思路

权限：

先进
shiroFilter再进securityManager 进 myRealm

doGetAuthorizationInfo

doGetAuthenticationInfo

if (admin == null) {
throw new UnknownAccountException();
}

抛了异常捕获到login页面的验证方法

//shiro 获取异常,判断异常类型
Object errorClass=request.getAttribute("shiroLoginFailure");
if("org.apache.shiro.authc.IncorrectCredentialsException".equals(errorClass)){

request.setAttribute("errormsg", "用户名或密码错误");
}
if("org.apache.shiro.authc.UnknownAccountException".equals(errorClass)){
request.setAttribute("errormsg", "用户不存在或已禁用");
}
if("com.dsj.data.shiro.filter.VerifyCodeException".equals(errorClass)){
request.setAttribute("errormsg", "验证码不正确");
}
%>
MyFormAuthenticationFilter类
认证完以后进行授权
@Override
protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request,
ServletResponse response) throws Exception {
//开启授权
subject.hasRole("*");

return super.onLoginSuccess(token, subject, request, response);
}
授权

doGetAuthenticationInfo

路径和数据表中的路径相匹配就展示
<a href="#" title="Dashboard"><i class="fa fa-lg fa-fw fa-home"></i> <span class="menu-item-parent">${vo.name }</span></a>
<ul>
<c:forEach items="${vo.children}" var="po" varStatus="status">
<shiro:hasPermission name="${po.pattern}">
<li>
<a href="${ctx}${po.uri}" title="Dashboard"><span class="menu-item-parent">${po.name }</span></a>
</li>
</shiro:hasPermission>
</c:forEach>

先进
shiroFilter再进securityManager 进 myRealm

doGetAuthorizationInfo

doGetAuthenticationInfo

if (admin == null) {
throw new UnknownAccountException();
}

抛了异常捕获到login页面的验证方法

doGetAuthenticationInfo

*******************************************重置密码

让页面走/resetPwd方法修改成功和失败都有提示

@RequestMapping(value = "/resetPwd")
@ResponseBody
public Object resetPwd(String id) {
AjaxResultVo ajax = new AjaxResultVo();
try {
System.out.println(id+"**********************");
userService.resetPwd(id);
System.out.println(id);
ajax.setStatus(200);
ajax.setMessage("密码重置成功");
} catch (Exception e) {
ajax.setStatus(500);
ajax.setMessage("密码重置失败--->" + e);
}
return ajax;
}

页面这么写

{"bSortable": false,
"mRender":function(data,type,full){
var edit = "<a class='dsj_btn btn btn-default' href='javascript:void(0);' onclick='editUser("+full.id+")'>编辑</a>";
var resetPwd = "<a class='dsj_btn btn btn-default' href='javascript:void(0);' onclick='resetPwd("+ full.id+")'>重置密码</a>";
return edit+resetPwd;

}
}

传一个 id，点击事件走resetPwd(id)方法

声明两个变量把参数传进来还有id

var reId;
var id;
function resetPwd(id) {
setModalContent("确认要重置此账号密码?", "resetPwd");
reId=id;
}

这是真正走resetpwd 走controller 方法业务是成功走列表

$("body").on("click","#resetPwd",function() {，
$.ajax({
type : "post",
url : _ctx
+ "/user/resetPwd",
data : {
id : reId
},
datatype : "json",
success : function(result) {
if (result.status != 200) {
setErrorContent(result.message);
} else {
setErrorContent(result.message);
setTimeout(function() {
location = _ctx + "/user/User";
}, 2000);
}
}
})
});

接口写个和controller一样的方法名字

实现走的md5加密方法修改成了123456，走dao层底层的updateDynamic所以mapper.xml没写方法，自带的

mapper.xml就会修改你的密码

今天聊一聊查询，我的查询是根据name查的

这是我写的查询getByIds 方法具体查根据name 查询

这是dao层实现层

//这是查什么的
@Override
public List<String> getByIds(String[] rids) {
// TODO Auto-generated method stub
return sessionTemplate.selectList("getByIds", rids);
}

携带rid只是传递的参数而已

然后再写xml的sql

******************************************查询name，

<select id="getByIds" resultType="java.lang.String">
SELECT
name
FROM
<include refid="tableName" />
<where>
id in
<foreach collection="array" index="index" item="item"
separator="," open="(" close=")">
#{item}
</foreach>
</where>
</select>

*********************************

@Override
public List<RoleVo> getByList(Long id) {
// TODO Auto-generated method stub
//实现类查询id
Map<String, Object> map = new HashMap<String, Object>();
map.put("userId", id);
List<URPo> r1 = urDao.getByList(map);
List<RoleVo> r2 = new ArrayList<RoleVo>();//获取id
for (RolePo rolePo : dao.getAll()) {
r2.add(new RoleVo(rolePo));
}
for (RoleVo roleVo : r2) {
for (URPo urPo : r1) {
if (urPo.getRoleId().longValue()==roleVo.getId().longValue()) {
roleVo.setFlag(true);
}
}
}

return r2;
}

getByts也是插询没有指定

<select id="getBys" resultMap="beanMap" parameterType="java.util.Map">
SELECT
<include refid="tableColumns" />
FROM
<include refid="tableName" />
<where>
<include refid="condition_sql" />
</where>
</select>

*******查询就完了

修改功能

@Override
public void updateUser(UserVo userVo) {
userVo.setUserType(UserType.EMPLOYEE.getValue());
userVo.setDelFlag(DeleteStatusEnum.NDEL.getValue());
String[] rids = userVo.getRids().split(",");
List<String> rnames = roleDao.getByIds(rids);
userVo.setRoleName(JSON.toJSONString(rnames));
dao.updateDynamic(userVo);
if (null == userVo.getRids()) {
return;

}
Map<String, Object> map = new HashMap<String, Object>();
map.put("userId", userVo.getId());
urDao.deleteBy(map);
List<URPo> list = new ArrayList<URPo>();
for (String rid : rids) {
URPo urPo = new URPo();
urPo.setRoleId(Long.parseLong(rid));
urPo.setUserId(userVo.getId());
list.add(urPo);
}
urDao.insert(list);
}

大XX项目 权限查询及增删改

大XX项目权限查询及增删改