课时7 案例2:粗粒度权限管理
基于角色的权限控制RBAC
tb_user
tb_role
tb_userrole
tb_menu
tb_rolemenu
web.xml
<?xml version="1.0" encoding="utf-8"?> <web-app> <servlet> <servlet-name>AServlet</servlet-name> <servlet-class>com.pengshiyu.servlet.AServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>AServlet</servlet-name> <url-pattern>/hello</url-pattern> </servlet-mapping> <filter> <filter-name>AFilter</filter-name> <filter-class>com.pengshiyu.filter.AFilter</filter-class> </filter> <filter-mapping> <!-- 不能将过滤器设置在login.html上,不然没法登录了--> <filter-name>AFilter</filter-name> <url-pattern>/hello.html</url-pattern> </filter-mapping> </web-app>
AServlet.java
package com.pengshiyu.servlet; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; public class AServlet extends HttpServlet { @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String username = request.getParameter("username"); System.out.println("post: " + username); // 设置session request.getSession().setAttribute("username", username); // 跳转页面 request.getRequestDispatcher("hello.html").forward(request, response); } }
过滤器进行简单的权限校验
AFilter.java
package com.pengshiyu.filter; import javax.servlet.*; import javax.servlet.http.HttpServletRequest; import java.io.IOException; public class AFilter implements Filter { private FilterConfig config; @Override public void init(FilterConfig filterConfig) throws ServletException { this.config = filterConfig; } @Override public void doFilter(ServletRequest req, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest)req; String username = (String) request.getSession().getAttribute("username"); System.out.println("filter: " + username); if(username != null){ // 放行 filterChain.doFilter(request, response); } else{ // 跳转到登录页 request.getRequestDispatcher("login.html").forward(request, response); } } @Override public void destroy() { } }
课时8 案例3:全站编码问题
// post编码 request.setCharacterEncoding("utf-8"); // get编码 String username = request.getParameter("username"); username = new String(username.getBytes(StandardCharsets.ISO_8859_1), StandardCharsets.UTF_8); // 响应编码 response.setContentType("text/html; charset=UTF-8");
HttpServletRequest装饰类
EncodingRequest.java
package com.pengshiyu.filter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequestWrapper; import java.nio.charset.StandardCharsets; // 装饰器 public class EncodingRequest extends HttpServletRequestWrapper { public EncodingRequest(HttpServletRequest request) { super(request); } @Override public String getParameter(String name) { // 处理编码问题 String value = super.getParameter(name); value = new String(value.getBytes(StandardCharsets.ISO_8859_1), StandardCharsets.UTF_8); return value; } }
过滤器AFilter.java
package com.pengshiyu.filter; import javax.servlet.*; import javax.servlet.http.HttpServletRequest; import java.io.IOException; public class AFilter implements Filter { @Override public void init(FilterConfig filterConfig) throws ServletException { } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest httpServletRequest = (HttpServletRequest) request; String method = httpServletRequest.getMethod(); // 设置响应编码 response.setContentType("text/html; charset=UTF-8"); if ("GET".equals(method)) { // 放行 EncodingRequest encodingRequest = new EncodingRequest(httpServletRequest); filterChain.doFilter(encodingRequest, response); } else if ("POST".equals(method)) { request.setCharacterEncoding("utf-8"); filterChain.doFilter(request, response); } } @Override public void destroy() { } }
响应处理AServlet.java
package com.pengshiyu.servlet; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; public class AServlet extends HttpServlet { @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { System.out.println(request.getParameter("name")); response.getWriter().print("你好"); } }
web.xml
<?xml version="1.0" encoding="utf-8"?> <web-app> <!-- 注册 Servlet,帮助web服务器反射该类 --> <servlet> <servlet-name>AServlet</servlet-name> <servlet-class>com.pengshiyu.servlet.AServlet</servlet-class> </servlet> <!-- 映射 Servlet 资源,用url-pattern元素标示 URL --> <servlet-mapping> <servlet-name>AServlet</servlet-name> <url-pattern>/hello</url-pattern> </servlet-mapping> <filter> <filter-name>AFilter</filter-name> <filter-class>com.pengshiyu.filter.AFilter</filter-class> </filter> <filter-mapping> <!-- 不能将过滤器设置在login.html上,不然没法登录了--> <filter-name>AFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> </web-app>
课时9 案例4:页面静态化之准备工作(图书管理小项目)
功能: 查询所有 按分类查看 BookServlet findAll() 查询全部 findByCategory() 按分类查询 BookService: 省略 BookDao: List<Book> findAll() List<Book> findByCategory() Book: bid bname price category
静态化:
第一次访问从数据库取数据,保存到html中
第二次之后访问就直接从html中读取,不再从数据库中取数据
数据准备:
create table tb_book( bid int primary key auto_increment, bname varchar(50), price decimal(10, 2), category int ); insert into tb_book(bname, price, category) values("Java", 12, 1); insert into tb_book(bname, price, category) values("Python", 12, 1); insert into tb_book(bname, price, category) values("JavaScript", 12, 1); insert into tb_book(bname, price, category) values("Go", 12, 1); insert into tb_book(bname, price, category) values("三国演义", 12, 2); insert into tb_book(bname, price, category) values("西游记", 12, 2); insert into tb_book(bname, price, category) values("水浒传", 12, 2); insert into tb_book(bname, price, category) values("红楼梦", 12, 2);
创建对应的Book类
package com.pengshiyu.bean; public class Book { private int bid; private String bname; private double price; private int category; public Book() { } public int getBid() { return bid; } public void setBid(int bid) { this.bid = bid; } public String getBname() { return bname; } public void setBname(String bname) { this.bname = bname; } public double getPrice() { return price; } public void setPrice(double price) { this.price = price; } public int getCategory() { return category; } public void setCategory(int category) { this.category = category; } @Override public String toString() { return "Book{" + "bid=" + bid + ", bname='" + bname + '\'' + ", price=" + price + ", category=" + category + '}'; } }
BookDao.java
package com.pengshiyu.dao; import com.pengshiyu.bean.Book; import org.apache.commons.dbutils.QueryRunner; import org.apache.commons.dbutils.handlers.BeanListHandler; import util.TxQueryRunner; import java.sql.SQLException; import java.util.List; public class BookDao { private QueryRunner qr = new TxQueryRunner(); public List<Book> findAll() { String sql = "select * from tb_book"; try { List<Book> list = qr.query(sql, new BeanListHandler<Book>(Book.class)); System.out.println(list); return list; } catch (SQLException e) { throw new RuntimeException(e); } } public List<Book> findByCategory(int category) { String sql = "select * from tb_book where category = ?"; try { return qr.query(sql, new BeanListHandler<Book>(Book.class), category); } catch (SQLException e) { throw new RuntimeException(e); } } }
BookServlet
package com.pengshiyu.servlet; import com.pengshiyu.dao.BookDao; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; public class BookServlet extends BaseServlet { private BookDao bookDao = new BookDao(); public void findAll(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { request.setAttribute("bookList", bookDao.findAll()); request.getRequestDispatcher("book.jsp").forward(request, response); } public void findByCategory(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { int category = Integer.parseInt(request.getParameter("category")); request.setAttribute("bookList", bookDao.findByCategory(category)); request.getRequestDispatcher("book.jsp").forward(request, response); } }
用到的工具类 TxQueryRunner.java
package util; import java.sql.Connection; import java.sql.SQLException; import org.apache.commons.dbutils.QueryRunner; import org.apache.commons.dbutils.ResultSetHandler; public class TxQueryRunner extends QueryRunner { @Override public int[] batch(String sql, Object[][] params) throws SQLException { Connection con = JdbcUtil.getConnection(); int[] result = super.batch(con, sql, params); JdbcUtil.releaseConnection(con); return result; } @Override public <T> T query(String sql, ResultSetHandler<T> rsh, Object... params) throws SQLException { Connection con = JdbcUtil.getConnection(); T result = super.query(con, sql, rsh, params); JdbcUtil.releaseConnection(con); return result; } @Override public <T> T query(String sql, ResultSetHandler<T> rsh) throws SQLException { Connection con = JdbcUtil.getConnection(); T result = super.query(con, sql, rsh); JdbcUtil.releaseConnection(con); return result; } @Override public int update(String sql) throws SQLException { Connection con = JdbcUtil.getConnection(); int result = super.update(con, sql); JdbcUtil.releaseConnection(con); return result; } @Override public int update(String sql, Object param) throws SQLException { Connection con = JdbcUtil.getConnection(); int result = super.update(con, sql, param); JdbcUtil.releaseConnection(con); return result; } @Override public int update(String sql, Object... params) throws SQLException { Connection con = JdbcUtil.getConnection(); int result = super.update(con, sql, params); JdbcUtil.releaseConnection(con); return result; } }
