原创作品,允许转载,转载时请务必以超链接形式标明文章
原始出处 、作者信息和本声明。否则将追究法律责任。
http://qingkechina.blog.51cto.com/5552198/1386941
1
2
3
4
5
6
7
8
9
|
<
servlet
>
<
servlet-name
>data</
servlet-name
>
<
servlet-class
>com.medical.frame.FrameDataGainer</
servlet-class
>
<
load-on-startup
>2</
load-on-startup
>
</
servlet
>
<
servlet-mapping
>
<
servlet-name
>data</
servlet-name
>
<
url-pattern
>*.data</
url-pattern
>
</
servlet-mapping
>
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
public
class
FrameDataGainer
extends
HttpServlet
{
/**
* 定义日志对象
*/
private
static
final
Logger logger = LoggerFactory.getLogger(FrameDataGainer.
class
);
@Override
public
void
init()
throws
ServletException
{
ServletContext context = getServletContext();
// 加载业务配置文件
try
{
FrameConfigUtil.loadDataBusiness(context);
}
catch
(FrameException e)
{
throw
new
ServletException(
"[FrameDataGainer] init error."
, e);
}
}
}
|
1
2
3
4
5
6
7
8
|
/**
* 加载D:\medical\war\WEB-INF\config下的所有数据业务配置文件
*/
public
static
void
loadDataBusiness(ServletContext context)
throws
FrameException
{
findDataFile(context,
"/WEB-INF/config"
);
parseDataBusiness(context);
}
|
1
2
3
4
5
6
7
8
9
|
public
class
FrameDataGainer
extends
HttpServlet
{
@Override
public
void
doGet(HttpServletRequest request, HttpServletResponse response)
throws
ServletException
{
String dataName = getDataName(request);
// 省略
}
}
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
public
class
FrameResultBean
{
/**
* 错误码
*/
private
int
errorCode =
0
;
/**
* 错误描述
*/
private
String errorDesc =
null
;
public
int
getErrorCode()
{
return
errorCode;
}
public
void
setErrorCode(
int
errorCode)
{
this
.errorCode = errorCode;
}
public
String getErrorDesc()
{
return
errorDesc;
}
public
void
setErrorDesc(String errorDesc)
{
this
.errorDesc = errorDesc;
}
}
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
/**
* 返回请求异常Json对象
*/
private
String getErrorResult()
{
FrameResultBean resultBean =
new
FrameResultBean();
resultBean.setErrorCode(FrameErrorCode.REQUEST_BUS_NOT_EXIST);
String errorCode = String.valueOf(FrameErrorCode.REQUEST_BUS_NOT_EXIST);
String errorDesc = FrameCache.getInstance().getResourceValue(errorCode);
resultBean.setErrorDesc(errorDesc);
return
gson.toJson(resultBean);
}
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
public
class
FrameDataGainer
extends
HttpServlet
{
@Override
public
void
doGet(HttpServletRequest request, HttpServletResponse response)
throws
ServletException
{
String dataName = getDataName(request);
if
(dataName ==
null
)
{
response.getWriter().write(getErrorResult());
return
;
}
}
}
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
public
class
FrameDataGainer
extends
HttpServlet
{
@Override
public
void
doGet(HttpServletRequest request, HttpServletResponse response)
throws
ServletException
{
// 省略
FrameDataBusiness business = FrameCache.getInstance().getDataBusinessMap(dataName);
if
(business ==
null
)
{
response.getWriter().write(getErrorResult());
return
;
}
}
}
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
public
class
FrameDataGainer
extends
HttpServlet
{
@Override
public
void
doGet(HttpServletRequest request, HttpServletResponse response)
throws
ServletException
{
// 省略
FrameDefaultAction action = FrameActionFactory.getInstance().implement(business.getBusinessClass());
action.setRequest(request);
action.setResponse(response);
action.setSession(request.getSession());
String resultData = action.execute();
response.getWriter().write(resultData ==
null
? getErrorResult() : resultData);
}
}
|
1
|
<
inputtype
=
"password"
class
=
"login_user_input"
placeholder
=
"请输入密码"
id
=
"login_dynamic_user_pass"
/>
|
1
2
3
4
|
<
div
class
=
"login_button_wrapper"
>
<
a
class
=
"login_confirm_button"
href
=
"javascript:systemUserLogin()"
>登录</
a
>
<
a
class
=
"login_regist_button"
href
=
"javascript:systemUserRegist()"
>注册</
a
>
</
div
>
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
(
function
( window){
/**
* 用户登录方法
*/
function
systemUserLogin(isRegist)
{
var
userName = $(
"#login_dynamic_user_name"
).val();
var
userAuth = $(
"#login_dynamic_user_pass"
).val();
//1. 用户名或密码为空
if
(!userName || !userAuth)
{
return
;
}
//2. 用户名或密码长度不能超过20
if
(userName.length > 20 || userAuth.length > 20)
{
return
;
}
//3. 下发请求
var
data = {
"isRegist"
: isRegist,
"userName"
: userName,
"userAuth"
: userAuth};
asyncRequest(
"login.data"
, data,
function
(result)
{
// TODO
alert(1);
});
}
/**
* 对外公开方法
*/
window.systemUserLogin = systemUserLogin;
window.systemUserRegist = systemUserRegist;
})( window );
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
/**
* 下发AJAX异步请求
*/
function
asyncRequest(action, param, callback)
{
$.ajax(
{
type:
"GET"
,
dataType:
"JSON"
,
url: action,
data: param,
success:
function
(result)
{
callback(result);
}
});
}
|
1
2
3
4
|
<?
xml
version
=
"1.0"
encoding
=
"UTF-8"
?>
<
business-config
>
<
business
name
=
"login"
business-class
=
"com.medical.server.data.UserLoginDataAction"
/>
</
business-config
>
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
/**
* 斗医系统用户登录逻辑处理类
*
* @author qingkechina
*/
public
class
UserLoginDataAction
extends
FrameDefaultAction
{
/**
* 全局Gson对象
*/
private
final
static
Gson gson =
new
Gson();
/**
* 缺省响应动作
*/
public
String execute()
throws
FrameException
{
// 1.从客户端获取用户名和密码
String userName = getParameter(
"userName"
);
String userAuth = getParameter(
"userAuth"
);
if
(FrameUtil.isEmpty(userName) || FrameUtil.isEmpty(userAuth))
{
UserLoginBean loginBean =
new
UserLoginBean();
loginBean.setErrorCode(FrameErrorCode.USER_LOGIN_ERROR);
loginBean.setErrorDesc(FrameUtil.getErrorDescByCode(loginBean.getErrorCode()));
return
gson.toJson(loginBean);
}
// 2.用户名和密码的长度不能超过数据库字段的长度
if
(userName.length() >
20
|| userAuth.length() >
64
)
{
UserLoginBean loginBean =
new
UserLoginBean();
loginBean.setErrorCode(FrameErrorCode.USER_LOGIN_ERROR);
loginBean.setErrorDesc(FrameUtil.getErrorDescByCode(loginBean.getErrorCode()));
return
gson.toJson(loginBean);
}
// 3.用户名和密码一般都是汉字、字母、数字和特殊字符
// 这里留一个雷区,后面再讲解SQL注入时再进行完善
// 4.判断是注册还是登录
String isRegistUser = getParameter(
"isRegist"
);
if
(
"TRUE"
.equalsIgnoreCase(isRegistUser))
{
return
doRegistAction(userName, userAuth);
}
else
{
return
doLoginAction(userName, userAuth);
}
}
// 略去doRegistAction()和doLoginAction()方法
}
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
/**
* 用户注册处理方法
*/
private
String doRegistAction(String userName, String userAuth)
{
// 1. 判断数据库中是否已存在该用户名
UserDAO user = UserUtil.getUserByName(userName);
if
(user !=
null
)
{
UserLoginBean loginBean =
new
UserLoginBean();
loginBean.setErrorCode(FrameErrorCode.USER_SAME_ERROR);
loginBean.setErrorDesc(FrameUtil.getErrorDescByCode(loginBean.getErrorCode()));
return
gson.toJson(loginBean);
}
// 2. 把用户入库
UserUtil.insertUser(userName, userAuth);
UserLoginBean loginBean =
new
UserLoginBean();
loginBean.setErrorCode(FrameErrorCode.USER_REGIST_SUCCESS);
loginBean.setErrorDesc(FrameUtil.getErrorDescByCode(loginBean.getErrorCode()));
loginBean.setForwardPath(
"main.act"
);
return
gson.toJson(loginBean);
}
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
<?
xml
version
=
"1.0"
encoding
=
"utf-8"
?>
<!DOCTYPE hibernate-mapping PUBLIC
"-//Hibernate/Hibernate Mapping DTD 3.0//EN"
"http://hibernate.sourceforge.net/hibernate-mapping-3.0.dtd">
<
hibernate-mapping
package
=
"com.medical.server.dao"
>
<
class
name
=
"UserDAO"
table
=
"USERTABLE"
>
<
id
name
=
"userId"
column
=
"userId"
type
=
"string"
>
<
generator
class
=
"uuid.hex"
/>
</
id
>
<
property
name
=
"userAuth"
column
=
"userAuth"
/>
<
property
name
=
"userSign"
column
=
"userSign"
/>
<
property
name
=
"attention"
column
=
"attention"
/>
</
class
>
</
hibernate-mapping
>
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
/**
* 把用户入库
*/
public
static
void
insertUser(String userName, String userAuth)
{
UserDAO userDao =
new
UserDAO();
userDao.setUserId(userName);
userDao.setUserAuth(userAuth);
Session session = FrameDBUtil.openSession();
Transaction transaction = session.beginTransaction();
session.save(userDao);
transaction.commit();
FrameDBUtil.closeSession();
}
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
/**
* 用户登录处理方法
*/
private
String doLoginAction(String userName, String userAuth)
{
// 1. 判断数据库中是否已存在该用户名
boolean
isValideUser = UserUtil.isValideUser(userName, userAuth);
if
(isValideUser ==
false
)
{
UserLoginBean loginBean =
new
UserLoginBean();
loginBean.setErrorCode(FrameErrorCode.USER_NOT_EXIST_ERROR);
loginBean.setErrorDesc(FrameUtil.getErrorDescByCode(loginBean.getErrorCode()));
return
gson.toJson(loginBean);
}
// 2.返回用户登录成功JSON对象
UserLoginBean loginBean =
new
UserLoginBean();
loginBean.setErrorCode(FrameErrorCode.USER_LOGIN_SUCCESS);
loginBean.setErrorDesc(FrameUtil.getErrorDescByCode(loginBean.getErrorCode()));
loginBean.setForwardPath(
"main.act"
);
return
gson.toJson(loginBean);
}
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
/**
* 通过用户名称查找用户DAO对象
*/
public
static
UserDAO getUserByName(String userName)
{
Session session = FrameDBUtil.openSession();
Criteria criteria = session.createCriteria(UserDAO.
class
);
criteria.add(Restrictions.eq(
"userId"
, userName));
List<?> userList = criteria.list();
FrameDBUtil.closeSession();
if
(FrameUtil.isEmpty(userList))
{
return
null
;
}
UserDAO userDao = (UserDAO)userList.get(
0
);
return
userDao;
}
/**
* 通过用户名和密码验证用户是否合法
*/
public
static
boolean
isValideUser(String userName, String userAuth)
{
Session session = FrameDBUtil.openSession();
Criteria criteria = session.createCriteria(UserDAO.
class
);
criteria.add(Restrictions.eq(
"userId"
, userName)).add(Restrictions.eq(
"userAuth"
, userAuth));
List<?> userList = criteria.list();
FrameDBUtil.closeSession();
if
(FrameUtil.isEmpty(userList))
{
return
false
;
}
return
true
;
}
|
1
2
3
|
500=用户名或密码错误
505=系统中已有同名用户
515=系统中不存在该用户
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
/**
* 用户登录方法
*/
function
systemUserLogin(isRegist)
{
var
userName = $(
"#login_dynamic_user_name"
).val();
var
userAuth = $(
"#login_dynamic_user_pass"
).val();
//1. 用户名或密码为空
if
(!userName || !userAuth)
{
return
;
}
//2. 用户名或密码长度不能超过20
if
(userName.length > 20 || userAuth.length > 20)
{
return
;
}
//3. 下发请求
var
data = {
"isRegist"
: isRegist,
"userName"
: userName,
"userAuth"
: userAuth};
asyncRequest(
"login.data"
, data,
function
(result)
{
var
resultJson = eval(result);
if
(resultJson.errorCode != 510)
{
alert(resultJson.errorDesc);
return
;
}
// 跳转到相应页面
top.location = resultJson.forwardPath;
});
}
|