功能實現:在頁面輸入給定的用戶名之一,可以顯示當前用戶的權限,也可以在頁面更改該用戶的權限,更新之后保存。像下面這樣。
填寫用戶名提交:
顯示用戶AAA的權限:
修改權限(增加article3):
點擊Update之后,權限更新,下次訪問,輸入用戶名AAA提交后顯示:
提交用戶名,顯示用戶權限和修改用戶權限頁面:authority-manager.jsp
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>My JSP 'authority-manager.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body>
<center>
<br><br>
<form action="AuthorityServlet?method=getAuthorities" method="post">
name:<input type="text" name="username"/>
<input type="submit" value="Submit"/>
</form>
<c:if test="${requestScope.user!=null }">
<br><br>
${requestScope.user.username}的權限是:
<br><br>
<form action="AuthorityServlet?method=updateAuthorities" method="post">
<input type="hidden" name="username" value="${requestScope.user.username}"/>
<br><br>
<!-- 兩個循環:外層循環先將權限都列出來,內層循環用於將對應用戶的對應權限 -->
<c:forEach items="${authorities}" var="auth">
<c:set var="flag" value="false"></c:set>
<c:forEach items="${user.authorities}" var="ua">
<c:if test="${ua.url==auth.url }">
<c:set var="flag" value="true"></c:set>
</c:if>
</c:forEach>
<c:if test="${flag==true}">
<input type="checkbox" name="authority" value="${auth.url}" checked="checked"/>${auth.displayname}
</c:if>
<c:if test="${flag==false}">
<input type="checkbox" name="authority" value="${auth.url}" />${auth.displayname}
</c:if>
<br><br>
</c:forEach>
<input type="submit" value="Update">
</form>
</c:if>
</center>
</body>
</html>
Servlet實現類,AuthorityServlet.java
package javaweb.com.anthorityManage;
import java.io.IOException;
import java.io.PrintWriter;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.List;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class AuthorityServlet extends HttpServlet {
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
//authority-manager.jsp中的method參數-->getAuthorities
String methodName=request.getParameter("method");
try {
//getClass-->Class型對象,獲得權限為public的內部類(即為public class AuthorityServlet)
//getMethod返回Method類型的對象,每個Method類型的對象代表一個方法
//getMethod(String方法名稱,入口參數類型1.class,入口參數類型2.class)-->訪問指定名稱和參數類型的方法
Method method=getClass().getMethod(methodName, HttpServletRequest.class,HttpServletResponse.class);
//invoke(Object obj,Object...args)-->利用指定參數args執行指定對象obj中的該方法,返回值為Object型
//利用指定參數request,response執行method方法
method.invoke(this, request,response);
} catch (NoSuchMethodException | SecurityException e) {
e.printStackTrace();
} catch (IllegalAccessException e) {
e.printStackTrace();
} catch (IllegalArgumentException e) {
e.printStackTrace();
} catch (InvocationTargetException e) {
e.printStackTrace();
}
}
private UserDao userDao=new UserDao();
public void getAuthorities(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException{
//從請求參數中獲取用戶名
String username=request.getParameter("username");
//從userDao中獲取用戶名(帶有用戶的權限信息)
User user=userDao.get(username);
//將userDao中獲得的用戶名傳遞給request請求
request.setAttribute("user",user);
//userDao中獲取的權限信息添加到request中
request.setAttribute("authorities", userDao.getAuthorities());
//按照用戶名轉發到相應的權限管理頁面
request.getRequestDispatcher("/jspTest/authority-manager.jsp").forward(request, response);
}
public void updateAuthorities(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException{
//從請求域獲得用戶名和相應的多個權限
String username=request.getParameter("username");
//從客戶端request域獲得的權限
String[] authorities=request.getParameterValues("authority");
List<Authority> authorityList=userDao.getAuthorities(authorities);
userDao.update(username, authorityList);
//request.getContextPath()-->返回站點的根路徑
response.sendRedirect(request.getContextPath()+"/jspTest/authority-manager.jsp");
}
}
UserDao類執行具體的事務操作,UserDao.java
package javaweb.com.anthorityManage;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
//UserDao類執行具體的事務操作
public class UserDao {
private static Map<String,User> users;
private static List<Authority> authorities;
static{
authorities=new ArrayList<>();
authorities.add(new Authority("article-1","/jspTest/1.jsp"));
authorities.add(new Authority("article-2","/jspTest/2.jsp"));
authorities.add(new Authority("article-3","/jspTest/3.jsp"));
authorities.add(new Authority("article-4","/jspTest/4.jsp"));
users=new HashMap<String,User>();
User user1=new User("AAA",authorities.subList(0,2));
users.put("AAA",user1);
User user2=new User("BBB",authorities.subList(2,4));
users.put("BBB",user2);
}
//相當於String m1(){} 獲得users中的用戶姓名
User get(String username){
return users.get(username);
}
//更新用戶的權限
void update(String username,List<Authority> authorities){
users.get(username).setAuthorities(authorities);
}
public List<Authority> getAuthorities(){
return authorities;
}
public List<Authority> getAuthorities(String[] urls){
List<Authority> authorities2=new ArrayList<>();
for(Authority authority:authorities){
if(urls!=null){
for(String url:urls){
//遍歷比較,如果url(請求域的)==權限中存儲的url,則將請求域的權限添加到authorities2中成為某個用戶名的權限
if(url.equals(authority.getUrl())){
authorities2.add(authority);
}
}
}
}
return authorities2;
}
}
在web.xml中進行配置:
<servlet>
<servlet-name>AuthorityServlet</servlet-name>
<servlet-class>javaweb.com.anthorityManage.AuthorityServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>AuthorityServlet</servlet-name>
<url-pattern>/AuthorityServlet</url-pattern>
</servlet-mapping>
Authority.java
package javaweb.com.anthorityManage;
public class Authority {
private String displayname;
private String url;
public String getDisplayname() {
return displayname;
}
public void setDisplayname(String displayname) {
this.displayname = displayname;
}
public String getUrl() {
return url;
}
public void setUrl(String url) {
this.url = url;
}
public Authority(String displayname, String url) {
super();
this.displayname = displayname;
this.url = url;
}
public Authority(){}
}
User.java
package javaweb.com.anthorityManage;
import java.util.List;
public class User {
private String username;
private List<Authority> authorities;
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public List<Authority> getAuthorities() {
return authorities;
}
public void setAuthorities(List<Authority> authorities) {
this.authorities = authorities;
}
public User(String username, List<Authority> authorities) {
super();
this.username = username;
this.authorities = authorities;
}
public User(){}
}
AuthorityServlet.jsp中的form表單:
<form action="AuthorityServlet?method=getAuthorities" method="post">
name:<input type="text" name="username"/>
<input type="submit" value="Submit"/>
</form>
1.form表單提交到Servlet的映射地址AuthorityServlet中,在web.xml中可以讀取到相應的Servlet為javaweb.com.anthorityManage.AuthorityServlet;
2.AuthorityServlet.java調用doPost()方法處理請求,String methodName=request.getParameter("method");從請求域request中讀取到method的參數為getAuthorities,Method method=getClass().getMethod(methodName, HttpServletRequest.class,HttpServletResponse.class);訪問指定名稱和參數類型的方法,即開始執行AuthorityServlet類中的getAuthorities(HttpServletRequest request, HttpServletResponse response)方法;
3.AuthorityServlet類中的getAuthorities(HttpServletRequest request, HttpServletResponse response)方法實現的功能是:
String username=request.getParameter("username");從請求域中獲取參數,得到請求域中用戶提交的用戶名。User user=userDao.get(username);根據得到的用戶名username在userDao中獲取數據庫中存取的用戶名。之后將userDao中獲取的用戶名及對應的權限信息提交給request,並且轉發到相應的權限管理界面authority-manager.jsp。
4.在權限管理界面authority-manager.jsp,重復執行1,2步,在第2步中訪問到的方法為AuthorityServlet類中的updateAuthorities(HttpServletRequest request, HttpServletResponse response)。
5.在updateAuthorities(HttpServletRequest request, HttpServletResponse response)方法中先從請求域中獲得用戶名及相應的權限信息,List<Authority> authorityList=userDao.getAuthorities(authorities);調用userDao中的getAuthorities(authorities)方法,即如下代碼:
public List<Authority> getAuthorities(String[] urls){
List<Authority> authorities2=new ArrayList<>();
for(Authority authority:authorities){
if(urls!=null){
for(String url:urls){
//遍歷比較,如果url(請求域的)==權限中存儲的url,則將請求域的權限添加到authorities2中成為某個用戶名的權限
//由URL識別代表權限
if(url.equals(authority.getUrl())){
authorities2.add(authority);
}
}
}
}
return authorities2;
}
上述代碼實現的功能是根據Url識別權限,如果url(請求域的)==權限中存儲的url,則將請求域的權限添加到authorities2中成為某個用戶名的權限。
6.userDao.update(username, authorityList);更新用戶的權限信息。