天天看点
返回

spring3.0 MVC初步4-spring security REST

一、SpEl表达式

1、配置事务时用过一个AspectJ’s pointcut expression language:

 <aop:config>

  <aop:advisor

   pointcut="execution(* *..IUserService.*(..))"

   advice-ref="txAdvice"/>

 </aop:config>

2、配置安全时用SpEl表达式

    <intercept-url pattern="/user/**" access="hasRole('ROLE_管理员')"/>

    <intercept-url pattern="/**" access="isAuthenticated()"/>

二、视图层安全元素

<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>

欢迎您:<security:authentication property="principal.username" />

三、web请求权限控制

    <intercept-url pattern="/user/**" access="hasRole('ROLE_管理员')"/>

    <intercept-url pattern="/role/**" access="hasRole('ROLE_管理员')"/>

    <intercept-url pattern="/unit/**" access="hasRole('ROLE_管理员')"/>

    <intercept-url pattern="/belong/**" access="hasRole('ROLE_管理员')"/>

    <intercept-url pattern="/**" access="isAuthenticated()"/>

四、视图层权限控制

<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>

<security:authorize access="hasRole('ROLE_管理员')">

<a href="user/page/1" target="_blank" rel="external nofollow" >用户管理</a><br/>

<a href="role" target="_blank" rel="external nofollow" >角色管理</a><br/>

<a href="unit" target="_blank" rel="external nofollow" >单位管理</a><br/>

<a href="belong" target="_blank" rel="external nofollow" >数据归属管理</a>

</security:authorize>

五、方法层权限控制

@Secured("ROLE_SPITTER")

public void addSpittle(Spittle spittle) {

// ...

}

六、REST

1、涵义:Representational State Transfer (REST)

REST URL:http://t18:3000/s4/user/4

对照struts2的url:http://t18:3000/s4/LoadUserAction.action?user.userId=4

2、控制器能处理所有http请求,包括GET, PUT, DELETE,  POST

3、@PathVariable注解使控制器能处理参数化URL

4、spring标签<sf:form method="PUT">与HeddenHttpMethodFilter过滤器共同协作,使通过普通浏览器就能支持PUT和DELETE方法。

web.xml增加

 <filter>

  <filter-name>httpMethodFilter</filter-name>

  <filter-class>org.springframework.web.filter.HiddenHttpMethodFilter</filter-class>

 </filter>

 <filter-mapping>

  <filter-name>httpMethodFilter</filter-name>

  <url-pattern>/*</url-pattern>

 </filter-mapping>

a、取数据GET http://t18:3000/s4/user/4

 @RequestMapping(value="{userId}", method=RequestMethod.GET)

 public String get(@PathVariable("userId") Short userId, Model model){

  User u = service.loadUser(userId);

  model.addAttribute(u);

  return "user/edit";

 }

b、显示用来修改PUT

    <sf:form method="PUT" modelAttribute="user">

         登录名<sf:input path="logName" /><br/>

   密码<sf:input path="password"/><br/>

   真实姓名<sf:input path="userName"/><br/>

         电话<sf:input path="phone" /><br/>

         手机<sf:input path="mobilePhone"/><br/>

         email<sf:input path="email"/><br/>

         <input type="submit" value="保存" />

    </sf:form>

c、修改PUT

 @RequestMapping(value="{userId}", method=RequestMethod.PUT)

 public String update(@PathVariable Integer userId, @Valid User user){

  service.saveUser(user);

  return "redirect:/user/page/1";

 }

d、删除DELETE

                            <sf:form method="DELETE" action="user/${u.userId }">

                            <input type="submit" value="删除"/>

                            </sf:form>

 @RequestMapping(value="{userId}", method=RequestMethod.DELETE)

 public String delete(@PathVariable("userId") short userId){

  User user = service.loadUser(userId);

  service.deleteUser(user);

  return "redirect:/user/page/1";

 }

e、准备添加

 @RequestMapping( method=RequestMethod.GET, params="new")

 public String prepare(Model model){

  model.addAttribute(new User());

  return "user/edit";

 }

f、添加页面用POST提交,控制器:

 @RequestMapping(method=RequestMethod.POST)

 public String  add(@Valid User user, BindingResult result)

   throws BindException{

  if(result.hasErrors()){

   throw new BindException(result);

  }

  service.addUser(user);

  return "redirect:/user/page/1";

 }

七、REST分页

http://t18:3000/s4/user/page/3

1、分页类

public class Page implements IPageUtil{

 private int curPage=1,toPage=1,everyCount=15;

 private long pageCount,count;

 boolean hasNext,hasPrevious;

 private List<?> data = new ArrayList();

 public Page(){

 }

 public Page(int toPage, long count, int everyCount, List data){

  this.toPage = toPage;

  this.count = count;

  this.everyCount = everyCount;

  this.curPage = getCurPage(count, everyCount);

  this.data = data;

 }

 public int getCurPage(long theCount){

 }

 public int getCurPage(long theCount,int n){

 }

...

}

2、dao支持

 public Page findPagedListObject(String hql, int toPage, long count, int everyCount){

  Query query = getCurrentSession().createQuery(hql);

     if (toPage <= 0) toPage = 1;

     int first = (toPage-1) * everyCount;

     int max = everyCount;

     query.setFirstResult(first+1);

        query.setMaxResults(first + max);

        List l = query.list();

        Page page = new Page(toPage, count, everyCount, l);

        return page;

 }

3、service支持

 public Page listPagedUsers(int toPage, long count, int everyCount){

   return dao.findPagedListObject("from User u", toPage, count, everyCount);

 }

4、控制器

 @RequestMapping(value="/page/{toPage}", method = RequestMethod.GET)

 public String list(

   @PathVariable("toPage") int toPage,

   HttpServletRequest request,

   Model model){

  Page page = service.findPagedUsers(request, toPage, service.countUser(request),3);

  model.addAttribute("page", page);

  return "user/list";

 }

5、页面显示数据时,取${page.data}即可,分页页面可共用

Spring 3.0 mvc rest security spring
上一篇: Spring 3之MVC &amp; Security简单整合开发(三)
下一篇: Spring 3之MVC &amp; Security简单整合开发(一)(转)

继续阅读