共写了三篇登录授权认证的文章,分别是使用mybatis、mybatis+spring、mybatis+spring+springmvc写的demo,既是对ssm过程的梳理,也是对shiro学习的一种铺垫
数据库设计
使用rbac思想进行数据库设计,即 用户-角色-功能,下面的car表为功能,这里用户和角色采用一对一的设计,users表里边除了id 登录名和密码之外有外键rid(用户对应的角色id),role里边独善其身,不与其他表产生直接关联,角色id和角色名name,car里边有它自己的属性(id name price slogan),role_car将car与role产生关联,id rid cid
采用上面的这种设计,当需要拿到登录用户的所有car时,通过登录后的rid在role_car表中进行查询,找出对应的car,然后将role_car和car两表联合,得出该用户所有的car数据
搭建mybatis环境
mybatis.xml文件
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE configuration
PUBLIC "-//mybatis.org//DTD Config 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-config.dtd">
<configuration>
<settings>
<setting name="logImpl" value="LOG4J"/>
</settings>
<typeAliases>
<package name="cn.wit.pojo"/>
</typeAliases>
<environments default="mysql">
<environment id="mysql">
<transactionManager type="JDBC"></transactionManager>
<dataSource type="POOLED">
<property name="driver" value="com.mysql.jdbc.Driver"/>
<property name="url" value="jdbc:mysql://localhost:3306/wit"/>
<property name="username" value="root"/>
<property name="password" value="wityy"/>
</dataSource>
</environment>
</environments>
<mappers>
<package name="cn.wit.mapper"/>
</mappers>
</configuration>
mapper事务
登录认证事务(直接用注解解决了)
package cn.wit.mapper;
import org.apache.ibatis.annotations.Select;
import cn.wit.pojo.Users;
public interface UsersMapper {
@Select("select *from users where username=#{username} and password=#{password}")
Users selUsers(Users users);
}
授权事务(使用mapper.xml文件需要导入dtd)
package cn.wit.mapper;
import java.util.List;
import cn.wit.pojo.Car;
import cn.wit.pojo.Users;
public interface CarMapper {
List<Car> selCar(Users users);
}
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper
PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="cn.wit.mapper.CarMapper">
<select id="selCar" parameterType="users" resultType="car">
select c.*,rc.rid from role_car rc
join car c on rc.cid=c.id
where rid=#{
rid}
</select>
</mapper>
Service
package cn.wit.service;
import java.io.IOException;
import java.util.List;
import cn.wit.pojo.Car;
import cn.wit.pojo.Users;
public interface LoginService {
Users login(Users users)throws IOException;
List<Car> getCars(Users users)throws IOException;
}
package cn.wit.serviceImpl;
import java.io.IOException;
import java.io.InputStream;
import java.util.List;
import org.apache.ibatis.io.Resources;
import org.apache.ibatis.session.SqlSession;
import org.apache.ibatis.session.SqlSessionFactory;
import org.apache.ibatis.session.SqlSessionFactoryBuilder;
import cn.wit.mapper.CarMapper;
import cn.wit.mapper.UsersMapper;
import cn.wit.pojo.Car;
import cn.wit.pojo.Users;
import cn.wit.service.LoginService;
public class LoginServiceImpl implements LoginService{
@Override
public Users login(Users users) throws IOException {
//如果登录成功,认证成功,拿到user对象
InputStream is=Resources.getResourceAsStream("mybatis.xml");
SqlSessionFactory factory=new SqlSessionFactoryBuilder().build(is);
SqlSession session=factory.openSession();
UsersMapper usersMapper = session.getMapper(UsersMapper.class);
return usersMapper.selUsers(users);
}
@Override
public List<Car> getCars(Users users) throws IOException {
//登录成功后调用该方法进行授权,返回car 的list
InputStream is=Resources.getResourceAsStream("mybatis.xml");
SqlSessionFactory factory=new SqlSessionFactoryBuilder().build(is);
SqlSession session=factory.openSession();
CarMapper carMapper = session.getMapper(CarMapper.class);
return carMapper.selCar(users);
}
}
servlet
package cn.wit.servlet;
import java.io.IOException;
import java.util.List;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import cn.wit.pojo.Car;
import cn.wit.pojo.Users;
import cn.wit.service.LoginService;
import cn.wit.serviceImpl.LoginServiceImpl;
/**
* Servlet implementation class LoginServlet
*/
@WebServlet("/login")
public class LoginServlet extends HttpServlet {
LoginService loginService=new LoginServiceImpl();
@Override
protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
//设置浏览器响应编码格式
req.setCharacterEncoding("utf-8");
//完成认证
String username = req.getParameter("username");
String password = req.getParameter("password");
System.out.println(username+":"+password);
Users users=new Users(username,password);
Users u= loginService.login(users);
System.out.println(u);
//如果认证成功,则进行授权操作
//如果认证失败,则 error设为yes回到登录界面弹框密码错误
if(u!=null){
List<Car> cars=loginService.getCars(u);
System.out.println(cars);
//登录操作不适合用请求转发,所以用session来传参
HttpSession session = req.getSession();
session.setAttribute("cars", cars);
resp.sendRedirect("/car2/main.jsp");
}else{
resp.sendRedirect("/car2/login.jsp?error=yes");
}
}
}
视图
登录 login.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script type="text/javascript">
var errori ='<%=request.getParameter("error")%>';
if(errori=='yes'){
alert("账号或密码错误!");
}
</script>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<form action="login" method="post" >
账号<input type="text" name="username"> <br>
密码<input type="text" name="password"> <br>
<input type="submit" value="登陆">
</form>
</body>
</html>
主页 main.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<table border="1px">
<tr>
<th>名字</th>
<th>价格</th>
<th>宣传语</th>
</tr>
<c:forEach items="${cars}" var="car">
<tr>
<td>${car.name }</td>
<td>${car.price }</td>
<td>${car.slogan }</td>
</tr>
</c:forEach>
</table>
</body>
</html>