在我们预计的系统中,登录后不仅仅是一种角色,可能这个用户是普通用户,其他的某个用户又是管理员了。
那么在接下来,我们就要创建一组页面,来实现每个不同角色的用户登录之后,可以有属于自己这个角色的页面。
同时页面的结构也要规划好,对于头部和尾部要做到复用。
1、先来复习一下我们之前创建的数据库。
看到 user_role_type 那一列了吧,正是我们拿来标识用户。
这里我们约定1为管理员(admin),2为普通用户(user)。
2、然后我们首先在 web/WEB-INF 创建一下页面文件,文件结构和相关文件如下。
admin 文件夹– 主要放置管理员角色相关的页面的主要内容
user 文件夹– 主要放置用户角色相关的页面的主要内容
includes 文件夹–主要放置以上两种角色页面的公共资源文件,比如头部和尾部文件。
相关文件内容如下
注意:
<jsp:include flush="true" page="../includes/admin/header.jsp" />
include 就是在这里引用其他文件的内容。flush 就是缓冲器满了就输出,免得爆掉。page 就是你要引用的页面。
admin/index.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<jsp:include flush="true" page="../includes/admin/header.jsp" />
<p>
首页
</p>
<jsp:include flush="true" page="../includes/admin/footer.jsp" />
admin/page1.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<jsp:include flush="true" page="../includes/admin/header.jsp" />
<p>
页面1
</p>
<jsp:include flush="true" page="../includes/admin/footer.jsp" />
admin/page2.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<jsp:include flush="true" page="../includes/admin/header.jsp" />
<p>
页面2
</p>
<jsp:include flush="true" page="../includes/admin/footer.jsp" />
user/index.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<jsp:include flush="true" page="../includes/user/header.jsp" />
<p>
首页
</p>
<jsp:include flush="true" page="../includes/user/footer.jsp" />
user/page1.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<jsp:include flush="true" page="../includes/user/header.jsp" />
<p>
页面1
</p>
<jsp:include flush="true" page="../includes/user/footer.jsp" />
includes/admin/footer.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<p>您当前在管理员页面</p>
</body>
</html>
includes/admin/header.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>管理员页面</title>
</head>
<body>
<p>
<a href="/admin">首页</a>
<a href="/admin/page1">页面1</a>
<a href="/admin/page2">页面2</a>
<a href="/logout">登出</a>
</p>
includes/user/footer.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<p>您当前在用户页面</p>
</body>
</html>
includes/user/header.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>用户页面</title>
</head>
<body>
<p>
<a href="/user">首页</a>
<a href="/user/page1">页面1</a>
<a href="/logout">登出</a>
</p>
好的,这些就是我们需要的页面文件了。
3、然后我们在 Controller 里创建两个子包,分别叫 Admin 和 User,里面分别放 AdminPageController 和 UserPageController,对上面的页面资源进行展示。
Admin/AdminPageController
package Controllers.Admin;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
@Controller
public class AdminPageController {
@RequestMapping("/admin/page1")
public String page1(Model model) {
return "admin/page1";
}
@RequestMapping("/admin/page2")
public String page2(Model model) {
return "admin/page2";
}
@RequestMapping("/admin")
public String index(Model model) {
return "admin/index";
}
}
User/UserPageController
package Controllers.User;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
@Controller
public class UserPageController {
@RequestMapping("/user/page1")
public String page1(Model model) {
return "user/page1";
}
@RequestMapping("/user")
public String index(Model model) {
return "user/index";
}
}
4、然后我们来改下我们之前的 IndexController,主要对 index 方法进行修改。
package Controllers;
import Models.UsersEntity;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import javax.servlet.http.HttpSession;
@Controller
public class IndexController {
@RequestMapping("/")
public String index(Model model, HttpSession session) {
// 获取用户
UsersEntity user = (UsersEntity) session.getAttribute("user");
//获取用户身份进行跳转
switch(user.getUserRoleType()) {
case 1:
//redirect:就是跳转 后面跟着要跳转的路径
return "redirect:/admin/";
case 2:
return "redirect:/user/";
default:
return "index";
}
}
@RequestMapping("/logout")
public String logout(Model model, HttpSession session) {
session.removeAttribute("user");
return "index/logout";
}
}
5、改好之后,我们再来创建两个拦截器 AdminInterceptor 和 UserInterceptor,用以对越权访问进行拦截(比如管理员访问用户页面,或者用户访问管理员界面啥的)。
AdminInterceptor
package Interceptors;
import Models.UsersEntity;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class AdminInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o) throws Exception {
//从 Session 里获取当前登录的用户
UsersEntity user = (UsersEntity) httpServletRequest.getSession().getAttribute("user");
//判断当前用户的角色是否为非管理员
if(user.getUserRoleType() != 1) {
//让他返回到正确的路径
httpServletResponse.sendRedirect("/");
return false;
}
//已登录
return true;
}
@Override
public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
}
}
UserInterceptor
package Interceptors;
import Models.UsersEntity;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class UserInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o) throws Exception {
//从 Session 里获取当前登录的用户
UsersEntity user = (UsersEntity) httpServletRequest.getSession().getAttribute("user");
//判断当前用户的角色是否为非用户
if(user.getUserRoleType() != 2) {
//让他返回到正确的路径
httpServletResponse.sendRedirect("/");
return false;
}
//已登录
return true;
}
@Override
public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
}
@Override
public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
}
}
然后再在 dispatcher-servlet.xml 里注册一下新添加的拦截器,分别对指定的路径进行拦截。
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd">
<!-- 注册拦截器组 !-->
<mvc:interceptors>
<!-- 注册拦截器 !-->
<mvc:interceptor>
<!-- 拦截所有路径 !-->
<mvc:mapping path="/**" />
<!-- 拦截器是哪个类的 !-->
<bean class="Interceptors.LoginInterceptor" />
</mvc:interceptor>
<mvc:interceptor>
<!-- 拦截 /admin/ !-->
<mvc:mapping path="/admin/**" />
<!-- 拦截器是哪个类的 !-->
<bean class="Interceptors.AdminInterceptor" />
</mvc:interceptor>
<mvc:interceptor>
<!-- 拦截 /user/ !-->
<mvc:mapping path="/user/**" />
<!-- 拦截器是哪个类的 !-->
<bean class="Interceptors.UserInterceptor" />
</mvc:interceptor>
</mvc:interceptors>
<!-- 和下面的呼应,别把动态资源也给人家处理了 -->
<mvc:annotation-driven />
<!-- 让框架自个儿找去吧 !-->
<context:component-scan base-package="Controllers"></context:component-scan>
<!-- 为了便于开发我们让 Tomcat 来处理静态资源,这样不用配 Nginx 啥的了 -->
<mvc:default-servlet-handler/>
</beans>
6、运行,测试。
管理员下 访问 /user ,就会被自动折返回 /admin。