0
我有兩個實體類User(userId,userName,password)和Role(roleId,roleName)。用戶和角色之間存在雙向一對多映射。任何用戶的角色都是數據庫中的用戶或管理員。我有4個jsp頁面,「login.jsp」,「Hello.jsp」,「error.jsp」,「admin.jsp」。我希望「Hello.jsp」,「admin.jsp」可以是隻有在登錄成功後設置會話時才能訪問。此外,我希望「admin.jsp」只能由admin訪問,而「Hello.jsp」可以同時訪問。Jsp使用spring mvc進行session管理
我該怎麼做。我是春季的新手,冬眠。
我的控制器:
@Controller
@RequestMapping("/record")
public class MainController {
@Resource(name="userService")
private UserService userService;
@Resource(name="roleService")
private RoleService roleService;
@RequestMapping(value="/login",method = RequestMethod.GET)
public String GetFront(Model model){
return "login";
}
@RequestMapping(value="/login",method = RequestMethod.POST)
public String PostFront(Model model){
return "login";
}
@RequestMapping(value="/admin")
public String Front1(Model model){
return "admin";
}
@RequestMapping(value="/Hello")
public String Front2(Model model){
return "Hello";
}
@RequestMapping(value="/authenticate",method = RequestMethod.POST)
public String authenticate(@RequestParam("uname")String userName,@RequestParam("pass")String password,Model model){
boolean success = userService.validate(userName,password);
if(success==true){
return "Hello";
}
else{
return "error";
}
}
@RequestMapping(value = "/list", method = RequestMethod.GET)
public String getRecords(Model model) {
List<User> users = userService.getAll();
List<UserDTO> userDTO = new ArrayList<UserDTO>();
for (User user: users) {
UserDTO dto = new UserDTO();
dto.setUserId(user.getUserId());
dto.setUserName(user.getUserName());
dto.setPassword(user.getPassword());
dto.setRole(roleService.getAll(user.getUserId()));
userDTO.add(dto);
}
model.addAttribute("users", userDTO);
return "record";
}
@RequestMapping(value = "/add", method = RequestMethod.GET)
public String getAdd(Model model) {
model.addAttribute("userAttribute", new User());
return "addUser";
}
@RequestMapping(value = "/add", method = RequestMethod.POST)
public String postAdd(@ModelAttribute("userAttribute") User user) {
userService.add(user);
return "redirect:/record/list";
}
@RequestMapping(value = "/delete", method = RequestMethod.GET)
public String getDelete(@RequestParam("id") Integer userId) {
userService.delete(userId);
return "redirect:/record/list";
}
@RequestMapping(value = "/edit", method = RequestMethod.GET)
public String getEdit(@RequestParam("id") Integer userId, Model model) {
User user1 = userService.get(userId);
model.addAttribute("userAttribute",user1);
return "editUser";
}
@RequestMapping(value = "/edit", method = RequestMethod.POST)
public String postEdit(@RequestParam("id") Integer userId,
@ModelAttribute("userAttribute") User user) {
user.setUserId(userId);
userService.edit(user);
return "redirect:/record/list";
}
}
Hibernate,Session和Session-Cookies標籤與此問題無關。對於它的價值,您的用戶可以在LDAP存儲中,並且身份驗證信息可以通過HTTP標頭而不是Cookie傳遞。 – manish 2014-10-09 10:13:43
我想在不使用Spring Security的情況下執行會話管理 – bablu 2014-10-09 10:20:31
然後編寫一個攔截每個請求的Servlet過濾器,檢查HTTP Session中當前用戶的標誌並允許或拒絕每個請求。 – manish 2014-10-09 10:40:36