目录

resmbms

技术亮点

项目搭建准备工作

登录功能实现

登录功能优化

登录注销功能实现

登录拦截优化

密码修改

优化密码修改使用AJAX

用户管理实现

1. 获取查询的用户数量

2. 实现用户列表展示

3. 获取角色列表

4. 整合资源到Servlet

实现添加用户操作

1. 用户角色列表展示

2. 用户编码判定

3. 添加用户

删除用户

修改用户

查询指定用户信息

订单管理实现

供应商管理实现

总结

简单的用户管理权限实现优化

系列文章目录

文章目录

前言

一、pandas是什么？

二、使用步骤

1.引入库

2.读入数据

总结

---

smbms

浏览器项目中出现乱码问题：配置tomcat启动参数-Dfile.encoding=UTF-8

技术亮点

1. 可以使用EL表达式将请求信息提取到登录页面

   

2. 使用json实现前后端分离

3. 使用ajax更新部分网页技术

4. 对增删改需要启动事务处理，对事务的特性有更清晰的认识

5. 可以使用StringBuffer实现字符串拼接，以及使用HashMap封装键值对参数传递到前端，使用List集合将多个User类封装保存，可以使用list集合拼接参数，使用Object集合传递参数

6. 对MVC三层架构得到清晰认识，实现职责分明，便于后期维护以及开发

7. 多使用标识符切换控制

8. 深入理解了重定向和请求转发的区别

   • 在后端重定向路径需要填写当前的项目路径再加上转发的位置，请求转发只需要填写转发的位置

   • 重定向请求路径会发生改变，请求转发不会

9. 每编写完一个servlet就马上注册（以后可以直接使用springMVC框架）

10. 通过模糊查询获取信息

11. 业务层可以说是一个桥梁，调用Dao层，供控制层使用

系统功能结构图

数据库

项目搭建准备工作

1. 搭建一个模板maven webapp项目

2. 配置Tomcat

3. 测试项目能否运行起来

4. 导入所依赖的jar包：

   • servlet 实现servlet接口

   • jsp jsp标签

   • mysql-connector-java java连接数据库

   • jstl jsp标签库

   • standard jsp标签库所依赖的包

5. 搭建项目结构

   

6. 编写实体类

   ORM映射：表----->类

7. 编写基本公共类

   1. 数据库配置文件

      driver=com.mysql.cj.jdbc.Driver
      url=jdbc:mysql://localhost:3306/smbms?useUnicode=true&characterEncoding=utf8&useSSL=true
      username=root
      password=123456

   2. 编写数据库的公共类

      //操作数据库的公共类public class BaseDao {private static String driver;private static String url;private static String username;private static String password;//静态代码块同类初始化，在类加载的时候就初始化static {//通过类加载器去读取对应的资源ClassLoader loader = BaseDao.class.getClassLoader();InputStream is = loader.getResourceAsStream("db.properties");Properties properties = new Properties();try {properties.load(is);} catch (IOException e) {e.printStackTrace();}driver = properties.getProperty("driver");url = properties.getProperty("url");username = properties.getProperty("username");password = properties.getProperty("password");}//获取数据库的连接public static Connection getConnection(){Connection connection = null;try {Class.forName(driver);connection = DriverManager.getConnection(url, username, password);} catch (Exception e) {e.printStackTrace();}return connection;}/*预编译的sql，执行的时候不需要传sql*///编写查询的公共类public static ResultSet execute(Connection connection,String sql,Object[] param,PreparedStatement statement,ResultSet resultSet){try {statement = connection.prepareStatement(sql);//setObject,占位符从1开始，参数下标从0开始for (int i = 0; i < param.length ; i++) {statement.setObject(i+1,param[i]);}resultSet = statement.executeQuery();} catch (SQLException e) {e.printStackTrace();}return resultSet;}​//编写增删改的公共类public static int execeute(Connection connection,String sql,Object[] param,PreparedStatement statement){int resultNum = 0;try {statement = connection.prepareStatement(sql);for (int i = 0; i < param.length ; i++) {statement.setObject(i+1,param[i]);}resultNum = statement.executeUpdate();​} catch (SQLException e) {e.printStackTrace();}return resultNum;}//关闭资源的公共类public static boolean close(Connection connection,PreparedStatement statement,ResultSet resultSet){boolean flag = true;if (resultSet != null){try {resultSet.close();//垃圾回收的操作resultSet = null;} catch (SQLException e) {e.printStackTrace();//如果没有释放成功flag = false;}}if (statement != null){try {statement.close();statement = null;} catch (SQLException e) {e.printStackTrace();flag = false;}}if (connection != null){try {connection.close();connection = null;} catch (SQLException e) {e.printStackTrace();flag = false;}}return flag;​}}

   3. 编写字符编码过滤器

      public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {servletRequest.setCharacterEncoding("utf-8");servletResponse.setCharacterEncoding("utf-8");filterChain.doFilter(servletRequest, servletResponse);}

8. 导入静态资源

登录功能实现

思路：

1. 编写前端登录页面------> login.jsp

2. 设置欢迎页面，让服务器已启动就跳转到登录页面

   <!--  设置欢迎页  --><welcome-file-list><welcome-file>login.jsp</welcome-file></welcome-file-list>

3. 编写Dao层得到用户登录的接口

   //从数据库查询指定的用户,这里不需要获取连接数据库对象，交给业务层去做public User getLoginUser(Connection connection,String userCode) throws SQLException;

4. 编写Dao层的实现类

    public class UserDaoImpl implements UserDao {public User getLoginUser(Connection connection, String userCode) throws SQLException {PreparedStatement statement = null;ResultSet rs = null;User user = null;if (connection != null){String sql = "select * from `smbms_user` where userCode=?";Object[] param = {userCode};rs = BaseDao.execute(connection, sql, param, statement, rs);while (rs.next()){user = new User();//将这些值丢给用户user.setId(rs.getInt("id"));user.setUserCode(rs.getString("userCode"));user.setUserName(rs.getString("userName"));user.setUserPassword(rs.getString("userPassword"));user.setGender(rs.getInt("gender"));user.setBirthday(rs.getDate("birthday"));user.setPhone(rs.getString("phone"));user.setAddress(rs.getString("address"));user.setUserRole(rs.getInt("userRole"));user.setCreatedBy(rs.getInt("createdBy"));user.setModifyBy(rs.getInt("modifyBy"));user.setModifyDate(rs.getDate("modifyDate"));}BaseDao.close(null,statement,rs);}return user;}}

5. 编写业务层接口

   //用户登录public User login(String userCode,String password) throws SQLException;

6. 编写业务层实现类

    public class UserServiceImpl implements UserService {//业务层都会调用Dao层，所以我们要引入Dao层private UserDao userDao = null;public UserServiceImpl(){userDao = new UserDaoImpl();}public User login(String userCode, String password){Connection connection = null;User user = null;​try {connection = BaseDao.getConnection();//通过业务层调取对应的具体的数据库的数据user = userDao.getLoginUser(connection,userCode,password);} catch (SQLException e) {e.printStackTrace();}finally {BaseDao.close(connection,null,null);}​return user;}@Testpublic void test(){UserServiceImpl userService = new UserServiceImpl();User admin = userService.login("admin", "12345678");System.out.println(admin.getAddress());}}

7. 编写servlet：用于获取前端请求的参数，并调用业务层判断是否存在该用户

   public class LoginServlet extends HttpServlet {//servlet控制层：调用业务层private UserService userService = new UserServiceImpl();@Overrideprotected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {System.out.println("LoginServlet-start...");//获取前端数据String userCode = req.getParameter("userCode");String userPassword = req.getParameter("userPassword");User user = null;//调用业务层相应的操作:和数据库的用户做对比try {user = userService.login(userCode,userPassword);if (user != null){//将用户的信息放到session中req.getSession().setAttribute(Constant.USER_SESSION,user);//跳转到主页resp.sendRedirect("/resmbms/jsp/frame.jsp");}else {//使用请求转发到登录页面，并提示用户名或密码错误req.setAttribute("error","用户名或密码不正确");req.getRequestDispatcher("/login.jsp").forward(req,resp);}} catch (SQLException e) {e.printStackTrace();}}@Overrideprotected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {doGet(req, resp);}
   }

8. 注册servlet

   <servlet><servlet-name>LoginServlet</servlet-name><servlet-class>com.kuang.servlet.user.LoginServlet</servlet-class></servlet><servlet-mapping><servlet-name>LoginServlet</servlet-name><url-pattern>/login.do</url-pattern></servlet-mapping>

登录功能优化

登录注销功能实现

1. 编写servlet：用于移除session属性，再返回登录页面

    @Overrideprotected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {req.getSession().removeAttribute(Constant.USER_SESSION);resp.sendRedirect("/resmbms/login.jsp");}

2. 注册servlet

   <servlet><servlet-name>LogoutServlet</servlet-name><servlet-class>com.kuang.servlet.user.LogoutServlet</servlet-class></servlet><servlet-mapping><servlet-name>LogoutServlet</servlet-name><url-pattern>/jsp/logout.do</url-pattern></servlet-mapping>

登录拦截优化

1. 为了保证用户注销之后不能再进入主页，需要设置过滤器

   public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {HttpServletRequest request = (HttpServletRequest) servletRequest;HttpServletResponse response = (HttpServletResponse) servletResponse;Object userSession = request.getSession().getAttribute(Constant.USER_SESSION);if (userSession == null){response.sendRedirect("/resmbms/error.jsp");}elsefilterChain.doFilter(servletRequest, servletResponse);}

2. 注册过滤器

   <filter><filter-name>SysFilter</filter-name><filter-class>com.kuang.filter.SysFilter</filter-class></filter><filter-mapping><filter-name>SysFilter</filter-name><url-pattern>/jsp/*</url-pattern></filter-mapping>

密码修改

实现增删改查，必须自低向上去编写

1. 编写Dao层的接口

    //修改当前用户密码public int pwdModify(Connection connection,int id,String password);

2. 编写Dao层的实现类

   //修改当前用户密码public int pwdModify(Connection connection, int id, String password) {PreparedStatement statement = null;int resultNum = 0;if (connection != null){String sql = "update `smbms_user` set userPassword = ? where id = ? ";Object[] param = {password,id};resultNum = BaseDao.execeute(connection, sql, param, statement);BaseDao.close(null,statement,null);}return resultNum;}

3. 编写业务层的接口

   //修改当前用户密码public int pwdModify(int id,String password);

4. 编写业务层的实现类

   //修改当前用户密码public int pwdModify(int id, String password) {Connection connection = BaseDao.getConnection();int resultNum = userDao.pwdModify(connection, id, password);BaseDao.close(connection,null,null);return resultNum;}

5. 编写控制层

   //修改密码protected void pwdModify(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {//从前端获取新密码参数String newPassword = req.getParameter("newpassword");//从session中拿到id//别急，先判断一下拿到的是否存在，代码优化就在这一块
   //        User user = (User) req.getSession().getAttribute(Constant.USER_SESSION);Object o = req.getSession().getAttribute(Constant.USER_SESSION);boolean flag = false;if (o != null && !StringUtils.isNullOrEmpty(newPassword)){UserService userService = new UserServiceImpl();flag = userService.pwdModify(((User)o).getId(), newPassword);if (flag){//表示修改成功//给请求携带一个参数req.setAttribute(Constant.MESSAGE,"密码修改成功，请退出，使用新密码登录");//密码修改完成，立即移除sessionreq.getSession().removeAttribute(Constant.USER_SESSION);}else {//修改失败//给请求携带一个参数req.setAttribute(Constant.MESSAGE,"密码修改失败");}}else {//给请求携带一个参数req.setAttribute(Constant.MESSAGE,"新密码有问题");}req.getRequestDispatcher("pwdmodify.jsp").forward(req,resp);}

6. 注册servlet

   <servlet><servlet-name>UserServlet</servlet-name><servlet-class>com.kuang.servlet.user.UserServlet</servlet-class></servlet><servlet-mapping><servlet-name>UserServlet</servlet-name><url-pattern>/jsp/user.do</url-pattern></servlet-mapping>

密码修改遇到的问题：

由于没有验证旧密码，清除旧密码验证，又因为浏览器有缓存旧密码，使得不验证旧密码就无法提交

解决：清除浏览器缓存

问题：清除缓存后，css样式加载不出来，查看响应类型是text/html而不是text/css

原因：在字符编码过滤器中将所有页面信息以html的类型展示

使用servlet复用，在doGet中调用其方法

 

优化密码修改使用AJAX

1. 使用json实现前后端交互

   • 阿里巴巴的fastjson 

     <!-- https://mvnrepository.com/artifact/com.alibaba/fastjson --><dependency><groupId>com.alibaba</groupId><artifactId>fastjson</artifactId><version>1.2.78</version></dependency>

2. 编写servlet

   //验证旧密码public void pwdmodify(HttpServletRequest req, HttpServletResponse resp){//session中有用户的密码，从里面取旧密码，与前端传递过来的参数做对比String oldpassword = req.getParameter("oldpassword");Object o = req.getSession().getAttribute(Constant.USER_SESSION);//使用map封装数据，一切的东西都可以使用map去保存HashMap<String, String> resultMap = new HashMap<String, String>();if (o==null){//session过期或者session已经失效resultMap.put("result","sessionerror");}else if(StringUtils.isNullOrEmpty(oldpassword)){//旧密码输入为空resultMap.put("result","error");}else {if (oldpassword.equals(((User)o).getUserPassword())){//旧密码输入正确resultMap.put("result","true");}else {resultMap.put("result","false");}}//因为前端使用json，需要将map转换为json格式，让前端接收try {//设置返回类型resp.setContentType("application/json");//将map转换成json格式输出，使用阿里巴巴的Json工具类PrintWriter writer = resp.getWriter();writer.write(JSONArray.toJSONString(resultMap));writer.flush();//关闭流操作writer.close();} catch (IOException e) {e.printStackTrace();}}

用户管理实现

思路：

面向对象三大特性：

• 封装（属性私有，get/set方法，在set方法中情况一些不安全的情况）

• 继承

• 多态

1. 导入分页的工具类

2. 查看用户管理需要使用到哪些页面

   • userlist.jsp

1. 获取查询的用户数量

1. 编写Dao层的接口

   //根据用户名或用户角色查询用户总数public int getUserCount(Connection connection,String username,int userRole) throws SQLException;

2. 编写Dao层的实现类

   //根据用户名或用户角色查询用户总数public int getUserCount(Connection connection, String username, int userRole) throws SQLException {PreparedStatement statement = null;//不能使用Integer去包装，Integer可以为null，这里返回的的结果是始终是int类型int count = 0;ResultSet rs = null;if (connection != null){//使用list集合去封装参数ArrayList<Object> params = new ArrayList<Object>();//因为根据用户角色或用户名的条件查询，需要使用StringBuffer去拼接字符串StringBuffer sb = new StringBuffer("SELECT count(1) 'count' from `smbms_user` u,`smbms_role` r WHERE u.userRole = r.id");if (!StringUtils.isNullOrEmpty(username)){sb.append(" and userName like ?");params.add("%"+username+"%");}if (userRole > 0){sb.append(" and userRole = ?");params.add(userRole);}rs = BaseDao.execute(connection, sb.toString(), params.toArray(), statement, rs);if (rs.next()){count = rs.getInt("count");}BaseDao.close(null,statement,rs);System.out.println("UserDaoImpl--->getUserCount："+sb.toString());}//如果上面的两个条件都满足，那么岂不是有两个andreturn count;}

3. 编写service层的接口

   //根据用户名或用户角色查询用户总数public int getUserCount(String username,int userRole) throws SQLException;

4. 编写service层的实现类

   public int getUserCount(String username, int userRole) throws SQLException {Connection connection = BaseDao.getConnection();int count = userDao.getUserCount(connection, username, userRole);BaseDao.close(connection,null,null);return count;}

2. 实现用户列表展示

1. UserDao

   //查询用户列表public List<User> getUserList(Connection connection,String username,int userRole,int currentPageNo,int pageSize) throws SQLException;

2. UserDaoImpl

   public List<User> getUserList(Connection connection, String username, int userRole, int currentPageNo, int pageSize) throws SQLException {PreparedStatement statement = null;ResultSet rs = null;//使用ArrayList将用户信息封装到里面ArrayList<User> users = new ArrayList<User>();User user = null;if (connection != null){//使用list集合去封装参数ArrayList<Object> params = new ArrayList<Object>();//因为根据用户角色或用户名的条件查询，需要使用StringBuffer去拼接字符串StringBuffer sql = new StringBuffer("SELECT *  from `smbms_user` u,`smbms_role` r WHERE u.userRole = r.id");if (!StringUtils.isNullOrEmpty(username)){sql.append(" and userName like ?");params.add("%"+username+"%");}if (userRole > 0){sql.append(" and userRole = ?");params.add(userRole);}//起始下标int pageIndex = (currentPageNo - 1) * pageSize;sql.append(" order by u.creationDate DESC limit ?,?");params.add(pageIndex);params.add(pageSize);rs = BaseDao.execute(connection, sql.toString(), params.toArray(), statement, rs);while (rs.next()){user = new User();user.setId(rs.getInt("id"));user.setUserCode(rs.getString("userCode"));user.setUserName(rs.getString("userName"));user.setUserPassword(rs.getString("userPassword"));user.setGender(rs.getInt("gender"));user.setBirthday(rs.getDate("birthday"));user.setPhone(rs.getString("phone"));user.setAddress(rs.getString("address"));user.setUserRole(rs.getInt("userRole"));user.setCreatedBy(rs.getInt("createdBy"));user.setModifyBy(rs.getInt("modifyBy"));user.setModifyDate(rs.getDate("modifyDate"));user.setId(rs.getInt("id"));user.setUserCode(rs.getString("userCode"));user.setUserName(rs.getString("userName"));user.setUserPassword(rs.getString("userPassword"));user.setGender(rs.getInt("gender"));user.setBirthday(rs.getDate("birthday"));user.setPhone(rs.getString("phone"));user.setAddress(rs.getString("address"));user.setUserRole(rs.getInt("userRole"));user.setCreatedBy(rs.getInt("createdBy"));user.setModifyBy(rs.getInt("modifyBy"));user.setModifyDate(rs.getDate("modifyDate"));users.add(user);}BaseDao.close(null,statement,rs);System.out.println("UserDaoImpl--->getUserCount："+sql.toString());}return users;}

3. UserService

   //根据条件查询用户列表public List<User> getUserList(String username,int userRole,int currentPageNo,int PageSize) throws SQLException;

4. UserServiceImpl

   //查询用户列表public List<User> getUserList(String username, int userRole, int currentPageNo, int pageSize) throws SQLException {ArrayList<User> users = new ArrayList<User>();Connection connection = BaseDao.getConnection();users = (ArrayList<User>) userDao.getUserList(connection, username, userRole, currentPageNo, pageSize);BaseDao.close(connection,null,null);return users;}

3. 获取角色列表

为了我们的职责分明，需要将角色列表另一起一个包，便于代码的维护

1. RoleDao

   //获取角色列表public List<Role> getRoleList(Connection connection) throws SQLException;

2. RoleDaoImpl

   //获取角色列表public List<Role> getRoleList(Connection connection) throws SQLException {System.out.println("UserDaoImpl--->getRoleList");ArrayList<Role> roles = new ArrayList<Role>();PreparedStatement statement = null;ResultSet resultSet = null;Role role = null;if (connection != null){String sql = "select * from smbms_role ";Object[] params = {};System.out.println(params.length);resultSet = BaseDao.execute(connection, sql, params, statement, resultSet);while (resultSet.next()){role = new Role();role.setId(resultSet.getInt("id"));role.setRoleCode(resultSet.getString("roleCode"));role.setRoleName(resultSet.getString("roleName"));role.setCreatedBy(resultSet.getInt("createdBy"));role.setModifyBy(resultSet.getInt("modifyBy"));role.setCreationDate(resultSet.getDate("creationDate"));role.setModifyDate(resultSet.getDate("modifyDate"));roles.add(role);}BaseDao.close(null,statement,resultSet);}return roles;}

3. RoleService

   //查询角色列表public List<Role> getRoleList() throws SQLException;

4. RoleServiceImpl

   public List<Role> getRoleList() throws SQLException {System.out.println("RoleServiceImpl--->getRoleList");List<Role> roles = new ArrayList<Role>();Connection connection = BaseDao.getConnection();roles = roleDao.getRoleList(connection);BaseDao.close(connection,null,null);return roles;}

4. 整合资源到Servlet

1. 获取前端参数，其实就是为了查询做准备

2. 实现分页操作，需要用到页面大小，总页数，总条数，页面数...

3. 获取用户列表

4. 根据前端需要的参数，进行传参

5. 返回前端

public void query(HttpServletRequest req, HttpServletResponse resp) {//获取前端数据String userName = req.getParameter("queryname");String temp = req.getParameter("queryUserRole");String pageIndex = req.getParameter("pageIndex");//如果用户未输入任何东西，要将页面展示出来，我们需设置一些初识值if (userName == null){userName = "";}int userRole = 0;if (temp != null && !temp.equals("")){userRole = Integer.parseInt(temp);}//第一次访问用户管理，一定是第一页，而且页面大小固定int pageSize = 2;int currentPageNo = 1;if (pageIndex != null){currentPageNo = Integer.parseInt(pageIndex);}UserService userService = new UserServiceImpl();List<User> userList = null;//获取用户总数，这里可以实现分页操作int totalCount = 0;try {totalCount = userService.getUserCount(userName, userRole);} catch (SQLException e) {e.printStackTrace();}//引入总页数的支持PageSupport pageSupport = new PageSupport();pageSupport.setPageSize(pageSize);pageSupport.setTotalCount(totalCount);pageSupport.setCurrentPageNo(currentPageNo);//控制首页和尾页，不让其溢出int totalPageCount = pageSupport.getTotalPageCount();if (currentPageNo > totalPageCount) {//超出总页数，就显示最后一页currentPageNo = totalPageCount;}else if (currentPageNo < 1){//出现负页数，就显示第一页currentPageNo = 1;}//获取用户列表展示try {//获取用户列表展示userList = userService.getUserList(userName, userRole, currentPageNo, pageSize);} catch (SQLException e) {e.printStackTrace();}//获取角色列表展示RoleService roleService = new RoleServiceImpl();List<Role> roleList = null;try {roleList = roleService.getRoleList();} catch (SQLException e) {e.printStackTrace();}//给前端传递数据，由于用户查询是执行的每一次请求操作，因此，将信息存放到请求中即可req.setAttribute("userList",userList);req.setAttribute("roleList",roleList);req.setAttribute("queryUserName",userName);req.setAttribute("queryUserRole",userRole);req.setAttribute("totalCount",totalCount);req.setAttribute("currentPageNo",currentPageNo);req.setAttribute("totalPageCount",totalPageCount);//返回前端try {req.getRequestDispatcher("userlist.jsp").forward(req,resp);} catch (ServletException e) {e.printStackTrace();} catch (IOException e) {e.printStackTrace();}
}

实现添加用户操作

1. 用户角色列表展示

//添加用户界面中的获取角色列表public void getRoleList(HttpServletRequest req, HttpServletResponse resp) {//获取角色列表RoleService roleService = new RoleServiceImpl();List<Role> roleList = null;try {roleList = roleService.getRoleList();} catch (SQLException e) {e.printStackTrace();}//将roleList转换成Json格式输出try {PrintWriter out = resp.getWriter();out.write(JSONArray.toJSONString(roleList));out.flush();out.close();} catch (IOException e) {e.printStackTrace();}}

思路：

2. 用户编码判定

1. UserDao

   //查询用户public List<User> query(Connection connection) throws SQLException;

2. UserDaoImpl

   //查询所有用户public List<User> query(Connection connection) throws SQLException {PreparedStatement statement = null;ResultSet resultSet = null;Object[] params = {};User user = null;List<User> users = new ArrayList<User>();if (connection != null){String sql = "select * from `smbms_user`";resultSet = BaseDao.execute(connection, sql, params, statement, resultSet);while (resultSet.next()){user = new User();user.setUserCode(resultSet.getString("userCode"));users.add(user);}BaseDao.close(null,statement,resultSet);System.out.println("UserDaoImpl----->query：" +sql);}return users;}

3. UserService

   //查询用户编码public List<User> query() throws SQLException;

4. UserService

   //查询用户public List<User> query() throws SQLException {System.out.println("UserServiceImpl---->query...");Connection connection = BaseDao.getConnection();List<User> userList = userDao.query(connection);BaseDao.close(connection,null,null);return userList;}

5. Servlet

   //判断用户编码是否存在public void isUserExist(HttpServletRequest req, HttpServletResponse resp) {//获取前端参数String InsertUserCode = req.getParameter("userCode");//调取业务层UserService userService = new UserServiceImpl();List<User> userList = null;try {userList = userService.query();} catch (SQLException e) {e.printStackTrace();}//使用Map封装数据HashMap<String, String> map = new HashMap<String, String>();if (userList != null){for (User user:userList){if (InsertUserCode != null && !StringUtils.isNullOrEmpty(InsertUserCode)) {if (InsertUserCode.equals( user.getUserCode())){//用户已经存在map.put("userCode","exist");}}}}//将userList转换成Json格式输出resp.setContentType("application/json");PrintWriter out = null;try {out = resp.getWriter();out.write(JSONArray.toJSONString(map));out.flush();out.close();} catch (IOException e) {e.printStackTrace();}}

3. 添加用户

1. UserDao

    //添加用户public boolean add(Connection connection,User user);

2. UserDaoImpl

   //添加用户public boolean add(Connection connection,User user) {PreparedStatement statement = null;boolean flag = false;if (connection != null){//添加事务try {//开启事务connection.setAutoCommit(false);String sql = "insert into `smbms_user`(\n" +"userCode,userName,userpassword,gender,birthday,phone,address,userRole,createdBy,creationDate" +")\n" +"VALUES(?,?,?,?,?,?,?,?,?,?)";Object[] params = {user.getUserCode(),user.getUserName(),user.getUserPassword(),user.getGender(),user.getBirthday(),user.getPhone(),user.getAddress(),user.getUserRole(),user.getCreatedBy(),user.getCreationDate()};int resultNum = BaseDao.execeute(connection, sql, params, statement);if (resultNum > 0){flag = true;}System.out.println("UserDaoImpl--->add："+sql.toString());connection.commit();System.out.println("UserDaoImpl---->add：" + sql);} catch (SQLException e) {try {connection.rollback();} catch (SQLException ex) {ex.printStackTrace();}}finally {BaseDao.close(null,statement,null);}}return flag;}

3. Userservice

   //添加用户public boolean add(User user);

4. UserserviceImpl

   public boolean add(User user) {System.out.println("UserService---->add....");Connection connection = BaseDao.getConnection();boolean flag = false;if (user != null){flag = userDao.add(connection,user);}BaseDao.close(connection,null,null);return flag;}

5. servlet

   //添加用户public void add(HttpServletRequest req, HttpServletResponse resp) {System.out.println("UserServlet---->add...");String userCode = req.getParameter("userCode");String userName = req.getParameter("userName");String userPassword = req.getParameter("userPassword");String genderTemp = req.getParameter("gender");//临时变量String birthdayTemp = req.getParameter("birthday");String phone = req.getParameter("phone");String address = req.getParameter("address");String userRoleTemp = req.getParameter("userRole");//临时变量System.out.println("--------1---------");int gender = 1;if (genderTemp != null && !StringUtils.isNullOrEmpty(genderTemp)) {gender = Integer.parseInt(genderTemp);}System.out.println("---------2--------");Date birthday = null;try {//将日期字符串格式化birthday = new SimpleDateFormat("yyyy-MM-dd").parse(birthdayTemp);} catch (ParseException e) {e.printStackTrace();}System.out.println("---------3--------");int userRole = 0;if (userRoleTemp != null) {userRole = Integer.parseInt(userRoleTemp);}System.out.println("---------4--------");//将封装到User类中User user = new User();user.setUserCode(userCode);user.setUserName(userName);user.setUserPassword(userPassword);user.setGender(gender);user.setBirthday(birthday);user.setPhone(phone);user.setUserRole(userRole);Object o = req.getSession().getAttribute(Constant.USER_SESSION);if (o != null){user.setCreatedBy(((User) o).getId());}user.setCreationDate(new Date());//调取业务层UserService userService = new UserServiceImpl();//添加用户boolean flag = userService.add(user);System.out.println("---------5--------");System.out.println(flag);//判断是否添加成功if (flag){//添加成功之后怎么操作//返回用户管理界面this.query(req, resp);}else {//添加失败之后怎么操作//不必操作，还是在这个页面}}

删除用户

如何获取指定用户id，前端有直接获取id

1. UserDao

   //根据id删除用户public boolean deleteUser(Connection connection,int id);

2. UserDaoImpl

   //根据id删除用户public boolean deleteUser(Connection connection, int id) {PreparedStatement statement = null;boolean flag = false;if (connection != null){//添加事务try {//开启事务connection.setAutoCommit(false);String sql = "delete from `smbms_user` where id = ?";Object[] params = {id};int resultNum = BaseDao.execeute(connection, sql, params, statement);if (resultNum > 0){flag = true;}connection.commit();System.out.println("UserDaoImpl---->delete：" + sql);} catch (SQLException e) {try {connection.rollback();} catch (SQLException ex) {ex.printStackTrace();}}finally {BaseDao.close(null,statement,null);​}​}return flag;}

3. UserService

   //根据id删除用户public boolean deleteUser(int id);

4. UserServiceImpl

   public boolean deleteUser(int id) {System.out.println("UserService---->delete....");Connection connection = BaseDao.getConnection();boolean flag = false;userDao.deleteUser(connection,id);BaseDao.close(connection,null,null);return flag;}

5. Servlet

    //删除用户public void deleteUser(HttpServletRequest req, HttpServletResponse resp) {//从前端获取参数String userid = req.getParameter("uid");//调用业务层UserService userService = new UserServiceImpl();HashMap<String, String> map = new HashMap<String, String>();boolean flag = false;if (userid==null && StringUtils.isNullOrEmpty(userid)){map.put("delResult","notexist");}else {flag = userService.deleteUser(Integer.valueOf(userid));if (flag){map.put("delResult","true");}else {map.put("delResult","false");}}try {resp.setContentType("applicaton/json");PrintWriter writer = resp.getWriter();writer.write(JSONArray.toJSONString(map));writer.flush();writer.close();} catch (IOException e) {e.printStackTrace();}}

修改用户

1. 分析需求

2. 查看请求的路径

思路：

userDao

//根据id修改用户信息public boolean modifyById(Connection connection,User user);

userDaoImpl

//根据id修改用户信息public boolean modifyById(Connection connection, User user) {PreparedStatement statement = null;boolean flag = false;if (connection != null){//添加事务try {//开启事务connection.setAutoCommit(false);String sql = "update smbms_user set userName=?," +"gender=?,birthday=?,phone=?,address=?,userRole=?,modifyBy=?,modifyDate=? where id = ? ";Object[] params = {user.getUserName(), user.getGender(), user.getBirthday(),user.getPhone(), user.getAddress(), user.getUserRole(), user.getModifyBy(),user.getModifyDate(), user.getId()};int resultNum = BaseDao.execeute(connection, sql, params, statement);if (resultNum > 0){flag = true;}connection.commit();System.out.println("UserDaoImpl---->modifyById：" + sql);} catch (SQLException e) {try {connection.rollback();} catch (SQLException ex) {ex.printStackTrace();}}finally {BaseDao.close(null,statement,null);​}​}return flag;}

UserService

//根据id修改用户信息public boolean modifyById(User user);

UserService

public boolean modifyById(User user) {System.out.println("UserService---->delete....");Connection connection = BaseDao.getConnection();boolean flag = false;flag = userDao.modifyById(connection,user);BaseDao.close(connection,null,null);return flag;}

servlet

//根据id查询用户信息，返回usermodify.jsp页面public void modifyById(HttpServletRequest request, HttpServletResponse resp) {//获取前端参数String id = request.getParameter("uid");Integer uid = 0;​//判断是否获取到id值if (id != null){uid = Integer.valueOf(id);}else {try {resp.sendRedirect(request.getContextPath() + "/error.jsp");} catch (IOException e) {e.printStackTrace();}}//调取业务层UserService userService = new UserServiceImpl();User user = null;try {user = userService.getUserById(uid);} catch (SQLException e) {e.printStackTrace();}if (user != null){//用户信息存在request.setAttribute("user",user);try {request.getRequestDispatcher("usermodify.jsp").forward(request,resp);} catch (ServletException e) {e.printStackTrace();} catch (IOException e) {e.printStackTrace();}}}

//根据id修改用户，返回用户列表页面public void modifyExe(HttpServletRequest request, HttpServletResponse resp) {System.out.println("UserServlet----->modifyExe...");//从前端获取参数String id = request.getParameter("uid");String userName = request.getParameter("userName");String gender = request.getParameter("gender");String birthday = request.getParameter("birthday");String phone = request.getParameter("phone");String address = request.getParameter("address");String userRole = request.getParameter("userRole");System.out.println("UserServlet----->modifyById："+ id);User user = new User();user.setId(Integer.valueOf(id));user.setUserName(userName);user.setGender(Integer.valueOf(gender));​try {user.setBirthday(new SimpleDateFormat("yyyy-MM-dd").parse(birthday));} catch (ParseException e) {// TODO Auto-generated catch blocke.printStackTrace();System.out.println("出现异常...");}user.setPhone(phone);user.setAddress(address);user.setUserRole(Integer.valueOf(userRole));user.setModifyBy(((User) request.getSession().getAttribute(Constant.USER_SESSION)).getId());user.setModifyDate(new Date());//调取业务层UserService userService = new UserServiceImpl();​boolean flag = false;try {flag = userService.modifyById(user);} catch (Exception e) {e.printStackTrace();}//这里不需要请求当中携带参数过去，需要用户自己输入request.setAttribute("user",user);if (flag){//修改成功，重定向到用户列表页面try {resp.sendRedirect(request.getContextPath()+"/jsp/user.do?method=query");} catch (IOException e) {e.printStackTrace();}}else {//修改失败。可以不跳转，也可以重新转发到当前页面try {request.getRequestDispatcher("usermodify.jsp").forward(request,resp);} catch (ServletException e) {e.printStackTrace();} catch (IOException e) {e.printStackTrace();}}}

查询指定用户信息

//根据id查询用户信息，返回userview.jsp页面public void getUserById(HttpServletRequest req, HttpServletResponse resp) {System.out.println("-----------1-----------");String uid = req.getParameter("uid");System.out.println(uid);Integer id = 0;try{id = Integer.valueOf(uid);}catch (Exception e){//做一些异常处理 handle exceptionid = 0;}System.out.println("-----------2-----------");//调取业务层UserService userService = new UserServiceImpl();User user = null;try {user = userService.getUserById(id);} catch (SQLException e) {e.printStackTrace();}System.out.println(user);req.setAttribute("user",user);try {req.getRequestDispatcher("userview.jsp").forward(req,resp);} catch (ServletException e) {e.printStackTrace();} catch (IOException e) {e.printStackTrace();}​}

订单管理实现

供应商管理实现

总结

简单的用户管理权限实现优化

1. 从session中获取当前用户信息

2. 判断用户是否为系统管理员

3. 如果不是系统管理员，就返回权限不够页面

4. 如果是就通行

用户权限需要使用过滤器

public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {HttpServletRequest request = (HttpServletRequest) servletRequest;HttpServletResponse response = (HttpServletResponse) servletResponse;HttpSession session = request.getSession();User user = (User) session.getAttribute(Constant.USER_SESSION);if (!user.getUserCode().equals("admin")){response.sendRedirect(request.getContextPath()+"/jsp/powererror.jsp");}else {filterChain.doFilter(servletRequest, servletResponse);}​}

注册过滤器

<filter><filter-name>AuthorityFilter</filter-name><filter-class>com.kuang.filter.AuthorityFilter</filter-class></filter><filter-mapping><filter-name>AuthorityFilter</filter-name><!--指定具体的拦截路径--><url-pattern>/jsp/user.do</url-pattern></filter-mapping><filter-mapping><filter-name>AuthorityFilter</filter-name><url-pattern>/jsp/bill.do</url-pattern></filter-mapping><filter-mapping><filter-name>AuthorityFilter</filter-name><url-pattern>/jsp/provider.do</url-pattern></filter-mapping>