- 1. 权限控制
- 1.1 pom.xml
- 1.2 废除原有拦截器
- 1.3 授权配置
- 1.4 SecurityConfig
- 1.5 UserService增加用户权限
- 1.6 LoginTicketInterceptor
- 1.6.1 .preHandle
- 1.6.2 afterCompletion
- 1.7 LoginController
- 1.8 CSRF
- 2. 置顶,加精,删除
- 2.1 pom.xml 引入
- 2.2 DAO:DiscussPostMapper
- 2.3 DiscussPostMapper.xml
- 2.4 DiscussPostController
- 2.5 discuss-detail.html
- 2.6 discuss.js
- 2.7 SecurityConfig
- 3. 网站数据统计
- 3.1 RedisKeyUtil
- 3.2 DataService
- 3.3 DataInterceptor
- 3.4 WebMvcConfig
- 3.5 DataController
- 3.6 data.html
- 3.7 SecurityConfig
1.2 废除原有拦截器org.springframework.boot spring-boot-starter-security
config.WebMvcConfig 种注释掉两部分
// @Autowired
// private LoginRequiredInterceptor loginRequiredInterceptor;
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(alphaInterceptor)
.excludePathPatterns("*.css", "*.js", "*.png", "*.jpg", "*.jpeg")
.addPathPatterns("/register", "/login");
registry.addInterceptor(loginTicketInterceptor)
.excludePathPatterns("*.css", "*.js", "*.png", "*.jpg", "*.jpeg");
// registry.addInterceptor(loginRequiredInterceptor)
// .excludePathPatterns("*.css", "*.js", "*.png", "*.jpg", "*.jpeg");
registry.addInterceptor(messageInterceptor)
.excludePathPatterns("*.css", "*.js", "*.png", "*.jpg", "*.jpeg");
registry.addInterceptor(dataInterceptor)
.excludePathPatterns("*.css", "*.js", "*.png", "*.jpg", "*.jpeg");
}
1.3 授权配置
- 定义常量 CommunityConstant
String AUTHORITY_USER = "user"; String AUTHORITY_ADMIN = "admin"; String AUTHORITY_MODERATOR = "moderator";1.4 SecurityConfig
- 继承父类,实现接口
public class SecurityConfig extends WebSecurityConfigurerAdapter implements CommunityConstant {
}
- 重写configure(HttpSecurity http),忽略对静态资源的拦截
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/resources*.css", "*.js", "*.png", "*.jpg", "*.jpeg");
3.5 DataController
- 注入属性
- 统计页面,路径data,方法又可以get又可以post,因为下面会有post请求转发给他
- 统计网站UV,路径"/data/uv",方法post,
- 参数一个开始日期一个结束日期一个model
- 通过@DateTimeFormat设置格式
- 统计结果传给模板
- 转发到/data,表明当前整个方法只能把请求处理一半,剩下的交给/data接着处理
- 统计活跃用户,逻辑类似
@Controller
public class DataController {
@Autowired
private DataService dataService;
// 统计页面
@RequestMapping(path = "/data", method = {RequestMethod.GET, RequestMethod.POST})
public String getDataPage() {
return "/site/admin/data";
}
// 统计网站UV
@RequestMapping(path = "/data/uv", method = RequestMethod.POST)
public String getUV(@DateTimeFormat(pattern = "yyyy-MM-dd") Date start,
@DateTimeFormat(pattern = "yyyy-MM-dd") Date end, Model model) {
long uv = dataService.calculateUV(start, end);
model.addAttribute("uvResult", uv);
model.addAttribute("uvStartDate", start);
model.addAttribute("uvEndDate", end);
return "forward:/data";
}
// 统计活跃用户
@RequestMapping(path = "/data/dau", method = RequestMethod.POST)
public String getDAU(@DateTimeFormat(pattern = "yyyy-MM-dd") Date start,
@DateTimeFormat(pattern = "yyyy-MM-dd") Date end, Model model) {
long dau = dataService.calculateDAU(start, end);
model.addAttribute("dauResult", dau);
model.addAttribute("dauStartDate", start);
model.addAttribute("dauEndDate", end);
return "forward:/data";
}
}
3.6 data.html
- 模板,资源路径,js路径,头部复用
- 配置UV表单
- method="post" th:action="@{/data/uv}"
- 处理日期格式
- 返回结果th:text="${uvResult}"
- DAU表单逻辑类似
管理员才能访问
.antMatchers(
"/discuss/delete",
"/data/**"
)
.hasAnyAuthority(
AUTHORITY_ADMIN
