Java tutorial
/* * Copyright (c) 2001-2013 newgxu.cn <the original author or authors>. * * Permission is hereby granted, free of charge, to any person obtaining * a copy of this software and associated documentation files (the * "Software"), to deal in the Software without restriction, including * without limitation the rights to use, copy, modify, merge, publish, * distribute, sublicense, and/or sell copies of the Software, and to * permit persons to whom the Software is furnished to do so, subject to * the following conditions: * * The above copyright notice and this permission notice shall be * included in all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ package cn.newgxu.lab.info.controller; import java.util.List; import javax.inject.Inject; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.web.bind.annotation.ModelAttribute; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; import cn.newgxu.lab.core.common.ViewConstants; import cn.newgxu.lab.core.util.Assert; import cn.newgxu.lab.info.config.AccountType; import cn.newgxu.lab.info.config.Config; import cn.newgxu.lab.info.entity.AuthorizedUser; import cn.newgxu.lab.info.service.AuthService; /** * ???? * * @author longkai * @email im.longkai@gmail.com * @since 2013-3-29 * @version 0.1 */ @Controller @RequestMapping("/" + Config.APP) @Scope("session") public class AuthController { private static final Logger L = LoggerFactory.getLogger(AuthController.class); @Inject private AuthService authService; /** * RESTful APIPOST??URI * @param au * @param _pwd ? * @return json??jsonhtml? */ @RequestMapping(value = "/users", method = RequestMethod.POST) public String auth(Model model, @ModelAttribute("user") AuthorizedUser au, @RequestParam(value = "_pwd", defaultValue = "") String _pwd) { L.info("?????{}??{}", au.getOrg(), au.getAuthorizedName()); authService.create(au, _pwd); model.addAttribute(ViewConstants.AJAX_STATUS, "ok"); // ?json?html return ViewConstants.BAD_REQUEST; } /** * RESTful APIGETURI * @param model * @param request * @param password * @param account * @return only json, or bad request! */ @RequestMapping(value = "/users", method = RequestMethod.GET) public String login(Model model, HttpServletRequest request, @RequestParam("pwd") String password, @RequestParam("account") String account) { String ip = request.getRemoteAddr(); AuthorizedUser au = authService.login(account, password, ip); request.getSession().setAttribute(Config.SESSION_USER, au); // ?? model.addAttribute(ViewConstants.AJAX_STATUS, "ok"); return ViewConstants.BAD_REQUEST; } /** * RESTful APIPUT?? * @param model * @param request * @param uid * @return only josn */ @RequestMapping(value = "/users/{uid}", method = RequestMethod.PUT) public String logout(Model model, HttpServletRequest request, @PathVariable("uid") long uid) { HttpSession session = request.getSession(false); if (session != null) { session.invalidate(); } model.addAttribute(ViewConstants.AJAX_STATUS, "ok"); return ViewConstants.BAD_REQUEST; } /** * REST APIPUT?? * @param session * @param uid * @param type * @param password * @param pwd1 * @param pwd2 * @param about * @param contact * @return only json */ @RequestMapping(value = "/users/{uid}", method = RequestMethod.PUT, params = { "modifying_type" }) @ResponseBody public String modify(HttpSession session, @PathVariable("uid") long uid, @RequestParam("password") String password, @RequestParam("modifying_type") String type, @RequestParam(value = "pwd1", required = false) String pwd1, @RequestParam(value = "pwd2", required = false) String pwd2, @RequestParam(value = "about", required = false) String about, @RequestParam(value = "contact", required = false) String contact) { AuthorizedUser sau = checkLogin(session); // ??? if (sau.getId() != uid) { throw new SecurityException("????"); } // ???? authService.login(sau.getAccount(), password, null); if (type.equals("password")) { sau.setPassword(pwd1); authService.resetPassword(sau, pwd2); } else if (type.equals("profile")) { sau.setContact(contact); sau.setAbout(about); authService.update(sau); } else { throw new UnsupportedOperationException("????"); } return ViewConstants.JSON_STATUS_OK; } /** * REST API???? * @param model * @param session * @param uid * @param modifying ???false * @return */ @RequestMapping(value = "/users/{uid}", method = RequestMethod.GET) public String profile(Model model, HttpSession session, @PathVariable("uid") long uid, @RequestParam(value = "modifying", required = false) boolean modifying) { AuthorizedUser au = null; // ?html if (modifying) { au = checkLogin(session); Assert.notNull("?????", au); if (au.getId() != uid) { throw new SecurityException("????"); } model.addAttribute("user", au); return Config.APP + "/user_modifying"; } // ?? au = authService.find(uid); Assert.notNull("???", au); model.addAttribute(ViewConstants.AJAX_STATUS, "ok"); model.addAttribute("user", au); return ViewConstants.BAD_REQUEST; } @RequestMapping(value = "/users", method = RequestMethod.GET, params = { "last_uid" }) public String more(Model model, @RequestParam("count") int count, @RequestParam("last_uid") long lastUid) { List<AuthorizedUser> list = authService.more(lastUid, count); model.addAttribute("users", list); return ViewConstants.BAD_REQUEST; } @RequestMapping(value = "/users", method = RequestMethod.GET, params = { "auth" }) public String blockedList(Model model, HttpSession session) { checkAdmin(session); List<AuthorizedUser> users = authService.blocked(); model.addAttribute("users", users); return Config.APP + "/users"; } @RequestMapping(value = "/users/{uid}", method = RequestMethod.PUT, params = { "auth" }) public String auth(Model model, HttpSession session, @PathVariable("uid") long uid) { checkAdmin(session); authService.auth(uid); model.addAttribute(ViewConstants.AJAX_STATUS, "ok"); return ViewConstants.BAD_REQUEST; } @RequestMapping(value = "/users", method = RequestMethod.GET, params = { "latest" }) public String lastedUsers(Model model, @RequestParam("count") int count) { List<AuthorizedUser> users = authService.latest(count); model.addAttribute("users", users); return ViewConstants.BAD_REQUEST; } /** REST API???spring security? */ private AuthorizedUser checkLogin(HttpSession session) { AuthorizedUser user = (AuthorizedUser) session.getAttribute(Config.SESSION_USER); Assert.notNull("?????", user); return user; } /** ?? */ private AuthorizedUser checkAdmin(HttpSession session) { AuthorizedUser user = this.checkLogin(session); if (!user.getType().equals(AccountType.ADMIN)) { throw new SecurityException("?????"); } return user; } }