package com.irs.controller; import java.awt.image.BufferedImage; import java.util.List; import javax.imageio.ImageIO; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringUtils; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.IncorrectCredentialsException; import org.apache.shiro.authc.LockedAccountException; import org.apache.shiro.authc.UnknownAccountException; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.authz.annotation.RequiresPermissions; import org.apache.shiro.subject.Subject; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; import com.google.code.kaptcha.Producer; import com.irs.annotation.SysLog; import com.irs.pojo.Menu; import com.irs.pojo.TbAdmin; import com.irs.pojo.TbMenus; import com.irs.pojo.TbRoles; import com.irs.pojo.XtreeData; import com.irs.service.AdminService; import com.irs.util.RRException; import com.irs.util.ResultUtil; import com.irs.util.ShiroUtils; import com.irs.util.VerifyCode; @Controller @RequestMapping("sys") public class AdminController { @Autowired private AdminService adminServiceImpl; @Autowired private Producer captchaProducer = null; @RequestMapping("/main") public String main() { return "page/main"; } @RequestMapping("/index") public String index(HttpServletRequest req) { TbAdmin admin = (TbAdmin)SecurityUtils.getSubject().getPrincipal(); req.setAttribute("admin", admin); return "redirect:/index.jsp"; } @RequestMapping("/refuse") public String refuse() { return "refuse"; } /** * 管理员登陆 * * @param req * @param username * @param password * @param vcode * @return */ @RequestMapping("/login") @ResponseBody public ResultUtil login(HttpServletRequest req, String username, String password, String vcode) { if(StringUtils.isEmpty(vcode)||StringUtils.isEmpty(username)||StringUtils.isEmpty(password)){ throw new RRException("参数不能为空"); } String kaptcha = ShiroUtils.getKaptcha("kaptcha").toLowerCase(); if(!vcode.toLowerCase().equals(kaptcha)){ return ResultUtil.error("验证码不正确"); } try{ Subject subject = ShiroUtils.getSubject(); //md5加密 //password=DigestUtils.md5DigestAsHex(password.getBytes()); UsernamePasswordToken token = new UsernamePasswordToken(username, password); subject.login(token); }catch (UnknownAccountException e) { return ResultUtil.error(e.getMessage()); }catch (IncorrectCredentialsException e) { return ResultUtil.error(e.getMessage()); }catch (LockedAccountException e) { return ResultUtil.error(e.getMessage()); }catch (AuthenticationException e) { return ResultUtil.error("账户验证失败"); } return ResultUtil.ok(); /*String vCode = req.getSession().getAttribute("vcode").toString().toLowerCase(); if (vcode.toLowerCase().equals(vCode)) { TbAdmin admin = adminServiceImpl.login(username, password); if (admin != null) { // 登陆成功 // 将密码置空 admin.setPassword(""); // 设置用户信息到Session作用域 req.getSession().setAttribute("admin", admin); return new ResultUtil(0); } return new ResultUtil(502, "用户名或密码错误!"); } return new ResultUtil(501, "验证码错误!");*/ } /** * 登出 * @param req * @return */ @RequestMapping(value="/loginOut") public String loginOut(){ ShiroUtils.logout(); return "redirect:/login.jsp"; } /** * 验证码 * * @param req * @param resp * @throws Exception */ @RequestMapping("/vcode") public void vcode(HttpServletRequest req, HttpServletResponse resp) throws Exception { // VerifyCode vc = new VerifyCode(); // BufferedImage image = vc.getImage();// 获取一次性验证码图片 String text = captchaProducer.createText(); BufferedImage image = captchaProducer.createImage(text); // 该方法必须在getImage()方法之后来调用 // System.out.println("验证码图片上的文本:"+vc.getText());//获取图片上的文本 // 把文本保存到session中,为验证做准备 //req.getSession().setAttribute("vcode", vc.getText()); //保存到shiro session ShiroUtils.setSessionAttribute("kaptcha", text); //VerifyCode.output(image, resp.getOutputStream());// 把图片写到指定流中 ImageIO.write(image, "JPEG", resp.getOutputStream()); } /** * 获取用户菜单 * @param req * @param resp * @return */ @RequestMapping(value = "/getMenus", produces = MediaType.APPLICATION_JSON_VALUE + ";charset=utf-8") @ResponseBody public List<Menu> getMenus(HttpServletRequest req, HttpServletResponse resp) { //TbAdmin admin = (TbAdmin) req.getSession().getAttribute("admin"); TbAdmin admin = (TbAdmin)SecurityUtils.getSubject().getPrincipal(); List<Menu> menus = null; if (admin != null) { // 得到用户菜单 menus = adminServiceImpl.selMenus(admin); } return menus; } @RequestMapping("/adminList") public String adminList() { return "page/admin/adminList"; } @RequestMapping("/menuList") public String menuList() { return "page/admin/menuList"; } @RequestMapping("/personalData") public String personalData(HttpServletRequest req) { // TbAdmin admin=(TbAdmin) req.getSession().getAttribute("admin"); TbAdmin admin = (TbAdmin)SecurityUtils.getSubject().getPrincipal(); TbAdmin ad = adminServiceImpl.selAdminById(admin.getId()); List<TbRoles> roles = adminServiceImpl.selRoles(); req.setAttribute("ad",ad); req.setAttribute("roles", roles); return "page/admin/personalData"; } /** * 管理员列表 * @param page * @param limit * @return */ @RequestMapping("/getAdminList") @RequiresPermissions("sys:admin:list") @ResponseBody public ResultUtil getAdminList(Integer page,Integer limit) { ResultUtil admins = adminServiceImpl.selAdmins(page, limit); return admins; } @RequestMapping("/roleList") @RequiresPermissions("sys:role:list") public String roleList() { return "page/admin/roleList"; } /** * 管理员列表 * @param req * @param resp * @return */ @RequestMapping("/getRoleList") @RequiresPermissions("sys:role:list") @ResponseBody public ResultUtil getRoleList(Integer page,Integer limit) { return adminServiceImpl.selRoles(page, limit); } /** * 跳转编辑角色页面 * @param roleId * @param roleName * @param roleRemark * @param req * @return */ @RequestMapping("/editRole") @RequiresPermissions("sys:role:update") public String editRole(String roleId,String roleName,String roleRemark,HttpServletRequest req) { TbRoles role=new TbRoles(); role.setRoleId(Long.parseLong(roleId)); role.setRoleName(roleName); role.setRoleRemark(roleRemark); req.setAttribute("role", role); return "page/admin/editRole"; } /** * 得到指定角色权限树 * @param roleId * @param roleName * @return */ @RequestMapping("/xtreedata") @ResponseBody public List<XtreeData> xtreeData(@RequestParam(value="roleId", defaultValue="-1") Long roleId) { TbAdmin admin=new TbAdmin(); admin.setRoleId(roleId); return adminServiceImpl.selXtreeData1(admin); } /** * 更新角色信息 * @param roles 角色信息 * @param m 权限字符串 */ @SysLog(value="更新角色信息") @RequestMapping("/updRole") @RequiresPermissions("sys:role:update") @ResponseBody public void updRole(TbRoles role,String m) { //角色信息保存 adminServiceImpl.updRole(role, m); } /** * 添加新角色 * @param role * @param m */ @SysLog(value="添加角色信息") @RequestMapping("/insRole") @RequiresPermissions("sys:role:save") @ResponseBody public ResultUtil insRole(TbRoles role,String m) { TbRoles r = adminServiceImpl.selRoleByRoleName(role.getRoleName()); if(r!=null){ return new ResultUtil(500, "角色名已存在,请重试!"); } //角色信息保存 adminServiceImpl.insRole(role, m); return ResultUtil.ok(); } /** * 删除指定角色信息 * @param roleId * @return */ @SysLog(value="删除指定角色信息") @RequestMapping("/delRole/{roleId}") @RequiresPermissions("sys:role:delete") @ResponseBody public ResultUtil delRole(@PathVariable("roleId")Long roleId) { ResultUtil resultUtil=new ResultUtil(); try { adminServiceImpl.delRole(roleId); resultUtil.setCode(0); } catch (Exception e) { resultUtil.setCode(500); e.printStackTrace(); } return resultUtil; } /** * 批量删除指定角色信息 * @param rolesId * @return */ @SysLog(value="批量删除指定角色信息") @RequestMapping("/delRoles/{rolesId}") @RequiresPermissions("sys:role:delete") @ResponseBody public ResultUtil delRoles(@PathVariable("rolesId")String rolesId) { ResultUtil resultUtil=new ResultUtil(); try { adminServiceImpl.delRoles(rolesId); resultUtil.setCode(0); } catch (Exception e) { resultUtil.setCode(500); e.printStackTrace(); } return resultUtil; } @RequestMapping("/addRole") @RequiresPermissions("sys:role:save") public String addRole() { return "page/admin/addRole"; } /** * 角色名唯一性检查 * @param roleName * @return */ @RequestMapping("/checkRoleName/{roleName}") @ResponseBody public ResultUtil checkRoleName(Long roleId, @PathVariable("roleName")String roleName) { TbRoles role = adminServiceImpl.selRoleByRoleName(roleName); if(role==null){ return new ResultUtil(0); }else if(role.getRoleId()==roleId){ return new ResultUtil(0); }else{ return new ResultUtil(500,"角色名已存在!"); } } /** * 通过id删除管理员 * @param id * @return */ @SysLog(value="删除指定管理员") @RequestMapping("/delAdminById/{id}") @RequiresPermissions("sys:admin:delete") @ResponseBody public ResultUtil delAdminById(@PathVariable("id")Long id) { if(id==1){ return ResultUtil.error(); } try { adminServiceImpl.delAdminById(id); return ResultUtil.ok(); } catch (Exception e) { e.printStackTrace(); return ResultUtil.error(); } } /** * 批量删除指定管理员 * @param id * @return */ @SysLog(value="批量删除指定管理员") @RequestMapping("/delAdmins/{adminStr}") @RequiresPermissions("sys:admin:delete") @ResponseBody public ResultUtil delAdmins(HttpServletRequest req,@PathVariable("adminStr")String adminStr) { String[] strs = adminStr.split(","); for (String str : strs) { TbAdmin admin = (TbAdmin)SecurityUtils.getSubject().getPrincipal(); if((admin.getId()==Long.parseLong(str))){ return ResultUtil.error(); } if("1".equals(str)){ return ResultUtil.error(); } } try { adminServiceImpl.delAdmins(adminStr); return ResultUtil.ok(); } catch (Exception e) { e.printStackTrace(); return ResultUtil.error(); } } @RequestMapping("/addAdmin") @RequiresPermissions("sys:admin:save") public String addAdmin(HttpServletRequest req){ List<TbRoles> roles = adminServiceImpl.selRoles(); req.setAttribute("roles", roles); return "page/admin/addAdmin"; } /** * 管理员用户名唯一性检查 * @param roleName * @return */ @RequestMapping("/checkAdminName/{username}") @ResponseBody public ResultUtil checkAdminName(@PathVariable("username")String username) { TbAdmin admin = adminServiceImpl.selAdminByUserName(username); if(admin!=null){ return new ResultUtil(500,"管理员已存在!"); } return new ResultUtil(0); } /** * 菜单名唯一性校验 * @param title * @return */ @RequestMapping("/checkMenuTitle/{title}") @ResponseBody public ResultUtil checkMenuTitle(@PathVariable("title")String title) { TbMenus menu = adminServiceImpl.selMenuByTitle(title); if(menu!=null){ return new ResultUtil(500,"菜单已存在!"); } return new ResultUtil(0); } /** * 增加管理員 * 日期类型会导致数据填充失败,请求没反应 * @param username * @return */ @SysLog(value="添加管理员") @RequestMapping("/insAdmin") @RequiresPermissions("sys:admin:save") @ResponseBody public ResultUtil insAdmin(TbAdmin admin) { //防止浏览器提交 TbAdmin a = adminServiceImpl.selAdminByUserName(admin.getUsername()); if(a!=null){ return new ResultUtil(500, "用户名已存在,请重试!"); } adminServiceImpl.insAdmin(admin); return ResultUtil.ok(); } @RequestMapping("/editAdmin/{id}") @RequiresPermissions("sys:admin:update") public String editAdmin(HttpServletRequest req,@PathVariable("id")Long id) { TbAdmin ad = adminServiceImpl.selAdminById(id); List<TbRoles> roles = adminServiceImpl.selRoles(); req.setAttribute("ad",ad); req.setAttribute("roles", roles); return "page/admin/editAdmin"; } @RequestMapping("/checkAdminByEmail") @ResponseBody public ResultUtil checkAdminByEmail(String eMail,String username) { TbAdmin admin=adminServiceImpl.selAdminByEmail(eMail,username); if(admin!=null){ return new ResultUtil(500,"邮箱已被占用!"); } return new ResultUtil(0); } /** * 更新管理员信息 * @param admin */ @SysLog(value="更新管理员信息") @RequestMapping("/updAdmin") @RequiresPermissions("sys:admin:update") @ResponseBody public ResultUtil updAdmin(TbAdmin admin) { if(admin!=null&&admin.getId()==1){ return ResultUtil.error("不允许修改!"); } try { adminServiceImpl.updAdmin(admin); return ResultUtil.ok(); } catch (Exception e) { e.printStackTrace(); return ResultUtil.error(); } } @RequestMapping("/changePwd") public String changePwd() { return "page/admin/changePwd"; } /** * 修改密码 * @param req * @param oldPwd * @param newPwd * @return */ @SysLog(value="修改密码") @RequestMapping("/updPwd") @ResponseBody public ResultUtil updPwd(HttpServletRequest req,String oldPwd,String newPwd) { TbAdmin user = (TbAdmin)SecurityUtils.getSubject().getPrincipal(); if(user!=null){ //测试账号不支持修改密码 if("test".equals(user.getUsername())){ return ResultUtil.error(); } TbAdmin admin = adminServiceImpl.login(user.getUsername(), oldPwd); if(admin!=null){ admin.setPassword(newPwd); adminServiceImpl.updAdmin1(admin); //修改密码后移除作用域,重新登陆 SecurityUtils.getSubject().logout(); return ResultUtil.ok(); }else{ return new ResultUtil(501,"旧密码错误,请重新填写!"); } } return new ResultUtil(500,"请求错误!"); } @RequestMapping("/druid") @RequiresPermissions("sys:druid:list") public String druid(){ return "redirect:/druid/index.html"; } /** * 获取菜单信息 * @param menu * @return */ @RequestMapping("/menuData") @RequiresPermissions("sys:menu:list") @ResponseBody public ResultUtil menuData(){ List<TbMenus> list=adminServiceImpl.selMenusByParentId(); return ResultUtil.ok(list); } @RequestMapping("/toSaveMenu/{menuId}") @RequiresPermissions("sys:menu:save") public String toSaveMenu(@PathVariable("menuId") Long menuId,Model model){ if(menuId!=null&&menuId!=1){ TbMenus menus=new TbMenus(); menus.setMenuId(menuId); model.addAttribute("menu",menus); model.addAttribute("flag","1"); return "page/admin/menuForm"; }else{ model.addAttribute("msg","不允许操作!"); return "page/active"; } } @RequestMapping("/toEditMenu/{menuId}") @RequiresPermissions("sys:menu:update") public String toEditMenu(@PathVariable("menuId") Long menuId,Model model){ if(menuId!=null&&menuId!=1){ TbMenus menus=adminServiceImpl.selMenuById(menuId); model.addAttribute("menu",menus); return "page/admin/menuForm"; }else if(menuId==1){ model.addAttribute("msg","不允许操作此菜单!"); return "page/active"; }else{ model.addAttribute("msg","不允许操作!"); return "page/active"; } } @RequestMapping("/menuForm") @RequiresPermissions(value={"sys:menu:save","sys:menu:update"}) @ResponseBody public ResultUtil menuForm(TbMenus menus,String flag){ if(StringUtils.isBlank(flag)){ menus.setSpread("false"); adminServiceImpl.updMenu(menus); return ResultUtil.ok("修改成功!"); }else if(menus.getMenuId()!=1){ menus.setParentId(menus.getMenuId()); //规定只能3级菜单 TbMenus m=adminServiceImpl.selMenusById(menus.getMenuId()); if(m!=null&&m.getParentId()!=0){ TbMenus m1=adminServiceImpl.selMenusById(m.getParentId()); if(m1!=null&&m1.getParentId()!=0){ return ResultUtil.error("此菜单不允许添加子菜单!"); } } menus.setMenuId(null); menus.setSpread("false"); adminServiceImpl.insMenu(menus); return ResultUtil.ok("添加成功!"); }else{ return ResultUtil.error("此菜单不允许操作!"); } } //delMenuById @SysLog(value="删除菜单信息") @RequestMapping("/delMenuById/{menuId}") @RequiresPermissions("sys:menu:delete") @ResponseBody public ResultUtil delMenuById(@PathVariable("menuId")Long menuId) { try { if(menuId==1){ return ResultUtil.error("此菜单不允许删除!"); } //查询是否有子菜单,不允许删除 List<TbMenus> data=adminServiceImpl.selMenusById1(menuId); if(data!=null&&data.size()>0){ return ResultUtil.error("包含子菜单,不允许删除!"); } adminServiceImpl.delMenuById(menuId); return ResultUtil.ok("删除成功"); } catch (Exception e) { e.printStackTrace(); return ResultUtil.error("系统错误!"); } } }