一、登录界面(部分)
<div class="container">
    <div class="row">
        <div class="col-md-8 col-md-offset-2">
            <div class="login-panel panel panel-default">
                <div class="panel-heading">
                    <h3 class="panel-title">请登录</h3>
                </div>
                <div class="panel-body">
                    <form role="form" action="${pageContext.request.contextPath}/login" method="post">
                        <fieldset>
                            <div class="form-group">
                                <input class="form-control" placeholder="账户名" name="username" autofocus>
                            </div>
                            <div class="form-group">
                                <input class="form-control" placeholder="密码" name="password" type="password">
                            </div>
                            <div class="checkbox">
                                <label>
                                    <input name="remember" type="checkbox" value="RememberMe">记住我
                                </label>
                            </div>
                            
                            <input type="submit" value="登录" class="btn btn-primary form-control">
                        </fieldset>
                    </form>
                </div>
            </div>
        </div>
    </div>
</div>
二、登陆Controller

@Controller
public class LoginController {
 
    @Resource(name = "userBizImpl")
    UserBiz userBiz;
 
    @RequestMapping("login")
    public String login(HttpServletRequest req, Model model, HttpSession session) {
        String exceptionClassName = (String) req.getAttribute("shiroLoginFailure");
        String error = null;
        //异常处理
        if (UnknownAccountException.class.getName().equals(exceptionClassName)) {
            error = "用户名/密码错误";
        } else if (IncorrectCredentialsException.class.getName().equals(exceptionClassName)) {
            error = "用户名/密码错误";
        } else if (exceptionClassName != null) {
            error = "其他错误:" + exceptionClassName;
        }
 
        //TODO 动态生成页面    
        org.apache.shiro.subject.Subject subject = SecurityUtils.getSubject();
        boolean isAuthenticated = subject.isAuthenticated();
 
        if (isAuthenticated) {
            System.out.println("!");
            String principal = (String) subject.getPrincipal();
            session.setAttribute("username", principal);
            //不同角色对应的页面
            switch (principal) {
                case "admin":
                    return "/admin/main";
                case "teacher":
                    return "/teacher/main";
                case "student":
                    return "/student/main";
                case "supplier":
                    return "redirect:supplier.do/supplier.view";
            }
        }
        
        return "redirect:login.jsp";
    }
 
 
}
三、User控制层实现(部分)

@Service
public class UserBizImpl implements UserBiz {
 
    @Resource
    UserDao userDao;
 
    @Resource
    RoleDao roleDao;
 
    @Resource
    StaffDao staffDao;
 
    @Resource
    private PasswordHelper passwordHelper;
    @Resource(name = "roleBizImpl")
    private RoleBiz roleBiz;
 
    @Override
    public List<UserVo> findAll() throws InvocationTargetException, IllegalAccessException {
        List<UserVo> userVoList = new ArrayList<>();
        List userList = userDao.findAll();
 
 
        Iterator iterator = userList.iterator();
 
        while (iterator.hasNext()) {
            StringBuilder s = new StringBuilder();
            User user = (User) iterator.next();
            List<Long> roleIds = user.getRoleIds();
 
            UserVo userVo = new UserVo();
            BeanUtils.copyProperties(userVo, user);
 
            if (roleIds != null) {
                int i = 0;
                int size = roleIds.size();
                for (; i < size - 1; i++) {
                    Role role = roleDao.findOne(roleIds.get(i));
 
                    s.append(role.getDescription());
                    s.append(",");
                }
                Role role = roleDao.findOne(roleIds.get(i));
                s.append(role.getDescription());
                userVo.setRoleIdsStr(s.toString());
            }
 
 
            userVoList.add(userVo);
 
        }
 
        return userVoList;
    }
    ...
}
四、Role控制层实现(部分)

@Service
public class RoleBizImpl implements RoleBiz {
 
    @Resource
    private RoleDao roleDao;
    @Resource(name = "resourceBizImpl")
    private ResourceBiz resourceBiz;
    
    ...
 
    @Override
    public Set<String> findRoles(Long... roleIds) {
        Set<String> roles = new HashSet<String>();
        for (Long roleId : roleIds) {
            Role role = findOne(roleId);
            if (role != null) {
                roles.add(role.getRole());
            }
        }
        return roles;
    }
 
    @Override
    public Set<String> findPermissions(Long[] roleIds) {
        Set<Long> resourceIds = new HashSet<Long>();
        for (Long roleId : roleIds) {
            Role role = findOne(roleId);
            if (role != null) {
                resourceIds.addAll(role.getResourceIds());
            }
        }
        return resourceBiz.findPermissions(resourceIds);
    }
}
五、教材订购Controller

@Controller
@RequestMapping("orderbook.do")
 
public class OrderBookController {
    @Resource(name = "orderBookBizImpl")
    private OrderBookBiz orderBookBiz;
 
    @RequiresRoles(value = {"admin", "teacher"}, logical = Logical.OR)
    @RequestMapping("orderbook.view")
    public String orderBookView(Model m, HttpSession httpSession) {
        String staffId = (String) httpSession.getAttribute("username");
 
        List<Section> sectionList = orderBookBiz.findSelectedSection(staffId, TermContainer.now());
        int courseCount = sectionList.size();
        m.addAttribute("selectedSectionList", sectionList);
        m.addAttribute("courseCount", courseCount);
        return "/teacher/orderbook";
    }
 
    @RequiresRoles(value = {"admin", "teacher"}, logical = Logical.OR)
    @RequestMapping("orderbook_review.view")
    public String orderBookReviewView(Model m, HttpSession session) {
        
        session.setAttribute("notReviewedBookList", orderBookBiz.findAllNotReviewedBook());
        return "/teacher/orderbook_review";
    }
 
    @RequiresRoles(value = {"admin", "teacher"}, logical = Logical.OR)
    @RequestMapping("orderbook_add.view")
    public String orderBookAddView(Model m) {
        return "/teacher/orderbook_add";
    }
 
    @RequiresRoles(value = {"admin", "teacher"}, logical = Logical.OR)
    @RequestMapping("orderbook_added.view")
    public String orderBookAddedView(Model m, HttpSession session) {
        String staffId = (String) session.getAttribute("username");
        m.addAttribute("addedBookInfoList", orderBookBiz.findAddedBookInfoList(staffId));
        return "/teacher/orderbook_added";
    }
 
    @RequiresRoles(value = {"admin", "teacher"}, logical = Logical.OR)
    @RequestMapping("add")
    public String add(HttpServletRequest request, HttpSession session) {
        Map map = request.getParameterMap();
        OrderBookVo orderBookVo = new OrderBookVo();
        orderBookVo.setStaffId((String) session.getAttribute("username"));
        orderBookVo.setMap(map);
        orderBookBiz.add(orderBookVo);
        return "redirect:/orderbook.do/orderbook.view";
    }
 
    @RequiresRoles(value = {"admin", "teacher"}, logical = Logical.OR)
    @RequestMapping("update")
    @ResponseStatus(value = HttpStatus.OK)
    public void update(@RequestBody ChangedItems changedItems, HttpSession session) {
        orderBookBiz.update(changedItems, (String) session.getAttribute("username"));
    }
 
    @RequiresRoles(value = {"admin", "teacher"}, logical = Logical.OR)
    @RequestMapping("audit")
    public String audit(HttpSession session) {
        List<OrderBookReviewVo> orderBookReviewVoList = (List<OrderBookReviewVo>) session.getAttribute("notReviewedBookList");
        orderBookBiz.audit(orderBookReviewVoList);
        return "redirect:/orderbook.do/orderbook_review.view";
    }
}
六、教材订购控制层实现

@Service
public class OrderBookBizImpl implements OrderBookBiz {
 
    @Resource
    OrderBookDao orderBookDao;
 
    @Resource
    SectionDao sectionDao;
 
    @Resource
    BookDao bookDao;
 
    @Resource
    TakesDao takesDao;
 
    public int ITEMNUM = 8;
 
    @Override
    public List<Section> findSelectedSection(String staffId, String year) {
        return sectionDao.findSelectedSection(staffId, year);
    }
 
    @Transactional
    @Override
    public void add(OrderBookVo orderBookVo) {
        String staffId = orderBookVo.getStaffId();
        Map forms = orderBookVo.getMap();
        Iterator iterator = forms.entrySet().iterator();
 
        while (iterator.hasNext()) {
            Map.Entry<String, String[]> form = (Map.Entry<String, String[]>) iterator.next();
            String[] items = form.getValue();
 
            int bookCount = (items.length - 1) / ITEMNUM;
            int j = 1;
            int secId = Short.valueOf(items[0]);
            for (int i = 0; i < bookCount; i++) {
 
                String bookTitle = items[j++].trim();
                String isbn = items[j++].trim();
                String dataOfPringting = items[j++].trim();
                String author = items[j++].trim();
                String press = items[j++].trim();
                String category = items[j++].trim();
                short unitPrice = 0;
                if (!items[j++].equals("")) {
                    unitPrice = Short.valueOf(items[j - 1]);
                }
                String remark = items[j++].trim();
 
                Book book = new Book();
                book.setBookTitle(bookTitle);
                book.setIsbn(isbn);
                book.setDateOfPrinting(dataOfPringting);
                book.setAuthor(author);
                book.setPress(press);
                book.setCategory(category);
                book.setUnitPrice(unitPrice);
 
                OrderBook orderBook = new OrderBook();
                orderBook.setIsbn(isbn);
                orderBook.setBookTitle(bookTitle);
                orderBook.setStaffId(staffId);
                orderBook.setRemark(remark);
                orderBook.setSecId(secId);
                orderBook.setApproval(false);
 
                orderBookDao.add(orderBook);
                if (bookDao.find(bookTitle, isbn) == null)
                    bookDao.add(book);
 
            }
        }
 
    }
 
    @Override
    public List<AddedBookVo> findAddedBookInfoList(String staffId) {
        return orderBookDao.findAddedBookInfoList(staffId);
    }
 
    @Transactional
    @Override
    public void update(ChangedItems changedItems, String staffId) {
        boolean usedByOtherSec = false;
        int secId = changedItems.getSecID();
        List<ChangedItems.AlterItem> alterItemList = changedItems.getAlterItemList();
 
 
        String bookTitle;
        String isbn;
        Iterator iterator = alterItemList.iterator();
        while (iterator.hasNext()) {
            ChangedItems.AlterItem alterItem = (ChangedItems.AlterItem) iterator.next();
 
            bookTitle = alterItem.getBookTitle();
            isbn = alterItem.getIsbn();
 
            if (orderBookDao.usedByOtherSec(bookTitle, isbn, secId) == 1) {
                usedByOtherSec = true;
            }
 
            String newBookTitle = alterItem.getNewBookTitle();
            String newIsbn = alterItem.getNewIsbn();
            String newDateOfPrinting = alterItem.getNewDateOfPrinting();
            String newAuthor = alterItem.getNewAuthor();
            String newPress = alterItem.getNewPress();
            String newCategory = alterItem.getNewCategory();
            String temp = alterItem.getNewUnitPrice();
            String newRemark = alterItem.getNewRemark();
            short newUnitPrice = 0;
 
            if (!temp.equals("")) {
                newUnitPrice = Short.valueOf(temp);
            }
            Book book = new Book();
            book.setBookTitle(newBookTitle);
            book.setIsbn(newIsbn);
            book.setDateOfPrinting(newDateOfPrinting);
            book.setAuthor(newAuthor);
            book.setPress(newPress);
            book.setCategory(newCategory);
            book.setUnitPrice(newUnitPrice);
            if (!usedByOtherSec)
                bookDao.delete(bookTitle, isbn);
            //判断图书存在
            if (bookDao.find(newBookTitle, newIsbn) == null)
                bookDao.add(book);
            orderBookDao.delete(secId, bookTitle, isbn);
            OrderBook orderBook = new OrderBook();
            orderBook.setSecId(secId);
            orderBook.setStaffId(staffId);
            orderBook.setIsbn(newIsbn);
            orderBook.setBookTitle(newBookTitle);
            orderBook.setRemark(newRemark);
            orderBookDao.add(orderBook);
 
        }
        List<ChangedItems.DeleteItem> deleteItemList = changedItems.getDeleteItemList();
        iterator = deleteItemList.iterator();
        while (iterator.hasNext()) {
            ChangedItems.DeleteItem deleteItem = (ChangedItems.DeleteItem) iterator.next();
            isbn = deleteItem.getIsbn();
            bookTitle = deleteItem.getBookTitle();
 
            orderBookDao.delete(secId, bookTitle, isbn);
            if (!usedByOtherSec)
                bookDao.delete(bookTitle, isbn);
        }
 
    }
 
    @Override
    public void audit(List<OrderBookReviewVo> orderBookReviewVoList) {
        Iterator iterator = orderBookReviewVoList.iterator();
        while (iterator.hasNext()) {
            OrderBookReviewVo orderBookReviewVo = (OrderBookReviewVo) iterator.next();
            int secId = orderBookReviewVo.getSecId();
            String bookTitle = orderBookReviewVo.getBookTitle();
            String isbn = orderBookReviewVo.getIsbn();
            orderBookDao.audit(secId, bookTitle, isbn);
        }
    }
 
    @Override
    public List<OrderBookReviewVo> findAllNotReviewedBook() {
        List<OrderBookReviewVo> orderBookReviewVoList = orderBookDao.findAllNotReviewedBook();
        Iterator iterator = orderBookReviewVoList.iterator();
        while (iterator.hasNext()) {
            OrderBookReviewVo temp = (OrderBookReviewVo) iterator.next();
            int secId = temp.getSecId();
            int stdCount = takesDao.getStdCountInSection(secId);
            temp.setStdCount(stdCount);
        }
 
        return orderBookReviewVoList;
    }
 
}