Merge branch '2.3-SNAPSHOT'

5050dc0c · 黄勇 · 4881000a · 03dc79a1 · 5050dc0c · 5050dc0c
40 changed file
--- a/doc/sample.sql
+++ b/doc/sample.sql
@@ -13,6 +13,7 @@ CREATE TABLE `user` (
 -- Records of user
 -- ----------------------------
 INSERT INTO `user` VALUES ('1', 'admin', '$shiro1$SHA-256$500000$vEgQXP9//FEW/4AKvslZkQ==$5G2JPj8umTRl9rf7zc7t9V2ke7a2sgNPGIlqJyqh/EE=');
+INSERT INTO `user` VALUES ('2', 'user1', '$shiro1$SHA-256$500000$O9SQvpVkb1QV9PDqxGK0iw==$zeTa7vzTiluSlfUGfJihHvyAsE7Kd1nCIM/pyc9N0W8=');

 -- ----------------------------
 -- Table structure for product
@@ -65,7 +66,7 @@ INSERT INTO `product_type` VALUES ('2', 'Tablet Computer', '平板电脑');
 -- ----------------------------
 -- Table structure for log
 -- ----------------------------
-
+DROP TABLE IF EXISTS `log`;
 CREATE TABLE `log` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT,
  `date` char(10) DEFAULT NULL,
@@ -73,3 +74,74 @@ CREATE TABLE `log` (
  `description` text,
  PRIMARY KEY (`id`)
 ) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;
+
+-- ----------------------------
+-- Table structure for role
+-- ----------------------------
+DROP TABLE IF EXISTS `role`;
+CREATE TABLE `role` (
+  `id` bigint(20) NOT NULL AUTO_INCREMENT,
+  `role_name` varchar(255) DEFAULT NULL,
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8;
+
+-- ----------------------------
+-- Records of role
+-- ----------------------------
+INSERT INTO `role` VALUES ('1', 'admin');
+INSERT INTO `role` VALUES ('2', 'user');
+
+-- ----------------------------
+-- Table structure for permission
+-- ----------------------------
+DROP TABLE IF EXISTS `permission`;
+CREATE TABLE `permission` (
+  `id` bigint(20) NOT NULL AUTO_INCREMENT,
+  `permission_name` varchar(255) DEFAULT NULL,
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=utf8;
+
+-- ----------------------------
+-- Records of permission
+-- ----------------------------
+INSERT INTO `permission` VALUES ('1', 'product.view');
+INSERT INTO `permission` VALUES ('2', 'product.create');
+INSERT INTO `permission` VALUES ('3', 'product.edit');
+INSERT INTO `permission` VALUES ('4', 'product.delete');
+
+-- ----------------------------
+-- Table structure for user_role
+-- ----------------------------
+DROP TABLE IF EXISTS `user_role`;
+CREATE TABLE `user_role` (
+  `id` bigint(20) NOT NULL AUTO_INCREMENT,
+  `user_id` bigint(20) DEFAULT NULL,
+  `role_id` bigint(20) DEFAULT NULL,
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8;
+
+-- ----------------------------
+-- Records of user_role
+-- ----------------------------
+INSERT INTO `user_role` VALUES ('1', '1', '1');
+INSERT INTO `user_role` VALUES ('2', '2', '2');
+
+-- ----------------------------
+-- Table structure for role_permission
+-- ----------------------------
+DROP TABLE IF EXISTS `role_permission`;
+CREATE TABLE `role_permission` (
+  `id` bigint(20) NOT NULL AUTO_INCREMENT,
+  `role_id` bigint(20) DEFAULT NULL,
+  `permission_id` bigint(20) DEFAULT NULL,
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=6 DEFAULT CHARSET=utf8;
+
+-- ----------------------------
+-- Records of role_permission
+-- ----------------------------
+INSERT INTO `role_permission` VALUES ('1', '1', '1');
+INSERT INTO `role_permission` VALUES ('2', '1', '2');
+INSERT INTO `role_permission` VALUES ('3', '1', '3');
+INSERT INTO `role_permission` VALUES ('4', '1', '4');
+INSERT INTO `role_permission` VALUES ('5', '2', '1');
\ No newline at end of file
--- a/pom.xml
+++ b/pom.xml
@@ -12,7 +12,18 @@

    <properties>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <smart.version>2.2</smart.version>
+        <junit.version>4.11</junit.version>
+        <servlet.version>3.0.1</servlet.version>
+        <jsp.version>2.2</jsp.version>
+        <jstl.version>1.2</jstl.version>
+        <mysql.version>5.1.25</mysql.version>
+        <smart-framework.version>2.3</smart-framework.version>
+        <smart-plugin-i18n.version>1.0</smart-plugin-i18n.version>
+        <smart-plugin-security.version>1.0</smart-plugin-security.version>
+        <smart-plugin-cache.version>1.0</smart-plugin-cache.version>
+        <smart-plugin-soap.version>1.0</smart-plugin-soap.version>
+        <smart-plugin-rest.version>1.0</smart-plugin-rest.version>
+        <smart-plugin-druid.version>1.0</smart-plugin-druid.version>
    </properties>

    <dependencies>
@@ -20,60 +31,72 @@
        <dependency>
            <groupId>junit</groupId>
            <artifactId>junit</artifactId>
-            <version>4.11</version>
+            <version>${junit.version}</version>
            <scope>test</scope>
        </dependency>
        <!-- Servlet -->
        <dependency>
            <groupId>javax.servlet</groupId>
            <artifactId>javax.servlet-api</artifactId>
-            <version>3.0.1</version>
+            <version>${servlet.version}</version>
+            <scope>provided</scope>
+        </dependency>
+        <!-- JSP -->
+        <dependency>
+            <groupId>javax.servlet.jsp</groupId>
+            <artifactId>jsp-api</artifactId>
+            <version>${jsp.version}</version>
            <scope>provided</scope>
        </dependency>
        <!-- JSTL -->
        <dependency>
            <groupId>javax.servlet</groupId>
            <artifactId>jstl</artifactId>
-            <version>1.2</version>
+            <version>${jstl.version}</version>
            <scope>runtime</scope>
        </dependency>
        <!-- MySQL -->
        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
-            <version>5.1.25</version>
+            <version>${mysql.version}</version>
            <scope>runtime</scope>
        </dependency>
        <!-- Smart -->
        <dependency>
            <groupId>org.smart4j</groupId>
            <artifactId>smart-framework</artifactId>
-            <version>${smart.version}</version>
+            <version>${smart-framework.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.smart4j</groupId>
+            <artifactId>smart-plugin-i18n</artifactId>
+            <version>${smart-plugin-i18n.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.smart4j</groupId>
+            <artifactId>smart-plugin-security</artifactId>
+            <version>${smart-plugin-security.version}</version>
        </dependency>
        <dependency>
            <groupId>org.smart4j</groupId>
-            <artifactId>smart-security</artifactId>
-            <version>${smart.version}</version>
+            <artifactId>smart-plugin-cache</artifactId>
+            <version>${smart-plugin-cache.version}</version>
        </dependency>
-		<dependency>
-		    <groupId>org.smart4j</groupId>
-		    <artifactId>smart-plugin-cache</artifactId>
-            <version>${smart.version}</version>
-		</dependency>
        <dependency>
            <groupId>org.smart4j</groupId>
            <artifactId>smart-plugin-soap</artifactId>
-            <version>${smart.version}</version>
+            <version>${smart-plugin-soap.version}</version>
        </dependency>
        <dependency>
            <groupId>org.smart4j</groupId>
            <artifactId>smart-plugin-rest</artifactId>
-            <version>${smart.version}</version>
+            <version>${smart-plugin-rest.version}</version>
        </dependency>
        <dependency>
            <groupId>org.smart4j</groupId>
-            <artifactId>smart-plugin-i18n</artifactId>
-            <version>${smart.version}</version>
+            <artifactId>smart-plugin-druid</artifactId>
+            <version>${smart-plugin-druid.version}</version>
        </dependency>
    </dependencies>

@@ -116,17 +139,4 @@
        </plugins>
    </build>

-    <repositories>
-        <!-- OSC Public -->
-        <repository>
-            <id>osc</id>
-            <url>http://maven.oschina.net/content/groups/public/</url>
-        </repository>
-        <!-- OSC Thirdparty -->
-        <repository>
-            <id>osc_thirdparty</id>
-            <url>http://maven.oschina.net/content/repositories/thirdparty/</url>
-        </repository>
-    </repositories>
-
 </project>
\ No newline at end of file
--- a/src/main/java/org/smart4j/sample/Constant.java
+++ b/src/main/java/org/smart4j/sample/Constant.java
@@ -9,5 +9,5 @@ public interface Constant {
    String PAGE_NUMBER = "pageNumber";
    String PAGE_SIZE = "pageSize";

-    String UPLOAD_PATH = ConfigHelper.getConfigString("sample.upload_path");
+    String UPLOAD_PATH = ConfigHelper.getString("sample.upload_path");
 }
--- a/src/main/java/org/smart4j/sample/SmartSecurity.java
+++ b/src/main/java/org/smart4j/sample/SmartSecurity.java
 package org.smart4j.sample;

+import java.util.LinkedHashSet;
+import java.util.List;
 import java.util.Set;
 import org.smart4j.framework.dao.DatabaseHelper;
-import org.smart4j.security.ISmartSecurity;
+import org.smart4j.plugin.security.SmartSecurity;

-public class SmartSecurity implements ISmartSecurity {
+public class CustomSmartSecurity implements SmartSecurity {

    @Override
    public String getPassword(String username) {
@@ -14,13 +16,15 @@ public class SmartSecurity implements ISmartSecurity {

    @Override
    public Set<String> getRoleNameSet(String username) {
-        String sql = "select r.role_name from user u, user_role ur, role r where u.id = ur.user_id and r.id = ur.role_id and u.username = ?";
-        return DatabaseHelper.queryColumnSet(sql, username);
+        String sql = "select distinct r.role_name from user u, user_role ur, role r where u.id = ur.user_id and r.id = ur.role_id and u.username = ?";
+        List<String> list = DatabaseHelper.queryColumnList(sql, username);
+        return new LinkedHashSet<String>(list);
    }

    @Override
-    public Set<String> getPermNameSet(String roleName) {
-        String sql = "select p.permission_name from role r, role_permission rp, permission p where r.id = rp.role_id and p.id = rp.permission_id and r.role_name = ?";
-        return DatabaseHelper.queryColumnSet(sql, roleName);
+    public Set<String> getPermissionNameSet(String roleName) {
+        String sql = "select distinct p.permission_name from role r, role_permission rp, permission p where r.id = rp.role_id and p.id = rp.permission_id and r.role_name = ?";
+        List<String> list = DatabaseHelper.queryColumnList(sql, roleName);
+        return new LinkedHashSet<String>(list);
    }
 }
--- a/src/main/java/org/smart4j/sample/action/ProductAction.java
+++ b/src/main/java/org/smart4j/sample/action/ProductAction.java
@@ -13,6 +13,7 @@ import org.smart4j.framework.mvc.bean.Params;
 import org.smart4j.framework.mvc.bean.Result;
 import org.smart4j.framework.mvc.bean.View;
 import org.smart4j.framework.util.WebUtil;
+import org.smart4j.plugin.security.annotation.HasPermissions;
 import org.smart4j.sample.Constant;
 import org.smart4j.sample.Tool;
 import org.smart4j.sample.bean.ProductBean;
@@ -48,6 +49,7 @@ public class ProductAction {
            .data("productBeanPager", productBeanPager);
    }

+    @HasPermissions("product.create")
    @Request.Get("/product/create")
    public View create() {
        List<ProductType> productTypeList = productService.getProductTypeList();

--- a/src/main/java/org/smart4j/sample/action/SystemAction.java
+++ b/src/main/java/org/smart4j/sample/action/SystemAction.java
@@ -6,10 +6,11 @@ import org.smart4j.framework.mvc.annotation.Request;
 import org.smart4j.framework.mvc.bean.Params;
 import org.smart4j.framework.mvc.bean.Result;
 import org.smart4j.framework.mvc.bean.View;
+import org.smart4j.framework.util.StringUtil;
 import org.smart4j.framework.util.WebUtil;
+import org.smart4j.plugin.security.SecurityHelper;
+import org.smart4j.plugin.security.fault.LoginException;
 import org.smart4j.sample.Constant;
-import org.smart4j.security.SmartSecurityHelper;
-import org.smart4j.security.exception.LoginException;

 @Action
 public class SystemAction {
@@ -32,12 +33,12 @@ public class SystemAction {
        String captcha = params.getString("captcha");

        String sessionCaptcha = DataContext.Session.get(Constant.CAPTCHA);
-        if (!sessionCaptcha.equals(captcha)) {
+        if (StringUtil.isNotEmpty(sessionCaptcha) && !sessionCaptcha.equals(captcha)) {
            return new Result(false).data("captcha_error");
        }

        try {
-            SmartSecurityHelper.login(username, password, false);
+            SecurityHelper.login(username, password, false);
        } catch (LoginException e) {
            return new Result(false);
        }
@@ -47,7 +48,7 @@ public class SystemAction {

    @Request.Get("/logout")
    public Result logout() {
-        SmartSecurityHelper.logout();
+        SecurityHelper.logout();
        return new Result(true);
    }
 }
--- a/src/main/java/org/smart4j/sample/action/UserAction.java
+++ b/src/main/java/org/smart4j/sample/action/UserAction.java
+package org.smart4j.sample.action;
+
+import java.util.List;
+import org.smart4j.framework.ioc.annotation.Inject;
+import org.smart4j.framework.mvc.DataContext;
+import org.smart4j.framework.mvc.annotation.Action;
+import org.smart4j.framework.mvc.annotation.Request;
+import org.smart4j.framework.mvc.bean.View;
+import org.smart4j.sample.entity.User;
+import org.smart4j.sample.service.UserService;
+
+@Action
+public class UserAction {
+
+    @Inject
+    private UserService userService;
+
+    @Request.Get("/user")
+    public View index() {
+        List<User> userList = userService.getUserList();
+        DataContext.Request.put("userList", userList);
+        return new View("user.jsp");
+    }
+
+    @Request.Post("/user")
+    public View save() {
+        return new View("user.jsp");
+    }
+
+    @Request.Get("/user/{id}")
+    public View edit() {
+        return new View("user_edit.jsp");
+    }
+
+    @Request.Put("/user/{id}")
+    public View update() {
+        return new View("user.jsp");
+    }
+
+    @Request.Delete("/user/{id}")
+    public View delete() {
+        return new View("user.jsp");
+    }
+}
--- a/src/main/java/org/smart4j/sample/aspect/ActionAspect.java
+++ b/src/main/java/org/smart4j/sample/aspect/ActionAspect.java
@@ -16,17 +16,13 @@ public class ActionAspect extends AspectProxy {

    @Override
    public void before(Class<?> cls, Method method, Object[] params) throws Throwable {
-        if (logger.isDebugEnabled()) {
-            logger.debug("---------- begin ----------");
-        }
+        logger.debug("---------- begin ----------");
        begin = System.currentTimeMillis();
    }

    @Override
    public void after(Class<?> cls, Method method, Object[] params, Object result) throws Throwable {
        logger.info("time: " + (System.currentTimeMillis() - begin) + "ms");
-        if (logger.isDebugEnabled()) {
-            logger.debug("----------- end -----------");
-        }
+        logger.debug("----------- end -----------");
    }
 }
--- a/src/main/java/org/smart4j/sample/entity/Log.java
+++ b/src/main/java/org/smart4j/sample/entity/Log.java
 package org.smart4j.sample.entity;

-import org.smart4j.framework.orm.BaseEntity;
+import org.smart4j.framework.orm.annotation.Entity;

-public class Log extends BaseEntity {
+@Entity
+public class Log {

    private long id;


--- a/src/main/java/org/smart4j/sample/entity/Product.java
+++ b/src/main/java/org/smart4j/sample/entity/Product.java
 package org.smart4j.sample.entity;

-import org.smart4j.framework.orm.BaseEntity;
+import org.smart4j.framework.orm.annotation.Entity;

-public class Product extends BaseEntity {
+@Entity
+public class Product {

    private long id;


--- a/src/main/java/org/smart4j/sample/entity/ProductType.java
+++ b/src/main/java/org/smart4j/sample/entity/ProductType.java
 package org.smart4j.sample.entity;

-import org.smart4j.framework.orm.BaseEntity;
+import org.smart4j.framework.orm.annotation.Entity;

-public class ProductType extends BaseEntity {
+@Entity
+public class ProductType {

    private long id;


--- a/src/main/java/org/smart4j/sample/entity/User.java
+++ b/src/main/java/org/smart4j/sample/entity/User.java
 package org.smart4j.sample.entity;

-import org.smart4j.framework.orm.BaseEntity;
+import org.smart4j.framework.orm.annotation.Entity;

-public class User extends BaseEntity {
+@Entity
+public class User {

    private long id;


--- a/src/main/java/org/smart4j/sample/rest/ProductService.java
+++ b/src/main/java/org/smart4j/sample/rest/ProductService.java
@@ -11,14 +11,14 @@ import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
-import org.smart4j.framework.dao.DataSet;
+import org.smart4j.framework.orm.DataSet;
 import org.smart4j.framework.tx.annotation.Service;
 import org.smart4j.framework.tx.annotation.Transaction;
 import org.smart4j.plugin.rest.Rest;
 import org.smart4j.sample.entity.Product;

 @Service
-@Rest("/rest/ProductService")
+@Rest("/product")
 @Consumes(MediaType.APPLICATION_JSON)
 @Produces(MediaType.APPLICATION_JSON)
 public class ProductService {
@@ -26,7 +26,7 @@ public class ProductService {
    @GET
    @Path("/products")
    public List<Product> getProductList() {
-        return DataSet.selectList(Product.class, "", "id asc");
+        return DataSet.selectListWithSort(Product.class, "id asc");
    }

    @GET

--- a/src/main/java/org/smart4j/sample/service/UserService.java
+++ b/src/main/java/org/smart4j/sample/service/UserService.java
 package org.smart4j.sample.service;

+import java.util.List;
+import org.smart4j.sample.entity.User;
+
 public interface UserService {

    void login(String username, String password);
+
+    List<User> getUserList();
 }
--- a/src/main/java/org/smart4j/sample/service/impl/LogServiceImpl.java
+++ b/src/main/java/org/smart4j/sample/service/impl/LogServiceImpl.java
 package org.smart4j.sample.service.impl;

-import org.smart4j.framework.dao.DataSet;
+import org.smart4j.framework.orm.DataSet;
 import org.smart4j.framework.tx.annotation.Service;
 import org.smart4j.framework.tx.annotation.Transaction;
 import org.smart4j.framework.util.DateUtil;

--- a/src/main/java/org/smart4j/sample/service/impl/ProductServiceImpl.java
+++ b/src/main/java/org/smart4j/sample/service/impl/ProductServiceImpl.java
@@ -3,11 +3,11 @@ package org.smart4j.sample.service.impl;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
-import org.smart4j.framework.dao.DataSet;
 import org.smart4j.framework.dao.bean.Pager;
 import org.smart4j.framework.ioc.annotation.Inject;
 import org.smart4j.framework.mvc.UploadHelper;
 import org.smart4j.framework.mvc.bean.Multipart;
+import org.smart4j.framework.orm.DataSet;
 import org.smart4j.framework.tx.annotation.Service;
 import org.smart4j.framework.tx.annotation.Transaction;
 import org.smart4j.sample.Tool;
@@ -85,7 +85,7 @@ public class ProductServiceImpl implements ProductService {
        long count = DataSet.selectCount(Product.class, condition, params);
        List<ProductBean> productBeanList = new ArrayList<ProductBean>();
        List<Product> productList = DataSet.selectListForPager(pageNumber, pageSize, Product.class, condition, sort, params);
-        Map<Long, ProductType> productTypeMap = DataSet.selectMap(ProductType.class, "");
+        Map<Long, ProductType> productTypeMap = DataSet.selectMap(ProductType.class);
        for (Product product : productList) {
            ProductType productType = productTypeMap.get(product.getProductTypeId());
            if (productType != null) {
@@ -97,6 +97,6 @@ public class ProductServiceImpl implements ProductService {

    @Override
    public List<ProductType> getProductTypeList() {
-        return DataSet.selectList(ProductType.class, "", "");
+        return DataSet.selectList(ProductType.class);
    }
 }
--- a/src/main/java/org/smart4j/sample/service/impl/UserServiceImpl.java
+++ b/src/main/java/org/smart4j/sample/service/impl/UserServiceImpl.java
 package org.smart4j.sample.service.impl;

+import java.util.List;
+import org.smart4j.framework.orm.DataSet;
 import org.smart4j.framework.tx.annotation.Service;
+import org.smart4j.plugin.security.SecurityHelper;
+import org.smart4j.sample.entity.User;
 import org.smart4j.sample.service.UserService;
-import org.smart4j.security.SmartSecurityHelper;

 @Service
 public class UserServiceImpl implements UserService {

    @Override
    public void login(String username, String password) {
-        SmartSecurityHelper.login(username, password, false);
+        SecurityHelper.login(username, password, false);
+    }
+
+    @Override
+    public List<User> getUserList() {
+        return DataSet.selectList(User.class);
    }
 }
--- a/src/main/java/org/smart4j/sample/soap/ProductService.java
+++ b/src/main/java/org/smart4j/sample/soap/ProductService.java
@@ -7,7 +7,7 @@ import org.smart4j.plugin.soap.Soap;
 import org.smart4j.sample.entity.Product;
 import org.smart4j.sample.soap.adapter.StringObjectMapAdapter;

-@Soap("/soap/ProductService")
+@Soap("/product")
 public interface ProductService {

    List<Product> getProductList();

--- a/src/main/java/org/smart4j/sample/soap/impl/ProductServiceImpl.java
+++ b/src/main/java/org/smart4j/sample/soap/impl/ProductServiceImpl.java
@@ -2,7 +2,7 @@ package org.smart4j.sample.soap.impl;

 import java.util.List;
 import java.util.Map;
-import org.smart4j.framework.dao.DataSet;
+import org.smart4j.framework.orm.DataSet;
 import org.smart4j.framework.tx.annotation.Service;
 import org.smart4j.framework.tx.annotation.Transaction;
 import org.smart4j.sample.entity.Product;
@@ -13,7 +13,7 @@ public class ProductServiceImpl implements ProductService {

    @Override
    public List<Product> getProductList() {
-        return DataSet.selectList(Product.class, "", "id asc");
+        return DataSet.selectListWithSort(Product.class, "id asc");
    }

    @Override

--- a/src/main/resources/i18n/i18n_en_US.properties
+++ b/src/main/resources/i18n/i18n_en_US.properties
 common.title=Smart Sample
 common.copyright=Copyright \u00A9 2013
+common.user=User
 common.logout=Logout
 common.logout_confirm=Do you want to logout system?
 common.action=Action
@@ -23,6 +24,7 @@ common.captcha.change=Change a new Captcha
 common.captcha.error=Captcha error!

 error.page=Error Page
+error.page.403=Access to the specified resource has been forbidden!
 error.page.404=The requested resource is not available!
 error.page.500=Internal server error!

@@ -33,7 +35,7 @@ login.failure=Login failure!

 product=Product
 product.product_list=Product List
-product.new_product=New Product
+product.create_product=Create Product
 product.view_product=View Product
 product.edit_product=Edit Product
 product.product_type=Product Type
@@ -42,4 +44,9 @@ product.code=Product Code
 product.price=Price
 product.description=Description
 product.picture=Picture
-product.delete_confirm=Do you want to delete product {0}?
\ No newline at end of file
+product.delete_confirm=Do you want to delete product {0}?
+
+user=User
+user.user_list=User List
+user.create_user=Create User
+user.username=Username
\ No newline at end of file
--- a/src/main/resources/i18n/i18n_zh_CN.properties
+++ b/src/main/resources/i18n/i18n_zh_CN.properties
 common.title=Smart \u793A\u4F8B
 common.copyright=\u7248\u6743\u6240\u6709 \u00A9 2013
+common.user=\u7528\u6237
 common.logout=\u6CE8\u9500
 common.logout_confirm=\u4F60\u60F3\u6CE8\u9500\u7CFB\u7EDF\u5417\uFF1F
 common.action=\u64CD\u4F5C
@@ -23,6 +24,7 @@ common.captcha.change=\u6362\u4E00\u4E2A\u65B0\u7684\u9A8C\u8BC1\u7801
 common.captcha.error=\u9A8C\u8BC1\u7801\u9519\u8BEF\uFF01

 error.page=\u9519\u8BEF\u9875\u9762
+error.page.403=\u7981\u6B62\u8BBF\u95EE\u6307\u5B9A\u7684\u8D44\u6E90\uFF01
 error.page.404=\u8BF7\u6C42\u7684\u8D44\u6E90\u4E0D\u53EF\u7528\uFF01
 error.page.500=\u5185\u90E8\u670D\u52A1\u5668\u9519\u8BEF\uFF01

@@ -33,7 +35,7 @@ login.failure=\u767B\u5F55\u5931\u8D25\uFF01

 product=\u4EA7\u54C1
 product.product_list=\u4EA7\u54C1\u5217\u8868
-product.new_product=\u65B0\u589E\u4EA7\u54C1
+product.create_product=\u521B\u5EFA\u4EA7\u54C1
 product.view_product=\u67E5\u770B\u4EA7\u54C1
 product.edit_product=\u7F16\u8F91\u4EA7\u54C1
 product.product_type=\u4EA7\u54C1\u7C7B\u578B
@@ -42,4 +44,9 @@ product.code=\u4EA7\u54C1\u7F16\u53F7
 product.price=\u4EF7\u683C
 product.description=\u63CF\u8FF0
 product.picture=\u56FE\u7247
-product.delete_confirm=\u4F60\u786E\u5B9A\u5220\u9664\u4EA7\u54C1 {0} \u5417\uFF1F
\ No newline at end of file
+product.delete_confirm=\u4F60\u786E\u5B9A\u5220\u9664\u4EA7\u54C1 {0} \u5417\uFF1F
+
+user=\u7528\u6237
+user.user_list=\u7528\u6237\u5217\u8868
+user.create_user=\u521B\u5EFA\u7528\u6237
+user.username=\u7528\u6237\u540D
\ No newline at end of file
--- a/src/main/resources/log4j.properties
+++ b/src/main/resources/log4j.properties
@@ -12,6 +12,7 @@ log4j.appender.file.encoding=UTF-8
 log4j.appender.file.layout=org.apache.log4j.PatternLayout
 log4j.appender.file.layout.ConversionPattern=%d{HH:mm:ss,SSS} %p %c (%L) - %m%n

+log4j.logger.org.apache=ERROR
 log4j.logger.org.smart4j.framework=DEBUG
 log4j.logger.org.smart4j.plugin=DEBUG
 log4j.logger.org.smart4j.sample=DEBUG
--- a/src/main/resources/shiro.ini
+++ b/src/main/resources/shiro.ini
 [main]
-authc.loginUrl = /login
+authc.loginUrl=/login

 [urls]
-/ = anon
-/product/** = authc
\ No newline at end of file
+/=anon
+/product/**=authc
+/user/**=authc
\ No newline at end of file
--- a/src/main/resources/smart.properties
+++ b/src/main/resources/smart.properties
-app.package=org.smart4j.sample
-app.home_page=/login
+smart.framework.app.base_package=org.smart4j.sample
+smart.framework.app.home_page=/login

-jdbc.type=mysql
-jdbc.driver=com.mysql.jdbc.Driver
-jdbc.url=jdbc:mysql://localhost:3306/sample
-jdbc.username=root
-jdbc.password=root
+#smart.framework.custom.ds_factory=org.smart4j.plugin.c3p0.C3P0DataSourceFactory
+smart.framework.custom.ds_factory=org.smart4j.plugin.druid.DruidDataSourceFactory

-i18n.reloadable=true
+smart.framework.jdbc.type=mysql
+smart.framework.jdbc.driver=com.mysql.jdbc.Driver
+smart.framework.jdbc.url=jdbc:mysql://localhost:3306/sample
+smart.framework.jdbc.username=root
+smart.framework.jdbc.password=root

-security.realms=custom
-security.custom.class=org.smart4j.sample.SmartSecurity
-security.cache=true
+smart.plugin.i18n.reloadable=true
+
+smart.security.realms=custom
+smart.security.custom.class=org.smart4j.sample.CustomSmartSecurity
+smart.security.cache=true

 sample.upload_path=/www/upload/
\ No newline at end of file
--- a/src/main/webapp/WEB-INF/jsp/common/header.jsp
+++ b/src/main/webapp/WEB-INF/jsp/common/header.jsp
 <%@ page pageEncoding="UTF-8" %>
+<%@ taglib prefix="security" uri="/security" %>

 <div id="header">
-    <div id="logo">
+    <div class="logo">
        <a href="${BASE}/"><f:message key="common.title"/></a>
    </div>
-    <div id="menu">
+    <div class="menu">
        <a href="${BASE}/product"><f:message key="product"/></a>
+        <a href="${BASE}/user"><f:message key="user"/></a>
    </div>
-    <div id="oper">
+    <div class="oper">
+        <span><f:message key="common.user"/>: <security:principal/></span>
        <button type="button" id="logout"><f:message key="common.logout"/></button>
    </div>
 </div>
\ No newline at end of file
--- a/src/main/webapp/WEB-INF/jsp/error/403.jsp
+++ b/src/main/webapp/WEB-INF/jsp/error/403.jsp
+<%@ page pageEncoding="UTF-8" %>
+<%@ include file="../common/global.jsp" %>
+
+<!DOCTYPE html>
+<html>
+<head>
+    <%@ include file="../common/meta.jsp" %>
+    <title><f:message key="common.title"/> - <f:message key="error.page"/></title>
+    <%@ include file="../common/style.jsp" %>
+</head>
+<body>
+
+<div id="header">
+    <div class="logo">
+        <a href="${BASE}/"><f:message key="common.title"/></a>
+    </div>
+</div>
+
+<div id="content">
+    <div id="main">
+        <h3>403 - <f:message key="error.page.403"/></h3>
+        <a href="javascript:history.back();"><f:message key="common.back"/></a>
+    </div>
+</div>
+
+<%@ include file="../common/footer.jsp" %>
+
+<%@ include file="../common/script.jsp" %>
+
+</body>
+</html>
\ No newline at end of file
--- a/src/main/webapp/WEB-INF/jsp/error/404.jsp
+++ b/src/main/webapp/WEB-INF/jsp/error/404.jsp
@@ -11,7 +11,7 @@
 <body>

 <div id="header">
-    <div id="logo">
+    <div class="logo">
        <a href="${BASE}/"><f:message key="common.title"/></a>
    </div>
 </div>

--- a/src/main/webapp/WEB-INF/jsp/error/500.jsp
+++ b/src/main/webapp/WEB-INF/jsp/error/500.jsp
@@ -11,7 +11,7 @@
 <body>

 <div id="header">
-    <div id="logo">
+    <div class="logo">
        <a href="${BASE}/"><f:message key="common.title"/></a>
    </div>
 </div>

--- a/src/main/webapp/WEB-INF/jsp/login.jsp
+++ b/src/main/webapp/WEB-INF/jsp/login.jsp
@@ -11,7 +11,7 @@
 <body>

 <div id="header">
-    <div id="logo">
+    <div class="logo">
        <a href="${BASE}/"><f:message key="common.title"/></a>
    </div>
 </div>

--- a/src/main/webapp/WEB-INF/jsp/product.jsp
+++ b/src/main/webapp/WEB-INF/jsp/product.jsp
 <%@ page pageEncoding="UTF-8" %>
 <%@ include file="common/global.jsp" %>
+<%@ taglib prefix="security" uri="/security" %>

 <!DOCTYPE html>
 <html>
@@ -31,7 +32,9 @@
                        </form>
                    </div>
                    <div class="css-right">
-                        <a href="${BASE}/product/create"><f:message key="product.new_product"/></a>
+                        <security:hasPermission name="product.create">
+                            <a href="${BASE}/product/create"><f:message key="product.create_product"/></a>
+                        </security:hasPermission>
                    </div>
                </div>
                <div id="product_list">

--- a/src/main/webapp/WEB-INF/jsp/product_create.jsp
+++ b/src/main/webapp/WEB-INF/jsp/product_create.jsp
@@ -15,7 +15,7 @@
 <div id="content">
    <form id="product_create_form" enctype="multipart/form-data" class="css-form">
        <div class="css-form-header">
-            <h3><f:message key="product.new_product"/></h3>
+            <h3><f:message key="product.create_product"/></h3>
        </div>
        <div class="css-form-row">
            <label for="productType"><f:message key="product.product_type"/>:</label>

--- a/src/main/webapp/WEB-INF/jsp/user.jsp
+++ b/src/main/webapp/WEB-INF/jsp/user.jsp
+<%@ page pageEncoding="UTF-8" %>
+<%@ include file="common/global.jsp" %>
+<%@ taglib prefix="security" uri="/security" %>
+
+<!DOCTYPE html>
+<html>
+<head>
+    <%@ include file="common/meta.jsp" %>
+    <title><f:message key="common.title"/> - <f:message key="user"/></title>
+    <%@ include file="common/style.jsp" %>
+</head>
+<body>
+
+<%@ include file="common/header.jsp" %>
+
+<div id="content">
+    <div id="main">
+        <div class="css-panel">
+            <div class="css-panel-header">
+                <h3><f:message key="user.user_list"/></h3>
+            </div>
+            <div class="css-panel-content">
+                <div class="css-row">
+                    <div class="css-left">
+                        <form id="user_search_form">
+                            <div class="css-search">
+                                <input type="text" name="username" placeholder="<f:message key="user.username"/>">
+                                <span class="css-search-button">
+                                    <button type="submit"><f:message key="common.search"/></button>
+                                </span>
+                            </div>
+                        </form>
+                    </div>
+                    <div class="css-right">
+                        <a href="${BASE}/user/create"><f:message key="user.create_user"/></a>
+                    </div>
+                </div>
+                <table class="css-table">
+                    <thead>
+                        <tr>
+                            <td><f:message key="user.username"/></td>
+                            <td class="css-width-75"><f:message key="common.action"/></td>
+                        </tr>
+                    </thead>
+                    <tbody>
+                        <c:forEach var="user" items="${userList}">
+                            <tr data-id="${user.id}" data-name="${user.username}">
+                                <td>
+                                    <a href="${BASE}/user/${user.id}">${user.username}</a>
+                                </td>
+                                <td>
+                                    <a href="${BASE}/user/${user.id}"><f:message key="common.edit"/></a>
+                                    <a href="${BASE}/user/${user.id}" class="ext-user-delete"><f:message key="common.delete"/></a>
+                                </td>
+                            </tr>
+                        </c:forEach>
+                    </tbody>
+                </table>
+            </div>
+        </div>
+    </div>
+</div>
+
+<%@ include file="common/footer.jsp" %>
+
+<%@ include file="common/script.jsp" %>
+
+<script type="text/javascript" src="${BASE}/www/js/user.js"></script>
+
+</body>
+</html>
\ No newline at end of file
--- a/src/main/webapp/WEB-INF/web.xml
+++ b/src/main/webapp/WEB-INF/web.xml
@@ -5,6 +5,10 @@
         http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
         version="3.0">

+    <error-page>
+        <error-code>403</error-code>
+        <location>/WEB-INF/jsp/error/403.jsp</location>
+    </error-page>
    <error-page>
        <error-code>404</error-code>
        <location>/WEB-INF/jsp/error/404.jsp</location>

--- a/src/main/webapp/www/css/global.css
+++ b/src/main/webapp/www/css/global.css
@@ -113,24 +113,28 @@ img {
 #header a {
    color: #FFF;
 }
-#header #logo {
+#header .logo {
    float: left;
    font-size: 16px;
    font-weight: bold;
    margin: 10px;
 }
-#header #menu {
+#header .menu {
    float: left;
    margin: 10px;
 }
-#header #menu a {
+#header .menu a {
    margin: 10px;
 }
-#header #oper {
+#header .oper {
    float: right;
    margin: 10px;
 }
-#header #oper button {
+#header .oper span {
+    height: 20px;
+    padding: 0 5px;
+}
+#header .oper button {
    height: 20px;
    padding: 0 5px;
 }

--- a/src/main/webapp/www/js/user.js
+++ b/src/main/webapp/www/js/user.js
--- a/src/test/java/org/smart4j/sample/test/ProductServiceRESTTest.java
+++ b/src/test/java/org/smart4j/sample/test/ProductServiceRESTTest.java
@@ -9,9 +9,9 @@ import org.smart4j.plugin.rest.RestHelper;
 import org.smart4j.sample.entity.Product;
 import org.smart4j.sample.rest.ProductService;

-public class ProductServiceRESTTest {
+public class ProductServiceRestTest {

-    private String wadl = "http://localhost:8080/smart-sample/ws/rest/ProductService";
+    private String wadl = "http://localhost:8080/smart-sample/rest/product";
    private ProductService productService = RestHelper.createClient(wadl, ProductService.class);

    @Test

--- a/src/test/java/org/smart4j/sample/test/ProductServiceSOAPTest.java
+++ b/src/test/java/org/smart4j/sample/test/ProductServiceSOAPTest.java
@@ -9,9 +9,9 @@ import org.smart4j.plugin.soap.SoapHelper;
 import org.smart4j.sample.entity.Product;
 import org.smart4j.sample.soap.ProductService;

-public class ProductServiceSOAPTest {
+public class ProductServiceSoapTest {

-    private String wsdl = "http://localhost:8080/smart-sample/ws/soap/ProductService";
+    private String wsdl = "http://localhost:8080/smart-sample/soap/product";
    private ProductService productService = SoapHelper.createClient(wsdl, ProductService.class);

    @Test

--- a/src/test/java/org/smart4j/sample/test/ProductServiceTest.java
+++ b/src/test/java/org/smart4j/sample/test/ProductServiceTest.java
@@ -6,22 +6,25 @@ import org.junit.AfterClass;
 import org.junit.Assert;
 import org.junit.BeforeClass;
 import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.smart4j.framework.dao.DatabaseHelper;
 import org.smart4j.framework.dao.bean.Pager;
 import org.smart4j.framework.ioc.BeanHelper;
-import org.smart4j.framework.test.BaseTest;
+import org.smart4j.framework.test.OrderedRunner;
 import org.smart4j.framework.test.annotation.TestOrder;
 import org.smart4j.sample.bean.ProductBean;
 import org.smart4j.sample.service.ProductService;
 import org.smart4j.sample.service.impl.ProductServiceImpl;

-public class ProductServiceTest extends BaseTest {
+@RunWith(OrderedRunner.class)
+public class ProductServiceTest {

    private ProductService productService = BeanHelper.getBean(ProductServiceImpl.class);

    @BeforeClass
    @AfterClass
    public static void init() {
-        initSQL("sql/product.sql");
+        DatabaseHelper.initSQL("sql/product.sql");
    }

    @Test

--- a/src/test/java/org/smart4j/sample/test/ShiroTest.java
+++ b/src/test/java/org/smart4j/sample/test/ShiroTest.java
+package org.smart4j.sample.test;
+
+import org.apache.shiro.authc.credential.DefaultPasswordService;
+import org.apache.shiro.authc.credential.PasswordService;
+import org.junit.Assert;
+import org.junit.Test;
+
+public class ShiroTest {
+
+    @Test
+    public void passwordTest() {
+        String plaintextPassword = "admin";
+        PasswordService passwordService = new DefaultPasswordService();
+        String encryptPassword = passwordService.encryptPassword(plaintextPassword);
+        System.out.println("encryptPassword: " + encryptPassword);
+        Assert.assertTrue(passwordService.passwordsMatch(plaintextPassword, encryptPassword));
+    }
+}
--- a/src/test/resources/smart.properties
+++ b/src/test/resources/smart.properties
-app.package=org.smart4j.sample
+smart.framework.app.base_package=org.smart4j.sample

-jdbc.type=mysql
-jdbc.driver=com.mysql.jdbc.Driver
-jdbc.url=jdbc:mysql://localhost:3306/sample_test
-jdbc.username=root
-jdbc.password=root
\ No newline at end of file
+smart.framework.jdbc.type=mysql
+smart.framework.jdbc.driver=com.mysql.jdbc.Driver
+smart.framework.jdbc.url=jdbc:mysql://localhost:3306/sample_test
+smart.framework.jdbc.username=root
+smart.framework.jdbc.password=root
\ No newline at end of file