引文:
本文主要讲述项目框架搭建时的一些简单的使用配置,教你如何快速进行项目框架搭建。
技术: Spring+SpringMVC+Mybatis+Redis+Shiro+Maven mybatis、redis都是使用spring集成
技术介绍就不再讲述了,话不多说,急忙上代码了。
1、新建Web项目使用Maven 进行项目管理
具体步骤不进行讲述。。。。
主要配置 web.xml 文件
1 <?xml version="1.0" encoding="UTF-8"?> 2 <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 3 xmlns="http://java.sun.com/xml/ns/javaee" 4 xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" 5 version="3.0"> 6 7 <display-name></display-name> 8 9 <welcome-file-list> 10 <welcome-file>index</welcome-file> 11 </welcome-file-list> 12 13 <error-page> 14 <error-code>404</error-code> 15 <location>/WEB-INF/jsp/other/404.jsp</location> 16 </error-page> 17 <error-page> 18 <error-code>500</error-code> 19 <location>/WEB-INF/jsp/other/500.jsp</location> 20 </error-page> 21 22 <context-param> 23 <param-name>contextConfigLocation</param-name> 24 <param-value>classpath:applicationContext.xml</param-value> 25 </context-param> 26 27 <listener> 28 <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 29 </listener> 30 <listener> 31 <listener-class>com.idbk.eastevs.webapi.ApplicationListener</listener-class> 32 </listener> 33 34 <!-- shiro 过滤器 --> 35 <filter> 36 <filter-name>shiroFilter</filter-name> 37 <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 38 <!-- 设置true由servlet容器控制filter的生命周期 --> 39 <init-param> 40 <param-name>targetFilterLifecycle</param-name> 41 <param-value>true</param-value> 42 </init-param> 43 </filter> 44 <filter-mapping> 45 <filter-name>shiroFilter</filter-name> 46 <url-pattern>/*</url-pattern> 47 </filter-mapping> 48 49 <!-- springMVC编码过滤器 --> 50 <filter> 51 <filter-name>CharacterEncodingFilter</filter-name> 52 <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> 53 <init-param> 54 <param-name>encoding</param-name> 55 <param-value>utf-8</param-value> 56 </init-param> 57 <init-param> 58 <param-name>forceEncoding</param-name> 59 <param-value>true</param-value> 60 </init-param> 61 </filter> 62 <filter-mapping> 63 <filter-name>CharacterEncodingFilter</filter-name> 64 <url-pattern>/*</url-pattern> 65 </filter-mapping> 66 67 <!-- xss攻击防御过滤器 --> 68 <filter> 69 <filter-name>MyXssFilter</filter-name> 70 <filter-class>com.idbk.eastevs.webapi.filter.MyXssFilter</filter-class> 71 </filter> 72 <filter-mapping> 73 <filter-name>MyXssFilter</filter-name> 74 <url-pattern>/*</url-pattern> 75 </filter-mapping> 76 77 <servlet-mapping> 78 <servlet-name>default</servlet-name> 79 <url-pattern>*.htm</url-pattern> 80 <url-pattern>*.html</url-pattern> 81 <url-pattern>*.js</url-pattern> 82 <url-pattern>*.css</url-pattern> 83 <url-pattern>*.json</url-pattern> 84 <url-pattern>*.svg</url-pattern> 85 <url-pattern>*.txt</url-pattern> 86 <url-pattern>*.tiff</url-pattern> 87 <url-pattern>*.gif</url-pattern> 88 <url-pattern>*.ico</url-pattern> 89 <url-pattern>*.jpg</url-pattern> 90 <url-pattern>*.jpeg</url-pattern> 91 <url-pattern>*.png</url-pattern> 92 <url-pattern>*.ttf</url-pattern> 93 <url-pattern>*.woff</url-pattern> 94 <url-pattern>*.woff2</url-pattern> 95 <url-pattern>*.eot</url-pattern> 96 <url-pattern>/include/*</url-pattern> 97 </servlet-mapping> 98 99 <servlet> 100 <servlet-name>springMVC</servlet-name> 101 <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> 102 <init-param> 103 <param-name>contextConfigLocation</param-name> 104 <param-value>classpath:beans-springmvc.xml</param-value> 105 </init-param> 106 <load-on-startup>1</load-on-startup> 107 </servlet> 108 <servlet-mapping> 109 <servlet-name>springMVC</servlet-name> 110 <url-pattern>/</url-pattern> 111 </servlet-mapping> 112 </web-app>
2、Spring 配置文件
1 <?xml version="1.0" encoding="UTF-8"?> 2 <beans xmlns="http://www.springframework.org/schema/beans" 3 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 4 xmlns:p="http://www.springframework.org/schema/p" 5 xmlns:context="http://www.springframework.org/schema/context" 6 xmlns:mvc="http://www.springframework.org/schema/mvc" 7 xmlns:task="http://www.springframework.org/schema/task" 8 xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.1.xsd 9 http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task-4.3.xsd 10 http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd 11 http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.1.xsd"> 12 13 14 <import resource="classpath*:/beans-mybatis.xml" /> 15 16 <import resource="classpath*:/beans-jedis.xml" /> 17 18 <import resource="classpath*:/beans-shiro.xml" /> 19 20 <context:component-scan base-package="com.idbk.eastevs.webapi"></context:component-scan> 21 <context:component-scan base-package="com.idbk.eastevs.webapi.service.impl"></context:component-scan> 22 <context:component-scan base-package="com.idbk.eastevs.webapi.server"></context:component-scan> 23 24 <bean id="app" class="org.springframework.beans.factory.config.PropertiesFactoryBean"> 25 <property name="locations"> 26 <array> 27 <value>classpath:app.properties</value> 28 </array> 29 </property> 30 </bean> 31 32 <bean 33 class="com.idbk.eastevs.webapi.App"> 34 </bean> 35 36 <!-- 开启定时任务注解识别 --> 37 <task:annotation-driven/> 38 </beans>
3、SpringMVC配置文件
1 <?xml version="1.0" encoding="UTF-8"?> 2 <beans xmlns="http://www.springframework.org/schema/beans" 3 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" 4 xmlns:mvc="http://www.springframework.org/schema/mvc" 5 xsi:schemaLocation="http://www.springframework.org/schema/beans 6 http://www.springframework.org/schema/beans/spring-beans.xsd 7 http://www.springframework.org/schema/context 8 http://www.springframework.org/schema/context/spring-context-4.0.xsd 9 http://www.springframework.org/schema/mvc 10 http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd"> 11 12 13 <!-- 配置自动扫描的包 --> 14 <context:component-scan base-package="com.idbk.eastevs.webapi.controller"></context:component-scan> 15 <context:component-scan base-package="com.idbk.eastevs.webapi.controller.*"></context:component-scan> 16 17 <!-- 配置视图解析器 如何把handler 方法返回值解析为实际的物理视图 --> 18 <bean 19 class="org.springframework.web.servlet.view.InternalResourceViewResolver"> 20 <property name="prefix" value="/WEB-INF/jsp/"></property> 21 <property name="suffix" value=".jsp"></property> 22 </bean> 23 24 <!-- 如果springMVC拦截了根目录,这还需要放行资源目录 <mvc:resources mapping="/include/**" location="/include/" 25 /> --> 26 27 <!-- 配置文件上传 --> 28 <bean id="multipartResolver" 29 class="org.springframework.web.multipart.commons.CommonsMultipartResolver"> 30 <property name="maxUploadSize" value="104857600" /> 31 <property name="maxInMemorySize" value="4096" /> 32 <property name="defaultEncoding" value="UTF-8"></property> 33 </bean> 34 35 <mvc:annotation-driven> 36 <!-- 消息转换器 --> 37 <mvc:message-converters register-defaults="true"> 38 <bean class="org.springframework.http.converter.StringHttpMessageConverter"> 39 <property name="supportedMediaTypes" value="text/html;charset=UTF-8" /> 40 </bean> 41 </mvc:message-converters> 42 </mvc:annotation-driven> 43 44 <!-- 配置请求拦截器 --> 45 <mvc:interceptors> 46 <!-- 多个拦截器,顺序执行 --> 47 <!-- 中电联、曹操专车拦截器 --> 48 <mvc:interceptor> 49 <!-- /**的意思是所有文件夹及里面的子文件夹 /*是所有文件夹,不含子文件夹 /是web项目的根目录 --> 50 <!-- <mvc:mapping path="/*/caocao/**" /> 51 <mvc:mapping path="/caocao/**" /> --> 52 <mvc:mapping path="/**" /> 53 <!-- 不拦截的地址 --> 54 <mvc:exclude-mapping path="/login" /> 55 <bean id="CoreInterceptor" class="com.idbk.eastevs.webapi.CoreInterceptor" /> 56 </mvc:interceptor> 57 </mvc:interceptors> 58 </beans>
4、Spring-Mybatis配置文件
1 <?xml version="1.0" encoding="UTF-8"?> 2 <beans xmlns="http://www.springframework.org/schema/beans" 3 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" 4 xmlns:tx="http://www.springframework.org/schema/tx" 5 xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd 6 http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd 7 http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.3.xsd"> 8 9 <context:component-scan base-package="com.idbk.eastevs.webapi.pojo" /> 10 <!-- 加载配置文件 --> 11 <context:property-placeholder location="classpath*:jdbc.properties" 12 ignore-unresolvable="true" /> 13 14 <!-- 配置数据源 --> 15 <bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" 16 destroy-method="close"> 17 <property name="driverClassName" value="${jdbc.driverClassName}" /> 18 <property name="url" value="${jdbc.url}" /> 19 <property name="username" value="${jdbc.username}" /> 20 <property name="password" value="${jdbc.password}" /> 21 22 <!-- 可同时连接的最大的连接数 --> 23 <property name="maxActive" value="${jdbc.maxActive}" /> 24 <!-- 最大的空闲的连接数 --> 25 <property name="maxIdle" value="${jdbc.maxIdle}" /> 26 <!-- 最小的空闲的连接数,低于这个数量会被创建新的连接,默认为0 --> 27 <property name="minIdle" value="${jdbc.minIdle}" /> 28 <!-- 连接池启动时创建的初始化连接数量,默认值为0 --> 29 <property name="initialSize" value="${jdbc.initialSize}" /> 30 <!-- 等待连接超时时间,毫秒,默认为无限 --> 31 <property name="maxWait" value="${jdbc.maxWait}" /> 32 <!-- 配置间隔多久才进行一次检测,检测需要关闭的空闲连接,单位是毫秒 --> 33 <property name="timeBetweenEvictionRunsMillis" value="${jdbc.timeBetweenEvictionRunsMillis}" /> 34 <!-- 配置一个连接在池中最小生存的时间,单位是毫秒 --> 35 <property name="minEvictableIdleTimeMillis" value="${jdbc.minEvictableIdleTimeMillis}" /> 36 <!-- 打开removeAbandoned功能 --> 37 <property name="removeAbandoned" value="${jdbc.removeAbandoned}" /> 38 <property name="removeAbandonedTimeout" value="${jdbc.removeAbandonedTimeout}" /> 39 <property name="validationQuery" value="SELECT 1" /> 40 </bean> 41 42 <!-- 会话工厂bean sqlSessionFactoryBean --> 43 <bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean"> 44 <property name="dataSource" ref="dataSource" /> 45 <!-- 扫描mybatis配置文件 --> 46 <property name="configLocation" value="classpath:mybatis-config.xml"></property> 47 <!-- 别名 --> 48 <property name="typeAliasesPackage" value="com.idbk.eastevs.dal.entity"></property> 49 <!-- sql映射文件路径 --> 50 <property name="mapperLocations" 51 value="classpath*:com/idbk/eastevs/dal/entity/mapper/*Mapper.xml"></property> 52 </bean> 53 54 <!-- 自动扫描对象关系映射 --> 55 <bean class="org.mybatis.spring.mapper.MapperScannerConfigurer"> 56 <!--指定会话工厂,如果当前上下文中只定义了一个则该属性可省去 --> 57 <property name="sqlSessionFactoryBeanName" value="sqlSessionFactory"></property> 58 <!-- 指定要自动扫描接口的基础包,实现接口 --> 59 <property name="basePackage" value="com.idbk.eastevs.dal.entity.mapper" /> 60 </bean> 61 62 <!-- 声明式事务管理 --> 63 <!--定义事物管理器,由spring管理事务 --> 64 <bean id="transactionManager" 65 class="org.springframework.jdbc.datasource.DataSourceTransactionManager"> 66 <property name="dataSource" ref="dataSource" /> 67 </bean> 68 69 <!--支持注解驱动的事务管理,指定事务管理器 --> 70 <tx:annotation-driven transaction-manager="transactionManager" /> 71 72 <!-- 自定义sqlSessionFactory 工具类 --> 73 <bean id="SqlManager" class="com.idbk.eastevs.dal.SqlManager"> 74 <property name="sqlSessionFactory" ref="sqlSessionFactory" /> 75 </bean> 76 </beans>
5、Mybatis配置文件
1 <?xml version="1.0" encoding="UTF-8" ?> 2 <!DOCTYPE configuration PUBLIC "-//mybatis.org//DTD Config 3.0//EN" "http://mybatis.org/dtd/mybatis-3-config.dtd"> 3 <configuration> 4 <settings> 5 <!-- 打印操作日志 --> 6 <setting name="logImpl" value="LOG4J" /> 7 </settings> 8 9 <!-- 分页插件 --> 10 <plugins> 11 <!-- com.github.pagehelper为PageHelper类所在包名 --> 12 <plugin interceptor="com.github.pagehelper.PageInterceptor"> 13 <!-- 方言 --> 14 <property name="helperDialect" value="mysql" /> 15 <!-- 该参数默认为false,设置为true时,使用RowBounds分页会进行count查询 --> 16 <!-- <property name="rowBoundsWithCount" value="true" /> --> 17 </plugin> 18 </plugins> 19 </configuration>
6、Spring-Redis配置文件
1 <?xml version="1.0" encoding="UTF-8"?> 2 <beans xmlns="http://www.springframework.org/schema/beans" 3 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 4 xmlns:context="http://www.springframework.org/schema/context" 5 xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd 6 http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.1.xsd" 7 default-lazy-init="false"> 8 9 <!-- 加载配置文件 --> 10 <context:property-placeholder location="classpath*:jedis.properties" ignore-unresolvable="true"/> 11 12 <!-- redis数据源 --> 13 <bean id="poolConfig" class="redis.clients.jedis.JedisPoolConfig"> 14 <!-- 保留空闲连接数 --> 15 <property name="minIdle" value="${redis.minIdle}" /> 16 <!-- 最大空连接数 --> 17 <property name="maxTotal" value="${redis.maxTotal}" /> 18 <!-- 最大等待时间 --> 19 <property name="maxWaitMillis" value="${redis.maxWaitMillis}" /> 20 <!-- 连接超时时是否阻塞,false时报异常,ture阻塞直到超时, 默认true --> 21 <property name="blockWhenExhausted" value="${redis.blockWhenExhausted}" /> 22 <!-- 返回连接时,检测连接是否成功 --> 23 <property name="testOnBorrow" value="${redis.testOnBorrow}" /> 24 </bean> 25 26 <!-- Spring-redis连接池管理工厂 --> 27 <bean id="jedisConnectionFactory" class="org.springframework.data.redis.connection.jedis.JedisConnectionFactory"> 28 <!-- IP地址 --> 29 <property name="hostName" value="${redis.host}" /> 30 <!-- 端口号 --> 31 <property name="port" value="${redis.port}" /> 32 <!-- 密码 --> 33 <property name="password" value="${redis.password}" /> 34 <!-- 超时时间 默认2000--> 35 <property name="timeout" value="${redis.timeout}" /> 36 <!-- 连接池配置引用 --> 37 <property name="poolConfig" ref="poolConfig" /> 38 <!-- usePool:是否使用连接池 --> 39 <property name="usePool" value="true"/> 40 </bean> 41 42 <!-- redis 操作模板,集成序列化和连接管理 --> 43 <bean id="redisTemplate" class="org.springframework.data.redis.core.RedisTemplate"> 44 <property name="connectionFactory" ref="jedisConnectionFactory" /> 45 <property name="keySerializer"> 46 <bean class="org.springframework.data.redis.serializer.StringRedisSerializer" /> 47 </property> 48 <property name="valueSerializer"> 49 <bean class="org.springframework.data.redis.serializer.JdkSerializationRedisSerializer" /> 50 </property> 51 <property name="hashKeySerializer"> 52 <bean class="org.springframework.data.redis.serializer.StringRedisSerializer" /> 53 </property> 54 <property name="hashValueSerializer"> 55 <bean class="org.springframework.data.redis.serializer.JdkSerializationRedisSerializer" /> 56 </property> 57 <!--开启事务 --> 58 <property name="enableTransactionSupport" value="true"></property> 59 </bean> 60 61 <!--自定义redis工具类,在需要缓存的地方注入此类 --> 62 <bean id="jedis" class="com.idbk.eastevs.dal.jedis.Jedis"> 63 <property name="redisTemplate" ref="redisTemplate" /> 64 </bean> 65 66 </beans>
7、jdbc配置文件
1 #mysql jdbc 2 jdbc.driverClassName=com.mysql.jdbc.Driver 3 jdbc.url=${pom.jdbc.url} 4 jdbc.username=${pom.jdbc.username} 5 jdbc.password=${pom.jdbc.password} 6 7 jdbc.initialSize=1 8 jdbc.maxActive=60 9 jdbc.maxIdle=60 10 jdbc.minIdle=5 11 jdbc.maxWait=30000 12 13 jdbc.removeAbandoned:true 14 jdbc.removeAbandonedTimeout:1800 15 16 jdbc.timeBetweenEvictionRunsMillis:60000 17 jdbc.minEvictableIdleTimeMillis:300000
8、jedis配置文件
1 redis.host=${pom.redis.host} 2 redis.port=${pom.redis.port} 3 redis.password=${pom.redis.password} 4 redis.minIdle=10 5 redis.maxTotal=50 6 redis.maxWaitMillis=3000 7 redis.blockWhenExhausted=true 8 redis.testOnBorrow=true 9 redis.timeout=5000
9、log4j配置文件
1 #INFO WARN ERROR DEBUG 2 log4j.rootLogger=ERROR,console,file 3 4 log4j.appender.console=org.apache.log4j.ConsoleAppender 5 log4j.appender.console.layout=org.apache.log4j.PatternLayout 6 log4j.appender.console.layout.ConversionPattern=[%d{yyyy-MM-dd HH:mm:ss,SSS}] [%p] [%t] [%C.%M(%L)] %m%n%n 7 8 log4j.appender.file=org.apache.log4j.DailyRollingFileAppender 9 log4j.appender.file.File=/home/tomcat/logall/WebApi_logs/WebApi.log 10 log4j.appender.file.DatePattern='.'yyyy-MM-dd 11 log4j.appender.file.layout=org.apache.log4j.PatternLayout 12 log4j.appender.file.layout.ConversionPattern=[%d{yyyy-MM-dd HH:mm:ss,SSS}] [%p] [%t] [%C.%M(%L)] %m%n%n 13 log4j.appender.file.encoding=utf-8 14 15 log4j.logger.com=ERROR 16 log4j.logger.org=ERROR 17 log4j.logger.freemarker=ERROR 18 log4j.logger.net=ERROR 19 log4j.logger.com.idbk=DEBUG 20 21 log4j.logger.org.springframework=DEBUG 22 log4j.logger.org.apache.ibatis=DEBUG
10、Spring-Shiro配置文件
1 <?xml version="1.0" encoding="UTF-8"?> 2 <beans xmlns="http://www.springframework.org/schema/beans" 3 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 4 xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"> 5 6 <!-- 自定义认证和授权管理 --> 7 <bean id="customRealm" class="com.idbk.eastevs.webapi.shiro.CustomRealm"></bean> 8 9 <!-- 会话Cookie模板,maxAge=-1表示浏览器关闭时失效此Cookie --> 10 <bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie"> 11 <constructor-arg value="sid"/> 12 <property name="httpOnly" value="true"/> 13 <property name="maxAge" value="-1"/> 14 </bean> 15 <!-- rememberme相关 --> 16 <bean id="rememberMeCookie" class="org.apache.shiro.web.servlet.SimpleCookie"> 17 <constructor-arg value="rememberMe" /> 18 <property name="httpOnly" value="true" /> 19 <property name="maxAge" value="604800" /><!-- 7天 --> 20 </bean> 21 22 <!-- rememberMe管理器 --> 23 <bean id="rememberMeManager" class="org.apache.shiro.web.mgt.CookieRememberMeManager"> 24 <property name="cipherKey" value="#{T(org.apache.shiro.codec.Base64).decode('EASTEVShua1314520rsdag==')}"/> 25 <property name="cookie" ref="rememberMeCookie"/> 26 </bean> 27 28 <!-- 基于Form表单的身份验证过滤器 --> 29 <!-- <bean id="formAuthenticationFilter" class="org.apache.shiro.web.filter.authc.FormAuthenticationFilter"> 30 <property name="rememberMeParam" value="rememberMe"/> 31 </bean> --> 32 33 <!-- sessionIdCookie的实现,用于重写覆盖容器默认的JSESSIONID --> 34 <bean id="simpleCookie" class="org.apache.shiro.web.servlet.SimpleCookie"> 35 <!-- 设置Cookie名字, 默认为: JSESSIONID 问题: 与SERVLET容器名冲突, 如JETTY, TOMCAT 等默认JSESSIONID, 36 当跳出SHIRO SERVLET时如ERROR-PAGE容器会为JSESSIONID重新分配值导致登录会话丢失! --> 37 <property name="name" value="SHIRO-COOKIE"/> 38 <!-- JSESSIONID的path为/用于多个系统共享JSESSIONID --> 39 <!-- <property name="path" value="/"/> --> 40 <!-- 浏览器中通过document.cookie可以获取cookie属性,设置了HttpOnly=true,在脚本中就不能的到cookie,可以避免cookie被盗用 --> 41 <property name="httpOnly" value="true"/> 42 </bean> 43 44 <bean id="sessionDAO" class="org.apache.shiro.session.mgt.eis.MemorySessionDAO" /> 45 <!-- 会话管理器 --> 46 <bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager"> 47 <property name="sessionDAO" ref="sessionDAO"/> 48 <property name="sessionIdCookie" ref="simpleCookie"/> 49 <!-- 全局的会话信息时间,,单位为毫秒 --> 50 <property name="globalSessionTimeout" value="1800000"/> 51 <!-- 检测扫描信息时间间隔,单位为毫秒--> 52 <property name="sessionValidationInterval" value="60000"/> 53 <!-- 是否开启扫描 --> 54 <property name="sessionValidationSchedulerEnabled" value="false"/> 55 <!-- 去掉URL中的JSESSIONID --> 56 <property name="sessionIdUrlRewritingEnabled" value="true"/> 57 </bean> 58 59 <!-- 安全管理器 --> 60 <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> 61 <property name="realm" ref="customRealm"></property> 62 <property name="rememberMeManager" ref="rememberMeManager"/> 63 <property name="sessionManager" ref="sessionManager" /> 64 </bean> 65 66 <!-- Shiro生命周期处理器,保证实现了Shiro内部lifecycle函数的bean执行--> 67 <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/> 68 69 <!-- 自定义shiro的filter --> 70 <bean id="shiroAjaxFilter" class="com.idbk.eastevs.webapi.shiro.ShiroAjaxFilter" /> 71 72 <!-- 配置ShiroFilter --> 73 <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> 74 <property name="securityManager" ref="securityManager"></property> 75 <!-- 登入页面 --> 76 <property name="loginUrl" value="/login"></property> 77 <property name="successUrl" value="/index"></property> 78 <!-- 未授权的跳转 --> 79 <property name="unauthorizedUrl" value="other/unauthorized.jsp"/> 80 <property name="filterChainDefinitions"> 81 <value> 82 /caocao/** = anon 83 /evcs/** = anon 84 /resource/** = anon 85 /system/** = anon 86 /pay/** = anon 87 88 /include/** = anon 89 /login = anon 90 /logout = logout 91 /captcha = anon 92 /unauthorized = anon 93 /ajax/login = anon 94 /ajax/register = anon 95 /ajax/** = shiroAjaxFilter 96 /** = user 97 </value> 98 </property> 99 </bean> 100 101 <!-- 开启Shiro Spring AOP 权限注解的支持 --> 102 <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/> 103 <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> 104 <property name="securityManager" ref="securityManager"/> 105 </bean> 106 107 </beans>
11、自定义CustomRealm
1 package com.idbk.eastevs.webapi.shiro; 2 3 import org.apache.log4j.Logger; 4 import org.apache.shiro.authc.AuthenticationException; 5 import org.apache.shiro.authc.AuthenticationInfo; 6 import org.apache.shiro.authc.AuthenticationToken; 7 import org.apache.shiro.authc.SimpleAuthenticationInfo; 8 import org.apache.shiro.authc.UsernamePasswordToken; 9 import org.apache.shiro.authz.AuthorizationInfo; 10 import org.apache.shiro.authz.SimpleAuthorizationInfo; 11 import org.apache.shiro.realm.AuthorizingRealm; 12 import org.apache.shiro.subject.PrincipalCollection; 13 import org.springframework.beans.factory.annotation.Autowired; 14 15 import com.idbk.eastevs.webapi.App; 16 17 /** 18 * @Author Tophua 19 * @Date 2018年12月4日 20 * @Description 自定义shiro认证和授权处理 21 */ 22 public class CustomRealm extends AuthorizingRealm { 23 24 private static final Logger Log = Logger.getLogger(CustomRealm.class); 25 26 @Autowired 27 App app; 28 29 /** 30 * 授权、权限验证 31 */ 32 @Override 33 protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { 34 // Integer userId = (Integer) principals.getPrimaryPrincipal(); 35 // 数据库获取权限 36 37 SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); 38 //加入角色 39 info.addRole("super"); 40 // info.setRoles(roles); 41 // 加入权限 42 info.addStringPermission("*"); 43 // info.setStringPermissions(stringPermissions); 44 return info; 45 } 46 47 /** 48 * 身份认证、登录 49 */ 50 @Override 51 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { 52 UsernamePasswordToken _token = (UsernamePasswordToken) token; 53 String username = _token.getUsername(); 54 String password = String.valueOf(_token.getPassword()); 55 /** 56 * 做数据库登录验证,在此只先提供超级用户登录 57 * 58 */ 59 if (password.equals(app.getSuperPassword())) { 60 Log.info("超级用户登录,用户名:" + username); 61 } else { 62 throw new AuthenticationException(); 63 } 64 65 //此处无需比对,比对的逻辑Shiro会做,我们只需返回一个和令牌相关的正确的验证信息 66 //说白了就是第一个参数填登录用户名,第二个参数填合法的登录密码(可以是从数据库中取到的) 67 //这样一来,在随后的登录页面上就只有这里指定的用户和密码才能通过验证 68 SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(username, password, getName()); 69 return info; 70 } 71 72 }
12、登录模型
1 package com.idbk.eastevs.webapi.controller.inner.ajax; 2 3 import org.apache.shiro.SecurityUtils; 4 import org.apache.shiro.authc.AuthenticationException; 5 import org.apache.shiro.authc.LockedAccountException; 6 import org.apache.shiro.authc.UnknownAccountException; 7 import org.apache.shiro.authc.UsernamePasswordToken; 8 import org.apache.shiro.subject.Subject; 9 import org.springframework.beans.factory.annotation.Autowired; 10 import org.springframework.web.bind.annotation.RequestMapping; 11 import org.springframework.web.bind.annotation.RequestParam; 12 import org.springframework.web.bind.annotation.RestController; 13 14 import com.idbk.eastevs.webapi.App; 15 import com.idbk.eastevs.webapi.json.Result; 16 17 /** 18 * @Author Tophua 19 * @Date 2018年11月30日 20 * @Description 21 */ 22 @RestController 23 @RequestMapping("/ajax") 24 public class LoginMngController { 25 26 @Autowired 27 App app; 28 29 @RequestMapping("/login") 30 private Result login( 31 @RequestParam("loginName") String loginName, 32 @RequestParam("password") String password, 33 @RequestParam(name="rememberMe",required=false,defaultValue="false") boolean rememberMe 34 ) { 35 UsernamePasswordToken token = new UsernamePasswordToken(loginName, password, rememberMe); 36 Subject subject = SecurityUtils.getSubject(); 37 try 38 { 39 subject.login(token); 40 return Result.ok(); 41 } 42 catch (UnknownAccountException e) 43 { 44 return Result.failed("账号不存在"); 45 } 46 catch (LockedAccountException e) 47 { 48 return Result.failed("账号不可用"); 49 } 50 catch (AuthenticationException e) 51 { 52 } 53 return Result.failed("账号或密码错误"); 54 } 55 }
13、全局异常管理
1 package com.idbk.eastevs.webapi; 2 3 import javax.servlet.http.HttpServletRequest; 4 5 import org.apache.log4j.Logger; 6 import org.apache.shiro.SecurityUtils; 7 import org.apache.shiro.authz.UnauthorizedException; 8 import org.apache.shiro.subject.Subject; 9 import org.springframework.beans.factory.annotation.Autowired; 10 import org.springframework.web.bind.annotation.ControllerAdvice; 11 import org.springframework.web.bind.annotation.ExceptionHandler; 12 import org.springframework.web.bind.annotation.ModelAttribute; 13 import org.springframework.web.bind.annotation.ResponseBody; 14 15 import com.idbk.eastevs.webapi.json.Result; 16 17 /** 18 * @Author Tophua 19 * @Date 2018年12月5日 20 * @Description 内部异常处理 21 */ 22 @ControllerAdvice("com.idbk.eastevs.webapi.controller.inner") 23 public class SysInnerExceptionHandle { 24 25 private static final Logger LOG = Logger.getLogger(SysInnerExceptionHandle.class); 26 27 @Autowired 28 App app; 29 30 @ModelAttribute("app") 31 public App getMyAppInfo() { 32 return app; 33 } 34 35 @ModelAttribute("user") 36 public String getUser() { 37 Subject subject = SecurityUtils.getSubject(); 38 return (String) subject.getPrincipal(); 39 } 40 41 @ModelAttribute("menu") 42 public String getMenu(HttpServletRequest request) { 43 return request.getRequestURI(); 44 } 45 46 /** 47 * 权限验证失败时异常 48 * @param e 49 * @return 50 */ 51 @ExceptionHandler(UnauthorizedException.class) 52 String handleUnauthorizedException(UnauthorizedException e) { 53 LOG.error(e.getMessage(), e); 54 return "other/unauthorized.jsp"; 55 } 56 57 @ExceptionHandler(Exception.class) 58 @ResponseBody 59 Result handleException(Exception e) { 60 LOG.error(e.getMessage(), e); 61 return Result.sysBusy(); 62 } 63 }
总结:
现多项目多用此技术,常用配置足以满足项目要求。如需进一步了解,建议看官方文档!
至此结束!
多多关注!
Shiro参考:https://www.iteye.com/blogs/subjects/shiro
内容来源于网络如有侵权请私信删除
- 还没有人评论,欢迎说说您的想法!
客服
