一:项目Demo生成及全家桶(系列jar包)选择
一:demo生成:
1.在https://start.spring.io/官网进行项目生成(推荐)
2.在编译器中创建相关类型工程,在pom.xml中添加如下依赖,版本建议选择稳定版,最好不要选择最新版.
org.springframework.boot
spring-boot-starter-parent
2.0.6.RELEASE
二:相关系列jar包选择
1.web相关系列jar包,包括了web开发的系列jar包,如springMVC,spring等
org.springframework.boot
spring-boot-starter-web
2.内置tomcat系列jar包(直接运行引导类则会运行tomcat)
org.springframework.boot
spring-boot-starter-tomcat
provided
PS:父类版本在2.0的时候,tomcat版本为8.5,如下图
3.热部署系列jar包(修改保存后及时自动发布,方便开发及补救紧急bug)
org.springframework.boot
spring-boot-devtools
true
4.测试类系列jar包
org.springframework.boot
spring-boot-starter-test
test
5.mybatis系列jar包
org.mybatis.spring.boot
mybatis-spring-boot-starter
1.3.0
PS:父类依赖中没有版本号的需要添加版本号,有版本号的可以删除版本号,看版本是否有黄色底线警告即可判断。
6.数据库连接系列jar包,也可使用spring-boot-starter-data-jpa,个人感觉jpa是hibernate的超级加强版,基于持久层方法名生成sql,骚的不行不行的。
org.springframework.boot
spring-boot-starter-jdbc
7.前端模板系列jar包,spring boot 默认使用thymeleaf,对比jsp,thymeleaf有非常多的优势,支持html模板,可在网页直接调试样式等,无需像JSP放在应用服务器中加载,相关标签的使用对比JSP略有调整,但区别不是很大。
org.springframework.boot
spring-boot-starter-thymeleaf
PS:如果需要使用JSP,则导入JSP相关jar包即可使用。
javax.servlet
javax.servlet-api
-->
com.github.theborakompanioni
thymeleaf-extras-shiro
2.0.0
shiro重要的两个类:一个是bean配置类,一个是重写AuthorizingRealm的权限验证和授权的自定义类
1.配置类
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.cache.ehcache.EhCacheManager;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import java.util.LinkedHashMap;
import java.util.Map;
@Configuration
public class ShiroConfig {
/**
* 缓存管理器
* @return
*/
@Bean
public EhCacheManager ehCacheManager(){
EhCacheManager cacheManager = new EhCacheManager();
cacheManager.setCacheManagerConfigFile("classpath:encache/ehcache-shiro.xml");
return cacheManager;
}
/**
*
* @Title: shirFilter
* @Description: shiro核心拦截器
* @param @param securityManager
* @param @return 设定文件
* @return ShiroFilterFactoryBean 返回类型
* @throws
*/
@Bean
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
//拦截器.authc:所有url都必须认证通过才可以访问; anon:所有url都都可以匿名访问
Map filterChainDefinitionMap = new LinkedHashMap();
// 配置不会被拦截的链接 顺序判断
//静态资源
filterChainDefinitionMap.put("/static/**", "anon");
//注册路径
filterChainDefinitionMap.put("/registration", "anon");
//登录校验
filterChainDefinitionMap.put("/loginCheck", "anon");
//配置退出 过滤器,其中的具体的退出代码Shiro已经替我们实现了
filterChainDefinitionMap.put("/logout", "logout");
//所有url都必须认证通过才可以访问
filterChainDefinitionMap.put("/**", "authc");
// 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
shiroFilterFactoryBean.setLoginUrl("/login");
//未授权界面;
shiroFilterFactoryBean.setUnauthorizedUrl("/403");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
/**
*
* @Title: shiroDialect
* @Description: 用于thymeleaf模板使用shiro标签
* @param @return 设定文件
* @return ShiroDialect 返回类型
* @throws
*/
@Bean
public ShiroDialect shiroDialect() {
return new ShiroDialect();
}
/**
*
* @Title: hashedCredentialsMatcher
* @Description: 登录认证加密方式,需和数据库加密方式一致,密文=(盐+明文)MD5
* @param @return 设定文件
* @return HashedCredentialsMatcher 返回类型
* @throws
*/
@Bean
public HashedCredentialsMatcher hashedCredentialsMatcher(){
HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
hashedCredentialsMatcher.setHashAlgorithmName("md5");//散列算法:这里使用MD5算法;
return hashedCredentialsMatcher;
}
/**
*
* @Title: securityManager
* @Description: 权限认证信息,设置Realm
* @param @return 设定文件
* @return SecurityManager 返回类型
* @throws
*/
@Bean
public SecurityManager securityManager(){
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(campShiroRealm());
securityManager.setCacheManager(ehCacheManager());
return securityManager;
}
/**
*
* @Title: campShiroRealm
* @Description: 配置shiro仓库
* @param @return 设定文件
* @return CampShiroRealm 返回类型
* @throws
*/
@Bean
public CampShiroRealm campShiroRealm(){
CampShiroRealm myShiroRealm = new CampShiroRealm();
myShiroRealm.setCredentialsMatcher(hashedCredentialsMatcher());
return myShiroRealm;
}
/**
*
* @Title: advisorAutoProxyCreator
* @Description: 开启shiro aop注解支持,使用代理方式;所以需要开启代码支持
* @param @return 设定文件
* @return DefaultAdvisorAutoProxyCreator 返回类型
* @throws
*/
@Bean
public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator(){
DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
advisorAutoProxyCreator.setProxyTargetClass(true);
return advisorAutoProxyCreator;
}
/**
*
* @Title: authorizationAttributeSourceAdvisor
* @Description: 开启shiro aop注解支持,使用代理方式;所以需要开启代码支持
* @param @param securityManager
* @param @return 设定文件
* @return AuthorizationAttributeSourceAdvisor 返回类型
* @throws
*/
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager){
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
}
}
2.自定义类:
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import com.facejoy.camp.core.commons.WordDefined;
import com.facejoy.camp.entity.sys.SysAuth;
import com.facejoy.camp.entity.sys.SysRole;
import com.facejoy.camp.entity.sys.SysUser;
import com.facejoy.camp.service.sys.SysUserService;
public class CampShiroRealm extends AuthorizingRealm {
@Autowired
@Lazy
SysUserService sysUserService;
//权限管理,存入权限
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
ShiroUser shiroUser = (ShiroUser)principals.getPrimaryPrincipal();
if (shiroUser == null) {
return null;
} else {
SysUser user = sysUserService.getUserRoleAndAuth(shiroUser.getLoginName());
if (user != null) {
//System.out.println("用户角色:" + user.getRoles());
for (SysRole role : user.getRoles()) {
authorizationInfo.addRole(role.getRoleCode());
}
//System.out.println("用户权限:" + user.getAuths());
for (SysAuth auth : user.getAuths()) {
authorizationInfo.addStringPermission(auth.getAuthCode());
}
}
}
return authorizationInfo;
}
//登录认证,存入用户信息
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
UsernamePasswordToken usertoken = (UsernamePasswordToken)token;
SysUser sysUser = sysUserService.findUserByLoginName(usertoken.getUsername());
SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
new ShiroUser(sysUser.getUserId(), sysUser.getLoginName(), sysUser.getUserName()),
sysUser.getLoginPwd(),
ByteSource.Util.bytes(WordDefined.ADD_PWD_FIELD),
getName()
);
return authenticationInfo;
}
}
3.shiro权限缓存配置文件ehcache-shiro.xml
4.tomcat错误返回自定义类
@Component
public class ErrorPageConfig implements ErrorPageRegistrar{
@Override
public void registerErrorPages(ErrorPageRegistry registry) {
//1、按错误的类型显示错误的网页
//错误类型为404,找不到网页的,默认显示404.html网页
ErrorPage e404 = new ErrorPage(HttpStatus.NOT_FOUND, "/static/error/404.html");
//错误类型为500,表示服务器响应错误,默认显示500.html网页
ErrorPage e500 = new ErrorPage(HttpStatus.INTERNAL_SERVER_ERROR, "/static/error/500.html");
registry.addErrorPages(e404, e500);
}
}
5.缓存标签的使用,可缓存查询结果,对应有删除缓存标签,不一一举例
在引导类上加上@EnableCaching标签
至此:基本框架搭建完成,可以搭建业务结构了。
spring boot 非常适合微服务,只有几个接口或者业务比较少的项目,纯接口可生成jar包文件直接在服务器上运行,含有业务和页面的可生成war包直接发布。
6.thymeleaf模板中shiro标签的使用和jsp没有较大区别,引入thymeleaf使用标签即可,thymeleaf具体使用方法不赘述,可查看相关手册。