Skip to content

tlhhup/springboot-tlh

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

37 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

  1. 整合mybatis
    1. 添加依赖

       <dependency>
       	<groupId>org.mybatis.spring.boot</groupId>
       	<artifactId>mybatis-spring-boot-starter</artifactId>
       	<version>1.1.1</version>
       </dependency>
      
    2. 自动配置:Spring Boot通过org.mybatis.spring.boot.autoconfigure.MybatisAutoConfiguration来实现对Mybatis的自动配置,可通过application.properties文件中前缀为mybatis的属性设置mybatis的信息。其自动配置的信息如下

      1. SqlSessionFactory对象
      2. SqlSessionTemplate对象
    3. 在配置类添加@MapperScan注解来开启对Mybatis的Mapper代理的扫描或者在代理类添加@Mapper注解

       @SpringBootApplication
       @MapperScan(basePackages="com.tlh.**.mapper")
       public class TlhApplication {
       
       	public static void main(String[] args) {
       		SpringApplication.run(TlhApplication.class, args);
       	}
       
       }
      
    4. 在application.properties文件中指定实体列名的包及mapper文件的路径

       #mybatis
       mybatis.typeAliasesPackage=com.tlh.sys.entity
       mybatis.mapperLocations=classpath*:sqlmap/*Mapper.xml
      
    5. 注意事项

      1. Mapper的映射文件必须放在src/main/resources目录下(原因为maven在进行编译之后不会将src/main/java下面的非java文件编译到target/classes目录下)
  2. 整合shiro
    1. 添加依赖

       <dependency>
       	<groupId>org.apache.shiro</groupId>
       	<artifactId>shiro-spring-boot-web-starter</artifactId>
       	<version>1.4.0-RC2</version>
       </dependency>
      
    2. 自动配置:Spring Boot通过org.apache.shiro.spring.config.web.autoconfigure包完成对shiro的自动配置,其自动配置的信息如下

      1. ShiroWebAutoConfiguration来自动配置SessionsSecurityManager、会话管理、记住我管理等核心对象,并且可以通过配置设置会话管理和记住我的cookie信息(具体属性名查看AbstractShiroWebConfiguration类)
        1. 说明
          1. 记住我:表示的是访问指定地址的资源是只要身份验证通过或RememberMe登录的都可以。
      2. ShiroWebFilterConfiguration来自动配置ShiroFilterFactoryBean和FilterRegistrationBean对象
    3. 在application.properties文件中配置如下信息

       shiro.web.enabled=true//可以设置,默认自动开启自动配置
       shiro.annotations.enabled=true
       //认证界面
       shiro.loginUrl=/login
       //认证成功的界面
       shiro.successUrl=/home
      
    4. 定义Realm对象和加密方式

      1. 定义类继承AuthorizingRealm抽象类处理用户认证和授权

      2. 在配置类中将自定义的Realm定义为bean

      3. 设置加密方式

         @SpringBootApplication
         @MapperScan(basePackages="com.tlh.**.mapper")
         public class TlhApplication {
         
         	public static void main(String[] args) {
         		SpringApplication.run(TlhApplication.class, args);
         	}
         
         	@Bean
         	Realm realm(){
         		CustomRealm customRealm=new CustomRealm();
         		customRealm.setCredentialsMatcher(new HashedCredentialsMatcher(Md5Hash.ALGORITHM_NAME));
         		return customRealm;
         	}
         	
         	private class CustomRealm extends AuthorizingRealm{
         
         		//授权
         		@Override
         		protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
         			return null;
         		}
         
         		//认证
         		@Override
         		protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
         			return null;
         		}
         		
         	}
         	
         }
        
    5. 配置Shiro权限过滤过滤器定义:Shiro可以通过配置文件实现基于URL的授权验证。

       @Bean
       ShiroFilterChainDefinition shiroFilterChainDefinition(){
           DefaultShiroFilterChainDefinition shiroFilterChainDefinition=new DefaultShiroFilterChainDefinition();
           shiroFilterChainDefinition.addPathDefinition("/login","authc");
           return shiroFilterChainDefinition;
       }
      
      1. FilterChain定义格式: URL_Ant_Path_Expression = Path_Specific_Filter_Chain
      2. 每个URL配置,表示匹配该URL的应用程序请求将由对应的过滤器进行验证。
        1. 内置的权限过滤器(别名都在DefaultFilter枚举中定义)
          名称 实现类 说明
          anon org.apache.shiro.web.filter.authc.AnonymousFilter 不需要进行安全认证即可访问资源
          authc org.apache.shiro.web.filter.authc.FormAuthenticationFilter 需要进行认证才能访问资源
          authcBasic org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter 需要进行认证才能访问资源
          perms org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter 需要当前用户具有该权限才能访问
          port org.apache.shiro.web.filter.authz.PortFilter 要求访问资源的端口必须为指定的端口
          rest org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter 请求方法过滤
          roles org.apache.shiro.web.filter.authz.RolesAuthorizationFilter 需要当前用户具有该角色才能访问
          ssl org.apache.shiro.web.filter.authz.SslFilter SSL认证过滤
          user org.apache.shiro.web.filter.authc.UserFilter 指定的用户可以访问(认证过并且记住我的)
  3. thymeleaf整合shiro:https://github.com/theborakompanioni/thymeleaf-extras-shiro
    1. 添加依赖:thymeleaf-extras-shiro

       <dependency>
           <groupId>com.github.theborakompanioni</groupId>
           <artifactId>thymeleaf-extras-shiro</artifactId>
           <version>2.0.0</version>
       </dependency>
      
      1. 说明(不同版本的区别)
        1. 2.0.0:
          1. Thymeleaf version 3.0.2.RELEASE
          2. Shiro version 1.3.2
        2. 1.2.1:
          1. Thymeleaf version 2.1.4
          2. Shiro version 1.2.4
        3. 1.1.0:
          1. Thymeleaf version 2.1.0
          2. Shiro version 1.2.2
        4. 1.0.2:
          1. Thymeleaf version 2.0.18
          2. Shiro version 1.2.2
        5. 1.0.1:
          1. Thymeleaf version 2.0.15
          2. Shiro version 1.2.1
    2. 在shiro的配置类中添加方言Bean

       @Bean
       ShiroDialect shiroDialect(){
           return new ShiroDialect();
       }
      
    3. 界面引入命名空间

       <html xmlns:th="http://www.thymeleaf.org"
       	  xmlns:shiro="http://www.pollix.at/thymeleaf/shiro">
      
    4. 标签:(可以查看引入包中的Shiro-Dialect.xml文件)

      1. guest tag

         <p shiro:guest="">
           Please <a href="login.html">Login</a>
         </p>
        
      2. user tag

         <p shiro:user="">
           Welcome back John! Not John? Click <a href="login.html">here<a> to login.
         </p>
        
      3. authenticated tag

         <a shiro:authenticated="" href="updateAccount.html">Update your contact information</a>
        
      4. notAuthenticated tag

         <p shiro:notAuthenticated="">
           Please <a href="login.html">login</a> in order to update your credit card information.
         </p>
        
      5. principal tag

         <p>Hello, <span shiro:principal=""></span>, how are you today?</p>
         或者
         <p>Hello, <shiro:principal/>, how are you today?</p>
        
      6. hasRole tag

         <a shiro:hasRole="administrator" href="admin.html">Administer the system</a>
        
      7. lacksRole tag

         <p shiro:lacksRole="administrator">
           Sorry, you are not allowed to administer the system.
         </p>
        
      8. hasAllRoles tag

         <p shiro:hasAllRoles="developer, project manager">
           You are a developer and a project manager.
         </p>
        
      9. hasAnyRoles tag

         <p shiro:hasAnyRoles="developer, project manager, administrator">
           You are a developer, project manager, or administrator.
         </p>
        
      10. hasPermission tag

        Create a new User

      11. lacksPermission tag

        <p shiro:lacksPermission="user:delete">
          Sorry, you are not allowed to delete user accounts.
        </p>
        
      12. hasAllPermissions tag

        <p shiro:hasAllPermissions="user:create, user:delete">
          You can create and delete users.
        </p>
        
      13. hasAnyPermissions tag

        <p shiro:hasAnyPermissions="user:create, user:delete">
          You can create or delete users.
        </p>
        

About

将原有的tlh项目通过spring boot进行重构

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published