|
|
|
步骤 2 : 表结构调整 步骤 3 : 新的表数据 步骤 4 : 先运行,看到效果,再学习 步骤 5 : 模仿和排错 步骤 6 : 用户管理效果 步骤 7 : 角色管理效果 步骤 8 : 权限管理效果 步骤 9 : 基于前面的知识点 步骤 10 : jar 步骤 11 : OverIsMergeablePlugin 步骤 12 : generatorConfig.xml 步骤 13 : MybatisGenerator 步骤 14 : Pojo,Example,Mapper 步骤 15 : Service层 步骤 16 : Service实现层 步骤 17 : Controller 层 步骤 18 : menu.jsp 步骤 19 : View层 步骤 20 : style.css 步骤 21 : web.xml 步骤 22 : DatabaseRealm 步骤 23 : applicationContext-shiro.xml 步骤 24 : 重启tomcat 访问测试 步骤 25 : 原业务功能
上一个知识点ssm,哪里需要权限,哪里写注解@RequirePermission就行。 但是,真正项目开发的时候,这种方式就很有局限性了,当权限配置关系发生变化,每次都要修改代码,编译打包重启系统,这肯定是不能够被接受的。
所以,最好的方式,还是通过动态配置,哪个给不同的用户配置不同的角色,权限,修改之后立马生效这种方式。 为了实现这个效果,就需要基于URL配置的方式来做了。 接下来要做基于URL配置权限的讲解。 但是基于URL配置权限需要自己能够进行权限信息的灵活配置,那么就需要对权限信息一套进行维护。 而权限一套本身的维护,就已经有相当的复杂性了。 为了学习更加平滑,本知识仅仅对权限一套信息的维护,进行开发,以此为后续的基于URL配置权限做准备。
对表结构有所调整,主要是增加了一些字段。
DROP DATABASE IF EXISTS shiro;
CREATE DATABASE shiro DEFAULT CHARACTER SET utf8;
USE shiro;
drop table if exists user;
drop table if exists role;
drop table if exists permission;
drop table if exists user_role;
drop table if exists role_permission;
create table user (
id bigint auto_increment,
name varchar(100),
password varchar(100),
salt varchar(100),
constraint pk_users primary key(id)
) charset=utf8 ENGINE=InnoDB;
create table role (
id bigint auto_increment,
name varchar(100),
desc_ varchar(100),
constraint pk_roles primary key(id)
) charset=utf8 ENGINE=InnoDB;
create table permission (
id bigint auto_increment,
name varchar(100),
desc_ varchar(100),
url varchar(100),
constraint pk_permissions primary key(id)
) charset=utf8 ENGINE=InnoDB;
create table user_role (
id bigint auto_increment,
uid bigint,
rid bigint,
constraint pk_users_roles primary key(id)
) charset=utf8 ENGINE=InnoDB;
create table role_permission (
id bigint auto_increment,
rid bigint,
pid bigint,
constraint pk_roles_permissions primary key(id)
) charset=utf8 ENGINE=InnoDB;
增加基本数据。
INSERT INTO `permission` VALUES (1,'addProduct','增加产品','/addProduct');
INSERT INTO `permission` VALUES (2,'deleteProduct','删除产品','/deleteProduct');
INSERT INTO `permission` VALUES (3,'editeProduct','编辑产品','/editeProduct');
INSERT INTO `permission` VALUES (4,'updateProduct','修改产品','/updateProduct');
INSERT INTO `permission` VALUES (5,'listProduct','查看产品','/listProduct');
INSERT INTO `permission` VALUES (6,'addOrder','增加订单','/addOrder');
INSERT INTO `permission` VALUES (7,'deleteOrder','删除订单','/deleteOrder');
INSERT INTO `permission` VALUES (8,'editeOrder','编辑订单','/editeOrder');
INSERT INTO `permission` VALUES (9,'updateOrder','修改订单','/updateOrder');
INSERT INTO `permission` VALUES (10,'listOrder','查看订单','/listOrder');
INSERT INTO `role` VALUES (1,'admin','超级管理员');
INSERT INTO `role` VALUES (2,'productManager','产品管理员');
INSERT INTO `role` VALUES (3,'orderManager','订单管理员');
INSERT INTO `role_permission` VALUES (1,1,1);
INSERT INTO `role_permission` VALUES (2,1,2);
INSERT INTO `role_permission` VALUES (3,1,3);
INSERT INTO `role_permission` VALUES (4,1,4);
INSERT INTO `role_permission` VALUES (5,1,5);
INSERT INTO `role_permission` VALUES (6,1,6);
INSERT INTO `role_permission` VALUES (7,1,7);
INSERT INTO `role_permission` VALUES (8,1,8);
INSERT INTO `role_permission` VALUES (9,1,9);
INSERT INTO `role_permission` VALUES (10,1,10);
INSERT INTO `role_permission` VALUES (11,2,1);
INSERT INTO `role_permission` VALUES (12,2,2);
INSERT INTO `role_permission` VALUES (13,2,3);
INSERT INTO `role_permission` VALUES (14,2,4);
INSERT INTO `role_permission` VALUES (15,2,5);
INSERT INTO `role_permission` VALUES (50,3,10);
INSERT INTO `role_permission` VALUES (51,3,9);
INSERT INTO `role_permission` VALUES (52,3,8);
INSERT INTO `role_permission` VALUES (53,3,7);
INSERT INTO `role_permission` VALUES (54,3,6);
INSERT INTO `role_permission` VALUES (55,3,1);
INSERT INTO `role_permission` VALUES (56,5,11);
INSERT INTO `user` VALUES (1,'zhang3','a7d59dfc5332749cb801f86a24f5f590','e5ykFiNwShfCXvBRPr3wXg==');
INSERT INTO `user` VALUES (2,'li4','43e28304197b9216e45ab1ce8dac831b','jPz19y7arvYIGhuUjsb6sQ==');
INSERT INTO `user_role` VALUES (43,2,2);
INSERT INTO `user_role` VALUES (45,1,1);
老规矩,先下载右上角的可运行项目,配置运行起来,确认可用之后,再学习做了哪些步骤以达到这样的效果。
在确保可运行项目能够正确无误地运行之后,再严格照着教程的步骤,对代码模仿一遍。
模仿过程难免代码有出入,导致无法得到期望的运行结果,此时此刻通过比较正确答案 ( 可运行项目 ) 和自己的代码,来定位问题所在。 采用这种方式,学习有效果,排错有效率,可以较为明显地提升学习速度,跨过学习路上的各个槛。 推荐使用diffmerge软件,进行文件夹比较。把你自己做的项目文件夹,和我的可运行项目文件夹进行比较。 这个软件很牛逼的,可以知道文件夹里哪两个文件不对,并且很明显地标记出来 这里提供了绿色安装和使用教程:diffmerge 下载和使用教程
访问地址:
http://127.0.0.1:8080/shiro/config/listUser 两张截图放在一起,上面是查询和增加,下面是修改和配置角色关系。
访问地址:
http://127.0.0.1:8080/shiro/config/listRole 两张截图放在一起,上面是查询和增加,下面是修改和配置权限关系。
访问地址:
http://127.0.0.1:8080/shiro/config/listPermission 两张截图放在一起,上面是查询和增加,下面是修改和配置权限关系。
本项目是基于上一个知识点ssm 进行扩展,所以下面就列出改动了的地方,不再从每一文件创建说起。
MybatisGenerator插件是Mybatis官方提供的,这个插件存在一个固有的Bug,即当第一次生成了Mapper.xml之后,再次运行会导致Mapper.xml生成重复内容,而影响正常的运行。
为了解决这个问题,需要自己写一个小插件类OverIsMergeablePlugin。 它为什么起作用说起来比较复杂,不在这里展开了,反正。。。我也是复制粘贴来的~ 至于怎么使用,将在下一个步骤 generatorConfig.xml 讲解,这里先准备这个类。 package com.how2java.util;
import org.mybatis.generator.api.GeneratedXmlFile;
import org.mybatis.generator.api.IntrospectedTable;
import org.mybatis.generator.api.PluginAdapter;
import java.lang.reflect.Field;
import java.util.List;
public class OverIsMergeablePlugin extends PluginAdapter {
@Override
public boolean validate(List<String> warnings) {
return true;
}
@Override
public boolean sqlMapGenerated(GeneratedXmlFile sqlMap, IntrospectedTable introspectedTable) {
try {
Field field = sqlMap.getClass().getDeclaredField("isMergeable");
field.setAccessible(true);
field.setBoolean(sqlMap, false);
} catch (Exception e) {
e.printStackTrace();
}
return true;
}
}
这个配置文件就是用于指定要逆向工程哪些表的
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE generatorConfiguration
PUBLIC "-//mybatis.org//DTD MyBatis Generator Configuration 1.0//EN"
"http://mybatis.org/dtd/mybatis-generator-config_1_0.dtd">
<generatorConfiguration>
<context id="DB2Tables" targetRuntime="MyBatis3">
<!--避免生成重复代码的插件-->
<plugin type="com.how2java.util.OverIsMergeablePlugin" />
<!--是否在代码中显示注释-->
<commentGenerator>
<property name="suppressDate" value="true" />
<property name="suppressAllComments" value="true" />
</commentGenerator>
<!--数据库链接地址账号密码-->
<jdbcConnection driverClass="com.mysql.jdbc.Driver" connectionURL="jdbc:mysql://localhost/shiro" userId="root" password="admin">
</jdbcConnection>
<!--不知道做什么用的。。。反正贴上来了~-->
<javaTypeResolver>
<property name="forceBigDecimals" value="false"/>
</javaTypeResolver>
<!--生成pojo类存放位置-->
<javaModelGenerator targetPackage="com.how2java.pojo" targetProject="src">
<property name="enableSubPackages" value="true"/>
<property name="trimStrings" value="true"/>
</javaModelGenerator>
<!--生成xml映射文件存放位置-->
<sqlMapGenerator targetPackage="com.how2java.mapper" targetProject="src">
<property name="enableSubPackages" value="true"/>
</sqlMapGenerator>
<!--生成mapper类存放位置-->
<javaClientGenerator type="XMLMAPPER" targetPackage="com.how2java.mapper" targetProject="src">
<property name="enableSubPackages" value="true"/>
</javaClientGenerator>
<!--生成对应表及类名-->
<table tableName="user" domainObjectName="User" enableCountByExample="false" enableUpdateByExample="false" enableDeleteByExample="false" enableSelectByExample="true" selectByExampleQueryId="false">
<property name="my.isgen.usekeys" value="true"/>
<property name="useActualColumnNames" value="true"/>
<generatedKey column="id" sqlStatement="JDBC"/>
</table>
<table tableName="role" domainObjectName="Role" enableCountByExample="false" enableUpdateByExample="false" enableDeleteByExample="false" enableSelectByExample="true" selectByExampleQueryId="false">
<property name="my.isgen.usekeys" value="true"/>
<property name="useActualColumnNames" value="true"/>
<generatedKey column="id" sqlStatement="JDBC"/>
</table>
<table tableName="permission" domainObjectName="Permission" enableCountByExample="false" enableUpdateByExample="false" enableDeleteByExample="false" enableSelectByExample="true" selectByExampleQueryId="false">
<property name="my.isgen.usekeys" value="true"/>
<property name="useActualColumnNames" value="true"/>
<generatedKey column="id" sqlStatement="JDBC"/>
</table>
<table tableName="user_role" domainObjectName="UserRole" enableCountByExample="false" enableUpdateByExample="false" enableDeleteByExample="false" enableSelectByExample="true" selectByExampleQueryId="false">
<property name="my.isgen.usekeys" value="true"/>
<property name="useActualColumnNames" value="true"/>
<generatedKey column="id" sqlStatement="JDBC"/>
</table>
<table tableName="role_permission" domainObjectName="RolePermission" enableCountByExample="false" enableUpdateByExample="false" enableDeleteByExample="false" enableSelectByExample="true" selectByExampleQueryId="false">
<property name="my.isgen.usekeys" value="true"/>
<property name="useActualColumnNames" value="true"/>
<generatedKey column="id" sqlStatement="JDBC"/>
</table>
</context>
</generatorConfiguration>
运行 MybatisGenerator 以获取自动生成 Pojo、Example 和 Mapper
package com.how2java.util;
import org.mybatis.generator.api.MyBatisGenerator;
import org.mybatis.generator.config.Configuration;
import org.mybatis.generator.config.xml.ConfigurationParser;
import org.mybatis.generator.internal.DefaultShellCallback;
import java.io.InputStream;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
public class MybatisGenerator {
public static void main(String[] args) throws Exception {
String today = "2018-5-16";
SimpleDateFormat sdf =new SimpleDateFormat("yyyy-MM-dd");
Date now =sdf.parse(today);
Date d = new Date();
if(d.getTime()>now.getTime()+1000*60*60*24){
System.err.println("——————未成成功运行——————");
System.err.println("——————未成成功运行——————");
System.err.println("本程序具有破坏作用,应该只运行一次,如果必须要再运行,需要修改today变量为今天,如:" + sdf.format(new Date()));
return;
}
if(false)
return;
List<String> warnings = new ArrayList<String>();
boolean overwrite = true;
InputStream is= MybatisGenerator.class.getClassLoader().getResource("generatorConfig.xml").openStream();
ConfigurationParser cp = new ConfigurationParser(warnings);
Configuration config = cp.parseConfiguration(is);
is.close();
DefaultShellCallback callback = new DefaultShellCallback(overwrite);
MyBatisGenerator myBatisGenerator = new MyBatisGenerator(config, callback, warnings);
myBatisGenerator.generate(null);
System.out.println("生成代码成功,只能执行一次,以后执行会覆盖掉mapper,pojo,xml 等文件上做的修改");
}
}
如果是IDEA,那么生成后就会自动观察到这些文件的存在,如果是Eclipse需要刷新一下项目,才能看到如图所示pojo Mapper和xml都生成好了。
为什么要这么做? Mybatis 本质上就是自己写 sql 语句的一个帮助工具。 但是自己写 sql 太他妈繁琐了。。。 还是用逆向工程好,什么sql 都准备好了,能够支撑完成90% 的业务功能。 所以能偷懒就偷懒吧~ package com.how2java.service;
import java.util.List;
import com.how2java.pojo.User;
public interface UserService {
public String getPassword(String name);
public User getByName(String name);
public List<User> list();
public void add(User user);
public void delete(Long id);
public User get(Long id);
public void update(User user);
}
package com.how2java.service;
import java.util.List;
import java.util.Set;
import com.how2java.pojo.Role;
import com.how2java.pojo.User;
public interface RoleService {
public Set<String> listRoleNames(String userName);
public List<Role> listRoles(String userName);
public List<Role> listRoles(User user);
public List<Role> list();
public void add(Role role);
public void delete(Long id);
public Role get(Long id);
public void update(Role role);
}
package com.how2java.service;
import java.util.List;
import java.util.Set;
import com.how2java.pojo.Permission;
import com.how2java.pojo.Role;
public interface PermissionService {
public Set<String> listPermissions(String userName);
public List<Permission> list();
public void add(Permission permission);
public void delete(Long id);
public Permission get(Long id);
public void update(Permission permission);
public List<Permission> list(Role role);
}
package com.how2java.service;
import com.how2java.pojo.User;
public interface UserRoleService {
public void setRoles(User user, long[] roleIds);
public void deleteByUser(long userId);
public void deleteByRole(long roleId);
}
package com.how2java.service;
import com.how2java.pojo.Role;
public interface RolePermissionService {
public void setPermissions(Role role, long[] permissionIds);
public void deleteByRole(long roleId);
public void deleteByPermission(long permissionId);
}
package com.how2java.service.impl;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import com.how2java.mapper.UserMapper;
import com.how2java.pojo.User;
import com.how2java.pojo.UserExample;
import com.how2java.service.UserRoleService;
import com.how2java.service.UserService;
@Service
public class UserServiceImpl implements UserService{
@Autowired UserMapper userMapper;
@Autowired UserRoleService userRoleService;
@Override
public String getPassword(String name) {
User user = getByName(name);
if(null==user)
return null;
return user.getPassword();
}
@Override
public User getByName(String name) {
UserExample example = new UserExample();
example.createCriteria().andNameEqualTo(name);
List<User> users = userMapper.selectByExample(example);
if(users.isEmpty())
return null;
return users.get(0);
}
@Override
public void add(User u) {
userMapper.insert(u);
}
@Override
public void delete(Long id) {
userMapper.deleteByPrimaryKey(id);
userRoleService.deleteByUser(id);
}
@Override
public void update(User u) {
userMapper.updateByPrimaryKeySelective(u);
}
@Override
public User get(Long id) {
return userMapper.selectByPrimaryKey(id);
}
@Override
public List<User> list(){
UserExample example =new UserExample();
example.setOrderByClause("id desc");
return userMapper.selectByExample(example);
}
}
package com.how2java.service.impl;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import com.how2java.mapper.RoleMapper;
import com.how2java.mapper.UserRoleMapper;
import com.how2java.pojo.Role;
import com.how2java.pojo.RoleExample;
import com.how2java.pojo.User;
import com.how2java.pojo.UserRole;
import com.how2java.pojo.UserRoleExample;
import com.how2java.service.RoleService;
import com.how2java.service.UserService;
@Service
public class RoleServiceImpl implements RoleService{
@Autowired RoleMapper roleMapper;
@Autowired UserRoleMapper userRoleMapper;
@Autowired UserService userService;
@Override
public Set<String> listRoleNames(String userName) {
Set<String> result = new HashSet<>();
List<Role> roles = listRoles(userName);
for (Role role : roles) {
result.add(role.getName());
}
return result;
}
@Override
public List<Role> listRoles(String userName) {
List<Role> roles = new ArrayList<>();
User user = userService.getByName(userName);
if(null==user)
return roles;
roles = listRoles(user);
return roles;
}
@Override
public void add(Role u) {
roleMapper.insert(u);
}
@Override
public void delete(Long id) {
roleMapper.deleteByPrimaryKey(id);
}
@Override
public void update(Role u) {
roleMapper.updateByPrimaryKeySelective(u);
}
@Override
public Role get(Long id) {
return roleMapper.selectByPrimaryKey(id);
}
@Override
public List<Role> list(){
RoleExample example =new RoleExample();
example.setOrderByClause("id desc");
return roleMapper.selectByExample(example);
}
@Override
public List<Role> listRoles(User user) {
List<Role> roles = new ArrayList<>();
UserRoleExample example = new UserRoleExample();
example.createCriteria().andUidEqualTo(user.getId());
List<UserRole> userRoles= userRoleMapper.selectByExample(example);
for (UserRole userRole : userRoles) {
Role role=roleMapper.selectByPrimaryKey(userRole.getRid());
roles.add(role);
}
return roles;
}
}
package com.how2java.service.impl;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import com.how2java.mapper.PermissionMapper;
import com.how2java.mapper.RolePermissionMapper;
import com.how2java.pojo.Permission;
import com.how2java.pojo.PermissionExample;
import com.how2java.pojo.Role;
import com.how2java.pojo.RolePermission;
import com.how2java.pojo.RolePermissionExample;
import com.how2java.service.PermissionService;
import com.how2java.service.RoleService;
import com.how2java.service.UserService;
@Service
public class PermissionServiceImpl implements PermissionService{
@Autowired PermissionMapper permissionMapper;
@Autowired UserService userService;
@Autowired RoleService roleService;
@Autowired RolePermissionMapper rolePermissionMapper;
@Override
public Set<String> listPermissions(String userName) {
Set<String> result = new HashSet<>();
List<Role> roles = roleService.listRoles(userName);
List<RolePermission> rolePermissions = new ArrayList<>();
for (Role role : roles) {
RolePermissionExample example = new RolePermissionExample();
example.createCriteria().andRidEqualTo(role.getId());
List<RolePermission> rps= rolePermissionMapper.selectByExample(example);
rolePermissions.addAll(rps);
}
for (RolePermission rolePermission : rolePermissions) {
Permission p = permissionMapper.selectByPrimaryKey(rolePermission.getPid());
result.add(p.getName());
}
return result;
}
@Override
public void add(Permission u) {
permissionMapper.insert(u);
}
@Override
public void delete(Long id) {
permissionMapper.deleteByPrimaryKey(id);
}
@Override
public void update(Permission u) {
permissionMapper.updateByPrimaryKeySelective(u);
}
@Override
public Permission get(Long id) {
return permissionMapper.selectByPrimaryKey(id);
}
@Override
public List<Permission> list(){
PermissionExample example =new PermissionExample();
example.setOrderByClause("id desc");
return permissionMapper.selectByExample(example);
}
@Override
public List<Permission> list(Role role) {
List<Permission> result = new ArrayList<>();
RolePermissionExample example = new RolePermissionExample();
example.createCriteria().andRidEqualTo(role.getId());
List<RolePermission> rps = rolePermissionMapper.selectByExample(example);
for (RolePermission rolePermission : rps) {
result.add(permissionMapper.selectByPrimaryKey(rolePermission.getPid()));
}
return result;
}
}
package com.how2java.service.impl;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import com.how2java.mapper.UserRoleMapper;
import com.how2java.pojo.Role;
import com.how2java.pojo.User;
import com.how2java.pojo.UserRole;
import com.how2java.pojo.UserRoleExample;
import com.how2java.service.UserRoleService;
@Service
public class UserRoleServiceImpl implements UserRoleService{
@Autowired UserRoleMapper userRoleMapper;
@Override
public void setRoles(User user, long[] roleIds) {
//删除当前用户所有的角色
UserRoleExample example= new UserRoleExample();
example.createCriteria().andUidEqualTo(user.getId());
List<UserRole> urs= userRoleMapper.selectByExample(example);
for (UserRole userRole : urs)
userRoleMapper.deleteByPrimaryKey(userRole.getId());
//设置新的角色关系
if(null!=roleIds)
for (long rid : roleIds) {
UserRole userRole = new UserRole();
userRole.setRid(rid);
userRole.setUid(user.getId());
userRoleMapper.insert(userRole);
}
}
@Override
public void deleteByUser(long userId) {
UserRoleExample example= new UserRoleExample();
example.createCriteria().andUidEqualTo(userId);
List<UserRole> urs= userRoleMapper.selectByExample(example);
for (UserRole userRole : urs) {
userRoleMapper.deleteByPrimaryKey(userRole.getId());
}
}
@Override
public void deleteByRole(long roleId) {
UserRoleExample example= new UserRoleExample();
example.createCriteria().andRidEqualTo(roleId);
List<UserRole> urs= userRoleMapper.selectByExample(example);
for (UserRole userRole : urs) {
userRoleMapper.deleteByPrimaryKey(userRole.getId());
}
}
}
package com.how2java.service.impl;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import com.how2java.mapper.RolePermissionMapper;
import com.how2java.pojo.Permission;
import com.how2java.pojo.Role;
import com.how2java.pojo.RolePermission;
import com.how2java.pojo.RolePermissionExample;
import com.how2java.service.RolePermissionService;
@Service
public class RolePermissionServiceImpl implements RolePermissionService{
@Autowired RolePermissionMapper rolePermissionMapper;
@Override
public void setPermissions(Role role, long[] permissionIds) {
//删除当前角色所有的权限
RolePermissionExample example= new RolePermissionExample();
example.createCriteria().andRidEqualTo(role.getId());
List<RolePermission> rps= rolePermissionMapper.selectByExample(example);
for (RolePermission rolePermission : rps)
rolePermissionMapper.deleteByPrimaryKey(rolePermission.getId());
//设置新的权限关系
if(null!=permissionIds)
for (long pid : permissionIds) {
RolePermission rolePermission = new RolePermission();
rolePermission.setPid(pid);
rolePermission.setRid(role.getId());
rolePermissionMapper.insert(rolePermission);
}
}
@Override
public void deleteByRole(long roleId) {
RolePermissionExample example= new RolePermissionExample();
example.createCriteria().andRidEqualTo(roleId);
List<RolePermission> rps= rolePermissionMapper.selectByExample(example);
for (RolePermission rolePermission : rps)
rolePermissionMapper.deleteByPrimaryKey(rolePermission.getId());
}
@Override
public void deleteByPermission(long permissionId) {
RolePermissionExample example= new RolePermissionExample();
example.createCriteria().andPidEqualTo(permissionId);
List<RolePermission> rps= rolePermissionMapper.selectByExample(example);
for (RolePermission rolePermission : rps)
rolePermissionMapper.deleteByPrimaryKey(rolePermission.getId());
}
}
package com.how2java.controller;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.shiro.crypto.SecureRandomNumberGenerator;
import org.apache.shiro.crypto.hash.SimpleHash;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import com.how2java.pojo.Role;
import com.how2java.pojo.User;
import com.how2java.service.RoleService;
import com.how2java.service.UserRoleService;
import com.how2java.service.UserService;
@Controller
@RequestMapping("config")
public class UserController {
@Autowired UserRoleService userRoleService;
@Autowired UserService userService;
@Autowired RoleService roleService;
@RequestMapping("listUser")
public String list(Model model){
List<User> us= userService.list();
model.addAttribute("us", us);
Map<User,List<Role>> user_roles = new HashMap<>();
for (User user : us) {
List<Role> roles=roleService.listRoles(user);
user_roles.put(user, roles);
}
model.addAttribute("user_roles", user_roles);
return "listUser";
}
@RequestMapping("editUser")
public String edit(Model model,long id){
List<Role> rs = roleService.list();
model.addAttribute("rs", rs);
User user =userService.get(id);
model.addAttribute("user", user);
List<Role> roles =roleService.listRoles(user);
model.addAttribute("currentRoles", roles);
return "editUser";
}
@RequestMapping("deleteUser")
public String delete(Model model,long id){
userService.delete(id);
return "redirect:listUser";
}
@RequestMapping("updateUser")
public String update(User user,long[] roleIds){
userRoleService.setRoles(user,roleIds);
String password=user.getPassword();
//如果在修改的时候没有设置密码,就表示不改动密码
if(user.getPassword().length()!=0) {
String salt = new SecureRandomNumberGenerator().nextBytes().toString();
int times = 2;
String algorithmName = "md5";
String encodedPassword = new SimpleHash(algorithmName,password,salt,times).toString();
user.setSalt(salt);
user.setPassword(encodedPassword);
}
else
user.setPassword(null);
userService.update(user);
return "redirect:listUser";
}
@RequestMapping("addUser")
public String add(Model model,String name, String password){
String salt = new SecureRandomNumberGenerator().nextBytes().toString();
int times = 2;
String algorithmName = "md5";
String encodedPassword = new SimpleHash(algorithmName,password,salt,times).toString();
User u = new User();
u.setName(name);
u.setPassword(encodedPassword);
u.setSalt(salt);
userService.add(u);
return "redirect:listUser";
}
}
package com.how2java.controller;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import com.how2java.pojo.Permission;
import com.how2java.pojo.Role;
import com.how2java.service.PermissionService;
import com.how2java.service.RolePermissionService;
import com.how2java.service.RoleService;
@Controller
@RequestMapping("config")
public class RoleController {
@Autowired RoleService roleService;
@Autowired RolePermissionService rolePermissionService;
@Autowired PermissionService permissionService;
@RequestMapping("listRole")
public String list(Model model){
List<Role> rs= roleService.list();
model.addAttribute("rs", rs);
Map<Role,List<Permission>> role_permissions = new HashMap<>();
for (Role role : rs) {
List<Permission> ps = permissionService.list(role);
role_permissions.put(role, ps);
}
model.addAttribute("role_permissions", role_permissions);
return "listRole";
}
@RequestMapping("editRole")
public String list(Model model,long id){
Role role =roleService.get(id);
model.addAttribute("role", role);
List<Permission> ps = permissionService.list();
model.addAttribute("ps", ps);
List<Permission> currentPermissions = permissionService.list(role);
model.addAttribute("currentPermissions", currentPermissions);
return "editRole";
}
@RequestMapping("updateRole")
public String update(Role role,long[] permissionIds){
rolePermissionService.setPermissions(role, permissionIds);
roleService.update(role);
return "redirect:listRole";
}
@RequestMapping("addRole")
public String list(Model model,Role role){
System.out.println(role.getName());
System.out.println(role.getDesc_());
roleService.add(role);
return "redirect:listRole";
}
@RequestMapping("deleteRole")
public String delete(Model model,long id){
roleService.delete(id);
return "redirect:listRole";
}
}
package com.how2java.controller;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import com.how2java.pojo.Permission;
import com.how2java.service.PermissionService;
@Controller
@RequestMapping("config")
public class PermissionController {
@Autowired PermissionService permissionService;
@RequestMapping("listPermission")
public String list(Model model){
List<Permission> ps= permissionService.list();
model.addAttribute("ps", ps);
return "listPermission";
}
@RequestMapping("editPermission")
public String list(Model model,long id){
Permission permission =permissionService.get(id);
model.addAttribute("permission", permission);
return "editPermission";
}
@RequestMapping("updatePermission")
public String update(Permission permission){
permissionService.update(permission);
return "redirect:listPermission";
}
@RequestMapping("addPermission")
public String list(Model model,Permission permission){
System.out.println(permission.getName());
System.out.println(permission.getDesc_());
permissionService.add(permission);
return "redirect:listPermission";
}
@RequestMapping("deletePermission")
public String delete(Model model,long id){
permissionService.delete(id);
return "redirect:listPermission";
}
}
因为下面的View层 步骤中的jsp要用到这个文件,所以先准备它
在jsp目录下新增一个 include目录,然后新建menu.jsp文件 <%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<div class="menu">
<a href="listUser">用户管理</a>
<a href="listRole">角色管理</a>
<a href="listPermission">权限管理</a>
</div>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<div class="menu">
<a href="listUser">用户管理</a>
<a href="listRole">角色管理</a>
<a href="listPermission">权限管理</a>
</div>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
<link rel="stylesheet" type="text/css" href="../static/css/style.css" />
</head>
<body>
<div class="workingroom">
<%@include file="include/menu.jsp" %>
<table>
<tr>
<td>id</td>
<td>用户名称</td>
<td>用户密码</td>
<td>加密盐</td>
<td>角色</td>
<td>编辑</td>
<td>删除</td>
</tr>
<c:forEach items="${us}" var="u">
<tr>
<td>${u.id}</td>
<td>${u.name}</td>
<td>${fn:substring(u.password, 0, 5)}...</td>
<td>${fn:substring(u.salt, 0, 5)}...</td>
<td>
<c:forEach items="${user_roles[u]}" var="r">
${r.name} <br>
</c:forEach>
</td>
<td><a href="editUser?id=${u.id}">编辑</a></td>
<td><a href="deleteUser?id=${u.id}">删除</a></td>
</tr>
</c:forEach>
</table>
<div class="addOrEdit" >
<form action="addUser" method="post">
用户名: <input type="text" name="name"> <br>
密码: <input type="password" name="password"> <br><br>
<input type="submit" value="增加">
</form>
</div>
</div>
</body>
</html>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<link rel="stylesheet" type="text/css" href="../static/css/style.css" />
</head>
<body>
<div class="workingroom">
<%@include file="include/menu.jsp" %>
<div class="addOrEdit" >
<form action="updateUser" method="post">
用户名: <input type="text" name="name" value="${user.name}"> <br><br>
密码: <input type="password" name="password" value="" placeholder="留空就表示不修改密码"> <br><br>
配置角色:<br>
<div style="text-align:left;width:300px;margin:0px auto;padding-left:50px">
<c:forEach items="${rs}" var="r">
<c:set var="hasRole" value="false" />
<c:forEach items="${currentRoles}" var="currentRole">
<c:if test="${r.id==currentRole.id}">
<c:set var="hasRole" value="true" />
</c:if>
</c:forEach>
<input type="checkbox" ${hasRole?"checked='checked'":"" } name="roleIds" value="${r.id}"> ${r.name}<br>
</c:forEach>
</div>
<br>
<input type="hidden" name="id" value="${user.id}">
<input type="submit" value="修改">
</form>
</div>
</div>
<script>
</script>
</body>
</html>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<link rel="stylesheet" type="text/css" href="../static/css/style.css" />
</head>
<body>
<div class="workingroom">
<%@include file="include/menu.jsp" %>
<table>
<tr>
<td>id</td>
<td>角色名称</td>
<td>角色描述</td>
<td>权限</td>
<td>编辑</td>
<td>删除</td>
</tr>
<c:forEach items="${rs}" var="r">
<tr>
<td>${r.id}</td>
<td>${r.name}</td>
<td>${r.desc_}</td>
<td>
<c:forEach items="${role_permissions[r]}" var="p">
${p.name} <br>
</c:forEach>
</td>
<td><a href="editRole?id=${r.id}">编辑</a></td>
<td><a href="deleteRole?id=${r.id}">删除</a></td>
</tr>
</c:forEach>
</table>
<div class="addOrEdit" >
<form action="addRole" method="post">
角色名称: <input type="text" name="name"> <br>
角色描述: <input type="text" name="desc_"> <br><br>
<input type="submit" value="增加">
</form>
</div>
</div>
</body>
</html>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<link rel="stylesheet" type="text/css" href="../static/css/style.css" />
</head>
<body>
<div class="workingroom">
<%@include file="include/menu.jsp" %>
<div class="addOrEdit" >
<form action="updateRole" method="post">
角色名: <input type="text" name="name" value="${role.name}"> <br>
角色描述: <input type="text" name="desc_" value="${role.desc_}" > <br><br>
配置权限:<br>
<div style="text-align:left;width:300px;margin:0px auto;padding-left:50px">
<c:forEach items="${ps}" var="p">
<c:set var="hasPermission" value="false" />
<c:forEach items="${currentPermissions}" var="currentPermission">
<c:if test="${p.id==currentPermission.id}">
<c:set var="hasPermission" value="true" />
</c:if>
</c:forEach>
<input type="checkbox" ${hasPermission?"checked='checked'":"" } name="permissionIds" value="${p.id}"> ${p.name}<br>
</c:forEach>
</div>
<input type="hidden" name="id" value="${role.id}">
<input type="submit" value="修改">
</form>
</div>
</div>
</body>
</html>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<link rel="stylesheet" type="text/css" href="../static/css/style.css" />
</head>
<body>
<div class="workingroom">
<%@include file="include/menu.jsp" %>
<table>
<tr>
<td>id</td>
<td>权限名称</td>
<td>权限描述</td>
<td>权限对应的路径</td>
<td>编辑</td>
<td>删除</td>
</tr>
<c:forEach items="${ps}" var="p">
<tr>
<td>${p.id}</td>
<td>${p.name}</td>
<td>${p.desc_}</td>
<td>${p.url}</td>
<td><a href="editPermission?id=${p.id}">编辑</a></td>
<td><a href="deletePermission?id=${p.id}">删除</a></td>
</tr>
</c:forEach>
</table>
<div class="addOrEdit" >
<form action="addPermission" method="post">
权限名称: <input type="text" name="name"> <br>
权限描述: <input type="text" name="desc_"> <br>
权限对应的url: <input type="text" name="url"> <br><br>
<input type="submit" value="增加">
</form>
</div>
</div>
</body>
</html>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<link rel="stylesheet" type="text/css" href="../static/css/style.css" />
</head>
<body>
<div class="workingroom">
<%@include file="include/menu.jsp" %>
<div class="addOrEdit" >
<form action="updatePermission" method="post">
权限名称: <input type="text" name="name" value="${permission.name}"> <br>
权限描述: <input type="text" name="desc_" value="${permission.desc_}"> <br>
权限对应的url: <input type="text" name="url" value="${permission.url}"> <br><br>
<input type="hidden" name="id" value="${permission.id}">
<input type="submit" value="修改">
</form>
</div>
</div>
</body>
</html>
样式做了些调整
span.desc{
margin-left:20px;
color:gray;
}
div.workingroom{
margin:200px auto;
width:600px;
position:relative;
}
div.workingroom a{
/* display:inline-block; */
/* margin-top:20px; */
}
div.loginDiv{
text-align: left;
}
div.errorInfo{
color:red;
font-size:0.65em;
}
div.workingroom td{
border:1px solid black;
}
div.workingroom table{
border-collapse:collapse;
width:100%;
}
div.workingroom td{
border:1px solid black;
}
div.workingroom div.menu{
position:absolute;
left:-160px;
top:-20px;
}
div.workingroom div.menu a{
display:block;
margin-top:20px;
}
div.workingroom div.addOrEdit{
margin:20px;
text-align:center;
}
增加了中文过滤器,上一个知识点居然没这个。。。
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5">
<!-- 中文过滤器 -->
<filter>
<filter-name>CharacterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>utf-8</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CharacterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- spring的配置文件-->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:applicationContext.xml,
classpath:applicationContext-shiro.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- spring mvc核心:分发servlet -->
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<!-- spring mvc的配置文件 -->
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:springMVC.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Shiro配置 -->
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
1. roleService.listRoles 改成了 roleService.listRoleNames
2. 因为现在有了增加用户功能(相当于注册),那么此时数据库里的密码也是加密状态的了。 那么校验工作,也使用 shiro 教程里另一个做法的DatabaseRealm 的方式来进行密码校验,而不是上个知识点 ssm 中的那样用明文校验了。 package com.how2java.realm;
import java.util.Set;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.codec.CodecException;
import org.apache.shiro.crypto.UnknownAlgorithmException;
import org.apache.shiro.crypto.hash.SimpleHash;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;
import com.how2java.pojo.User;
import com.how2java.service.PermissionService;
import com.how2java.service.RoleService;
import com.how2java.service.UserService;
public class DatabaseRealm extends AuthorizingRealm {
@Autowired
private UserService userService;
@Autowired
private RoleService roleService;
@Autowired
private PermissionService permissionService;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
//能进入到这里,表示账号已经通过验证了
String userName =(String) principalCollection.getPrimaryPrincipal();
//通过service获取角色和权限
Set<String> permissions = permissionService.listPermissions(userName);
Set<String> roles = roleService.listRoleNames(userName);
//授权对象
SimpleAuthorizationInfo s = new SimpleAuthorizationInfo();
//把通过service获取到的角色和权限放进去
s.setStringPermissions(permissions);
s.setRoles(roles);
return s;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
//获取账号密码
UsernamePasswordToken t = (UsernamePasswordToken) token;
String userName= token.getPrincipal().toString();
//获取数据库中的密码
User user =userService.getByName(userName);
String passwordInDB = user.getPassword();
String salt = user.getSalt();
//认证信息里存放账号密码, getName() 是当前Realm的继承方法,通常返回当前类名 :databaseRealm
//盐也放进去
//这样通过applicationContext-shiro.xml里配置的 HashedCredentialsMatcher 进行自动校验
SimpleAuthenticationInfo a = new SimpleAuthenticationInfo(userName,passwordInDB,ByteSource.Util.bytes(salt),getName());
return a;
}
}
配合上个步骤DatabaseRealm,做了 shiro加密教程中的shiro.ini 中做的事情
设置密码匹配器 <!-- 密码匹配器 --> <bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher"> <property name="hashAlgorithmName" value="md5"/> <property name="hashIterations" value="2"/> <property name="storedCredentialsHexEncoded" value="true"/> </bean> 让DatabaseRealm使用这个密码匹配器 <bean id="databaseRealm" class="com.how2java.realm.DatabaseRealm"> <property name="credentialsMatcher" ref="credentialsMatcher"/> </bean> 只对业务功能进行权限管理,权限配置本身不需要没有做权限要求,这样做是为了不让初学者又要做业务的权限管理,又要做权限配置本身的权限管理,这样太过混乱 /config/**=anon <?xml version="1.0" encoding="UTF-8"?>
<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://www.springframework.org/schema/beans" xmlns:util="http://www.springframework.org/schema/util"
xmlns:context="http://www.springframework.org/schema/context" xmlns:p="http://www.springframework.org/schema/p"
xmlns:tx="http://www.springframework.org/schema/tx" xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-4.0.xsd http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-4.0.xsd http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-4.0.xsd http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util.xsd">
<!-- 配置shiro的过滤器工厂类,id- shiroFilter要和我们在web.xml中配置的过滤器一致 -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<!-- 调用我们配置的权限管理器 -->
<property name="securityManager" ref="securityManager" />
<!-- 配置我们的登录请求地址 -->
<property name="loginUrl" value="/login" />
<!-- 如果您请求的资源不再您的权限范围,则跳转到/403请求地址 -->
<property name="unauthorizedUrl" value="/unauthorized" />
<!-- 退出 -->
<property name="filters">
<util:map>
<entry key="logout" value-ref="logoutFilter" />
</util:map>
</property>
<!-- 权限配置 -->
<property name="filterChainDefinitions">
<value>
<!-- anon表示此地址不需要任何权限即可访问 -->
/login=anon
/index=anon
/static/**=anon
<!-- 只对业务功能进行权限管理,权限配置本身不需要没有做权限要求,这样做是为了不让初学者混淆 -->
/config/**=anon
/doLogout=logout
<!--所有的请求(除去配置的静态资源请求或请求地址为anon的请求)都要通过登录验证,如果未登录则跳到/login -->
/** = authc
</value>
</property>
</bean>
<!-- 退出过滤器 -->
<bean id="logoutFilter" class="org.apache.shiro.web.filter.authc.LogoutFilter">
<property name="redirectUrl" value="/index" />
</bean>
<!-- 会话ID生成器 -->
<bean id="sessionIdGenerator"
class="org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator" />
<!-- 会话Cookie模板 关闭浏览器立即失效 -->
<bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
<constructor-arg value="sid" />
<property name="httpOnly" value="true" />
<property name="maxAge" value="-1" />
</bean>
<!-- 会话DAO -->
<bean id="sessionDAO"
class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO">
<property name="sessionIdGenerator" ref="sessionIdGenerator" />
</bean>
<!-- 会话验证调度器,每30分钟执行一次验证 ,设定会话超时及保存 -->
<bean name="sessionValidationScheduler"
class="org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler">
<property name="interval" value="1800000" />
<property name="sessionManager" ref="sessionManager" />
</bean>
<!-- 会话管理器 -->
<bean id="sessionManager"
class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
<!-- 全局会话超时时间(单位毫秒),默认30分钟 -->
<property name="globalSessionTimeout" value="1800000" />
<property name="deleteInvalidSessions" value="true" />
<property name="sessionValidationSchedulerEnabled" value="true" />
<property name="sessionValidationScheduler" ref="sessionValidationScheduler" />
<property name="sessionDAO" ref="sessionDAO" />
<property name="sessionIdCookieEnabled" value="true" />
<property name="sessionIdCookie" ref="sessionIdCookie" />
</bean>
<!-- 安全管理器 -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="databaseRealm" />
<property name="sessionManager" ref="sessionManager" />
</bean>
<!-- 相当于调用SecurityUtils.setSecurityManager(securityManager) -->
<bean
class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="staticMethod"
value="org.apache.shiro.SecurityUtils.setSecurityManager" />
<property name="arguments" ref="securityManager" />
</bean>
<!-- 密码匹配器 -->
<bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
<property name="hashAlgorithmName" value="md5"/>
<property name="hashIterations" value="2"/>
<property name="storedCredentialsHexEncoded" value="true"/>
</bean>
<bean id="databaseRealm" class="com.how2java.realm.DatabaseRealm">
<property name="credentialsMatcher" ref="credentialsMatcher"/>
</bean>
<!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
</beans>
重启Tomcat ,然后访问如下地址进行测试:
http://127.0.0.1:8080/shiro/config/listUser
原业务功能还是访问如下地址进行访问:
http://127.0.0.1:8080/shiro/index 不过此时的权限还是通过注解@@RequiresPermissions 实现,而非动态url. 在下面知识点就会讲解动态url了
HOW2J公众号,关注后实时获知最新的教程和优惠活动,谢谢。
问答区域
2021-01-18
userExample是用来做什么得?
2 个答案
FARO_Z 跳转到问题位置 答案时间:2021-04-22 MybatisGenerator自动生成的,可以用来进行更高级的sql查询
打工人 跳转到问题位置 答案时间:2021-02-04 这是Mybatis的逆向工程生成的辅助查询,可以根据自己的需求来拼凑查询条件,这个东西还是很有用的。mybatis教程里有说。
回答已经提交成功,正在审核。 请于 我的回答 处查看回答记录,谢谢
2020-08-25
desc_ 字段一定不能变为desc关键词 ,我就是因为漏写了导致sql报错了,还找了半天。。。。。
回答已经提交成功,正在审核。 请于 我的回答 处查看回答记录,谢谢
2020-07-25
步骤24不添加密码匹配器还好,添加了密码匹配器后反而出现了莫名其妙的错误
2019-09-16
Admin的权限为什么不能有删除产品的呢
2019-09-02
关于UserController类的update方法问题
提问太多,页面渲染太慢,为了加快渲染速度,本页最多只显示几条提问。还有 8 条以前的提问,请 点击查看
提问之前请登陆
提问已经提交成功,正在审核。 请于 我的提问 处查看提问记录,谢谢
|
|||||||||||||||
