- 整合mybatis
-
添加依赖
<dependency> <groupId>org.mybatis.spring.boot</groupId> <artifactId>mybatis-spring-boot-starter</artifactId> <version>1.1.1</version> </dependency> -
自动配置:Spring Boot通过org.mybatis.spring.boot.autoconfigure.MybatisAutoConfiguration来实现对Mybatis的自动配置,可通过application.properties文件中前缀为mybatis的属性设置mybatis的信息。其自动配置的信息如下
- SqlSessionFactory对象
- SqlSessionTemplate对象
-
在配置类添加@MapperScan注解来开启对Mybatis的Mapper代理的扫描或者在代理类添加@Mapper注解
@SpringBootApplication @MapperScan(basePackages="com.tlh.**.mapper") public class TlhApplication { public static void main(String[] args) { SpringApplication.run(TlhApplication.class, args); } } -
在application.properties文件中指定实体列名的包及mapper文件的路径
#mybatis mybatis.typeAliasesPackage=com.tlh.sys.entity mybatis.mapperLocations=classpath*:sqlmap/*Mapper.xml -
注意事项
- Mapper的映射文件必须放在src/main/resources目录下(原因为maven在进行编译之后不会将src/main/java下面的非java文件编译到target/classes目录下)
-
- 整合shiro
-
添加依赖
<dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring-boot-web-starter</artifactId> <version>1.4.0-RC2</version> </dependency> -
自动配置:Spring Boot通过org.apache.shiro.spring.config.web.autoconfigure包完成对shiro的自动配置,其自动配置的信息如下
- ShiroWebAutoConfiguration来自动配置SessionsSecurityManager、会话管理、记住我管理等核心对象,并且可以通过配置设置会话管理和记住我的cookie信息(具体属性名查看AbstractShiroWebConfiguration类)
- 说明
- 记住我:表示的是访问指定地址的资源是只要身份验证通过或RememberMe登录的都可以。
- 说明
- ShiroWebFilterConfiguration来自动配置ShiroFilterFactoryBean和FilterRegistrationBean对象
- ShiroWebAutoConfiguration来自动配置SessionsSecurityManager、会话管理、记住我管理等核心对象,并且可以通过配置设置会话管理和记住我的cookie信息(具体属性名查看AbstractShiroWebConfiguration类)
-
在application.properties文件中配置如下信息
shiro.web.enabled=true//可以设置,默认自动开启自动配置 shiro.annotations.enabled=true //认证界面 shiro.loginUrl=/login //认证成功的界面 shiro.successUrl=/home -
定义Realm对象和加密方式
-
定义类继承AuthorizingRealm抽象类处理用户认证和授权
-
在配置类中将自定义的Realm定义为bean
-
设置加密方式
@SpringBootApplication @MapperScan(basePackages="com.tlh.**.mapper") public class TlhApplication { public static void main(String[] args) { SpringApplication.run(TlhApplication.class, args); } @Bean Realm realm(){ CustomRealm customRealm=new CustomRealm(); customRealm.setCredentialsMatcher(new HashedCredentialsMatcher(Md5Hash.ALGORITHM_NAME)); return customRealm; } private class CustomRealm extends AuthorizingRealm{ //授权 @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { return null; } //认证 @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { return null; } } }
-
-
配置Shiro权限过滤过滤器定义:Shiro可以通过配置文件实现基于URL的授权验证。
@Bean ShiroFilterChainDefinition shiroFilterChainDefinition(){ DefaultShiroFilterChainDefinition shiroFilterChainDefinition=new DefaultShiroFilterChainDefinition(); shiroFilterChainDefinition.addPathDefinition("/login","authc"); return shiroFilterChainDefinition; }- FilterChain定义格式: URL_Ant_Path_Expression = Path_Specific_Filter_Chain
- 每个URL配置,表示匹配该URL的应用程序请求将由对应的过滤器进行验证。
- 内置的权限过滤器(别名都在DefaultFilter枚举中定义)
名称 实现类 说明 anon org.apache.shiro.web.filter.authc.AnonymousFilter 不需要进行安全认证即可访问资源 authc org.apache.shiro.web.filter.authc.FormAuthenticationFilter 需要进行认证才能访问资源 authcBasic org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter 需要进行认证才能访问资源 perms org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter 需要当前用户具有该权限才能访问 port org.apache.shiro.web.filter.authz.PortFilter 要求访问资源的端口必须为指定的端口 rest org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter 请求方法过滤 roles org.apache.shiro.web.filter.authz.RolesAuthorizationFilter 需要当前用户具有该角色才能访问 ssl org.apache.shiro.web.filter.authz.SslFilter SSL认证过滤 user org.apache.shiro.web.filter.authc.UserFilter 指定的用户可以访问(认证过并且记住我的)
- 内置的权限过滤器(别名都在DefaultFilter枚举中定义)
-
- thymeleaf整合shiro:https://github.com/theborakompanioni/thymeleaf-extras-shiro
-
添加依赖:thymeleaf-extras-shiro
<dependency> <groupId>com.github.theborakompanioni</groupId> <artifactId>thymeleaf-extras-shiro</artifactId> <version>2.0.0</version> </dependency>- 说明(不同版本的区别)
- 2.0.0:
- Thymeleaf version 3.0.2.RELEASE
- Shiro version 1.3.2
- 1.2.1:
- Thymeleaf version 2.1.4
- Shiro version 1.2.4
- 1.1.0:
- Thymeleaf version 2.1.0
- Shiro version 1.2.2
- 1.0.2:
- Thymeleaf version 2.0.18
- Shiro version 1.2.2
- 1.0.1:
- Thymeleaf version 2.0.15
- Shiro version 1.2.1
- 2.0.0:
- 说明(不同版本的区别)
-
在shiro的配置类中添加方言Bean
@Bean ShiroDialect shiroDialect(){ return new ShiroDialect(); } -
界面引入命名空间
<html xmlns:th="http://www.thymeleaf.org" xmlns:shiro="http://www.pollix.at/thymeleaf/shiro"> -
标签:(可以查看引入包中的Shiro-Dialect.xml文件)
-
guest tag
<p shiro:guest=""> Please <a href="login.html">Login</a> </p> -
user tag
<p shiro:user=""> Welcome back John! Not John? Click <a href="login.html">here<a> to login. </p> -
authenticated tag
<a shiro:authenticated="" href="updateAccount.html">Update your contact information</a> -
notAuthenticated tag
<p shiro:notAuthenticated=""> Please <a href="login.html">login</a> in order to update your credit card information. </p> -
principal tag
<p>Hello, <span shiro:principal=""></span>, how are you today?</p> 或者 <p>Hello, <shiro:principal/>, how are you today?</p> -
hasRole tag
<a shiro:hasRole="administrator" href="admin.html">Administer the system</a> -
lacksRole tag
<p shiro:lacksRole="administrator"> Sorry, you are not allowed to administer the system. </p> -
hasAllRoles tag
<p shiro:hasAllRoles="developer, project manager"> You are a developer and a project manager. </p> -
hasAnyRoles tag
<p shiro:hasAnyRoles="developer, project manager, administrator"> You are a developer, project manager, or administrator. </p> -
hasPermission tag
-
lacksPermission tag
<p shiro:lacksPermission="user:delete"> Sorry, you are not allowed to delete user accounts. </p> -
hasAllPermissions tag
<p shiro:hasAllPermissions="user:create, user:delete"> You can create and delete users. </p> -
hasAnyPermissions tag
<p shiro:hasAnyPermissions="user:create, user:delete"> You can create or delete users. </p>
-
-
tlhhup / springboot-tlh Goto Github PK
View Code? Open in Web Editor NEW将原有的tlh项目通过spring boot进行重构
License: Apache License 2.0
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent