第一部分 什么是Apache Shiro
1、什么是 apache shiro :
Apache Shiro是一个功能强大且易于使用的Java安全框架,提供了认证,授权,加密,和会话管理
如同 Spring security 一样都是是一个权限安全框架,但是与Spring Security相比,在于他使用了和比较简洁易懂的认证和授权方式。
2、Apache Shiro 的三大核心组件:
1、Subject :当前用户的操作
2、SecurityManager:用于管理所有的Subject
3、Realms:用于进行权限信息的验证
Subject:即当前用户,在权限管理的应用程序里往往需要知道谁能够操作什么,谁拥 有操作该程序的权利,shiro中则需要通过Subject来提供基础的当前用户信息,Subject 不仅仅代表某个用户,也可以是第三方进程、后台帐户(Daemon Account)或其他类似事物。
SecurityManager:即所有Subject的管理者,这是Shiro框架的核心组件,可以把他看做是一个Shiro框架的全局管理组件,用于调度各种Shiro框架的服务。
Realms:Realms则是用户的信息认证器和用户的权限人证器,我们需要自己来实现Realms来自定义的管理我们自己系统内部的权限规则。
3、Authentication 和 Authorization
在shiro的用户权限认证过程中其通过两个方法来实现:
1、Authentication:是验证用户身份的过程。
2、Authorization:是授权访问控制,用于对用户进行的操作进行人证授权,证明该用户是否允许进行当前操作,如访问某个链接,某个资源文件等。
4、其他组件:
除了以上几个组件外,Shiro还有几个其他组件:
1、SessionManager :Shiro为任何应用提供了一个会话编程范式。
2、CacheManager :对Shiro的其他组件提供缓存支持。
5、Shiro 完整架构图:
图片转自:http://kdboy.iteye.com/blog/1154644
第二部分 Apache Shiro 整合Spring的Web程序构建
1、准备工具:
持久层框架:Hibernate4 这边我使用了Hibernate来对数据持久层进行操作
控制显示层框架:SpringMVC 这边我使用了SpringMVC实际开发中也可以是其他框架
数据库:MySql
准备好所需要的jar放到项目中。
2、创建数据库:
首先需要四张表,分别为 user(用户)、role(角色)、permission(权限)、userRole(用户角色关系表)
这边分别创建四张表的实体类,通过Hiberante的hibernate.hbm2ddl.auto属性的update 来自动生成数据表结构。
用户表:
1 package com.ssh.entity; 2 3 import java.util.Date; 4 import java.util.List; 5 6 import javax.persistence.CascadeType; 7 import javax.persistence.Entity; 8 import javax.persistence.GeneratedValue; 9 import javax.persistence.GenerationType; 10 import javax.persistence.Id; 11 import javax.persistence.OneToMany; 12 import javax.persistence.Table; 13 14 @Table(name="t_user") 15 @Entity 16 public class User { 17 18 @Id 19 @GeneratedValue(strategy=GenerationType.AUTO) 20 Integer id; 21 22 String username; 23 String password; 24 Integer isDelete; 25 Date createDate; 26 @OneToMany(mappedBy="user",cascade=CascadeType.ALL) 27 List<UserRole> userRoles; 28 public Integer getId() { 29 return id; 30 } 31 public void setId(Integer id) { 32 this.id = id; 33 } 34 public String getUsername() { 35 return username; 36 } 37 public void setUsername(String username) { 38 this.username = username; 39 } 40 public String getPassword() { 41 return password; 42 } 43 public void setPassword(String password) { 44 this.password = password; 45 } 46 public Integer getIsDelete() { 47 return isDelete; 48 } 49 public void setIsDelete(Integer isDelete) { 50 this.isDelete = isDelete; 51 } 52 public Date getCreateDate() { 53 return createDate; 54 } 55 public void setCreateDate(Date createDate) { 56 this.createDate = createDate; 57 } 58 public List<UserRole> getUserRoles() { 59 return userRoles; 60 } 61 public void setUserRoles(List<UserRole> userRoles) { 62 this.userRoles = userRoles; 63 } 64 65 66 }
角色表:
1 package com.ssh.entity; 2 3 import javax.persistence.Entity; 4 import javax.persistence.GeneratedValue; 5 import javax.persistence.GenerationType; 6 import javax.persistence.Id; 7 import javax.persistence.Table; 8 9 @Entity 10 @Table(name = "t_role") 11 public class Role { 12 13 @Id 14 @GeneratedValue(strategy = GenerationType.AUTO) 15 Integer id; 16 String name; 17 String description; 18 public Integer getId() { 19 return id; 20 } 21 public void setId(Integer id) { 22 this.id = id; 23 } 24 public String getName() { 25 return name; 26 } 27 public void setName(String name) { 28 this.name = name; 29 } 30 public String getDescription() { 31 return description; 32 } 33 public void setDescription(String description) { 34 this.description = description; 35 } 36 37 }
权限表:
1 package com.ssh.entity; 2 3 import javax.persistence.Entity; 4 import javax.persistence.GeneratedValue; 5 import javax.persistence.GenerationType; 6 import javax.persistence.Id; 7 import javax.persistence.Table; 8 9 @Entity 10 @Table(name = "t_permission") 11 public class Permission { 12 13 @Id 14 @GeneratedValue(strategy = GenerationType.AUTO) 15 Integer id; 16 /** token **/ 17 String token; 18 /** 资源url **/ 19 String url; 20 /** 权限说明 **/ 21 String description; 22 /** 所属角色编号 **/ 23 Integer roleId; 24 public Integer getId() { 25 return id; 26 } 27 public void setId(Integer id) { 28 this.id = id; 29 } 30 public String getToken() { 31 return token; 32 } 33 public void setToken(String token) { 34 this.token = token; 35 } 36 public String getUrl() { 37 return url; 38 } 39 public void setUrl(String url) { 40 this.url = url; 41 } 42 public String getDescription() { 43 return description; 44 } 45 public void setDescription(String description) { 46 this.description = description; 47 } 48 public Integer getRoleId() { 49 return roleId; 50 } 51 public void setRoleId(Integer roleId) { 52 this.roleId = roleId; 53 } 54 55 56 57 }
用户角色表:
1 package com.ssh.entity; 2 3 import javax.persistence.CascadeType; 4 import javax.persistence.Entity; 5 import javax.persistence.GeneratedValue; 6 import javax.persistence.GenerationType; 7 import javax.persistence.Id; 8 import javax.persistence.JoinColumn; 9 import javax.persistence.ManyToOne; 10 import javax.persistence.Table; 11 12 @Entity 13 @Table(name = "t_user_role") 14 public class UserRole { 15 @Id 16 @GeneratedValue(strategy = GenerationType.AUTO) 17 Integer id; 18 19 @ManyToOne(cascade = CascadeType.ALL) 20 @JoinColumn(name = "userId", unique = true) 21 User user; 22 @ManyToOne 23 @JoinColumn(name = "roleId", unique = true) 24 Role role; 25 public Integer getId() { 26 return id; 27 } 28 public void setId(Integer id) { 29 this.id = id; 30 } 31 public User getUser() { 32 return user; 33 } 34 public void setUser(User user) { 35 this.user = user; 36 } 37 public Role getRole() { 38 return role; 39 } 40 public void setRole(Role role) { 41 this.role = role; 42 } 43 44 }
3、编写操作用户业务的Service:
1 package com.ssh.service; 2 3 import java.util.ArrayList; 4 import java.util.List; 5 6 import org.springframework.beans.factory.annotation.Autowired; 7 8 import com.ssh.dao.BaseDao; 9 import com.ssh.entity.Permission; 10 import com.ssh.entity.Role; 11 import com.ssh.entity.User; 12 import com.ssh.entity.UserRole; 13 14 public class AccountService { 15 // 公共的数据库访问接口 16 // 这里省略BaseDao dao的编写 17 @Autowired 18 private BaseDao dao; 19 /**** 20 * 通过用户名获取用户对象 21 * 22 * @param username 23 * @return 24 */ 25 public User getUserByUserName(String username){ 26 User user = (User) dao.findObjectByHQL("from User where username=?",new Object[]{username}); 27 return user; 28 } 29 30 /*** 31 * 通过用户名获取权限资源 32 * 33 * @param username 34 * @return 35 */ 36 public List<String> getPermissionsByUserName(String username) { 37 System.out.println("调用"); 38 User user = getUserByUserName(username); 39 if(user==null){ 40 return null; 41 } 42 List<String> list = new ArrayList<String>(); 43 for(UserRole userRole:user.getUserRoles()){ 44 Role role = userRole.getRole(); 45 List<Permission> permissions = dao.findAllByHQL("FROM Permission WHERE roleId = ?", new Object[] { role.getId() }); 46 for (Permission p : permissions) { 47 list.add(p.getUrl()); 48 } 49 } 50 return list; 51 } 52 }
BaseDao
1 package com.ssh.dao; 2 3 import java.util.List; 4 5 public interface BaseDao { 6 7 /*** 8 * 添加 9 */ 10 public void addObject(Object object); 11 12 /*** 13 * 查询满足条件 return list 14 */ 15 public List findAllByHQL(String hql); 16 17 /*** 18 * 查询满足条件的数据 19 * 20 * @param hql 21 * @param args 22 * @return 23 */ 24 public List findAllByHQL(String hql, Object[] args); 25 26 /*** 27 * 查询满足条件的对象 28 */ 29 public Object findObjectByHQL(String hql); 30 31 public Object findObjectByHQL(String hql, Object[] args); 32 33 /*** 34 * 查询满足条件的对象 35 */ 36 public Object findObjectBySQL(String sql); 37 38 /*** 39 * 分页查询 return list 40 */ 41 public List findPage(String hql, int page, int size); 42 43 /*** 44 * 分页查询 带占位符参数 45 * 46 * @param hql 47 * @param page 48 * @param size 49 * @param args 50 * @return 51 */ 52 public List findPage(String hql, int page, int size, Object[] args); 53 54 /*** 55 * 删除对象 56 */ 57 public void delObject(Object object); 58 59 /*** 60 * 更新对象 61 */ 62 public void updateObject(Object object); 63 64 /*** 65 * 批量更新对象 return int 66 */ 67 public void updateObjectByHQL(String hql); 68 69 public void updateObjectByHQL(String hql, Object[] params); 70 71 /*** 72 * 通过sql查询所有 73 * 74 * @param sql 75 * @return 76 */ 77 public List findAllBySql(String sql); 78 79 }
BaseDaoImpl
1 package com.ssh.dao; 2 3 import java.util.List; 4 5 import org.hibernate.Query; 6 import org.hibernate.SessionFactory; 7 import org.springframework.transaction.annotation.Transactional; 8 9 @Transactional 10 public class BaseDaoImpl implements BaseDao{ 11 // @Autowired 12 public SessionFactory sessionFactory; 13 14 public SessionFactory getSessionFactory() { 15 return sessionFactory; 16 } 17 18 public void setSessionFactory(SessionFactory sessionFactory) { 19 this.sessionFactory = sessionFactory; 20 } 21 22 23 public void addObject(Object object) { 24 sessionFactory.getCurrentSession().save(object); 25 } 26 27 public List findAllByHQL(String hql) { 28 Query query = sessionFactory.getCurrentSession().createQuery(hql); 29 return query.list(); 30 } 31 32 public List findAllByHQL(String hql, Object[] args) { 33 Query query = sessionFactory.getCurrentSession().createQuery(hql); 34 for (int i = 0; i < args.length; i++) { 35 System.out.println(args[i]); 36 query.setParameter(i, args[i]); 37 } 38 return query.list(); 39 } 40 41 42 public Object findObjectByHQL(String hql) { 43 Query query = sessionFactory.getCurrentSession().createQuery(hql); 44 List list = query.list(); 45 if (list.size() > 0) { 46 return list.get(0); 47 } 48 return null; 49 } 50 51 public Object findObjectByHQL(String hql, Object[] args) { 52 Query query = sessionFactory.getCurrentSession().createQuery(hql); 53 System.out.println(args[0]); 54 for (int i = 0; i < args.length; i++) { 55 System.out.println(args[i]); 56 query.setParameter(i, args[i]); 57 } 58 List list = query.list(); 59 if (list.size() > 0) { 60 return list.get(0); 61 } 62 return null; 63 } 64 65 public List findPage(final String hql,final int page,final int size,final Object[] args) { 66 Query query = sessionFactory.getCurrentSession().createQuery(hql); 67 for (int i = 0; i < args.length; i++) { 68 query.setParameter(i, args[i]); 69 } 70 query.setMaxResults(size); 71 query.setFirstResult(page); 72 List<Object> list = query.list(); 73 return list; 74 } 75 76 public List findPage(final String hql, final int page, final int size) { 77 Query query = sessionFactory.getCurrentSession().createQuery(hql); 78 query.setMaxResults(size); 79 query.setFirstResult(page); 80 List<Object> list = query.list(); 81 return list; 82 } 83 84 public void delObject(Object object) { 85 sessionFactory.getCurrentSession().delete(object); 86 } 87 88 89 public void updateObject(Object object) { 90 sessionFactory.getCurrentSession().update(object); 91 } 92 93 94 public void updateObjectByHQL(String hql) { 95 sessionFactory.getCurrentSession().createQuery(hql).executeUpdate(); 96 } 97 98 99 public Object findObjectBySQL(String sql) { 100 Query query = sessionFactory.getCurrentSession().createSQLQuery(sql); 101 102 List list = query.list(); 103 if (list.size() > 0) { 104 return list.get(0); 105 } 106 return null; 107 } 108 109 public List findAllBySql(String sql) { 110 Query query = sessionFactory.getCurrentSession().createSQLQuery(sql); 111 return query.list(); 112 } 113 114 public void updateObjectByHQL(String hql, Object[] params) { 115 Query query = sessionFactory.getCurrentSession().createQuery(hql); 116 for (int i = 0; i < params.length; i++) { 117 query.setParameter(i, params[i]); 118 } 119 query.executeUpdate(); 120 } 121 122 }
4、编写shiro组件自定义Realm:
1 package com.ssh.shiro; 2 3 import java.util.List; 4 5 import org.apache.axis.handlers.SimpleAuthorizationHandler; 6 import org.apache.shiro.authc.AuthenticationException; 7 import org.apache.shiro.authc.AuthenticationInfo; 8 import org.apache.shiro.authc.AuthenticationToken; 9 import org.apache.shiro.authc.SimpleAuthenticationInfo; 10 import org.apache.shiro.authc.UsernamePasswordToken; 11 import org.apache.shiro.authz.AuthorizationInfo; 12 import org.apache.shiro.authz.SimpleAuthorizationInfo; 13 import org.apache.shiro.realm.AuthorizingRealm; 14 import org.apache.shiro.subject.PrincipalCollection; 15 16 import com.ssh.entity.User; 17 import com.ssh.service.AccountService; 18 19 /** 20 * 编写自定义Realm 21 * @author dxyd 22 * 23 */ 24 public class MyShiroRealm extends AuthorizingRealm{ 25 26 /**用户的业务类**/ 27 private AccountService accountService; 28 29 public AccountService getAccountService() { 30 return accountService; 31 } 32 33 public void setAccountService(AccountService accountService) { 34 this.accountService = accountService; 35 } 36 /*** 37 * 获取授权信息 38 */ 39 //根据自己系统规则的需要编写获取授权信息,这里为了快速入门只获取了用户对应角色的资源url信息 40 @Override 41 protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection pc) { 42 String username = (String)pc.fromRealm(getName()).iterator().next(); 43 if(username!=null){ 44 List<String> pers = accountService.getPermissionsByUserName(username); 45 if(pers!=null && !pers.isEmpty()){ 46 SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); 47 for(String each:pers){ 48 //将权限资源添加到用户信息中 49 info.addStringPermission(each); 50 } 51 } 52 } 53 return null; 54 } 55 /*** 56 * 获取认证信息 57 */ 58 @Override 59 protected AuthenticationInfo doGetAuthenticationInfo( 60 AuthenticationToken at) throws AuthenticationException { 61 62 63 UsernamePasswordToken token = (UsernamePasswordToken) at; 64 // 通过表单接收的用户名 65 String username = token.getUsername(); 66 if(username!=null && !"".equals(username)){ 67 User user = accountService.getUserByUserName(username); 68 if (user != null) { 69 return new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), getName()); 70 } 71 } 72 return null; 73 } 74 75 }
上述类继承了Shiro的AuthorizingRealm类 实现了AuthorizationInfo和AuthenticationInfo两个方法,用于获取用户权限和认证用户登录信息
5、编写LoginController:
1 package com.ssh.controller; 2 3 import org.apache.shiro.SecurityUtils; 4 import org.apache.shiro.authc.UsernamePasswordToken; 5 import org.apache.shiro.subject.Subject; 6 import org.springframework.beans.factory.annotation.Autowired; 7 import org.springframework.stereotype.Controller; 8 import org.springframework.web.bind.annotation.RequestMapping; 9 import org.springframework.web.bind.annotation.RequestMethod; 10 import org.springframework.web.portlet.ModelAndView; 11 12 import com.ssh.entity.User; 13 import com.ssh.service.AccountService; 14 15 /**** 16 * 用户登录Controller 17 * 18 * @author Swinglife 19 * 20 */ 21 @Controller 22 public class LoginController { 23 // 处理用户业务类 24 @Autowired 25 private AccountService accountService; 26 27 /*** 28 * 跳转到登录页面 29 * 30 * @return 31 */ 32 @RequestMapping(value = "/toLogin") 33 public String toLogin() { 34 // 跳转到/page/login.jsp页面 35 return "login"; 36 } 37 38 /*** 39 * 实现用户登录 40 * 41 * @param username 42 * @param password 43 * @return 44 */ 45 @RequestMapping(value = "/login",method = RequestMethod.POST) 46 public ModelAndView Login(String username, String password) { 47 ModelAndView mav = new ModelAndView(); 48 User user = accountService.getUserByUserName(username); 49 if (user == null) { 50 mav.setView("toLogin"); 51 mav.addObject("msg", "用户不存在"); 52 return mav; 53 } 54 if (!user.getPassword().equals(password)) { 55 mav.setView("toLogin"); 56 mav.addObject("msg", "帐号密码错误"); 57 return mav; 58 } 59 SecurityUtils.getSecurityManager().logout(SecurityUtils.getSubject()); 60 // 登录后存放进shiro token 61 UsernamePasswordToken token = new UsernamePasswordToken( 62 user.getUsername(), user.getPassword()); 63 Subject subject = SecurityUtils.getSubject(); 64 subject.login(token); 65 // 登录成功后会跳转到successUrl配置的链接,不用管下面返回的链接。 66 mav.setView("redirect:/home"); 67 return mav; 68 } 69 70 }
6、编写信息认证成功后的跳转页面:
1 package com.ssh.controller; 2 3 import org.springframework.stereotype.Controller; 4 import org.springframework.web.bind.annotation.RequestMapping; 5 6 @Controller 7 public class IndexController { 8 @RequestMapping("home") 9 public String index() { 10 System.out.println("登录成功"); 11 return "home"; 12 } 13 }
7、Shiro的配置文件.xml
spring-shiro.xml
1 <?xml version="1.0" encoding="UTF-8"?> 2 <beans xmlns="http://www.springframework.org/schema/beans" 3 xmlns:aop="http://www.springframework.org/schema/aop" xmlns:tx="http://www.springframework.org/schema/tx" 4 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" 5 xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd 6 http://www.springframework.org/schema/context 7 http://www.springframework.org/schema/context/spring-context-3.2.xsd 8 http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd 9 http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd"> 10 11 <!-- shiro-all.jar 12 filterChainDefinitions:apache 13 shiro通过filterChainDefinitions参数来分配链接的过滤, 14 资源过滤有常用的以下几个参数: 15 authc 表示需要认证的链接 16 perms[/url] 表示该链接需要拥有对应的资源/权限才能访问 17 roles[admin] 表示需要对应的角色才能访问 18 perms[admin:url] 表示需要对应角色的资源才能访问 19 20 --> 21 <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> 22 <property name="securityManager" ref="securityManager" /> 23 <property name="loginUrl" value="/toLogin" /> 24 <property name="successUrl" value="/home" /> 25 <property name="unauthorizedUrl" value="/403.do" /> 26 27 <property name="filterChainDefinitions"> 28 <value> 29 /toLogin = authc <!-- authc 表示需要认证才能访问的页面 --> 30 /home = authc, perms[/home] <!-- perms 表示需要该权限才能访问的页面 --> 31 </value> 32 </property> 33 </bean> 34 35 <bean id="myShiroRealm" class="com.ssh.shiro.MyShiroRealm"> 36 <!-- businessManager 用来实现用户名密码的查询 --> 37 <property name="accountService" ref="accountService" /> 38 </bean> 39 <!-- shiro-all.jar --> 40 <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> 41 <property name="realm" ref="myShiroRealm"></property> 42 </bean> 43 44 <bean id="accountService" class="com.ssh.service.AccountService"></bean> 45 46 <!-- <bean id="shiroCacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager"> 47 <property name="cacheManager" ref="cacheManager" /> </bean> --> 48 </beans>
loginUrl 用于配置登陆页
successUrl 用于配置登录成功后返回的页面,不过该参数只会在当登录页面中并没有任何返回页面时才会生效,否则会跳转到登录Controller中的指定页面。
unauthorizedUrl 用于配置没有权限访问页面时跳转的页面
filterChainDefinitions:apache shiro通过filterChainDefinitions参数来分配链接的过滤,资源过滤有常用的以下几个参数:
1、authc 表示需要认证的链接
2、perms[/url] 表示该链接需要拥有对应的资源/权限才能访问
3、roles[admin] 表示需要对应的角色才能访问
4、perms[admin:url] 表示需要对应角色的资源才能访问
spring-common.xml
1 <?xml version="1.0" encoding="UTF-8"?> 2 <beans xmlns="http://www.springframework.org/schema/beans" 3 xmlns:aop="http://www.springframework.org/schema/aop" 4 xmlns:cache="http://www.springframework.org/schema/cache" 5 xmlns:context="http://www.springframework.org/schema/context" 6 xmlns:jdbc="http://www.springframework.org/schema/jdbc" 7 xmlns:jee="http://www.springframework.org/schema/jee" 8 xmlns:jms="http://www.springframework.org/schema/jms" 9 xmlns:lang="http://www.springframework.org/schema/lang" 10 xmlns:mvc="http://www.springframework.org/schema/mvc" 11 xmlns:oxm="http://www.springframework.org/schema/oxm" 12 xmlns:task="http://www.springframework.org/schema/task" 13 xmlns:tx="http://www.springframework.org/schema/tx" 14 xmlns:util="http://www.springframework.org/schema/util" 15 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 16 xsi:schemaLocation="http://www.springframework.org/schema/beans 17 http://www.springframework.org/schema/beans/spring-beans.xsd 18 http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.2.xsd 19 http://www.springframework.org/schema/cache http://www.springframework.org/schema/cache/spring-cache-3.2.xsd 20 http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd 21 http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-3.2.xsd 22 http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-3.2.xsd 23 http://www.springframework.org/schema/jms http://www.springframework.org/schema/jms/spring-jms-3.2.xsd 24 http://www.springframework.org/schema/lang http://www.springframework.org/schema/lang/spring-lang-3.2.xsd 25 http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd 26 http://www.springframework.org/schema/oxm http://www.springframework.org/schema/oxm/spring-oxm-3.2.xsd 27 http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task-3.2.xsd 28 http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd 29 http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.2.xsd"> 30 31 <!--扫描映射 --> 32 <context:component-scan base-package="com.ssh"></context:component-scan> 33 34 <!-- 引入property配置文件 --> 35 <context:property-placeholder location="classpath:prop/jdbc.properties"></context:property-placeholder> 36 <!-- 配置数据源 --> 37 <bean class="org.springframework.jdbc.datasource.DriverManagerDataSource" id="dataSource"> 38 <property name="driverClassName" value="${jdbc.mysql.driverClassName}"></property> 39 <property name="url" value="${jdbc.mysql.url}"></property> 40 <property name="username" value="${jdbc.mysql.username}"></property> 41 <property name="password" value="${jdbc.mysql.password}"></property> 42 <!-- 初始化连接大小 43 <property name="initialSize" value="${jdbc.initialSize}"></property> --> 44 <!-- 连接池最大数量 45 <property name="maxActive" value="${jdbc.maxActive}"></property>--> 46 <!-- 连接池最大空闲 --> 47 <!-- <property name="maxIdle" value="${maxIdle}"></property> --> 48 <!-- 连接池最小空闲 49 <property name="minIdle" value="${jdbc.minIdle}"></property>--> 50 <!-- 获取连接最大等待时间 51 <property name="maxWait" value="${jdbc.maxWait}"></property>--> 52 </bean> 53 54 <!-- 配置SessionFactory --> 55 <bean class="org.springframework.orm.hibernate4.LocalSessionFactoryBean" id="sessionFactory"> 56 <property name="dataSource" ref="dataSource"></property> 57 <property name="hibernateProperties"> 58 <props> 59 <prop key="hibernate.dialect">${jdbc.mysql.dialect}</prop> 60 <prop key="hibernate.hbm2ddl.auto">update</prop> 61 <!--是否显示sql语句 我在这里是显示的 --> 62 <prop key="hibernate.show_sql">true</prop> 63 <!--格式化显示sql语句 --> 64 <prop key="hibernate.format_sql">true</prop> 65 </props> 66 </property> 67 <!-- 自动扫描制定位置下的实体进行映射 --> 68 <property name="packagesToScan" value="com.ssh.entity"></property> 69 </bean> 70 71 <!-- 配置一个事务管理器 --> 72 <bean class="org.springframework.orm.hibernate4.HibernateTransactionManager" id="transactionManager"> 73 <property name="sessionFactory" ref="sessionFactory"> 74 </property></bean> 75 76 <!-- 应该是开启事物 --> 77 <tx:annotation-driven transaction-manager="transactionManager"></tx:annotation-driven> 78 79 <!-- baseDao --> 80 <bean id="dao" class="com.ssh.dao.BaseDaoImpl"> 81 <property name="sessionFactory" ref="sessionFactory"></property> 82 </bean> 83 </beans>
spring-mvc.xml
1 <?xml version="1.0" encoding="UTF-8"?> 2 <beans xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context" xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans 3 http://www.springframework.org/schema/beans/spring-beans.xsd 4 http://www.springframework.org/schema/context 5 http://www.springframework.org/schema/context/spring-context-3.2.xsd 6 http://www.springframework.org/schema/mvc 7 http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd"> 8 9 <!-- 注解扫描包 --> 10 <context:component-scan base-package="com.ssh"></context:component-scan> 11 12 <!-- 开启注解 --> 13 <mvc:annotation-driven></mvc:annotation-driven> 14 15 <!-- 定义视图解析器 --> 16 <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver" id="viewResolver"> 17 <property name="prefix" value="/WEB-INF/page/"></property> 18 <property name="suffix" value=".jsp"></property> 19 </bean> 20 <import resource="spring-common.xml"/> 21 <import resource="spring-shiro.xml"/> 22 </beans>
8、登陆页login.jsp
1 <body> 2 3 <h1>user login</h1> 4 <form action="login" method="post"> 5 username:<input type="text" name="username"><p> 6 password:<input type="password" name="password"> 7 <p> 8 ${msg } 9 <input type="submit" value="submit"> 10 </form> 11 </body>
9、运行程序
在数据库中添加一条用户、角色、以及权限数据,并且在关联表中添加一条关联数据:
在浏览器中访问: home页面 就会跳转到登录页面:
最后输入 账号密码 就会跳转到登录成功页面。