Jar包
-----------------------------Web.xml中配置shiro的filter------------------------------------
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>WebShiro</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:applicationContext-*.xml</param-value>
</context-param>
<!-- Spring監聽器 -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- 處理POST提交亂碼問題 -->
<filter>
<filter-name>encoding</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encoding</filter-name>
<url-pattern>*.action</url-pattern>
</filter-mapping>
<!-- 前端控制器 -->
<servlet>
<servlet-name>springmvc</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<!-- 默認找 /WEB-INF/[servlet的名稱]-servlet.xml -->
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:springmvc.xml</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>springmvc</servlet-name>
<!-- 1. /* 攔截所有 jsp js png .css 真的全攔截 建議不使用 2. *.action *.do 攔截以do action
結尾的請求 肯定能使用 ERP 3. / 攔截所有 (不包括jsp) (包含.js .png.css) 強烈建議使用 前臺 面向消費者 www.jd.com/search
/對靜態資源放行 -->
<url-pattern>*.action</url-pattern>
</servlet-mapping>
<!-- shiro過慮器,DelegatingFilterProx會從spring容器中找shiroFilter -->
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
-------------------------------spring的配置文件----------------------
applicationContext-dao.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context" xmlns:p="http://www.springframework.org/schema/p"
xmlns:aop="http://www.springframework.org/schema/aop" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.2.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.0.xsd">
<context:property-placeholder location="classpath:db.properties"/>
<!-- 數據庫連接池 -->
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"
destroy-method="close">
<property name="driverClassName" value="${jdbc.driver}" />
<property name="url" value="${jdbc.url}" />
<property name="username" value="${jdbc.username}" />
<property name="password" value="${jdbc.password}" />
<property name="maxActive" value="10" />
<property name="maxIdle" value="5" />
</bean>
<!-- Mybatis的工廠 -->
<bean id="sqlSessionFactoryBean" class="org.mybatis.spring.SqlSessionFactoryBean">
<property name="dataSource" ref="dataSource"/>
<!-- 核心配置文件的位置 -->
<property name="configLocation" value="classpath:sqlMapConfig.xml"/>
</bean>
<!-- Mapper動態代理開發 掃描 -->
<bean class="org.mybatis.spring.mapper.MapperScannerConfigurer">
<!-- 基本包 -->
<property name="basePackage" value="cn.qlq.springmvc.mapper"/>
</bean>
<!-- 註解事務 -->
<bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource" ref="dataSource"/>
</bean>
<!-- 開啓註解 -->
<!-- <tx:annotation-driven transaction-manager="transactionManager"/> -->
</beans>
--------------------------------------------SpringfMVC的配置----------------------------
springmvc.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.2.xsd ">
<!-- 掃描@Controler @Service -->
<context:component-scan base-package="cn.qlq.springmvc" />
<!-- 開啓aop,對類代理 -->
<aop:config proxy-target-class="true"></aop:config>
<!-- 開啓shiro註解支持 -->
<bean
class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager" />
</bean>
<!-- 處理器映射器 -->
<!-- <bean class="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping"/> -->
<!-- 處理器適配器 -->
<!-- <bean class="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter"/> -->
<!-- 註解驅動,代替上面兩個 -->
<mvc:annotation-driven conversion-service="conversionServiceFactoryBean" />
<!-- 視圖解釋器 -->
<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/jsp/" />
<property name="suffix" value=".jsp" />
</bean>
<!-- 配置Conveter轉換器 轉換工廠 (日期、去掉前後空格)。。 -->
<bean id="conversionServiceFactoryBean"
class="org.springframework.format.support.FormattingConversionServiceFactoryBean">
<!-- 配置 多個轉換器 -->
<property name="converters">
<list>
<bean class="cn.qlq.springmvc.conversion.DateConveter" />
<!-- 可以配置多個轉換器 -->
<!-- <bean class="com.itheima.springmvc.conversion.DateConveter" /> <bean
class="com.itheima.springmvc.conversion.DateConveter" /> -->
</list>
</property>
</bean>
<!-- 配置異常處理器 -->
<bean class="cn.qlq.springmvc.Exception.MyExceptionHandler"></bean>
<!-- 上傳圖片配置實現類,id必須爲這個 -->
<bean id="multipartResolver"
class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
<!-- 上傳圖片的大小 B 5M 1*1024*1024*5 -->
<property name="maxUploadSize" value="5000000" />
</bean>
<!-- 配置攔截器 ,可以配置多個 -->
<!-- <mvc:interceptors> <mvc:interceptor> <mvc:mapping path="/**" /> 用戶認證攔截
<bean class="cn.qlq.springmvc.inteceptor.LoginInterceptor"></bean> </mvc:interceptor>
<mvc:interceptor> <mvc:mapping path="/**" /> 用戶權限攔截 <bean class="cn.qlq.springmvc.inteceptor.PermissionInterceptor"></bean>
</mvc:interceptor> </mvc:interceptors> -->
</beans>
------------------------------------------Mybatis的配置------------------------------------------
sqlMapConfig.xml
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE configuration
PUBLIC "-//mybatis.org//DTD Config 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-config.dtd">
<configuration>
<!-- 設置別名 -->
<!-- <typeAliases>
2. 指定掃描包,會把包內所有的類都設置別名,別名的名稱就是類名,大小寫不敏感
<package name="cn.qlq.springmvc.pojo" />
</typeAliases> -->
</configuration>
--------------------------------------------------------Shiro的配置-------------------------------------------------
applicationContext-shiro.xml(完整的xml配置,後面講介紹作用)
在applicationContext-shiro.xml 中配置web.xml中fitler對應spring容器中的bean。
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd">
<!-- web.xml中shiro的filter對應的bean -->
<!-- Shiro 的Web過濾器 -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager" />
<!-- loginUrl認證提交地址,如果沒有認證將會請求此地址進行認證,請求此地址將由formAuthenticationFilter進行表單認證 -->
<property name="loginUrl" value="/login.action" />
<!-- 認證成功統一跳轉到first.action,建議不配置,shiro認證成功自動到上一個請求路徑 -->
<property name="successUrl" value="/first.action" />
<!-- 通過unauthorizedUrl指定沒有權限操作時跳轉頁面 -->
<property name="unauthorizedUrl" value="/refuse.jsp" />
<!-- 自定義filter配置 -->
<property name="filters">
<map>
<!-- 將自定義 的FormAuthenticationFilter注入shiroFilter中 -->
<entry key="authc" value-ref="formAuthenticationFilter" />
</map>
</property>
<!-- 過慮器鏈定義,從上向下順序執行,一般將/**放在最下邊 -->
<property name="filterChainDefinitions">
<value>
<!-- 靜態資源放行 -->
/images/** = anon
/js/** = anon
/styles/** = anon
<!-- 對錯誤頁面放行 -->
/error.jsp = anon
<!-- 驗證碼,可匿名訪問 -->
/validatecode.jsp = anon
<!-- 配置記住我或認證通過可以訪問的地址 -->
/index.jsp = user
/first.action = user
/welcome.jsp = user
<!--商品查詢需要商品查詢權限 ,取消url攔截配置,使用註解授權方式 -->
<!-- /itemEdit.action = perms[item:edit] -->
<!-- 請求 logout.action地址,shiro去清除session -->
/logout.action = logout
<!-- /** = authc 所有url都必須認證通過纔可以訪問 -->
/** = authc
<!-- 所有url都可以匿名訪問 -->
<!-- /** = anon -->
</value>
</property>
</bean>
<!-- securityManager安全管理器 -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<!-- 注入realm -->
<property name="realm" ref="customRealm" />
<!-- 注入緩存管理器 -->
<property name="cacheManager" ref="cacheManager" />
<!-- 注入session管理器 -->
<property name="sessionManager" ref="sessionManager" />
<!-- 記住我 -->
<property name="rememberMeManager" ref="rememberMeManager" />
</bean>
<!-- realm -->
<bean id="customRealm" class="cn.qlq.springmvc.shiro.CustomRealm">
<!-- 將憑證匹配器設置到realm中,realm按照憑證匹配器的要求進行散列 -->
<property name="credentialsMatcher" ref="credentialsMatcher" />
</bean>
<!-- 憑證匹配器 -->
<bean id="credentialsMatcher"
class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
<property name="hashAlgorithmName" value="md5" />
<property name="hashIterations" value="1" />
</bean>
<!-- 緩存管理器 -->
<bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
<property name="cacheManagerConfigFile" value="classpath:shiro-ehcache.xml" />
</bean>
<!-- 會話管理器 -->
<bean id="sessionManager"
class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
<!-- session的失效時長,單位毫秒 -->
<property name="globalSessionTimeout" value="600000" />
<!-- 刪除失效的session -->
<property name="deleteInvalidSessions" value="true" />
</bean>
<!-- 自定義form認證過慮器 -->
<!-- 基於Form表單的身份驗證過濾器,不配置將也會註冊此過慮器,表單中的用戶賬號、密碼及loginurl將採用默認值,建議配置 -->
<bean id="formAuthenticationFilter" class="cn.qlq.springmvc.shiro.CustomFormAuthenticationFilter ">
<!-- 表單中賬號的input名稱 -->
<property name="usernameParam" value="username" />
<!-- 表單中密碼的input名稱 -->
<property name="passwordParam" value="password" />
<!-- 記住我input的名稱 -->
<property name="rememberMeParam" value="rememberMe" />
</bean>
<!-- rememberMeManager管理器,寫cookie,取出cookie生成用戶信息 -->
<bean id="rememberMeManager" class="org.apache.shiro.web.mgt.CookieRememberMeManager">
<property name="cookie" ref="rememberMeCookie" />
</bean>
<!-- 記住我cookie -->
<bean id="rememberMeCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
<!-- rememberMe是cookie的名字 -->
<constructor-arg value="rememberMe" />
<!-- 記住我cookie生效時間30天 -->
<property name="maxAge" value="2592000" />
</bean>
</beans>
對一些靜態資源放行:
shiro-ehcache.xml 緩存配置文件
<ehcache xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="../config/ehcache.xsd">
<!--diskStore:緩存數據持久化的目錄 地址 -->
<diskStore path="F:\develop\ehcache" />
<defaultCache
maxElementsInMemory="1000"
maxElementsOnDisk="10000000"
eternal="false"
overflowToDisk="false"
diskPersistent="false"
timeToIdleSeconds="120"
timeToLiveSeconds="120"
diskExpiryThreadIntervalSeconds="120"
memoryStoreEvictionPolicy="LRU">
</defaultCache>
</ehcache>
---------------------------------------數據庫配置文件------------------------------------------------
db.properties
jdbc.driver=com.mysql.jdbc.Driver jdbc.url=jdbc:mysql://localhost:3306/shiro?characterEncoding=utf-8 jdbc.username=root jdbc.password=123456