SpringBoot2.0整合SpringSecurity，Mybatis,Layui框架從零開始實現登入登陸的增刪查改

一、工具說明

    開發工具：idea2019

    jdk版本：1.8

    數據庫： Mysql5.0+

二、項目說明

    基於springboot2.0，整合druid， jpa ， thymeleaf，layui，mybatis，maven，springsecurity框架實現登入登出的管理系統。

三、項目搭建

1、快速搭建maven項目

（1）點擊左側Maven，選擇Jdk1.8，選中 Create from archetype，點擊next。

（2）填寫項目信息，點擊next

（3）選擇項目位置，點擊finish。

（4）項目結構圖如下：

2、引入相關依賴

    <!-- springboot 2.0.9 -->
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.0.9.RELEASE</version>
    </parent>
    <dependencies>
        <!--springboot -web 組件，整合 springmvc,spring -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-aop</artifactId>
        </dependency>
        <!--引入springthymeleaf -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-thymeleaf</artifactId>
        </dependency>
        <!-- springboot 整合mybatis-->
        <dependency>
            <groupId>org.mybatis.spring.boot</groupId>
            <artifactId>mybatis-spring-boot-starter</artifactId>
            <version>1.1.1</version>
        </dependency>
        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <version>5.1.25</version>
        </dependency>
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <version>1.16.16</version>
        </dependency>
        <dependency>
            <groupId>io.swagger</groupId>
            <artifactId>swagger-annotations</artifactId>
            <version>1.5.22</version>
        </dependency>
        <dependency>
            <groupId>log4j</groupId>
            <artifactId>log4j</artifactId>
            <version>1.2.16</version>
            <scope>compile</scope>
        </dependency>
        <!--alibaba-->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-jpa</artifactId>
        </dependency>
        <dependency>
            <groupId>com.alibaba</groupId>
            <artifactId>druid</artifactId>
            <version>1.0.24</version>
        </dependency>
        <dependency>
            <groupId>com.alibaba</groupId>
            <artifactId>fastjson</artifactId>
            <version>1.2.30</version>
        </dependency>
        <dependency>
            <groupId>com.xiaoleilu</groupId>
            <artifactId>hutool-all</artifactId>
            <version>3.3.0</version>
        </dependency>
        <dependency>
            <groupId>org.apache.commons</groupId>
            <artifactId>commons-lang3</artifactId>
            <version>3.6</version>
        </dependency>
        <dependency>
            <groupId>commons-lang</groupId>
            <artifactId>commons-lang</artifactId>
            <version>2.6</version>
        </dependency>
        <dependency>
            <groupId>org.codehaus.jackson</groupId>
            <artifactId>jackson-mapper-asl</artifactId>
            <version>1.9.13</version>
        </dependency>
        <dependency>
            <groupId>com.github.pagehelper</groupId>
            <artifactId>pagehelper-spring-boot-starter</artifactId>
            <version>1.2.4</version>
        </dependency>
    </dependencies>

3.配置相關參數

server:
  port: 8090
  tomcat:
    uri-encoding: UTF-8

spring:
  http:
    encoding:
      force: true
      ### 模板引擎編碼爲UTF-8
      charset: UTF-8
    thymeleaf:
      prefix: classpath:/templates
      suffix: .html
      mode: HTML5
      encoding: UTF-8
      content-type: text/html
    # 關閉緩存, 即時刷新, 上線生產環境需要改爲true
      cache: false
  datasource:
    # 連接池配置
    url: jdbc:mysql://127.0.0.1::3306/test?useUnicode=true&characterEncoding=UTF-8&autoReconnect=true&useSSL=false&zeroDateTimeBehavior=convertToNull&serverTimezone=Asia/Shanghai
    username: root
    password: mysql
    driver-class-name: com.mysql.jdbc.Driver
    type: com.alibaba.druid.pool.DruidDataSource
    # 初始化大小，最小，最大
    initial-size: 5
    min-idle: 5
    max-active: 20
    # 配置獲取連接等待超時的時間
    max-wait: 60000
    # 配置間隔多久才進行一次檢測，檢測需要關閉的空閒連接，單位毫秒
    time-between-eviction-runs-millis: 60000
    # 配置一個連接在池中最小生存時間
    min-evictable-idle-time-millis: 300000
    validation-query: SELECT 1 FROM sys_user
    test-while-idle: true
    test-on-borrow: false
    test-on-return: false
    # 打開 PSCache，並且指定每個連接上 PSCache 的大小
    pool-prepared-statements: true
    max-pool-prepared-statement-per-connection-size: 20
    #開啓頁面訪問
    stat-view-servlet:
      enable: true
    # 配置監控統計攔截的 Filter，去掉後監控界面 SQL 無法統計，wall 用於防火牆
    filters: stat,wall,log4j
    # 通過 connection-properties 屬性打開 mergeSql 功能；慢 SQL 記錄
    connection-properties: druid.stat.mergeSql\=true;druid.stat.slowSqlMillis\=5000
    # 配置 DruidStatFilter
    web-stat-filter:
      enabled: true
      url-pattern: /*
      exclusions: .js,*.gif,*.jpg,*.bmp,*.png,*.css,*.ico,/druid/*

# mybatis配置
mybatis:
  mapper-locations: classpath:/mapper/**/*.xml
  configuration:
    jdbc-type-for-null: null
  type-aliases-package: cn.com.liu.model
# 日誌打印級別，設爲 debug可打印出 SQL
logging:
  level:
    cn:
      com:
        liu:
            mapper: debug

app:
  #AOP記錄用戶操作日誌，true開啓，false關閉
  open-aop-log: false

4、添加配置類

（1）WebMvcConfig 把靜態資源文件加載進去。

package cn.com.liu.config;

import com.alibaba.fastjson.serializer.SerializerFeature;
import com.alibaba.fastjson.support.config.FastJsonConfig;
import com.alibaba.fastjson.support.spring.FastJsonHttpMessageConverter;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.MediaType;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport;

import java.util.ArrayList;
import java.util.List;

@Configuration
public class WebMvcConfig extends WebMvcConfigurationSupport {

    @Override
    public void addResourceHandlers(ResourceHandlerRegistry registry) {
        registry.addResourceHandler("/static/**").addResourceLocations("classpath:/static/");

    }
    @Override
    public void configureMessageConverters(List<HttpMessageConverter<?>> converters) {
        super.configureMessageConverters(converters);
        // 1.需要先定義一個convert 轉換消息的對象
        FastJsonHttpMessageConverter fastConverter = new FastJsonHttpMessageConverter();
        // 2.添加fastJson的配置信息,比如，是否需要格式化返回的json數據
        FastJsonConfig fastJsonConfig = new FastJsonConfig();
        // 空值特別處理
        // WriteNullListAsEmpty 將Collection類型字段的字段空值輸出爲[]
        // WriteNullStringAsEmpty 將字符串類型字段的空值輸出爲空字符串 ""
        // WriteNullNumberAsZero 將數值類型字段的空值輸出爲0
        // WriteNullBooleanAsFalse 將Boolean類型字段的空值輸出爲false
        fastJsonConfig.setSerializerFeatures(SerializerFeature.WriteNullListAsEmpty,
                SerializerFeature.DisableCircularReferenceDetect,
                SerializerFeature.WriteNonStringKeyAsString);
        // 處理中文亂碼問題
        List<MediaType> fastMediaTypes = new ArrayList<>();
        fastMediaTypes.add(MediaType.APPLICATION_JSON_UTF8);
        fastConverter.setSupportedMediaTypes(fastMediaTypes);
        // 3.在convert中添加配置信息
        fastConverter.setFastJsonConfig(fastJsonConfig);
        // 4.將convert添加到converters當中
        converters.add(fastConverter);
    }
}

（2）WebSecurityConfig  配置springsecurity

package cn.com.liu.config;

import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.util.matcher.RegexRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;

import javax.servlet.http.HttpServletRequest;
import java.util.regex.Pattern;

@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.headers().frameOptions().disable();
        http.authorizeRequests().antMatchers("/").permitAll()
                .antMatchers("/hello").hasRole("USER").and()
                //.csrf().disable() //關閉CSRF
                .csrf().requireCsrfProtectionMatcher(new RequestMatcher() {
                //放行這幾種請求
                private Pattern allowedMethods = Pattern.compile("^(GET|HEAD|TRACE|OPTIONS)$");
                //放行rest請求
                private RegexRequestMatcher unprotectedMatcher = new RegexRequestMatcher("^/manage/.*", null);
                    @Override
                    public boolean matches(HttpServletRequest request) {
                        if(allowedMethods.matcher(request.getMethod()).matches()){
                            return false;
                        }
                        String servletPath = request.getServletPath();
                        if (servletPath.contains("/druid")) {
                            return false;
                        }
                        return !unprotectedMatcher.matches(request);
                    }
                }).and()
                    .formLogin().loginPage("/login").defaultSuccessUrl("/manage").and()
                    .logout().logoutUrl("/logout").logoutSuccessUrl("/login");
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
                .inMemoryAuthentication()
                .withUser("user").password("password").roles("USER");
    }


}

（3）配置druid監控

package cn.com.liu.config;

import com.alibaba.druid.pool.DruidDataSource;
import com.alibaba.druid.support.http.StatViewServlet;
import com.alibaba.druid.support.http.WebStatFilter;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.boot.web.servlet.ServletRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import javax.sql.DataSource;
@Configuration
public class DruidConfiguration {
    @Bean
    public ServletRegistrationBean druidServlet() {
        ServletRegistrationBean servletRegistrationBean = new ServletRegistrationBean(new StatViewServlet(), "/druid/*");
        // IP白名單
        //servletRegistrationBean.addInitParameter("allow", "192.168.*");
        // IP黑名單(共同存在時，deny優先於allow)
        //dservletRegistrationBean.addInitParameter("deny", "192.168.1.100");
        //控制檯管理用戶
        servletRegistrationBean.addInitParameter("loginUsername", "user");
        servletRegistrationBean.addInitParameter("loginPassword", "user");
        //是否能夠重置數據 禁用HTML頁面上的“Reset All”功能
        servletRegistrationBean.addInitParameter("resetEnable", "false");
        return servletRegistrationBean;
    }

    @Bean
    public FilterRegistrationBean filterRegistrationBean() {
        FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean(new WebStatFilter());
        filterRegistrationBean.addUrlPatterns("/*");
        filterRegistrationBean.addInitParameter("exclusions", "*.js,*.gif,*.jpg,*.png,*.css,*.ico,/druid/*");
        return filterRegistrationBean;
    }

    @Bean
    @ConfigurationProperties(prefix = "spring.datasource")
    public DataSource druidDataSource() {
        return new DruidDataSource();
    }


}

5、啓動項目

訪問 http://localhost:8090/druid/index.html  即可看到監控日誌信息， springsecurity登錄賬號密碼爲user/ 密碼即爲上述配置文件中的 user/user