最近自己搞了个springboot jpa的项目练手,用到了shiro控制权限,过程中遇到了一些问题,记录一下。
1、jpa确实方便,适合快速开发,具体使用方法:
(1)pom文件引用
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-data-jpa</artifactId></dependency>
(2)application.properties文件引用
spring.jpa.database-platform=mysqlspring.jpa.hibernate.ddl-auto=updatespring.jpa.show-sql=truespring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQL57Dialectspring.jpa.properties.hibernate.enable_lazy_load_no_trans=true
(3)以用户管理举例
dao层
public interface UserDao extends JpaRepository<User,Integer>, JpaSpecificationExecutor<User> { User findUserByUsername(String userName);// @Query(value = "select count(*) from t_user",nativeQuery = true)// Long totalCount();}
service层
public class UserService { @Autowired UserDao userDao; public List<User> findAll() throws Exception{ try { return userDao.findAll(); }catch (Exception e) { throw new CoreException("查找用户失败"); } } public User findUserByUserName(String userName) throws Exception{ try { return userDao.findUserByUsername(userName); }catch (Exception e) { throw new CoreException("根据用户名称查找用户失败"); } }}
controller层
public class UserController { @Autowired private UserService userService;public RetResult<User> findUserByUserName(String userName) {
try{ User user = userService.findUserByUserName(userName); if (user == null || StringUtils.isEmpty(user)){ throw new CoreException("根据用户名称查找用户失败"); } return RetResponse.makeOKRsp(user); } catch (CoreException e){ return RetResponse.makeRsp(400,"根据用户名称查找用户失败"); } catch (Exception e) { return RetResponse.makeRsp(400,"根据用户名称查找用户失败"); }}}
2、shiro配置:
(1)pom文件引用
<!-- thymeleaf使用shiro标签 --><dependency> <groupId>com.github.theborakompanioni</groupId> <artifactId>thymeleaf-extras-shiro</artifactId> <version>2.0.0</version></dependency><!-- shiro权限控制框架 --><dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-spring</artifactId> <version>1.4.0</version></dependency><!-- shiro ehcache --><dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-ehcache</artifactId> <version>1.4.0</version></dependency>
(2)用到了thymleaf所以ShiroConfig配置文件添加
/** * 添加ShiroDialect 为了在thymeleaf里使用shiro的标签的bean * @return */@Bean(name = "shiroDialect")public ShiroDialect shiroDialect(){ return new ShiroDialect();}
(3)其他的配置网上很多,这里主要贴一下授权代码
个人理解:查询资源表里面permission属性的值查出来添加到authorizationInfo.addStringPermission()
shiro标签shiro:hasPermission会匹配。
/** * 授权用户权限 */@Overrideprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { System.out.println("权限配置-->MyShiroRealm.doGetAuthorizationInfo()"); SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(); User user = (User)principals.getPrimaryPrincipal(); try { List<Role> roleList = roleService.findRolesByRoleIds(user.getUserId()); if (roleList != null){ for(int i=0; i<roleList.size(); i++){ authorizationInfo.addRole(roleList.get(i).getName()); List<Resource> resourceList = resourceService.findResourcesByRole(roleList.get(i)); if(resourceList != null){ for(int j=0; j<resourceList.size(); j++){ authorizationInfo.addStringPermission(resourceList.get(j).getPermission()); } } } } return authorizationInfo; } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); return authorizationInfo; }}
(4)thymleaf 使用shiro标签展示菜单
<ul class="layui-nav layui-nav-tree" lay-shrink="all" id="LAY-system-side-menu" lay-filter="layadmin-system-side-menu"> <li th:each="resource,index : ${session.resourceList}" data-name="home" class="layui-nav-item layui-nav-itemed"> <shiro:hasPermission name="${resource.permission}"> <a href="javascript:;" lay-direction="2"> <i th:class="${resource.icon}"></i> <cite th:text="${resource.resourceName}"></cite> </a> <dl class="layui-nav-child layui-this"> <dd style="margin-left: 15px;" th:each="resourceChild,index : ${resource.childList}" data-name="console"> <shiro:hasPermission name="${resourceChild.permission}"> <a th:href="${resourceChild.resourceUrl}" target="allList"> <i th:class="${resourceChild.icon}"></i> <cite th:text="${resourceChild.resourceName}"></cite> </a> </shiro:hasPermission> </dd> </dl> </shiro:hasPermission> </li></ul>
3、swagger配置
(1)pom文件配置
<!--swagger2依赖--><dependency> <groupId>io.springfox</groupId> <artifactId>springfox-swagger2</artifactId> <version>2.9.2</version></dependency><!--swagger2-ui依赖--><dependency> <groupId>io.springfox</groupId> <artifactId>springfox-swagger-ui</artifactId> <version>2.9.2</version></dependency>
(2)配置文件
public class Swagger2Config { @Bean public Docket createRestApi() { return new Docket(DocumentationType.SWAGGER_2) .apiInfo(apiInfo()) .select() .apis(RequestHandlerSelectors.basePackage("org.test.records")) .paths(PathSelectors.any()) .build(); } private ApiInfo apiInfo() { return new ApiInfoBuilder() .title("springboot利用swagger构建api文档") .description("简单优雅的restfun风格,https://www.baidu.com/") .termsOfServiceUrl("https://www.baidu.com/") .version("1.0") .build(); }}
(3)因为用到了shiro所以会拦截swagger,需要增加配置文件.配置源码:
@Configurationpublic class WebConfigurer implements WebMvcConfigurer { /** * 添加静态资源--过滤swagger-api (开源的在线API文档) * @param registry */ @Override public void addResourceHandlers(ResourceHandlerRegistry registry) { //指定了静态资源文件的位置 registry.addResourceHandler("/static/**") .addResourceLocations("classpath:/static/"); registry.addResourceHandler("swagger-ui.html") .addResourceLocations("classpath:/META-INF/resources/"); registry.addResourceHandler("/webjars/**") .addResourceLocations("classpath:/META-INF/resources/webjars/"); } // 这个方法用来注册拦截器,我们自己写好的拦截器需要通过这里添加注册才能生效 @Override public void addInterceptors(InterceptorRegistry registry) { }}
4、配置themleaf
(1)pom文件
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId></dependency><dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-thymeleaf</artifactId></dependency>
(2)application.properties文件
spring.mvc.static-path-pattern=/static/**spring.thymeleaf.cache=falsespring.thymeleaf.prefix=classpath:/templates/spring.thymeleaf.suffix=.htmlspring.thymeleaf.encoding=UTF-8spring.thymeleaf.mode=HTML5spring.thymeleaf.servlet.content-type=text/html
5、用到了druid
(1)如果pom引入的是
<dependency> <groupId>com.alibaba</groupId> <artifactId>druid-spring-boot-starter</artifactId> <version>1.1.10</version></dependency>
那么只需要修改application.properties文件
#启用阿里druidspring.datasource.type=com.alibaba.druid.pool.DruidDataSource# 初始化大小,最小,最大spring.datasource.druid.initial-size=5spring.datasource.druid.min-idle=5spring.datasource.druid.maxActive=20# 配置获取连接等待超时的时间spring.datasource.druid.maxWait=60000# 配置间隔多久才进行一次检测,检测需要关闭的空闲连接,单位是毫秒spring.datasource.druid.timeBetweenEvictionRunsMillis=60000# 配置一个连接在池中最小生存的时间,单位是毫秒spring.datasource.druid.minEvictableIdleTimeMillis=300000spring.datasource.druid.validationQuery=SELECT 1spring.datasource.druid.testWhileIdle=truespring.datasource.druid.testOnBorrow=falsespring.datasource.druid.testOnReturn=false# 打开PSCache,并且指定每个连接上PSCache的大小spring.datasource.druid.poolPreparedStatements=truespring.datasource.druid.maxPoolPreparedStatementPerConnectionSize=20# 配置监控统计拦截的filters,去掉后监控界面sql无法统计,'wall'用于防火墙spring.datasource.druid.filters=stat,wall,slf4j# 通过connectProperties属性来打开mergeSql功能;慢SQL记录spring.datasource.druid.connectionProperties=druid.stat.mergeSql\=true;druid.stat.slowSqlMillis\=5000# 配置DruidStatFilterspring.datasource.druid.web-stat-filter.enabled=truespring.datasource.druid.web-stat-filter.url-pattern=/*spring.datasource.druid.web-stat-filter.exclusions=*.js,*.gif,*.jpg,*.bmp,*.png,*.css,*.ico,/druid/*spring.datasource.druid.stat-view-servlet.url-pattern=/druid/*spring.datasource.druid.stat-view-servlet.allow=127.0.0.1spring.datasource.druid.stat-view-servlet.deny=192.168.1.73spring.datasource.druid.stat-view-servlet.reset-enable=falsespring.datasource.druid.stat-view-servlet.login-username=adminspring.datasource.druid.stat-view-servlet.login-password=123456
(2)如果pom引入的是
<dependency> <groupId>com.alibaba</groupId> <artifactId>druid</artifactId> <version>1.1.16</version></dependency>
除了配置文件修改,还要添加一个配置类,网上很多。
至此,完成了基本配置,特此记录。