1.Web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
version="3.1">
<!--<!– 通过监听器加载xml文件–>-->
<!-- <listener>-->
<!-- <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>-->
<!-- </listener>-->
<!-- <context-param>-->
<!-- <param-name>contextConfigLocation</param-name>-->
<!-- <param-value>classpath:spring-security.xml</param-value>-->
<!-- </context-param>-->
<!-- 用于获取request对象-->
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<!-- 配置核心解析器 -->
<servlet>
<servlet-name>mvc</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:applicationContext.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>mvc</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<!-- 配置中文乱码过滤器 -->
<filter>
<filter-name>u8</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>utf-8</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>u8</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 锁定进入页面-->
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list>
<!-- 登入验证授权过滤器-->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 配置友好错误页面-->
<error-page>
<error-code>403</error-code>
<location>/403.jsp</location>
</error-page>
</web-app>
2.applicationContext.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx.xsd">
<!-- 创建容器对象扫描注解-->
<context:component-scan base-package="com.qyf"></context:component-scan>
<!-- 通过 <import> 标签加载子配置文件spring-dao.xml \spring-mvc.xml -->
<import resource="classpath:spring-dao.xml"></import>
<import resource="classpath:spring-mvc.xml"></import>
<import resource="spring-security.xml"></import>
</beans>
3.spring-dao.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx.xsd">
<!-- 根据配置文件读取信息用于创建数据库连接池 -->
<context:property-placeholder location="classpath:jdbc.properties"></context:property-placeholder>
<!-- 创建数据库连接池 -->
<bean id="ds" class="com.alibaba.druid.pool.DruidDataSource">
<property name="driverClassName" value="${jdbc.driver}"></property>
<property name="url" value="${jdbc.url}"></property>
<property name="username" value="${jdbc.username}"></property>
<property name="password" value="${jdbc.password}"></property>
</bean>
<!-- 创建SqlSessionFactoryBean用于执行sql语句 -->
<bean class="org.mybatis.spring.SqlSessionFactoryBean">
<property name="dataSource" ref="ds"/>
<property name="typeAliasesPackage" value="com.qyf.domain"/>
<!-- 传入pageHelper的插件-->
<property name="plugins">
<array>
<!-- 创建插件对象-->
<bean class="com.github.pagehelper.PageInterceptor">
<property name="properties">
<props>
<!-- 指定插件使用的数据库-->
<prop key="helperDialect">oracle</prop>
<!-- 分页合理化参数,为true时会默认查询第一页,超过总数时默认查询最后一页-->
<prop key="reasonable">true</prop>
</props>
</property>
</bean>
</array>
</property>
</bean>
<!-- 扫描映射文件创建代理对象 -->
<bean class="org.mybatis.spring.mapper.MapperScannerConfigurer">
<property name="basePackage" value="com.qyf.dao"></property>
</bean>
<!-- 事务管理器配置-->
<bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource" ref="ds"/>
</bean>
<tx:annotation-driven transaction-manager="transactionManager"/>
<!-- 开启事务管理器-->
<!-- <bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">-->
<!-- <property name="dataSource" ref="ds"/>-->
<!-- </bean>-->
<!-- <tx:advice id="interceptor" transaction-manager="transactionManager">-->
<!-- <tx:attributes>-->
<!-- <tx:method name="*" read-only="false" propagation="REQUIRED"/>-->
<!-- <tx:method name="find*" read-only="true" propagation="SUPPORTS"/>-->
<!-- </tx:attributes>-->
<!-- </tx:advice>-->
<!-- -->
<!-- <aop:config proxy-target-class="true">-->
<!-- <aop:pointcut id="p1" expression="execution(* com.qyf.service.impl.*.*(..))"/>-->
<!-- <aop:advisor advice-ref="interceptor" pointcut-ref="p1"/>-->
<!-- </aop:config>-->
</beans>
4.spring-mvc.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx.xsd">
<!-- 配置视图解析器-->
<bean id="resourceViewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<constructor-arg name="prefix" value="/pages/"/>
<constructor-arg name="suffix" value=".jsp"/>
</bean>
<!-- 型转换器-->
<bean id="conversionService" class="org.springframework.context.support.ConversionServiceFactoryBean">
<property name="converters">
<set>
<ref bean="stringToDate"></ref>
</set>
</property>
</bean>
<!--开启SpringMVC注解的支持-->
<mvc:annotation-driven conversion-service="conversionService"/>
<!-- 静态资源释放 -->
<mvc:default-servlet-handler></mvc:default-servlet-handler>
</beans>
5.spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:Security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<!-- 开启方法权限注解-->
<Security:global-method-security secured-annotations="enabled" />
<!-- 配置不拦截的资源 -->
<security:http pattern="/login.jsp" security="none"/>
<security:http pattern="/failer.jsp" security="none"/>
<security:http pattern="/css/**" security="none"/>
<security:http pattern="/img/**" security="none"/>
<security:http pattern="/plugins/**" security="none"/>
<!--
配置具体的规则
auto-config="true" 不用自己编写登录的页面,框架提供默认登录页面
use-expressions="false" 是否使用SPEL表达式(没学习过)
-->
<security:http auto-config="true" use-expressions="false" >
<!-- 配置具体的拦截的规则 pattern="请求路径的规则" access="访问系统的人,必须有ROLE_USER,ROLE_ADMIN的角色" -->
<security:intercept-url pattern="/**" access="ROLE_USER,ROLE_ADMIN"/>
<!-- 定义跳转的具体的页面 -->
<security:form-login
login-page="/login.jsp"
login-processing-url="/login.do"
default-target-url="/index.jsp"
authentication-failure-url="/failer.jsp"
authentication-success-forward-url="/pages/main.jsp"
/>
<!-- 关闭跨域请求 -->
<security:csrf disabled="true"/>
<!-- 退出 指定注销路径,自动完成用户注销-->
<security:logout invalidate-session="true" logout-url="/logout.do" logout-success-url="/login.jsp" />
</security:http>
<!-- 切换成数据库中的用户名和密码 -->
<security:authentication-manager>
<security:authentication-provider user-service-ref="userServiceImpl">
<!-- 配置解密的方式-->
<security:password-encoder ref="passwordEncoder"/>
</security:authentication-provider>
</security:authentication-manager>
<!-- 配置加密类 -->
<bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>
<!-- 打开权限注解-->
<bean id="webSecurityExpressionHandler" class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/>
<!-- 提供了入门的方式,在内存中存入用户名和密码
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="admin" password="{noop}admin" authorities="ROLE_USER"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
-->
</beans>
6.jdbc.properties
jdbc.driver=oracle.jdbc.driver.OracleDriver
jdbc.url=jdbc:oracle:thin:@localhost:1521/orcl
jdbc.username=qyf
jdbc.password=qyf
7.log4j.properties
# Set root category priority to INFO and its only appender to CONSOLE.
#log4j.rootCategory=INFO, CONSOLE debug info warn error fatal
log4j.rootCategory=debug, CONSOLE, LOGFILE
# Set the enterprise logger category to FATAL and its only appender to CONSOLE.
log4j.logger.org.apache.axis.enterprise=FATAL, CONSOLE
# CONSOLE is set to be a ConsoleAppender using a PatternLayout.
log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
log4j.appender.CONSOLE.layout.ConversionPattern=%d{ISO8601} %-6r [%15.15t] %-5p %30.30c %x - %m\n
LOGFILE is set to be a File appender using a PatternLayout.
log4j.appender.LOGFILE=org.apache.log4j.FileAppender
log4j.appender.LOGFILE.File=D://logData/log4j.log
log4j.appender.LOGFILE.Append=true
log4j.appender.LOGFILE.layout=org.apache.log4j.PatternLayout
log4j.appender.LOGFILE.layout.ConversionPattern=%d{ISO8601} %-6r [%15.15t] %-5p %30.30c %x - %m\n
8.Controller.java
package com.qyf.controller;
import com.github.pagehelper.PageInfo;
import com.qyf.dao.IUserInfoDao;
import com.qyf.domain.Role;
import com.qyf.domain.UserInfo;
import com.qyf.service.IUserService;
import com.qyf.service.impl.UserServiceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;
import java.util.List;
@Controller
@RequestMapping("/user")
public class UserController {
@Autowired
IUserService userService;
@RequestMapping("/addRoleToUser")
public String addRoleToUser(@RequestParam(name = "userId",required = true) String userId,@RequestParam(name = "ids",required = true) String[] roleIds){
userService.addRoleToUser(userId,roleIds);
return "redirect:findAll.do?";
}
@RequestMapping("/findUserByIdAndAllRole.do")
public ModelAndView findUserByIdAndAllRole( String id){
ModelAndView mav = new ModelAndView("user-role-add");
//根据用户ID查询该用户可以添加的角色信息
mav.addObject("roleList",userService.findRoleByUserId(id));
return mav;
}
@RequestMapping("/findAll.do")
public ModelAndView findAll(@RequestParam(defaultValue = "1") int pageNum,@RequestParam(defaultValue = "4") int pageSize){
ModelAndView mav = new ModelAndView("user-list");
List<UserInfo> userList = userService.findAll(pageNum,pageSize);
//插件分页对象
PageInfo pageInfo = new PageInfo(userList);
mav.addObject("pageInfo",pageInfo);
return mav;
}
@RequestMapping("/save.do")
public String save(UserInfo userInfo){
userService.save(userInfo);
return "redirect:findAll.do";
}
/**
* 查看详情
*/
@RequestMapping("/findById.do")
public ModelAndView findById(String id){
ModelAndView mav = new ModelAndView("user-show");
mav.addObject("user",userService.findById(id));
return mav;
}
}
package com.qyf.controller;
import com.github.pagehelper.PageHelper;
import com.github.pagehelper.PageInfo;
import com.qyf.domain.Product;
import com.qyf.service.IProductService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.annotation.Secured;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;
import java.util.List;
@Controller
@RequestMapping("/product")
public class ProductController {
@Autowired
IProductService productService;
/**
* 查询所有产品信息
*
* @param
* @return
*/
@RequestMapping("/findAll.do")
@Secured("ROLE_ADMIN")
public ModelAndView findAll(@RequestParam(defaultValue = "1") int pageNum,@RequestParam(defaultValue = "4") int pageSize) {
ModelAndView mav = new ModelAndView("product-list");
List<Product> products = productService.findAll(pageNum,pageSize);
//插件pageInfo对象,将查询到的产品信息集合设置进去.
PageInfo pageInfo = new PageInfo(products);
System.out.println("页面信息: "+pageInfo.toString());
mav.addObject("pageInfo", pageInfo);
return mav;
}
/**
* 添加产品信息
*/
@RequestMapping("/save.do")
public String saveProdect(Product product) {
productService.save(product);
return "redirect:findAll.do";
}
/**
* 删除产品信息
* @return
*/
@RequestMapping("/remove.do")
public String remove(){
return "redirect:findAll.do";
}
@RequestMapping("/findById.do")
public String findById(String id){
return "product-show";
}
}
9.Service.java
package com.qyf.service.impl;
import com.github.pagehelper.PageHelper;
import com.qyf.dao.IUserInfoDao;
import com.qyf.domain.Role;
import com.qyf.domain.UserInfo;
import com.qyf.service.IUserService;
import org.springframework.beans.SimpleTypeConverter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Transactional;
import java.util.ArrayList;
import java.util.List;
@Component
@Transactional
public class UserServiceImpl implements IUserService {
@Autowired
IUserInfoDao userInfoDao;
// 加密对象
@Autowired
private BCryptPasswordEncoder bCryptPasswordEncoder;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
//根据用户名查询数据库
UserInfo userInfo = userInfoDao.findByUser(username);
//加载角色信息
List<SimpleGrantedAuthority> list=new ArrayList<>();
//遍历角色的权限
for (Role role : userInfo.getRoles()) {
SimpleGrantedAuthority sga = new SimpleGrantedAuthority(role.getRoleName());
list.add(sga);
}
User user = new User(userInfo.getUsername(),userInfo.getPassword(),list);
return user;
}
@Override
public void save(UserInfo userInfo) {
//对密码进行加密
userInfo.setPassword(bCryptPasswordEncoder.encode(userInfo.getPassword()));
System.out.println("加密用户:"+userInfo.toString());
userInfoDao.save(userInfo);
}
@Override
public List<UserInfo> findAll(int pageNum,int pageSize) {
PageHelper.startPage(pageNum,pageSize);
return userInfoDao.findAll();
}
@Override
public UserInfo findById(String id) {
return userInfoDao.findById(id);
}
@Override
public List<Role> findRoleByUserId(String id) {
return userInfoDao.findRoleByUserId(id);
}
@Override
public void addRoleToUser(String userId, String[] roleIds) {
for (String roleId : roleIds) {
userInfoDao.addRoleToUser(userId,roleId);
}
}
}
package com.qyf.service.impl;
import com.github.pagehelper.PageHelper;
import com.qyf.dao.IProductDao;
import com.qyf.domain.Product;
import com.qyf.service.IProductService;
import org.apache.ibatis.annotations.Select;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import java.util.List;
@Service
@Transactional
public class ProductServiceImpl implements IProductService {
@Autowired
IProductDao productDao;
/**
* 查询所有产品信息
* @return
*/
@Override
public List<Product> findAll(int pageNum,int pageSize) {
//设置分页对象属性
PageHelper.startPage(pageNum,pageSize);
return productDao.findAll();
}
/**
* 添加产品信息
* @param product
*/
@Override
public void save(Product product) {
productDao.save(product);
}
}
10.DAO.java
package com.qyf.dao;
import com.qyf.domain.Permission;
import com.qyf.domain.Role;
import org.apache.ibatis.annotations.*;
import java.util.List;
public interface IRoleDao {
//根据用户ID查询处所有对应的角色和角色对应的权限
@Select("select * from role where id in(select roleid from users_role where userid=#{userid})")
@Results({
@Result(column = "id",property = "permissions",many = @Many(select = "com.qyf.dao.IPermissionDao.findByRoleId"))
})
List<Role> findByUserId(String userId);
@Select("select * from role")
List<Role> findAll();
@Insert("insert into role(id,rolename,roledesc)values(default,#{roleName},#{roleDesc})")
void save(Role role);
@Select("select * from role where id=#{roleId}")
Role findByRoleId(String roleId);
@Select("select * from permission where id not in(select permissionid from role_permission where roleid=#{roleId})")
List<Permission> findPermissionsByRoleId(String roleId);
@Insert("insert into role_permission(permissionid,roleid)values(#{permissionid},#{roleId})")
void savePermissionsByRoleId(@Param("roleId") String roleId,@Param("permissionid") String permissionId);
}
package com.qyf.dao;
import com.qyf.domain.Role;
import com.qyf.domain.UserInfo;
import org.apache.ibatis.annotations.*;
import java.util.List;
public interface IUserInfoDao {
@Select("select * from users")
List<UserInfo> findAll();
@Select("select * from users where username=#{username}")
@Results({
@Result(column = "id",many = @Many(select = "com.qyf.dao.IRoleDao.findByUserId"),
property = "roles")
})
UserInfo findByUser(String username);
@Insert("insert into users(id,email,username,password,phonenum,status) values" +
"(default,#{email},#{username},#{password},#{phoneNum},#{status})")
void save(UserInfo userInfo);
@Select("select * from users where id=#{id}")
@Results({
@Result(column = "id",many = @Many(select = "com.qyf.dao.IRoleDao.findByUserId"),
property = "roles")
})
UserInfo findById(String id);
@Select("select * from role where id not in(select roleid from users_role where userid=#{id})")
List<Role> findRoleByUserId(String id);
@Insert("insert into users_role (userid,roleid)values(#{userid},#{roleid})")
void addRoleToUser(@Param("userid") String userId,@Param("roleid") String roleId);
}
来源:https://blog.csdn.net/weixin_43342054/article/details/99756973