SpringBoot + Vue 搭建先后端分离的博客项目系统(SpringBoot 部分)
SpringBoot + Vue 搭建先后端分离的博客项目系统
一:简单介绍
功能大纲
博客项目系统的基本增删改查前端
学习目的
搭建先后端分离项目的骨架java
二:Java 后端接口开发
一、前言
- 从零开始搭建一个项目骨架,最好选择合适、熟悉的技术,而且在将来易拓展,适合微服务化体系等。因此通常以SpringBoot做为咱们的框架基础。
- 而后数据层,咱们经常使用的是Mybatis,易上手,方便维护。可是单表操做比较困难,特别是添加字段或减小字段的时候,比较繁琐,因此这里我推荐使用Mybatis Plus,为简化开发而生,只需简单配置,便可快速进行 CRUD 操做,从而节省大量时间。
- 做为一个项目骨架,权限也是咱们不能忽略的,Shiro配置简单,使用也简单,因此使用Shiro做为咱们的的权限。
- 考虑到项目可能须要部署多台,这时候咱们的会话等信息须要共享,Redis是如今主流的缓存中间件,也适合咱们的项目。
- 由于先后端分离,因此咱们使用Jwt做为咱们用户身份凭证。
二、技术栈
- SpringBoot
- Mybatis Plus
- Shiro
- Lombok
- Redis
- Hibernate Validatior
- Jwt
三、新建 SpringBoot 项目
pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.5.0</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.pony</groupId>
<artifactId>springboot_blog</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>springboot_blog</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<!--项目的热加载重启插件-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>runtime</scope>
<optional>true</optional>
</dependency>
<!--mysql-->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<!--化代码的工具-->
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<!--mybatis plus-->
<dependency>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-plus-boot-starter</artifactId>
<version>3.2.0</version>
</dependency>
<!--mybatis plus 代码生成器-->
<dependency>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-plus-generator</artifactId>
<version>3.2.0</version>
</dependency>
<!--freemarker-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-freemarker</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<excludes>
<exclude>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</exclude>
</excludes>
</configuration>
</plugin>
</plugins>
</build>
</project>
application.yml
# DataSource Config
spring:
datasource:
driver-class-name: com.mysql.cj.jdbc.Driver
url: jdbc:mysql://localhost:3306/springboot_blog?useUnicode=true&useSSL=false&characterEncoding=utf8&serverTimezone=Asia/Shanghai
username: root
password: password
mybatis-plus:
mapper-locations: classpath*:/mapper/**Mapper.xml
开启mapper接口扫描,添加分页插件
package com.pony.config;
import com.baomidou.mybatisplus.extension.plugins.PaginationInterceptor;
import org.mybatis.spring.annotation.MapperScan;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.transaction.annotation.EnableTransactionManagement;
/**
* @author malf
* @description 经过@MapperScan 注解指定要变成实现类的接口所在的包,而后包下面的全部接口在编译以后都会生成相应的实现类。
* PaginationInterceptor是一个分页插件。
* @date 2021/5/22
* @project springboot_blog
*/
@Configuration
@EnableTransactionManagement
@MapperScan("com.pony.mapper")
public class MybatisPlusConfig {
@Bean
public PaginationInterceptor paginationInterceptor() {
PaginationInterceptor paginationInterceptor = new PaginationInterceptor();
return paginationInterceptor;
}
}
代码生成(直接根据数据库表信息生成entity、service、mapper等接口和实现类)
建立 Mysql 数据库表mysql
CREATE TABLE `pony_user` ( `id` bigint(20) NOT NULL AUTO_INCREMENT, `username` varchar(64) DEFAULT NULL, `avatar` varchar(255) DEFAULT NULL, `email` varchar(64) DEFAULT NULL, `password` varchar(64) DEFAULT NULL, `status` int(5) NOT NULL, `created` datetime DEFAULT NULL, `last_login` datetime DEFAULT NULL, PRIMARY KEY (`id`), KEY `UK_USERNAME` (`username`) USING BTREE ) ENGINE=InnoDB DEFAULT CHARSET=utf8; CREATE TABLE `pony_blog` ( `id` bigint(20) NOT NULL AUTO_INCREMENT, `user_id` bigint(20) NOT NULL, `title` varchar(255) NOT NULL, `description` varchar(255) NOT NULL, `content` longtext, `created` datetime NOT NULL ON UPDATE CURRENT_TIMESTAMP, `status` tinyint(4) DEFAULT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=11 DEFAULT CHARSET=utf8mb4; INSERT INTO `springboot_blog`.`pony_user` (`id`, `username`, `avatar`, `email`, `password`, `status`, `created`, `last_login`) VALUES ('1', 'pony', 'https://image-1300566513.cos.ap-guangzhou.myqcloud.com/upload/images/5a9f48118166308daba8b6da7e466aab.jpg', NULL, '96e79218965eb72c92a549dd5a330112', '0', '2021-05-20 10:44:01', NULL);代码生成器:CodeGeneratorgit
package com.pony; import com.baomidou.mybatisplus.core.exceptions.MybatisPlusException; import com.baomidou.mybatisplus.core.toolkit.StringPool; import com.baomidou.mybatisplus.core.toolkit.StringUtils; import com.baomidou.mybatisplus.generator.AutoGenerator; import com.baomidou.mybatisplus.generator.InjectionConfig; import com.baomidou.mybatisplus.generator.config.*; import com.baomidou.mybatisplus.generator.config.po.TableInfo; import com.baomidou.mybatisplus.generator.config.rules.NamingStrategy; import com.baomidou.mybatisplus.generator.engine.FreemarkerTemplateEngine; import java.util.ArrayList; import java.util.List; import java.util.Scanner; /** * @author malf * @description 执行 main 方法,在控制台输入模块表名回车自动生成对应项目目录 * @date 2021/5/22 * @project springboot_blog */ public class CodeGenerator { /** * 读取控制台内容 */ public static String scanner(String tip) { Scanner scanner = new Scanner(System.in); StringBuilder help = new StringBuilder(); help.append("请输入" + tip + ":"); System.out.println(help.toString()); if (scanner.hasNext()) { String ipt = scanner.next(); if (StringUtils.isNotEmpty(ipt)) { return ipt; } } throw new MybatisPlusException("请输入正确的" + tip + "!"); } public static void main(String[] args) { // 代码生成器 AutoGenerator mpg = new AutoGenerator(); // 全局配置 GlobalConfig gc = new GlobalConfig(); String projectPath = System.getProperty("user.dir"); gc.setOutputDir(projectPath + "/src/main/java"); gc.setAuthor("pony"); gc.setOpen(false); // gc.setSwagger2(true); 实体属性 Swagger2 注解 gc.setServiceName("%sService"); mpg.setGlobalConfig(gc); // 数据源配置 DataSourceConfig dsc = new DataSourceConfig(); dsc.setUrl("jdbc:mysql://localhost:3306/springboot_blog?useUnicode=true&useSSL=false&characterEncoding=utf8&serverTimezone=UTC"); dsc.setDriverName("com.mysql.cj.jdbc.Driver"); dsc.setUsername("root"); dsc.setPassword("password"); mpg.setDataSource(dsc); // 包配置 PackageConfig pc = new PackageConfig(); pc.setModuleName(null); pc.setParent("com.pony"); mpg.setPackageInfo(pc); // 自定义配置 InjectionConfig cfg = new InjectionConfig() { @Override public void initMap() { } }; // 若是模板引擎是 freemarker String templatePath = "/templates/mapper.xml.ftl"; // 若是模板引擎是 velocity // String templatePath = "/templates/mapper.xml.vm"; // 自定义输出配置 List<FileOutConfig> focList = new ArrayList<>(); // 自定义配置会被优先输出 focList.add(new FileOutConfig(templatePath) { @Override public String outputFile(TableInfo tableInfo) { // 自定义输出文件名 , 若是 Entity 设置了先后缀,此处注意 xml 的名称会跟着发生变化 return projectPath + "/src/main/resources/mapper/" + "/" + tableInfo.getEntityName() + "Mapper" + StringPool.DOT_XML; } }); cfg.setFileOutConfigList(focList); mpg.setCfg(cfg); // 配置模板 TemplateConfig templateConfig = new TemplateConfig(); templateConfig.setXml(null); mpg.setTemplate(templateConfig); // 策略配置 StrategyConfig strategy = new StrategyConfig(); strategy.setNaming(NamingStrategy.underline_to_camel); strategy.setColumnNaming(NamingStrategy.underline_to_camel); strategy.setEntityLombokModel(true); strategy.setRestControllerStyle(true); strategy.setInclude(scanner("表名,多个英文逗号分割").split(",")); strategy.setControllerMappingHyphenStyle(true); strategy.setTablePrefix("pony_"); mpg.setStrategy(strategy); mpg.setTemplateEngine(new FreemarkerTemplateEngine()); mpg.execute(); } }- 执行 main 方法,输入 pony_user, pony_blog后回车便可,代码目录结构以下:
测试当前步骤正确及数据库链接正常web
package com.pony.controller; import com.pony.service.UserService; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; import javax.annotation.Resource; /** * <p> * 前端控制器 * </p> * * @author pony * @since 2021-05-22 */ @RestController @RequestMapping("/user") public class UserController { @Resource UserService userService; @GetMapping("/{id}") public Object test(@PathVariable("id") Long id) { return userService.getById(id); } }运行项目,访问地址
http://localhost:8080/user/1redis四、统一结果封装
package com.pony.common; import lombok.Data; import java.io.Serializable; /** * @author malf * @description 用于异步统一返回的结果封装。 * @date 2021/5/22 * @project springboot_blog */ @Data public class Result implements Serializable { private String code; // 是否成功 private String message; // 结果消息 private Object data; // 结果数据 public static Result success(Object data) { Result result = new Result(); result.setCode("0"); result.setData(data); result.setMessage("操做成功"); return result; } public static Result success(String message, Object data) { Result result = new Result(); result.setCode("0"); result.setData(data); result.setMessage(message); return result; } public static Result fail(String message) { Result result = new Result(); result.setCode("-1"); result.setData(null); result.setMessage(message); return result; } public static Result fail(String message, Object data) { Result result = new Result(); result.setCode("-1"); result.setData(data); result.setMessage(message); return result; } }五、整合Shiro + Jwt,并会话共享
考虑到后面可能须要作集群、负载均衡等,因此就须要会话共享,而Shiro的缓存和会话信息,咱们通常考虑使用Redis来存储数据,因此,咱们不只须要整合Shiro,也须要整合Redis。spring
引入 shiro-redis 和 jwt 依赖,为了简化开发,同时引入hutool工具包。
<dependency> <groupId>org.crazycake</groupId> <artifactId>shiro-redis-spring-boot-starter</artifactId> <version>3.2.1</version> </dependency> <!-- hutool工具类--> <dependency> <groupId>cn.hutool</groupId> <artifactId>hutool-all</artifactId> <version>5.3.3</version> </dependency> <!-- jwt --> <dependency> <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt</artifactId> <version>0.9.1</version> </dependency>编写Shiro配置类
第一步:生成和校验jwt的工具类,其中有些jwt相关的密钥信息是从项目配置文件中配置的sql
package com.pony.util; import io.jsonwebtoken.Claims; import io.jsonwebtoken.Jwts; import io.jsonwebtoken.SignatureAlgorithm; import lombok.Data; import lombok.extern.slf4j.Slf4j; import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.stereotype.Component; import java.util.Date; /** * @author malf * @description * @date 2021/5/22 * @project springboot_blog */ @Slf4j @Data @Component @ConfigurationProperties(prefix = "pony.jwt") public class JwtUtils { private String secret; private long expire; private String header; /** * 生成jwt token */ public String generateToken(long userId) { Date nowDate = new Date(); // 过时时间 Date expireDate = new Date(nowDate.getTime() + expire * 1000); return Jwts.builder() .setHeaderParam("typ", "JWT") .setSubject(userId + "") .setIssuedAt(nowDate) .setExpiration(expireDate) .signWith(SignatureAlgorithm.HS512, secret) .compact(); } public Claims getClaimByToken(String token) { try { return Jwts.parser().setSigningKey(secret).parseClaimsJws(token).getBody(); } catch (Exception e) { log.debug("validate is token error ", e); return null; } } /** * token是否过时 * * @return true:过时 */ public boolean isTokenExpired(Date expiration) { return expiration.before(new Date()); } }第二步:自定义一个JwtToken,来完成shiro的supports方法数据库
package com.pony.shiro; import org.apache.shiro.authc.AuthenticationToken; /** * @author malf * @description shiro默认supports的是UsernamePasswordToken,咱们如今采用了jwt的方式, * 因此这里自定义一个JwtToken,来完成shiro的supports方法。 * @date 2021/5/22 * @project springboot_blog */ public class JwtToken implements AuthenticationToken { private String token; public JwtToken(String token) { this.token = token; } @Override public Object getPrincipal() { return token; } @Override public Object getCredentials() { return token; } }第三步:登陆成功以后返回的一个用户信息的载体apache
package com.pony.shiro; import lombok.Data; import java.io.Serializable; /** * @author malf * @description 登陆成功以后返回的一个用户信息的载体 * @date 2021/5/22 * @project springboot_blog */ @Data public class AccountProfile implements Serializable { private Long id; private String username; private String avatar; }第四步:shiro进行登陆或者权限校验的逻辑所在
package com.pony.shiro; import cn.hutool.core.bean.BeanUtil; import com.pony.entity.User; import com.pony.service.UserService; import com.pony.util.JwtUtils; import lombok.extern.slf4j.Slf4j; import org.apache.shiro.authc.*; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.springframework.stereotype.Component; import javax.annotation.Resource; /** * @author malf * @description shiro进行登陆或者权限校验的逻辑所在 * @date 2021/5/22 * @project springboot_blog */ @Slf4j @Component public class AccountRealm extends AuthorizingRealm { @Resource JwtUtils jwtUtils; @Resource UserService userService; @Override public boolean supports(AuthenticationToken token) { return token instanceof JwtToken; } @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { return null; } @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { JwtToken jwt = (JwtToken) token; log.info("jwt----------------->{}", jwt); String userId = jwtUtils.getClaimByToken((String) jwt.getPrincipal()).getSubject(); User user = userService.getById(Long.parseLong(userId)); if (user == null) { throw new UnknownAccountException("帐户不存在!"); } if (user.getStatus() == -1) { throw new LockedAccountException("帐户已被锁定!"); } AccountProfile profile = new AccountProfile(); BeanUtil.copyProperties(user, profile); log.info("profile----------------->{}", profile.toString()); return new SimpleAuthenticationInfo(profile, jwt.getCredentials(), getName()); } }- supports:为了让realm支持jwt的凭证校验
- doGetAuthorizationInfo:权限校验
- doGetAuthenticationInfo:登陆认证校验,经过jwt获取到用户信息,判断用户的状态,最后异常就抛出对应的异常信息,否者封装成SimpleAuthenticationInfo返回给shiro。
第五步:定义jwt的过滤器JwtFilter
package com.pony.shiro; import cn.hutool.json.JSONUtil; import com.baomidou.mybatisplus.core.toolkit.StringUtils; import com.pony.common.Result; import com.pony.util.JwtUtils; import io.jsonwebtoken.Claims; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.ExpiredCredentialsException; import org.apache.shiro.web.filter.authc.AuthenticatingFilter; import org.apache.shiro.web.util.WebUtils; import org.springframework.web.bind.annotation.RequestMethod; import javax.annotation.Resource; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; /** * @author malf * @description 定义jwt的过滤器JwtFilter。 * @date 2021/5/22 * @project springboot_blog */ @Component public class JwtFilter extends AuthenticatingFilter { @Resource JwtUtils jwtUtils; @Override protected AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception { // 获取 token HttpServletRequest request = (HttpServletRequest) servletRequest; String jwt = request.getHeader("Authorization"); if (StringUtils.isEmpty(jwt)) { return null; } return new JwtToken(jwt); } @Override protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception { HttpServletRequest request = (HttpServletRequest) servletRequest; String token = request.getHeader("Authorization"); if (StringUtils.isEmpty(token)) { return true; } else { // 判断是否已过时 Claims claim = jwtUtils.getClaimByToken(token); if (claim == null || jwtUtils.isTokenExpired(claim.getExpiration())) { throw new ExpiredCredentialsException("token已失效,请从新登陆!"); } } // 执行自动登陆 return executeLogin(servletRequest, servletResponse); } @Override protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) { HttpServletResponse httpResponse = (HttpServletResponse) response; try { //处理登陆失败的异常 Throwable throwable = e.getCause() == null ? e : e.getCause(); Result r = Result.fail(throwable.getMessage()); String json = JSONUtil.toJsonStr(r); httpResponse.getWriter().print(json); } catch (IOException e1) { } return false; } /** * 对跨域提供支持 */ @Override protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception { HttpServletRequest httpServletRequest = WebUtils.toHttp(request); HttpServletResponse httpServletResponse = WebUtils.toHttp(response); httpServletResponse.setHeader("Access-control-Allow-Origin", httpServletRequest.getHeader("Origin")); httpServletResponse.setHeader("Access-Control-Allow-Methods", "GET,POST,OPTIONS,PUT,DELETE"); httpServletResponse.setHeader("Access-Control-Allow-Headers", httpServletRequest.getHeader("Access-Control-Request-Headers")); // 跨域时会首先发送一个OPTIONS请求,这里咱们给OPTIONS请求直接返回正常状态 if (httpServletRequest.getMethod().equals(RequestMethod.OPTIONS.name())) { httpServletResponse.setStatus(org.springframework.http.HttpStatus.OK.value()); return false; } return super.preHandle(request, response); } }- createToken:实现登陆,咱们须要生成咱们自定义支持的JwtToken
- onAccessDenied:拦截校验,当头部没有Authorization时候,咱们直接经过,不须要自动登陆;当带有的时候,首先咱们校验jwt的有效性,没问题咱们就直接执行executeLogin方法实现自动登陆
- onLoginFailure:登陆异常时候进入的方法,咱们直接把异常信息封装而后抛出
- preHandle:拦截器的前置拦截,由于是先后端分析项目,项目中除了须要跨域全局配置以外,在拦截器中也须要提供跨域支持。这样,拦截器才不会在进入Controller以前就被限制了
第六步:Shiro 配置类
package com.pony.config; import com.pony.shiro.AccountRealm; import com.pony.shiro.JwtFilter; import org.apache.shiro.mgt.DefaultSessionStorageEvaluator; import org.apache.shiro.mgt.DefaultSubjectDAO; import org.apache.shiro.mgt.SecurityManager; import org.apache.shiro.session.mgt.SessionManager; import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.spring.web.config.DefaultShiroFilterChainDefinition; import org.apache.shiro.spring.web.config.ShiroFilterChainDefinition; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.apache.shiro.web.session.mgt.DefaultWebSessionManager; import org.crazycake.shiro.RedisCacheManager; import org.crazycake.shiro.RedisSessionDAO; import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import javax.annotation.Resource; import javax.servlet.Filter; import java.util.HashMap; import java.util.LinkedHashMap; import java.util.Map; /** * @author malf * @description shiro 启用注解拦截控制器 * @date 2021/5/22 * @project springboot_blog */ @Configuration public class ShiroConfig { @Resource JwtFilter jwtFilter; @Bean public SessionManager sessionManager(RedisSessionDAO redisSessionDAO) { DefaultWebSessionManager sessionManager = new DefaultWebSessionManager(); sessionManager.setSessionDAO(redisSessionDAO); return sessionManager; } @Bean public DefaultWebSecurityManager securityManager(AccountRealm accountRealm, SessionManager sessionManager, RedisCacheManager redisCacheManager) { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(accountRealm); securityManager.setSessionManager(sessionManager); securityManager.setCacheManager(redisCacheManager); /* * 关闭shiro自带的session,详情见文档 */ DefaultSubjectDAO subjectDAO = new DefaultSubjectDAO(); DefaultSessionStorageEvaluator defaultSessionStorageEvaluator = new DefaultSessionStorageEvaluator(); defaultSessionStorageEvaluator.setSessionStorageEnabled(false); subjectDAO.setSessionStorageEvaluator(defaultSessionStorageEvaluator); securityManager.setSubjectDAO(subjectDAO); return securityManager; } @Bean public ShiroFilterChainDefinition shiroFilterChainDefinition() { DefaultShiroFilterChainDefinition chainDefinition = new DefaultShiroFilterChainDefinition(); Map<String, String> filterMap = new LinkedHashMap<>(); filterMap.put("/**", "jwt"); // 主要经过注解方式校验权限 chainDefinition.addPathDefinitions(filterMap); return chainDefinition; } @Bean("shiroFilterFactoryBean") public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager, ShiroFilterChainDefinition shiroFilterChainDefinition) { ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean(); shiroFilter.setSecurityManager(securityManager); Map<String, Filter> filters = new HashMap<>(); filters.put("jwt", jwtFilter); shiroFilter.setFilters(filters); Map<String, String> filterMap = shiroFilterChainDefinition.getFilterChainMap(); shiroFilter.setFilterChainDefinitionMap(filterMap); return shiroFilter; } // 开启注解代理(默认好像已经开启,能够不要) @Bean public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) { AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor(); authorizationAttributeSourceAdvisor.setSecurityManager(securityManager); return authorizationAttributeSourceAdvisor; } @Bean public static DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator() { DefaultAdvisorAutoProxyCreator creator = new DefaultAdvisorAutoProxyCreator(); return creator; } }- 引入RedisSessionDAO和RedisCacheManager,为了解决shiro的权限数据和会话信息能保存到redis中,实现会话共享。
- 重写了SessionManager和DefaultWebSecurityManager,同时在DefaultWebSecurityManager中为了关闭shiro自带的session方式,咱们须要设置为false,这样用户就再也不能经过session方式登陆shiro。后面将采用jwt凭证登陆。
- 在ShiroFilterChainDefinition中,咱们再也不经过编码形式拦截Controller访问路径,而是全部的路由都须要通过JwtFilter这个过滤器,而后判断请求头中是否含有jwt的信息,有就登陆,没有就跳过。跳过以后,有Controller中的shiro注解进行再次拦截,好比@RequiresAuthentication,这样控制权限访问。
第七步:配置文件
shiro-redis: enabled: true redis-manager: host: 127.0.0.1:6379 pony: jwt: # 加密秘钥 secret: f4e2e52034348f86b67cde581c0f9eb5 # token有效时长,7天,单位秒 expire: 604800 header: token
第八步:热部署配置(若是添加了 devtools 依赖)
resources/META-INF/spring-devtools.propertiesrestart.include.shiro-redis=/shiro-[\\w-\\.]+jar
目前为止,shiro就已经完成整合进来了,而且使用了jwt进行身份校验。
六、异常处理
package com.pony;
import com.pony.common.Result;
import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.ShiroException;
import org.springframework.http.HttpStatus;
import org.springframework.validation.BindingResult;
import org.springframework.validation.ObjectError;
import org.springframework.web.bind.MethodArgumentNotValidException;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.bind.annotation.RestControllerAdvice;
import java.io.IOException;
/**
* @author malf
* @description 全局异常处理
* @ControllerAdvice表示定义全局控制器异常处理,@ExceptionHandler表示针对性异常处理,可对每种异常针对性处理。
* @date 2021/5/22
* @project springboot_blog
*/
@Slf4j
@RestControllerAdvice
public class GlobalExceptionHandler {
// 捕捉shiro的异常
@ResponseStatus(HttpStatus.UNAUTHORIZED)
@ExceptionHandler(ShiroException.class)
public Result handle401(ShiroException e) {
return Result.fail("401", e.getMessage(), null);
}
/**
* 处理Assert的异常
*/
@ResponseStatus(HttpStatus.BAD_REQUEST)
@ExceptionHandler(value = IllegalArgumentException.class)
public Result handler(IllegalArgumentException e) throws IOException {
log.error("Assert异常:-------------->{}", e.getMessage());
return Result.fail(e.getMessage());
}
/**
* 校验错误异常处理
*/
@ResponseStatus(HttpStatus.BAD_REQUEST)
@ExceptionHandler(value = MethodArgumentNotValidException.class)
public Result handler(MethodArgumentNotValidException e) throws IOException {
log.error("运行时异常:-------------->", e);
BindingResult bindingResult = e.getBindingResult();
ObjectError objectError = bindingResult.getAllErrors().stream().findFirst().get();
return Result.fail(objectError.getDefaultMessage());
}
@ResponseStatus(HttpStatus.BAD_REQUEST)
@ExceptionHandler(value = RuntimeException.class)
public Result handler(RuntimeException e) throws IOException {
log.error("运行时异常:-------------->", e);
return Result.fail(e.getMessage());
}
}
- ShiroException:shiro抛出的异常,好比没有权限,用户登陆异常
- IllegalArgumentException:处理Assert的异常
- MethodArgumentNotValidException:处理实体校验的异常
RuntimeException:捕捉其余异常
七、实体校验
一、表单数据提交的时候,前端的校验可使用一些相似于jQuery Validate等js插件实现,然后端可使用Hibernate validatior来作校验。
@NotBlank(message = "昵称不能为空") private String username; private String avatar; @NotBlank(message = "邮箱不能为空") @Email(message = "邮箱格式不正确") private String email;
二、@Validated注解校验实体
/** * 测试实体校验 * @param user * @return */ @PostMapping("/save") public Object testUser(@Validated @RequestBody User user) { return user.toString(); }八、跨域问题
package com.pony.config; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.CorsRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; /** * @author malf * @description 全局跨域处理 * @date 2021/5/22 * @project springboot_blog */ @Configuration public class CorsConfig implements WebMvcConfigurer { @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**") .allowedOriginPatterns("*") .allowedMethods("GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS") .allowCredentials(true) .maxAge(3600) .allowedHeaders("*"); } }九、登陆接口开发
登陆帐号密码实体
package com.pony.common; import lombok.Data; import javax.validation.constraints.NotBlank; /** * @author malf * @description * @date 2021/5/22 * @project springboot_blog */ @Data public class LoginDto { @NotBlank(message = "昵称不能为空") private String username; @NotBlank(message = "密码不能为空") private String password; }登陆退出入口
package com.pony.controller; import cn.hutool.core.lang.Assert; import cn.hutool.core.map.MapUtil; import cn.hutool.crypto.SecureUtil; import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import com.pony.common.LoginDto; import com.pony.common.Result; import com.pony.entity.User; import com.pony.service.UserService; import com.pony.util.JwtUtils; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authz.annotation.RequiresAuthentication; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.CrossOrigin; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import javax.annotation.Resource; import javax.servlet.http.HttpServletResponse; /** * @author malf * @description 登陆接口 * 接受帐号密码,而后把用户的id生成jwt,返回给前段,为了后续的jwt的延期,把jwt放在header上 * @date 2021/5/22 * @project springboot_blog */ public class AccountController { @Resource JwtUtils jwtUtils; @Resource UserService userService; /** * 默认帐号密码:pony / 111111 */ @CrossOrigin @PostMapping("/login") public Result login(@Validated @RequestBody LoginDto loginDto, HttpServletResponse response) { User user = userService.getOne(new QueryWrapper<User>().eq("username", loginDto.getUsername())); Assert.notNull(user, "用户不存在"); if (!user.getPassword().equals(SecureUtil.md5(loginDto.getPassword()))) { return Result.fail("密码错误!"); } String jwt = jwtUtils.generateToken(user.getId()); response.setHeader("Authorization", jwt); response.setHeader("Access-Control-Expose-Headers", "Authorization"); // 用户能够另外一个接口 return Result.success(MapUtil.builder() .put("id", user.getId()) .put("username", user.getUsername()) .put("avatar", user.getAvatar()) .put("email", user.getEmail()) .map() ); } // 退出 @GetMapping("/logout") @RequiresAuthentication public Result logout() { SecurityUtils.getSubject().logout(); return Result.success(null); } }登陆接口测试
十、博客接口开发
ShiroUtils
package com.pony.util; import com.pony.shiro.AccountProfile; import org.apache.shiro.SecurityUtils; /** * @author malf * @description * @date 2021/5/22 * @project springboot_blog */ public class ShiroUtils { public static AccountProfile getProfile() { return (AccountProfile) SecurityUtils.getSubject().getPrincipal(); } }博客操做入口
package com.pony.controller; import cn.hutool.core.bean.BeanUtil; import cn.hutool.core.lang.Assert; import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import com.baomidou.mybatisplus.core.metadata.IPage; import com.baomidou.mybatisplus.extension.plugins.pagination.Page; import com.pony.common.Result; import com.pony.entity.Blog; import com.pony.service.BlogService; import com.pony.util.ShiroUtils; import org.apache.shiro.authz.annotation.RequiresAuthentication; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.*; import javax.annotation.Resource; import java.time.LocalDateTime; /** * <p> * 前端控制器 * </p> * * @author pony * @since 2021-05-22 */ @RestController public class BlogController { @Resource BlogService blogService; @GetMapping("/blogs") public Result blogs(Integer currentPage) { if (currentPage == null || currentPage < 1) currentPage = 1; Page page = new Page(currentPage, 5); IPage pageData = blogService.page(page, new QueryWrapper<Blog>().orderByDesc("created")); return Result.success(pageData); } @GetMapping("/blog/{id}") public Result detail(@PathVariable(name = "id") Long id) { Blog blog = blogService.getById(id); Assert.notNull(blog, "该博客已删除!"); return Result.success(blog); } @RequiresAuthentication @PostMapping("/blog/edit") public Result edit(@Validated @RequestBody Blog blog) { System.out.println(blog.toString()); Blog temp = null; if (blog.getId() != null) { temp = blogService.getById(blog.getId()); Assert.isTrue(temp.getUserId() == ShiroUtils.getProfile().getId(), "没有权限编辑"); } else { temp = new Blog(); temp.setUserId(ShiroUtils.getProfile().getId()); temp.setCreated(LocalDateTime.now()); temp.setStatus(0); } BeanUtil.copyProperties(blog, temp, "id", "userId", "created", "status"); blogService.saveOrUpdate(temp); return Result.success("操做成功", null); } }接口测试
目前为止,后端接口的开发基本完成。源码参考
相关文章
- 1. 一分钟搭建vue,elementui,springboot先后端分离项目
- 2. SpringBoot+Vue先后端分离项目Demo
- 3. 快速搭建VUE+SpringBoot先后端分离项目
- 4. springboot+vue + nginx 搭建先后端分离项目
- 5. SpringBoot+Vue搭建前后端分离的轻博客
- 6. springboot+vue 先后端分离项目实战一 项目的搭建
- 7. Vue+SpringBoot+MySQL 前后端分离搭建个人博客
- 8. SpringBoot+Shiro+MyBatisPlus搭建先后端分离的多模块项目
- 9. docker-compose 部署 Vue+SpringBoot 先后端分离项目
- 10. 部署vue+Springboot先后端分离项目
- 更多相关文章...
- • SQLite 分离数据库 - SQLite教程
- • 屏幕分辨率 统计 - 浏览器信息
- • Docker容器实战(七) - 容器眼光下的文件系统
- • Git五分钟教程
相关标签/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. Duang!超快Wi-Fi来袭
- 2. 机器学习-补充03 神经网络之**函数(Activation Function)
- 3. git上开源maven项目部署 多module maven项目(多module maven+redis+tomcat+mysql)后台部署流程学习记录
- 4. ecliple-tomcat部署maven项目方式之一
- 5. eclipse新导入的项目经常可以看到“XX cannot be resolved to a type”的报错信息
- 6. Spark RDD的依赖于DAG的工作原理
- 7. VMware安装CentOS-8教程详解
- 8. YDOOK:Java 项目 Spring 项目导入基本四大 jar 包 导入依赖,怎样在 IDEA 的项目结构中导入 jar 包 导入依赖
- 9. 简单方法使得putty(windows10上)可以免密登录树莓派
- 10. idea怎么用本地maven
欢迎关注本站公众号,获取更多信息
相关文章
- 1. 一分钟搭建vue,elementui,springboot先后端分离项目
- 2. SpringBoot+Vue先后端分离项目Demo
- 3. 快速搭建VUE+SpringBoot先后端分离项目
- 4. springboot+vue + nginx 搭建先后端分离项目
- 5. SpringBoot+Vue搭建前后端分离的轻博客
- 6. springboot+vue 先后端分离项目实战一 项目的搭建
- 7. Vue+SpringBoot+MySQL 前后端分离搭建个人博客
- 8. SpringBoot+Shiro+MyBatisPlus搭建先后端分离的多模块项目
- 9. docker-compose 部署 Vue+SpringBoot 先后端分离项目
- 10. 部署vue+Springboot先后端分离项目