- 浏览: 87413 次
- 性别:
- 来自: 杭州
文章分类
最新评论
-
zijinSiShaojun:
很不错的工具类。很久了,不知道有没有更新
java 如何根据线程id找到线程 -
chenxuezhou_yzl:
11111111111
java 如何根据线程id找到线程 -
qxpidt:
我运行了下,没有获取到163邮箱的主页内容,
httpclient 163邮箱登陆 -
qxpidt:
你登录成功后,能成功获取到主页的文本吗?
httpclient 163邮箱登陆 -
qxpidt:
楼主,你这个程序,你测试过了吗?
httpclient 163邮箱登陆
shiro 后台权限认证集成jdbc数据库操作
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd "> <description>apache shiro 配置</description> <context:component-scan base-package="com.haier.uhome.hr91.util.shiro" /> <!-- 自定义shiro的realm数据库身份验证 --> <bean id="jdbcAuthenticationRealm" class="com.haier.uhome.hr91.util.shiro.JdbcAuthenticationRealm" > <property name="name" value="jdbcAuthentication" /> <property name="credentialsMatcher"> <bean class="com.haier.uhome.hr91.util.shiro.UhomeSecurityPasswd"> </bean> </property> <property name="defaultPermissionString" value="security:index,menu:list,info:list" /> </bean> <bean id="customRememberMeManager" class="com.haier.uhome.hr91.util.shiro.CustomRememberMeManager"></bean> <bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager"></bean> <!-- 使用默认的WebSecurityManager --> <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager"> <!-- realm认证和授权,从数据库读取资源 --> <property name="realm" ref="jdbcAuthenticationRealm" /> <property name="rememberMeManager" ref="customRememberMeManager" /> <property name="sessionManager" ref="sessionManager" /> </bean> <!-- 自定义对 shiro的连接约束,结合shiroSecurityFilter实现动态获取资源 --> <bean id="chainDefinitionSectionMetaSource" class="com.haier.uhome.hr91.util.shiro.ChainDefinitionSectionMetaSource"> <!-- 默认的连接配置 --> <property name="filterChainDefinitions"> <value> /manager/login.do = captchaAuthc /manager/logout.do = logout /manager/css/** = anon /manager/images/** = anon /manager/js/** = anon /webservice/VerificationCode = anon /manager/index.html = perms[security:index] /manager/changePassword = perms[security:change-password] /manager/menu.do = perms[menu:list] /manager/info.do = perms[info:list] </value> </property> <property name="webmap"> <value>/WEB-INF/conf/webmap.xml</value> </property> </bean> <!-- 将shiro与spring集合 --> <bean id="captchaAuthenticationFilter" class="com.haier.uhome.hr91.util.shiro.CaptchaAuthenticationFilter"> <property name="usernameParam"><value>loginName</value></property> <property name="passwordParam"><value>loginPwd</value></property> <property name="captchaParam"><value>rand</value></property> <property name="sessionCaptchaKeyAttribute"><value>repeatCode</value></property> <property name="failureKeyAttribute"><value>errStr</value></property> </bean> <bean id="uhomeRoleFilter" class="com.haier.uhome.hr91.util.shiro.UhomeRolesAuthorizationFilter"></bean> <bean id="logout" class="org.apache.shiro.web.filter.authc.LogoutFilter"> <property name="redirectUrl"><value>/manager/login.do</value></property> </bean> <bean id="shiroSecurityFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <property name="filters"> <map> <entry key="captchaAuthc" value-ref="captchaAuthenticationFilter" /> <entry key="uhomeRoles" value-ref="uhomeRoleFilter" /> </map> </property> <!-- shiro的核心安全接口 --> <property name="securityManager" ref="securityManager" /> <property name="loginUrl" value="/manager/login.do" /> <property name="successUrl" value="/manager/index.html" /> <!-- shiro连接约束配置,在这里使用自定义的动态获取资源类 --> <property name="filterChainDefinitionMap" ref="chainDefinitionSectionMetaSource" /> </bean> <!-- shiro为集成spring --> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" /> <!-- 启用shiro为spring配置的bean注释,只运行在lifecycleBeanProcessor之后 --> <bean id="annotationProxy" class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"> <property name="proxyTargetClass" value="true" /> </bean> <!-- 启用shrio授权注解拦截方式 --> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager" /> </bean> </beans>
JdbcAuthenticationRealm.java
public class JdbcAuthenticationRealm extends AuthorizingRealm { @Autowired AdminService adminService; @Autowired ManagerDAO managerDAO; @Autowired ManagerRoleService managerRoleService; List<String> defaultPermission = new ArrayList<String>(); @Override protected AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken token) throws AuthenticationException { UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) token; String username = usernamePasswordToken.getUsername(); String tmpPassword = null; if (username == null) { throw new AccountException("用户名不能为空"); } Admin user = adminService.findByLoginName(username); Manager manager = null; CommonVariableModel model = new CommonVariableModel(); if (user == null) { manager = managerDAO.findByLoginName(username); if (manager == null) throw new UnknownAccountException("用户不存在"); else { tmpPassword = manager.getLoginPwd(); model.setManager(manager); } } else { tmpPassword = user.getPassword(); model.setUser(user); } return new SimpleAuthenticationInfo(model, tmpPassword, getName()); } /** * * 当用户进行访问链接时的授权方法 * */ protected AuthorizationInfo doGetAuthorizationInfo( PrincipalCollection principals) { SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); CommonVariableModel model = (CommonVariableModel) principals .getPrimaryPrincipal(); info.addStringPermissions(defaultPermission); Manager manager = model.getManager(); Admin user = model.getUser(); if (manager != null) { info.addRole(manager.getRole()); } else if (user != null) { info.addRole(user.getRole()); } info.addRole("zbx"); return info; } public void setDefaultPermissionString(String defaultPermissionString) { String[] perms = defaultPermissionString.split(","); CollectionUtils.addAll(defaultPermission, perms); } }
CustomRememberMeManager
public class CustomRememberMeManager extends CookieRememberMeManager { /** * 构造方法,不在这里对Cookie的maxAge设置值 */ public CustomRememberMeManager() { Cookie cookie = new SimpleCookie(DEFAULT_REMEMBER_ME_COOKIE_NAME); cookie.setHttpOnly(true); setCookie(cookie); } /** * 重写父类方法,写入Cookie时,先把传过来的有效时间设置到cookie里面在序列化Identity */ @Override public void rememberIdentity(Subject subject, AuthenticationToken token, AuthenticationInfo authcInfo) { UsernamePasswordTokeExtend tokeExtend = (UsernamePasswordTokeExtend) token; getCookie().setMaxAge(tokeExtend.getRememberMeCookieValue()); super.rememberIdentity(subject, token, authcInfo); } }
ChainDefinitionSectionMetaSource
public class ChainDefinitionSectionMetaSource implements FactoryBean<Ini.Section> { private String filterChainDefinitions; private static final String BLANK_STRING = ""; private Resource webmap = null; public void setWebmap(Resource resource) { this.webmap = resource; } public Resource getWebmap() { return webmap; } @SuppressWarnings("unchecked") @Override public Section getObject() throws Exception { Ini ini = new Ini(); // 加载默认的url ini.load(filterChainDefinitions); Ini.Section section = ini.getSection(Ini.DEFAULT_SECTION_NAME); // Map<String, List<String>> url2roles = new HashMap<String, List<String>>(); Document doc = XMLUtils.loadXML(webmap.getInputStream()); NodeList groupNodes = doc.getElementsByTagName("group"); int len = groupNodes.getLength(); List<String> list = null; for (int i = 0; i < len; i++) { Element group = (Element) groupNodes.item(i); String roleStr = group.getAttribute("role"); NodeList menuNodes = group.getElementsByTagName("item"); for (int j = 0; j < menuNodes.getLength(); j++) { Element menu = (Element) menuNodes.item(j); String roleStr1 = menu.getAttribute("role"); String path = BLANK_STRING; if(menu.getAttribute("path")!=null) path = menu.getAttribute("path"); NodeList urlNodes = menu.getElementsByTagName("url"); for (int k = 0; k < urlNodes.getLength(); k++) { Element url = (Element) urlNodes.item(k); String roleStr2 = url.getAttribute("role"); String urlString = StringUtils.applyRelativePath(path,url.getTextContent()); if (isBlank(urlString)) continue; list = null; if (!isBlank(roleStr2)) { list = CollectionUtils.arrayToList(StringUtils .tokenizeToStringArray(roleStr2, ",")); } else if (!isBlank(roleStr1)) { list = CollectionUtils.arrayToList(StringUtils .tokenizeToStringArray(roleStr1, ",")); } else if (!isBlank(roleStr)) { list = CollectionUtils.arrayToList(StringUtils .tokenizeToStringArray(roleStr, ",")); } else { list = Collections.emptyList(); } // url2roles.put(urlString.trim(), list); section.put(urlString.trim(), getRoles(list)); } } } return section; } @Override public Class<?> getObjectType() { return this.getClass(); } @Override public boolean isSingleton() { return false; } public String getFilterChainDefinitions() { return filterChainDefinitions; } public void setFilterChainDefinitions(String filterChainDefinitions) { this.filterChainDefinitions = filterChainDefinitions; } // private private boolean isBlank(String st) { if (st == null || st.trim().equals(BLANK_STRING)) return true; return false; } private String getRoles(List<String> list) { if (list.size() == 0) return BLANK_STRING; StringBuilder sbBuilder = new StringBuilder(); // sbBuilder.append(","); for (int i = 0, flag = 1; i < list.size(); i++) { String s = list.get(i); sbBuilder.append("uhomeRoles["); sbBuilder.append(s); sbBuilder.append("]"); if (flag % list.size() != 0) sbBuilder.append(","); flag++; } return sbBuilder.toString(); } public static void main(String[] args) { System.err.println(StringUtils.applyRelativePath("aa/bb/cc/aa.html","aa/bb")); } }
CaptchaAuthenticationFilter
public class CaptchaAuthenticationFilter extends FormAuthenticationFilter { /** * 默认验证码参数名称 */ public static final String DEFAULT_CAPTCHA_PARAM = "captcha"; /** * 登录次数超出allowLoginNum时,存储在session记录是否展示验证码的key默认名称 */ public static final String DEFAULT_SHOW_CAPTCHA_KEY_ATTRIBUTE = "showCaptcha"; /** * 默认在session中存储的登录次数名称 */ private static final String DEFAULT_LOGIN_NUM_KEY_ATTRIBUTE = "loginNum"; // 验证码参数名称 private String captchaParam = DEFAULT_CAPTCHA_PARAM; // 在session中的存储验证码的key名称 private String sessionCaptchaKeyAttribute = DEFAULT_CAPTCHA_PARAM; // 在session中存储的登录次数名称 private String loginNumKeyAttribute = DEFAULT_LOGIN_NUM_KEY_ATTRIBUTE; // 登录次数超出allowLoginNum时,存储在session记录是否展示验证码的key名称 private String sessionShowCaptchaKeyAttribute = DEFAULT_SHOW_CAPTCHA_KEY_ATTRIBUTE; // 允许登录次数,当登录次数大于该数值时,会在页面中显示验证码 private Integer allowLoginNum = 1; @Autowired private ManagerRoleService managerRoleService; /** * 重写父类方法,在shiro执行登录时先对比验证码,正确后在登录,否则直接登录失败 */ @Override protected boolean executeLogin(ServletRequest request, ServletResponse response) throws Exception { Session session = getSubject(request, response).getSession(); // 获取登录次数 Integer number = (Integer) session .getAttribute(getLoginNumKeyAttribute()); // 首次登录,将该数量记录在session中 if (number == null) { number = new Integer(1); session.setAttribute(getLoginNumKeyAttribute(), number); } // 获取当前验证码 String currentCaptcha = (String) session .getAttribute(getSessionCaptchaKeyAttribute()); // 获取用户输入的验证码 String submitCaptcha = getCaptcha(request); // 如果验证码不匹配,登录失败 if ((submitCaptcha == null || submitCaptcha.length() == 0) || !currentCaptcha.equalsIgnoreCase(submitCaptcha)) { return onLoginFailure(this.createToken(request, response), new AccountException("验证码不正确"), request, response); } return super.executeLogin(request, response); } /** * 设置验证码提交的参数名称 * * @param captchaParam * 验证码提交的参数名称 */ public void setCaptchaParam(String captchaParam) { this.captchaParam = captchaParam; } /** * 获取验证码提交的参数名称 * * @return String */ public String getCaptchaParam() { return captchaParam; } /** * 设置在session中的存储验证码的key名称 * * @param sessionCaptchaKeyAttribute * 存储验证码的key名称 */ public void setSessionCaptchaKeyAttribute(String sessionCaptchaKeyAttribute) { this.sessionCaptchaKeyAttribute = sessionCaptchaKeyAttribute; } /** * 获取设置在session中的存储验证码的key名称 * * @return Sting */ public String getSessionCaptchaKeyAttribute() { return sessionCaptchaKeyAttribute; } /** * 获取在session中存储的登录次数名称 * * @return Stromg */ public String getLoginNumKeyAttribute() { return loginNumKeyAttribute; } /** * 设置在session中存储的登录次数名称 * * @param loginNumKeyAttribute * 登录次数名称 */ public void setLoginNumKeyAttribute(String loginNumKeyAttribute) { this.loginNumKeyAttribute = loginNumKeyAttribute; } /** * 获取用户输入的验证码 * * @param request * ServletRequest * * @return String */ public String getCaptcha(ServletRequest request) { return WebUtils.getCleanParam(request, getCaptchaParam()); } /** * 获取登录次数超出allowLoginNum时,存储在session记录是否展示验证码的key名称 * * @return String */ public String getSessionShowCaptchaKeyAttribute() { return sessionShowCaptchaKeyAttribute; } /** * 设置登录次数超出allowLoginNum时,存储在session记录是否展示验证码的key名称 * * @param sessionShowCaptchaKeyAttribute * 是否展示验证码的key名称 */ public void setSessionShowCaptchaKeyAttribute( String sessionShowCaptchaKeyAttribute) { this.sessionShowCaptchaKeyAttribute = sessionShowCaptchaKeyAttribute; } /** * 获取允许登录次数 * * @return Integer */ public Integer getAllowLoginNum() { return allowLoginNum; } /** * 设置允许登录次数,当登录次数大于该数值时,会在页面中显示验证码 * * @param allowLoginNum * 允许登录次数 */ public void setAllowLoginNum(Integer allowLoginNum) { this.allowLoginNum = allowLoginNum; } /** * 重写父类方法,当登录失败将异常信息设置到request的attribute中 */ @Override protected void setFailureAttribute(ServletRequest request, AuthenticationException ae) { if (ae instanceof IncorrectCredentialsException) { request.setAttribute(getFailureKeyAttribute(), "用户名密码不正确"); } else { request.setAttribute(getFailureKeyAttribute(), ae.getMessage()); } } /** * 重写父类方法,当登录失败次数大于allowLoginNum(允许登录次)时,将显示验证码 */ @Override protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) { // try // { // WebUtils.issueRedirect(request, response, getLoginUrl()); // } catch (IOException e1) // { // // e1.printStackTrace(); // } Session session = getSubject(request, response).getSession(false); Integer number = (Integer) session .getAttribute(getLoginNumKeyAttribute()); // 如果失败登录次数大于allowLoginNum时,展示验证码 if (number > getAllowLoginNum() - 1) { session.setAttribute(getSessionShowCaptchaKeyAttribute(), true); session.setAttribute(getLoginNumKeyAttribute(), ++number); } session.setAttribute(getLoginNumKeyAttribute(), ++number); setFailureAttribute(request, e); return true; } /** * 重写父类方法,当登录成功后,将allowLoginNum(允许登录次)设置为0,重置下一次登录的状态 */ @Override protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception { Session session = subject.getSession(false); session.removeAttribute(getLoginNumKeyAttribute()); session.removeAttribute(getSessionShowCaptchaKeyAttribute()); CommonVariableModel cvm = (CommonVariableModel) subject.getPrincipal(); String role = null; if (cvm.getUser() != null) { role = cvm.getUser().getRole(); } else if (cvm.getManager() != null) { role = cvm.getManager().getRole(); } HttpUser user = new HttpUser(role); ManagerRole role1 = managerRoleService.findByCode(role); user.appendRole(((UsernamePasswordToken) token).getUsername(), role1.getId()); session.setAttribute(CommonAction.MANAGER_SESSION_CODE, user); return super.onLoginSuccess(token, subject, request, response); } /** * 重写父类方法,创建一个自定义的{@link UsernamePasswordTokeExtend} */ @Override protected AuthenticationToken createToken(ServletRequest request, ServletResponse response) { String username = getUsername(request); String password = getPassword(request); String host = getHost(request); boolean rememberMe = false; String rememberMeValue = request.getParameter(getRememberMeParam()); Integer rememberMeCookieValue = null; // 如果提交的rememberMe参数存在值,将rememberMe设置成true if (!(rememberMeValue == null || rememberMeValue.length() == 0)) { rememberMe = true; rememberMeCookieValue = CaptchaAuthenticationFilter.toInt( rememberMeValue, 0); } return new UsernamePasswordTokeExtend(username, password, rememberMe, host, rememberMeCookieValue); } // @Override // protected boolean isLoginRequest(ServletRequest request, ServletResponse // response) { // return pathsMatch("/manager/login_submit.do", request); // } /** * UsernamePasswordToke扩展,添加一个rememberMeValue字段,获取提交上来的rememberMe值 * 根据该rememberMe值去设置Cookie的有效时间。 * * @author vincent * */ @SuppressWarnings("serial") protected class UsernamePasswordTokeExtend extends UsernamePasswordToken { // rememberMe cookie的有效时间 private Integer rememberMeCookieValue; public UsernamePasswordTokeExtend() { } public UsernamePasswordTokeExtend(String username, String password, boolean rememberMe, String host, Integer rememberMeCookieValue) { super(username, password, rememberMe, host); this.rememberMeCookieValue = rememberMeCookieValue; } /** * 获取rememberMe cookie的有效时间 * * @return Integer */ public Integer getRememberMeCookieValue() { return rememberMeCookieValue; } /** * 设置rememberMe cookie的有效时间 * * @param rememberMeCookieValue * cookie的有效时间 */ public void setRememberMeCookieValue(Integer rememberMeCookieValue) { this.rememberMeCookieValue = rememberMeCookieValue; } } private static int toInt(String str, int defaultValue) { if (str == null) { return defaultValue; } try { return Integer.parseInt(str); } catch (NumberFormatException nfe) { return defaultValue; } } }
com.haier.uhome.hr91.util.shiro.UhomeRolesAuthorizationFilter
package com.haier.uhome.hr91.util.shiro; import static org.apache.shiro.util.StringUtils.split; import java.util.ArrayList; import java.util.List; import javax.servlet.Filter; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import org.apache.shiro.web.filter.authz.RolesAuthorizationFilter; public class UhomeRolesAuthorizationFilter extends RolesAuthorizationFilter { @Override public Filter processPathConfig(String path, String config) { @SuppressWarnings("unchecked") List<String[]> list = (List<String[]>) this.appliedPaths.get(path); if (config != null) { if (list == null) list = new ArrayList<String[]>(); list.add(split(config)); } this.appliedPaths.put(path, list); return this; } @SuppressWarnings("unchecked") @Override protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception { if (this.appliedPaths == null || this.appliedPaths.isEmpty()) { // if (log.isTraceEnabled()) { // log.trace("appliedPaths property is null or empty. This Filter will passthrough immediately."); // } return true; } for (String path : this.appliedPaths.keySet()) { // If the path does match, then pass on to the subclass // implementation for specific checks // (first match 'wins'): if (pathsMatch(path, request)) { // log.trace("Current requestURI matches pattern '{}'. Determining filter chain execution...", // path); Object config = this.appliedPaths.get(path); List<String[]> configList = (List<String[]>) config; if (configList != null) { for (String[] arr : configList) { if (isFilterChainContinued(request, response, path, arr)) return true; } return false; } else return isFilterChainContinued(request, response, path, config); } } // no path matched, allow the request to go through: return true; } private boolean isFilterChainContinued(ServletRequest request, ServletResponse response, String path, Object pathConfig) throws Exception { if (isEnabled(request, response, path, pathConfig)) { // isEnabled check added in 1.2 // if (log.isTraceEnabled()) // { // log.trace( // "Filter '{}' is enabled for the current request under path '{}' with config [{}]. " // + // "Delegating to subclass implementation for 'onPreHandle' check.", // new Object[] { getName(), path, pathConfig }); // } // The filter is enabled for this specific request, so delegate to // subclass implementations // so they can decide if the request should continue through the // chain or not: return onPreHandle(request, response, pathConfig); } // if (log.isTraceEnabled()) // { // log.trace( // "Filter '{}' is disabled for the current request under path '{}' with config [{}]. " // + "The next element in the FilterChain will be called immediately.", // new Object[] { getName(), path, pathConfig }); // } // This filter is disabled for this specific request, // return 'true' immediately to indicate that the filter will not // process the request // and let the request/response to continue through the filter chain: return true; } }
<?xml version="1.0" encoding="UTF-8"?> <root> <group role="manager" title="社区管理" expand="true"> <item url="comm/user_list.do" title="社区业户" path="/manager/comm/"> <url>user_list.do</url> </item> <item role="manager,admin" url="comm/user_group_list.do" title="业户群组" path="/manager/comm/"> <url>user_group_list.do</url> </item> <item url="comm/car_list.do" title="业户车辆" path="/manager/comm/"> <url>car_list.do</url> </item> <item url="comm/bodyguard_list.do" title="社区保安 " path="/manager/comm/"> <url>bodyguard_list.do</url> </item> <item url="comm/log_patrol_list.do" title="巡更记录 " path="/manager/comm/"> <url>log_patrol_list.do</url> </item> </group> <group role="admin" title="终端管理" expand="true"> <item url="device/community_list.do" title="小区结构 " path="/manager/device/"> <url>community_list.do</url> </item> <item url="device/device_model_list.do" title="终端型号 " path="/manager/device/"> <url>device_model_list.do</url> </item> <item url="device/device_list.do" title="终端设备 " path="/manager/device/"> <url>device_list.do</url> </item> <item url="device/device_scan.do" title="扫描终端 " path="/manager/device/"> <url>/manager/device/device_scan.do</url> </item> <item url="device/device_remote_control_list.do" title="终端远程控制 " path="/manager/device/"> <url>device_remote_control_list.do</url> </item> <item url="device/device_soft_list.do" title="升级软件管理 " path="/manager/device/"> <url>device_soft_list.do</url> </item> <item url="device/update_select_device.do" title="终端升级 " path="/manager/device/"> <url>update_select_device.do</url> </item> <item url="device/update_info.do" title="终端升级信息 " path="/manager/device/"> <url>update_info.do</url> </item> </group> <group role="manager" title="IC卡管理" expand="true" > <item url="card/card_add.do" title="IC卡注册 " path="/manager/card/"> <url>card_add.do</url> </item> <item url="card/card_list.do" title="IC卡列表 " path="/manager/card/"> <url>card_list.do</url> </item> <item url="card/card_send_select_dev.do" title="IC卡下发 " path="/manager/card/"> <url>card_send_select_dev.do</url> </item> <item url="card/card_imp_exp.do" title="IC卡信息维护 " path="/manager/card/"> <url>card_imp_exp.do</url> </item> </group> <group role="manager" title="门禁管理" expand="true"> <item url="pwd/pwd_comm_select_dev.do" title="设置小区门禁密码 " path="/manager/pwd/"> <url>pwd_comm_select_dev.do</url> </item> <item url="pwd/pwd_unit_select_dev.do" title="设置单元门禁密码 " path="/manager/pwd/"> <url>pwd_unit_select_dev.do</url> </item> <item url="pwd/pwd_send_select_dev.do" title="密码下发 " path="/manager/pwd/"> <url>pwd_send_select_dev.do</url> </item> </group> <group role="manager" title="社区服务" expand="true"> <item url="commserv/bill_select_user.do" title="物业收费" path="/manager/commserv/"> <url>bill_select_user.do</url> </item> <item url="commserv/weather_view.do" title="天气预报" path="/manager/commserv/"> <url>weather_view.do</url> </item> </group> <group role="manager" title="日志管理" expand="true"> <item url="log/log_startup_list.do" title="系统启动日志 " path="/manager/log/"> <url>log_startup_list.do</url> </item> <item url="log/log_device_startup_list.do" title="终端启动日志 " path="/manager/log/"> <url>log_device_startup_list.do</url> </item> <item url="log/log_callup_list.do" title="呼叫日志 " path="/manager/log/"> <url>log_callup_list.do</url> </item> <item url="log/log_alert_list.do" title="报警日志" path="/manager/log/"> <url>log_alert_list.do</url> </item> <item url="log/log_alert_turnoff_list.do" title="解除报警日志 " path="/manager/log/"> <url>log_alert_turnoff_list.do</url> </item> <item url="log/log_comm_door_list.do" title="小区开门日志 " path="/manager/log/"> <url>log_comm_door_list.do</url> </item> <item url="log/log_unit_door_list.do" title="单元开门日志 " path="/manager/log/"> <url>log_unit_door_list.do</url> </item> </group> <group role="admin" title="DVR管理" expand="true"> <item url="dvr/dvr_server_list.do" title="DVR服务器 " path="/manager/dvr/"> <url>dvr_server_list.do</url> </item> <item url="dvr/dvr_camera_list.do" title="DVR摄像头" path="/manager/dvr/"> <url>dvr_camera_list.do</url> </item> </group> <group role="admin" title="系统参数设置" expand="true"> <item url="sys/config.do" title="系统参数 " path="/manager/sys/"> <url>config.do</url> </item> <item url="sys/reg.do" title="系统注册 " path="/manager/sys/"> <url>reg.do</url> </item> <item url="sys/manager_list.do" title="系统管理员 " path="/manager/sys/"> <url>manager_list.do</url> </item> <item url="sys/db_backup_list.do" title="数据备份 " path="/manager/sys/"> <url>db_backup_list.do</url> </item> <item url="sys/update_pwd.do" title="修改密码 " path="/manager/sys/"> <url>update_pwd.do</url> </item> </group> </root>
相关推荐
MyBatis能够直接操作数据库,提供更灵活的数据库操作,同时避免了传统的JDBC代码繁琐和易出错的问题。 4. **Apache Shiro**:Shiro是一个强大的且易用的Java安全框架,提供了认证、授权、会话管理和加密等功能。在...
通过这个Demo,开发者可以学习到如何在Spring中集成MyBatis进行数据库操作,如定义Mapper接口、编写XML映射文件,以及如何在Service层调用这些接口实现业务逻辑。同时,Shiro的使用将涵盖用户登录认证、角色权限分配...
**MyBatis** 是一个轻量级的持久层框架,它简化了数据库操作,将SQL语句与Java代码直接结合,避免了传统的JDBC代码编写。MyBatis支持动态SQL,可以灵活地编写复杂的查询,同时通过Mapper接口,使得数据库操作与业务...
在实际项目中,这些组件协同工作,Spring MVC负责接收和转发请求,MyBatis处理数据库操作,EasyUI和UEditor负责前端展示和交互,而Shiro则负责用户的身份验证和权限控制。开发者通过集成这些组件,可以快速搭建起一...
综上所述,这个压缩包文件提供的是一套完整的后台管理系统解决方案,使用Springboot作为基础框架,Shiro处理用户权限管理,而Mybatis则负责数据库交互。这套架构适合企业级应用开发,能提高开发效率并保证系统的安全...
总的来说,这个系统是一个全面的后台权限管理系统,集成了多种技术来实现用户认证、授权、数据持久化和页面展示,为企业级后台应用提供了坚实的基础。通过学习和研究这套源码,开发者可以深入理解Spring Boot、Shiro...
可以理解为Shiro与特定数据库或服务的接口,如JDBC Realm、LDAP Realm等。 2. **SpringBoot集成Shiro步骤** - 添加依赖:在Maven的pom.xml文件中引入SpringBoot的web starter、Thymeleaf starter以及Shiro的spring...
在实际开发中,你需要根据应用的需求,配置Shiro的Realm以连接你的用户数据存储(如数据库),实现用户登录、权限验证的逻辑。同时,通过定义过滤器链,可以控制不同角色的用户对特定URL的访问权限。例如,可以创建...
在本项目中,MyBatis作为数据库操作的主要工具,负责将Java对象与数据库表之间的映射关系进行管理,实现了数据的增删改查操作,使得数据库交互更加简洁高效。 **Thymeleaf** Thymeleaf是一个现代的服务器端Java...
2. 商品管理:包括商品分类、上架、下架、库存管理等,涉及数据库操作和数据缓存策略。 3. 订单管理:处理用户的购物车、下单、支付流程,需要与支付平台如支付宝、微信支付进行集成。 4. 库存物流:管理仓库库存,...
MyBatis则在后台处理与用户相关的数据库操作,如查询、更新用户资料。 总的来说,SpringMVC、MyBatis和Shiro的组合,为Java Web开发者提供了一套强大的工具集,帮助他们构建出既高效又安全的Web应用程序。了解和...
4. **权限检查**:在需要的时候,如访问控制点,Shiro会检查用户是否拥有执行某操作所需的权限。 ### Permissions 对权限深入理解 权限可以是简单的字符串,如"file:read",也可以是复杂的对象,如URL或业务对象。...
在SSM项目中,MyBatis作为数据访问层,负责与数据库交互,执行SQL语句,实现数据的增删改查操作。 **Apache Shiro**: Apache Shiro是一个强大且易用的Java安全框架,处理认证、授权、加密和会话管理,可以非常容易...
SpringBoot、Shiro和...通过这样的整合,我们可以构建一个功能完善的后台系统,既拥有SpringBoot的便捷性,又有Shiro的安全控制,同时利用MyBatis简化数据库操作。这个项目不仅适合学习,也适用于实际的项目开发。
综上所述,"SSM+Maven+Mysql+Shiro无需重启动态权限"项目通过集成这些技术,构建了一个高效、灵活的后台管理系统,实现了动态权限控制,降低了运维成本,提升了用户体验。这样的系统设计思路和实现方式对于理解和...
1. **对象关系映射(ORM)**:将数据库表映射为Java对象,简化数据库操作。 2. **Session接口**:作为持久层与数据库交互的主要接口,负责对象的保存、更新、删除和查询。 3. **HQL(Hibernate Query Language)**:...
SSM整合Shiro是一个常见的Java Web安全框架集成实践,它结合了Spring、Spring MVC和MyBatis的优势,利用Apache Shiro来实现用户认证和授权。在这个简单学习demo中,我们将探讨如何将这三个组件与Shiro无缝对接,创建...
【标题】"springboot+shiro+ace admin+mybatis后台管理系统"是一个基于Java技术栈的后台管理系统,它集成了SpringBoot、Apache Shiro、Ace Admin框架和MyBatis持久层框架,为开发者提供了一个快速开发后台应用的基础...
通过XML或注解进行配置和原始映射,使得开发者能够将注意力集中在编写业务逻辑上,而不是数据库操作。在本系统中,MyBatis作为主要的数据访问层,实现了与数据库的高效交互。 再者,Apache Shiro是Java安全框架,...
在实际项目中,Spring MVC作为核心的控制器,接收并处理用户请求,然后调用MyBatis中的Mapper接口执行数据库操作。Shiro负责用户的身份验证和授权,确保只有合法用户才能访问特定资源。而DWZ则负责将后端处理的结果...