應用背景
早先做權限控制都是採用自己編寫的interceptor進行過濾攔截,適合僅針對登錄進行校驗的場景,隨着要求複雜多樣化,就需要尋求一款穩定便捷的框架。shiro和security都是不錯的選擇,我這次姑且先選型shiro。
項目地址
該demo我開放爲公共項目,地址爲
https://gitee.com/fzuzhanghao/shiro-demo.git
有興趣可以拉下來看看
shiro簡介
Apache Shiro是一款提供了身份認證、授權管理、加密以及session管理的強大且便捷的框架,通過其便捷的API可以有效地加強後臺服務器安全校驗,且應用範圍廣泛。
總的來說有以下幾點
- Authentication:身份認證/登錄,驗證用戶是不是擁有相應的身份;
- Authorization:授權,即權限驗證,驗證某個已認證的用戶是否擁有某個權限;即判斷用戶是否能做事情,常見的如:驗證某個用戶是否擁有某個角色。或者細粒度的驗證某個用戶對某個資源是否具有某個權限;
- Session Manager:會話管理,即用戶登錄後就是一次會話,在沒有退出之前,它的所有信息都在會話中;會話可以是普通JavaSE環境的,也可以是如Web環境的;
- Cryptography:加密,保護數據的安全性,如密碼加密存儲到數據庫,而不是明文存儲;
- Web Support:Web支持,可以非常容易的集成到Web環境;
- Caching:緩存,比如用戶登錄後,其用戶信息、擁有的角色/權限不必每次去查,這樣可以提高效率;
- Concurrency:shiro支持多線程應用的併發驗證,即如在一個線程中開啓另一個線程,能把權限自動傳播過去;
- Testing:提供測試支持;
- Run As:允許一個用戶假裝爲另一個用戶(如果他們允許)的身份進行訪問;
- Remember Me:記住我,這個是非常常見的功能,即一次登錄後,下次再來的話不用登錄了。
環境準備
jdk 1.7
tomcat7
spring 4.0.2
mybatis 3.2.6
shiro 1.3.0
工程搭建
系統採用了springMVC+mybatis+maven這種傳統架構,當然也可以換成ssm啊,ssh啦這些都隨意,總體工程構建這裏就不予以贅述,新建simple maven工程,然後通過project facets轉換爲web dynamic即可,轉換過程中忘記添加web.xml也可以手動增加src/main/webapps目錄以及web.xml。
接下來主要列出配置文件以及POM的內容。
在pom中需要引入spring,shiro-all以及mybatis等配置信息
主要配置文件
pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.testshiro</groupId>
<artifactId>testshiro</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>war</packaging>
<name>testshiro</name>
<description>testshiro</description>
<properties>
<!-- spring版本號 -->
<spring.version>4.0.2.RELEASE</spring.version>
<!-- mybatis版本號 -->
<mybatis.version>3.2.6</mybatis.version>
<!-- log4j日誌文件管理包版本 -->
<slf4j.version>1.7.7</slf4j.version>
<log4j.version>1.2.17</log4j.version>
<shiro.version>1.3.0</shiro.version>
</properties>
<dependencies>
<!-- 基礎模塊 -->
<dependency>
<groupId>com.ld.baseMode</groupId>
<artifactId>baseMode</artifactId>
<version>0.0.1</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.11</version>
<!-- 表示開發的時候引入,發佈的時候不會加載此包 -->
<scope>test</scope>
</dependency>
<!-- spring核心包 -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-oxm</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-tx</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context-support</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<version>${spring.version}</version>
</dependency>
<!-- mybatis核心包 -->
<dependency>
<groupId>org.mybatis</groupId>
<artifactId>mybatis</artifactId>
<version>${mybatis.version}</version>
</dependency>
<!-- mybatis/spring包 -->
<dependency>
<groupId>org.mybatis</groupId>
<artifactId>mybatis-spring</artifactId>
<version>1.2.2</version>
</dependency>
<!-- 導入java ee jar 包 -->
<dependency>
<groupId>javax</groupId>
<artifactId>javaee-api</artifactId>
<version>7.0</version>
<scope>provided</scope>
</dependency>
<!-- https://mvnrepository.com/artifact/mysql/mysql-connector-java -->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.22</version>
</dependency>
<!-- https://mvnrepository.com/artifact/c3p0/c3p0 -->
<dependency>
<groupId>c3p0</groupId>
<artifactId>c3p0</artifactId>
<version>0.9.1.2</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-all -->
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-all</artifactId>
<version>${shiro.version}</version>
</dependency>
<!-- JSTL標籤類 -->
<dependency>
<groupId>jstl</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
<!-- 日誌文件管理包 -->
<!-- log start -->
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>${log4j.version}</version>
</dependency>
<!-- 格式化對象,方便輸出日誌 -->
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>1.1.41</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>${slf4j.version}</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>${slf4j.version}</version>
</dependency>
<!-- log end -->
<!-- 引入新版JSON -->
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
<version>2.2.3</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.2.3</version>
</dependency>
<!-- 上傳組件包 -->
<dependency>
<groupId>commons-fileupload</groupId>
<artifactId>commons-fileupload</artifactId>
<version>1.3.1</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.4</version>
</dependency>
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.9</version>
</dependency>
</dependencies>
</project>
接下來我們要配置web.xml告訴容器對shiro進行加載以及攔截。
web.xml
<!--spring配置文件以及shiro配置文件聲明-->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:/spring/spring-base.xml,classpath:/spring/spring-shiro.xml</param-value>
</context-param>
<context-param>
<param-name>webAppRootKey</param-name>
<param-value>webapp.testshiro</param-value>
</context-param>
……
<!-- shiro filter -->
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--springmvc配置-->
<servlet>
<servlet-name>SpringMVC</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:/spring/spring-mvc.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>SpringMVC</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
隨後配置spring主文件
spring-base.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd"
>
<context:property-placeholder location="classpath*:/*.properties" />
<context:component-scan base-package="com.testshiro" />
<!-- 數據源 -->
<bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource"
destroy-method="close">
<property name="driverClass" value="${jdbc.driverClassName}" />
<property name="jdbcUrl" value="${jdbc.url}" />
<property name="user" value="${jdbc.username}" />
<property name="password" value="${jdbc.password}" />
<property name="initialPoolSize" value="${jdbc.c3p0.initialPoolSize}" />
<property name="minPoolSize" value="${jdbc.c3p0.min_size}" />
<property name="maxPoolSize" value="${jdbc.c3p0.max_size}" />
<property name="maxIdleTime" value="${jdbc.c3p0.max_idle_time}" />
<property name="acquireIncrement" value="${jdbc.c3p0.acquire_increment}" />
<property name="maxStatements" value="${jdbc.c3p0.max_statements}" />
<property name="idleConnectionTestPeriod" value="${jdbc.c3p0.idle_connection_test_period}" />
<property name="checkoutTimeout" value="${jdbc.c3p0.checkout_timeout}" />
<property name="testConnectionOnCheckin" value="${jdbc.c3p0.test_connection_on_checkin}" />
<property name="automaticTestTable" value="${jdbc.c3p0.automatic_test_table}" />
<property name="preferredTestQuery" value="${jdbc.c3p0.preferred_test_query}" />
</bean>
<!-- sessionfactory -->
<bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean" lazy-init="false" >
<property name="configLocation" value="classpath:/mybatis/mybatis-config.xml" />
<property name="mapperLocations" value="classpath*:/mybatis/mappers/*.xml" />
<property name="dataSource" ref="dataSource" />
</bean>
<!-- only one datasource -->
<bean class="org.mybatis.spring.mapper.MapperScannerConfigurer">
<property name="annotationClass" value="org.springframework.stereotype.Repository" />
<property name="basePackage" value="com.**.dao" />
</bean>
<!-- 事務配置 -->
<!-- Spring TransactionManager -->
<bean id="transactionManager"
class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource" ref="dataSource" />
<qualifier value="trans" />
<property name="defaultTimeout" value="${jdbc.transation_timeout}" />
</bean>
<tx:annotation-driven transaction-manager="transactionManager"/>
<bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource">
<property name="basenames">
<list>
<value>resource/config</value>
</list>
</property>
</bean>
</beans>
spring-mvc.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-4.0.xsd
">
<mvc:annotation-driven>
<!-- 處理responseBody 裏面日期類型 -->
<mvc:message-converters>
<bean class="org.springframework.http.converter.json.MappingJackson2HttpMessageConverter">
<property name="objectMapper">
<bean class="com.fasterxml.jackson.databind.ObjectMapper">
<property name="dateFormat">
<bean class="java.text.SimpleDateFormat">
<constructor-arg type="java.lang.String" value="yyyy-MM-dd HH:mm:ss" />
</bean>
</property>
</bean>
</property>
</bean>
</mvc:message-converters>
</mvc:annotation-driven>
<!-- controller包(自動注入)subject -->
<context:component-scan base-package="com.testshiro.controller" />
<!-- 對模型視圖名稱的解析,即在模型視圖名稱添加前後綴 -->
<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/" />
<property name="suffix" value=".html" />
</bean>
</beans>
mybatis-config.xml
<!DOCTYPE configuration PUBLIC "-//mybatis.org//DTD Config 3.0//EN" "http://mybatis.org/dtd/mybatis-3-config.dtd">
<configuration>
<settings>
<setting name="cacheEnabled" value="false" />
<setting name="lazyLoadingEnabled" value="false" />
<setting name="multipleResultSetsEnabled" value="true" />
<setting name="useColumnLabel" value="true" />
<setting name="useGeneratedKeys" value="false" />
<setting name="defaultExecutorType" value="SIMPLE" />
<setting name="mapUnderscoreToCamelCase" value="true"/>
</settings>
</configuration>
c3p0連接池配置
jdbc.properties
jdbc.driverClassName=com.mysql.jdbc.Driver
jdbc.url=jdbc:mysql://127.0.0.1:3360/shiro_test?useUnicode=true&characterEncoding=UTF-8&allowMultiQueries=true
jdbc.username=test
jdbc.password=test123
jdbc.c3p0.acquire_increment=2
jdbc.c3p0.initialPoolSize=2
jdbc.c3p0.min_size=2
jdbc.c3p0.max_size=10
jdbc.c3p0.max_idle_time=180
jdbc.c3p0.max_statements=0
jdbc.c3p0.idle_connection_test_period=180
jdbc.c3p0.checkout_timeout=30000
jdbc.c3p0.test_connection_on_checkin=true
jdbc.c3p0.automatic_test_table=c3p0_test
jdbc.c3p0.preferred_test_query=select * from "c3p0_test"
jdbc.transation_timeout=1800
然後在spring-shiro.xml配置文件中,配置shiro的相關信息,包括URL規則、自定義realm等。
spring-shiro.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-4.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-4.0.xsd"
>
<!-- Shiro Filter 攔截器相關配置 -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<!-- securityManager -->
<property name="securityManager" ref="securityManager" />
<property name="loginUrl" value="/login.jsp" />
<property name="unauthorizedUrl" value="/403.jsp" />
<!-- <property name="filters">
<util:map>
<entry key="anAlias" value-ref="someFilter"/>
</util:map>
</property> -->
<!-- 過濾鏈定義 -->
<property name="filterChainDefinitions">
<value>
/data/sysaccount/login*=anon
/data/sysaccount/**=authc,perms[sysAccount]
/data/sysautho/**=authc,perms[sysAutho]
/data/sysrole/**=authc,perms[sysRole]
</value>
</property>
</bean>
<!-- securityManager -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="myRealm" />
</bean>
<!-- 自定義Realm實現 -->
<bean id="myRealm" class="com.testshiro.realm.CustomRealm" />
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor" />
</beans>
常用的配置規則包括:
tag | 作用 | 示例 |
---|---|---|
anno | 該URL不需要進行校驗 | login*=anon |
authc | 該URL需要進行登錄校驗 | /data/sysaccount/**=authc |
roles | 校驗用戶是否擁有某角色信息 | /data/sysaccount/**=roles[admin] |
perms | 校驗用戶是否擁有某權限信息 | /data/sysautho/**=perms[sysAutho] |
到此shiro相關的配置就已經完成了,我們可以開始編寫上面提到的com.testshiro.realm.CustomRealm這個控制類。
實體類編寫
主要工程結構如下圖,可以作爲參考,service,dao無非就是crud操作,所以關鍵會講需要調用的登錄、獲取權限兩個接口功能以及controller中的登錄登出操作,其他代碼就略去了。
service、dao以及mapper簡覽,會配置的可以跳過了。
關鍵部分:
1、CustomRealm
CustomRealm需要繼承自AuthorizingRealm,並且實現doGetAuthorizationInfo和doGetAuthenticationInfo方法,前者用於提取權限,後者用於返回賬戶授權信息。
CustomRealm是在Security Manager校驗過再進行調用,shiro會首先調用自己的filter,確認登錄權限過後纔會進入CustomRealm,剛開始學容易誤解,容易跟之前interceptor自定義校驗模式混淆。所以未登錄未設置token的情況下去訪問自己的資源,會發現CustomRealm中的doGetAuthenticationInfo方法並沒有調用到。
很多blog中登錄校驗會放在doGetAuthenticationInfo這個方法中做,我直接在自己的登錄方法中做掉了,所以這裏只是簡單地賦個值然後踢給Security Manager。
package com.testshiro.realm;
import java.util.List;
import javax.annotation.Resource;
import org.apache.log4j.Logger;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import com.testshiro.entity.SysAutho;
import com.testshiro.service.SysAccountService;
public class CustomRealm extends AuthorizingRealm {
private final static Logger log = Logger.getLogger(CustomRealm.class);
@Resource
private SysAccountService sysaccountService;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection arg0) {
log.info("getAuthoCheck");
String username = (String) arg0.fromRealm(getName()).iterator().next();
if (username != null) {
List<SysAutho> pers = sysaccountService
.getAuthosByUserName(username);//通過用戶名拉取該用戶的權限信息,讀出列表後丟給security Manager,因爲每次調用都會執行該方法,所以生產環境中會啓用redis或是其他緩存
if (pers != null && !pers.isEmpty()) {
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
for (SysAutho each : pers) {
// 將權限資源添加到用戶信息中
info.addStringPermission(each.getMark());
}
return info;
}
}
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(
AuthenticationToken arg0) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) arg0;
if (token != null) {
return new SimpleAuthenticationInfo(token.getUsername(),
token.getPassword(), getName());
} else {
return null;
}
}
}
CustomRealm這個類中出現的UsernamePasswordToken爲用戶令牌,我們在登錄方法中對其進行操作賦值
2、SysAccountController
.....
@Controller
@RequestMapping(value = "/data/sysaccount")
public class SysAccountController {
private final static Logger log = Logger
.getLogger(SysAccountController.class);
@Resource
private SysAccountService sysaccountService;
@RequestMapping(value = "login", method = RequestMethod.POST)
@ResponseBody
public RetMsg login(HttpServletRequest request, HttpServletResponse response)
throws Exception {
RetMsg retmsg = new RetMsg();
List<SysAccount> ret = null;
Map<String, Object> tmp = new HashMap<String, Object>();
String loginName = request.getParameter("loginName");
String password = request.getParameter("password");
Page page = new Page();
page.clear();
page.setCondition(tmp);
ret = sysaccountService.login(loginName, MD5.MD5Encode(password));
if (ret.size() < 1) {
retmsg.setCode(-1);
retmsg.setMsg("錯誤的用戶名或密碼!");
} else {
SysAccount account = ret.get(0);
if (account.getIsDel() == 0) {
//清空security中的信息
SecurityUtils.getSecurityManager().logout(
SecurityUtils.getSubject());
//根據自身情況也可以利用httpsession,該操作與shiro無關
HttpSession session = request.getSession();
session.setAttribute("loginUser", account);
//設置token
UsernamePasswordToken token = new
UsernamePasswordToken(account.getPassword());
Subject subject = SecurityUtils.getSubject();
subject.login(token);
} else {
retmsg.setCode(-1);
retmsg.setMsg("您的賬戶已經被禁用!請聯繫管理員!");
}
}
return retmsg;
}
@RequestMapping(value = "logout", method = RequestMethod.GET)
@ResponseBody
public RetMsg logout(HttpServletRequest request,
HttpServletResponse response) throws Exception {
RetMsg retmsg = new RetMsg();
HttpSession session = request.getSession();
session.setAttribute("loginUser", null);
session.removeAttribute("loginUser");
SecurityUtils.getSecurityManager().logout(
SecurityUtils.getSubject());
return retmsg;
}
.....
}
ps:由於系統架構採用的是ajax操作,所以返回使用json,頁面跳轉可以自己改爲modelandview。下一章會專門針對ajax數據返回進行記錄。
CustomRealm類中調用的getAuthosByUserName方法以及SysAccountController調用的login方法即是我們自己定義的業務接口,主要功能從數據庫讀取權限信息以及登錄校驗,這裏給出mybatis接口聲明代碼作爲參考。
<select id="getAuthosByUserName" resultMap="SysAuthoMap" parameterType="java.lang.String">
SELECT
au.*
FROM
sys_account a
INNER JOIN sys_account_2_role a2r ON a.seq_id = a2r.account_id
AND a.login_name = #{username}
INNER JOIN sys_role r ON a2r.role_id = r.seq_id
AND r.is_del = 0
INNER JOIN sys_role_2_autho r2a ON r.seq_id = r2a.role_id
INNER JOIN sys_autho au ON au.seq_id = r2a.autho_id
AND au.is_del = 0
AND au.is_leaf = 1
</select>
<select id="login" resultMap="SysAccountMap" parameterType="Object">
select <include refid="Base_Column_List" />
from sys_account where login_name = #{loginName} and password = #{password}
</select>
核心內容到此已經完成,其餘部分根據自己選型的框架搭建即可。
測試
將工程運行起來,不登錄訪問資源接口readById,即跳轉到我配置的僞ajax頁面login.jsp,如果工程採用JSP調整架構,這裏可以做成自己的提示頁面。
<%@ page language="java" contentType="text/html; charset=utf8"
pageEncoding="utf8"%>
{code=-1,msg="請登錄!"}
未授權情況
<%@ page language="java" contentType="text/html; charset=utf8"
pageEncoding="utf8"%>
{code=-1,msg="未授權的頁面!"}
再進行登錄且授權後:
基礎構建完成。
下一章記錄真正ajax json數據返回的處理方法。