1,web.xml
<web-app version="2.5"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<!-- 添加contextConfigLocation,通知Spring到classpath下找applicationContext配置文件,否则默认到web-info下 -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:applicationContext.xml</param-value>
</context-param>
<servlet>
<servlet-name>IMDispatchServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:applicationContext.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>IMDispatchServlet</servlet-name>
<!-- 默认匹配所有请求 -->
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<!--<init-param>
该值缺省为false,表示生命周期由SpringApplicationContext管理,设置为true则表示由ServletContainer管理
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param> -->
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>*.do</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
<!-- 防止spring内存溢出监听器 -->
<listener>
<listener-class>org.springframework.web.util.IntrospectorCleanupListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encodingFilter</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
<!-- 配置错误页-->
<error-page>
<error-code>404</error-code>
<location>/error.jsp</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/error.jsp</location>
</error-page>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<!-- 默认页面 -->
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list>
</web-app>
2,配置文件分为applicationContext.xml,spring-shiro.mxl,spring-mybatis.xml,encache-shiro.xml
applicationContext.xml配置spring mvc等内容:
<!-- spring mvc 配置 -->
<mvc:annotation-driven />
<mvc:default-servlet-handler/>
<!-- 配置静态资源映射
<mvc:resources location="/assets/" mapping="/assets/**"/>
<mvc:resources location="/js/" mapping="/js/**"/>
<mvc:resources location="/css/" mapping="/css/**"/>
<mvc:resources location="/images/" mapping="/images/**"/>
-->
<!-- viewResolver配置 -->
<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="viewClass"
value="org.springframework.web.servlet.view.JstlView"></property>
<property name="prefix" value="/WEB-INF/jsp/" />
<property name="suffix" value=".jsp" />
</bean>
<!-- 扫描web相关 -->
<context:component-scan base-package="com.test.controller"></context:component-scan>
<!--文件上传下载相关-->
<bean id="multipartResolver"
class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
<property name="maxUploadSize" value="50000"></property>
<property name="maxInMemorySize" value="4096"></property>
</bean>
<!--拦截器配置-->
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/**"/>
<!--不进行拦截的连接-->
<mvc:exclude-mapping path="/common/login.do*"/>
<bean class="com.test.LoginInterceptor"/>
</mvc:interceptor>
</mvc:interceptors>
<bean class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
<property name="defaultErrorView" value="/error.jsp"></property>
</bean>
<import resource="classpath:spring-mybatis.xml"/>
<import resource="classpath:spring-shiro.xml"/>
</beans>
spring-mybatis.xml配置文件内容;
<util:properties id="jdbc" location="classpath:jdbc.properties" />
<context:component-scan base-package="com.test.service.impl" />
<!-- Hikari Datasource使用-->
<bean id="dataSource" class="com.zaxxer.hikari.HikariDataSource" destroy-method="shutdown">
<property name="jdbcUrl" value="#{jdbc.adminUrl}" />
<property name="driverClassName" value="#{jdbc.adminDriver}" />
<property name="username" value="#{jdbc.adminUser}" />
<property name="password" value="#{jdbc.adminPassword}" />
<!-- 连接只读数据库时配置为true, 保证安全 -->
<property name="readOnly" value="false" />
<!-- 等待连接池分配连接的最大时长(毫秒),超过这个时长还没可用的连接则发生SQLException, 缺省:30秒 -->
<property name="connectionTimeout" value="30000" />
<!-- 一个连接idle状态的最大时长(毫秒),超时则被释放(retired),缺省:10分钟 -->
<property name="idleTimeout" value="600000" />
<!-- 一个连接的生命时长(毫秒),超时而且没被使用则被释放(retired),缺省:30分钟,建议设置比数据库超时时长少30秒,参考MySQL wait_timeout参数(show variables like '%timeout%';) -->
<property name="maxLifetime" value="1800000" />
<property name="maximumPoolSize" value="50" />
</bean>
<!-- sqlSessionFactory会化工厂配置 -->
<bean id="SqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean">
<!-- 注入连接池 -->
<property name="dataSource" ref="dataSource" />
<!-- 配置mysql全局配置文件 -->
<property name="configLocation" value="classpath:mybatis-configuration.xml" />
<!-- 扫描entity包,使用别名 -->
<!-- <property name="typeAliasesPackage" value="com.test.entity"/> -->
<!-- 扫面sql配置文件 mapper文件 -->
<property name="mapperLocations" value="classpath:com/test/mapper/*.xml" />
</bean>
<!-- 扫面dao接口包 -->
<bean class="org.mybatis.spring.mapper.MapperScannerConfigurer">
<property name="basePackage" value="com.test.dao"></property>
<property name="sqlSessionFactoryBeanName" value="SqlSessionFactory"></property>
</bean>
<!-- 配置事务 -->
<bean id="TxManager"
class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource" ref="dataSource"></property>
</bean>
<!-- 配置基于注解的声明式事务 ,使用注解管理 1,明确编程风格 2,保证事务方法执行时间尽可能短 3,不穿插其他网路操作 4,有些写入操作不需要事务,只读只写写入一条数据,删除,更一个数据时,如果是批量操作则需要。 -->
<tx:annotation-driven transaction-manager="TxManager" proxy-target-class="true"/>
<tx:advice id="IMAdvice" transaction-manager="TxManager">
<tx:attributes>
<tx:method name="find*" read-only="true" />
<tx:method name="add*" propagation="REQUIRED" rollback-for="java.lang.Exception" />
<tx:method name="update*" propagation="REQUIRED"
rollback-for="java.lang.Exception" />
<tx:method name="delete*" propagation="REQUIRED"
rollback-for="java.lang.Exception" />
</tx:attributes>
</tx:advice>
<aop:config proxy-target-class="true">
<aop:advisor advice-ref="IMAdvice"
pointcut="within(com.test.service.impl..*)" />
</aop:config>
spring-shiro.xml配置内容:
<!-- 配置自定义Realm -->
<bean id="myRealm" class="com.test.MyRealm">
<property name="authorizationCacheName" value="myShiroCache"/>
</bean>
<!-- 安全管理器 -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="myRealm"/>
<!-- cache -->
<property name="cacheManager" ref="cacheManager"></property>
<property name="sessionManager" ref="sessionManager"/>
</bean>
<!-- Session Manager -->
<bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
<!-- 相隔多久检查一次session的有效性 -->
<property name="sessionValidationInterval" value="1800000"/>
<!-- session 有效时间为半小时 (毫秒单位)-->
<property name="globalSessionTimeout" value="1800000"/>
<property name="sessionDAO" ref="sessionDAO"/>
<!-- session 监听,可以多个。 -->
<property name="sessionListeners">
<list>
<ref bean="customSessionListener"/>
</list>
</property>
<!-- 间隔多少时间检查,不配置是60分钟 -->
<property name="sessionValidationScheduler" ref="sessionValidationScheduler"/>
<!-- 是否开启 检测,默认开启 -->
<property name="sessionValidationSchedulerEnabled" value="true"/>
<!-- 是否删除无效的,默认也是开启 -->
<property name="deleteInvalidSessions" value="true"/>
<!-- 会话Cookie模板 -->
<property name="sessionIdCookie" ref="sessionIdCookie"/>
<property name="sessionIdCookieEnabled" value="true"/>
</bean>
<!-- 会话验证调度器 -->
<bean id="sessionValidationScheduler" class="org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler">
<!-- 间隔多少时间检查,不配置是60分钟 -->
<property name="interval" value="12000000"/>
<property name="sessionManager" ref="sessionManager"/>
</bean>
<!-- 会话DAO -->
<bean id="sessionDAO" class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO">
<property name="activeSessionsCacheName" value="activeSessionCache"/>
<property name="cacheManager" ref="cacheManager"/>
<property name="sessionIdGenerator" ref="sessionIdGenerator"/>
</bean>
<bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
<property name="cacheManagerConfigFile" value="classpath:ehcache-shiro.xml"/>
</bean>
<bean id="customSessionListener" class="com.test.MySessionManager"></bean>
<!-- cookie 模板 -->
<bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
<constructor-arg name="name" value="IMSID"/>
<property name="httpOnly" value="true"/>
<property name="maxAge" value="1800"/><!-- 单位S-->
</bean>
<!-- 会话ID生成器 -->
<bean id="sessionIdGenerator" class="org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator"/>
<!-- Shiro过滤器 核心-->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<!-- Shiro的核心安全接口,这个属性是必须的 -->
<property name="securityManager" ref="securityManager"/>
<!-- 身份认证失败,则跳转到登录页面的配置 -->
<property name="loginUrl" value="/login.jsp"/>
<!-- 权限认证失败,则跳转到指定页面 -->
<property name="unauthorizedUrl" value="/error.jsp"/>
<!-- Shiro连接约束配置,即过滤链的定义 -->
<property name="filterChainDefinitions">
<value>
<!--anon 表示匿名访问,不需要认证以及授权-->
/common**=anon
<!--authc表示需要认证 没有进行身份认证是不能进行访问的-->
/user**=authc
</value>
</property>
</bean>
<!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
<!-- 开启Shiro注解 -->
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
depends-on="lifecycleBeanPostProcessor"/>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>
encache-shiro.xml缓存配置:
<ehcache updateCheck="false" name="shiroCache">
<defaultCache
maxElementsInMemory="10000"
eternal="false"
timeToIdleSeconds="120"
timeToLiveSeconds="120"
overflowToDisk="false"
diskPersistent="false"
diskExpiryThreadIntervalSeconds="120"
/>
<!--myrealm 配置认证授权缓存的名字,显式指定-->
<cache name="myShiroCache"
maxElementsInMemory="10000"
eternal="false"
timeToIdleSeconds="30"
timeToLiveSeconds="0"
overflowToDisk="false"
diskPersistent="false"
diskExpiryThreadIntervalSeconds="120"/>
</ehcache>