25,985
社区成员
发帖
与我相关
我的任务
分享
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
<bean id="shiroCacheManager"
class="cn.jeeweb.core.security.shiro.cache.SpringCacheManagerWrapper">
<property name="cacheManager" ref="springCacheManager" />
</bean>
<!-- 凭证匹配器 -->
<bean id="credentialsMatcher"
class="cn.jeeweb.modules.sys.security.shiro.web.filter.authc.credential.RetryLimitHashedCredentialsMatcher">
<constructor-arg ref="shiroCacheManager" />
<property name="maxRetryCount" value="${shiro.user.password.maxRetryCount}" />
<property name="showCaptchaRetryCount" value="${shiro.user.password.showCaptchaRetryCount}" />
<property name="hashAlgorithmName" value="${shiro.credentials.hashAlgorithmName}" />
<property name="hashIterations" value="${shiro.credentials.hashIterations}" />
<property name="storedCredentialsHexEncoded" value="${shiro.credentials.storedCredentialsHexEncoded}" />
</bean>
<!-- realm -->
<!-- <bean id="userRealm" class="cn.jeeweb.modules.sys.security.shiro.realm.UserRealm"> -->
<bean id="userRealm" class="cn.jeeweb.modules.sys.security.shiro.realm.sanitation.UserRealm">
<property name="credentialsMatcher" ref="credentialsMatcher" />
<!-- 用切面缓存代理了 此处就不缓存了 -->
<property name="authenticationCachingEnabled" value="false"/>
<property name="authorizationCachingEnabled" value="false"/>
</bean>
<!---cookie-->
<!-- uid(session id) 生成策略 -->
<bean id="sessionIdGenerator" class="org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator"/>
<bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
<constructor-arg value="${shiro.uid.cookie.name}"/>
<property name="domain" value="${shiro.uid.cookie.domain}"/>
<property name="path" value="${shiro.uid.cookie.path}"/>
<property name="httpOnly" value="${shiro.uid.cookie.httpOnly}"/>
<property name="maxAge" value="${shiro.uid.cookie.maxAge}"/>
</bean>
<bean id="rememberMeCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
<constructor-arg value="${shiro.uid.rememeberMe.cookie.name}"/>
<property name="domain" value="${shiro.uid.cookie.domain}"/>
<property name="path" value="${shiro.uid.cookie.path}"/>
<property name="httpOnly" value="${shiro.uid.cookie.httpOnly}"/>
<property name="maxAge" value="${shiro.uid.rememeberMe.cookie.maxAge}"/>
</bean>
<!--dao -->
<!-- 会话保持的DAO
<bean id="onlineSessionDAO" class="cn.jeeweb.modules.sys.security.shiro.session.mgt.eis.OnlineSessionDAO">
<property name="sessionIdGenerator" ref="sessionIdGenerator"/>
<property name="activeSessionsCacheName" value="${shiro.active.session.cacheName}"/>
</bean> -->
<!-- 自定义Session存储容器-->
<bean id="sessionDAO" class="cn.jeeweb.core.security.shiro.session.CacheSessionDAO">
<property name="sessionIdGenerator" ref="sessionIdGenerator" />
</bean>
<bean id="onlineSessionFactory" class="cn.jeeweb.modules.sys.security.shiro.session.mgt.OnlineSessionFactory"/>
<!-- manager -->
<!-- Remembered vs Authenticated http://www.ituring.com.cn/article/287 -->
<bean id="rememberMeManager" class="org.apache.shiro.web.mgt.CookieRememberMeManager">
<!-- rememberme cookie加密的密钥 建议每个项目都不一样 默认AES算法 密钥长度(128 256 512 位)-->
<property name="cipherKey"
value="#{T(org.apache.shiro.codec.Base64).decode('${shiro.uid.rememeberMe.cookie.base64.cipherKey}')}"/>
<property name="cookie" ref="rememberMeCookie"/>
</bean>
<!-- 会话验证调度 -->
<bean id="sessionValidationScheduler" class="cn.jeeweb.modules.sys.security.shiro.session.mgt.scheduler.SpringSessionValidationScheduler">
<property name="sessionValidationInterval" value="${shiro.session.validation.interval}"/>
<property name="sessionManager" ref="sessionManager"/>
</bean>
<!-- 会话管理器 -->
<bean id="sessionManager" class="cn.jeeweb.core.security.shiro.session.SessionManager">
<property name="globalSessionTimeout" value="${shiro.session.globalSessionTimeout}"></property>
<property name="sessionFactory" ref="onlineSessionFactory"/>
<property name="sessionDAO" ref="sessionDAO"/>
<property name="deleteInvalidSessions" value="false"/>
<property name="sessionValidationInterval" value="${shiro.session.validation.interval}"/>
<property name="sessionValidationSchedulerEnabled" value="true"/>
<property name="cacheManager" ref="shiroCacheManager"/>
<property name="sessionIdCookieEnabled" value="true"/>
<property name="sessionIdCookie" ref="sessionIdCookie"/>
</bean>
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<!-- Single realm app. If you have multiple realms, use the 'realms' property instead. -->
<property name="realm" ref="userRealm"/>
<property name="sessionManager" ref="sessionManager"/>
<property name="rememberMeManager" ref="rememberMeManager"/>
</bean>
<!-- filter -->
<!--替换默认的form 验证过滤器-->
<bean id="formAuthenticationFilter" class="cn.jeeweb.modules.sys.security.shiro.web.filter.authc.sanitation.FormAuthenticationFilter">
<property name="successUrl" value="${shiro.default.success.url}"/>
<!--表单上的用户名/密码 下次自动登录的参数名-->
<property name="usernameParam" value="username"/>
<property name="passwordParam" value="password"/>
<property name="rememberMeParam" value="rememberMe"/>
</bean>
<!-- 退出登录过滤器 -->
<bean id="logoutFilter" class="org.apache.shiro.web.filter.authc.LogoutFilter">
<property name="redirectUrl" value="${shiro.logout.success.url}"/>
</bean>
<!--提取系统用户(User) 验证用户是否合法的过滤器(如是否删除了 是否锁定了) -->
<bean id="sysUserFilter" class="cn.jeeweb.modules.sys.security.shiro.web.filter.user.sanitation.SysUserFilter">
<property name="userLockedUrl" value="${shiro.user.locked.url}"/>
<property name="userNotfoundUrl" value="${shiro.user.notfound.url}"/>
<property name="userUnknownErrorUrl" value="${shiro.user.unknown.error.url}"/>
</bean>
<!-- 验证会话是否是强制退出等的filter -->
<bean id="onlineSessionFilter" class="cn.jeeweb.modules.sys.security.shiro.web.filter.online.sanitation.OnlineSessionFilter">
<property name="forceLogoutUrl" value="${shiro.user.force.logout.url}"/>
<property name="sessionDAO" ref="sessionDAO"/>
</bean>
<bean id="jCaptchaValidateFilter" class="cn.jeeweb.modules.sys.security.shiro.web.filter.jcaptcha.JCaptchaValidateFilter">
<property name="jcaptchaEbabled" value="${shiro.jcaptcha.enable}"/>
<property name="jcaptchaParam" value="jcaptchaCode"/>
<property name="jcapatchaErrorUrl" value="${shiro.jcaptcha.error.url}"/>
</bean>
<!-- 同步当前会话数据到数据库
<bean id="syncOnlineSessionFilter" class="cn.jeeweb.modules.sys.security.shiro.web.filter.sync.SyncOnlineSessionFilter">
<property name="onlineSessionDAO" ref="onlineSessionDAO"/>
</bean>-->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<!-- override these for application-specific URLs if you like:-->
<property name="loginUrl" value="${shiro.login.url}"/>
<property name="unauthorizedUrl" value="${shiro.unauthorizedUrl}"/>
<!-- The 'filters' property is not necessary since any declared javax.servlet.Filter bean -->
<!-- defined will be automatically acquired and available via its beanName in chain -->
<!-- definitions, but you can perform instance overrides or name aliases here if you like: -->
<property name="filters">
<util:map>
<entry key="authc" value-ref="formAuthenticationFilter"/>
<entry key="logout" value-ref="logoutFilter"/>
<entry key="sysUser" value-ref="sysUserFilter"/>
<entry key="onlineSession" value-ref="onlineSessionFilter"/>
<!--<entry key="syncOnlineSession" value-ref="syncOnlineSessionFilter"/>-->
<entry key="jCaptchaValidate" value-ref="jCaptchaValidateFilter"/>
</util:map>
</property>
<property name="filterChainDefinitions">
<value>
/static/** = anon
/upload/** = anon
/img/** = anon
/jcaptcha* = anon
${admin.url.prefix}/logout = logout
${admin.url.prefix}/login = jCaptchaValidate,authc
/** = sysUser,onlineSession,user,perms,roles
</value>
</property>
</bean>
<!-- aop and other-->
<!-- For simplest integration, so that all SecurityUtils.* methods work in all cases, -->
<!-- make the securityManager bean a static singleton. DO NOT do this in web -->
<!-- applications - see the 'Web Applications' section below instead. -->
<!-- 相当于调用SecurityUtils.setSecurityManager(securityManager) -->
<bean
class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
<property name="staticMethod"
value="org.apache.shiro.SecurityUtils.setSecurityManager" />
<property name="arguments" ref="securityManager" />
</bean>
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
</beans>
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<display-name>company</display-name>
<!-- 应用路径 -->
<context-param>
<param-name>webAppRootKey</param-name>
<param-value>spring.webapp.root</param-value>
</context-param>
<!-- Log4J 配置 -->
<context-param>
<param-name>log4jConfigLocation</param-name>
<param-value>classpath:log4j.properties</param-value>
</context-param>
<context-param>
<param-name>log4jRefreshInterval</param-name>
<param-value>60000</param-value>
</context-param>
<!--Spring上下文 配置 -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring-config.xml</param-value>
</context-param>
<!-- 字符集 过滤器 -->
<filter>
<filter-name>CharacterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CharacterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Spring 监听器 -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<servlet>
<description>spring mvc servlet</description>
<servlet-name>springMvc</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<description>spring mvc 配置文件</description>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring-mvc.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>springMvc</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- session超时设置30分钟 -->
<session-config>
<session-timeout>1</session-timeout>
</session-config>
<!-- shiro 安全过滤器 -->
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<async-supported>true</async-supported>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<!-- 可以使用RequestContextHolder.currentRequestAttributes() 获取到请求的attr -->
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<!--druid 监控 -->
<filter>
<filter-name>DruidWebStatFilter</filter-name>
<filter-class>com.alibaba.druid.support.http.WebStatFilter</filter-class>
<async-supported>true</async-supported>
<init-param>
<param-name>exclusions</param-name>
<param-value>/static/*,*.js,*.gif,*.jpg,*.png,*.css,*.ico,/druid/*</param-value>
</init-param>
<init-param>
<param-name>principalSessionName</param-name>
<param-value>username</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>DruidWebStatFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- druid监控 -->
<servlet>
<servlet-name>DruidStatView</servlet-name>
<servlet-class>com.alibaba.druid.support.http.StatViewServlet</servlet-class>
<async-supported>true</async-supported>
</servlet>
<servlet-mapping>
<servlet-name>DruidStatView</servlet-name>
<url-pattern>/admin/sys/monitor/druid/*</url-pattern>
</servlet-mapping>
<!-- 验证码过滤器需要放到Shiro之后 因为Shiro将包装HttpSession 如果不 可能造成两次的sesison id 不一样 -->
<filter>
<filter-name>JCaptchaFilter</filter-name>
<filter-class>cn.jeeweb.modules.common.jcaptcha.JCaptchaFilter</filter-class>
<async-supported>true</async-supported>
</filter>
<filter-mapping>
<filter-name>JCaptchaFilter</filter-name>
<url-pattern>/jcaptcha.jpg</url-pattern>
</filter-mapping>
<!-- Xss安全过滤
<filter>
<filter-name>XssEscape</filter-name>
<filter-class>cn.jeeweb.core.filter.xss.XssFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>XssEscape</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping> -->
<!-- 装饰容器 sitemesh 文档 http://wiki.sitemesh.org/wiki/display/sitemesh/Home -->
<filter>
<filter-name>sitemeshFilter</filter-name>
<filter-class>com.opensymphony.sitemesh.webapp.SiteMeshFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>sitemeshFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<!-- 错误页面映射 -->
<error-page>
<error-code>404</error-code>
<location>/WEB-INF/webpage/error/404.jsp</location>
</error-page>
<error-page>
<error-code>400</error-code>
<location>/WEB-INF/webpage/error/400.jsp</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/WEB-INF/webpage/error/500.jsp</location>
</error-page>
<error-page>
<error-code>503</error-code>
<location>/WEB-INF/webpage/error/503.jsp</location>
</error-page>
<error-page>
<exception-type>java.lang.Exception</exception-type>
<location>/WEB-INF/webpage/error/error.jsp</location>
</error-page>
</web-app>
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.1.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-4.0.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd">
<!-- 数据源 -->
<!--see https://github.com/alibaba/druid/wiki/%E9%85%8D%E7%BD%AE_DruidDataSource%E5%8F%82%E8%80%83%E9%85%8D%E7%BD%AE -->
<bean id="dataSource" class="com.alibaba.druid.pool.DruidDataSource"
init-method="init" destroy-method="close">
<!-- 基本属性 url、user、password -->
<property name="url" value="${connection.url}" />
<property name="username" value="${connection.username}" />
<property name="password" value="${connection.password}" />
<property name="dbType" value = "${connection.dbType}" />
<!-- 配置初始化大小、最小、最大 -->
<property name="initialSize" value="${druid.initialSize}" />
<property name="minIdle" value="${druid.minIdle}" />
<property name="maxActive" value="${druid.maxActive}" />
<!-- 配置获取连接等待超时的时间 -->
<property name="maxWait" value="${druid.maxWait}" />
<!-- 配置间隔多久才进行一次检测,检测需要关闭的空闲连接,单位是毫秒 -->
<property name="timeBetweenEvictionRunsMillis" value="${druid.timeBetweenEvictionRunsMillis}" />
<!-- 配置一个连接在池中最小生存的时间,单位是毫秒 -->
<property name="minEvictableIdleTimeMillis" value="${druid.minEvictableIdleTimeMillis}" />
<property name="validationQuery" value="${druid.validationQuery}" />
<property name="testWhileIdle" value="${druid.testWhileIdle}" />
<property name="testOnBorrow" value="${druid.testOnBorrow}" />
<property name="testOnReturn" value="${druid.testOnReturn}" />
<!-- 打开PSCache,并且指定每个连接上PSCache的大小 如果用Oracle,则把poolPreparedStatements配置为true,mysql可以配置为false。 -->
<property name="poolPreparedStatements" value="${druid.poolPreparedStatements}" />
<property name="maxPoolPreparedStatementPerConnectionSize"
value="${druid.maxPoolPreparedStatementPerConnectionSize}" />
<!-- 配置监控统计拦截的filters -->
<property name="filters" value="${druid.filters}" />
</bean>
<bean id="sqlSessionFactory" class="com.baomidou.mybatisplus.spring.MybatisSqlSessionFactoryBean">
<!-- 配置数据源 -->
<property name="dataSource" ref="dataSource"/>
<!-- 自动扫描 Xml 文件位置 -->
<property name="mapperLocations" value="classpath:/mappings/**/*.xml"/>
<!-- 配置 Mybatis 配置文件(可无) -->
<property name="configLocation" value="classpath:mybatis-config.xml"/>
<property name="configurationProperties">
<props>
<prop key="dbType">${connection.dbType}</prop>
</props>
</property>
<!-- 配置包别名 -->
<property name="typeAliasesPackage" value="**.entity"/>
<!-- <property name="typeAliasesPackage" value="com.lingyue.sanitation.modules.*.entity"/> -->
<!-- 以上配置和传统 Mybatis 一致 -->
<!-- 插件配置 -->
<property name="plugins">
<array>
<!-- 分页插件配置, 参考文档分页插件部分!! -->
<!-- 如需要开启其他插件,可配置于此 -->
</array>
</property>
<!-- MP 全局配置注入 -->
<property name="globalConfig" ref="globalConfig"/>
</bean>
<!-- 自定义处理器 -->
<bean id="baseMetaObjectHandler" class="cn.jeeweb.core.common.handler.sanitation.BaseMetaObjectHandler" />
<!-- 自定义SQL组装-->
<bean id="sqlInjector" class="cn.jeeweb.core.query.injector.AutoSqlInjector" />
<!-- 定义 MP 全局策略 -->
<bean id="globalConfig" class="com.baomidou.mybatisplus.entity.GlobalConfiguration">
<!-- 主键策略配置 -->
<!-- 可选参数
AUTO->`0`("数据库ID自增")
INPUT->`1`(用户输入ID")
ID_WORKER->`2`("全局唯一ID")
UUID->`3`("全局唯一ID")
-->
<property name="idType" value="0"/>
<property name="logicDeleteValue" value="1"/>
<property name="logicNotDeleteValue" value="0"/>
<!-- 数据库类型配置 -->
<!-- 可选参数(默认mysql)
MYSQL->`mysql`
ORACLE->`oracle`
DB2->`db2`
H2->`h2`
HSQL->`hsql`
SQLITE->`sqlite`
POSTGRE->`postgresql`
SQLSERVER2005->`sqlserver2005`
SQLSERVER->`sqlserver`
-->
<property name="dbType" value="${connection.dbType}"/>
<!-- 全局表为下划线命名设置 true -->
<property name="dbColumnUnderline" value="true"/>
<!-- 重写查询 -->
<property name="sqlInjector" ref="sqlInjector" />
<!-- 公共字段填充处理器 -->
<property name="metaObjectHandler" ref="baseMetaObjectHandler" />
</bean>
<!-- DAO接口所在包名,Spring会自动查找其下的类 -->
<bean class="org.mybatis.spring.mapper.MapperScannerConfigurer">
<property name="basePackage" value="cn.jeeweb.modules.*.mapper,com.lingyue.sanitation.modules.*.mapper" />
<!-- <property name="basePackage" value="com.lingyue.sanitation.modules.*.mapper" /> -->
<property name="sqlSessionFactoryBeanName" value="sqlSessionFactory"></property>
</bean>
<!-- (事务管理)transaction manager, use JtaTransactionManager for global tx -->
<bean id="transactionManager"
class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource" ref="dataSource" />
</bean>
<!-- 热加载 -->
<bean class="com.baomidou.mybatisplus.spring.MybatisMapperRefresh">
<constructor-arg name="sqlSessionFactory" ref="sqlSessionFactory"/>
<constructor-arg name="mapperLocations" value="classpath:/mappings/**/*.xml"/>
<constructor-arg name="enabled" value="true"/>
</bean>
<!-- 开启事务 -->
<tx:annotation-driven transaction-manager="transactionManager" />
<bean id="jdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate">
<property name="dataSource" ref="dataSource" />
</bean>
<bean id="namedParameterJdbcTemplate"
class="org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate">
<constructor-arg ref="dataSource"></constructor-arg>
</bean>
</beans>