一、导入静态资源
1.1 导入后台静态资源
1.2 导入前端登录页面资源
登录html页面下载:
微信公众号:淡若清风丶
回复:
透明碎片登录框
获取软件下载链接
1.3 修改登录页面
<!DOCTYPE html>
<html lang="zh_CN" xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="UTF-8">
<title>医院药品管理系统</title>
<link type="text/css" th:href="@{/static/layui/css/style.css}" rel="stylesheet" />
<link rel="stylesheet" th:href="@{/static/layui/css/layui.css}" media="all">
<link rel="stylesheet" th:href="@{/static/admin/style.css}" media="all">
</head>
<body>
<div class="container">
<form class="layui-form">
<div>
<br/>
<p>欢迎光临</p>
</div>
<div >
<input type="text" name="username" placeholder="用户名" autocomplete="off">
</div>
<div >
<input type="password" name="password" placeholder="密码" autocomplete="off">
</div>
<div class="layui-input-inline login-btn">
<button lay-submit lay-filter="login" class="layui-btn layui-btn-radius">登录</button>
<button lay-submit lay-filter="zc" class="layui-btn layui-btn-normal layui-btn-radius">注册</button>
</div>
<br/>
<br/>
<br/>
<a href="#">忘记密码?</a>
</form>
<div class="drops">
<div class="drop drop-1"></div>
<div class="drop drop-2"></div>
<div class="drop drop-3"></div>
<div class="drop drop-4"></div>
<div class="drop drop-5"></div>
</div>
</div>
<script th:src="@{/static/layui/layui.js}"></script>
<script>
layui.use("form",function () {
var form = layui.form;//获取到 layui的别名
var $ = layui.$;
//监听提交的按钮
form.on("submit(login)",function (data) { //把数据传入data里面
$.ajax({
url:"/toLogin", //跳转页面
type:"POST", //数据请求
data:data.field, //要传输的数据
dataType:"json", //数据JSON格式
//调用成功的话,返回result数据
success: function (result) {
if(result.code == "1"){ //如果result
layer.msg(result.msg,{icon:result.icon,anim:result.anim},function () {
location.href = "/index"; //登录成功,转向后台主页
});
}else{
layer.msg(result.msg,{icon:result.icon,anim:result.anim});
}
}
});
return false;//返回值
});
});
</script>
</body>
</html>
修改完成后:ctrl+F9 热加载刷新页面
二、判断登录
2.1 做一个假的登录跳转
2.2 给前端返回的JSON格式数据
package com.dh.common;
import java.util.HashMap;
/**
* 给前端返回的JSON格式数据
*/
public class ResultMapUtil {
/**
* 登录返回结果
*/
public static HashMap<String,Object> getHashMapLogin(String msg,String code){
HashMap<String,Object> resultMap = new HashMap<>();
resultMap.put("msg",msg);
if ("1".equals(code)){
resultMap.put("icon", 1);
}else {
resultMap.put("icon", 3);
}
resultMap.put("anim", 4);
return resultMap;
}
}
2.3 编写控制跳转
package com.dh.controller;
import com.dh.common.ResultMapUtil;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
public class UserController {
/**
* 跳转登录页面
* 访问login跳转到login.html页面
*/
@RequestMapping(value = "/login")
public String login(){
return "/login";
}
/**
* 判断用户登录是否成功
* @param username 用户名
* @param password 密码
* @return 验证成功
*/
@RequestMapping(value = "/toLogin")
@ResponseBody
public Object toLogin(String username,String password){
return ResultMapUtil.getHashMapLogin("验证成功", "1");
}
/**
* 跳转到后台首页
* @return index.html
*/
@RequestMapping(value = "/index")
public String index(){
return "/index";
}
}
2.4 编写一个简易后台页面
<!doctype html>
<html lang="zh_CN" xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="utf-8">
<title>医药药品管理系统</title>
<link rel="stylesheet" th:href="@{static/layui/css/layui.css}" media="all">
<link rel="stylesheet" th:href="@{static/admin/layui.css}" media="all">
</head>
<body>
<div class="login-main">
<header class="layui-elip">后台首页</header>
</div>
<script th:src="@{/static/layui/layui.js}"></script>
<script>
</script>
</body>
</html>
三、配置MybatisPlus
3.1 创建各层的包
3.2 创建MybatisPlusConfig
在config中创建MybatisPlusConfig
package com.dh.config;
import com.baomidou.mybatisplus.extension.plugins.PaginationInterceptor;
import org.mybatis.spring.annotation.MapperScan;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
/**
* MybatisPlus配置类
*/
@Configuration
@MapperScan(value = "com.dh.drug.mapper")
public class MybatisPlusConfig {
//分页拦截器
@Bean
public PaginationInterceptor paginationInterceptor(){
PaginationInterceptor page = new PaginationInterceptor();
page.setDialectType("mysql");//针对mysql的分页
return page;
}
}
3.3 创建实体类
User
package com.dh.pojo;
import com.baomidou.mybatisplus.annotation.IdType;
import com.baomidou.mybatisplus.annotation.TableField;
import com.baomidou.mybatisplus.annotation.TableId;
import com.baomidou.mybatisplus.annotation.TableName;
import lombok.Data;
import java.io.Serializable;
/**
* 用户表
*/
@Data
@TableName(value = "user") //mybatis的声明,对应的表
public class User implements Serializable {
/*主键*/
@TableField(value = "id") //对应的是id
//设置主键,主键自增
@TableId(value = "id",type = IdType.AUTO)
private Integer id;
/*用户名*/
private String username;
/*密码*/
private String password;
}
3.4 创建Mapper层
用户表的增删改查Mapper
package com.dh.mapper;
import com.baomidou.mybatisplus.core.mapper.BaseMapper;
import com.dh.pojo.User;
import org.apache.ibatis.annotations.Mapper;
/**
* 用户表的增删改查Mapper
*/
@Mapper
public interface UserMapper extends BaseMapper<User> {
}
3.5 创建Service层
package com.dh.service;
import com.baomidou.mybatisplus.extension.service.IService;
import com.dh.pojo.User;
/**
* 用户表的Service接口
*/
public interface UserService extends IService<User> {
/**
* 根据用户名查询用户对象
*/
public User queryUserByUsername(User user);
}
实现类
package com.dh.service.Impl;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import com.dh.mapper.UserMapper;
import com.dh.pojo.User;
import com.dh.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
/**
* 用户Service实现类
*/
@Service
public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements UserService {
@Autowired
private UserMapper userMapper;
/**
* 根据用户名查询用户对象
* @param user
*/
@Override
public User queryUserByUsername(User user) {
//条件构造器 动态拼接where条件 原则: 根据对象中不为null的属性动态拼接where条件.
QueryWrapper<User> wrapper = new QueryWrapper<>();
//根据username去查询
wrapper.eq("username", user.getUsername());
//返回 查询的一条记录
return userMapper.selectOne(wrapper);
}
}
3.6 测试获取账号密码
package com.dh;
import com.dh.pojo.User;
import com.dh.service.UserService;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
@SpringBootTest
class DrugApplicationTests {
@Autowired
private UserService userService;
@Test
void contextLoads() {
User user = new User();
user.setUsername("admin");
User user1 = userService.queryUserByUsername(user);
if(user1!=null){
System.out.println(user1.getPassword());
}
}
}
四、配置Shiro权限控制
4.1创建ShiroFilterConfiguration
权限控制Shiro配置类
package com.dh.config;
import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.LinkedHashMap;
import java.util.Map;
/**
* 权限控制Shiro配置类
*/
@Configuration
public class ShiroFilterConfiguration {
/**
* 创建过滤工厂Bean
*/
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(){
//1.new一个工厂bean
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
//2.需要注入参数
shiroFilterFactoryBean.setSecurityManager(securityManager());
/**
*
* Shiro内置过滤器,实现权限相关的拦截器
* anon:无需登录,可以访问
* authc:必须登录才可以访问
*/
//9.设置权限访问
Map<String,String> filterMap = new LinkedHashMap<>();
filterMap.put("/static/**","anon"); //static目录下都可以访问
filterMap.put("/login","anon"); //无需登录,可以访问
filterMap.put("/toLogin","anon"); //无需登录,可以访问
filterMap.put("/**","authc"); //剩下的全部 必须登录才可以访问
//8.判断是否有权限
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
//不登录自动转向的页面
shiroFilterFactoryBean.setLoginUrl("/login");
//登录后自动转向的页面
shiroFilterFactoryBean.setSuccessUrl("/index");
return shiroFilterFactoryBean;
}
/**
* 3.权限管理
*/
@Bean
public DefaultWebSecurityManager securityManager(){
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
//4.用户登录权限认证,创建userRealm
securityManager.setRealm(userRealm());
return securityManager;
}
/**
* 7.创建Realm ,认证用
* @return
*/
@Bean
public UserRealm userRealm(){
UserRealm userRealm = new UserRealm();
return userRealm;
}
/**
* 10.thymeleaf整合Shiro
*/
@Bean
public ShiroDialect shiroDialect(){
return new ShiroDialect();
}
}
4.2 创建UserRealm
package com.dh.config;
import com.dh.pojo.User;
import com.dh.service.UserService;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
/**
* 5.权限认证
*/
public class UserRealm extends AuthorizingRealm {
@Autowired
private UserService userService;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
return null;
}
/**
* 6.登录认证
* @param authenticationToken
* @return
* @throws AuthenticationException
*/
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//实现对应的接口
UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
//获取username
String username = token.getUsername();
//创建查询条件
User queryUser = new User();
queryUser.setUsername(username);
//根据用户名查询用户是否存在
User user = userService.queryUserByUsername(queryUser);
//判断是否为空
if(user==null){
return null;
}
//实现SimpleAuthenticationInfo,传回user和password
return new SimpleAuthenticationInfo(user,user.getPassword(),getName());
}
}
4.3 判断用户登录
修改UserController中之前写的假登录
/**
* 判断用户登录是否成功
* @param username 用户名
* @param password 密码
* @return 验证成功
*/
@RequestMapping(value = "/toLogin")
@ResponseBody
public Object toLogin(String username,String password){
if(username==null||password==null){
return ResultMapUtil.getHashMapLogin("用户名密码不能为空", "2");
}
//获取传入的用户和密码
Subject subject = SecurityUtils.getSubject();
//把获取的用户和密码,封装到token
UsernamePasswordToken token= new UsernamePasswordToken(username,password);
//通过捕获的异常,判断是否正确
try {
subject.login(token);
} catch (UnknownAccountException e) {//用户名不存在
return ResultMapUtil.getHashMapLogin("用户名不存在", "2");
}catch (IncorrectCredentialsException e){//密码错误
return ResultMapUtil.getHashMapLogin("密码错误", "2");
}
return ResultMapUtil.getHashMapLogin("验证成功", "1");
}
