Это Класс конфигурации
@ Configuration @EnableWebMvc @ComponentScan (basePackages = "com.nike.mycoolwebapp") @PropertySource ("classpath: persistence- mysql .properties ") publi c class AppConfig {
// set up variable to hold the properties. One can use spring helper classes or use @Autowired
@Autowired
private Environment env; // will hold the data read from the properties file
// set up a logger for diagnostics
private Logger logger = Logger.getLogger(getClass().getName());
// define a bean for ViewResolver
@Bean
public ViewResolver viewResolver() {
InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
viewResolver.setPrefix("/WEB-INF/view/");
viewResolver.setSuffix(".jsp");
return viewResolver;
}
// define a bean for our security datasource
@Bean
public DataSource securityDataSource() {
// create a connection pool
ComboPooledDataSource securityDatasource
= new ComboPooledDataSource();
// set the jdbc driver
try {
securityDatasource.setDriverClass(env.getProperty("jdbc.driver"));
} catch (PropertyVetoException exc) {
// I'm wrapping this exception as runtime exception. It's unchecked and throwing that,
// so, at least the system knows if something goes wrong, or if there's a problem
throw new RuntimeException(exc);
}
// log the connection props
// just for sanity's sake. if it's reading from properties file
logger.info(">>> jdbc.url= " + env.getProperty("jdbc.url"));
logger.info(">>> jdbc.user= " + env.getProperty("jdbc.user"));
logger.info(">>> jdbc.password= " + env.getProperty("jdbc.password"));
// set the database connection props
securityDatasource.setJdbcUrl(env.getProperty("jdbc.url"));
securityDatasource.setUser(env.getProperty("jdbc.user"));
securityDatasource.setPassword(env.getProperty("jdbc.password"));
// set the connection pool props
securityDatasource.setInitialPoolSize(
getIntProperty("connection.pool.initialPoolSize"));
securityDatasource.setMinPoolSize(
getIntProperty("connection.pool.minPoolSize"));
securityDatasource.setMaxPoolSize(
getIntProperty("connection.pool.maxPoolSize"));
securityDatasource.setMaxIdleTime(
getIntProperty("connection.pool.maxIdleTime"));
return securityDatasource;
}
// need a helper method
// read environment property and convert to int
private int getIntProperty(String propName) {
String propValue = env.getProperty(propName);
// now convert to int
int intPropValue = Integer.parseInt(propValue);
return intPropValue;
}
}
Здесь Config Security
@ Конфигурация @EnableWebSecurity publi c Класс AppSecurityConfig расширяет WebSecurityConfigurerAdapter {
// add a reference to our security data source
@Autowired
private DataSource securityDataSource;
@Autowired
public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
/*
//inMemoryAuthentication deprecated in latest Spring
auth.inMemoryAuthentication().withUser("john").password("111").roles(
"EMPLOYEE");
auth.inMemoryAuthentication().withUser("mary").password("111").roles(
"EMPLOYEE", "MANAGER");
auth.inMemoryAuthentication().withUser("susan").password("111").roles(
"EMPLOYEE", "ADMIN");
*/
// use jdbc aunthetication
// tell Spring Security to use JDBC authentication with our data source
auth.jdbcAuthentication().dataSource(securityDataSource);
}
/**
* Configure security of web paths in application, login, logout etc
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
// .anyRequest().authenticated() // any request to the app must be authenticated
// (i.e. logging in)
.antMatchers("/").hasRole("EMPLOYEE").antMatchers("/leaders/**").hasRole("MANAGER")
// show our custom form at the request mapping "/showMyLoginPage"
.antMatchers("/systems/**").hasRole("ADMIN").and().formLogin().loginPage("/showLoginPage")
.loginProcessingUrl("/authenticateTheUser") // Login form should POST data to this URL for processing
// (check username & password)
.usernameParameter("username") // don't add this in spring 5
.passwordParameter("password") // don't add this in spring 5
.permitAll() // Allow everyone to see login page. No need to be logged in.
.and().logout().permitAll().and().exceptionHandling().accessDeniedPage("/access-denied");
}
}
Здесь MvcDispatchServletInitializer 1060 *
publi c класс AppSpringMvsDispatcherServlerInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[] {AppConfig.class};
}
@Override
protected Class<?>[] getServletConfigClasses() {
return null;
}
@Override
protected String[] getServletMappings() {
return new String[] {"/"};
}
}
Здесь SecurityWebApplicationInitializer
publi c Класс SecurityWebApplicationInitializer расширяет AbstractSecurityWebApplicationInitializer {
}
Здесь пом. xml
http://maven.apache.org/xsd/maven-4.0.0.xsd "> 4,0 .0
<groupId>com.nike.mycoolwebapp</groupId>
<artifactId>mycoolwebapp</artifactId>
<version>1.0</version>
<packaging>war</packaging>
<name>mycoolwebapp</name>
<properties>
<springframework.version>4.1.6.RELEASE</springframework.version>
<springsecurity.version>4.0.1.RELEASE</springsecurity.version>
<c3po.version>0.9.5.2</c3po.version>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
</properties>
<dependencies>
<!-- Spring MVC support -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${springframework.version}</version>
</dependency>
<!-- Spring Security -->
<!-- spring-security-web and spring-security-config -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${springsecurity.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${springsecurity.version}</version>
</dependency>
<!-- Add Spring Security Taglibs support -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>${springsecurity.version}</version>
</dependency>
<!-- Add MySQL support -->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>8.0.18</version>
</dependency>
<!-- Add c3p0 support -->
<dependency>
<groupId>com.mchange</groupId>
<artifactId>c3p0</artifactId>
<version>${c3po.version}</version>
</dependency>
<!-- Servlet, JSP and JSTL support -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.1.0</version>
</dependency>
<dependency>
<groupId>javax.servlet.jsp</groupId>
<artifactId>javax.servlet.jsp-api</artifactId>
<version>2.3.1</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
<!-- to compensate for java 9+ not including jaxb -->
<dependency>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
<version>2.3.0</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>3.8.1</version>
<scope>test</scope>
</dependency>
</dependencies>
<!-- TO DO: Add support for Maven WAR Plugin -->
<build>
<finalName>mycoolwebapp</finalName>
<pluginManagement>
<plugins>
<plugin>
<!-- Add Maven coordinates (GAV) for: maven-war-plugin -->
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
<version>3.2.0</version>
</plugin>
</plugins>
</pluginManagement>
</build>
Здесь AppController
@ Controller publi c class AppController {
@RequestMapping(value = "/", method = RequestMethod.GET)
public String showHome() {
return "home";
}
// add a request mapping for /leaders
@RequestMapping(value = "/leaders", method = RequestMethod.GET)
public String showLeader() {
return "leaders";
}
// add a request mapping for /systems
@RequestMapping(value = "/systems", method = RequestMethod.GET)
public String showAdmin() {
return "systems";
}
}
Здесь находится Контроллер входа .
@ Контроллер publi c класс LoginController {
@RequestMapping(value = "/showLoginPage", method = RequestMethod.GET)
public String showLoginPage() {
return "fancy-login";
}
// add a request mapping for /access-denied
@RequestMapping(value = "/access-denied", method = RequestMethod.GET)
public String showAccessDenied() {
return "access-denied";
}
}
Здесь находятся MySQL таблицы