强大全面的WEB基础框架Maven工程(SpringMVC 5.1.5、Spring 5.1.5、SpringSecurity 5.1.4、Hibernate 5.3.7),可直接用于商业系统开发
一. 系统简介
1. 后台架构:SpringMVC 5.1.5、Spring 5.1.5、SpringSecurity 5.1.4、Hibernate 5.3.7
2. 前端架构:Bootstrap,兼容JQuery,AJAX
3. 页面设计:SmartAdmin,AJAX + 对话框操作风格,可换6种页面风格和颜色
4. 数据库:MySQL,建库脚本、带基础数据,包括资源数据、角色数据、管理员数据
二. 系统要求
1. Windows系统、Linux系统、Mac系统
2. JDK8及以上
3. JDK使用无限制的安全策略文件
三. 基础功能
1. 登录,管理员初始账号:[email protected],密码:DoubleCA
2. 修改账户信息,包括可以重置账户密码
3. 角色管理,可动态管理系统权限和角色,角色列表字段带排序功能
4. 管理员账号管理,可动态管理管理员账号,为管理员动态分配角色和权限,管理员列表字段带排序功能
5. 管理员操作日志,带条件查询功能,日志列表字段带排序功能
6. Session检查功能
7. 退出功能
四. 安全基础功能
1. 数据库密码密文配置功能
2. 账户密码在数据库中的密文存储和验证功能,采用SpringSecurity的密码处理方式,详见SpringSecurity配置文件
3. 排它登录功能,同一管理员账户同一时间只能一处登录
4. 系统自动记录管理员操作日志
5. log4j2的系统日志功能
五. 配置文件
1. Spring配置文件,主要是数据库和事务配置
<!-- 配置组件扫描器,使用注解方式开发,不用配置dao和service -->
<context:component-scan base-package="com.doubleca.webapp.frame.lic.**"/>
<context:component-scan base-package="com.doubleca.webapp.frame.dao.**"/>
<context:component-scan base-package="com.doubleca.webapp.frame.service.**"/>
<context:component-scan base-package="com.doubleca.webapp.frame.security.**"/>
<aop:aspectj-autoproxy proxy-target-class="true"/>
<!-- 加载jdbc.properties配置文件 -->
<bean id="propertyConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="locations">
<list>
<value>classpath:config/jdbc.properties</value>
</list>
</property>
</bean>
<!-- 阿里 druid数据库连接池 -->
<bean id="dataSource" class="com.doubleca.db.DCDruidDataSource" init-method="init" destroy-method="close">
<!-- 基本属性 url、user、password -->
<property name="url" value="${jdbc.mysql.url}"/>
<property name="username" value="${jdbc.mysql.username}"/>
<property name="password" value="${jdbc.mysql.password}"/>
<property name="driverClassName" value="${jdbc.mysql.driverClassName}"/>
<!-- 配置初始化大小、最小、最大 -->
<property name="initialSize" value="${jdbc.mysql.initialPoolSize}"/>
<property name="minIdle" value="${jdbc.mysql.miniPoolSize}"/>
<property name="maxActive" value="${jdbc.mysql.maxPoolSize}"/>
<!-- 配置获取连接等待超时的时间 -->
<property name="maxWait" value="60000"/>
<!-- 配置间隔多久才进行一次检测,检测需要关闭的空闲连接,单位是毫秒 -->
<property name="timeBetweenEvictionRunsMillis" value="60000"/>
<!-- 配置一个连接在池中最小生存的时间,单位是毫秒 -->
<property name="minEvictableIdleTimeMillis" value="300000"/>
<property name="validationQuery" value="SELECT 'x'"/>
<property name="testWhileIdle" value="true"/>
<property name="testOnBorrow" value="false"/>
<property name="testOnReturn" value="false"/>
<!-- 打开PSCache,并且指定每个连接上PSCache的大小 -->
<property name="poolPreparedStatements" value="true"/>
<property name="maxPoolPreparedStatementPerConnectionSize" value="20"/>
<!-- 连接泄漏处理。Druid提供了RemoveAbandanded相关配置,用来关闭长时间不使用的连接(例如忘记关闭连接)。 -->
<property name="removeAbandoned" value="true"/>
<!-- 1800秒,也就是30分钟 -->
<property name="removeAbandonedTimeout" value="1800"/>
<!-- 关闭abanded连接时输出错误日志 -->
<property name="logAbandoned" value="true"/>
<!-- 配置监控统计拦截的filters, 监控统计:"stat",防SQL注入:"wall",组合使用: "stat,wall" -->
<property name="filters" value="stat"/>
</bean>
<!-- 配置session工厂 -->
<bean id="sessionFactory" class="org.springframework.orm.hibernate5.LocalSessionFactoryBean">
<property name="dataSource" ref="dataSource"/>
<property name="packagesToScan">
<list>
<value>com.doubleca.webapp.frame.entities.db</value>
<value>com.doubleca.webapp.frame.dao.impl</value>
</list>
</property>
<property name="hibernateProperties">
<props>
<prop key="hibernate.connection.release_mode">after_transaction</prop>
<prop key="hibernate.dialect">${hibernate.dialect}</prop>
<prop key="hibernate.show_sql">${hibernate.show_sql}</prop>
<prop key="hibernate.format_sql">${hibernate.format_sql}</prop>
<!-- <prop key="hibernate.hbm2ddl.auto">update</prop> -->
<prop key="hibernate.hbm2ddl.auto">${hibernate.hbm2ddl.auto}</prop>
<prop key="hibernate.generate_statistics.generate_statistics">${hibernate.generate_statistics}</prop>
<prop key="hibernate.max_fetch_depth">${hibernate.max_fetch_depth}</prop>
<!-- 开启二级缓存 ehcache -->
<prop key="hibernate.cache.use_second_level_cache">${hibernate.cache.use_second_level_cache}</prop>
<prop key="hibernate.cache.use_query_cache">${hibernate.cache.use_query_cache}</prop>
<prop key="hibernate.cache.region.factory_class">${hibernate.cache.region.factory_class}</prop>
<prop key="hibernate.cache.provider_configuration_file_resource_path">${hibernate.cache.provider_configuration_file_resource_path}</prop>
</props>
</property>
</bean>
<!-- <bean id="hibernateTemplateMysql" class="org.springframework.orm.hibernate5.HibernateTemplate"> <property name="sessionFactory" ref="sessionFactory"></property>
</bean> -->
<!-- 定义事务管理器(声明式的事务) -->
<bean id="transactionManager" class="org.springframework.orm.hibernate5.HibernateTransactionManager" scope="singleton">
<property name="sessionFactory" ref="sessionFactory"/>
</bean>
<!-- 注解事务 <tx:annotation-driven transaction-manager="transactionManager" proxy-target-class="true" /> -->
<!-- 配置AOP通知 -->
<tx:advice id="txAdvice" transaction-manager="transactionManager">
<tx:attributes>
<!-- 添加事务管理的方法 -->
<tx:method name="save*" propagation="REQUIRED"/>
<tx:method name="insert*" propagation="REQUIRED"/>
<tx:method name="update*" propagation="REQUIRED"/>
<tx:method name="delete*" propagation="REQUIRED"/>
<tx:method name="get*" propagation="SUPPORTS" read-only="true"/>
<tx:method name="find*" propagation="SUPPORTS" read-only="true"/>
<tx:method name="select*" propagation="SUPPORTS" read-only="true"/>
<tx:method name="load*" propagation="SUPPORTS" read-only="true"/>
<tx:method name="list*" propagation="SUPPORTS" read-only="true"/>
<tx:method name="query*" propagation="SUPPORTS" read-only="true"/>
<tx:method name="contains*" propagation="SUPPORTS" read-only="true"/>
<!-- 其他采用默认事务方式 -->
<tx:method name="*"/>
</tx:attributes>
</tx:advice>
<!-- 配置AOP,为添加事务管理的操作配置AOP -->
<aop:config>
<aop:pointcut id="interceptorPointCuts" expression="(execution(* com.doubleca.webapp.frame..*.*(..)))"/>
<aop:advisor advice-ref="txAdvice" pointcut-ref="interceptorPointCuts"/>
</aop:config>
<bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
<property name="defaultEncoding" value="UTF-8"/>
<property name="useCodeAsDefaultMessage" value="true"/>
<property name="cacheSeconds" value="100"></property>
<property name="basenames">
<list>
<value>classpath:config/i18n/messages</value>
</list>
</property>
</bean>
2. SpringMVC配置文件
<!-- 使用注解开发,不用配置controller,需要配置一个组件扫描器 -->
<context:component-scan base-package="com.doubleca.webapp.frame.controller"/>
<!-- 避免IE执行AJAX时,返回JSON出现下载文件 -->
<bean id="mappingJacksonHttpMessageConverter" class="org.springframework.http.converter.json.MappingJackson2HttpMessageConverter">
<property name="supportedMediaTypes">
<list>
<!-- 设置响应支持的类型 -->
<value>text/html;charset=UTF-8</value>
<!-- 设置请求body支持的类型 -->
<value>application/x-www-form-urlencoded</value>
<value>application/json;charset=UTF-8</value>
</list>
</property>
</bean>
<!-- 启动SpringMVC的注解功能,完成请求和注解POJO的映射 -->
<bean class="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter">
<property name="messageConverters">
<list>
<ref bean="mappingJacksonHttpMessageConverter"/> <!-- JSON转换器 -->
<bean class="org.springframework.http.converter.ByteArrayHttpMessageConverter"/>
<bean class="org.springframework.http.converter.xml.SourceHttpMessageConverter"/>
<bean class="org.springframework.http.converter.FormHttpMessageConverter"/>
<bean class="org.springframework.http.converter.StringHttpMessageConverter"/>
</list>
</property>
</bean>
<mvc:annotation-driven/>
<mvc:resources location="/dcsmart/" mapping="/dcsmart/**"/>
<!-- 视图解析器 -->
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<!-- 配置从项目根目录到指定目录一端路径 ,建议指定浅一点的目录 -->
<property name="prefix" value="/WEB-INF/jsp/"></property>
<!-- 文件的后缀名 -->
<property name="suffix" value=".jsp"></property>
</bean>
<!-- 配置文件上传,如果没有使用文件上传可以不用配置,当然如果不配,那么配置文件中也不必引入上传组件包 -->
<bean name="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
<!-- 默认编码 -->
<property name="defaultEncoding" value="utf-8"/>
<!-- 文件大小最大值 -->
<property name="maxUploadSize" value="10485760000"/>
<!-- 内存中的最大值 -->
<property name="maxInMemorySize" value="40960"/>
</bean>
3. SpringSecurity配置文件,与数据库结合的动态权限配置,排它登录配置,RememberME配置,错误退出配置等
<description>SpringSecurity安全配置</description>
<security:http pattern="/dcsmart/**" security="none" />
<security:http pattern="/register" security="none" />
<security:http pattern="/tologin" security="none" />
<security:http pattern="/tologinerr" security="none" />
<!--
<security:debug />
-->
<!-- Spring-Security 的配置 -->
<security:http auto-config="false" use-expressions="true" entry-point-ref="authenticationEntryPoint">
<security:headers>
<security:frame-options policy="SAMEORIGIN" />
</security:headers>
<!-- 只cache get,避免ajax post 被cache -->
<security:request-cache ref="httpSessionRequestCache" />
<!-- <security:intercept-url pattern="/**" access="hasRole('ROLE_USER')"/> <security:intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')"/> -->
<!--
<security:intercept-url pattern="/**" access="isAuthenticated()" />
-->
<security:custom-filter ref="filterSecurityInterceptor" before="FILTER_SECURITY_INTERCEPTOR" />
<security:custom-filter ref="loginAuthenticationFilter" position="FORM_LOGIN_FILTER" />
<security:custom-filter ref="concurrencySessionFilter" position="CONCURRENT_SESSION_FILTER" />
<!-- <security:custom-filter ref="rememberMeFilter" position="REMEMBER_ME_FILTER"/> -->
<security:custom-filter ref="logoutFilter" position="LOGOUT_FILTER" />
<security:session-management session-authentication-strategy-ref="compositeSessionAuthenticationStrategy" />
<!-- 启用安全策略 -->
<security:csrf disabled="true" token-repository-ref="csrfTokenRepository" />
<security:access-denied-handler ref="accessDeniedHandler" />
<!-- <security:logout logout-url="/j_spring_security_logout" invalidate-session="true" delete-cookies="JSESSIONID" logout-success-url="/toLogin"
/> -->
<!-- "记住我"功能,采用持久化策略(将用户的登录信息存放在数据库表中) -->
<!-- <remember-me data-source-ref="dataSource" /> -->
</security:http>
<bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<constructor-arg name="loginFormUrl" value="/tologout?param=2000" />
</bean>
<bean id="concurrencySessionFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter">
<constructor-arg name="sessionRegistry" ref="sessionRegistry" />
<!-- <constructor-arg name="expiredUrl" value="/tologin"/> -->
<constructor-arg name="sessionInformationExpiredStrategy" ref="redirectSessionInformationExpiredStrategy" />
</bean>
<bean id="redirectSessionInformationExpiredStrategy" class="org.springframework.security.web.session.SimpleRedirectSessionInformationExpiredStrategy">
<constructor-arg name="invalidSessionUrl" value="/tologout?param=1000" />
</bean>
<bean id="loginAuthenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<property name="sessionAuthenticationStrategy" ref="compositeSessionAuthenticationStrategy"></property>
<property name="filterProcessesUrl" value="/login"></property> <!-- 表单提交的url, 默认是/j_spring_security_check -->
<property name="usernameParameter" value="email"></property> <!-- 表单里用户名字段的name, 默认是j_username -->
<property name="passwordParameter" value="password"></property> <!-- 表单里密码字段的name, 默认是j_password -->
<!-- <property name="rememberMeServices" ref="rememberMeServices"></property> --> <!-- rememberme登录配置 -->
<property name="authenticationManager" ref="authenticationManager" /> <!-- 一定要配置, 这里使用上面定义的authenticationManager -->
<property name="authenticationFailureHandler" ref="authenticationFailureHandler" /> <!-- 验证失败时的处理器 -->
<property name="authenticationSuccessHandler" ref="authenticationSuccessHandler" /> <!-- 验证成果时的处理器 -->
</bean>
<bean id="compositeSessionAuthenticationStrategy" class="org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy">
<constructor-arg>
<!-- list顺序不要变 -->
<list>
<bean id="concurrentSessionControlAuthenticationStrategy" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy">
<constructor-arg ref="sessionRegistry" />
<property name="maximumSessions" value="1"></property> <!-- 同一个用户最多允许好多少个session -->
<!-- exceptionIfMaximumExceeded, 当超过最大session数时: true: 不允许新session, 保持旧session false: 销毁旧session, 新session生效 -->
<property name="exceptionIfMaximumExceeded" value="false"></property>
</bean>
<bean id="sessionFixationProtectionStrategy" class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy" />
<bean id="registerSessionAuthenticationStrategy" class="org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy">
<constructor-arg ref="sessionRegistry" />
</bean>
</list>
</constructor-arg>
</bean>
<bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />
<bean id="http403EntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint" />
<bean name="logoutSuccessHandler" class="org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler">
<property name="targetUrlParameter" value="target-url" />
<property name="defaultTargetUrl" value="/tologin" />
</bean>
<bean id="authenticationSuccessHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<property name="defaultTargetUrl" value="/index" /> <!-- 验证成功时跳到哪个请求 -->
<property name="alwaysUseDefaultTargetUrl" value="true" />
</bean>
<bean id="authenticationFailureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/tologinerr" /> <!-- 验证失败时跳到哪个请求 -->
</bean>
<bean id="accessDeniedHandler" class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
<!-- <property name="errorPage" value="/toforbiddenlogout" /> 登录用户访问无权限访问的资源 -->
</bean>
<!--remember-me拦截器 -->
<bean id="rememberMeFilter" class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
<constructor-arg ref="authenticationManager" />
<constructor-arg ref="rememberMeServices" />
</bean>
<bean id="rememberMeServices" class="org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices">
<constructor-arg value="key" />
<constructor-arg ref="loginSysUserDetailsService" />
<constructor-arg ref="jdbcTokenRepository" />
<property name="tokenValiditySeconds" value="604800" />
</bean>
<bean id="jdbcTokenRepository" class="org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl">
<!-- 使用Hibernate数据源对象 -->
<property name="dataSource" ref="dataSource" />
<!-- 是否在系统启动时创建持久化token的数据库表 -->
<!-- <property name="createTableOnStartup" value="true"/> -->
</bean>
<bean id="rememberMeAuthenticationProvider" class="org.springframework.security.authentication.RememberMeAuthenticationProvider">
<constructor-arg value="key" />
</bean>
<!--登出拦截器 -->
<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<constructor-arg value="/tologin" />
<property name="filterProcessesUrl" value="/j_spring_security_logout" />
<constructor-arg>
<list>
<!-- <ref bean="rememberMeServices" /> -->
<bean class="org.springframework.security.web.csrf.CsrfLogoutHandler">
<constructor-arg ref="csrfTokenRepository" />
</bean>
<bean class="org.springframework.security.web.authentication.logout.CookieClearingLogoutHandler">
<constructor-arg index="0">
<array>
<value>JSESSIONID</value>
<value>remember-me</value>
</array>
</constructor-arg>
</bean>
<bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
</list>
</constructor-arg>
</bean>
<bean id="csrfTokenRepository" class="org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository" />
<!-- 自定义拦截器 -->
<bean id="filterSecurityInterceptor" class="com.doubleca.webapp.frame.security.interceptor.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager" />
<property name="accessDecisionManager" ref="securityAccessDecisionManager" />
<property name="securityMetadataSource" ref="secureResourceFilterInvocationDefinitionSource" />
</bean>
<!-- 获取访问url对应的所有权限 -->
<bean id="secureResourceFilterInvocationDefinitionSource" class="com.doubleca.webapp.frame.security.interceptor.SecureResourceFilterInvocationDefinitionSource" />
<!-- 校验用户的权限是否足够 -->
<bean id="securityAccessDecisionManager" class="com.doubleca.webapp.frame.security.interceptor.SecurityAccessDecisionManager" />
<!-- 认证管理器,带remember-me功能 ,实现用户认证的入口,主要实现UserDetailsService接口即可 -->
<!-- <security:authentication-manager alias="authenticationManager" erase-credentials="false"> <security:authentication-provider user-service-ref="loginSysUserDetailsService">
<security:password-encoder ref="bcryptEncoder" /> </security:authentication-provider> <security:authentication-provider ref="rememberMeAuthenticationProvider"
/> </security:authentication-manager> -->
<!-- 认证管理器 实现用户进行登录鉴定的类 主要实现UserDetailsService接口即可 -->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="authenticationProvider">
</security:authentication-provider>
</security:authentication-manager>
<bean id="authenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="loginSysUserDetailsService" />
<property name="passwordEncoder" ref="bcryptEncoder" />
</bean>
<!--自定义的 UserDetailsService <security:password-encoder ref="bcryptEncoder"/> -->
<bean id="loginSysUserDetailsService" class="com.doubleca.webapp.frame.service.impl.LoginSysUserDetailsService"></bean>
<!--自定义的 UserDetailsService -->
<!-- 配置密码加密类 -->
<bean id="bcryptEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
<constructor-arg name="strength" value="11" />
</bean>
<bean id="httpSessionRequestCache" class="org.springframework.security.web.savedrequest.HttpSessionRequestCache" />
六. 下载地址:获取工程使用授权请联系,QQ:1337588982,免费在 http://www.PPLIC.com 授权平台获取授权数据
工程首次启动后会在运行目录的WEB-INF\classes\config文件夹下生成doubleca-webframe.req文件和doubleca-webframe.lic文件,doubleca-webframe.req为终端授权码请求文件,doubleca-webframe.lic为空文件,申请授权的具体步骤:
1. 访问PP商业软件自主授权平台:https://www.PPLIC.com
2. 点击“应用方入口”
3. “软件1编号”填写:66-F434B41DEE884C869CFE0755CCCAE6DF,免费授权码数量有限,获取请联系QQ:1337588982,将授权码写在“授权码”输入框内,“终端请求授权编码”框内复制doubleca-webframe.req文件的内容
4. 提交授权请求后页面会生成授权数据,将授权数据复制进doubleca-webframe.lic文件,再次运行或调试工程即可完成授权
5. 授权成功后会在WEB-INF\classes\config文件夹下生成doubleca-webframe.9000文件,内有授权到期时间
框架代码下载地址:https://download.****.net/download/upset_ming/10973861
授权码保留好,如果授权数据丢失,可凭授权码在PP商业软件自主授权平台 https://www.PPLIC.com找回授权数据