虽然spring早就推出java注解的方式配置框架,由于习惯了看xml所以一直没有去学习,然而最近需要学习springboot,为了平滑过渡,先被迫研究一下注解配置方式。
这里展示3种spring配置文件,来对比xml配置和java注解配置的区别,分别是spring\mvc\shiro的配置
先说总结:
对比2种配置方式会发现xml方法更繁琐(xml那恶心的头部约束),拿shiro来说,配完spring-shiro.xml,往往还需要在mvc.xml中开启代理,启用aop,然后在web.xml中启动shiro的Filter
而纯java配置只需一个类就能搞定,并且个人觉得可以更直观的看出bean的构造和依赖情况,又不依赖xsd文件
所以貌似java配置方法越来越流行,而xml的方式逐渐在被替代
话说回来现在springboot项目里似乎都已经放弃xml,要学习springboot的童鞋还是先习惯java配置方法吧(boot的配置还要高级,还要简单,感觉还是要先从基础的学起,免得直接看高级的一脸懵逼)
一、 spring配置
1、传统的spring.xml配置
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:cache="http://www.springframework.org/schema/cache"
xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/cache
http://www.springframework.org/schema/cache/spring-cache.xsd">
<context:component-scan base-package="com.ssm"/>
<context:property-placeholder location="classpath:jdbc.properties" ignore-unresolvable="true" />
<!-- 数据源 -->
<bean id="dataSource" class="org.apache.commons.dbcp2.BasicDataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver"/>
<property name="url" value="jdbc:mysql:///test?useSSL=false&useUnicode=true&characterEncoding=UTF-8"/>
<property name="username" value="${jdbc.username}"/>
<property name="password" value="${jdbc.password}"/>
</bean>
<!--mybatis的SqlSession的工厂-->
<bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean">
<property name="configLocation" value="classpath:mybatis.xml"/>
<property name="dataSource" ref="dataSource"/>
<property name="mapperLocations" value="classpath*:com/ssm/**/*-mapper.xml"/>
</bean>
<!--告诉mybatis去哪里找mapper.xml文件-->
<bean class="org.mybatis.spring.mapper.MapperScannerConfigurer">
<property name="basePackage" value="com.ssm.dao"/>
<property name="sqlSessionFactoryBeanName" value="sqlSessionFactory"/>
</bean>
<!--事务配置-->
<bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource" ref="dataSource"/>
</bean>
<!--启动事务-->
<tx:annotation-driven transaction-manager="transactionManager" order="3"/>
</beans>
2、基于注解的java类配置方式:
import org.apache.commons.dbcp2.BasicDataSource;
import org.mybatis.spring.SqlSessionFactoryBean;
import org.mybatis.spring.mapper.MapperScannerConfigurer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.support.PathMatchingResourcePatternResolver;
import org.springframework.jdbc.datasource.DataSourceTransactionManager;
import org.springframework.transaction.PlatformTransactionManager;
import org.springframework.transaction.annotation.EnableTransactionManagement;
@Configuration
@ComponentScan("com.demo")//启动spring扫描
@PropertySource(value = {"classpath:jdbc.properties"}, ignoreResourceNotFound = true)//找不到配置文件则抛出异常
@EnableTransactionManagement//启动事务
public class SpringConfig {
@Value("${jdbc.username}")
private String username;
@Value("${jdbc.password}")
private String password;
//数据源
@Bean
public BasicDataSource basicDataSource() {
BasicDataSource dataSource = new BasicDataSource();
dataSource.setDriverClassName("com.mysql.jdbc.Driver");
dataSource.setUrl("jdbc:mysql:///test?useSSL=false&useUnicode=true&characterEncoding=UTF-8");
dataSource.setUsername(username);
dataSource.setPassword(password);
return dataSource;
}
//session工厂
@Bean
public SqlSessionFactoryBean sqlSessionFactoryBean(BasicDataSource dataSource) throws IOException {
SqlSessionFactoryBean factoryBean = new SqlSessionFactoryBean();
factoryBean.setDataSource(dataSource);
// mapper location
PathMatchingResourcePatternResolver pathResolver = new PathMatchingResourcePatternResolver();
factoryBean.setMapperLocations(pathResolver.getResources("classpath*:com/demo/**/*-mapper.xml"));
// config file
factoryBean.setConfigLocation(new ClassPathResource("mybatis.xml"));
return factoryBean;
}
//mapper扫描
@Bean
public MapperScannerConfigurer mapperScannerConfigurer() {
MapperScannerConfigurer mapperScannerConfigurer = new MapperScannerConfigurer();
mapperScannerConfigurer.setBasePackage("com.demo.dao");
mapperScannerConfigurer.setSqlSessionFactoryBeanName("sqlSessionFactoryBean");
return mapperScannerConfigurer;
}
//事务配置
@Bean
public PlatformTransactionManager transactionManager(BasicDataSource dataSource) {
DataSourceTransactionManager dataSourceTransactionManager = new DataSourceTransactionManager();
dataSourceTransactionManager.setDataSource(dataSource);
return dataSourceTransactionManager;
}
}
说明:
2个配置文件内里都定义了数据源、mybatis的session工厂以及启用@Transantional的事务
第一份是xml配置方法(这里忽略了web.xml),第二份是基于注解的纯java配置方法
接下来看看mvc的配置:
二、spring-mvc配置
1、xml配置方法
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd">
<!-- 启动MVC配置 -->
<mvc:annotation-driven/>
<!-- 静态资源 -->
<mvc:resources mapping="/static/**" location="/static/">
<mvc:cache-control max-age="3600" cache-public="true"/>
</mvc:resources>
<!-- 启动mvc的自动扫描。Spring.xml可以不用扫描 -->
<context:component-scan base-package="com.demo"/>
<!-- 视图解析器 -->
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/jsp/"/>
<property name="suffix" value=".jsp"/>
<property name="viewClass" value="org.springframework.web.servlet.view.JstlView"/>
</bean>
<!--用来支持文件上传的multipart处理器-->
<bean id="multipartResolver"
class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
<!--todo 可以通过配置参数控制上传文件的内容和大小-->
</bean>
</beans>
然后是配置web.xml:
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>mvc</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:mvc.xml</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>mvc</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
2、java注解方式
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.multipart.MultipartResolver;
import org.springframework.web.multipart.commons.CommonsMultipartResolver;
import org.springframework.web.servlet.ViewResolver;
import org.springframework.web.servlet.config.annotation.DefaultServletHandlerConfigurer;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import org.springframework.web.servlet.view.InternalResourceViewResolver;
import org.springframework.web.servlet.view.JstlView;
@Configuration
@EnableWebMvc//启动springMVC注解驱动 等价于xml 配置中的<mvc:annotation-driven/>
@ComponentScan("com.demo")//扫描创建控制器类
public class WebMvcConfig extends WebMvcConfigurerAdapter {
@Bean//定义试图解析器
public ViewResolver viewResolver(){
InternalResourceViewResolver resolver = new InternalResourceViewResolver();
resolver.setPrefix("/WEB-INF/jsp/");
resolver.setSuffix(".jsp");
resolver.setExposeContextBeansAsAttributes(true);
resolver.setViewClass(JstlView.class);
return resolver;
}
//静态资源配置
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/static/**")
.addResourceLocations("/static/js")
.setCacheControl(CacheControl.maxAge(1, TimeUnit.HOURS).cachePublic());
}
/*静态资源交给默认的servlet
@Override
public void configureDefaultServletHandling(DefaultServletHandlerConfigurer configurer) {
configurer.enable();
}*/
//文件上传组件
@Bean
public MultipartResolver multipartResolver() {
return new CommonsMultipartResolver();
}
}
再配个启动类(相当于web.xml中配置ContextLoadListener)
继承了AbstractAnnotationConfigDispatcherServletInitializer的AppInitalizer的作用就类似web.xml中的ContextLoadListener,并且会在web项目运行初始化被自动发现并加载,这就是java config的魅力所在了,不管在哪里声明了配置了,只要继承了AbstractAnnotationConfigDispatcherServletInitializer,它就可以被自动加载。
import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;
public class WebAppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[]{RootConfig.class};//非SpringMVC上下文配置类,不需要就return null
}
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class[]{WebMvcConfig.class};//SpringMVC上下文配置类
}
@Override
protected String[] getServletMappings() {
return new String[]{"/"};//dispatcher映射路径,一个string的列表,这里处理所有请求
}
//相当于web.xml中的
//<servlet-mapping>
// <servlet-name>mvc</servlet-name>
// <url-pattern>/</url-pattern>
//</servlet-mapping>
}
RootConfig,不需要的话在上面 WebAppInitializer 的 getRootConfigClasses() 里直接return null即可
可以参考官方文档:
https://docs.spring.io/spring/docs/current/spring-framework-reference/web.html#spring-web
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.FilterType;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
@Configuration
@ComponentScan(basePackages="com.ssm",excludeFilters={
@ComponentScan.Filter(type= FilterType.ANNOTATION,value=EnableWebMvc.class)
})
public class RootConfig {
//RootConfig.class的内容如下,它可以放在和AppInitializer同个目录下,主要用来配置spring的bean,这里只关注web项目的实现,所以暂时没有具体内容
}
三、shiro配置
1、shiro.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd">
<!--shiroFilter 过滤器-->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<property name="loginUrl" value="/login"/>
<property name="successUrl" value="/hello"/>
<property name="unauthorizedUrl" value="/fail"/>
<property name="filters">
<map>
<entry key="authc" value-ref="formAuthenticationFilter"/>
<!--自定义Filter,视需求-->
<entry key="testAuth">
<bean class="com.yourpackage.AuthFilter"/>
</entry>
</map>
</property>
<property name="filterChainDefinitions" ref="shiroFilterChainDefinitions"></property>
</bean>
<!--权限过滤过滤器连定义 -->
<bean name="shiroFilterChainDefinitions" class="java.lang.String">
<constructor-arg>
<value>
/static/** = anon
/login = authc
/test = testAuth
</value>
</constructor-arg>
</bean>
<!--安全管理器 securityManager-->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="customRealm"/>
<property name="cacheManager" ref="shiroCacheManager"/>
<property name="sessionManager" ref="sessionManager"/>
<property name="rememberMeManager" ref="rememberMeManager"/>
</bean>
<!--自定义系统认证域 Realm-->
<bean id="customRealm" class="com.ssm.shiro.CustomRealm">
<property name="credentialsMatcher" ref="credentialsMatcher"/>
</bean>
<!-- 凭证匹配器,数据库保存的密码是使用MD5算法加密的-->
<bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
<property name="hashAlgorithmName" value="md5"/>
<property name="hashIterations" value="1"/>
</bean>
<!-- 缓存管理器-->
<bean id="shiroCacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
<property name="cacheManagerConfigFile" value="classpath:shiro-ehcache.xml"/>
</bean>
如果需要使用注解,还需要在mvc.xml中加入如下代码
<!--开启aop,对类代理-->
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator">
<property name="proxyTargetClass" value="true"/>
</bean>
<!--开启shiro注解支持-->
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>
最后还要在web.xml中配置如下,启动shiro的Filter
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
<!--设置true由servlet容器控制filter的生命周期-->
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
<!--设置spring容器filter的bean id,如果不设置则找与filter-name一致的bean-->
<!--<init-param>-->
<!--<param-name>targetBeanName</param-name>-->
<!--<param-value>shiroFilter</param-value>-->
<!--</init-param>-->
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
2、java方式:
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.cache.ehcache.EhCacheManager;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;
@Configuration
public class ShiroConfig {
//在springboot中利用FilterRegistrationBean注册delegatingFilterProxy来启动shiro
// @Bean
// public FilterRegistrationBean delegatingFilterProxy(){
// FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
// DelegatingFilterProxy proxy = new DelegatingFilterProxy();
// proxy.setTargetFilterLifecycle(true);
// proxy.setTargetBeanName("shiroFilter");
// filterRegistrationBean.setFilter(proxy);
// return filterRegistrationBean;
// }
@Bean("shiroFilter")
public ShiroFilterFactoryBean factory(DefaultWebSecurityManager securityManager) {
ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
factoryBean.setSecurityManager(securityManager);
factoryBean.setLoginUrl("/login");
factoryBean.setSuccessUrl("/user");
factoryBean.setUnauthorizedUrl("/fail");
//自定义Filter(视需求而定)
Map<String, Filter> filters = factoryBean.getFilters();//等号后面也可以直接new LinkedHashMap();
filters.put("testAuth", new YourFilter());
factoryBean.setFilters(filters);
//自定义url规则
// http://shiro.apache.org/web.html#urls-
Map<String, String> filterChainDefinitions = new LinkedHashMap<>();
filterChainDefinitions.put("/login", "authc");
filterChainDefinitions.put("/test", "testAuth");
filterChainDefinitions.put("/static/**", "anon");
factoryBean.setFilterChainDefinitionMap(filterChainDefinitions);
return factoryBean;
}
@Bean("securityManager")
public DefaultWebSecurityManager getManager() {
DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
manager.setRealm(myShiroRealm());
// manager.setCacheManager(ehCacheManager());//注入缓存管理器,看需求
/*
* 关闭shiro自带的session,详情见文档
* http://shiro.apache.org/session-management.html#SessionManagement-StatelessApplications%28Sessionless%29
*/
// DefaultSubjectDAO subjectDAO = new DefaultSubjectDAO();
// DefaultSessionStorageEvaluator defaultSessionStorageEvaluator = new DefaultSessionStorageEvaluator();
// defaultSessionStorageEvaluator.setSessionStorageEnabled(false);
// subjectDAO.setSessionStorageEvaluator(defaultSessionStorageEvaluator);
// manager.setSubjectDAO(subjectDAO);
return manager;
}
@Bean
public MyShiroRealm myShiroRealm() {
MyShiroRealm myShiroRealm = new MyShiroRealm();
myShiroRealm.setCredentialsMatcher(credentialsMatcher());
return myShiroRealm;
}
@Bean("credentialsMatcher")
public HashedCredentialsMatcher credentialsMatcher() {
HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();
credentialsMatcher.setHashAlgorithmName("md5");
credentialsMatcher.setHashIterations(5);
return credentialsMatcher;
}
/**
* 下面的代码是添加注解支持
*/
@Bean
@DependsOn("lifecycleBeanPostProcessor")
public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
// 强制使用cglib,防止重复代理和可能引起代理出错的问题
// https://zhuanlan.zhihu.com/p/29161098
defaultAdvisorAutoProxyCreator.setProxyTargetClass(true);
return defaultAdvisorAutoProxyCreator;
}
@Bean("lifecycleBeanPostProcessor")
public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
/**
* 开启shiro aop注解支持. 使用代理方式; 所以需要开启代码支持;
*/
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
advisor.setSecurityManager(securityManager);
return advisor;
}
// @Bean
// public EhCacheManager ehCacheManager() {
// EhCacheManager cacheManager = new EhCacheManager();
cacheManager.setCacheManagerConfigFile("classpath:ehcache.xml");
// return cacheManager;
// }
}
没有FilterRegistrationBean的话web.xml那段代码不能少,还得配置(暂时还没找到不通过FilterRegistrationBean注册
DelegatingFilterProxy来启动Filter的方法)