今天主要修复了一个NewService
中存在的bug, 以及引入shiro框架 (未完全完成, 但将给出已完成部分代码)
问题描述
bug出现于NewServiceImpl
中的updateNow()
方法
NewServiceImpl.java
...
@Override
public News updateNew(Long id, News news) {
News news1 = newRepository.findById(id).orElse(null);
if (news1 == null) {
// System.out.println("未获得对象");
throw new NotFoundException("该新闻不存在");
}
BeanUtils.copyProperties(news, news1);
news1.setUpdateTime(new Date());
return newRepository.save(news1);
}
...
注意到其中的 BeanUtils.copyProperties(news, news1);
这一句, 在更新文章时, 应当只对被更新部分进行更新, 未更新部分应当保持不变. 因此使用news来覆盖news1的方式, 将导致create_date
字段也被覆盖更新, 这是不符合要求的. 因此, 应当在copyPropeities()
方法中指定忽略覆盖的字段
写一个工具类用于查找实体中为空的字段
MyBeanUtils.java
package com.psychedelicghost.util;
import org.springframework.beans.BeanWrapper;
import org.springframework.beans.BeanWrapperImpl;
import java.beans.PropertyDescriptor;
import java.util.ArrayList;
import java.util.List;
public class MyBeanUtils {
public static String[] getNullPropertyNames(Object source){
BeanWrapper beanWrapper = new BeanWrapperImpl(source);
PropertyDescriptor[] pds = beanWrapper.getPropertyDescriptors();
List<String> nullPropertyNames = new ArrayList<>();
for (PropertyDescriptor pd : pds){
String propertyName = pd.getName();
if (beanWrapper.getPropertyValue(propertyName) == null){
nullPropertyNames.add(propertyName);
}
}
return nullPropertyNames.toArray(new String[nullPropertyNames.size()]);
}
}
然后修改原来NewServiceImpl
中的代码为下
NewServiceImpl.java
...
@Override
public News updateNew(Long id, News news) {
News news1 = newRepository.findById(id).orElse(null);
if (news1 == null) {
// System.out.println("未获得对象");
throw new NotFoundException("该新闻不存在");
}
BeanUtils.copyProperties(news, news1, MyBeanUtils.getNullPropertyNames(news));
news1.setUpdateTime(new Date());
return newRepository.save(news1);
}
...
问题解决
shiro框架引入
首先配置依赖
pom.xml
...
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.3.2</version>
</dependency>
...
然后是realm
NewRealm.java
package com.psychedelicghost.realm;
import com.psychedelicghost.po.Permission;
import com.psychedelicghost.po.Role;
import com.psychedelicghost.po.User;
import com.psychedelicghost.service.UserService;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
import java.util.Set;
public class NewsRealm extends AuthorizingRealm {
@Autowired
private UserService userService;
public void setName(String name){
setName("newsRealm");
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
//获取认证的用户数据
User user = (User)principalCollection.getPrimaryPrincipal();
//构造认证数据
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
Set<Role> roles = user.getRoles();
for (Role role: roles){
//添加角色信息
info.addRole(role.getName());
for (Permission permission: role.getPermissions()){
//添加权限信息
info.addStringPermission(permission.getCode());
}
}
return info;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
UsernamePasswordToken upToken = (UsernamePasswordToken) authenticationToken;
String username = upToken.getUsername();
String password = new String(upToken.getPassword());
User user = userService.checkUsers(username, password);
if (user!=null){
return new SimpleAuthenticationInfo(user, user.getPassword(), this.getName());
}
return null;
}
}
未完全完成
ShiroConfiguration.java
package com.psychedelicghost;
import com.psychedelicghost.realm.NewsRealm;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.LinkedHashMap;
import java.util.Map;
@Configuration
public class ShiroConfiguration {
//创建realm
@Bean
public NewsRealm getRealm(){
return new NewsRealm();
}
//创建安全管理器
@Bean
public SecurityManager securityManager(NewsRealm realm){
//使用默认的安全管理器
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(realm);
//将自定义realm交给安全管理器统一调度管理
return securityManager;
}
//配置shiro过滤器工厂
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager){
ShiroFilterFactoryBean shiroFilterFactory = new ShiroFilterFactoryBean();
shiroFilterFactory.setSecurityManager(securityManager);
//通用配置
shiroFilterFactory.setLoginUrl("/admin");
shiroFilterFactory.setUnauthorizedUrl("/admin");
/*
* key: 请求路径
* value: 过滤器类型
*/
Map<String, String> filterMap = new LinkedHashMap<>();
filterMap.put("/admin/**", "authc");
shiroFilterFactory.setFilterChainDefinitionMap(filterMap);
return shiroFilterFactory;
}
//开启shiro注解支持
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager){
AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
advisor.setSecurityManager(securityManager);
return advisor;
}
}