SpringBoot+SpringSecurity+SpringSession实现一个前后端分离的权限管理系统

这里SpringBoot用2.0.5版本

一、准备工作

1、主要依赖如下:

dependencies {    
    compile('com.alibaba:druid:1.1.5')
    compile('com.baomidou:mybatis-plus-boot-starter:2.2.0')
    compile('org.springframework.boot:spring-boot-starter-security')

    compile('org.springframework.boot:spring-boot-starter-data-redis')
// 如果通过redis来存储session就需要下面这个依赖
//    compile ('org.springframework.session:spring-session-data-redis')
// 用jdbc来存储session
    compile('org.springframework.session:spring-session-jdbc')
    compile('org.springframework.boot:spring-boot-starter-data-rest')

    compile('org.springframework.boot:spring-boot-starter-web')
    compile('org.springframework.boot:spring-boot-starter-undertow')
    compile('org.springframework.boot:spring-boot-starter-log4j2')
    compile('org.springframework.boot:spring-boot-configuration-processor')

    compile('org.springframework.boot:spring-boot-starter-test')
    compile('com.alibaba:fastjson:1.2.40')
    runtime('com.microsoft.sqlserver:mssql-jdbc')
    compile('org.apache.commons:commons-lang3:3.5')
    compile("io.springfox:springfox-swagger-ui:2.6.0")
    compile("io.springfox:springfox-swagger2:2.6.0")
    compile('org.projectlombok:lombok:1.16.16')
}
configurations {
    all*.exclude module: 'spring-boot-starter-logging'
    all*.exclude module: 'logback-classic'
    all*.exclude module: 'log4j-over-slf4j'
    all*.exclude module: 'spring-boot-starter-tomcat'
}

2、application.yml:

cors:
  allowedOrigins: "*"
  allowedMethods: GET,POST,OPTIONS
  allowCredentials: true
  allowedHeaders: '*'

spring:
  datasource:
    url: jdbc:sqlserver://localhost:1433;DatabaseName=test
    username: admin
    password: 123456
    type: com.alibaba.druid.pool.DruidDataSource
    driver-class-name: com.microsoft.sqlserver.jdbc.SQLServerDriver
    druid:
      filters: stat,wall        # 配置监控统计拦截的filters，去掉后监控界面sql无法统计，'wall'用于防火墙
      driver-class-name: com.mysql.jdbc.Driver
      initial-size: 5
      min-idle: 1
      max-active: 30
      max-wait: 60000
      time-between-eviction-runs-millis: 60000
      validation-query: SELECT 1
      test-while-idle: true
      test-on-borrow: false
      test-on-return: false
      filter:
        stat:
          log-slow-sql: true
          slow-sql-millis: 5000
          merge-sql: true
      max-pool-prepared-statement-per-connection-size: 500
      connect-properties: druid.stat.mergeSql=true;druid.stat.slowSqlMillis=50000
      min-evictable-idle-time-millis: 600000   # 配置一个连接在池中生存的时间，单位是毫秒
      max-evictable-idle-time-millis: 900000
  session:
    store-type: jdbc
    timeout: 3600s
    jdbc:
      cleanup-cron: 0 */30 * * * ?  #半小时清理session,cron表达式可以自行百度
      table-name: SPRING_SESSION
      initialize-schema: embedded
      schema: classpath:schema-sqlserver.sql
  jackson:
    date-format: yyyy-MM-dd HH:mm:ss
    time-zone: GMT+8

  servlet:
    multipart:
      max-file-size: 10MB
      enabled: true
      max-request-size: 10MB
mybatis-plus:
  type-aliases-package: com.test.domain.po
  mapper-locations: classpath:mapper/*.xml
  global-config:
    id-type: 0
    refresh-mapper: true
    db-column-underline: true
    logic-delete-value: 1
    logic-not-delete-value: 0
  configuration:
    cache-enabled: false
    map-underscore-to-camel-case: true
server:
  port: 9000
  compression:
    enabled: true
    mime-types: application/json,application/mapper,text/html,text/mapper,text/plain

注意：schema-sqlserver.sql这个sql文件来自spring-session-jdbc-2.0.6.RELEASE.jar包

因为里面的PRINCIPAL_NAME字段长度是根据登陆接口返回的对象来的；如果你的登陆报错数据库字段超长（sql server是报错字符被截断），则检查一下这个SPRING_SESSION表的某些字段是不是太短了；有些登陆接口可能返回了很多信息,spring自带的这个sql的PRINCIPAL_NAME字段长度不够,我这里修改了,放到了resource