实习周记(二):登录注册与监控组件Druid的学习使用
参数传递问题(了解即可)
- 通过form表单传递数据
<form action="/login" method="post">
<input name="username">
<input name="password">
<button type="submit">
</button>
</form>
/login是请求的接口,method声明通过post传递数据
- 通过Servlet接受参数
@PostMapping
public String login(HttpServletRequest request, HttpServletResponse response, Model model){
String name = request.getParameter("username");
String password = request.getParameter("password");
model.addAttribute("msg","参数接受成功");
}
- 前端获取数据的方式
- 使用模板引擎thyme leaf
<p id="msg" th:text="${msg}"></p>
var result = document.getElementById("msg");
alert(result.value)
- 使用不同的前端框架获取
- 使用ajax传递数据,获取数据
<span id="heart" class="glyphicon glyphicon-heart" style="float: right" th:onclick="heart([[${questionDto.id}]])"></span>
<script>
function heart(id) {
var obj =document.getElementById("heart")
obj.style.color="red"
$.ajax({
url:"/heart",
type:"POST",
data:{"heart":id}
})
}
</script>
接收参数
@PostMapping("/heart")
public void heart(@RequestParam String heart){
int i = Integer.parseInt(heart);
questionMapper.updateLike(i);
}
总结:ajax传递参数为json字符串的形式,传输参数名与接收参数名相同
登录拦截器功能
在用户未登录时,我们不能让用户随便访问Web资源,所以需要设置拦截器
- 当用户被拦截时,我们希望用户看到的页面
package com.sdxb.blog.config;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/** 登录拦截 */
public class LoginHanderInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
Object token = request.getSession().getAttribute("name");
if(token==null){
request.setAttribute("msg","没有权限,请先登录");
request.getRequestDispatcher("/").forward(request,response);
return false;
}else {
return true;
}
}
}
其中我们通过token来检查用户是否登录,token来自登录成功时,人为添加的属性
@PostMapping("/logincheck")
public String checklogin(HttpServletRequest request, HttpServletResponse response, Model model, HttpSession session) {
//通过request获取输入的用户名和密码在数据库中查找相关用户,如果存在就登陆成功
User user = new User();
String name = request.getParameter("username");
String password = request.getParameter("password");
user.setName(name);
user.setPassword(password);
User newUser = userMapper.select(user);
if (newUser != null) {
String token = newUser.getToken();
session.setAttribute("name",name);
response.addCookie(new Cookie("token", token));
return "redirect:/index";
} else {
//登陆失败,重新登陆
model.addAttribute("msg","账号或者密码错误,请重新输入");
return "login";
}
}
- 在继承了WebMvcConfigurer的类中,设置拦截内容,还有放行资源
@Configuration
public class WebConfig implements WebMvcConfigurer {
/** 拦截器设置 */
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new LoginHanderInterceptor())
.addPathPatterns("/**") //拦截内容
.excludePathPatterns("/css/*","/","/js/*","/login.html","/img/*","/images/*","/logincheck","/register","/registerCheck","/login"); //白名单
}
}
跨域问题
在浏览器上当前访问的网站向另一个网站发送请求获取数据的过程就是跨域请求。
Spring Boot解决跨域问题的两种方式
- 配置类
@Configuration
public class CORSConfig {
@Bean
public WebMvcConfigurer corsConfigurer(){
return new WebMvcConfigurer() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedHeaders("*")
.allowedMethods("*")
.allowedOrigins("*");
}
};
}
}
- 使用注解
@CrossOrigin - 终极Boss
只需要在允许跨域的接口方法上进行添加注解即可,也可以直接在Controller类上添加,表示该Controller所有方法均允许跨域访问
Druid
Druid是一个JDBC组件,它包括三部分:
- DruidDriver 代理Driver,能够提供基于Filter-Chain模式的插件体系。
- DruidDataSource 高效可管理的数据库连接池。
- SQLParser
Druid可以做什么?
-
可以监控数据库访问性能,Druid内置提供了一个功能强大的StatFilter插件,能够详细统计SQL的执行性能,这对于线上分析数据库访问性能有帮助。
-
数据库密码加密。直接把数据库密码写在配置文件中,这是不好的行为,容易导致安全问题。DruidDruiver和DruidDataSource都支持PasswordCallback。
-
SQL执行日志,Druid提供了不同的LogFilter,能够支持Common-Logging、Log4j和JdkLog,你可以按需要选择相应的LogFilter,监控你应用的数据库访问情况。
-
扩展JDBC,如果你要对JDBC层有编程的需求,可以通过Druid提供的Filter-Chain机制,很方便编写JDBC层的扩展插件。
Druid的使用
- 添加依赖
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid-spring-boot-starter</artifactId>
<version>1.2.6</version>
</dependency>
- 自定义配置
spring:
datasource:
username: root
password: ??????
url: jdbc:mysql://localhost:3306/myblog?characterEncoding=UTF-8&useSSL=false
driver-class-name: com.mysql.jdbc.Driver
type: com.alibaba.druid.pool.DruidDataSource
#自动往数据库建表
# schema:
# - classpath:department.sql
initialSize: 5
minIdle: 5
maxActive: 20
maxWait: 60000
timeBetweenEvictionRunsMillis: 60000
minEvictableIdleTimeMillis: 300000
validationQuery: SELECT 1 FROM DUAL
testWhileIdle: true
testOnBorrow: false
testOnReturn: false
poolPreparedStatements: true
# 配置监控统计拦截的filters,去掉后监控界面sql无法统计,'wall'用于防火墙
filters: stat,wall,log4j
maxPoolPreparedStatementPerConnectionSize: 20
useGlobalDataSourceStat: true
connectionProperties: druid.stat.mergeSql=true;druid.stat.slowSqlMillis=500
druid:
filter:
log4j:
enabled: true
-
配置一个监控页面
druid提供了一个web页面,输入
http://localhost:8080/druid/login.html可以查看
import com.alibaba.druid.pool.DruidDataSource;
import com.alibaba.druid.support.http.StatViewServlet;
import com.alibaba.druid.support.http.WebStatFilter;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.boot.web.servlet.ServletRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import javax.sql.DataSource;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
@Configuration
public class DuridConfig {
@ConfigurationProperties(prefix = "spring.datasource")
@Bean
public DataSource druid(){
return new DruidDataSource();
}
@Bean
public ServletRegistrationBean statViewServlet(){
ServletRegistrationBean bean = new ServletRegistrationBean(new StatViewServlet(), "/druid/*");
// 这些参数可以在 com.alibaba.druid.support.http.StatViewServlet 的父类 com.alibaba.druid.support.http.ResourceServlet 中找到
Map<String,String> initParams = new HashMap<>();
initParams.put("loginUsername","admin");
initParams.put("loginPassword","123456");
initParams.put("allow",""); //默认就是允许所有访问
//deny:Druid 后台拒绝谁访问,表示禁止此ip访问
// initParams.put("deny","192.168.10.132");
bean.setInitParameters(initParams);
return bean;
}
//2、配置一个web监控的filter
@Bean
public FilterRegistrationBean webStatFilter(){
FilterRegistrationBean bean = new FilterRegistrationBean();
bean.setFilter(new WebStatFilter());
Map<String,String> initParams = new HashMap<>();
initParams.put("exclusions","*.js,*.css,/druid/*");
bean.setInitParameters(initParams);
bean.setUrlPatterns(Arrays.asList("/*"));
return bean;
}
}
-
配置日志
- 导入log4j依赖(根据选择添加自己想要的依赖)
<!-- https://mvnrepository.com/artifact/log4j/log4j --> <dependency> <groupId>log4j</groupId> <artifactId>log4j</artifactId> <version>1.2.17</version> </dependency>- 添加log4j配置文件(log4j.properties,与application.yml同级)
# Set root logger level to WARN and append to stdout #在开发环境下日志级别要设置成DEBUG,生产环境设置成info或error log4j.rootLogger=DEBUG, stdout #WARN为log输出级别,stdout,error为该log的别名,下面将用到 log4j.appender.stdout=org.apache.log4j.ConsoleAppender log4j.appender.stdout.layout=org.apache.log4j.PatternLayout # Pattern to output the caller's file name and line number. log4j.appender.stdout.layout.ConversionPattern=%d %5p (%c:%L) - %m%n # Print only messages of level ERROR or above in the package noModule. log4j.logger.noModule=FATAL # OpenSymphony Stuff log4j.logger.com.opensymphony=INFO log4j.logger.com.opensymphony.webwork=DEBUG # Spring Stuff log4j.logger.org.springframework=INFO ################################# # 错误信息 # ################################# log4j.appender.error=org.apache.log4j.DailyRollingFileAppender log4j.appender.error.File=E:/MyDoc/WorkSpace/webworkroot/logs/errors.log log4j.appender.error.layout=org.apache.log4j.PatternLayout log4j.appender.error.layout.ConversionPattern=[%d]-%-5p (%F:%L)|%m%n log4j.appender.error.DatePattern='.'yyyy-MM-dd log4j.appender.error.Threshold=ERROR ################################# # CONSOLE # ################################# log4j.appender.console=org.apache.log4j.ConsoleAppender log4j.appender.console.layout=org.apache.log4j.PatternLayout log4j.appender.console.layout.ConversionPattern=(%F:%L)|%m%n log4j.appender.errorcsle=org.apache.log4j.ConsoleAppender log4j.appender.errorcsle.layout=org.apache.log4j.PatternLayout log4j.appender.errorcsle.layout.ConversionPattern=%-5p (%F:%L)|%m%n log4j.appender.errorcsle.Threshold=ERROR ################################# # 业务系统 # ################################# log4j.logger.cn.vesung=DEBUG, logic log4j.appender.logic=org.apache.log4j.DailyRollingFileAppender log4j.appender.logic.File=E:/MyDoc/WorkSpace/webworkroot/logs/logic.log log4j.appender.logic.layout=org.apache.log4j.PatternLayout log4j.appender.logic.layout.ConversionPattern=[%d]-%-5p (%F:%L)|%m%n log4j.appender.logic.DatePattern='.'yyyy-MM-dd3.启动日志
druid: filter: log4j: enabled: true -
完成配置,可以根据需求修改druid和日志的配置,这里仅提供一种基础的练习配置
浙公网安备 33010602011771号