一、安装Redis1.下载Rediswgethttp://download.redis.io/releases/redis-4.0.6.tar.gz2.解压tar-zxvfredis-4.0.6.tar.gz3.yum安装gccyuminstall-ygcc4.编译安装rediscdredis-4.0.6makeMALLOC=libccdsrc&&makeinstall二、启动Redis1.在/etc目录下新建redis目录mkdir-p/etc/redis2.将/usr/local/redis-4.0.6/redis.conf文件复制一份到/etc/redis目录下,并命名为6379.confcp/usr/local/redis-4.0.6/redis.conf/etc/redis/6379.conf3.将redis的启动脚本复制一份放到/etc/init.d目录下cp/usr/local/redis-4.0.6/utils/redis_init_script/etc/init.d/redisd4.设置redis开机自启动cd/etc/init.dchkconfigredisdonserviceredisddoesnotsupportchkconfig看结果是redisd不支持chkconfig,编辑redisd文件,加入如下注释:#chkconfig:23459010#description:Redisisapersistentkey-valuedatabasechkconfigredisdon启动redis:serviceredisdstart停止redis:serviceredisdstop
1.@RestController注解相当于@ResponseBody+@Controller合在一起的作用。2.如果只是使用@RestController注解Controller,则Controller中的方法无法返回jsp页面,或者html,配置的视图解析器InternalResourceViewResolver不起作用,返回的内容就是Return里的内容。3.如果需要返回到指定页面,则需要用@Controller配合视图解析器InternalResourceViewResolver才行。4.如果需要返回JSON,XML或自定义mediaType内容到页面,则需要在对应的方法上加上@ResponseBody注解。)
Vue+SpringBoot实现WebSocket通信服务端在SpringBoot项目中添加ServerEndpointExporterBean的方法@BeanpublicServerEndpointExporterexporter(){returnnewServerEndpointExporter();}创建WebSocket客户端管理类:WebSocketComponent.javapackagecn.coralcloud.blog.web.component;importcom.alibaba.fastjson.JSON;importorg.springframework.stereotype.Component;importjavax.websocket.*;importjavax.websocket.server.ServerEndpoint;importjava.io.IOException;importjava.util.Objects;importjava.util.concurrent.CopyOnWriteArraySet;/**@authorgeff@nameWebSocketComponent@description@date2019-12-1814:22/@ServerEndpoint(value="/websocket")@ComponentpublicclassWebSocketComponent{/**静态变量,用来记录当前在线连接数。应该把它设计成线程安全的。/privatestaticintonlineCount=0;/**concurrent包的线程安全Set,用来存放每个客户端对应的CumWebSocket对象。/privatestaticCopyOnWriteArraySetwebSocketSet=newCopyOnWriteArraySet<>();/**与某个客户端的连接会话,需要通过它来给客户端发送数据/privateSessionsession;/**连接建立成功调用的方法@paramsessionsession/@OnOpenpublicvoidonOpen(Sessionsession){this.session=session;//加入set中webSocketSet.add(this);//添加在线人数addOnlineCount();System.out.println("新连接接入。当前在线人数为:"+getOnlineCount());}/**连接关闭调用的方法/@OnClosepublicvoidonClose(){//从set中删除webSocketSet.remove(this);//在线数减1subOnlineCount();System.out.println("有连接关闭。当前在线人数为:"+getOnlineCount());}/**收到客户端消息后调用@parammessagemessage@paramsessionsession/@OnMessagepublicvoidonMessage(Stringmessage,Sessionsession){System.out.println("客户端发送的消息:"+message);sendAll(JSON.toJSONString(messageDTO),session.getId());}/**群发@parammessagemessage/privatestaticvoidsendAll(Stringmessage,StringsessionId){webSocketSet.forEach(item->{if(!item.session.getId().equals(sessionId)){//群发try{item.sendMessage(message);}catch(IOExceptione){e.printStackTrace();}}});}/**发生错误时调用@paramsessionsession@paramerrorerror/@OnErrorpublicvoidonError(Sessionsession,Throwableerror){System.out.println("----websocket-------有异常啦");error.printStackTrace();}/**减少在线人数/privatevoidsubOnlineCount(){WebSocketComponent.onlineCount--;}/**添加在线人数/privatevoidaddOnlineCount(){WebSocketComponent.onlineCount++;}/**当前在线人数@returnint/publicstaticsynchronizedintgetOnlineCount(){returnonlineCount;}/**发送信息@parammessagemessagethrowsIOException/publicvoidsendMessage(Stringmessage)throwsIOException{//获取session远程基本连接发送文本消息this.session.getBasicRemote().sendText(message);//this.session.getAsyncRemote().sendText(message);}@Overridepublicbooleanequals(Objecto){if(this==o){returntrue;}if(o==null||getClass()!=o.getClass()){returnfalse;}WebSocketComponentthat=(WebSocketComponent)o;returnObjects.equals(session,that.session);}@OverridepublicinthashCode(){returnObjects.hash(session);}}@ServerEndpoint注解标识当前WebSocket服务端endpoint地址,本文实际前端访问的ws地址为:ws://localhost:8080/websocket。至此,服务端工作完成。页面VUE端<template><el-cardv-loading="loading"element-loading-spinner="el-icon-loading":body-style="{padding:'5px',backgroundColor:'#eee'}"class="socket-box"shadow="hover"><divclass="socket-box__content":style="{height:(boxHeight-125)+'px'}"id="socket-content"><divv-if="hasMore"@click="loadMore"class="load-more"><span>加载更多</span></div><divv-elsestyle="width:100%;text-align:center;font-size:12px">没有更多了</div><divclass="item"v-for="minmessages":class="checkMe(m)?'sender':''"><divclass="slide"><divclass="avatar":style="{background:m.background}">{{m.name.substring(0,1)}}</div><divclass="meta"><divclass="name">{{m.name}}</div><divclass="date">{{m.createTime|datetime}}</div></div></div><p>{{m.content}}</p></div></div><divclass="socket-box__footer"><el-form@submit.native.prevent><el-form-item><el-inputtype="textarea"resize="none":rows="3":disabled="!connect":placeholder="connect?'输入内容...':'当前连接断开,请刷新重试!'":clearable="true"v-model="message"@keydown.native.enter="submitMsgForm"></el-input></el-form-item><el-form-item><el-button@click="sendMsg(message)":disabled="!connect"style="width:100%"type="primary"size="small">发送(Enter)</el-button></el-form-item></el-form></div></el-card></template><script>import{GET}from"@/api";exportdefault{name:"Chatroom",data(){return{messages:[],message:'',//boxHeight:document.documentElement.clientHeight-85,hasMore:true,pager:{pageNo:1,pageSize:10,total:0},loading:false,connect:false}},props:{boxHeight:{type:Number,required:true}},methods:{submitMsgForm(event){if(event.shiftKey){return;}event.preventDefault();this.sendMsg(this.message)},checkMe(message){letuser=localStorage.getItem("socketUser");if(user){user=JSON.parse(user);returnuser.uid===message.uid}else{returnfalse;}},initWebSocket:function(){this.websock=newWebSocket(`ws://localhost:8080/websocket`);this.websock.onopen=this.websocketonopen;this.websock.onerror=this.websocketonerror;this.websock.onmessage=this.websocketonmessage;this.websock.onclose=this.websocketclose;constthat=this;that.loading=true;GET({url:'/api/personal/web/message/socketData?pageNo=1',callback:res=>{if(res.code===200){that.messages=res.data.messages;that.hasMore=res.data.messages.length===that.pager.pageSize;that.$nextTick(function(){document.getElementById("socket-content").scroll({top:document.getElementById("socket-content").scrollHeight,left:0,behavior:'smooth'})})}that.loading=false}})},sendMsg(data){if(/^\s*$/.test(data)){this.message='';return;}//发送时传入JSON(UID,昵称,内容)constlocal=localStorage.getItem("socketUser");if(local){constl=JSON.parse(local);this.send(l,data)}else{//弹框this.$prompt('首次发表,请输入昵称','提示',{confirmButtonText:'确定',cancelButtonText:'取消',}).then(({value})=>{//随机生成UIDconstuid=this.randomVideoUuid(32,16);constform={uid:uid,name:value,background:`rgb(${Math.random()*255},${Math.random()*255},${Math.random()*255})`};localStorage.setItem("socketUser",JSON.stringify(form));this.send(form,data)}).catch(()=>{this.$message({type:'info',message:'取消输入'});});}},send(obj,data){obj.content=data;obj.createTime=newDate().getTime();this.websock.send(JSON.stringify(obj));this.message='';this.messages.push(obj);this.$nextTick(function(){document.getElementById("socket-content").scroll({top:document.getElementById("socket-content").scrollHeight,left:0,behavior:'smooth'})})},loadMore(){this.loading=true;constthat=this;if(this.hasMore){this.pager.pageNo+=1;GET({url:'/api/personal/web/message/socketData?pageNo='+this.pager.pageNo,callback:res=>{if(res.code===200){that.messages=[...res.data.messages,...that.messages];that.hasMore=res.data.messages.length>=that.pager.pageSize;}that.loading=false;}})}},websocketonopen:function(e){console.log("WebSocket连接成功",e);this.connect=true;},websocketonerror:function(e){console.log("WebSocket连接发生错误");this.connect=false;},websocketonmessage:function(e){constda=JSON.parse(e.data);this.messages.push(da);this.$nextTick(function(){document.getElementById("socket-content").scroll({top:document.getElementById("socket-content").scrollHeight,left:0,behavior:'smooth'})})},websocketclose:function(e){console.log("connectionclosed("+e.code+")");},randomVideoUuid(len,radix){letchars='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'.split('');letuuid=[];radix=radix||chars.length;if(len){for(leti=0;i<len;i++)uuid[i]=chars[0|Math.random()*radix];}else{letr;uuid[8]=uuid[13]=uuid[18]=uuid[23]='-';uuid[14]='4';for(leti=0;i<36;i++){if(!uuid[i]){r=0|Math.random()*16;uuid[i]=chars[(i===19)?(r&0x3)|0x8:r];}}}returnuuid.join('');},},mounted(){this.initWebSocket();}}</script>本段代码为简单的Vue实现的网页聊天室代码,其中@/api为自己简单封装的JS函数,用户初次进入页面时会生成一个随机UID保存到localStorage中,在mounted周期中初始化websocket连接。本聊天室最终效果地址:https://web.coralcloud.cn/blog/message
1.说明本文主要介绍基于SpringSecurity的用户权限控制的简单实现。1.1环境版本SpringBoot:2.0.7SpringSecurity:5.0.10JDK:1.82.项目配置2.1引入maven包<?xmlversion="1.0"encoding="UTF-8"?><projectxmlns="http://maven.apache.org/POM/4.0.0"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0https://maven.apache.org/xsd/maven-4.0.0.xsd"><modelVersion>4.0.0</modelVersion><parent><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-parent</artifactId><version>2.0.7.RELEASE</version><relativePath/><!--lookupparentfromrepository--></parent><groupId>cn.coralcloud</groupId><artifactId>security</artifactId><version>0.0.1-SNAPSHOT</version><name>security</name><description>DemoSecurityprojectforSpringBoot</description><properties><java.version>1.8</java.version></properties><dependencies><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-data-redis</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-jdbc</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId></dependency><dependency><groupId>org.mybatis.spring.boot</groupId><artifactId>mybatis-spring-boot-starter</artifactId><version>2.1.1</version></dependency><dependency><groupId>org.springframework.session</groupId><artifactId>spring-session-data-redis</artifactId></dependency><dependency><groupId>org.springframework.session</groupId><artifactId>spring-session-jdbc</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-devtools</artifactId><scope>runtime</scope><optional>true</optional></dependency><dependency><groupId>mysql</groupId><artifactId>mysql-connector-java</artifactId><scope>runtime</scope></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-configuration-processor</artifactId><optional>true</optional></dependency><dependency><groupId>org.projectlombok</groupId><artifactId>lombok</artifactId><optional>true</optional></dependency><dependency><groupId>com.fasterxml.jackson.core</groupId><artifactId>jackson-annotations</artifactId><version>2.9.9</version></dependency><dependency><groupId>com.google.code.gson</groupId><artifactId>gson</artifactId><version>2.8.5</version></dependency><dependency><groupId>com.alibaba</groupId><artifactId>fastjson</artifactId><version>1.2.60</version></dependency><dependency><groupId>com.google.guava</groupId><artifactId>guava</artifactId><version>22.0</version></dependency></dependencies><build><plugins><plugin><groupId>org.springframework.boot</groupId><artifactId>spring-boot-maven-plugin</artifactId></plugin></plugins></build></project>2.2application.ymlserver.port:9091spring.application.name:spring-webspring.http.encoding.charset:utf8spring:session:store-type:redisredis:host:localhostport:6379password:123456datasource:driver-class-name:com.mysql.jdbc.Driverurl:jdbc:mysql://127.0.0.1:3306/security?useUnicode=true&characterEncoding=utf-8&useSSL=false&serverTimezone=Asia/Shanghaiusername:rootpassword:123456servlet:multipart:max-file-size:1024MBmax-request-size:1024MBmybatis:mapper-locations:classpath*:mapper/*Mapper.xmltype-aliases-package:cn.coralcloud.security.model2.3数据库初始化脚本/*NavicatMySQLDataTransferSourceServer:localhostSourceServerVersion:50644SourceHost:localhost:3306SourceDatabase:securityTargetServerType:MYSQLTargetServerVersion:50644FileEncoding:65001Date:2019-12-0216:28:44*/SETFOREIGN_KEY_CHECKS=0;--------------------------------Tablestructureforrole------------------------------DROPTABLEIFEXISTS`role`;CREATETABLE`role`(`id`bigint(20)NOTNULLAUTO_INCREMENT,`name`varchar(50)NOTNULL,`nickname`varchar(50)NOTNULL,`system`bit(1)NOTNULLDEFAULTb'0',`description`varchar(500)DEFAULTNULL,`permission`mediumtext,PRIMARYKEY(`id`))ENGINE=InnoDBAUTO_INCREMENT=2DEFAULTCHARSET=utf8mb4;--------------------------------Tablestructureforuser------------------------------DROPTABLEIFEXISTS`user`;CREATETABLE`user`(`id`bigint(20)NOTNULLAUTO_INCREMENT,`username`varchar(50)NOTNULL,`password`varchar(300)NOTNULL,`role`varchar(500)DEFAULTNULL,PRIMARYKEY(`id`))ENGINE=InnoDBAUTO_INCREMENT=3DEFAULTCHARSET=utf8mb4;3.系统初始化文件3.1users.json[{"username":"admin","password":"ea48576f30be1669971699c09ad05c94","role":"ROLE_ADMINISTRATOR"}]3.2roles.json[{"name":"ROLE_ADMINISTRATOR","nickname":"管理员","description":"系统超级管理员,不允许用户更改","system":true,"permissions":[{"resourceId":"user","resourceName":"用户管理","privileges":{"list":"查看用户列表","add":"新增用户","update":"修改用户信息","delete":"删除用户"}},{"resourceId":"permission","resourceName":"权限","privileges":{"read":"查看权限","write":"新增权限","update":"更新权限","delete":"删除权限"}}]}]4.数据持久化DAO层4.1UserDao.javapackagecn.coralcloud.security.dao;importcn.coralcloud.security.model.User;importorg.apache.ibatis.annotations.Mapper;importorg.springframework.stereotype.Component;importjava.util.List;/***@authorgeff*@nameUserDao*@description*@date2019-11-2910:31*/@Component@MapperpublicinterfaceUserDao{/***根据用户名查找*@date2019/11/2915:24*@authorgeff*@paramusernameusername*@returncn.coralcloud.security.model.User*/UserfindByUsername(Stringusername);/***创建用户*@date2019/11/2915:24*@authorgeff*@paramuseruser*/voidsave(Useruser);/***获取用户列表*@date2019/11/2915:24*@authorgeff*@param*@returnjava.util.List<cn.coralcloud.security.model.User>*/List<User>list();}4.2RoleDao.javapackagecn.coralcloud.security.dao;importcn.coralcloud.security.model.Role;importorg.apache.ibatis.annotations.Mapper;importorg.springframework.stereotype.Component;/***@authorgeff*@nameRoleDao*@description*@date2019-11-2910:31*/@Component@MapperpublicinterfaceRoleDao{/***根据名称查找*@date2019/11/2915:23*@authorgeff*@paramnamename*@returncn.coralcloud.security.model.Role*/RolefindByName(Stringname);/***保存数据*@date2019/11/2915:23*@authorgeff*@paramrolerole*/voidsave(Rolerole);}4.3UserMapper.xml<?xmlversion="1.0"encoding="UTF-8"?><!DOCTYPEmapperPUBLIC"-//mybatis.org//DTDMapper3.0//EN""http://mybatis.org/dtd/mybatis-3-mapper.dtd"><mappernamespace="cn.coralcloud.security.dao.UserDao"><resultMapid="userMapper"type="cn.coralcloud.security.model.User"><idproperty="id"column="id"/></resultMap><selectid="findByUsername"parameterType="String"resultMap="userMapper">select*from`user`where`username`=#{username}</select><selectid="list"resultType="cn.coralcloud.security.model.User">select*from`user`</select><insertid="save"parameterType="cn.coralcloud.security.model.User"useGeneratedKeys="true"keyProperty="id">insertinto`user`(username,password,role)values(#{username},#{password},#{role})</insert></mapper>4.4RoleMapper.xml<?xmlversion="1.0"encoding="UTF-8"?><!DOCTYPEmapperPUBLIC"-//mybatis.org//DTDMapper3.0//EN""http://mybatis.org/dtd/mybatis-3-mapper.dtd"><mappernamespace="cn.coralcloud.security.dao.RoleDao"><resultMapid="roleMapper"type="cn.coralcloud.security.model.Role"><idproperty="id"column="id"/></resultMap><selectid="findByName"parameterType="String"resultMap="roleMapper">select*fromrolewhere`name`=#{name}</select><insertid="save"parameterType="cn.coralcloud.security.model.Role"useGeneratedKeys="true"keyProperty="id">insertintorole(name,nickname,description,system,permission)values(#{name},#{nickname},#{description},#{system},#{permission})</insert></mapper>5.处理用户权限认证逻辑5.1SpringSecurity配置要在项目中使用@PreAuthorize等注解实现方法级别权限控制,则需要在项目启动类上添加注解@EnableGlobalMethodSecurity(prePostEnabled=true),本文项目启动类:packagecn.coralcloud.security;importorg.springframework.boot.SpringApplication;importorg.springframework.boot.autoconfigure.SpringBootApplication;importorg.springframework.boot.builder.SpringApplicationBuilder;importorg.springframework.boot.web.servlet.support.SpringBootServletInitializer;importorg.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;/***@authorgeff*/@SpringBootApplication@EnableGlobalMethodSecurity(prePostEnabled=true)publicclassSecurityApplicationextendsSpringBootServletInitializer{@OverrideprotectedSpringApplicationBuilderconfigure(SpringApplicationBuilderapplicationBuilder){returnapplicationBuilder.sources(SecurityApplication.class);}publicstaticvoidmain(String[]args){SpringApplication.run(SecurityApplication.class,args);}}5.2用户对象SpringSecurity自带的有UserDetails接口主要保存用户对象数据,所以我们的用户对象需要实现UserDetails接口packagecn.coralcloud.security.model;importcom.fasterxml.jackson.annotation.JsonIgnore;importlombok.Data;importlombok.NoArgsConstructor;importorg.springframework.security.core.GrantedAuthority;importorg.springframework.security.core.authority.SimpleGrantedAuthority;importorg.springframework.security.core.userdetails.UserDetails;importjava.io.Serializable;importjava.util.*;/***@authorgeff*/@Data@NoArgsConstructorpublicclassUserimplementsUserDetails,Serializable{privateLongid;/***用户登录名*/privateStringusername;/***用户登录密码,用户的密码不应该暴露给客户端*/@JsonIgnoreprivateStringpassword;/***用户在系统中的角色列表,将根据角色对用户操作权限进行限制*/privateStringrole;privateList<Role>roles;@OverridepublicCollection<?extendsGrantedAuthority>getAuthorities(){Collection<GrantedAuthority>authorities=newArrayList<>();if(roles!=null){for(Rolerole:roles){if(role==null){continue;}for(Permissionpermission:role.getPermissions()){for(Stringprivilege:permission.getPrivileges().keySet()){authorities.add(newSimpleGrantedAuthority(String.format("%s-%s",permission.getResourceId(),privilege)));}}}}returnauthorities;}@OverridepublicbooleanisAccountNonExpired(){returntrue;}@OverridepublicbooleanisAccountNonLocked(){returntrue;}@OverridepublicbooleanisCredentialsNonExpired(){returntrue;}@OverridepublicbooleanisEnabled(){returntrue;}}在用户对象的publicCollection<?extendsGrantedAuthority>getAuthorities()方法中,需要根据用户当前角色生成当前用户权限列表,本文权限机制使用resourceId-privilege方式5.3角色对象Role.javapackagecn.coralcloud.security.model;importcom.alibaba.fastjson.JSON;importlombok.Data;importorg.springframework.util.StringUtils;importjava.io.Serializable;importjava.util.List;/***@authorgeff*@nameRole*@description*@date2019-11-2910:08*/@DatapublicclassRoleimplementsSerializable{privateLongid;/***角色名,用于权限校验*/privateStringname;/***角色中文名,用于显示*/privateStringnickname;/***角色描述信息*/privateStringdescription;/***是否为内置*/privateBooleansystem;/***角色可进行的操作列表*/privateList<Permission>permissions;privateStringpermission;/***SpringSecurity4.0以上版本角色都默认以'ROLE_'开头*@paramnamename*/publicvoidsetName(Stringname){if(!name.contains("ROLE_")){this.name="ROLE_"+name;}else{this.name=name;}}publicList<Permission>getPermissions(){if(permissions==null){if(!StringUtils.isEmpty(permission)){this.permissions=JSON.parseArray(permission,Permission.class);}}returnpermissions;}publicStringgetPermission(){if(StringUtils.isEmpty(permission)){this.permission=JSON.toJSONString(permissions);}returnpermission;}}SpringSecurity4.0以上所有的角色名称默认都要以ROLE_开头,所有本文在获取角色名称是会自动添加前缀。为了简单方便,本文角色对象的permission字段保存着该角色的所有权限列表的JSON字符串5.4权限对象Permission.javapackagecn.coralcloud.security.model;importlombok.Data;importjava.io.Serializable;importjava.util.Map;/***@authorgeff*@namePermission*@description*@date2019-11-2910:07*/@DatapublicclassPermissionimplementsSerializable{privateStringresourceId;privateStringresourceName;privateMap<String,String>privileges;privatebooleanabandon=false;}5.5统一数据返回对象因为是前后端分离项目,所以本文封装了统一数据返回对象Response类packagecn.coralcloud.security.model;importjava.io.Serializable;/***响应*@authorgeff*/publicclassResponse<T>implementsSerializable{privatefinalstaticintSUCCESS=0;privatefinalstaticintERROR=-1;privateintcode;privateTdata;privateStringmessage;publicintgetCode(){returncode;}publicvoidsetCode(intcode){this.code=code;}publicStringgetMessage(){returnmessage;}publicvoidsetMessage(Stringmessage){this.message=message;}publicTgetData(){returndata;}publicvoidsetData(Tdata){this.data=data;}publicstatic<T>Response<T>ok(){Response<T>response=newResponse<>();response.setCode(SUCCESS);returnresponse;}publicstatic<T>Response<T>ok(Tdata){Response<T>response=newResponse<>();response.setCode(SUCCESS);response.setData(data);returnresponse;}publicstatic<T>Response<T>fail(Stringmessage){Response<T>response=newResponse<>();response.setCode(ERROR);response.setMessage(message);returnresponse;}publicstatic<T>Response<T>fail(intcode,Stringmessage){Response<T>response=newResponse<>();response.setCode(code);response.setMessage(message);returnresponse;}}5.6UserDetailsService接口获取用户信息SpringSecurity同时在用户登录认证时会通过调用UserDetailsService的loadUserByUsername来获取当前登录的用户信息,当用户认证通过后会将用户对象保存到自定义的Token对象中。所以本文需要实现UserDetailsService接口,完成loadUserByUsername方法:packagecn.coralcloud.security.service;importcn.coralcloud.security.dao.RoleDao;importcn.coralcloud.security.model.Role;importcn.coralcloud.security.model.User;importorg.springframework.beans.factory.annotation.Autowired;importorg.springframework.security.core.userdetails.UserDetails;importorg.springframework.security.core.userdetails.UserDetailsService;importorg.springframework.security.core.userdetails.UsernameNotFoundException;importorg.springframework.stereotype.Service;importorg.springframework.util.StringUtils;importjava.util.ArrayList;importjava.util.List;/***@authorgeff*/@Service("myUserDetailsService")publicclassUserDetailsServiceImplimplementsUserDetailsService{@AutowiredprivateUserServiceuserService;@AutowiredprivateRoleDaoroleDao;@OverridepublicUserDetailsloadUserByUsername(Stringusername)throwsUsernameNotFoundException{Useruser=userService.findByUsername(username);if(user==null){thrownewUsernameNotFoundException(String.format("Nouserfoundwithusername:%s",username));}if(!StringUtils.isEmpty(user.getRole())){String[]roles=user.getRole().split(",");List<Role>roleList=newArrayList<>();for(StringroleName:roles){Rolerole=roleDao.findByName(roleName);roleList.add(role);}user.setRoles(roleList);}returnuser;}}5.7自定义方法权限处理器自定义方法权限处理器需要实现PermissionEvaluator接口,完成publicbooleanhasPermission(Authenticationauthentication,ObjecttargetDomainObject,Objectpermission)方法。packagecn.coralcloud.security.config;importcn.coralcloud.security.model.User;importorg.springframework.context.annotation.Configuration;importorg.springframework.security.access.PermissionEvaluator;importorg.springframework.security.core.Authentication;importorg.springframework.security.core.GrantedAuthority;importjava.io.Serializable;/***@authorgeff*/@ConfigurationpublicclassMyPermissionEvaluatorimplementsPermissionEvaluator{@OverridepublicbooleanhasPermission(Authenticationauthentication,ObjecttargetDomainObject,Objectpermission){booleanaccessable=false;if(authentication.getPrincipal()instanceofUser){Stringprivilege=targetDomainObject+"-"+permission;for(GrantedAuthorityauthority:authentication.getAuthorities()){if(privilege.equalsIgnoreCase(authority.getAuthority())){accessable=true;break;}}returnaccessable;}returnfalse;}@OverridepublicbooleanhasPermission(Authenticationauthentication,SerializabletargetId,StringtargetType,Objectpermission){//TODOAuto-generatedmethodstubreturnfalse;}}本文通过根据resourceId-privilege方式验证权限5.8系统初始化配置类本文系统初始化配置类主要实现在系统启动时根据配置的users.json和roles.json自动生成初始化用户和角色信息。packagecn.coralcloud.security.component;importcn.coralcloud.security.dao.RoleDao;importcn.coralcloud.security.dao.UserDao;importcn.coralcloud.security.model.Role;importcn.coralcloud.security.model.User;importcom.google.gson.GsonBuilder;importcom.google.gson.reflect.TypeToken;importorg.springframework.beans.factory.annotation.Autowired;importorg.springframework.stereotype.Component;importorg.springframework.beans.factory.annotation.Value;importjavax.annotation.PostConstruct;importjava.io.InputStream;importjava.io.InputStreamReader;importjava.lang.reflect.Type;importjava.nio.charset.StandardCharsets;importjava.util.ArrayList;/***系统初始化配置类,主要用于加载内置数据到目标数据库上*@authorgeff*/@ComponentpublicclassSystemInitializer{@Value("${initialzation.file.users:users.json}")privateStringuserFileName;@Value("${initialzation.file.roles:roles.json}")privateStringroleFileName;@AutowiredprivateUserDaouserDao;@AutowiredprivateRoleDaoroleDao;@AutowiredprivateGsonBuildergsonBuilder;@PostConstructpublicbooleaninitialize(){try{InputStreamuserInputStream=getClass().getClassLoader().getResourceAsStream(userFileName);if(userInputStream==null){thrownewException("initialzationuserfilenotfound:"+userFileName);}InputStreamroleInputStream=getClass().getClassLoader().getResourceAsStream(roleFileName);if(roleInputStream==null){thrownewException("initialzationrolefilenotfound:"+roleFileName);}//导入初始的系统超级管理员角色TyperoleTokenType=newTypeToken<ArrayList<Role>>(){}.getType();ArrayList<Role>roles=gsonBuilder.create().fromJson(newInputStreamReader(roleInputStream,StandardCharsets.UTF_8),roleTokenType);for(Rolerole:roles){if(roleDao.findByName(role.getName())==null){roleDao.save(role);}}//导入初始的系统管理员用户TypeteacherTokenType=newTypeToken<ArrayList<User>>(){}.getType();ArrayList<User>users=gsonBuilder.create().fromJson(newInputStreamReader(userInputStream,StandardCharsets.UTF_8),teacherTokenType);for(Useruser:users){if(userDao.findByUsername(user.getUsername())==null){userDao.save(user);}}}catch(Exceptione){e.printStackTrace();}returntrue;}}6.用户认证相关自定义实现6.1.自定义用户认证过滤器用户认证过滤器拦截用户发送的认证请求,然后从请求中获取用户账号和密码等认证信息并封装成一个未认证的AthenticationToken对象,然后调用AuthenticationManager对AthenticationToken进行认证。自定义用户认证过滤器需要继承AbstractAuthenticationProcessingFilter,然后重写attemptAuthentication方法,在方法内部根据请求参数封装成未认证的AthenticationToken对象packagecn.coralcloud.security.component;importorg.springframework.security.authentication.AuthenticationServiceException;importorg.springframework.security.core.Authentication;importorg.springframework.security.core.AuthenticationException;importorg.springframework.security.core.userdetails.UsernameNotFoundException;importorg.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;importorg.springframework.security.web.util.matcher.AntPathRequestMatcher;importorg.springframework.util.StringUtils;importjavax.servlet.http.HttpServletRequest;importjavax.servlet.http.HttpServletResponse;/***自定义的用户名密码认证过滤器*@authorgeff*/publicclassAuthFilterextendsAbstractAuthenticationProcessingFilter{privatestaticStringhttpMethod="POST";publicAuthFilter(){/**设置该过滤器对POST请求/api/user/login进行拦截*/super(newAntPathRequestMatcher("/api/user/login",httpMethod));}@OverridepublicAuthenticationattemptAuthentication(HttpServletRequestrequest,HttpServletResponseresponse)throwsAuthenticationException{if(!request.getMethod().equals(httpMethod)){thrownewAuthenticationServiceException("Authenticationmethodnotsupported:"+request.getMethod());}else{/**从http请求中获取用户输入的用户名和密码信息*这里接收的是form形式的参数,如果要接收json形式的参数,修改这里即可*/Stringusername=this.obtainUsername(request);Stringpassword=this.obtainPassword(request);if(StringUtils.isEmpty(username)&&StringUtils.isEmpty(password)){thrownewUsernameNotFoundException("用户名或密码错误");}/**使用用户输入的用户名和密码信息创建一个未认证的用户认证Token*/AuthTokenauthRequest=newAuthToken(username,password);/**设置一些详情信息*/this.setDetails(request,authRequest);/**通过AuthenticationManager调用相应的AuthenticationProvider进行用户认证*/returnthis.getAuthenticationManager().authenticate(authRequest);}}privateStringobtainUsername(HttpServletRequestrequest){StringusernameParameter="username";returnrequest.getParameter(usernameParameter);}privateStringobtainPassword(HttpServletRequestrequest){StringpasswordParameter="password";returnrequest.getParameter(passwordParameter);}privatevoidsetDetails(HttpServletRequestrequest,AuthTokenauthRequest){authRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));}}自定义用户认证拦截器要在构造方法中指定拦截的认证请求(本文中是POST类型的/api/user/login请求,可根据需求设置),并在attemptAuthentication()方法中实现获取用户认证信息、封装AuthenticationToken对象、调用AuthenticationManager对AuthenticationToken进行认证等逻辑。6.2自定义用户认证处理器用户认证处理器主要是对用户提交的认证信息进行认证,SpringSecurity默认实现的认证处理器的认证处理逻辑并不一定符合所有的业务需求(例如,默认的认证处理无法处理验证码),因此,可以自定义用户认证处理器。自定义的用户认证处理器,需要实现AuthenticationProvider接口,主要是实现publicAuthenticationauthenticate(Authenticationauthentication)方法和publicbooleansupports(Class<?>authentication)方法,前者主要是实现具体的认证逻辑,后者主要是指定认证处理器能对哪种AuthenticationToken对象进行认证。packagecn.coralcloud.security.component;importlombok.extern.slf4j.Slf4j;importorg.springframework.beans.factory.annotation.Autowired;importorg.springframework.beans.factory.annotation.Qualifier;importorg.springframework.security.authentication.AuthenticationManager;importorg.springframework.security.authentication.AuthenticationProvider;importorg.springframework.security.authentication.BadCredentialsException;importorg.springframework.security.authentication.dao.DaoAuthenticationProvider;importorg.springframework.security.core.Authentication;importorg.springframework.security.core.AuthenticationException;importorg.springframework.security.core.userdetails.UserDetails;importorg.springframework.security.core.userdetails.UserDetailsService;importorg.springframework.security.crypto.password.PasswordEncoder;importorg.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;importorg.springframework.stereotype.Component;/***@authorgeff*@nameAuthProvider*@description*登录认证的Provider,自定义实现了{@linkAuthenticationProvider}<br>*Provider默认实现是{@linkDaoAuthenticationProvider}<br>*{@linkUsernamePasswordAuthenticationFilter}调用=>{@linkAuthenticationManager}=>{@linkAuthenticationProvider}验证<br>**@date2019-11-2915:52*/@Slf4j@ComponentpublicclassAuthProviderimplementsAuthenticationProvider{privatefinalUserDetailsServiceuserDetailService;privatefinalPasswordEncoderpasswordEncoder;@AutowiredpublicAuthProvider(@Qualifier("myUserDetailsService")UserDetailsServiceuserDetailService,PasswordEncoderpasswordEncoder){this.userDetailService=userDetailService;this.passwordEncoder=passwordEncoder;}@OverridepublicAuthenticationauthenticate(Authenticationauthentication)throwsAuthenticationException{/**将未认证的Authentication转换成自定义的用户认证Token*/AuthTokenauthenticationToken=(AuthToken)authentication;/**根据用户Token中的用户名查找用户信息,如果有该用户信息,则验证用户密码是否正确*/UserDetailsuser=userDetailService.loadUserByUsername((String)(authenticationToken.getPrincipal()));if(user==null){thrownewBadCredentialsException("用户名或密码不正确");}elseif(!this.passwordEncoder.matches((CharSequence)authenticationToken.getCredentials(),user.getPassword())){thrownewBadCredentialsException("用户名或密码不正确");}/**认证成功则创建一个已认证的用户认证Token*/AuthTokenauthenticationResult=newAuthToken(user,user.getPassword(),user.getAuthorities());/**设置一些详情信息*/authenticationResult.setDetails(authenticationToken.getDetails());returnauthenticationResult;}/***是否支持处理当前Authentication对象类似*/@Overridepublicbooleansupports(Class<?>authentication){returntrue;}}6.3自定义用户认证对象用户认证对象是在用户认证拦截器中创建的,在用户认证处理器中使用的。用户认证对象(AuthenticationToken)中封装的是用户认证信息,例如UsernamePasswordAuthenticationToken中封装的是用户名和密码。实际业务中,可能需要根据不同的用户信息进行认证(例如,手机号和验证码),此时就需要自定义用户认证对象。自定义的用户认证对象,需要继承AbstractAuthenticationToken类,并设定根据认证时使用的是哪些信息。packagecn.coralcloud.security.component;importorg.springframework.security.authentication.AbstractAuthenticationToken;importorg.springframework.security.core.GrantedAuthority;importjava.util.Collection;/***自定义的用户名密码认证对象*@authorgeff*/publicclassAuthTokenextendsAbstractAuthenticationToken{/***用户名*/privatefinalObjectprincipal;/***密码*/privateObjectcredentials;/***创建未认证的用户名密码认证对象*/publicAuthToken(Objectprincipal,Objectcredentials){super(null);this.principal=principal;this.credentials=credentials;this.setAuthenticated(false);}/***创建已认证的用户密码认证对象*/publicAuthToken(Objectprincipal,Objectcredentials,Collection<?extendsGrantedAuthority>authorities){super(authorities);this.principal=principal;this.credentials=credentials;super.setAuthenticated(true);}@OverridepublicObjectgetCredentials(){returnthis.credentials;}@OverridepublicObjectgetPrincipal(){returnthis.principal;}@OverridepublicvoidsetAuthenticated(booleanisAuthenticated)throwsIllegalArgumentException{if(isAuthenticated){thrownewIllegalArgumentException("Cannotsetthistokentotrusted-useconstructorwhichtakesaGrantedAuthoritylistinstead");}else{super.setAuthenticated(false);}}@OverridepublicvoideraseCredentials(){super.eraseCredentials();this.credentials=null;}}6.4自定义用户认证成功处理器用户认证成功处理器在用户认证成功之后调用,主要是执行一些额外的操作(例如,操作Cookie、页面跳转等)。自定义的用户认证成功处理器可以通过实现AuthenticationSuccessHandler接口,或者通过继承AbstractAuthenticationTargetUrlRequestHandler类及其子类来实现。本文自定义的用户认证成功处理器是通过继承AbstractAuthenticationTargetUrlRequestHandler的子类SavedRequestAwareAuthenticationSuccessHandler来实现的。packagecn.coralcloud.security.component;importcn.coralcloud.security.model.User;importcom.fasterxml.jackson.databind.ObjectMapper;importlombok.extern.slf4j.Slf4j;importorg.springframework.beans.factory.annotation.Autowired;importorg.springframework.security.core.Authentication;importorg.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;importorg.springframework.stereotype.Component;importjavax.servlet.http.HttpServletRequest;importjavax.servlet.http.HttpServletResponse;importjavax.servlet.http.HttpSession;importjava.io.IOException;/***自定义的用户认证成功处理器*@authorgeff*/@Component@Slf4jpublicclassAuthSuccessHandlerextendsSavedRequestAwareAuthenticationSuccessHandler{@AutowiredprivateObjectMapperobjectMapper;publicAuthSuccessHandler(){}@OverridepublicvoidonAuthenticationSuccess(HttpServletRequestrequest,HttpServletResponseresponse,Authenticationauthentication)throwsIOException{//认证成功返回jsonUseruser=(User)authentication.getPrincipal();//写入session?HttpSessionsession=request.getSession();session.setAttribute("User",user);StringjsonStr=objectMapper.writeValueAsString(user);log.info("认证成功:{}",jsonStr);response.setContentType("application/json;charset=UTF-8");response.getWriter().write(jsonStr);}}6.5自定义用户认证失败处理器用户认证失败处理器是在用户认证失败之后调用,主要是执行一些额外的操作(例如操作Cookie、页面跳转、返回错误信息等)。自定义的用户认证失败处理器可以通过实现AuthenticationFailureHandler接口,或者通过继承AuthenticationFailureHandler接口的其它实现类来实现。本文自定义的用户认证失败处理器是通过继承AuthenticationFailureHandler接口的实现类SimpleUrlAuthenticationFailureHandler来实现的。packagecn.coralcloud.security.component;importcn.coralcloud.security.model.Response;importcom.fasterxml.jackson.databind.ObjectMapper;importlombok.extern.slf4j.Slf4j;importorg.springframework.beans.factory.annotation.Autowired;importorg.springframework.http.HttpStatus;importorg.springframework.security.core.AuthenticationException;importorg.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;importorg.springframework.stereotype.Component;importjavax.servlet.http.HttpServletRequest;importjavax.servlet.http.HttpServletResponse;importjava.io.IOException;/***自定义的用户认证失败处理器*@authorgeff*/@Component@Slf4jpublicclassAuthFailureHandlerextendsSimpleUrlAuthenticationFailureHandler{@AutowiredprivateObjectMapperobjectMapper;@OverridepublicvoidonAuthenticationFailure(HttpServletRequestrequest,HttpServletResponseresponse,AuthenticationExceptionexception)throwsIOException{/**返回JSON*/log.error("认证失败:{}",exception.getMessage());Responseres=Response.fail(-1,exception.getMessage());response.setStatus(HttpStatus.OK.value());response.setContentType("application/json;charset=UTF-8");response.getWriter().write(objectMapper.writeValueAsString(res));response.getWriter().flush();}}6.6自定义访问拒绝处理器自定义访问拒绝处理器用来解决认证过的用户访问无权限资源时的异常。前后端分离的情况下可以通过自定义访问拒绝处理器实现JSON格式的数据返回,自定义访问拒绝处理器通过实现AccessDeniedHandler接口,然后实现publicvoidhandle(HttpServletRequestrequest,HttpServletResponseresponse,AccessDeniedExceptione)方法,在方法内部处理返回数据。packagecn.coralcloud.security.component;importcn.coralcloud.security.model.Response;importcom.fasterxml.jackson.databind.ObjectMapper;importlombok.extern.slf4j.Slf4j;importorg.springframework.beans.factory.annotation.Autowired;importorg.springframework.http.HttpStatus;importorg.springframework.security.access.AccessDeniedException;importorg.springframework.security.web.access.AccessDeniedHandler;importorg.springframework.stereotype.Component;importjavax.servlet.http.HttpServletRequest;importjavax.servlet.http.HttpServletResponse;importjava.io.IOException;/***@authorgeff*@nameAuthAccessDeniedHandler*@description*@date2019-11-2916:57*/@Slf4j@ComponentpublicclassAuthAccessDeniedHandlerimplementsAccessDeniedHandler{@AutowiredprivateObjectMapperobjectMapper;@Overridepublicvoidhandle(HttpServletRequestrequest,HttpServletResponseresponse,AccessDeniedExceptione)throwsIOException{log.error("无权访问:{}",e.getMessage());Responseres=Response.fail(401,"无权访问");response.setStatus(HttpStatus.UNAUTHORIZED.value());response.setContentType("application/json;charset=UTF-8");response.getWriter().write(objectMapper.writeValueAsString(res));response.getWriter().flush();}}6.7自定义加密类本文密码使用Md5(password,salt)的形式,所以需要自定义SpringSecurity加密类,然后再Config配置类注入自定义加密类需要实现PasswordEncoder,完成encode和matches方法packagecn.coralcloud.security.component;importcn.coralcloud.security.utils.SecretUtils;importorg.springframework.security.crypto.password.PasswordEncoder;importorg.springframework.util.StringUtils;importjava.util.Objects;/***@authorgeff*@nameMd5SaltPasswordEncoder*@description*@date2019-12-0209:27*/publicclassMd5SaltPasswordEncoderimplementsPasswordEncoder{@OverridepublicStringencode(CharSequencecharSequence){Stringstring=charSequence.toString();String[]array=string.split(",");Stringsalt="";if(array.length>1){salt=array[1];}returnSecretUtils.md5(array[0],salt);}@Overridepublicbooleanmatches(CharSequencecharSequence,Strings){if(!StringUtils.isEmpty(s)){StringencodePassword=encode(charSequence);returnObjects.equals(encodePassword,s);}returnfalse;}}7.SpringSecurity相关配置类7.1自定义的用户名密码认证配置类packagecn.coralcloud.security.component;importorg.springframework.beans.factory.annotation.Autowired;importorg.springframework.security.authentication.AuthenticationManager;importorg.springframework.security.config.annotation.SecurityConfigurerAdapter;importorg.springframework.security.config.annotation.web.builders.HttpSecurity;importorg.springframework.security.web.DefaultSecurityFilterChain;importorg.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;importorg.springframework.stereotype.Component;/***自定义的用户名密码认证配置类*@authorgeff*/@ComponentpublicclassAuthConfigextendsSecurityConfigurerAdapter<DefaultSecurityFilterChain,HttpSecurity>{@AutowiredAuthProviderprovider;@AutowiredAuthSuccessHandlerauthSuccessHandler;@AutowiredAuthFailureHandlerauthFailureHandler;@Overridepublicvoidconfigure(HttpSecurityhttp){AuthFilterauthFilter=newAuthFilter();/**自定义用户认证处理逻辑时,需要指定AuthenticationManager,否则无法认证*/authFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));/**指定自定义的认证成功和失败的处理器*/authFilter.setAuthenticationSuccessHandler(authSuccessHandler);authFilter.setAuthenticationFailureHandler(authFailureHandler);/**把自定义的用户名密码认证过滤器和处理器添加到UsernamePasswordAuthenticationFilter过滤器之前*/http.authenticationProvider(provider).addFilterBefore(authFilter,UsernamePasswordAuthenticationFilter.class);}}7.2SpringSecurity核心配置类packagecn.coralcloud.security.config;importcn.coralcloud.security.component.AuthAccessDeniedHandler;importcn.coralcloud.security.component.AuthConfig;importcn.coralcloud.security.component.Md5SaltPasswordEncoder;importcn.coralcloud.security.model.Response;importcn.coralcloud.security.service.UserDetailsServiceImpl;importcom.fasterxml.jackson.databind.ObjectMapper;importlombok.extern.slf4j.Slf4j;importorg.springframework.beans.factory.annotation.Autowired;importorg.springframework.context.annotation.Bean;importorg.springframework.context.annotation.Configuration;importorg.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;importorg.springframework.security.config.annotation.web.builders.HttpSecurity;importorg.springframework.security.config.annotation.web.configuration.EnableWebSecurity;importorg.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;importorg.springframework.security.core.userdetails.UserDetailsService;importorg.springframework.security.crypto.password.PasswordEncoder;importjava.io.PrintWriter;/***@authorgeff*/@Configuration@EnableWebSecurity@Slf4jpublicclassWebSecurityConfigextendsWebSecurityConfigurerAdapter{@AutowiredprivateAuthConfigauthConfig;@AutowiredprivateAuthAccessDeniedHandleraccessDeniedHandler;@Overrideprotectedvoidconfigure(HttpSecurityhttpSecurity)throwsException{httpSecurity.apply(authConfig).and().authorizeRequests().antMatchers("/static/**","/api/user/login").permitAll().anyRequest().authenticated().and().csrf().disable();httpSecurity.exceptionHandling().accessDeniedHandler(accessDeniedHandler).authenticationEntryPoint((request,response,e)->{response.setContentType("application/json;charset=utf-8");PrintWriterout=response.getWriter();Responseres=Response.fail(-14,"会话超时,请重新登录!");out.write(newObjectMapper().writeValueAsString(res));out.flush();out.close();});}@AutowiredpublicvoidconfigureGlobal(AuthenticationManagerBuilderauth)throwsException{auth.userDetailsService(userDetailsService()).passwordEncoder(passwordEncoder());}@BeanpublicPasswordEncoderpasswordEncoder(){returnnewMd5SaltPasswordEncoder();}@Bean@OverridepublicUserDetailsServiceuserDetailsService(){returnnewUserDetailsServiceImpl();}}本文通过自定义AuthenticationEntryPoint来解决匿名用户访问无权限资源时的异常
1.验证码工具类1.新建包utils2.新建VerifyCodeUtil类packagecn.coralcloud.ims.utils;importjavax.imageio.ImageIO;importjava.awt.*;importjava.awt.geom.AffineTransform;importjava.awt.image.BufferedImage;importjava.io.File;importjava.io.FileOutputStream;importjava.io.IOException;importjava.io.OutputStream;importjava.util.Arrays;importjava.util.Random;/***@authorc-geff*/publicclassVerifyCodeUtil{/***使用到Algerian字体,系统里没有的话需要安装字体,字体只显示大写,去掉了1,0,i,o几个容易混淆的字符*/privatestaticfinalStringVERIFY_CODES="23456789ABCDEFGHJKLMNPQRSTUVWXYZ";privatestaticRandomrandom=newRandom();/***使用系统默认字符源生成验证码*@paramverifySize验证码长度*@return*/publicstaticStringgenerateVerifyCode(intverifySize){returngenerateVerifyCode(verifySize,VERIFY_CODES);}/***使用指定源生成验证码*@paramverifySize验证码长度*@paramsources验证码字符源*@return*/publicstaticStringgenerateVerifyCode(intverifySize,Stringsources){if(sources==null||sources.length()==0){sources=VERIFY_CODES;}intcodesLen=sources.length();Randomrand=newRandom(System.currentTimeMillis());StringBuilderverifyCode=newStringBuilder(verifySize);for(inti=0;i<verifySize;i++){verifyCode.append(sources.charAt(rand.nextInt(codesLen-1)));}returnverifyCode.toString();}/***生成随机验证码文件,并返回验证码值*@paramw*@paramh*@paramoutputFile*@paramverifySize*@return*@throwsIOException*/publicstaticStringoutputVerifyImage(intw,inth,FileoutputFile,intverifySize)throwsIOException{StringverifyCode=generateVerifyCode(verifySize);outputImage(w,h,outputFile,verifyCode);returnverifyCode;}/***输出随机验证码图片流,并返回验证码值*@paramw*@paramh*@paramos*@paramverifySize*@return*@throwsIOException*/publicstaticStringoutputVerifyImage(intw,inth,OutputStreamos,intverifySize)throwsIOException{StringverifyCode=generateVerifyCode(verifySize);outputImage(w,h,os,verifyCode);returnverifyCode;}/***生成指定验证码图像文件*@paramw*@paramh*@paramoutputFile*@paramcode*@throwsIOException*/publicstaticvoidoutputImage(intw,inth,FileoutputFile,Stringcode)throwsIOException{if(outputFile==null){return;}Filedir=outputFile.getParentFile();if(!dir.exists()){dir.mkdirs();}try{outputFile.createNewFile();FileOutputStreamfos=newFileOutputStream(outputFile);outputImage(w,h,fos,code);fos.close();}catch(IOExceptione){throwe;}}/***输出指定验证码图片流*@paramw*@paramh*@paramos*@paramcode*@throwsIOException*/publicstaticvoidoutputImage(intw,inth,OutputStreamos,Stringcode)throwsIOException{intverifySize=code.length();BufferedImageimage=newBufferedImage(w,h,BufferedImage.TYPE_INT_RGB);Randomrand=newRandom();Graphics2Dg2=image.createGraphics();g2.setRenderingHint(RenderingHints.KEY_ANTIALIASING,RenderingHints.VALUE_ANTIALIAS_ON);Color[]colors=newColor[5];Color[]colorSpaces=newColor[]{Color.WHITE,Color.CYAN,Color.GRAY,Color.LIGHT_GRAY,Color.MAGENTA,Color.ORANGE,Color.PINK,Color.YELLOW};float[]fractions=newfloat[colors.length];for(inti=0;i<colors.length;i++){colors[i]=colorSpaces[rand.nextInt(colorSpaces.length)];fractions[i]=rand.nextFloat();}Arrays.sort(fractions);//设置边框色g2.setColor(Color.GRAY);g2.fillRect(0,0,w,h);Colorc=getRandColor(200,250);//设置背景色g2.setColor(c);g2.fillRect(0,2,w,h-4);//绘制干扰线Randomrandom=newRandom();//设置线条的颜色g2.setColor(getRandColor(160,200));intloop=20;for(inti=0;i<loop;i++){intx=random.nextInt(w-1);inty=random.nextInt(h-1);intxl=random.nextInt(6)+1;intyl=random.nextInt(12)+1;g2.drawLine(x,y,x+xl+40,y+yl+20);}//添加噪点//噪声率floatyawpRate=0.05f;intarea=(int)(yawpRate*w*h);for(inti=0;i<area;i++){intx=random.nextInt(w);inty=random.nextInt(h);intrgb=getRandomIntColor();image.setRGB(x,y,rgb);}//使图片扭曲shear(g2,w,h,c);g2.setColor(getRandColor(100,160));intfontSize=h-4;Fontfont=newFont("Algerian",Font.ITALIC,fontSize);g2.setFont(font);char[]chars=code.toCharArray();for(inti=0;i<verifySize;i++){AffineTransformaffine=newAffineTransform();affine.setToRotation(Math.PI/4*rand.nextDouble()*(rand.nextBoolean()?1:-1),(w/verifySize)*i+fontSize/2,h/2);g2.setTransform(affine);g2.drawChars(chars,i,1,((w-10)/verifySize)*i+5,h/2+fontSize/2-10);}g2.dispose();ImageIO.write(image,"jpg",os);}privatestaticfinalIntegerCOLOR_MAX_INT=255;privatestaticColorgetRandColor(intfc,intbc){if(fc>COLOR_MAX_INT){fc=COLOR_MAX_INT;}if(bc>COLOR_MAX_INT){bc=COLOR_MAX_INT;}intr=fc+random.nextInt(bc-fc);intg=fc+random.nextInt(bc-fc);intb=fc+random.nextInt(bc-fc);returnnewColor(r,g,b);}privatestaticintgetRandomIntColor(){int[]rgb=getRandomRgb();intcolor=0;for(intc:rgb){color=color<<8;color=color|c;}returncolor;}privatestaticint[]getRandomRgb(){int[]rgb=newint[3];intloop=3;for(inti=0;i<loop;i++){rgb[i]=random.nextInt(255);}returnrgb;}privatestaticvoidshear(Graphicsg,intw1,inth1,Colorcolor){shearx(g,w1,h1,color);sheary(g,w1,h1,color);}privatestaticvoidshearx(Graphicsg,intw1,inth1,Colorcolor){intperiod=random.nextInt(2);booleanborderGap=true;intframes=1;intphase=random.nextInt(2);for(inti=0;i<h1;i++){doubled=(double)(period>>1)*Math.sin((double)i/(double)period+(6.2831853071795862D*(double)phase)/(double)frames);g.copyArea(0,i,w1,1,(int)d,0);if(borderGap){g.setColor(color);g.drawLine((int)d,i,0,i);g.drawLine((int)d+w1,i,w1,i);}}}privatestaticvoidsheary(Graphicsg,intw1,inth1,Colorcolor){intperiod=random.nextInt(40)+10;booleanborderGap=true;intframes=20;intphase=7;for(inti=0;i<w1;i++){doubled=(double)(period>>1)*Math.sin((double)i/(double)period+(6.2831853071795862D*(double)phase)/(double)frames);g.copyArea(i,0,1,h1,0,(int)d);if(borderGap){g.setColor(color);g.drawLine(i,(int)d,i,0);g.drawLine(i,(int)d+h1,i,h1);}}}}2.UserController新增验证码接口2.1新增captcha方法@GetMapping("/captcha")publicvoidcaptcha(HttpServletResponseresponse,HttpSessionsession){Stringcode=VerifyCodeUtil.generateVerifyCode(4);session.setAttribute(SessionKey.ADMIN_CAPTCHA_KEY,code);try{VerifyCodeUtil.outputImage(150,50,response.getOutputStream(),code);}catch(IOExceptione){e.printStackTrace();}}2.2修改login方法,增加验证下方为最终的登录验证方法:@PostMapping("/login")publicModelAndViewlogin(Stringemail,Stringpassword,Stringcaptcha,HttpSessionsession){StringsessionCaptcha=(String)session.getAttribute(SessionKey.ADMIN_CAPTCHA_KEY);ModelAndViewview=newModelAndView();view.setViewName("user/login");//将email和password写回到页面,使得登录失败时输入的账号密码不会丢失view.addObject("email",email);view.addObject("password",password);if(StringUtils.isEmpty(captcha)||!Objects.equals(captcha,sessionCaptcha)){view.addObject("errmsg","验证码错误!");returnview;}Useruser=userService.login(email,password);if(user!=null){session.setAttribute(SessionKey.ADMIN_USER_KEY,user);view.setViewName("redirect:/index");returnview;}view.addObject("errmsg","用户名或密码错误!");returnview;}注:此处将Session的Key值通过一个常量类SessionKey保存2.3SessionKey类在utils包下新建SessionKey类packagecn.coralcloud.ims.utils;/***@authorc-geff*@nameSessionKey*@description*@date2020-11-0410:12*/publicclassSessionKey{publicstaticfinalStringADMIN_USER_KEY="AdminUserKey";publicstaticfinalStringADMIN_CAPTCHA_KEY="AdminLoginCaptchaCode";}3.修改login.ftl3.1引入jquery下载jqeury文件jquery.min.js在/static/js文件夹下新建jquery文件夹,将jquery.min.js复制到文件夹下修改login.ftl文件,最终login.ftl内容为下:<!doctypehtml><htmllang="en"xmlns:th="http://www.thymeleaf.org"><head><metacharset="UTF-8"><metaname="viewport"content="width=device-width,user-scalable=no,initial-scale=1.0,maximum-scale=1.0,minimum-scale=1.0"><metahttp-equiv="X-UA-Compatible"content="ie=edge"><linktype="text/css"rel="stylesheet"href="/static/css/main.css"><linktype="text/css"rel="stylesheet"href="/static/css/login.css"><scriptsrc="/static/js/jquery/jquery.min.js"type="application/javascript"></script><title>用户登录</title></head><body><divclass="login-container"><formaction="/user/login"method="post"><div><h3>用户登录</h3></div><divclass="ims-form-item"><labelclass="ims-form-label"for="email">登录邮箱</label><inputclass="ims-form-input"id="email"autocomplete="off"th:value="${email}"placeholder="请输入邮箱"type="text"name="email"></div><divclass="ims-form-item"><labelclass="ims-form-label"for="password">登录密码</label><inputclass="ims-form-input"id="password"autocomplete="new-password"th:value="${password}"placeholder="请输入密码"type="password"name="password"></div><divclass="ims-form-item"><labelclass="ims-form-label"for="captcha">图片验证</label><inputclass="ims-form-input"id="captcha"type="text"placeholder="请输入图片验证码"name="captcha"><imgsrc="/user/captcha"class="captcha"alt="图片验证码"></div><pclass="errormsg"th:if="${errmsg}!=null"th:text="${errmsg}"></p><div><buttontype="submit"class="ims-button">登录</button></div></form></div></body><scripttype="application/javascript">$(document).ready(function(){$('img.captcha').click(function(){$(this).attr("src","/user/captcha?_="+newDate().getTime())})})</script></html>注,login.ftl变更如下:1.head新增引入jquery.min.js2.input新增读取前面保存的email和password3.新增图片验证码输入框及图片4.新建图片点击监听事件,更换图片验证码4.修改样式login.css#captcha{width:100px;border-top-right-radius:0;border-bottom-right-radius:0;}.captcha{width:1px;flex:1;height:42px;cursor:pointer;border-top-right-radius:4px;border-bottom-right-radius:4px;}5.最终效果
存储集群应与业务服务器不在同一台机器,此处搭建ES存储集群使用单节点的方式。ES集群机器需要实现安装配置好JAVA_HOME环境变量。安装配置下载,版本应与filebeat版本一致:官网地址解压修改elasticsearch.yml配置文件:其中cluster.name避免使用默认名称,各节点中配置为相同的名称,ES就会自动搜索加入启动elasticsearch:==ES集群启动不允许使用root账户==,所以应该先创建一个用户,使用新创建的用户启动elasticsearchgroupaddelkuseradd-gelkelkpasswdelk#创建elk用户密码chown-Relk:elk$ELASTICSEARCH_HOMEsuelk$ELASTICSEARCH_HOME/bin/elasticsearch-d#后台启动ES启动完成后测试,浏览器输入http://host:9200测试,有如下结果则为正常:问题解决启动elasticsearch时出现:elasticsearch:which:nojavain(/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin)[解决]在$ES_HOME/config/elasticsearch文件中加入以下配置:JAVA_HOME=/usr/local/jdk1.8maxnumberofthreads[1024]foruser[elk]likelytoolow,increasetoatleast[2048].[解决]切换到root用户,进入limits.d目录下修改配置文件:vi/etc/security/limits.d/90-nproc.conf找到并修改为softnproc2048hardnproc4096maxfiledescriptors[4096]forelasticsearchprocesslikelytoolow,increasetoatleast[65536][解决]切换到root用户,进入limits.d目录下修改配置文件。vi/etc/security/limits.d/90-nproc.conf找到并修改为softnofile65536hardnofile131072maxvirtualmemoryareasvm.max_map_count[65530]likelytoolow,increasetoatleast[262144][解决]修改:vim/etc/sysctl.conf添加下面配置:vm.max_map_count=655360并执行命令:sysctl-p
1.新建数据库表ims-learn.user2.Model包下新建User类注:因为之前初始化项目时添加了lombok依赖,所以model类可以不用写setter/getter,直接使用@Data注解替代3.编写UserDao接口类4.UserMapper.xml<?xmlversion="1.0"encoding="UTF-8"?><!DOCTYPEmapperPUBLIC"-//mybatis.org//DTDMapper3.0//EN""http://mybatis.org/dtd/mybatis-3-mapper.dtd"><mappernamespace="cn.coralcloud.ims.dao.UserDao"><resultMapid="userResultMap"type="User"><idproperty="id"column="id"/><resultproperty="createTime"column="create_time"/><resultproperty="updateTime"column="update_time"/></resultMap><selectid="login"resultMap="userResultMap">select*fromuserwhereemail=#{email}andpassword=#{password}</select></mapper>5.mybatis.xml编写mybatis基础配置,新建resources/mybatis/mybatis.xml<?xmlversion="1.0"encoding="UTF-8"?><!DOCTYPEconfigurationPUBLIC"-//mybatis.org//DTDConfig3.0//EN""http://mybatis.org/dtd/mybatis-3-config.dtd"><configuration><settings><settingname="logImpl"value="STDOUT_LOGGING"/><settingname="lazyLoadingEnabled"value="true"/><settingname="aggressiveLazyLoading"value="false"/><settingname="lazyLoadTriggerMethods"value=""/></settings></configuration>6.UserService.java7.UserController.javapackagecn.coralcloud.ims.controller;importcn.coralcloud.ims.model.User;importcn.coralcloud.ims.service.UserService;importcom.sun.org.apache.xpath.internal.operations.Mod;importorg.springframework.beans.factory.annotation.Autowired;importorg.springframework.stereotype.Controller;importorg.springframework.ui.Model;importorg.springframework.web.bind.annotation.GetMapping;importorg.springframework.web.bind.annotation.PostMapping;importorg.springframework.web.bind.annotation.RequestMapping;importorg.springframework.web.servlet.ModelAndView;importorg.springframework.web.servlet.View;importjavax.servlet.http.HttpSession;/***@authorc-geff*@nameUserController*@description*@date2020-11-0310:45*/@Controller@RequestMapping("/user")publicclassUserController{@AutowiredprivateUserServiceuserService;@PostMapping("/login")publicModelAndViewlogin(Stringemail,Stringpassword,HttpSessionsession){ModelAndViewview=newModelAndView();view.setViewName("user/login");Useruser=userService.login(email,password);if(user!=null){session.setAttribute("AdminUserKey",user);view.setViewName("redirect:/index");returnview;}view.addObject("errmsg","用户名或密码错误!");returnview;}@GetMapping("/login")publicStringlogin(){return"user/login";}}8.login.ftl9.IndexController改造10.index.ftl改造,展示用户登录后的用户名11.数据库添加一条用户数据,然后在/user/login页面登录测试
CentOS7的ClouderaManager5.8安装系统要求http://www.cloudera.com/documentation/manager/5-1-x/Cloudera-Manager-Installation-Guide/cm5ig_cm_requirements.html内存(最低要求):主机4G节点2G相关包下载:ClouderaManager下载地址:http://archive.cloudera.com/cm5/cm/5/选择cloudera-manager-centos7-cm5.8.0_x86_64.tar.gzCDH5下载地址:http://archive.cloudera.com/cdh5/parcels/5/选择以下三个文件:CDH-5.8.0-1.cdh5.8.0.p0.42-el7.parcelCDH-5.8.0-1.cdh5.8.0.p0.42-el7.parcel.sha1(下载后重命名为CDH-5.8.0-1.cdh5.8.0.p0.42-el7.parcel.sha)manifest.jsonJDK下载地址:http://www.oracle.com/technetwork/java/javase/downloads选择最新的JDKrpm包cmagent与cmdaemons下载地址:http://archive-primary.cloudera.com/cm5/redhat/7/x86_64/cm/5.8/RPMS/x86_64/选择以下两个文件:cloudera-manager-agent-5.8.1-1.cm581.p0.7.el7.x86_64.rpmcloudera-manager-daemons-5.8.1-1.cm581.p0.7.el7.x86_64.rpmMysqlJDBC驱动下载地址:http://dev.mysql.com/downloads/connector/j/选择mysql-connector-java-5.1.45.tar.gz准备工作:系统环境搭建++以下操作均用root用户操作++1.网络配置(所有节点)vi/etc/sysconfig/network修改hostname:NETWORKING=yesHOSTNAME=master通过servicenetworkrestart重启网络服务生效。vi/etc/hosts修改ip与主机名的对应关系192.168.1.101master192.168.1.102slave1192.168.1.103slave2192.168.1.104slave3注意:这里需要将每台机器的ip及主机名对应关系都写进去,本机的也要写进去,否则启动Agent的时候会提示hostname解析错误。2.打通SSH,设置ssh无密码登陆(所有节点)在主节点上执行ssh-keygen-trsa一路回车,生成无密码的密钥对。将公钥添加到认证文件中:Cat~/.ssh/id_rsa.pub>>~/.ssh/authorized_keys并设置authorized_keys的访问权限:chmod600~/.ssh/authorized_keysscp文件到所有datenode节点:scp~/.ssh/authorized_keysroot@slave1:~/.ssh/scp~/.ssh/authorized_keysroot@slave2:~/.ssh/scp~/.ssh/authorized_keysroot@slave3:~/.ssh/在主节点上sshslave1,正常情况下,不需要密码就能直接登陆进去了。3.安装Oracle的Java(所有节点)CentOS,自带OpenJdk,不过运行CDH5需要使用Oracle的Jdk,需要Java7的支持。卸载自带的OpenJdk,使用rpm-qa|grepjava查询java相关的包,使用rpm-e--nodeps包名卸载之。去Oracle的官网下载jdk的rpm安装包,并使用rpm-ivh包名安装之。由于是rpm包并不需要我们来配置环境变量,我们只需要配置一个全局的JAVA_HOME变量即可,执行命令:echo"JAVA_HOME=/usr/java/latest/">>/etc/environment4.安装配置MySql(主节点)通过yuminstallmysql-server安装mysql服务器。chkconfigmysqldon设置开机启动,并servicemysqldstart启动mysql服务,并根据提示设置root的初试密码:mysqladmin-urootpassword'123456'mysql-uroot-p123456进入mysql命令行,创建以下数据库:#hivecreatedatabasehiveDEFAULTCHARSETutf8COLLATEutf8_general_ci;#activitymonitorcreatedatabaseamonDEFAULTCHARSETutf8COLLATEutf8_general_ci;设置root授权访问以上所有的数据库:#授权root用户在主节点拥有所有数据库的访问权限grantallprivilegeson*.*to'root'@'master'identifiedby'123456'withgrantoption;flushprivileges;5.关闭防火墙和SELinux注意:需要在所有的节点上执行,因为涉及到的端口太多了,临时关闭防火墙是为了安装起来更方便,安装完毕后可以根据需要设置防火墙策略,保证集群安全。关闭防火墙:serviceiptablesstop(临时关闭)chkconfigiptablesoff(重启后生效)关闭SELINUX(实际安装过程中发现没有关闭也是可以的,不知道会不会有问题,还需进一步进行验证):setenforce0(临时生效)修改/etc/selinux/config下的SELINUX=disabled(重启后永久生效)CentOS7.0systemctlstopfirewalld.service#停止firewallsystemctldisablefirewalld.service#禁止firewall开机启动6.所有节点配置NTP服务集群中所有主机必须保持时间同步,如果时间相差较大会引起各种问题。具体思路如下:master节点作为ntp服务器与外界对时中心同步时间,随后对所有datanode节点提供时间同步服务。所有datanode节点以master节点为基础同步时间。所有节点安装相关组件:yuminstallntp。完成后,配置开机启动:chkconfigntpdon,检查是否设置成功:chkconfig--listntpd其中2-5为on状态就代表成功。centos7:systemctlenablentpdsystemctlis-enabledntpd1.主节点配置位置/etc/ntp.conf在配置之前,先使用ntpdate手动同步一下时间,免得本机与对时中心时间差距太大,使得ntpd不能正常同步。这里选用65.55.56.206作为对时中心,ntpdate-u65.55.56.206。ntp服务只有一个配置文件,配置好了就OK。这里只给出有用的配置,不需要的配置都用#注掉,这里就不在给出:driftfile/var/lib/ntp/driftrestrict127.0.0.1restrict-6::1restrictdefaultnomodifynotrapservercn.ntp.org.cnpreferincludefile/etc/ntp/crypto/pwkeys/etc/ntp/keys配置文件完成,保存退出,启动服务,执行如下命令:1servicentpdstart2ntpstat检查是否成功,用ntpstat命令查看同步状态,出现以下状态代表启动成功:synchronisedtoNTPserver()atstratum2timecorrecttowithin74mspollingserverevery128s如果出现异常请等待几分钟,一般等待5-10分钟才能同步。配置ntp客户端(所有datanode节点)driftfile/var/lib/ntp/driftrestrict127.0.0.1restrict-6::1restrictdefaultkodnomodifynotrapnopeernoqueryrestrict-6defaultkodnomodifynotrapnopeernoquery#这里是主节点的主机名或者ipservermasterincludefile/etc/ntp/crypto/pwkeys/etc/ntp/keysok保存退出,请求服务器前,请先使用ntpdate手动同步一下时间:ntpdate-umaster(主节点ntp服务器)这里可能出现同步失败的情况,请不要着急,一般是本地的ntp服务器还没有正常启动,一般需要等待5-10分钟才可以正常同步。启动服务:servicentpdstart因为是连接内网,这次启动等待的时间会比master节点快一些,但是也需要耐心等待一会儿正式开工安装CMagent和CMDaemons安装先用scp将cmagent与cmdaemons复制到所有节点用yum进行安装:yum--nogpgchecklocalinstallcloudera-manager-agent-*.x86_64.rpmyum--nogpgchecklocalinstallcloudera-manager-daemons-*.x86_64.rpm安装ClouderaManagerServer和Agent主节点解压安装clouderamanager的目录默认位置在/opt下,解压:tarxzvfcloudera-manager*.tar.gz将解压后的cm-5.8.0和cloudera目录放到/opt目录下。为ClouderaManager5建立数据库:首先需要去MySql的官网下载JDBC驱动,http://dev.mysql.com/downloads/connector/j/,解压后,找到mysql-connector-java-5.1.45-bin.jar,放到/opt/cm-5.8.0/share/cmf/lib/中。在主节点初始化CM5的数据库:/opt/cm-5.8.0/share/cmf/schema/scm_prepare_database.shmysqlcm-hlocalhost-uroot-pxxxx--scm-hostlocalhostscmscmscmAgent配置修改/opt/cm-5.8.0/etc/cloudera-scm-agent/config.ini中的server_host为主节点的主机名。同步Agent到其他节点scp-r/opt/cm-5.8.0root@slave1:/opt/在所有节点创建cloudera-scm用户useradd--system--home=/opt/cm-5.8.0/run/cloudera-scm-server/--no-create-home--shell=/bin/false--comment"ClouderaSCMUser"cloudera-scm准备Parcels,用以安装CDH5将CHD5相关的Parcel包放到主节点的/opt/cloudera/parcel-repo/目录中(parcel-repo如果没有需要手动创建,)。相关的文件如下:CDH-5.8.0-1.cdh5.8.0.p0.12-el7.parcelCDH-5.8.0-1.cdh5.8.0.p0.12-el7.parcel.shamanifest.json最后将CDH-5.8.0-1.cdh5.8.0.p0.12-el7.parcel.sha1,重命名为CDH-5.8.0-1.cdh5.8.0.p0.12-el7.parcel.sha,这点必须注意,否则,系统会重新下载CDH-5.8.0-1.cdh5.8.0.p0.12-el7.parcel文件。相关启动脚本通过/opt/cm-5.8.0/etc/init.d/cloudera-scm-serverstart启动服务端。通过/opt/cm-5.8.0/etc/init.d/cloudera-scm-agentstart启动Agent服务。注意:如果AGent启动失败,则手动创建一个cloudera-scm-agent文件夹:mkdir-p/opt/cm-5.8.0/run/cloudera-scm-agent/然后再使用命令启动agent我们启动的其实是个service脚本,需要停止服务将以上的start参数改为stop就可以了,重启是restart。CDH5的安装配置ClouderaManagerServer和Agent都启动以后,就可以进行CDH5的安装配置了。这时可以通过浏览器访问主节点的7180端口测试一下了(由于CMServer的启动需要花点时间,这里可能要等待一会才能访问),默认的用户名和密码均为admin:选择免费版本:指定集群主机:在搜索框中填写所有的集群的Hostname或者IP,搜索如果所有的主机的agent都启动成功则会有下图显示,没有则重新启动Agent,或者检查日志报错:如果parcel文件事先放在指定文件夹中,则会找到相应的版本:注:如果CDH的安装目录不在/opt下,则需要点击更多选项,修改parcel目录及本地parcel存储路径为正确的目录,然后重启agent和server即可点击,继续,如果配置本地Parcel包无误,那么下图中的已下载,应该是瞬间就完成了,然后就是耐心等待分配过程就行了,大约10多分钟吧,取决于内网网速。注意:在安装过程中如果一直卡在“正在激活”过程中,检查相应节点的/opt/cm-5.8.0/log/cloudera-scm-agent下的日志,如果出现connectionrefuse的错误信息。则可以通过将已完成激活的主机上的parcels文件夹用scp命令复制到出问题的agent相应位置上,再在parcels文件夹下创建一个快捷方式:ln-sCDHCDH-5.8.0-1.cdh5.8.0.p0.42/然后分配就完成了。Cloudera建议将/proc/sys/vm/swappiness设置为10。当前设置为60。使用sysctl命令在运行时更改该设置并编辑/etc/sysctl.conf以在重启后保存该设置。您可以继续进行安装,但可能会遇到问题,ClouderaManager报告您的主机由于交换运行状况不佳。以下主机受到影响通过echo10>/proc/sys/vm/swappiness即可解决。已启用透明大页面压缩,可能会导致重大性能问题。请运行“echonever>/sys/kernel/mm/transparent_hugepage/defrag”以禁用此设置,然后将同一命令添加到/etc/rc.local等初始脚本中,以便在系统重启时予以设置。通过echonever>/sys/kernel/mm/transparent_hugepage/defrag解决检查全部通过,点击继续,进入集群设置,选择自定义服务,可以根据自己需要配置安装相应的服务:根据自己的需要进行修改配置:数据库配置:开始安装启动相应组件:等待集群配置安装完成!注意:倘若过程中图形化安装过程中失误导致安装失败,需要重新图形化安装:
一、FastDFS介绍1.1介绍FastDFS是一个C语言实现的开源轻量级分布式文件系统,支持Linux、FreeBSD、AID等Unix系统,解决了大数据存储和读写负载均衡等问题,适合存储4KB~500MB之间的小文件,如图片网站、短视频网站、文档、app下载站等,UC、京东、支付宝、迅雷、酷狗等都有使用,其中UC基于FastDFS向用户提供网盘、广告和应用下载的业务的存储服务FastDFS与MogileFS、HDFS、TFS等都不是系统级的分布式文件系统,而是应用级的分布式文件存储服务。1.2架构FastDFS服务有三个角色:跟踪服务器(TrackerServer)、存储服务器(storageserver)和客户端(client)TrackerServer:跟踪服务器,主要做调度工作,起到均衡的作用;负责管理所有的storageserver和group,每个storage在启动后会连接Tracker,告知自己所属group等信息,并保持周期性心跳,Tracker根据storage心跳信息,建立group--->[storageserverlist]的映射表;tracker管理的元数据很少,会直接存放在内存;tracker上的元信息都是由storage汇报的信息生成的,本身不需要持久化任何数据,tracker之间是对等关系,因此扩展tracker服务非常容易,之间增加tracker服务器即可,所有tracker都接受stroage心跳信息,生成元数据信息来提供读写服务(与其他Master-Slave架构的优势是没有单点,tracker也不会成为瓶颈,最终数据是和一个可用的StorageServer进行传输的)StorageServer:存储服务器,主要提供容量和备份服务;以group为单位,每个group内可以包含多台storageserver,数据互为备份,存储容量空间以group内容量最小的storage为准;建议group内的storageserver配置相同;以group为单位组织存储能够方便的进行应用隔离、负载均衡和副本数定制;缺点是group的容量受单机存储容量的限制,同时group内机器坏掉,数据恢复只能依赖group内其他机器重新同步(坏盘替换,重新挂载重启fdfs_storaged即可)1.3Group存储策略多个group之间的存储方式有3种策略:roundrobin(轮询)、loadbalance(选择最大剩余空间的组上传文件)、specifygroup(指定group上传)group中storage存储依赖本地文件系统,storage可配置多个数据存储目录,磁盘不做raid,直接分别挂载到多个目录,将这些目录配置为storage的数据目录即可storage接受写请求时,会根据配置好的规则,选择其中一个存储目录来存储文件;为避免单个目录下的文件过多,storage第一次启时,会在每个数据存储目录里创建2级子目录,每级256个,总共65536个,新写的文件会以hash的方式被路由到其中某个子目录下,然后将文件数据直接作为一个本地文件存储到该目录中1.4工作流程1.4.1上传FastDFS向使用者提供基本文件访问接口,比如upload、download、append、delete等,以客户端库的方式提供给用户使用。StorageServer会定期的向TrackerServer发送自己的存储信息。当TrackerServerCluster中的TrackerServer不止一个时,各个Tracker之间的关系是对等的,所以客户端上传时可以选择任意一个Tracker。当Tracker收到客户端上传文件的请求时,会为该文件分配一个可以存储文件的group,当选定了group后就要决定给客户端分配group中的哪一个storageserver。当分配好storageserver后,客户端向storage发送写文件请求,storage将会为文件分配一个数据存储目录。然后为文件分配一个fileid,最后根据以上的信息生成文件名存储文件。FastDFS上传时序图:1.4.2同步写文件时,客户端将文件写至group内一个storageserver即认为写文件成功,storageserver写完文件后,会由后台线程将文件同步至同group内其他的storageserver。每个storage写文件后,同时会写一份binlog,binlog里不包含文件数据,只包含文件名等元信息,这份binlog用于后台同步,storage会记录向group内其他storage同步的进度,以便重启后能接上次的进度继续同步;进度以时间戳的方式进行记录,所以最好能保证集群内所有server的时钟保持同步。storage的同步进度会作为元数据的一部分汇报到tracker上,tracke在选择读storage的时候会以同步进度作为参考。1.4.3下载客户端uploadfile成功后,会拿到一个storage生成的文件名,接下来客户端根据这个文件名即可访问到该文件。跟uploadfile一样,在downloadfile时客户端可以选择任意trackerserver。tracker发送download请求给某个tracker,必须带上文件名信息,tracke从文件名中解析出文件的group、大小、创建时间等信息,然后为该请求选择一个storage用来服务读请求。FastDFS下载时序图:二、FastDFS安装2.1下载安装libfastcommon下载libfastcommonwgethttps://github.com/happyfish100/libfastcommon/archive/V1.0.38.tar.gz解压tar-zxvfV1.0.38.tar.gzcdlibfastcommon-1.0.38编译安装./make.sh./make.shinstall2.2安装fastDFS下载wgethttps://github.com/happyfish100/fastdfs/archive/V5.10.tar.gz解压tar-zxvfV5.10.tar.gzcdfastdfs-5.10编译安装./make.sh./make.shinstallFastdfs的文件目录A、服务脚本:/etc/init.d/fdfs_storaged/etc/init.d/fdfs_trackerdB、配置文件模板:/etc/fdfs/client.conf.sample/etc/fdfs/storage.conf.sample/etc/fdfs/tracker.conf.sample2.3配置跟踪器(Tracker)进入/etc/fdfs,复制FastDFS跟踪器样例配置文件tracker.conf.sample,并重命名为tracker.conf。cd/etc/fdfscptracker.conf.sampletracker.confvimtracker.conf编辑tracker.conf,加粗的需要修改下,其它的默认即可。#配置文件是否不生效,false为生效disabled=false#提供服务的端口port=22122#Tracker数据和日志目录地址(根目录必须存在,子目录会自动创建)base_path=/home/data/fastdfs/trackerhttp.server_port=80创建tracker基础数据目录,即base_path对应的目录mkdir-p/home/data/fastdfs/tracker防火墙中打开跟踪端口(默认的22122)vim/etc/sysconfig/iptables最下面添加一行:-AINPUT-mstate--stateNEW-mtcp-ptcp--dport22122-jACCEPT重启iptables:serviceiptablesrestart启动Tracker初次成功启动,会在/home/data/fdfsdfs/tracker/(配置的base_path)下创建data、logs两个目录。可以用这种方式启动:/etc/init.d/fdfs_trackerdstartservicefdfs_trackerdstart查看FastDFSTracker是否已成功启动,22122端口正在被监听,则算是Tracker服务安装成功。netstat-unltp|grepfdfs关闭Tracker命令:servicefdfs_trackerdstop2.4配置存储(Storage)进入/etc/fdfs目录,复制FastDFS存储器样例配置文件storage.conf.sample,并重命名为storage.conf#cd/etc/fdfs#cpstorage.conf.samplestorage.conf#vimstorage.conf编辑storage.conf,加粗的需要修改,其它的默认即可。#配置文件是否不生效,false为生效disabled=false#指定此storageserver所在组(卷)group_name=group1#storageserver服务端口port=23000#心跳间隔时间,单位为秒(这里是指主动向trackerserver发送心跳)heart_beat_interval=30#Storage数据和日志目录地址(根目录必须存在,子目录会自动生成)base_path=/home/data/fastdfs/storage#存放文件时storageserver支持多个路径。这里配置存放文件的基路径数目,通常只配一个目录。store_path_count=1#逐一配置store_path_count个路径,索引号基于0。#如果不配置store_path0,那它就和base_path对应的路径一样。store_path0=/home/data/fastdfs/file#FastDFS存储文件时,采用了两级目录。这里配置存放文件的目录个数。#如果本参数只为N(如:256),那么storageserver在初次运行时,会在store_path下自动创建N*N个存放文件的子目录。subdir_count_per_path=256#tracker_server的列表,会主动连接tracker_server#有多个trackerserver时,每个trackerserver写一行tracker_server=192.168.1.161:22122#允许系统同步的时间段(默认是全天)。一般用于避免高峰同步产生一些问题而设定。sync_start_time=00:00sync_end_time=23:59#访问端口http.server_port=80创建Storage基础数据目录,对应base_path目录mkdir-p/home/data/fastdfs/storage这是配置的store_path0路径mkdir-p/home/data/fastdfs/file防火墙中打开存储器端口(默认的23000)vim/etc/sysconfig/iptables添加如下端口行:-AINPUT-mstate--stateNEW-mtcp-ptcp--dport23000-jACCEPT重启防火墙:serviceiptablesrestart启动Storage启动Storage前确保Tracker是启动的。初次启动成功,会在/home/data/fastdfs/storage目录下创建data、logs两个目录。可以用这种方式启动/etc/init.d/fdfs_storagedstartservicefdfs_storagedstart查看Storage和Tracker是否在通信:/usr/bin/fdfs_monitor/etc/fdfs/storage.conf
采集节点主要安装Filebeat组件即可,Filebeat可以很简单运行在Windows/Linux操作系统上,不需要其余环境。下载Filebeat压缩包:https://www.elastic.co/downloads/past-releases/filebeat-6-2-4根据操作系统选择对应的版本下载解压修改目录下filebeat.yml文件,具体配置下图:上图为filebeat的输入端配置,指定监听文件上图为filebeat的输出端配置,指定输出到本机的Logstash中Filebeat启动(cd$FILEBEAT_HOME):./filebeat-e-cfilebeat.yml后台启动可使用nohup命令nohup./filebeat-e-cfilebeat.yml-d"publish">logs/filebeat.log2>&1&
- SpringBoot+Thymleaf项目初入(五) - 图片验证码
- SpringBoot+Thymleaf项目初入(四) - 用户登录页面优化
- SpringBoot+Thymleaf项目初入(三) - 用户登录
- SpringBoot+Thymleaf项目初入(二) - 配置基础页面访问
- SpringBoot+Thymleaf项目初入(一) - 基础项目搭建
- MyBatis之where关键字与<where>标签的区别
- 文件上传之@RequestParam与@RequestPart
- Spring注解之@Component
- SpringBoot框架之@Controller和@RestController的区别?
- Centos安装ApacheHadoop2.7.7