|
|
@@ -1,6 +1,5 @@
|
|
|
package com.pine.admin.config;
|
|
|
|
|
|
-import com.pine.admin.shiro.CustomRolesAuthorizationFilter;
|
|
|
import com.pine.admin.shiro.KickoutSessionControlFilter;
|
|
|
import com.pine.admin.shiro.ShiroFormAuthenticationFilter;
|
|
|
import com.pine.admin.shiro.UserRealm;
|
|
|
@@ -8,29 +7,22 @@ import com.sun.jersey.core.util.Base64;
|
|
|
import org.apache.shiro.cache.ehcache.EhCacheManager;
|
|
|
import org.apache.shiro.mgt.SecurityManager;
|
|
|
import org.apache.shiro.session.mgt.SessionManager;
|
|
|
-import org.apache.shiro.spring.LifecycleBeanPostProcessor;
|
|
|
+import org.apache.shiro.session.mgt.eis.MemorySessionDAO;
|
|
|
+import org.apache.shiro.session.mgt.eis.SessionDAO;
|
|
|
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
|
|
|
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
|
|
|
import org.apache.shiro.web.mgt.CookieRememberMeManager;
|
|
|
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
|
|
|
import org.apache.shiro.web.servlet.SimpleCookie;
|
|
|
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
|
|
|
-import org.crazycake.shiro.RedisCacheManager;
|
|
|
-import org.crazycake.shiro.RedisManager;
|
|
|
-import org.crazycake.shiro.RedisSessionDAO;
|
|
|
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
|
|
|
-import org.springframework.beans.factory.annotation.Autowired;
|
|
|
-import org.springframework.beans.factory.annotation.Qualifier;
|
|
|
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
|
|
|
-import org.springframework.boot.autoconfigure.data.redis.RedisProperties;
|
|
|
-import org.springframework.boot.web.servlet.FilterRegistrationBean;
|
|
|
import org.springframework.context.annotation.Bean;
|
|
|
import org.springframework.context.annotation.Configuration;
|
|
|
-import org.springframework.web.filter.DelegatingFilterProxy;
|
|
|
|
|
|
-import javax.servlet.Filter;
|
|
|
import java.util.LinkedHashMap;
|
|
|
import java.util.Map;
|
|
|
+import javax.servlet.Filter;
|
|
|
|
|
|
/**
|
|
|
* Shiro的配置文件
|
|
|
@@ -39,47 +31,22 @@ import java.util.Map;
|
|
|
*/
|
|
|
@Configuration
|
|
|
public class ShiroConfig {
|
|
|
- private static final String SESSION_KEY = "shiro:session:";
|
|
|
- private static final String NAME = "custom.name";
|
|
|
- private static final String VALUE = "/";
|
|
|
-
|
|
|
- @Bean("shiroFilter")
|
|
|
- public ShiroFilterFactoryBean shiroFilter(@Qualifier("securityManager") SecurityManager securityManager, @Qualifier("kickoutSessionControlFilter") KickoutSessionControlFilter kickoutSessionControlFilter) {
|
|
|
- ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
|
|
|
- shiroFilter.setSecurityManager(securityManager);
|
|
|
- shiroFilter.setLoginUrl("/login");
|
|
|
- shiroFilter.setLoginUrl("/dealer/login");
|
|
|
- shiroFilter.setUnauthorizedUrl("/error");
|
|
|
|
|
|
- //注意过滤器配置顺序 不能颠倒
|
|
|
- //配置退出 过滤器,其中的具体的退出代码Shiro已经替我们实现了,登出后跳转配置的loginUrl
|
|
|
- Map<String, String> filterMap = new LinkedHashMap<>();
|
|
|
- // 配置不会被拦截的链接 顺序判断
|
|
|
- filterMap.put("/swagger/**", "anon");
|
|
|
- filterMap.put("/v2/api-docs", "anon");
|
|
|
- filterMap.put("/swagger-ui.html", "anon");
|
|
|
- filterMap.put("/webjars/**", "anon");
|
|
|
- filterMap.put("/swagger-resources/**", "anon");
|
|
|
- filterMap.put("/statics/**", "anon");
|
|
|
- filterMap.put("/login", "anon");
|
|
|
- filterMap.put("/wx/**", "anon");
|
|
|
- filterMap.put("/assets/**", "anon");
|
|
|
- filterMap.put("/favicon.ico", "anon");
|
|
|
- filterMap.put("/captcha.jpg", "anon");
|
|
|
- filterMap.put("/youpai/**", "anon");
|
|
|
- filterMap.put("/**", "authc");
|
|
|
- LinkedHashMap<String, Filter> filtsMap = new LinkedHashMap<String, Filter>();
|
|
|
- filtsMap.put("authc", new ShiroFormAuthenticationFilter());
|
|
|
- shiroFilter.setFilters(filtsMap);
|
|
|
- shiroFilter.setFilterChainDefinitionMap(filterMap);
|
|
|
|
|
|
- return shiroFilter;
|
|
|
- }
|
|
|
-
|
|
|
- @Bean
|
|
|
- public CustomRolesAuthorizationFilter rolesAuthorizationFilter() {
|
|
|
- return new CustomRolesAuthorizationFilter();
|
|
|
- }
|
|
|
+ /**
|
|
|
+ * 单机环境,session交给shiro管理
|
|
|
+ */
|
|
|
+// @Bean
|
|
|
+// @ConditionalOnProperty(prefix = "pine", name = "cluster", havingValue = "false")
|
|
|
+// public DefaultWebSessionManager sessionManager(@Value("${pine.globalSessionTimeout:3600}") long globalSessionTimeout){
|
|
|
+// DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
|
|
|
+// sessionManager.setSessionValidationSchedulerEnabled(true);
|
|
|
+// sessionManager.setSessionIdUrlRewritingEnabled(false);
|
|
|
+// sessionManager.setSessionValidationInterval(globalSessionTimeout * 1000);
|
|
|
+// sessionManager.setGlobalSessionTimeout(globalSessionTimeout * 1000);
|
|
|
+//
|
|
|
+// return sessionManager;
|
|
|
+// }
|
|
|
|
|
|
/**
|
|
|
* 使注解生效
|
|
|
@@ -94,26 +61,10 @@ public class ShiroConfig {
|
|
|
return app;
|
|
|
}
|
|
|
|
|
|
- @Bean("lifecycleBeanPostProcessor")
|
|
|
- public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
|
|
|
- return new LifecycleBeanPostProcessor();
|
|
|
- }
|
|
|
-
|
|
|
- @Bean("delegatingFilterProxy")
|
|
|
- public FilterRegistrationBean delegatingFilterProxy() {
|
|
|
- FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
|
|
|
- DelegatingFilterProxy proxy = new DelegatingFilterProxy();
|
|
|
- proxy.setTargetFilterLifecycle(true);
|
|
|
- proxy.setTargetBeanName("shiroFilter");
|
|
|
- filterRegistrationBean.setFilter(proxy);
|
|
|
- return filterRegistrationBean;
|
|
|
- }
|
|
|
-
|
|
|
-
|
|
|
@Bean
|
|
|
- public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(@Qualifier("securityManager") SecurityManager securityManager) {
|
|
|
+ public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor() {
|
|
|
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
|
|
|
- authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
|
|
|
+ authorizationAttributeSourceAdvisor.setSecurityManager(securityManager());
|
|
|
return authorizationAttributeSourceAdvisor;
|
|
|
|
|
|
}
|
|
|
@@ -123,122 +74,169 @@ public class ShiroConfig {
|
|
|
*
|
|
|
* @return
|
|
|
*/
|
|
|
- @Bean(name = "myShiroRealm")
|
|
|
- public UserRealm myShiroRealm(@Qualifier("redisCacheManager") RedisCacheManager redisCacheManager) {
|
|
|
+ @Bean
|
|
|
+ public UserRealm myShiroRealm() {
|
|
|
UserRealm myShiroRealm = new UserRealm();
|
|
|
- myShiroRealm.setCacheManager(redisCacheManager);
|
|
|
- myShiroRealm.setAuthenticationCachingEnabled(false);
|
|
|
- myShiroRealm.setAuthorizationCachingEnabled(false);
|
|
|
return myShiroRealm;
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
- * Redis集群使用RedisClusterManager,单个Redis使用RedisManager
|
|
|
+ * 微信登陆用户
|
|
|
*
|
|
|
- * @param redisProperties
|
|
|
* @return
|
|
|
*/
|
|
|
- @Bean(name = "redisManager")
|
|
|
- public RedisManager redisManager(RedisProperties redisProperties) {
|
|
|
- RedisManager redisManager = new RedisManager();
|
|
|
- redisManager.setHost(redisProperties.getHost() + ":" + redisProperties.getPort());
|
|
|
- redisManager.setPassword(redisProperties.getPassword());
|
|
|
- return redisManager;
|
|
|
- }
|
|
|
-
|
|
|
- @Bean(name = "redisCacheManager")
|
|
|
- public RedisCacheManager redisCacheManager(@Qualifier("redisManager") RedisManager redisManager) {
|
|
|
- RedisCacheManager redisCacheManager = new RedisCacheManager();
|
|
|
- redisCacheManager.setRedisManager(redisManager);
|
|
|
- //redis中针对不同用户缓存
|
|
|
- redisCacheManager.setPrincipalIdFieldName("userName");
|
|
|
- //用户权限信息缓存时间
|
|
|
- redisCacheManager.setExpire(200000);
|
|
|
- return redisCacheManager;
|
|
|
-
|
|
|
- }
|
|
|
-
|
|
|
- @Bean(name = "redisSessionDAO")
|
|
|
- public RedisSessionDAO redisSessionDAO(@Qualifier("redisManager") RedisManager redisManager) {
|
|
|
- RedisSessionDAO redisSessionDAO = new RedisSessionDAO();
|
|
|
- redisSessionDAO.setExpire(86400);
|
|
|
- redisSessionDAO.setKeyPrefix(SESSION_KEY);
|
|
|
- redisSessionDAO.setRedisManager(redisManager);
|
|
|
- return redisSessionDAO;
|
|
|
- }
|
|
|
+// @Bean
|
|
|
+// public WxOpenIdRealm wxCodeRealm() {
|
|
|
+// WxOpenIdRealm wxOpenIdRealm = new WxOpenIdRealm();
|
|
|
+// //小程序使用openid登录使用的realm
|
|
|
+// return wxOpenIdRealm;
|
|
|
+// }
|
|
|
|
|
|
/**
|
|
|
- * //权限管理,配置主要是Realm的管理认证
|
|
|
- *
|
|
|
- * @return
|
|
|
+ * 系统自带的Realm管理,主要针对多realm
|
|
|
*/
|
|
|
+// @Bean
|
|
|
+// public ModularRealmAuthenticator modularRealmAuthenticator() {
|
|
|
+// ModularRealmAuthenticator modularRealmAuthenticator = new ModularRealmAuthenticator();
|
|
|
+// //只要有一个成功就视为登录成功
|
|
|
+// modularRealmAuthenticator.setAuthenticationStrategy(new AtLeastOneSuccessfulStrategy());
|
|
|
+// return modularRealmAuthenticator;
|
|
|
+// }
|
|
|
+
|
|
|
+ //权限管理,配置主要是Realm的管理认证
|
|
|
@Bean("securityManager")
|
|
|
- public SecurityManager securityManager(@Qualifier("myShiroRealm") UserRealm myShiroRealm, @Qualifier("sessionManager") SessionManager sessionManager, @Qualifier("redisCacheManager") RedisCacheManager redisCacheManager) {
|
|
|
+ public SecurityManager securityManager() {
|
|
|
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
|
|
|
- securityManager.setRealm(myShiroRealm);
|
|
|
- securityManager.setCacheManager(redisCacheManager);
|
|
|
- securityManager.setSessionManager(sessionManager);
|
|
|
+ securityManager.setRealm(myShiroRealm());
|
|
|
+ securityManager.setCacheManager(getEhCacheManager());
|
|
|
+ securityManager.setSessionManager(sessionManager());
|
|
|
securityManager.setRememberMeManager(rememberMeManager());
|
|
|
//注入Cookie记住我管理器
|
|
|
+// securityManager.setRememberMeManager(rememberMeManager());
|
|
|
return securityManager;
|
|
|
}
|
|
|
|
|
|
+ @Bean("shiroFilter")
|
|
|
+ public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
|
|
|
+ ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
|
|
|
+ shiroFilter.setSecurityManager(securityManager);
|
|
|
+ shiroFilter.setLoginUrl("/dealer/login");
|
|
|
+// shiroFilter.setUnauthorizedUrl("/");
|
|
|
+ //注意过滤器配置顺序 不能颠倒
|
|
|
+ //配置退出 过滤器,其中的具体的退出代码Shiro已经替我们实现了,登出后跳转配置的loginUrl
|
|
|
+ Map<String, String> filterMap = new LinkedHashMap<>();
|
|
|
+ // 配置不会被拦截的链接 顺序判断
|
|
|
+ filterMap.put("/swagger/**", "anon");
|
|
|
+ filterMap.put("/v2/api-docs", "anon");
|
|
|
+ filterMap.put("/swagger-ui.html", "anon");
|
|
|
+ filterMap.put("/webjars/**", "anon");
|
|
|
+ filterMap.put("/swagger-resources/**", "anon");
|
|
|
+ filterMap.put("/system/sysuser/*", "anon");
|
|
|
+ filterMap.put("/statics/**", "anon");
|
|
|
+ filterMap.put("/dealer/login", "anon");
|
|
|
+
|
|
|
|
|
|
- @Bean("rememberMeManager")
|
|
|
+ filterMap.put("/youpai/**", "anon");
|
|
|
+ filterMap.put("/favicon.ico", "anon");
|
|
|
+ filterMap.put("/captcha.jpg", "anon");
|
|
|
+// filterMap.put("/kickout", "anon");
|
|
|
+
|
|
|
+// <!-- authc:所有url都必须认证通过才可以访问; anon:所有url都都可以匿名访问-->
|
|
|
+ filterMap.put("/**", "authc");
|
|
|
+
|
|
|
+ //配置shiro默认登录界面地址,前后端分离中登录界面跳转应由前端路由控制,后台仅返回json数据
|
|
|
+// shiroFilter.setLoginUrl("/login");
|
|
|
+// shiroFilter.setFilterChainDefinitionMap(filterMap);
|
|
|
+ LinkedHashMap<String, Filter> filtsMap = new LinkedHashMap<String, Filter>();
|
|
|
+ filtsMap.put("authc", new ShiroFormAuthenticationFilter());
|
|
|
+// filtsMap.put("kickout", kickoutSessionControlFilter());
|
|
|
+ shiroFilter.setFilters(filtsMap);
|
|
|
+ shiroFilter.setFilterChainDefinitionMap(filterMap);
|
|
|
+
|
|
|
+ return shiroFilter;
|
|
|
+ }
|
|
|
+
|
|
|
+ @Bean
|
|
|
public CookieRememberMeManager rememberMeManager() {
|
|
|
+ //System.out.println("ShiroConfiguration.rememberMeManager()");
|
|
|
CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
|
|
|
- cookieRememberMeManager.setCookie(simpleCookie());
|
|
|
+ cookieRememberMeManager.setCookie(rememberMeCookie());
|
|
|
//rememberMe cookie加密的密钥 建议每个项目都不一样 默认AES算法 密钥长度(128 256 512 位)
|
|
|
cookieRememberMeManager.setCipherKey(Base64.decode("2AvVhdsgUs0FSA3SDFAdag=="));
|
|
|
return cookieRememberMeManager;
|
|
|
}
|
|
|
|
|
|
- @Bean("simpleCookie")
|
|
|
- public SimpleCookie simpleCookie() {
|
|
|
- SimpleCookie simpleCookie = new SimpleCookie();
|
|
|
- simpleCookie.setName(NAME);
|
|
|
- simpleCookie.setValue(VALUE);
|
|
|
+ @Bean
|
|
|
+ public SimpleCookie rememberMeCookie() {
|
|
|
+ //System.out.println("ShiroConfiguration.rememberMeCookie()");
|
|
|
+ //这个参数是cookie的名称,对应前端的checkbox的name = rememberMe
|
|
|
+ SimpleCookie simpleCookie = new SimpleCookie("rememberMe");
|
|
|
+ //<!-- 记住我cookie生效时间30天 ,单位秒;-->
|
|
|
+ simpleCookie.setMaxAge(259200);
|
|
|
return simpleCookie;
|
|
|
}
|
|
|
|
|
|
+
|
|
|
+// @Bean
|
|
|
+// @DependsOn("lifecycleBeanPostProcessor")
|
|
|
+// public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
|
|
|
+// DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
|
|
|
+// defaultAdvisorAutoProxyCreator.setProxyTargetClass(true);
|
|
|
+// return defaultAdvisorAutoProxyCreator;
|
|
|
+// }
|
|
|
+
|
|
|
+
|
|
|
/**
|
|
|
* 配置shiro session 的一个管理器
|
|
|
*
|
|
|
* @return
|
|
|
*/
|
|
|
@Bean(name = "sessionManager")
|
|
|
- public SessionManager sessionManager(@Qualifier("redisSessionDAO") RedisSessionDAO redisSessionDAO, @Qualifier("simpleCookie") SimpleCookie simpleCookie) {
|
|
|
+ public SessionManager sessionManager() {
|
|
|
DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
|
|
|
- sessionManager.setSessionDAO(redisSessionDAO);
|
|
|
- sessionManager.setSessionIdCookieEnabled(true);
|
|
|
-// sessionManager.setSessionIdCookie(simpleCookie);
|
|
|
+ sessionManager.setSessionDAO(sessionDAO());
|
|
|
+ // 设置session过期时间
|
|
|
+ sessionManager.setGlobalSessionTimeout(-1000);
|
|
|
return sessionManager;
|
|
|
}
|
|
|
|
|
|
+ @Bean(name = "sessionDAO")
|
|
|
+ public SessionDAO sessionDAO() {
|
|
|
+ MemorySessionDAO sessionDAO = new MemorySessionDAO();
|
|
|
+// RedisSessionDao sessionDAO = new RedisSessionDao();
|
|
|
+ return sessionDAO;
|
|
|
+ }
|
|
|
+
|
|
|
+
|
|
|
+ @Bean
|
|
|
+ public EhCacheManager getEhCacheManager() {
|
|
|
+ EhCacheManager em = new EhCacheManager();
|
|
|
+ //配置shiro缓存
|
|
|
+ em.setCacheManagerConfigFile("classpath:ehcache.xml");
|
|
|
+ return em;
|
|
|
+ }
|
|
|
+
|
|
|
+// @Bean
|
|
|
+// public SessionDAO sessionDAO() {
|
|
|
+// EnterpriseCacheSessionDAO sessionDAO = new EnterpriseCacheSessionDAO();
|
|
|
+// return sessionDAO;
|
|
|
+// }
|
|
|
+
|
|
|
/**
|
|
|
* 注入踢人策略
|
|
|
*
|
|
|
* @return
|
|
|
*/
|
|
|
- @Bean("kickoutSessionControlFilter")
|
|
|
- public KickoutSessionControlFilter kickoutSessionControlFilter(
|
|
|
- @Qualifier("sessionManager") SessionManager sessionManager,
|
|
|
- @Qualifier("redisCacheManager") RedisCacheManager redisCacheManager,
|
|
|
- @Qualifier("redisSessionDAO") RedisSessionDAO redisSessionDAO) {
|
|
|
+ @Bean
|
|
|
+ public KickoutSessionControlFilter kickoutSessionControlFilter() {
|
|
|
KickoutSessionControlFilter kickout = new KickoutSessionControlFilter();
|
|
|
- kickout.setCacheManager( redisCacheManager);
|
|
|
- kickout.setSessionManager(sessionManager);
|
|
|
+ kickout.setCacheManager(getEhCacheManager());
|
|
|
+ kickout.setSessionManager(sessionManager());
|
|
|
kickout.setKickoutAfter(true);
|
|
|
- kickout.setSessionDAO(redisSessionDAO);
|
|
|
+ kickout.setSessionDAO(sessionDAO());
|
|
|
+ //同时在线智能一个人
|
|
|
+// kickout.setKickoutUrl("/kickout");
|
|
|
kickout.setMaxSession(1);
|
|
|
return kickout;
|
|
|
}
|
|
|
- @Bean
|
|
|
- public EhCacheManager getEhCacheManager() {
|
|
|
- EhCacheManager em = new EhCacheManager();
|
|
|
- //配置shiro缓存
|
|
|
- em.setCacheManagerConfigFile("classpath:ehcache.xml");
|
|
|
- return em;
|
|
|
- }
|
|
|
-
|
|
|
}
|
