|
|
1
2
3
4
5
|
package com.huaheng.framework.config;
import java.util.LinkedHashMap;
import java.util.Map;
import javax.servlet.Filter;
|
|
|
6
|
|
|
|
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
import org.apache.shiro.cache.ehcache.EhCacheManager;
import org.apache.shiro.codec.Base64;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import com.huaheng.common.utils.StringUtils;
import com.huaheng.framework.shiro.realm.UserRealm;
import com.huaheng.framework.shiro.session.OnlineSessionDAO;
import com.huaheng.framework.shiro.session.OnlineSessionFactory;
import com.huaheng.framework.shiro.web.filter.LogoutFilter;
import com.huaheng.framework.shiro.web.filter.online.OnlineSessionFilter;
import com.huaheng.framework.shiro.web.filter.sync.SyncOnlineSessionFilter;
import com.huaheng.framework.shiro.web.session.OnlineWebSessionManager;
import com.huaheng.framework.shiro.web.session.SpringSessionValidationScheduler;
import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
/**
* 权限配置加载
|
|
|
32
|
*
|
|
|
33
34
35
|
* @author huaheng
*/
@Configuration
|
|
|
36
|
public class ShiroConfig {
|
|
|
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
public static final String PREMISSION_STRING = "perms[\"{0}\"]";
// Session超时时间,单位为毫秒(默认30分钟)
@Value("${shiro.session.expireTime}")
private int expireTime;
// 相隔多久检查一次session的有效性,单位毫秒,默认就是10分钟
@Value("${shiro.session.validationInterval}")
private int validationInterval;
// 验证码开关
@Value("${shiro.user.captchaEnabled}")
private boolean captchaEnabled;
// 验证码类型
@Value("${shiro.user.captchaType}")
private String captchaType;
// 设置Cookie的域名
@Value("${shiro.cookie.domain}")
private String domain;
// 设置cookie的有效访问路径
@Value("${shiro.cookie.path}")
private String path;
// 设置HttpOnly属性
@Value("${shiro.cookie.httpOnly}")
private boolean httpOnly;
// 设置Cookie的过期时间,秒为单位
@Value("${shiro.cookie.maxAge}")
private int maxAge;
// 登录地址
@Value("${shiro.user.loginUrl}")
private String loginUrl;
// 登录地址
@Value("/admin/login")
private String loginUrls;
// 权限认证失败地址
@Value("${shiro.user.unauthorizedUrl}")
private String unauthorizedUrl;
/**
* 缓存管理器 使用Ehcache实现
*/
@Bean
|
|
|
87
|
public EhCacheManager getEhCacheManager() {
|
|
|
88
89
|
net.sf.ehcache.CacheManager cacheManager = net.sf.ehcache.CacheManager.getCacheManager("huaheng");
EhCacheManager em = new EhCacheManager();
|
|
|
90
|
if (StringUtils.isNull(cacheManager)) {
|
|
|
91
92
|
em.setCacheManagerConfigFile("classpath:ehcache/ehcache-shiro.xml");
return em;
|
|
|
93
|
} else {
|
|
|
94
95
96
97
98
99
100
101
102
|
em.setCacheManager(cacheManager);
return em;
}
}
/**
* 自定义Realm
*/
@Bean
|
|
|
103
|
public UserRealm userRealm(EhCacheManager cacheManager) {
|
|
|
104
105
106
107
108
109
110
111
112
|
UserRealm userRealm = new UserRealm();
userRealm.setCacheManager(cacheManager);
return userRealm;
}
/**
* 自定义sessionDAO会话
*/
@Bean
|
|
|
113
|
public OnlineSessionDAO sessionDAO() {
|
|
|
114
115
116
117
118
119
120
121
|
OnlineSessionDAO sessionDAO = new OnlineSessionDAO();
return sessionDAO;
}
/**
* 自定义sessionFactory会话
*/
@Bean
|
|
|
122
|
public OnlineSessionFactory sessionFactory() {
|
|
|
123
124
125
126
127
128
129
130
|
OnlineSessionFactory sessionFactory = new OnlineSessionFactory();
return sessionFactory;
}
/**
* 自定义sessionFactory调度器
*/
@Bean
|
|
|
131
|
public SpringSessionValidationScheduler sessionValidationScheduler() {
|
|
|
132
133
134
135
136
137
138
139
140
141
142
143
|
SpringSessionValidationScheduler sessionValidationScheduler = new SpringSessionValidationScheduler();
// 相隔多久检查一次session的有效性,单位毫秒,默认就是10分钟
sessionValidationScheduler.setSessionValidationInterval(validationInterval * 60 * 1000);
// 设置会话验证调度器进行会话验证时的会话管理器
sessionValidationScheduler.setSessionManager(sessionValidationManager());
return sessionValidationScheduler;
}
/**
* 会话管理器
*/
@Bean
|
|
|
144
|
public OnlineWebSessionManager sessionValidationManager() {
|
|
|
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
|
OnlineWebSessionManager manager = new OnlineWebSessionManager();
// 加入缓存管理器
manager.setCacheManager(getEhCacheManager());
// 删除过期的session
manager.setDeleteInvalidSessions(true);
// 设置全局session超时时间
manager.setGlobalSessionTimeout(expireTime * 60 * 1000);
// 去掉 JSESSIONID
manager.setSessionIdUrlRewritingEnabled(false);
// 是否定时检查session
manager.setSessionValidationSchedulerEnabled(true);
// 自定义SessionDao
manager.setSessionDAO(sessionDAO());
// 自定义sessionFactory
manager.setSessionFactory(sessionFactory());
return manager;
}
/**
* 会话管理器
*/
@Bean
|
|
|
167
|
public OnlineWebSessionManager sessionManager() {
|
|
|
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
|
OnlineWebSessionManager manager = new OnlineWebSessionManager();
// 加入缓存管理器
manager.setCacheManager(getEhCacheManager());
// 删除过期的session
manager.setDeleteInvalidSessions(true);
// 设置全局session超时时间
manager.setGlobalSessionTimeout(expireTime * 60 * 1000);
// 去掉 JSESSIONID
manager.setSessionIdUrlRewritingEnabled(false);
// 定义要使用的无效的Session定时调度器
manager.setSessionValidationScheduler(sessionValidationScheduler());
// 是否定时检查session
manager.setSessionValidationSchedulerEnabled(true);
// 自定义SessionDao
manager.setSessionDAO(sessionDAO());
// 自定义sessionFactory
manager.setSessionFactory(sessionFactory());
return manager;
}
/**
* 安全管理器
*/
@Bean
|
|
|
192
|
public SecurityManager securityManager(UserRealm userRealm) {
|
|
|
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
|
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
// 设置realm.
securityManager.setRealm(userRealm);
// 记住我
securityManager.setRememberMeManager(rememberMeManager());
// 注入缓存管理器;
securityManager.setCacheManager(getEhCacheManager());
// session管理器
securityManager.setSessionManager(sessionManager());
return securityManager;
}
/**
* 退出过滤器
*/
|
|
|
208
|
public LogoutFilter logoutFilter() {
|
|
|
209
210
211
212
213
|
LogoutFilter logoutFilter = new LogoutFilter();
logoutFilter.setLoginUrl(loginUrl);
return logoutFilter;
}
|
|
|
214
|
public LogoutFilter logoutFilters() {
|
|
|
215
216
217
218
219
220
221
222
223
|
LogoutFilter logoutFilter = new LogoutFilter();
logoutFilter.setLoginUrl(loginUrls);
return logoutFilter;
}
/**
* Shiro过滤器配置
*/
@Bean
|
|
|
224
|
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
|
|
|
225
226
227
228
229
230
231
232
233
234
235
236
|
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
// Shiro的核心安全接口,这个属性是必须的
shiroFilterFactoryBean.setSecurityManager(securityManager);
// 身份认证失败,则跳转到登录页面的配置
shiroFilterFactoryBean.setLoginUrl(loginUrl);
// 权限认证失败,则跳转到指定页面
shiroFilterFactoryBean.setUnauthorizedUrl(unauthorizedUrl);
// Shiro连接约束配置,即过滤链的定义
LinkedHashMap<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
// 对静态资源设置匿名访问
filterChainDefinitionMap.put("/favicon.ico**", "anon");
filterChainDefinitionMap.put("/huaheng.png**", "anon");
|
|
|
237
|
filterChainDefinitionMap.put("/logo.png", "anon");
|
|
|
238
239
240
241
|
filterChainDefinitionMap.put("/css/**", "anon");
filterChainDefinitionMap.put("/docs/**", "anon");
filterChainDefinitionMap.put("/fonts/**", "anon");
filterChainDefinitionMap.put("/img/**", "anon");
|
|
|
242
|
filterChainDefinitionMap.put("/apk/**", "anon");
|
|
|
243
|
filterChainDefinitionMap.put("/reservation/**", "anon");
|
|
|
244
245
246
247
248
|
filterChainDefinitionMap.put("/ajax/**", "anon");
filterChainDefinitionMap.put("/js/**", "anon");
filterChainDefinitionMap.put("/huaheng/**", "anon");
filterChainDefinitionMap.put("/druid/**", "anon");
filterChainDefinitionMap.put("/captcha/captchaImage**", "anon");
|
|
|
249
|
filterChainDefinitionMap.put("/reservation/add", "anon");
|
|
|
250
251
252
253
254
|
// 退出 logout地址,shiro去清除session
filterChainDefinitionMap.put("/logout", "logout");
filterChainDefinitionMap.put("/admin/logout", "adminlogout");
// 不需要拦截的访问
// filterChainDefinitionMap.put("/admin/home", "anon,captchaValidate");
|
|
|
255
256
257
258
259
|
filterChainDefinitionMap.put("/mobile/download/*", "anon");
filterChainDefinitionMap.put("/admin/login", "anon");
filterChainDefinitionMap.put("/login", "anon");
filterChainDefinitionMap.put("/api/login", "anon");
filterChainDefinitionMap.put("/mobile/login", "anon");
|
|
|
260
|
filterChainDefinitionMap.put("/api/getTokenForMobile", "anon");
|
|
|
261
|
filterChainDefinitionMap.put("/getWarehouseByUserCode", "anon");
|
|
|
262
263
264
|
// filterChainDefinitionMap.put("/websocket", "anon");
// filterChainDefinitionMap.put("/websocket/*", "anon");
// filterChainDefinitionMap.put("/user/lincoln/message", "anon");
|
|
|
265
|
filterChainDefinitionMap.put("/API/WMS/v2/login", "anon");
|
|
|
266
|
filterChainDefinitionMap.put("/api/**", "anon");
|
|
|
267
|
filterChainDefinitionMap.put("/endpoint/**", "anon");
|
|
|
268
|
filterChainDefinitionMap.put("/manager/**", "anon");
|
|
|
269
|
filterChainDefinitionMap.put("/API/WMS/v2/**","anon");
|
|
|
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
|
// 系统权限列表
// filterChainDefinitionMap.putAll(SpringUtils.getBean(IMenuService.class).selectPermsAll());
Map<String, Filter> filters = new LinkedHashMap<>();
filters.put("onlineSession", onlineSessionFilter());
filters.put("syncOnlineSession", syncOnlineSessionFilter());
// 注销成功,则跳转到指定页面
filters.put("logout", logoutFilter());
filters.put("adminlogout", logoutFilters());
shiroFilterFactoryBean.setFilters(filters);
// 所有请求需要认证
filterChainDefinitionMap.put("/**", "user,onlineSession,syncOnlineSession");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
/**
* 自定义在线用户处理过滤器
*/
@Bean
|
|
|
292
|
public OnlineSessionFilter onlineSessionFilter() {
|
|
|
293
294
295
296
297
298
299
300
301
|
OnlineSessionFilter onlineSessionFilter = new OnlineSessionFilter();
onlineSessionFilter.setLoginUrl(loginUrl);
return onlineSessionFilter;
}
/**
* 自定义在线用户同步过滤器
*/
@Bean
|
|
|
302
|
public SyncOnlineSessionFilter syncOnlineSessionFilter() {
|
|
|
303
304
305
306
307
308
309
|
SyncOnlineSessionFilter syncOnlineSessionFilter = new SyncOnlineSessionFilter();
return syncOnlineSessionFilter;
}
/**
* cookie 属性设置
*/
|
|
|
310
|
public SimpleCookie rememberMeCookie() {
|
|
|
311
312
313
314
315
316
317
318
319
320
321
|
SimpleCookie cookie = new SimpleCookie("rememberMe");
cookie.setDomain(domain);
cookie.setPath(path);
cookie.setHttpOnly(httpOnly);
cookie.setMaxAge(maxAge * 24 * 60 * 60);
return cookie;
}
/**
* 记住我
*/
|
|
|
322
|
public CookieRememberMeManager rememberMeManager() {
|
|
|
323
324
325
326
327
328
329
330
331
332
|
CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
cookieRememberMeManager.setCookie(rememberMeCookie());
cookieRememberMeManager.setCipherKey(Base64.decode("fCq+/xW488hMTCD+cmJ3aQ=="));
return cookieRememberMeManager;
}
/**
* thymeleaf模板引擎和shiro框架的整合
*/
@Bean
|
|
|
333
|
public ShiroDialect shiroDialect() {
|
|
|
334
335
336
337
338
339
340
341
|
return new ShiroDialect();
}
/**
* 开启Shiro注解通知器
*/
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(
|
|
|
342
|
@Qualifier("securityManager") SecurityManager securityManager) {
|
|
|
343
344
345
346
347
|
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
}
}
|
