|
|
1
2
|
package com.huaheng.framework.config;
|
|
|
3
4
5
6
7
8
9
10
11
12
|
import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import com.huaheng.common.utils.StringUtils;
import com.huaheng.framework.shiro.realm.UserRealm;
import com.huaheng.framework.shiro.session.OnlineSessionDAO;
import com.huaheng.framework.shiro.session.OnlineSessionFactory;
import com.huaheng.framework.shiro.web.filter.LogoutFilter;
import com.huaheng.framework.shiro.web.filter.online.OnlineSessionFilter;
import com.huaheng.framework.shiro.web.filter.sync.SyncOnlineSessionFilter;
import com.huaheng.framework.shiro.web.session.OnlineWebSessionManager;
import com.huaheng.framework.shiro.web.session.SpringSessionValidationScheduler;
|
|
|
13
14
15
16
17
18
19
20
|
import org.apache.shiro.cache.ehcache.EhCacheManager;
import org.apache.shiro.codec.Base64;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.SimpleCookie;
|
|
|
21
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
|
22
23
24
25
|
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
|
|
|
26
27
28
29
|
import javax.servlet.Filter;
import java.util.LinkedHashMap;
import java.util.Map;
|
|
|
30
31
32
|
/**
* 权限配置加载
|
|
|
33
|
*
|
|
|
34
35
36
|
* @author huaheng
*/
@Configuration
|
|
|
37
|
public class ShiroConfig {
|
|
|
38
39
|
public static final String PREMISSION_STRING = "perms[\"{0}\"]";
|
|
|
40
41
42
|
@Value("${shiro.session.redisEnabled}")
private boolean redisEnabled;
|
|
|
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
// Session超时时间,单位为毫秒(默认30分钟)
@Value("${shiro.session.expireTime}")
private int expireTime;
// 相隔多久检查一次session的有效性,单位毫秒,默认就是10分钟
@Value("${shiro.session.validationInterval}")
private int validationInterval;
// 验证码开关
@Value("${shiro.user.captchaEnabled}")
private boolean captchaEnabled;
// 验证码类型
@Value("${shiro.user.captchaType}")
private String captchaType;
// 设置Cookie的域名
@Value("${shiro.cookie.domain}")
private String domain;
// 设置cookie的有效访问路径
@Value("${shiro.cookie.path}")
private String path;
// 设置HttpOnly属性
@Value("${shiro.cookie.httpOnly}")
private boolean httpOnly;
// 设置Cookie的过期时间,秒为单位
@Value("${shiro.cookie.maxAge}")
private int maxAge;
// 登录地址
@Value("${shiro.user.loginUrl}")
private String loginUrl;
// 登录地址
@Value("/admin/login")
private String loginUrls;
// 权限认证失败地址
@Value("${shiro.user.unauthorizedUrl}")
private String unauthorizedUrl;
|
|
|
87
88
|
@Autowired
private CacheManagerConfig cacheManagerConfig;
|
|
|
89
90
91
92
93
|
/**
* 自定义Realm
*/
@Bean
|
|
|
94
|
public UserRealm userRealm() {
|
|
|
95
|
UserRealm userRealm = new UserRealm();
|
|
|
96
97
|
userRealm.setCacheManager(
redisEnabled ? cacheManagerConfig.getRedisCacheManager() : cacheManagerConfig.getEhCacheManager());
|
|
|
98
99
100
101
102
103
104
|
return userRealm;
}
/**
* 自定义sessionDAO会话
*/
@Bean
|
|
|
105
|
public OnlineSessionDAO sessionDAO() {
|
|
|
106
107
108
109
110
111
112
113
|
OnlineSessionDAO sessionDAO = new OnlineSessionDAO();
return sessionDAO;
}
/**
* 自定义sessionFactory会话
*/
@Bean
|
|
|
114
|
public OnlineSessionFactory sessionFactory() {
|
|
|
115
116
117
118
119
120
121
122
|
OnlineSessionFactory sessionFactory = new OnlineSessionFactory();
return sessionFactory;
}
/**
* 自定义sessionFactory调度器
*/
@Bean
|
|
|
123
|
public SpringSessionValidationScheduler sessionValidationScheduler() {
|
|
|
124
125
126
127
128
129
130
131
132
133
134
135
|
SpringSessionValidationScheduler sessionValidationScheduler = new SpringSessionValidationScheduler();
// 相隔多久检查一次session的有效性,单位毫秒,默认就是10分钟
sessionValidationScheduler.setSessionValidationInterval(validationInterval * 60 * 1000);
// 设置会话验证调度器进行会话验证时的会话管理器
sessionValidationScheduler.setSessionManager(sessionValidationManager());
return sessionValidationScheduler;
}
/**
* 会话管理器
*/
@Bean
|
|
|
136
|
public OnlineWebSessionManager sessionValidationManager() {
|
|
|
137
138
|
OnlineWebSessionManager manager = new OnlineWebSessionManager();
// 加入缓存管理器
|
|
|
139
|
manager.setCacheManager(redisEnabled ? cacheManagerConfig.getRedisCacheManager() : cacheManagerConfig.getEhCacheManager());
|
|
|
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
|
// 删除过期的session
manager.setDeleteInvalidSessions(true);
// 设置全局session超时时间
manager.setGlobalSessionTimeout(expireTime * 60 * 1000);
// 去掉 JSESSIONID
manager.setSessionIdUrlRewritingEnabled(false);
// 是否定时检查session
manager.setSessionValidationSchedulerEnabled(true);
// 自定义SessionDao
manager.setSessionDAO(sessionDAO());
// 自定义sessionFactory
manager.setSessionFactory(sessionFactory());
return manager;
}
/**
* 会话管理器
*/
@Bean
|
|
|
159
|
public OnlineWebSessionManager sessionManager() {
|
|
|
160
161
|
OnlineWebSessionManager manager = new OnlineWebSessionManager();
// 加入缓存管理器
|
|
|
162
|
manager.setCacheManager(redisEnabled ? cacheManagerConfig.getRedisCacheManager() : cacheManagerConfig.getEhCacheManager());
|
|
|
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
|
// 删除过期的session
manager.setDeleteInvalidSessions(true);
// 设置全局session超时时间
manager.setGlobalSessionTimeout(expireTime * 60 * 1000);
// 去掉 JSESSIONID
manager.setSessionIdUrlRewritingEnabled(false);
// 定义要使用的无效的Session定时调度器
manager.setSessionValidationScheduler(sessionValidationScheduler());
// 是否定时检查session
manager.setSessionValidationSchedulerEnabled(true);
// 自定义SessionDao
manager.setSessionDAO(sessionDAO());
// 自定义sessionFactory
manager.setSessionFactory(sessionFactory());
return manager;
}
/**
* 安全管理器
*/
@Bean
|
|
|
184
|
public SecurityManager securityManager(UserRealm userRealm) {
|
|
|
185
186
187
188
189
190
|
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
// 设置realm.
securityManager.setRealm(userRealm);
// 记住我
securityManager.setRememberMeManager(rememberMeManager());
// 注入缓存管理器;
|
|
|
191
192
|
securityManager.setCacheManager(
redisEnabled ? cacheManagerConfig.getRedisCacheManager() : cacheManagerConfig.getEhCacheManager());
|
|
|
193
194
195
196
197
198
199
200
|
// session管理器
securityManager.setSessionManager(sessionManager());
return securityManager;
}
/**
* 退出过滤器
*/
|
|
|
201
|
public LogoutFilter logoutFilter() {
|
|
|
202
203
204
205
206
|
LogoutFilter logoutFilter = new LogoutFilter();
logoutFilter.setLoginUrl(loginUrl);
return logoutFilter;
}
|
|
|
207
|
public LogoutFilter logoutFilters() {
|
|
|
208
209
210
211
212
213
214
215
216
|
LogoutFilter logoutFilter = new LogoutFilter();
logoutFilter.setLoginUrl(loginUrls);
return logoutFilter;
}
/**
* Shiro过滤器配置
*/
@Bean
|
|
|
217
|
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
|
|
|
218
219
220
221
222
223
224
225
226
227
228
229
|
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
// Shiro的核心安全接口,这个属性是必须的
shiroFilterFactoryBean.setSecurityManager(securityManager);
// 身份认证失败,则跳转到登录页面的配置
shiroFilterFactoryBean.setLoginUrl(loginUrl);
// 权限认证失败,则跳转到指定页面
shiroFilterFactoryBean.setUnauthorizedUrl(unauthorizedUrl);
// Shiro连接约束配置,即过滤链的定义
LinkedHashMap<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
// 对静态资源设置匿名访问
filterChainDefinitionMap.put("/favicon.ico**", "anon");
filterChainDefinitionMap.put("/huaheng.png**", "anon");
|
|
|
230
|
filterChainDefinitionMap.put("/logo.png", "anon");
|
|
|
231
232
233
234
|
filterChainDefinitionMap.put("/css/**", "anon");
filterChainDefinitionMap.put("/docs/**", "anon");
filterChainDefinitionMap.put("/fonts/**", "anon");
filterChainDefinitionMap.put("/img/**", "anon");
|
|
|
235
|
filterChainDefinitionMap.put("/apk/**", "anon");
|
周鸿
authored
|
236
|
filterChainDefinitionMap.put("/srmfile/**", "anon");
|
|
|
237
|
filterChainDefinitionMap.put("/reservation/**", "anon");
|
|
|
238
239
|
filterChainDefinitionMap.put("/ajax/**", "anon");
filterChainDefinitionMap.put("/js/**", "anon");
|
周鸿
authored
|
240
|
filterChainDefinitionMap.put("/task/taskHeader/getLKPortData","anon");
|
|
|
241
242
243
|
filterChainDefinitionMap.put("/huaheng/**", "anon");
filterChainDefinitionMap.put("/druid/**", "anon");
filterChainDefinitionMap.put("/captcha/captchaImage**", "anon");
|
|
|
244
|
filterChainDefinitionMap.put("/reservation/add", "anon");
|
|
|
245
246
247
248
249
|
// 退出 logout地址,shiro去清除session
filterChainDefinitionMap.put("/logout", "logout");
filterChainDefinitionMap.put("/admin/logout", "adminlogout");
// 不需要拦截的访问
// filterChainDefinitionMap.put("/admin/home", "anon,captchaValidate");
|
|
|
250
251
252
253
254
|
filterChainDefinitionMap.put("/mobile/download/*", "anon");
filterChainDefinitionMap.put("/admin/login", "anon");
filterChainDefinitionMap.put("/login", "anon");
filterChainDefinitionMap.put("/api/login", "anon");
filterChainDefinitionMap.put("/mobile/login", "anon");
|
|
|
255
|
filterChainDefinitionMap.put("/api/getTokenForMobile", "anon");
|
|
|
256
|
filterChainDefinitionMap.put("/getWarehouseByUserCode", "anon");
|
|
|
257
258
259
|
// filterChainDefinitionMap.put("/websocket", "anon");
// filterChainDefinitionMap.put("/websocket/*", "anon");
// filterChainDefinitionMap.put("/user/lincoln/message", "anon");
|
|
|
260
|
filterChainDefinitionMap.put("/API/WMS/v2/login", "anon");
|
|
|
261
|
filterChainDefinitionMap.put("/api/**", "anon");
|
|
|
262
|
filterChainDefinitionMap.put("/endpoint/**", "anon");
|
|
|
263
|
filterChainDefinitionMap.put("/manager/**", "anon");
|
|
|
264
|
filterChainDefinitionMap.put("/API/WMS/v2/**","anon");
|
|
|
265
|
filterChainDefinitionMap.put("/api/icsBasicData/**","anon");
|
|
|
266
|
filterChainDefinitionMap.put("/api/TV/**","anon");
|
|
|
267
|
filterChainDefinitionMap.put("/ACS/v1/**","anon");
|
|
|
268
|
filterChainDefinitionMap.put("/config/lkstation/**","anon");
|
|
|
269
|
filterChainDefinitionMap.put("/API/wcs/v2/unlockLocation","anon");
|
|
|
270
|
filterChainDefinitionMap.put("/config/sn/saveSn", "anon");
|
|
|
271
272
|
filterChainDefinitionMap.put("/srm/srmDetailNone/confi**", "anon");
|
|
|
273
|
filterChainDefinitionMap.put("/api/kuaidi/**", "anon");
|
|
|
274
|
filterChainDefinitionMap.put("/agv/notifyAGVTask", "anon");
|
周鸿
authored
|
275
|
filterChainDefinitionMap.put("/SSP/v1/**", "anon");
|
周鸿
authored
|
276
|
filterChainDefinitionMap.put("/agv/weightAndHeightByContainer", "anon");
|
周鸿
authored
|
277
|
filterChainDefinitionMap.put("/agv/executeByContainerCode", "anon");
|
周鸿
authored
|
278
|
filterChainDefinitionMap.put("/api/mes/**", "anon");
|
|
|
279
280
281
282
283
284
285
286
287
288
289
|
// 系统权限列表
// filterChainDefinitionMap.putAll(SpringUtils.getBean(IMenuService.class).selectPermsAll());
Map<String, Filter> filters = new LinkedHashMap<>();
filters.put("onlineSession", onlineSessionFilter());
filters.put("syncOnlineSession", syncOnlineSessionFilter());
// 注销成功,则跳转到指定页面
filters.put("logout", logoutFilter());
filters.put("adminlogout", logoutFilters());
shiroFilterFactoryBean.setFilters(filters);
|
|
|
290
291
292
293
294
|
//积木报表排除
filterChainDefinitionMap.put("/jmreport/**", "anon");
filterChainDefinitionMap.put("/**/*.js.map", "anon");
filterChainDefinitionMap.put("/**/*.css.map", "anon");
|
|
|
295
296
297
298
299
300
301
302
303
304
305
|
// 所有请求需要认证
filterChainDefinitionMap.put("/**", "user,onlineSession,syncOnlineSession");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
/**
* 自定义在线用户处理过滤器
*/
@Bean
|
|
|
306
|
public OnlineSessionFilter onlineSessionFilter() {
|
|
|
307
308
309
310
311
312
313
314
315
|
OnlineSessionFilter onlineSessionFilter = new OnlineSessionFilter();
onlineSessionFilter.setLoginUrl(loginUrl);
return onlineSessionFilter;
}
/**
* 自定义在线用户同步过滤器
*/
@Bean
|
|
|
316
|
public SyncOnlineSessionFilter syncOnlineSessionFilter() {
|
|
|
317
318
319
320
321
322
323
|
SyncOnlineSessionFilter syncOnlineSessionFilter = new SyncOnlineSessionFilter();
return syncOnlineSessionFilter;
}
/**
* cookie 属性设置
*/
|
|
|
324
|
public SimpleCookie rememberMeCookie() {
|
|
|
325
326
327
328
329
330
331
332
333
334
335
|
SimpleCookie cookie = new SimpleCookie("rememberMe");
cookie.setDomain(domain);
cookie.setPath(path);
cookie.setHttpOnly(httpOnly);
cookie.setMaxAge(maxAge * 24 * 60 * 60);
return cookie;
}
/**
* 记住我
*/
|
|
|
336
|
public CookieRememberMeManager rememberMeManager() {
|
|
|
337
338
339
340
341
342
343
344
345
346
|
CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
cookieRememberMeManager.setCookie(rememberMeCookie());
cookieRememberMeManager.setCipherKey(Base64.decode("fCq+/xW488hMTCD+cmJ3aQ=="));
return cookieRememberMeManager;
}
/**
* thymeleaf模板引擎和shiro框架的整合
*/
@Bean
|
|
|
347
|
public ShiroDialect shiroDialect() {
|
|
|
348
349
350
351
352
353
354
355
|
return new ShiroDialect();
}
/**
* 开启Shiro注解通知器
*/
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(
|
|
|
356
|
@Qualifier("securityManager") SecurityManager securityManager) {
|
|
|
357
358
359
360
361
|
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
}
}
|
