Skip to content

D
data-server
Switch branch/tag
Find file
Normal viewHistoryPermalink
ShiroConfig.java 6.17 KB
Newer Older
liqin's avatar
bug fixed
a5b1cf41
 
liqin committed
1 
package cn.wisenergy.web.config;
licc's avatar
上传代码
3de62532
 
licc committed
2 3 

import cn.wisenergy.web.shiro.filter.AuthRealm;
liqin's avatar
bug fixed
71d94aa2
 
liqin committed
4 5 6 
import cn.wisenergy.web.shiro.filter.JwtFilter;
import org.apache.shiro.mgt.DefaultSessionStorageEvaluator;
import org.apache.shiro.mgt.DefaultSubjectDAO;
licc's avatar
上传代码
3de62532
 
licc committed
7 8 9 10 11 12 13 14 
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
liqin's avatar
bug fixed
71d94aa2
 
liqin committed
15 
import org.springframework.context.annotation.DependsOn;
licc's avatar
上传代码
3de62532
 
licc committed
16 17 18 19 20 21 22 23 

import javax.servlet.Filter;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;

/**
 * shiro配置类
liqin's avatar
bug fixed
71d94aa2
 
liqin committed
24 
 *
licc's avatar
代码优化2
8da9308c
 
licc committed
25 
 * @author 86187
licc's avatar
上传代码
3de62532
 
licc committed
26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 
 */
@Configuration
public class ShiroConfig {

    /**
     * 配置拦截器
     * <p>
     * 定义拦截URL权限,优先级从上到下
     * 1). anon  : 匿名访问,无需登录
     * 2). authc : 登录后才能访问
     * 3). logout: 登出
     * 4). frameperms : 自定义的过滤器
     * <p>
     * URL 匹配风格
     * 1). ?:匹配一个字符,如 /admin? 将匹配 /admin1,但不匹配 /admin 或 /admin/;
     * 2). *:匹配零个或多个字符串,如 /admin* 将匹配 /admin 或/admin123,但不匹配 /admin/1;
     * 3). **:匹配路径中的零个或多个路径,如 /admin/** 将匹配 /admin/a 或 /admin/a/b
     * <p>
     * 配置身份验证成功,失败的跳转路径
     */
    @Bean("shiroFilter")
    public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        // 设置securityManager
        shiroFilterFactoryBean.setSecurityManager(securityManager);

        // 自定义的过滤器
        Map<String, Filter> filterMap = new HashMap<>();
        // map里面key值要为过滤器的名称,value为过滤器对象
liqin's avatar
bug fixed
71d94aa2
 
liqin committed
55 
        filterMap.put("oauth2", new JwtFilter());
licc's avatar
上传代码
3de62532
 
licc committed
56 57 58 59 60 
        // 将自定义的过滤器加入到过滤器集合中
        shiroFilterFactoryBean.setFilters(filterMap);

        // 设置拦截器集合
        Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
licc's avatar
接口调试代码提交2
5e85fda9
 
licc committed
61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 
        filterChainDefinitionMap.put("/authInformation/save", "anon");//存储设备IMEI号和手机SIM卡ID号
        filterChainDefinitionMap.put("/sys/login", "anon"); // 登录页面-身份认证
        filterChainDefinitionMap.put("/sys/registered", "anon"); // 注册页面
        filterChainDefinitionMap.put("/swagger-ui.html", "anon"); // swagger接口-匿名访问
        filterChainDefinitionMap.put("/swagger/**", "anon");
        filterChainDefinitionMap.put("/user/**", "anon");
        filterChainDefinitionMap.put("/ZX/**", "anon");  //资讯的访问地址
        filterChainDefinitionMap.put("/api/user/**", "anon");  //登录注册路径
        filterChainDefinitionMap.put("/webjars/springfox-swagger-ui/**", "anon");
        filterChainDefinitionMap.put("/swagger-resources/**", "anon");
        filterChainDefinitionMap.put("/v2/api-docs", "anon");
        filterChainDefinitionMap.put("/api/sms/verifyCode", "anon");
        filterChainDefinitionMap.put("/api/sms/**", "anon");
        filterChainDefinitionMap.put("/upload_flowChart/**", "anon");//图片地址
        filterChainDefinitionMap.put("/webSocket/**", "anon");//socket
        filterChainDefinitionMap.put("/message/**", "anon");//消息推送接口
        filterChainDefinitionMap.put("/**", "oauth2");  // 其他路径均需要身份认证,一般位于最下面,优先级最低
codezwjava's avatar
订单获取定时任务测试11
5a5d8274
 
codezwjava committed
78 
        filterChainDefinitionMap.put("/userlevel/test","anon");
licc's avatar
上传代码
3de62532
 
licc committed
79 80 

        // 设置拦截器
liqin's avatar
bug fixed
71d94aa2
 
liqin committed
81 
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
licc's avatar
上传代码
3de62532
 
licc committed
82 83 84 85 86 87 88 89 90 91 92 
        return shiroFilterFactoryBean;
    }

    /**
     * 配置Shiro生命周期处理器
     */
    @Bean("lifecycleBeanPostProcessor")
    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
        return new LifecycleBeanPostProcessor();
    }
liqin's avatar
bug fixed
71d94aa2
 
liqin committed
93 94 95 96 
    @Bean(name = "authRealm")
    @DependsOn("lifecycleBeanPostProcessor")
    public AuthRealm authRealm() {
        return new AuthRealm();
licc's avatar
上传代码
3de62532
 
licc committed
97 98 99 
    }

    /**
liqin's avatar
bug fixed
71d94aa2
 
liqin committed
100 101 102 
     * securityManager 不用直接注入shiroDBRealm,可能会导致事务失效
     * 解决方法见 handleContextRefresh
     * http://www.debugrun.com/a/NKS9EJQ.html
licc's avatar
上传代码
3de62532
 
licc committed
103 104 105 106 107 108 
     */
    @Bean("securityManager")
    public SecurityManager securityManager(AuthRealm authRealm) {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(authRealm);
        securityManager.setRememberMeManager(null);
liqin's avatar
bug fixed
71d94aa2
 
liqin committed
109 110 111 112 113 114 115 116 117 
        /*
         * 关闭shiro自带的session,详情见文档
         * http://shiro.apache.org/session-management.html#SessionManagement-StatelessApplications%28Sessionless%29
         */
        DefaultSubjectDAO subjectDAO = new DefaultSubjectDAO();
        DefaultSessionStorageEvaluator defaultSessionStorageEvaluator = new DefaultSessionStorageEvaluator();
        defaultSessionStorageEvaluator.setSessionStorageEnabled(false);
        subjectDAO.setSessionStorageEvaluator(defaultSessionStorageEvaluator);
        securityManager.setSubjectDAO(subjectDAO);
licc's avatar
上传代码
3de62532
 
licc committed
118 119 120 
        return securityManager;
    }
liqin's avatar
bug fixed
71d94aa2
 
liqin committed
121 122 123 124 125 126 127 128 129 130 
    @Bean
    @DependsOn("lifecycleBeanPostProcessor")
    public static DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
        DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
        defaultAdvisorAutoProxyCreator.setUsePrefix(true);
        // 强制使用cglib,防止重复代理和可能引起代理出错的问题
        defaultAdvisorAutoProxyCreator.setProxyTargetClass(true);
        return defaultAdvisorAutoProxyCreator;
    }
licc's avatar
上传代码
3de62532
 
licc committed
131 132 133 134 135 136 137 138 
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
        advisor.setSecurityManager(securityManager);
        return advisor;
    }

}