Skip to content

D
data-server
Switch branch/tag
Find file
Normal viewHistoryPermalink
ShiroConfig.java 6.26 KB
Newer Older
liqin's avatar
bug fixed
a5b1cf41
 
liqin committed
1 
package cn.wisenergy.web.config;
licc's avatar
上传代码
3de62532
 
licc committed
2 3 

import cn.wisenergy.web.shiro.filter.AuthRealm;
liqin's avatar
bug fixed
71d94aa2
 
liqin committed
4 5 6 
import cn.wisenergy.web.shiro.filter.JwtFilter;
import org.apache.shiro.mgt.DefaultSessionStorageEvaluator;
import org.apache.shiro.mgt.DefaultSubjectDAO;
licc's avatar
上传代码
3de62532
 
licc committed
7 8 9 10 11 12 13 14 
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
liqin's avatar
bug fixed
71d94aa2
 
liqin committed
15 
import org.springframework.context.annotation.DependsOn;
licc's avatar
上传代码
3de62532
 
licc committed
16 17 18 19 20 21 22 23 

import javax.servlet.Filter;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;

/**
 * shiro配置类
liqin's avatar
bug fixed
71d94aa2
 
liqin committed
24 
 *
licc's avatar
代码优化2
8da9308c
 
licc committed
25 
 * @author 86187
licc's avatar
上传代码
3de62532
 
licc committed
26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 
 */
@Configuration
public class ShiroConfig {

    /**
     * 配置拦截器
     * <p>
     * 定义拦截URL权限,优先级从上到下
     * 1). anon  : 匿名访问,无需登录
     * 2). authc : 登录后才能访问
     * 3). logout: 登出
     * 4). frameperms : 自定义的过滤器
     * <p>
     * URL 匹配风格
     * 1). ?:匹配一个字符,如 /admin? 将匹配 /admin1,但不匹配 /admin 或 /admin/;
     * 2). *:匹配零个或多个字符串,如 /admin* 将匹配 /admin 或/admin123,但不匹配 /admin/1;
     * 3). **:匹配路径中的零个或多个路径,如 /admin/** 将匹配 /admin/a 或 /admin/a/b
     * <p>
     * 配置身份验证成功,失败的跳转路径
     */
    @Bean("shiroFilter")
    public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        // 设置securityManager
        shiroFilterFactoryBean.setSecurityManager(securityManager);

        // 自定义的过滤器
        Map<String, Filter> filterMap = new HashMap<>();
        // map里面key值要为过滤器的名称,value为过滤器对象
liqin's avatar
bug fixed
71d94aa2
 
liqin committed
55 
        filterMap.put("oauth2", new JwtFilter());
licc's avatar
上传代码
3de62532
 
licc committed
56 57 58 59 60 
        // 将自定义的过滤器加入到过滤器集合中
        shiroFilterFactoryBean.setFilters(filterMap);

        // 设置拦截器集合
        Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
m1991's avatar
后台接口——用户与资讯后台接口
69ac552f
 
m1991 committed
61 
        filterChainDefinitionMap.put("/authInformation/save", "anon");//存储设备IMEI号和手机SIM卡ID号
licc's avatar
接口调试代码提交2
5e85fda9
 
licc committed
62 
        filterChainDefinitionMap.put("/sys/login", "anon"); // 登录页面-身份认证
m1991's avatar
后台接口——用户与资讯后台接口
69ac552f
 
m1991 committed
63 
        filterChainDefinitionMap.put("/sys/registered", "anon"); // 注册页面
licc's avatar
接口调试代码提交2
5e85fda9
 
licc committed
64 65 
        filterChainDefinitionMap.put("/swagger-ui.html", "anon"); // swagger接口-匿名访问
        filterChainDefinitionMap.put("/swagger/**", "anon");
m1991's avatar
资讯模块数据——数据展示功能修复
23e3d363
 
m1991 committed
66 67 68 
        filterChainDefinitionMap.put("/swagger-resources/**", "anon");
        filterChainDefinitionMap.put("/webjars/springfox-swagger-ui/**", "anon");
        filterChainDefinitionMap.put("/v2/api-docs", "anon");
licc's avatar
接口调试代码提交2
5e85fda9
 
licc committed
69 70 71 72 73 74 
        filterChainDefinitionMap.put("/user/**", "anon");
        filterChainDefinitionMap.put("/ZX/**", "anon");  //资讯的访问地址
        filterChainDefinitionMap.put("/api/user/**", "anon");  //登录注册路径
        filterChainDefinitionMap.put("/api/sms/verifyCode", "anon");
        filterChainDefinitionMap.put("/api/sms/**", "anon");
        filterChainDefinitionMap.put("/upload_flowChart/**", "anon");//图片地址
licc's avatar
后台应用设置接口实现
4d575855
 
licc committed
75 
        filterChainDefinitionMap.put("/userlevel/test", "anon");
licc's avatar
管理端接口统一加/admin
06fc9a82
 
licc committed
76 77 
        //管理端
        filterChainDefinitionMap.put("/admin/**", "anon");
licc's avatar
后台应用设置接口实现
4d575855
 
licc committed
78 79 
        filterChainDefinitionMap.put("/customerService/uploadWeChatImg", "anon");
        filterChainDefinitionMap.put("/customerService/service", "anon");
licc's avatar
上传代码
3de62532
 
licc committed
80
licc's avatar
后台应用设置接口实现
4d575855
 
licc committed
81 82 
        // 其他路径均需要身份认证,一般位于最下面,优先级最低
        filterChainDefinitionMap.put("/**", "oauth2");
m1991's avatar
资讯模块数据——数据展示功能修复
23e3d363
 
m1991 committed
83
licc's avatar
上传代码
3de62532
 
licc committed
84 
        // 设置拦截器
liqin's avatar
bug fixed
71d94aa2
 
liqin committed
85 
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
licc's avatar
上传代码
3de62532
 
licc committed
86 87 88 89 90 91 92 93 94 95 96 
        return shiroFilterFactoryBean;
    }

    /**
     * 配置Shiro生命周期处理器
     */
    @Bean("lifecycleBeanPostProcessor")
    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
        return new LifecycleBeanPostProcessor();
    }
liqin's avatar
bug fixed
71d94aa2
 
liqin committed
97 98 99 100 
    @Bean(name = "authRealm")
    @DependsOn("lifecycleBeanPostProcessor")
    public AuthRealm authRealm() {
        return new AuthRealm();
licc's avatar
上传代码
3de62532
 
licc committed
101 102 103 
    }

    /**
liqin's avatar
bug fixed
71d94aa2
 
liqin committed
104 105 106 
     * securityManager 不用直接注入shiroDBRealm,可能会导致事务失效
     * 解决方法见 handleContextRefresh
     * http://www.debugrun.com/a/NKS9EJQ.html
licc's avatar
上传代码
3de62532
 
licc committed
107 108 109 110 111 112 
     */
    @Bean("securityManager")
    public SecurityManager securityManager(AuthRealm authRealm) {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(authRealm);
        securityManager.setRememberMeManager(null);
liqin's avatar
bug fixed
71d94aa2
 
liqin committed
113 114 115 116 117 118 119 120 121 
        /*
         * 关闭shiro自带的session,详情见文档
         * http://shiro.apache.org/session-management.html#SessionManagement-StatelessApplications%28Sessionless%29
         */
        DefaultSubjectDAO subjectDAO = new DefaultSubjectDAO();
        DefaultSessionStorageEvaluator defaultSessionStorageEvaluator = new DefaultSessionStorageEvaluator();
        defaultSessionStorageEvaluator.setSessionStorageEnabled(false);
        subjectDAO.setSessionStorageEvaluator(defaultSessionStorageEvaluator);
        securityManager.setSubjectDAO(subjectDAO);
licc's avatar
上传代码
3de62532
 
licc committed
122 123 124 
        return securityManager;
    }
liqin's avatar
bug fixed
71d94aa2
 
liqin committed
125 126 127 128 129 130 131 132 133 134 
    @Bean
    @DependsOn("lifecycleBeanPostProcessor")
    public static DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
        DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
        defaultAdvisorAutoProxyCreator.setUsePrefix(true);
        // 强制使用cglib,防止重复代理和可能引起代理出错的问题
        defaultAdvisorAutoProxyCreator.setProxyTargetClass(true);
        return defaultAdvisorAutoProxyCreator;
    }
licc's avatar
上传代码
3de62532
 
licc committed
135 136 137 138 139 140 141 142 
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
        advisor.setSecurityManager(securityManager);
        return advisor;
    }

}