'jwt'

README.md

@@ -6,4 +6,13 @@
 - 采用restFul风格的URL
 - 返回数据的格式，全部采用ResponseDto ,data字段为传递的数据
 - 前后端分离，采用json格式进行数据传输
-- 根据 ResponseDto 的code字段判断请求操作是否成功。如果失败，返回非200的请求码
+- 根据 ResponseDto 的code字段判断请求操作是否成功。如果失败，返回非200的请求码
+
+### 缓存说明
+项目中缓存可以分成三类：
+- 系统Spring session缓存
+
+
+### 框架项目升级日志
+#### 2018/9/27
+升级框架的安全认证方式，改成jwt 和Spring session分布式方式认证。权限由网关统一认证。

build.gradle

@@ -66,6 +66,13 @@ subprojects {
     repositories {
         mavenCentral()
         jcenter()
+        maven {
+            url("https://repo.rdc.aliyun.com/repository/33224-release-ycBLfV")
+            credentials {
+                username 'TbLzWL'
+                password 'mCl1FI5SVB'
+            }
+        }
     }
 
     dependencyManagement {
@@ -83,13 +90,12 @@ subprojects {
         kapt("org.springframework.boot:spring-boot-configuration-processor")
         // SpringBoot Starter
 
-        compile('org.springframework.cloud:spring-cloud-config-server')
         compile('org.springframework.cloud:spring-cloud-starter-netflix-eureka-client')
         compile('org.springframework.cloud:spring-cloud-starter-openfeign')
+        compile("org.springframework.session:spring-session-data-redis")
 //
-        compile('org.springframework.boot:spring-boot-starter')
+
         compile('org.springframework.boot:spring-boot-starter-web')
-        compile('org.springframework.boot:spring-boot-starter-aop')
         compile('org.springframework.boot:spring-boot-starter-actuator')
         compile('org.springframework.boot:spring-boot-starter-websocket')
         compile('org.springframework.boot:spring-boot-starter-jta-atomikos')
@@ -153,4 +159,7 @@ subprojects {
             jvmTarget = "1.8"
         }
     }
+
+    bootJar { enabled = false }
+    jar { enabled = true }
 }

settings.gradle

@@ -1,4 +1,4 @@
-rootProject.name = 'zen'
+rootProject.name = 'Zen-Framework'
 include 'zen-core'
 include 'zen-api'
 include 'zen-web'

zen-api/src/main/kotlin/cn/gygxzc/envir/config/shiro/ShiroConfig.kt

@@ -1,22 +1,20 @@
 package cn.gygxzc.envir.config.shiro
 
-import cn.gygxzc.envir.config.jwt.JwtConfig
-import cn.gygxzc.envir.config.shiro.cache.JwtRedisCache
 import cn.gygxzc.envir.config.shiro.cache.RedisConfiguration
-import cn.gygxzc.envir.config.shiro.cache.ShiroRedisSessionDAO
-import cn.gygxzc.envir.config.shiro.filter.*
+import cn.gygxzc.envir.config.shiro.filter.AjaxAuthorizationFilter
+import cn.gygxzc.envir.config.shiro.filter.UrlPermissionsFilter
+import cn.gygxzc.envir.config.shiro.filter.ZenCorsAnonymousFilter
+import cn.gygxzc.envir.config.shiro.filter.ZenCorsPathMatchingFilter
 import cn.gygxzc.envir.config.shiro.realm.ZenShiroRealm
-import cn.gygxzc.envir.config.shiro.session.ZenWebSessionManager
 import org.apache.shiro.authc.credential.HashedCredentialsMatcher
 import org.apache.shiro.cache.CacheManager
 import org.apache.shiro.mgt.SecurityManager
 import org.apache.shiro.realm.AuthorizingRealm
-import org.apache.shiro.session.mgt.SessionManager
 import org.apache.shiro.spring.LifecycleBeanPostProcessor
 import org.apache.shiro.spring.web.ShiroFilterFactoryBean
 import org.apache.shiro.web.filter.authc.AnonymousFilter
 import org.apache.shiro.web.mgt.DefaultWebSecurityManager
-import org.apache.shiro.web.servlet.SimpleCookie
+import org.apache.shiro.web.session.mgt.ServletContainerSessionManager
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass
 import org.springframework.boot.web.servlet.FilterRegistrationBean
 import org.springframework.context.annotation.Bean
@@ -61,31 +59,13 @@ class ShiroConfig {
         return shiroRealm
     }
 
-    @Bean(name = ["sessionManager"])
-    fun defaultWebSessionManager(redisCacheManager: CacheManager,
-                                 redisSessionDAO: ShiroRedisSessionDAO): ZenWebSessionManager {
-        return ZenWebSessionManager().apply {
-            setCacheManager(redisCacheManager)
-            globalSessionTimeout = 604800 * 1000
-            isDeleteInvalidSessions = true
-            isSessionValidationSchedulerEnabled = true
-            isDeleteInvalidSessions = true
-            sessionDAO = redisSessionDAO
-            sessionIdCookie = SimpleCookie(ZenHttpSession.DEFAULT_SESSION_ID_NAME).apply {
-                isHttpOnly = true
-                maxAge = 604800
-            }
-        }
-    }
-
     @Bean(name = ["securityManager"])
     fun securityManager(userRealm: AuthorizingRealm,
-                        redisCacheManager: CacheManager,
-                        sessionManager: SessionManager): DefaultWebSecurityManager {
+                        redisCacheManager: CacheManager): DefaultWebSecurityManager {
         return DefaultWebSecurityManager().apply {
             setRealm(userRealm)
             cacheManager = redisCacheManager
-            setSessionManager(sessionManager)
+            sessionManager = ServletContainerSessionManager()
         }
     }
 
@@ -102,8 +82,7 @@ class ShiroConfig {
 
     @Bean(name = ["shiroFilter"])
     @Order(2)
-    fun shiroFilter(securityManager: SecurityManager,
-                    config: JwtConfig, jwtRedisCache: JwtRedisCache): ShiroFilterFactoryBean {
+    fun shiroFilter(securityManager: SecurityManager): ShiroFilterFactoryBean {
         return ShiroFilterFactoryBean().apply {
             setSecurityManager(securityManager)
 
@@ -112,8 +91,7 @@ class ShiroConfig {
                     "cors" to ZenCorsPathMatchingFilter(),
                     "perms" to UrlPermissionsFilter(),
                     "authc" to AjaxAuthorizationFilter(),
-                    "anon" to AnonymousFilter(),
-                    "jwt" to JwtPathMatchingFilter(config, jwtRedisCache)
+                    "anon" to AnonymousFilter()
             )
             /**
              * anon（匿名）  org.apache.shiro.web.filter.authc.AnonymousFilter
@@ -153,7 +131,7 @@ class ShiroConfig {
                     "/eureka/**" to "anon",
                     "/v1/sys" to "anon",
                     ////////////////////// 静态资源 /////////////////////
-                    "/**" to "cors,jwt,authc" // 对于其他未配置的所有url 先设置cors头 再进行登陆判定 最后判定权限
+                    "/**" to "cors,authc" // 对于其他未配置的所有url 先设置cors头 再进行登陆判定 最后判定权限
             )
         }
     }

zen-core/build.gradle

@@ -9,9 +9,14 @@ buildscript {
     }
 }
 
-dependencies {
+
+repositories {
+    mavenCentral()
 }
 
-//bootRepackage {
-//    enabled = false
-//}
+dependencies {
+    compile 'io.jsonwebtoken:jjwt-api:0.10.5'
+    runtime 'io.jsonwebtoken:jjwt-impl:0.10.5',
+            'io.jsonwebtoken:jjwt-jackson:0.10.5'
+    compile("cn.gygxzc.tina:jwt-session:1.1")
+}

zen-core/src/main/kotlin/cn/gygxzc/tina/cache/redis/RedisConfig.kt

@@ -10,6 +10,9 @@ import org.springframework.context.annotation.Configuration
 import org.springframework.context.annotation.Primary
 import org.springframework.data.redis.cache.RedisCacheManager
 import org.springframework.data.redis.connection.RedisConnectionFactory
+import org.springframework.data.redis.connection.RedisPassword
+import org.springframework.data.redis.connection.RedisStandaloneConfiguration
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory
 
 /**
  * Redis 缓存配置
@@ -24,6 +27,16 @@ import org.springframework.data.redis.connection.RedisConnectionFactory
 @EnableConfigurationProperties(RedisProperties::class)
 class RedisConfig {
 
+    @Bean
+    @Primary
+    fun connectFactory(properties: RedisProperties): LettuceConnectionFactory {
+        val configuration = RedisStandaloneConfiguration(properties.host, properties.port)
+        configuration.database = properties.database
+        configuration.password = RedisPassword.of(properties.password)
+        return LettuceConnectionFactory(configuration)
+    }
+
+
     @Bean("redisCacheManager")
     @Primary
     fun cacheManager(redisConnectionFactory: RedisConnectionFactory): CacheManager {

zen-web/build.gradle

@@ -14,4 +14,7 @@ buildscript {
 
 dependencies {
     compile project(":zen-api")
-}
+}
+
+bootJar { enabled = true }
+jar { enabled = false }

zen-web/src/main/kotlin/cn/gygxzc/envir/MainApplication.kt

@@ -1,5 +1,6 @@
 package cn.gygxzc.envir
 
+import cn.gygxzc.tina.cloud.jwt.session.filter.JwtSessionRepositoryFilter
 import org.mybatis.spring.annotation.MapperScan
 import org.springframework.boot.SpringApplication
 import org.springframework.boot.autoconfigure.SpringBootApplication
@@ -16,11 +17,14 @@ import org.springframework.cloud.openfeign.EnableFeignClients
 @SpringBootApplication(scanBasePackages = ["com.gxzc", "cn.gygxzc"])
 @MapperScan(basePackages = ["com.gxzc", "cn.gygxzc"])
 class MainApplication : SpringBootServletInitializer() {
+
+
     override fun configure(builder: SpringApplicationBuilder?): SpringApplicationBuilder? {
         return builder?.sources(MainApplication::class.java)
     }
 }
 
 fun main(args: Array<String>) {
+
     SpringApplication.run(MainApplication::class.java, *args)
 }

zen-web/src/main/kotlin/cn/gygxzc/envir/api/sys/controller/UserController.kt

@@ -1,6 +1,7 @@
 package cn.gygxzc.envir.api.sys.controller
 
-import cn.gygxzc.envir.config.shiro.utils.ShiroUtils
+import cn.gygxzc.envir.sys.model.SysUser
+import cn.gygxzc.tina.cloud.jwt.session.utils.SessionUtils
 import com.gxzc.zen.common.dto.ResponseDto
 import io.swagger.annotations.Api
 import io.swagger.annotations.ApiOperation
@@ -20,7 +21,7 @@ class UserController {
     @GetMapping("/info")
     @ApiOperation("获取用户个人信息")
     fun userInfo(): Any {
-        val user = ShiroUtils.getUser()
+        val user = SessionUtils.getUser<SysUser>()
         return ResponseDto().data(user)
     }
 }

zen-web/src/main/resources/application-cache.yml

@@ -33,7 +33,7 @@ spring:
   cache:
     type: redis # 使用什么作为缓存框架
   redis:
-    database: 0 # redis数据库索引
+    database: 2 # redis数据库索引
     host: 192.168.1.206
     port: 6379
     password:
@@ -54,7 +54,7 @@ spring:
     caffeine:
       spec:
   redis:
-    database: 0 # redis数据库索引
+    database: 2 # redis数据库索引
     host: 192.168.1.206
     port: 6379
     password:

zen-web/src/main/resources/application-shiro.yml

@@ -2,6 +2,10 @@ spring:
   profiles: dev
   session:
     store-type: redis
+    redis:
+      host: 192.168.1.206
+      port: 6379
+      database: 0
 
 shiro:
   redis:
@@ -20,6 +24,10 @@ spring:
   profiles: prod
   session:
     store-type: redis
+    redis:
+      host: 192.168.1.206
+      database: 0
+
 shiro:
   redis:
     database: 1 # redis数据库索引