|
@@ -1,139 +0,0 @@
|
|
|
-package cn.gygxzc.envir.config.shiro
|
|
|
-
|
|
|
-import cn.gygxzc.envir.config.shiro.cache.RedisConfiguration
|
|
|
-import cn.gygxzc.envir.config.shiro.filter.AjaxAuthorizationFilter
|
|
|
-import cn.gygxzc.envir.config.shiro.filter.ZenCorsAnonymousFilter
|
|
|
-import cn.gygxzc.envir.config.shiro.filter.ZenCorsPathMatchingFilter
|
|
|
-import cn.gygxzc.envir.config.shiro.realm.ZenShiroRealm
|
|
|
-import org.apache.shiro.authc.credential.HashedCredentialsMatcher
|
|
|
-import org.apache.shiro.cache.CacheManager
|
|
|
-import org.apache.shiro.mgt.SecurityManager
|
|
|
-import org.apache.shiro.realm.AuthorizingRealm
|
|
|
-import org.apache.shiro.spring.LifecycleBeanPostProcessor
|
|
|
-import org.apache.shiro.spring.web.ShiroFilterFactoryBean
|
|
|
-import org.apache.shiro.web.filter.authc.AnonymousFilter
|
|
|
-import org.apache.shiro.web.mgt.DefaultWebSecurityManager
|
|
|
-import org.apache.shiro.web.session.mgt.ServletContainerSessionManager
|
|
|
-import org.springframework.beans.factory.annotation.Qualifier
|
|
|
-import org.springframework.boot.autoconfigure.condition.ConditionalOnClass
|
|
|
-import org.springframework.boot.web.servlet.FilterRegistrationBean
|
|
|
-import org.springframework.context.annotation.Bean
|
|
|
-import org.springframework.context.annotation.Configuration
|
|
|
-import org.springframework.context.annotation.DependsOn
|
|
|
-import org.springframework.core.annotation.Order
|
|
|
-import org.springframework.web.filter.DelegatingFilterProxy
|
|
|
-import javax.servlet.DispatcherType
|
|
|
-import javax.servlet.Filter
|
|
|
-
|
|
|
-
|
|
|
-/**
|
|
|
- * Shiro配置
|
|
|
- * @author NorthLan
|
|
|
- * @date 2018/4/21
|
|
|
- * @url https://noahlan.com
|
|
|
- */
|
|
|
-@Configuration
|
|
|
-@ConditionalOnClass(value = [RedisConfiguration::class])
|
|
|
-class ShiroConfig {
|
|
|
-
|
|
|
- @Bean("shiroLifecycleBeanPostProcessor")
|
|
|
- fun lifecycleBeanPostProcessor(): LifecycleBeanPostProcessor {
|
|
|
- return LifecycleBeanPostProcessor()
|
|
|
- }
|
|
|
-
|
|
|
- @Bean
|
|
|
- @DependsOn(value = ["shiroLifecycleBeanPostProcessor", "shiroRedisCacheManager"])
|
|
|
- fun userRealm(@Qualifier("shiroRedisCacheManager") cacheManager: CacheManager): ZenShiroRealm {
|
|
|
- val shiroRealm = ZenShiroRealm()
|
|
|
- .apply {
|
|
|
- isCachingEnabled = true
|
|
|
- isAuthenticationCachingEnabled = true
|
|
|
- isAuthorizationCachingEnabled = true
|
|
|
- //加密验证方法
|
|
|
- credentialsMatcher = HashedCredentialsMatcher().also {
|
|
|
- it.hashAlgorithmName = "md5"
|
|
|
- it.hashIterations = 2 // 两次md5
|
|
|
- }
|
|
|
- }
|
|
|
- shiroRealm.cacheManager = cacheManager
|
|
|
- return shiroRealm
|
|
|
- }
|
|
|
-
|
|
|
- @Bean(name = ["securityManager"])
|
|
|
- fun securityManager(userRealm: AuthorizingRealm,
|
|
|
- @Qualifier("shiroRedisCacheManager") redisCacheManager: CacheManager): DefaultWebSecurityManager {
|
|
|
- return DefaultWebSecurityManager().apply {
|
|
|
- setRealm(userRealm)
|
|
|
- cacheManager = redisCacheManager
|
|
|
- sessionManager = ServletContainerSessionManager()
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
- @Bean("shiroFilterRegistrationBean")
|
|
|
- @DependsOn("shiroFilter")
|
|
|
- fun filterRegistrationBean(): FilterRegistrationBean<DelegatingFilterProxy> {
|
|
|
- return FilterRegistrationBean<DelegatingFilterProxy>().apply {
|
|
|
- filter = DelegatingFilterProxy("shiroFilter")
|
|
|
- isEnabled = true
|
|
|
- addUrlPatterns("/*")
|
|
|
- setDispatcherTypes(DispatcherType.REQUEST)
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
- @Bean(name = ["shiroFilter"])
|
|
|
- @Order(2)
|
|
|
- fun shiroFilter(securityManager: SecurityManager): ShiroFilterFactoryBean {
|
|
|
- return ShiroFilterFactoryBean().apply {
|
|
|
- setSecurityManager(securityManager)
|
|
|
-
|
|
|
- filters = hashMapOf<String, Filter>(
|
|
|
- "canon" to ZenCorsAnonymousFilter(),
|
|
|
- "cors" to ZenCorsPathMatchingFilter(),
|
|
|
- "authc" to AjaxAuthorizationFilter(),
|
|
|
- "anon" to AnonymousFilter()
|
|
|
- )
|
|
|
- /**
|
|
|
- * anon(匿名) org.apache.shiro.web.filter.authc.AnonymousFilter
|
|
|
- * authc(身份验证) org.apache.shiro.web.filter.authc.FormAuthenticationFilter
|
|
|
- * authcBasic(http基本验证) org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter
|
|
|
- * logout(退出) org.apache.shiro.web.filter.authc.LogoutFilter
|
|
|
- * noSessionCreation(不创建session) org.apache.shiro.web.filter.session.NoSessionCreationFilter
|
|
|
- * perms(许可验证) org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter
|
|
|
- * port(端口验证) org.apache.shiro.web.filter.authz.PortFilter
|
|
|
- * rest (rest方面) org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter
|
|
|
- * roles(权限验证) org.apache.shiro.web.filter.authz.RolesAuthorizationFilter
|
|
|
- * ssl (ssl方面) org.apache.shiro.web.filter.authz.SslFilter
|
|
|
- * member (用户方面) org.apache.shiro.web.filter.authc.UserFilter
|
|
|
- * user 表示用户不一定已通过认证,只要曾被Shiro记住过登录状态的用户就可以正常发起请求,比如rememberMe
|
|
|
- */
|
|
|
- filterChainDefinitionMap = linkedMapOf<String, String>( // BUG 此处一定要使用 linkedHashMap 否则顺序有问题
|
|
|
- "/auth/setcookie" to "canon", // 设置cookie
|
|
|
- "/auth/check" to "canon", // 检查登录状态
|
|
|
- "/auth/logout" to "canon", // 登出
|
|
|
- "/test/**" to "canon", // 测试 免登录
|
|
|
- "/upload/**" to "canon", // 上传免登录
|
|
|
- "/fdfsupload/**" to "canon", // 上传免登录
|
|
|
- "/api/**" to "canon", // api 免登陆
|
|
|
- "/ws/**" to "canon", // websocket 免登陆
|
|
|
- "/" to "canon",
|
|
|
- "/v1/login/**" to "canon",
|
|
|
- ////////////////////// 静态资源 /////////////////////
|
|
|
- "/v2/api-docs" to "canon",
|
|
|
- "/swagger-resources/**" to "anon",
|
|
|
- "/swagger-ui.html" to "anon",
|
|
|
- "/webjars*" to "anon",
|
|
|
- "/webjars/**" to "anon",
|
|
|
- "/druid/**" to "anon",
|
|
|
- "/druid/sql.json" to "anon",
|
|
|
- "/**/favicon.*" to "anon",
|
|
|
- "/eureka*" to "anon",
|
|
|
- "/eureka/**" to "anon",
|
|
|
- "/v1/sys" to "anon",
|
|
|
- ////////////////////// 静态资源 /////////////////////
|
|
|
- "/**" to "cors,authc" // 对于其他未配置的所有url 先设置cors头 再进行登陆判定 最后判定权限
|
|
|
- )
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
-
|
|
|
-}
|