package com.whyc.config;
|
|
import com.whyc.properties.PropertiesUtil;
|
import com.whyc.properties.RedisProperties;
|
import com.whyc.realm.CustomRealm;
|
import lombok.extern.slf4j.Slf4j;
|
import org.apache.shiro.session.mgt.eis.SessionDAO;
|
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
|
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
|
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
|
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
|
import org.apache.shiro.web.servlet.SimpleCookie;
|
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
|
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
|
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.boot.context.properties.EnableConfigurationProperties;
|
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.DependsOn;
|
|
import java.util.LinkedHashMap;
|
import java.util.List;
|
import java.util.Map;
|
|
/**
|
* 暂时提供权限管理,会话管理后续更新
|
*/
|
@Configuration
|
@Slf4j
|
@EnableConfigurationProperties({RedisProperties.class})
|
public class ShiroConfig {
|
|
@Autowired
|
CustomRealm customRealm;
|
|
@Autowired
|
RedisProperties redisProperties;
|
|
/*================Session采用Redis分布式Session===================*/
|
|
/**
|
* Redisson客户端,初始化
|
*//*
|
@Bean(name = "redissonClient4Shiro")
|
public RedissonClient redissonClient(){
|
log.info("======初始化redissonClient4Shiro======");
|
String[] nodeList = shiroRedisProperties.getNodes().split(",");
|
Config config = new Config();
|
if(nodeList.length==1){
|
config.useSingleServer().setAddress(nodeList[0])
|
.setConnectTimeout(shiroRedisProperties.getConnectTimeout())
|
.setConnectionPoolSize(shiroRedisProperties.getConnectPoolSize())
|
.setConnectionMinimumIdleSize(shiroRedisProperties.getConnectMinIdleSize())
|
.setTimeout(shiroRedisProperties.getTimeout());
|
}else{
|
config.useClusterServers().addNodeAddress(nodeList)
|
.setConnectTimeout(shiroRedisProperties.getConnectTimeout())
|
.setMasterConnectionPoolSize(shiroRedisProperties.getConnectPoolSize())
|
.setMasterConnectionMinimumIdleSize(shiroRedisProperties.getConnectMinIdleSize())
|
.setTimeout(shiroRedisProperties.getTimeout());
|
}
|
|
RedissonClient redissonClient = Redisson.create(config);
|
return redissonClient;
|
}*/
|
|
/**
|
* 初始化RedisSessionDao
|
*/
|
@Bean("redisSessionDao")
|
@DependsOn("redisClient")
|
public SessionDAO redisSessionDao(){
|
RedisSessionDao redisSessionDao = new RedisSessionDao(redisProperties.getGlobalSessionTimeout());
|
return redisSessionDao;
|
}
|
|
/**Session管理器*/
|
@Bean("sessionManager")
|
@DependsOn("redisSessionDao")
|
public DefaultWebSessionManager shiroSessionManager(){
|
DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
|
//设置Session参数
|
sessionManager.setSessionDAO(redisSessionDao());
|
sessionManager.setSessionValidationSchedulerEnabled(false);
|
sessionManager.setSessionIdCookieEnabled(true);
|
sessionManager.setSessionIdUrlRewritingEnabled(false);
|
|
SimpleCookie simpleCookie = new SimpleCookie("CT");
|
sessionManager.setSessionIdCookie(simpleCookie);
|
sessionManager.setGlobalSessionTimeout(redisProperties.getGlobalSessionTimeout());
|
return sessionManager;
|
}
|
|
/*====================权限管理=======================*/
|
|
/**权限管理器*/
|
@Bean(name = "securityManager")
|
@DependsOn("sessionManager")
|
public DefaultWebSecurityManager defaultWebSecurityManager(){
|
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
|
securityManager.setRealm(customRealm);
|
securityManager.setSessionManager(shiroSessionManager());
|
return securityManager;
|
}
|
|
/**
|
* 保证实现Shiro内部lifecycle函数的bean执行
|
*/
|
@Bean(name = "lifecycleBeanPostProcessor")
|
public static LifecycleBeanPostProcessor getLifecycleBeanPostProcessor(){
|
return new LifecycleBeanPostProcessor();
|
}
|
|
/**AOP式方法级权限检验*/
|
@Bean
|
@DependsOn("lifecycleBeanPostProcessor")
|
public DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator(){
|
DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
|
advisorAutoProxyCreator.setProxyTargetClass(true);
|
return advisorAutoProxyCreator;
|
}
|
|
/**配合DefaultAdvisorAutoProxyCreator 注解权限校验*/
|
@Bean
|
public AuthorizationAttributeSourceAdvisor getAuthorizationAttributeSourceAdvisor(){
|
AuthorizationAttributeSourceAdvisor aasa = new AuthorizationAttributeSourceAdvisor();
|
aasa.setSecurityManager(defaultWebSecurityManager());
|
return aasa;
|
}
|
|
/**过滤器链*/
|
private Map<String, String> filterChainDefinition(){
|
List<Object> list = PropertiesUtil.propertiesShiro.getKeyList();
|
Map<String, String> map = new LinkedHashMap<>();
|
for (Object object : list) {
|
String key = object.toString();
|
String value = PropertiesUtil.getShiroValue(key);
|
//log.info("读取防止盗链控制:---key{},---value:{}",key,value);
|
map.put(key, value);
|
}
|
return map;
|
}
|
|
/**过滤器*/
|
@Bean
|
public ShiroFilterFactoryBean shiroFilterFactoryBean(){
|
ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
|
//注入新定义的过滤器
|
//shiroFilter
|
shiroFilter.setSecurityManager(defaultWebSecurityManager());
|
shiroFilter.setFilterChainDefinitionMap(filterChainDefinition());
|
shiroFilter.setLoginUrl("/index.html");
|
//shiroFilter.setLoginUrl("/index.html#login");
|
shiroFilter.setUnauthorizedUrl("/login/unauthorized");
|
return shiroFilter;
|
}
|
}
|
