package com.whyc.config;
|
|
import com.whyc.filter.KickedOutFilter;
|
import com.whyc.filter.RolesOrAuthorizationFilter;
|
import com.whyc.properties.PropertiesUtil;
|
import com.whyc.realm.CustomRealm;
|
import lombok.extern.log4j.Log4j;
|
import lombok.extern.log4j.Log4j2;
|
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
|
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
|
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
|
import org.apache.shiro.web.filter.authz.RolesAuthorizationFilter;
|
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
|
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
|
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.DependsOn;
|
|
import javax.servlet.Filter;
|
import java.util.HashMap;
|
import java.util.LinkedHashMap;
|
import java.util.List;
|
import java.util.Map;
|
|
/**
|
* 暂时提供权限管理,会话管理后续更新 TODO
|
*/
|
@Configuration
|
//@Log4j2
|
public class ShiroConfig {
|
|
@Autowired
|
CustomRealm customRealm;
|
|
/**权限管理器*/
|
@Bean(name = "securityManager")
|
public DefaultWebSecurityManager defaultWebSecurityManager(){
|
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
|
securityManager.setRealm(customRealm);
|
return securityManager;
|
}
|
|
/**
|
* 保证实现Shiro内部lifecycle函数的bean执行
|
*/
|
@Bean(name = "lifecycleBeanPostProcessor")
|
public static LifecycleBeanPostProcessor getLifecycleBeanPostProcessor(){
|
return new LifecycleBeanPostProcessor();
|
}
|
|
/**AOP式方法级权限检验*/
|
@Bean
|
@DependsOn("lifecycleBeanPostProcessor")
|
public DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator(){
|
DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
|
advisorAutoProxyCreator.setProxyTargetClass(true);
|
return advisorAutoProxyCreator;
|
}
|
|
/**配合DefaultAdvisorAutoProxyCreator 注解权限校验*/
|
@Bean
|
public AuthorizationAttributeSourceAdvisor getAuthorizationAttributeSourceAdvisor(){
|
AuthorizationAttributeSourceAdvisor aasa = new AuthorizationAttributeSourceAdvisor();
|
aasa.setSecurityManager(defaultWebSecurityManager());
|
return aasa;
|
}
|
|
/**过滤器链*/
|
private Map<String, String> filterChainDefinition(){
|
List<Object> list = PropertiesUtil.propertiesShiro.getKeyList();
|
Map<String, String> map = new LinkedHashMap<>();
|
for (Object object : list) {
|
String key = object.toString();
|
String value = PropertiesUtil.getShiroValue(key);
|
//log.info("读取防止盗链控制:---key{},---value:{}",key,value);
|
map.put(key, value);
|
}
|
return map;
|
}
|
|
/**自定义过滤器*/
|
private Map<String, Filter> filters(){
|
HashMap<String, Filter> map = new HashMap<>();
|
map.put("rolesOr",new RolesOrAuthorizationFilter());
|
return map;
|
}
|
|
/**过滤器*/
|
// @Bean("shiroFilter")
|
@Bean
|
public ShiroFilterFactoryBean shiroFilterFactoryBean(){
|
ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
|
//注入新定义的过滤器
|
shiroFilter.setFilters(filters());
|
shiroFilter.setSecurityManager(defaultWebSecurityManager());
|
shiroFilter.setFilterChainDefinitionMap(filterChainDefinition());
|
shiroFilter.setLoginUrl("/login.html");
|
//shiroFilter.setLoginUrl("/index.html#login");
|
shiroFilter.setUnauthorizedUrl("/login/unauthorized");
|
return shiroFilter;
|
}
|
}
|
