| | |
|---|
| | | package com.whyc.config; |
|---|
| | | |
|---|
| | | import com.whyc.filter.KickedOutFilter; |
|---|
| | | import com.whyc.filter.RolesOrAuthorizationFilter; |
|---|
| | | import com.whyc.properties.PropertiesUtil; |
|---|
| | | import com.whyc.properties.RedisProperties; |
|---|
| | | import com.whyc.properties.ShiroRedisProperties; |
|---|
| | | import com.whyc.realm.CustomRealm; |
|---|
| | | import lombok.extern.log4j.Log4j; |
|---|
| | | import lombok.extern.log4j.Log4j2; |
|---|
| | | import lombok.extern.slf4j.Slf4j; |
|---|
| | | import org.apache.shiro.session.mgt.SessionManager; |
|---|
| | | import org.apache.shiro.session.mgt.eis.SessionDAO; |
|---|
| | | import org.apache.shiro.spring.LifecycleBeanPostProcessor; |
|---|
| | | import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor; |
|---|
| | | import org.apache.shiro.spring.web.ShiroFilterFactoryBean; |
|---|
| | | import org.apache.shiro.web.filter.authz.RolesAuthorizationFilter; |
|---|
| | | import org.apache.shiro.web.mgt.DefaultWebSecurityManager; |
|---|
| | | import org.apache.shiro.web.servlet.SimpleCookie; |
|---|
| | | import org.apache.shiro.web.session.mgt.DefaultWebSessionManager; |
|---|
| | | import org.redisson.Redisson; |
|---|
| | | import org.redisson.api.RedissonClient; |
|---|
| | | import org.redisson.config.Config; |
|---|
| | | import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator; |
|---|
| | | import org.springframework.beans.factory.annotation.Autowired; |
|---|
| | | import org.springframework.boot.context.properties.EnableConfigurationProperties; |
|---|
| | | import org.springframework.context.annotation.Bean; |
|---|
| | | import org.springframework.context.annotation.ComponentScan; |
|---|
| | | import org.springframework.context.annotation.Configuration; |
|---|
| | | import org.springframework.context.annotation.DependsOn; |
|---|
| | | |
|---|
| | | import javax.servlet.Filter; |
|---|
| | | import java.util.HashMap; |
|---|
| | | import java.util.LinkedHashMap; |
|---|
| | | import java.util.List; |
|---|
| | | import java.util.Map; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 暂时提供权限管理,会话管理后续更新 TODO |
|---|
| | | * 暂时提供权限管理,会话管理后续更新 |
|---|
| | | */ |
|---|
| | | @Configuration |
|---|
| | | @Slf4j |
|---|
| | |
|---|
| | | sessionManager.setSessionDAO(redisSessionDao()); |
|---|
| | | sessionManager.setSessionValidationSchedulerEnabled(false); |
|---|
| | | sessionManager.setSessionIdCookieEnabled(true); |
|---|
| | | sessionManager.setSessionIdUrlRewritingEnabled(false); |
|---|
| | | |
|---|
| | | SimpleCookie simpleCookie = new SimpleCookie("ShiroSession"); |
|---|
| | | SimpleCookie simpleCookie = new SimpleCookie("CT"); |
|---|
| | | sessionManager.setSessionIdCookie(simpleCookie); |
|---|
| | | sessionManager.setGlobalSessionTimeout(redisProperties.getGlobalSessionTimeout()); |
|---|
| | | return sessionManager; |
|---|
| | |
|---|
| | | return map; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /**自定义过滤器*/ |
|---|
| | | private Map<String, Filter> filters(){ |
|---|
| | | HashMap<String, Filter> map = new HashMap<>(); |
|---|
| | | map.put("rolesOr",new RolesOrAuthorizationFilter()); |
|---|
| | | return map; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /**过滤器*/ |
|---|
| | | // @Bean("shiroFilter") |
|---|
| | | @Bean |
|---|
| | | public ShiroFilterFactoryBean shiroFilterFactoryBean(){ |
|---|
| | | ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean(); |
|---|
| | | //注入新定义的过滤器 |
|---|
| | | shiroFilter.setFilters(filters()); |
|---|
| | | //shiroFilter |
|---|
| | | shiroFilter.setSecurityManager(defaultWebSecurityManager()); |
|---|
| | | shiroFilter.setFilterChainDefinitionMap(filterChainDefinition()); |
|---|
| | | shiroFilter.setLoginUrl("/login.html"); |
|---|
| | | shiroFilter.setLoginUrl("/index.html"); |
|---|
| | | //shiroFilter.setLoginUrl("/index.html#login"); |
|---|
| | | shiroFilter.setUnauthorizedUrl("/login/unauthorized"); |
|---|
| | | return shiroFilter; |
|---|
