package com.whyc.config; import com.whyc.filter.KickedOutFilter; import com.whyc.filter.RolesOrAuthorizationFilter; import com.whyc.properties.PropertiesUtil; import com.whyc.properties.RedisProperties; import com.whyc.properties.ShiroRedisProperties; import com.whyc.realm.CustomRealm; import lombok.extern.log4j.Log4j; import lombok.extern.log4j.Log4j2; import lombok.extern.slf4j.Slf4j; import org.apache.shiro.session.mgt.SessionManager; import org.apache.shiro.session.mgt.eis.SessionDAO; import org.apache.shiro.spring.LifecycleBeanPostProcessor; import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.filter.authz.RolesAuthorizationFilter; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.apache.shiro.web.servlet.SimpleCookie; import org.apache.shiro.web.session.mgt.DefaultWebSessionManager; import org.redisson.Redisson; import org.redisson.api.RedissonClient; import org.redisson.config.Config; import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.context.properties.EnableConfigurationProperties; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.DependsOn; import javax.servlet.Filter; import java.util.HashMap; import java.util.LinkedHashMap; import java.util.List; import java.util.Map; /** * 暂时提供权限管理,会话管理后续更新 TODO */ @Configuration @Slf4j @EnableConfigurationProperties({RedisProperties.class}) public class ShiroConfig { @Autowired CustomRealm customRealm; @Autowired RedisProperties redisProperties; /*================Session采用Redis分布式Session===================*/ /** * Redisson客户端,初始化 *//* @Bean(name = "redissonClient4Shiro") public RedissonClient redissonClient(){ log.info("======初始化redissonClient4Shiro======"); String[] nodeList = shiroRedisProperties.getNodes().split(","); Config config = new Config(); if(nodeList.length==1){ config.useSingleServer().setAddress(nodeList[0]) .setConnectTimeout(shiroRedisProperties.getConnectTimeout()) .setConnectionPoolSize(shiroRedisProperties.getConnectPoolSize()) .setConnectionMinimumIdleSize(shiroRedisProperties.getConnectMinIdleSize()) .setTimeout(shiroRedisProperties.getTimeout()); }else{ config.useClusterServers().addNodeAddress(nodeList) .setConnectTimeout(shiroRedisProperties.getConnectTimeout()) .setMasterConnectionPoolSize(shiroRedisProperties.getConnectPoolSize()) .setMasterConnectionMinimumIdleSize(shiroRedisProperties.getConnectMinIdleSize()) .setTimeout(shiroRedisProperties.getTimeout()); } RedissonClient redissonClient = Redisson.create(config); return redissonClient; }*/ /** * 初始化RedisSessionDao */ @Bean("redisSessionDao") @DependsOn("redisClient") public SessionDAO redisSessionDao(){ RedisSessionDao redisSessionDao = new RedisSessionDao(redisProperties.getGlobalSessionTimeout()); return redisSessionDao; } /**Session管理器*/ @Bean("sessionManager") @DependsOn("redisSessionDao") public DefaultWebSessionManager shiroSessionManager(){ DefaultWebSessionManager sessionManager = new DefaultWebSessionManager(); //设置Session参数 sessionManager.setSessionDAO(redisSessionDao()); sessionManager.setSessionValidationSchedulerEnabled(false); sessionManager.setSessionIdCookieEnabled(true); SimpleCookie simpleCookie = new SimpleCookie("ShiroSession"); sessionManager.setSessionIdCookie(simpleCookie); sessionManager.setGlobalSessionTimeout(redisProperties.getGlobalSessionTimeout()); return sessionManager; } /*====================权限管理=======================*/ /**权限管理器*/ @Bean(name = "securityManager") @DependsOn("sessionManager") public DefaultWebSecurityManager defaultWebSecurityManager(){ DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(customRealm); securityManager.setSessionManager(shiroSessionManager()); return securityManager; } /** * 保证实现Shiro内部lifecycle函数的bean执行 */ @Bean(name = "lifecycleBeanPostProcessor") public static LifecycleBeanPostProcessor getLifecycleBeanPostProcessor(){ return new LifecycleBeanPostProcessor(); } /**AOP式方法级权限检验*/ @Bean @DependsOn("lifecycleBeanPostProcessor") public DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator(){ DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator(); advisorAutoProxyCreator.setProxyTargetClass(true); return advisorAutoProxyCreator; } /**配合DefaultAdvisorAutoProxyCreator 注解权限校验*/ @Bean public AuthorizationAttributeSourceAdvisor getAuthorizationAttributeSourceAdvisor(){ AuthorizationAttributeSourceAdvisor aasa = new AuthorizationAttributeSourceAdvisor(); aasa.setSecurityManager(defaultWebSecurityManager()); return aasa; } /**过滤器链*/ private Map filterChainDefinition(){ List list = PropertiesUtil.propertiesShiro.getKeyList(); Map map = new LinkedHashMap<>(); for (Object object : list) { String key = object.toString(); String value = PropertiesUtil.getShiroValue(key); //log.info("读取防止盗链控制:---key{},---value:{}",key,value); map.put(key, value); } return map; } /**自定义过滤器*/ private Map filters(){ HashMap map = new HashMap<>(); map.put("rolesOr",new RolesOrAuthorizationFilter()); return map; } /**过滤器*/ // @Bean("shiroFilter") @Bean public ShiroFilterFactoryBean shiroFilterFactoryBean(){ ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean(); //注入新定义的过滤器 shiroFilter.setFilters(filters()); shiroFilter.setSecurityManager(defaultWebSecurityManager()); shiroFilter.setFilterChainDefinitionMap(filterChainDefinition()); shiroFilter.setLoginUrl("/login.html"); //shiroFilter.setLoginUrl("/index.html#login"); shiroFilter.setUnauthorizedUrl("/login/unauthorized"); return shiroFilter; } }