package com.whyc.config; import com.whyc.constant.YamlProperties; import com.whyc.filter.RolesOrAuthorizationFilter; import com.whyc.properties.PropertiesUtil; import com.whyc.realm.CustomRealm; import org.apache.shiro.session.mgt.SessionManager; import org.apache.shiro.spring.LifecycleBeanPostProcessor; import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.apache.shiro.web.servlet.Cookie; import org.apache.shiro.web.servlet.ShiroHttpSession; import org.apache.shiro.web.servlet.SimpleCookie; import org.apache.shiro.web.session.mgt.DefaultWebSessionManager; import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.DependsOn; import javax.servlet.Filter; import java.util.HashMap; import java.util.LinkedHashMap; import java.util.List; import java.util.Map; /** * 暂时提供权限管理,会话管理后续更新 TODO */ @Configuration //@Log4j2 @DependsOn("yamlProperties") public class ShiroConfig { @Autowired CustomRealm customRealm; public SessionManager sessionManager() { DefaultWebSessionManager sessionManager = new DefaultWebSessionManager(); Cookie cookie = new SimpleCookie(ShiroHttpSession.DEFAULT_SESSION_ID_NAME); cookie.setHttpOnly(false); cookie.setSameSite(Cookie.SameSiteOptions.NONE); cookie.setSecure(true); cookie.setName("MSManager"); sessionManager.setSessionIdCookie(cookie); sessionManager.setSessionIdCookieEnabled(true); sessionManager.setSessionIdUrlRewritingEnabled(true); return sessionManager; } /**权限管理器*/ @Bean(name = "securityManager") public DefaultWebSecurityManager defaultWebSecurityManager(){ DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(customRealm); if(YamlProperties.runModel == 1){ securityManager.setSessionManager(sessionManager()); } return securityManager; } /** * 保证实现Shiro内部lifecycle函数的bean执行 */ @Bean(name = "lifecycleBeanPostProcessor") public static LifecycleBeanPostProcessor getLifecycleBeanPostProcessor(){ return new LifecycleBeanPostProcessor(); } /**AOP式方法级权限检验*/ @Bean @DependsOn("lifecycleBeanPostProcessor") public DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator(){ DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator(); advisorAutoProxyCreator.setProxyTargetClass(true); return advisorAutoProxyCreator; } /**配合DefaultAdvisorAutoProxyCreator 注解权限校验*/ @Bean public AuthorizationAttributeSourceAdvisor getAuthorizationAttributeSourceAdvisor(){ AuthorizationAttributeSourceAdvisor aasa = new AuthorizationAttributeSourceAdvisor(); aasa.setSecurityManager(defaultWebSecurityManager()); return aasa; } /**过滤器链*/ private Map filterChainDefinition(){ List list = PropertiesUtil.propertiesShiro.getKeyList(); Map map = new LinkedHashMap<>(); for (Object object : list) { String key = object.toString(); String value = PropertiesUtil.getShiroValue(key); //log.info("读取防止盗链控制:---key{},---value:{}",key,value); map.put(key, value); } return map; } /**自定义过滤器*/ private Map filters(){ HashMap map = new HashMap<>(); map.put("rolesOr",new RolesOrAuthorizationFilter()); return map; } /**过滤器*/ // @Bean("shiroFilter") @Bean public ShiroFilterFactoryBean shiroFilterFactoryBean(){ ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean(); //注入新定义的过滤器 shiroFilter.setFilters(filters()); shiroFilter.setSecurityManager(defaultWebSecurityManager()); shiroFilter.setFilterChainDefinitionMap(filterChainDefinition()); shiroFilter.setLoginUrl("/login.html"); //shiroFilter.setLoginUrl("/index.html#login"); shiroFilter.setUnauthorizedUrl("/login/unauthorized"); return shiroFilter; } }