| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352 |
- package com.qxgmat.util.shiro;
- import com.nuliji.tools.shiro.*;
- import com.nuliji.tools.shiro.cache.RedisManager;
- import com.nuliji.tools.shiro.cache.CustomCacheManager;
- import com.nuliji.tools.shiro.cache.RedisCacheProvider;
- import com.nuliji.tools.shiro.inter.HeaderTokenManager;
- import com.nuliji.tools.shiro.session.CustomSessionDao;
- import com.nuliji.tools.shiro.session.RedisSessionRepository;
- import com.nuliji.tools.shiro.session.SessionRepository;
- import com.qxgmat.util.shiro.impl.UserTokenManager;
- import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
- import org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy;
- import org.apache.shiro.cache.CacheManager;
- import org.apache.shiro.codec.Base64;
- import org.apache.shiro.realm.Realm;
- import org.apache.shiro.session.Session;
- import org.apache.shiro.session.SessionListener;
- import org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler;
- import org.apache.shiro.session.mgt.SessionManager;
- import org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator;
- import org.apache.shiro.session.mgt.eis.SessionDAO;
- import org.apache.shiro.session.mgt.eis.SessionIdGenerator;
- import org.apache.shiro.spring.LifecycleBeanPostProcessor;
- import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
- import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
- import org.apache.shiro.spring.web.config.DefaultShiroFilterChainDefinition;
- import org.apache.shiro.spring.web.config.ShiroFilterChainDefinition;
- import org.apache.shiro.web.mgt.CookieRememberMeManager;
- import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
- import org.apache.shiro.web.servlet.Cookie;
- import org.apache.shiro.web.servlet.SimpleCookie;
- import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
- import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
- import org.springframework.context.annotation.Bean;
- import org.springframework.context.annotation.Configuration;
- import org.springframework.context.annotation.DependsOn;
- import org.springframework.data.redis.connection.RedisConnectionFactory;
- import javax.servlet.Filter;
- import java.io.Serializable;
- import java.util.ArrayList;
- import java.util.Collection;
- import java.util.Map;
- @Configuration
- public class ShiroConfig {
- @Bean
- public ShiroFilterChainDefinition shiroFilterChainDefinition() {
- DefaultShiroFilterChainDefinition chain = new DefaultShiroFilterChainDefinition();
- chain.addPathDefinition("/admin/auth/**", "anon");
- chain.addPathDefinition("/admin/**", "role[manager]");
- chain.addPathDefinition("/api/auth/**", "anon");
- chain.addPathDefinition("/api/my/**", "token,role[user]");
- chain.addPathDefinition("/**", "anon");
- return chain;
- }
- @Bean(name = "shiroFilter")
- public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager securityManager) {
- ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
- // 必须设置 SecurityManager
- shiroFilterFactoryBean.setSecurityManager(securityManager);
- Map<String, Filter> filters = shiroFilterFactoryBean.getFilters();
- DevelopFilter developFilter = new DevelopFilter();
- RoleFilter roleFilter = new RoleFilter();
- TokenFilter tokenFilter = new TokenFilter(headerTokenManager());
- filters.put("role", roleFilter);
- filters.put("develop", developFilter);
- filters.put("token", tokenFilter);
- shiroFilterFactoryBean.setFilters(filters);
- shiroFilterFactoryBean.setFilterChainDefinitionMap(shiroFilterChainDefinition().getFilterChainMap());
- return shiroFilterFactoryBean;
- }
- @Bean
- public RedisManager redisManager(RedisConnectionFactory factory){
- RedisManager redisManager = new RedisManager();
- redisManager.setFactory(factory);
- redisManager.setExpire(86400000);
- return redisManager;
- }
- @Bean
- public RedisCacheProvider redisCacheProvider(RedisManager redisManager){
- RedisCacheProvider redisCacheProvider = new RedisCacheProvider();
- redisCacheProvider.setRedisManager(redisManager);
- return redisCacheProvider;
- }
- @Bean
- public SessionRepository redisSessionRepository(RedisManager redisManager){
- RedisSessionRepository redisSessionRepository = new RedisSessionRepository();
- redisSessionRepository.setRedisManager(redisManager);
- return redisSessionRepository;
- }
- @Bean
- public CacheManager customCacheManager(RedisCacheProvider redisCacheProvider){
- CustomCacheManager customCacheManager = new CustomCacheManager();
- customCacheManager.setCacheProvider(redisCacheProvider);
- return customCacheManager;
- }
- /**
- * 加密方式
- *
- * @return
- */
- @Bean
- public HashedCredentialsMatcher hashedCredentialsMatcher() {
- HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
- hashedCredentialsMatcher.setHashAlgorithmName("md5");// 散列算法:这里使用MD5算法;
- hashedCredentialsMatcher.setHashIterations(2);// 散列的次数,比如散列两次,相当于md5(md5(""));
- hashedCredentialsMatcher.setStoredCredentialsHexEncoded(false);// 表示是否存储散列后的密码为16进制,需要和生成密码时的一样,默认是base64;
- return hashedCredentialsMatcher;
- }
- @Bean
- public HeaderTokenManager headerTokenManager() {
- UserTokenManager userTokenManager = new UserTokenManager();
- return userTokenManager;
- }
- @Bean
- public UserRealm userRealm() {
- UserRealm userRealm = new UserRealm();
- // userRealm.setCredentialsMatcher(new SimpleCredentialsMatcher());
- userRealm.setCachingEnabled(true);
- return userRealm;
- }
- @Bean
- public TokenRealm tokenRealm() {
- TokenRealm tokenRealm = new TokenRealm();
- // userRealm.setCredentialsMatcher(new SimpleCredentialsMatcher());
- tokenRealm.setCachingEnabled(true);
- return tokenRealm;
- }
- @Bean
- public ManagerRealm managerRealm() {
- ManagerRealm managerRealm = new ManagerRealm();
- // managerRealm.setCredentialsMatcher(new SimpleCredentialsMatcher());
- managerRealm.setCachingEnabled(true);
- return managerRealm;
- }
- @Bean
- public OauthRealm oauthRealm(){
- OauthRealm oauthRealm = new OauthRealm();
- oauthRealm.setCachingEnabled(false);
- return oauthRealm;
- }
- @Bean
- public DevelopRealm developRealm(){
- DevelopRealm developRealm = new DevelopRealm();
- developRealm.setCachingEnabled(true);
- return developRealm;
- }
- @Bean
- public Collection<Realm> realms() {
- Collection<Realm> realms = new ArrayList<>();
- realms.add(userRealm());
- realms.add(tokenRealm());
- realms.add(oauthRealm());
- realms.add(managerRealm());
- realms.add(developRealm());
- return realms;
- }
- /**
- * 配置认证策略,只要有一个Realm认证成功即可,并且返回所有认证成功信息
- *
- * @return
- */
- @Bean
- AtLeastOneSuccessfulStrategy authenticationStrategy() {
- return new AtLeastOneSuccessfulStrategy();
- }
- /**
- * 配置使用自定义认证器,可以实现多Realm认证,并且可以指定特定Realm处理特定类型的验证
- *
- * @return
- */
- @Bean
- RealmAuthenticator authenticator() {
- RealmAuthenticator authenticator = new RealmAuthenticator();
- authenticator.setAuthenticationStrategy(authenticationStrategy());
- return authenticator;
- }
- @Bean
- public Cookie rememberMeCookie() {
- // 这个参数是cookie的名称,对应前端的checkbox的name = rememberMe
- SimpleCookie simpleCookie = new SimpleCookie("rememberMe");
- // <!-- 记住我cookie生效时间30天 ,单位秒;-->
- simpleCookie.setMaxAge(259200);
- return simpleCookie;
- }
- /**
- * CookieRememberMeManager
- *
- * @return
- */
- @Bean
- public CookieRememberMeManager rememberMeManager() {
- CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
- cookieRememberMeManager.setCookie(rememberMeCookie());
- cookieRememberMeManager.setCipherKey(Base64.decode("2AvVhdsgUs0FSA3SDFAdag=="));
- return cookieRememberMeManager;
- }
- // @Bean
- // public MyShiroSessionListener myShiroSessionListener() {
- // return new MyShiroSessionListener();
- // }
- /**
- * 会话监听器
- *
- * @return
- */
- @Bean
- public Collection<SessionListener> sessionListeners() {
- Collection<SessionListener> listeners = new ArrayList<>();
- // listeners.add(myShiroSessionListener());
- return listeners;
- }
- /**
- * 会话ID生成器
- *
- * @return
- */
- @Bean
- public SessionIdGenerator sessionIdGenerator() {
- SessionIdGenerator idGenerator = new SessionIdGenerator() {
- @Override
- public Serializable generateId(Session session) {
- Serializable uuid = new JavaUuidSessionIdGenerator().generateId(session);
- System.out.println("sessionIdGenerator:" + uuid);
- return uuid;
- }
- };
- return idGenerator;
- }
- /**
- * 会话DAO
- *
- * @return
- */
- @Bean
- public CustomSessionDao sessionDao(SessionRepository sessionRepository) {
- CustomSessionDao sessionDao = new CustomSessionDao();
- sessionDao.setSessionRepository(sessionRepository);
- sessionDao.setSessionIdGenerator(sessionIdGenerator());
- return sessionDao;
- }
- /**
- * 处理session有效期
- *
- * @return
- */
- @Bean
- public ExecutorServiceSessionValidationScheduler sessionValidationScheduler() {
- ExecutorServiceSessionValidationScheduler sessionValidationScheduler = new ExecutorServiceSessionValidationScheduler();
- sessionValidationScheduler.setInterval(1800000);
- return sessionValidationScheduler;
- }
- @Bean(name = "sessionManager")
- public SessionManager sessionManager(SessionDAO sessionDAO) {
- DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
- Cookie sessionIdCookie = new SimpleCookie("JSESSIONID");
- sessionIdCookie.setPath("/");
- sessionManager.setSessionIdCookie(sessionIdCookie);
- sessionManager.setGlobalSessionTimeout(86400000);
- sessionManager.setDeleteInvalidSessions(true);
- sessionManager.setSessionIdUrlRewritingEnabled(false);
- sessionManager.setSessionValidationScheduler(sessionValidationScheduler());
- sessionManager.setSessionValidationSchedulerEnabled(true);
- sessionManager.setSessionListeners(sessionListeners());
- sessionManager.setSessionDAO(sessionDAO);
- return sessionManager;
- }
- /**
- * 会话管理器
- *
- * @return
- */
- @Bean(name = "securityManager")
- public DefaultWebSecurityManager securityManager(CacheManager cacheManager, SessionManager sessionManager) {
- DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
- securityManager.setCacheManager(cacheManager);
- securityManager.setAuthenticator(authenticator());
- securityManager.setRememberMeManager(rememberMeManager());
- securityManager.setRealms(realms());
- securityManager.setSessionManager(sessionManager);
- return securityManager;
- }
- /**
- * 开启shiro注解 ---- 注解权限
- *
- * @param securityManager
- * @return
- */
- @Bean
- public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(org.apache.shiro.mgt.SecurityManager securityManager) {
- AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
- authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
- return authorizationAttributeSourceAdvisor;
- }
- /**
- * Shiro生命周期处理器 ---可以自定的来调用配置在 Spring IOC 容器中 shiro bean 的生命周期方法.
- *
- * @return
- */
- @Bean
- public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
- return new LifecycleBeanPostProcessor();
- }
- /**
- * 开启shiro注解 ----启用 IOC 容器中使用 shiro 的注解. 但必须在配置了 LifecycleBeanPostProcessor
- * 之后才可以使用
- *
- * @return
- */
- @Bean
- @DependsOn("lifecycleBeanPostProcessor")
- public DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator() {
- DefaultAdvisorAutoProxyCreator daap = new DefaultAdvisorAutoProxyCreator();
- daap.setProxyTargetClass(true);
- return daap;
- }
- }
|
