客户端配置roleAuth的url

spring5-admin/java/com/yaozhitech/spring5/config/RoleResourceConfiguration.java

@@ -2,22 +2,24 @@ package com.yaozhitech.spring5.config;
 
 import org.apache.shiro.spring.web.config.DefaultShiroFilterChainDefinition;
 import org.apache.shiro.spring.web.config.ShiroFilterChainDefinition;
-import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 
 @Configuration
-public class RoleResourceConfiguration {
-
-//	@Bean
+public class RoleResourceConfiguration extends ShiroConfiguration{
+	
+	@Override
 	public ShiroFilterChainDefinition shiroFilterChainDefinition() {
+		
+		
 		DefaultShiroFilterChainDefinition chainDefinition = new DefaultShiroFilterChainDefinition();
 //    chainDefinition.addPathDefinition("/login", "noSessionCreation,anon");  //login不做认证，noSessionCreation的作用是用户在操作session时会抛异常
 //    chainDefinition.addPathDefinition("/logout", "noSessionCreation,authcToken[permissive]"); //做用户认证，permissive参数的作用是当token无效时也允许请求访问，不会返回鉴权未通过的错误
-//    chainDefinition.addPathDefinition("/image/**", "anon");
-		chainDefinition.addPathDefinition("/admin/**", "noSessionCreation,authcToken,anyRole[admin,manager]"); // 只允许admin或manager角色的用户访问
-		chainDefinition.addPathDefinition("/article/list", "noSessionCreation,authcToken");
-		chainDefinition.addPathDefinition("/article/*", "noSessionCreation,authcToken[permissive]");
-		chainDefinition.addPathDefinition("/**", "noSessionCreation,authcToken"); // 默认进行用户鉴权
+//    chainDefinition.addPathDefinition("/image/**", "anon"); ,anyRole[admin,manager]
+		chainDefinition.addPathDefinition("/**", "noSessionCreation,authcToken"); // 只允许admin或manager角色的用户访问
+//		chainDefinition.addPathDefinition("/article/list", "noSessionCreation,authc");
+//		chainDefinition.addPathDefinition("/article/*", "noSessionCreation,authc[permissive]");
+//		chainDefinition.addPathDefinition("/**", "noSessionCreation,authc"); // 默认进行用户鉴权
+		
 		return chainDefinition;
 	}
 }

spring5-auth/spring5-auth-client/src/main/java/com/yaozhitech/spring5/config/ShiroConfiguration.java

@@ -1,7 +1,6 @@
 package com.yaozhitech.spring5.config;
 
 import java.util.Arrays;
-import java.util.HashMap;
 import java.util.Map;
 
 import javax.servlet.DispatcherType;
@@ -10,30 +9,23 @@ import javax.servlet.Filter;
 import org.apache.shiro.authc.Authenticator;
 import org.apache.shiro.authc.pam.FirstSuccessfulStrategy;
 import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
-import org.apache.shiro.authz.AuthorizationException;
 import org.apache.shiro.mgt.SecurityManager;
 import org.apache.shiro.mgt.SessionStorageEvaluator;
 import org.apache.shiro.realm.Realm;
 import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
-import org.apache.shiro.spring.web.config.DefaultShiroFilterChainDefinition;
 import org.apache.shiro.spring.web.config.ShiroFilterChainDefinition;
 import org.apache.shiro.web.mgt.DefaultWebSessionStorageEvaluator;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.http.HttpStatus;
-import org.springframework.ui.Model;
-import org.springframework.web.bind.annotation.ExceptionHandler;
-import org.springframework.web.bind.annotation.ResponseStatus;
 
-import com.yaozhitech.spring5.filter.AnyRolesAuthorizationFilter;
 import com.yaozhitech.spring5.filter.JwtAuthFilter;
 import com.yaozhitech.spring5.jwt.JWTShiroRealm;
 import com.yaozhitech.spring5.service.UserService;
 
 @Configuration
-public class ShiroConfiguration {
+public abstract class ShiroConfiguration {
 	
 	@Value("${password.salt}")
 	private String encryptSalt;
@@ -84,7 +76,6 @@ public class ShiroConfiguration {
     /**
           * 设置过滤器，将自定义的Filter加入
      */
-    @Bean("shiroFilter")
     public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager, UserService userService) {
     	ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
         factoryBean.setSecurityManager(securityManager);
@@ -96,20 +87,22 @@ public class ShiroConfiguration {
 
         return factoryBean;
     }
-
-    @Bean
-    protected ShiroFilterChainDefinition shiroFilterChainDefinition() {
-        DefaultShiroFilterChainDefinition chainDefinition = new DefaultShiroFilterChainDefinition();
-//        chainDefinition.addPathDefinition("/login", "noSessionCreation,anon");  //login不做认证，noSessionCreation的作用是用户在操作session时会抛异常
-//        chainDefinition.addPathDefinition("/logout", "noSessionCreation,authcToken[permissive]"); //做用户认证，permissive参数的作用是当token无效时也允许请求访问，不会返回鉴权未通过的错误
-//        chainDefinition.addPathDefinition("/image/**", "anon");
-//        chainDefinition.addPathDefinition("/admin/**", "noSessionCreation,authcToken,anyRole[admin,manager]"); //只允许admin或manager角色的用户访问
-        chainDefinition.addPathDefinition("/article/list", "noSessionCreation,authcToken");
-        chainDefinition.addPathDefinition("/admin/**", "noSessionCreation,authcToken");
-//        chainDefinition.addPathDefinition("/article/*", "noSessionCreation,authcToken[permissive]");
-        chainDefinition.addPathDefinition("/**", "noSessionCreation,authcToken"); // 默认进行用户鉴权
-        return chainDefinition;
-    }
+    
+    public abstract ShiroFilterChainDefinition shiroFilterChainDefinition() ;
+
+//    @Bean
+//    protected ShiroFilterChainDefinition shiroFilterChainDefinition() {
+//        DefaultShiroFilterChainDefinition chainDefinition = new DefaultShiroFilterChainDefinition();
+////        chainDefinition.addPathDefinition("/login", "noSessionCreation,anon");  //login不做认证，noSessionCreation的作用是用户在操作session时会抛异常
+////        chainDefinition.addPathDefinition("/logout", "noSessionCreation,authcToken[permissive]"); //做用户认证，permissive参数的作用是当token无效时也允许请求访问，不会返回鉴权未通过的错误
+////        chainDefinition.addPathDefinition("/image/**", "anon");
+////        chainDefinition.addPathDefinition("/admin/**", "noSessionCreation,authcToken,anyRole[admin,manager]"); //只允许admin或manager角色的用户访问
+//        chainDefinition.addPathDefinition("/article/list", "noSessionCreation,authcToken");
+//        chainDefinition.addPathDefinition("/admin/**", "noSessionCreation,authcToken");
+////        chainDefinition.addPathDefinition("/article/*", "noSessionCreation,authcToken[permissive]");
+//        chainDefinition.addPathDefinition("/**", "noSessionCreation,authcToken"); // 默认进行用户鉴权
+//        return chainDefinition;
+//    }
 
    //注意不要加@Bean注解，不然spring会自动注册成filter
     protected JwtAuthFilter createAuthFilter(UserService userService){
@@ -120,20 +113,4 @@ public class ShiroConfiguration {
 //        return new AnyRolesAuthorizationFilter();
 //    }
     
-    @ExceptionHandler(AuthorizationException.class)
-    @ResponseStatus(HttpStatus.FORBIDDEN)
-    public String handleException(AuthorizationException e, Model model) {
-
-        // you could return a 404 here instead (this is how github handles 403, so the user does NOT know there is a
-        // resource at that location)
-//        log.debug("AuthorizationException was thrown", e);
-
-        Map<String, Object> map = new HashMap<String, Object>();
-        map.put("status", HttpStatus.FORBIDDEN.value());
-        map.put("message", "No message available");
-        model.addAttribute("errors", map);
-
-        return "error";
-    }
-    
 }

spring5-auth/spring5-auth-client/src/main/java/com/yaozhitech/spring5/filter/JwtAuthFilter.java

@@ -55,7 +55,6 @@ public class JwtAuthFilter extends AuthenticatingFilter {
     @Override
     protected void postHandle(ServletRequest request, ServletResponse response){
         this.fillCorsHeader(WebUtils.toHttp(request), WebUtils.toHttp(response));
-        request.setAttribute("jwtShiroFilter.FILTERED", true);
     }
 
     /**
@@ -66,10 +65,6 @@ public class JwtAuthFilter extends AuthenticatingFilter {
         if(this.isLoginRequest(request, response))
             return true;
 
-        Boolean afterFiltered = (Boolean)(request.getAttribute("jwtShiroFilter.FILTERED"));
-        if(afterFiltered != null && afterFiltered)
-        	return true;
-        
         boolean allowed = false;
         try {
             allowed = executeLogin(request, response);