123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100 |
- package com.yaozhitech.spring5.config;
- import java.util.Arrays;
- import java.util.Map;
- import javax.servlet.DispatcherType;
- import javax.servlet.Filter;
- import org.apache.shiro.authc.Authenticator;
- import org.apache.shiro.authc.pam.FirstSuccessfulStrategy;
- import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
- import org.apache.shiro.mgt.SecurityManager;
- import org.apache.shiro.mgt.SessionStorageEvaluator;
- import org.apache.shiro.realm.Realm;
- import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
- import org.apache.shiro.spring.web.config.ShiroFilterChainDefinition;
- import org.apache.shiro.web.mgt.DefaultWebSessionStorageEvaluator;
- import org.springframework.boot.web.servlet.FilterRegistrationBean;
- import org.springframework.context.annotation.Bean;
- import org.springframework.context.annotation.Configuration;
- import com.yaozhitech.spring5.filter.AnyRolesAuthorizationFilter;
- import com.yaozhitech.spring5.filter.JwtAuthFilter;
- import com.yaozhitech.spring5.jwt.JWTShiroRealm;
- import com.yaozhitech.spring5.service.JwtUserService;
- @Configuration
- public abstract class ShiroConfiguration {
- /**
- * 注册shiro的Filter,拦截请求
- */
- @Bean
- public FilterRegistrationBean<Filter> filterRegistrationBean(SecurityManager securityManager,JwtUserService userService) throws Exception{
- FilterRegistrationBean<Filter> filterRegistration = new FilterRegistrationBean<Filter>();
- filterRegistration.setFilter((Filter)shiroFilter(securityManager, userService).getObject());
- filterRegistration.addInitParameter("targetFilterLifecycle", "true");
- filterRegistration.setAsyncSupported(true);
- filterRegistration.setEnabled(true);
- filterRegistration.setDispatcherTypes(DispatcherType.REQUEST, DispatcherType.ASYNC);
- return filterRegistration;
- }
- @Bean
- public Authenticator authenticator(JwtUserService userService) {
- ModularRealmAuthenticator authenticator = new ModularRealmAuthenticator();
- authenticator.setRealms(Arrays.asList(jwtShiroRealm(userService)));
- authenticator.setAuthenticationStrategy(new FirstSuccessfulStrategy());
- return authenticator;
- }
- /**
- * 禁用session, 不保存用户登录状态。保证每次请求都重新认证。
- * 需要注意的是,如果用户代码里调用Subject.getSession()还是可以用session,如果要完全禁用,要配合下面的noSessionCreation的Filter来实现
- */
- @Bean
- protected SessionStorageEvaluator sessionStorageEvaluator(){
- DefaultWebSessionStorageEvaluator sessionStorageEvaluator = new DefaultWebSessionStorageEvaluator();
- sessionStorageEvaluator.setSessionStorageEnabled(false);
- return sessionStorageEvaluator;
- }
-
- /**
- * 用于JWT token认证的realm
- */
- @Bean("jwtRealm")
- public Realm jwtShiroRealm(JwtUserService userService) {
- JWTShiroRealm myShiroRealm = new JWTShiroRealm(userService);
- return myShiroRealm;
- }
- /**
- * 设置过滤器,将自定义的Filter加入
- */
- @Bean
- public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager, JwtUserService userService) {
- ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
- factoryBean.setSecurityManager(securityManager);
- Map<String, Filter> filterMap = factoryBean.getFilters();
- filterMap.put("authcToken", createAuthFilter(userService));
- filterMap.put("anyRole", createRolesFilter());
- factoryBean.setFilters(filterMap);
- factoryBean.setFilterChainDefinitionMap(shiroFilterChainDefinition().getFilterChainMap());
- return factoryBean;
- }
-
- public abstract ShiroFilterChainDefinition shiroFilterChainDefinition() ;
- //注意不要加@Bean注解,不然spring会自动注册成filter
- protected JwtAuthFilter createAuthFilter(JwtUserService userService){
- return new JwtAuthFilter(userService);
- }
- protected AnyRolesAuthorizationFilter createRolesFilter(){
- return new AnyRolesAuthorizationFilter();
- }
-
- }
|