1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798 |
- package com.yaozhitech.spring5.config;
- import java.util.Arrays;
- import java.util.Map;
- import javax.servlet.DispatcherType;
- import javax.servlet.Filter;
- import org.apache.shiro.authc.Authenticator;
- import org.apache.shiro.authc.pam.FirstSuccessfulStrategy;
- import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
- import org.apache.shiro.mgt.SecurityManager;
- import org.apache.shiro.mgt.SessionStorageEvaluator;
- import org.apache.shiro.realm.Realm;
- import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
- import org.apache.shiro.spring.web.config.ShiroFilterChainDefinition;
- import org.apache.shiro.web.mgt.DefaultWebSessionStorageEvaluator;
- import org.springframework.boot.web.servlet.FilterRegistrationBean;
- import org.springframework.context.annotation.Bean;
- import com.yaozhitech.spring5.filter.AnyRolesAuthorizationFilter;
- import com.yaozhitech.spring5.filter.JwtAuthFilter;
- import com.yaozhitech.spring5.jwt.JWTShiroRealm;
- import com.yaozhitech.spring5.service.UserService;
- public abstract class ShiroConfiguration {
- /**
- * 注册shiro的Filter,拦截请求
- */
- @Bean
- public FilterRegistrationBean<Filter> filterRegistrationBean(SecurityManager securityManager,UserService userService) throws Exception{
- FilterRegistrationBean<Filter> filterRegistration = new FilterRegistrationBean<Filter>();
- filterRegistration.setFilter((Filter)shiroFilter(securityManager, userService).getObject());
- filterRegistration.addInitParameter("targetFilterLifecycle", "true");
- filterRegistration.setAsyncSupported(true);
- filterRegistration.setEnabled(true);
- filterRegistration.setDispatcherTypes(DispatcherType.REQUEST, DispatcherType.ASYNC);
- return filterRegistration;
- }
- @Bean
- public Authenticator authenticator(UserService userService) {
- ModularRealmAuthenticator authenticator = new ModularRealmAuthenticator();
- authenticator.setRealms(Arrays.asList(jwtShiroRealm(userService)));
- authenticator.setAuthenticationStrategy(new FirstSuccessfulStrategy());
- return authenticator;
- }
- /**
- * 禁用session, 不保存用户登录状态。保证每次请求都重新认证。
- * 需要注意的是,如果用户代码里调用Subject.getSession()还是可以用session,如果要完全禁用,要配合下面的noSessionCreation的Filter来实现
- */
- @Bean
- protected SessionStorageEvaluator sessionStorageEvaluator(){
- DefaultWebSessionStorageEvaluator sessionStorageEvaluator = new DefaultWebSessionStorageEvaluator();
- sessionStorageEvaluator.setSessionStorageEnabled(false);
- return sessionStorageEvaluator;
- }
-
- /**
- * 用于JWT token认证的realm
- */
- @Bean("jwtRealm")
- public Realm jwtShiroRealm(UserService userService) {
- JWTShiroRealm myShiroRealm = new JWTShiroRealm(userService);
- return myShiroRealm;
- }
- /**
- * 设置过滤器,将自定义的Filter加入
- */
- @Bean
- public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager, UserService userService) {
- ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
- factoryBean.setSecurityManager(securityManager);
- Map<String, Filter> filterMap = factoryBean.getFilters();
- filterMap.put("authcToken", createAuthFilter(userService));
- filterMap.put("anyRole", createRolesFilter());
- factoryBean.setFilters(filterMap);
- factoryBean.setFilterChainDefinitionMap(shiroFilterChainDefinition().getFilterChainMap());
- return factoryBean;
- }
-
- public abstract ShiroFilterChainDefinition shiroFilterChainDefinition() ;
- //注意不要加@Bean注解,不然spring会自动注册成filter
- protected JwtAuthFilter createAuthFilter(UserService userService){
- return new JwtAuthFilter(userService);
- }
- protected AnyRolesAuthorizationFilter createRolesFilter(){
- return new AnyRolesAuthorizationFilter();
- }
-
- }
|