likes
comments
collection
share

Java安全框架——Apache Shiro(三十九)

作者站长头像
站长
· 阅读数 10
【2.4.4】ShiroConfig改造

package com.itheima.shiro.config;

import com.itheima.shiro.constant.SuperConstant; import com.itheima.shiro.core.ShiroDbRealm; import com.itheima.shiro.core.filter.; import com.itheima.shiro.core.impl.; import lombok.extern.log4j.Log4j2; import org.apache.shiro.authc.credential.HashedCredentialsMatcher; import org.apache.shiro.session.mgt.eis.SessionDAO; import org.apache.shiro.spring.LifecycleBeanPostProcessor; import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.apache.shiro.web.servlet.SimpleCookie; import org.redisson.Redisson; import org.redisson.api.RedissonClient; import org.redisson.config.Config; import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.context.properties.EnableConfigurationProperties; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.DependsOn;

import javax.servlet.Filter; import java.util.HashMap; import java.util.Map;

/** * @Description 权限配置类 */ @Configuration @ComponentScan(basePackages = {"com.itheima.shiro.core"}) @EnableConfigurationProperties({ShiroRedisProperties.class}) @Log4j2 public class ShiroConfig {

    @Autowired private ShiroRedisProperties shiroRedisProperties;

    @Autowired JwtTokenManager jwtTokenManager;

    /** * @Description redission客户端 */ @Bean("redissonClientForShiro") public RedissonClient redissonClient() { log.info("=====初始化redissonClientForShiro开始======"); String[] nodeList = shiroRedisProperties.getNodes().split(","); Config config = new Config(); if (nodeList.length == 1) { config.useSingleServer().setAddress(nodeList[0]) .setConnectTimeout(shiroRedisProperties.getConnectTimeout()) .setConnectionMinimumIdleSize(shiroRedisProperties.getConnectionMinimumidleSize()) .setConnectionPoolSize(shiroRedisProperties.getConnectPoolSize()).setTimeout(shiroRedisProperties.getTimeout()); } else { config.useClusterServers().addNodeAddress(nodeList) .setConnectTimeout(shiroRedisProperties.getConnectTimeout()) .setMasterConnectionMinimumIdleSize(shiroRedisProperties.getConnectionMinimumidleSize()) .setMasterConnectionPoolSize(shiroRedisProperties.getConnectPoolSize()).setTimeout(shiroRedisProperties.getTimeout()); } RedissonClient redissonClient =  Redisson.create(config); log.info("=====初始化redissonClientForShiro完成======"); return redissonClient; }

    /** * @Description 创建cookie对象 */ @Bean(name="sessionIdCookie") public SimpleCookie simpleCookie(){ SimpleCookie simpleCookie = new SimpleCookie(); simpleCookie.setName("ShiroSession"); return simpleCookie; }

    /** * @Description 缓存管理器 * @param * @return */ @Bean(name="shiroCacheManager") public ShiroCacheManager shiroCacheManager(){ return new ShiroCacheManager(shiroRedisProperties.getGlobalSessionTimeout()); }

    /** * @Description 权限管理器 * @param * @return */ @Bean(name="securityManager") public DefaultWebSecurityManager defaultWebSecurityManager(){ DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(shiroDbRealm()); securityManager.setSessionManager(shiroSessionManager()); securityManager.setCacheManager(shiroCacheManager()); return securityManager; }

    /** * @Description 密码比较器 / @Bean public HashedCredentialsMatcher hashedCredentialsMatcher (){ RetryLimitCredentialsMatcher matcher = new RetryLimitCredentialsMatcher(SuperConstant.HASH_ALGORITHM); matcher.setHashIterations(SuperConstant.HASH_INTERATIONS); return matcher; } /* * @Description 自定义RealmImpl */ @Bean(name="shiroDbRealm") public ShiroDbRealm shiroDbRealm(){ ShiroDbRealm shiroDbRealm =new ShiroDbRealmImpl(); shiroDbRealm.setCredentialsMatcher(hashedCredentialsMatcher()); return shiroDbRealm; }

    /** * @Description 自定义session会话存储的实现类 ,使用Redis来存储共享session,达到分布式部署目的 */ @Bean("redisSessionDao") public SessionDAO redisSessionDao(){ RedisSessionDao sessionDAO =   new RedisSessionDao(); sessionDAO.setGlobalSessionTimeout(shiroRedisProperties.getGlobalSessionTimeout()); return sessionDAO; }

    /** * @Description 会话管理器 */ @Bean(name="sessionManager") public ShiroSessionManager shiroSessionManager(){ ShiroSessionManager sessionManager = new ShiroSessionManager(); sessionManager.setSessionDAO(redisSessionDao()); sessionManager.setSessionValidationSchedulerEnabled(false); sessionManager.setSessionIdCookieEnabled(true); sessionManager.setSessionIdCookie(simpleCookie()); sessionManager.setGlobalSessionTimeout(shiroRedisProperties.getGlobalSessionTimeout()); return sessionManager; }

    /** * @Description 保证实现了Shiro内部lifecycle函数的bean执行 */ @Bean(name = "lifecycleBeanPostProcessor") public static LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() { return new LifecycleBeanPostProcessor(); }

    /** * @Description AOP式方法级权限检查 */ @Bean @DependsOn("lifecycleBeanPostProcessor") public DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator() { DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator(); defaultAdvisorAutoProxyCreator.setProxyTargetClass(true); return defaultAdvisorAutoProxyCreator; }

    /** * @Description 配合DefaultAdvisorAutoProxyCreator事项注解权限校验 */ @Bean public AuthorizationAttributeSourceAdvisor getAuthorizationAttributeSourceAdvisor() { AuthorizationAttributeSourceAdvisor aasa = new AuthorizationAttributeSourceAdvisor(); aasa.setSecurityManager(defaultWebSecurityManager()); return new AuthorizationAttributeSourceAdvisor(); }

    /** * @Description 自定义拦截器定义 */ private Map<String, Filter> filters() { Map<String, Filter> map = new HashMap<String, Filter>(); map.put("role-or", new RolesOrAuthorizationFilter()); map.put("kicked-out", new KickedOutAuthorizationFilter(redissonClient(), redisSessionDao(), shiroSessionManager())); map.put("jwt-authc", new JwtAuthcFilter(jwtTokenManager)); map.put("jwt-perms", new JwtPermsFilter()); map.put("jwt-roles", new JwtRolesFilter()); return map; }

    /** * @Description Shiro过滤器 */ @Bean("shiroFilter") public CustomShiroFilterFactoryBean shiroFilterFactoryBean(){ CustomShiroFilterFactoryBean shiroFilter = new CustomShiroFilterFactoryBean(); shiroFilter.setSecurityManager(defaultWebSecurityManager()); shiroFilter.setChainResolver(filterChainResolver()); return shiroFilter; }

    @Bean public CustomDefaultFilterChainManager defaultFilterChainManager(){ CustomDefaultFilterChainManager filterChainManager = new CustomDefaultFilterChainManager(); filterChainManager.setLoginUrl("/login"); filterChainManager.setUnauthorizedUrl("/login"); filterChainManager.setCustomFilters(filters()); return filterChainManager; }

    @Bean CustomPathMatchingFilterChainResolver filterChainResolver(){ CustomPathMatchingFilterChainResolver pathMatchingFilterChainResolver = new CustomPathMatchingFilterChainResolver(); pathMatchingFilterChainResolver.setCustomDefaultFilterChainManager(defaultFilterChainManager()); return pathMatchingFilterChainResolver; }

}