码迷,mamicode.com
首页 > 编程语言 > 详细

springBoot shiro

时间:2019-09-25 12:34:34      阅读:88      评论:0      收藏:0      [点我收藏+]

标签:filters   映射   限时   class   edit   ida   print   author   new   

@Configuration
public class ShiroConfig {
/**
* 过滤器默认权限表 {anon=anon, authc=authc, authcBasic=authcBasic, logout=logout,
* noSessionCreation=noSessionCreation, perms=perms, port=port,
* rest=rest, roles=roles, ssl=ssl, user=user}
* <p>
* anon, authc, authcBasic, user 是第一组认证过滤器
* perms, port, rest, roles, ssl 是第二组授权过滤器
* <p>
* user 和 authc 的不同:当应用开启了rememberMe时, 用户下次访问时可以是一个user, 但绝不会是authc,
* 因为authc是需要重新认证的, user表示用户不一定已通过认证, 只要曾被Shiro记住过登录状态的用户就可以正常发起请求,比如rememberMe
* 以前的一个用户登录时开启了rememberMe, 然后他关闭浏览器, 下次再访问时他就是一个user, 而不会authc
*
* @param securityManager 初始化 ShiroFilterFactoryBean 的时候需要注入 SecurityManager
*/

@Autowired
private SessionDAO sessionDao;


@Bean
public FilterRegistrationBean filterRegistrationBean() {
FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
filterRegistration.setFilter(new DelegatingFilterProxy("shiroFilter"));
filterRegistration.addInitParameter("targetFilterLifecycle", "true");
filterRegistration.setEnabled(true);
filterRegistration.addUrlPatterns("/*");
return filterRegistration;
}


@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
// 必须设置 SecurityManager
shiroFilterFactoryBean.setSecurityManager(securityManager);
// setLoginUrl 如果不设置值,默认会自动寻找Web工程根目录下的"/login.jsp"页面 或 "/login" 映射
shiroFilterFactoryBean.setLoginUrl("/jf/login");
shiroFilterFactoryBean.setSuccessUrl("/jf?login");
// 设置无权限时跳转的 url;
shiroFilterFactoryBean.setUnauthorizedUrl("/notRole");

Map<String, javax.servlet.Filter> map = new HashMap();
CasFilter casFilter = new CasFilter();
casFilter.setFailureUrl("/jf/login");



FormAuthenticationFilter formAuthenticationFilter = new FormAuthenticationFilter();
map.put("cas",casFilter);
map.put("authc",formAuthenticationFilter);
shiroFilterFactoryBean.setFilters(map);



// 设置拦截器
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
//游客,开发权限
filterChainDefinitionMap.put("/jf/sad/**", "anon");
filterChainDefinitionMap.put("/jf/lt/**", "anon");
filterChainDefinitionMap.put("/jf/gq/**", "anon");
filterChainDefinitionMap.put("/static/**", "anon");
filterChainDefinitionMap.put("/lt/**", "anon");
filterChainDefinitionMap.put("/userfiles/**", "anon");
filterChainDefinitionMap.put("/include/**", "anon");
filterChainDefinitionMap.put("/ajax/**", "anon");


//测试使用
filterChainDefinitionMap.put("/ceshi/**", "anon");

//用户,需要角色权限 “user”
// filterChainDefinitionMap.put("/jf/**", "roles[user]");
// filterChainDefinitionMap.put("/jf/cas", "roles[cas]");
// filterChainDefinitionMap.put("/act/editor/**", "roles[user]");
// filterChainDefinitionMap.put("/act/rest/service/**", "roles[user]");
// filterChainDefinitionMap.put("/ReportServer/**", "roles[user]");
// filterChainDefinitionMap.put("/jf/login", "authc");

filterChainDefinitionMap.put("/act/editor/**", "user");
filterChainDefinitionMap.put("/act/rest/service/**", "user");
filterChainDefinitionMap.put("/ReportServer/**", "user");
filterChainDefinitionMap.put("/jf/cas", "cas");
filterChainDefinitionMap.put("/jf/login", "authc");
filterChainDefinitionMap.put("/*", "user");
filterChainDefinitionMap.put("/jf/**", "user");

//管理员,需要角色权限 “admin”
// filterChainDefinitionMap.put("/admin/**", "roles[admin]");
//开放登陆接口

filterChainDefinitionMap.put("/login", "anon");
filterChainDefinitionMap.put("/test/**", "anon");

filterChainDefinitionMap.put("/act/rest/service/editor/**", "perms[act:model:edit]");
filterChainDefinitionMap.put("/act/rest/service/model/**", "perms[act:model:edit]");



//其余接口一律拦截
//主要这行代码必须放在所有权限设置的最后,不然会导致所有 url 都被拦截
// filterChainDefinitionMap.put("/**", "authc");

shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
System.out.println("Shiro拦截器工厂类注入成功");
return shiroFilterFactoryBean;
}

// 缓存配置
@Bean
public EhCacheManager cacheManager() {
EhCacheManager ehCacheManager = new EhCacheManager();
EhCacheManagerFactoryBean cacheManager = new EhCacheManagerFactoryBean(); //使用内存缓存
ehCacheManager.setCacheManager(CacheManager.create());
cacheManager.setShared(true);
return ehCacheManager;
}
@Bean(name = "sessionManager")
public DefaultWebSessionManager sessionManager() {
DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
// 设置session过期时间3600s
sessionManager.setGlobalSessionTimeout(Long.valueOf(Global.getConfig("session.sessionTimeout")));
sessionManager.setSessionValidationInterval(Long.valueOf(Global.getConfig("session.sessionTimeoutClean")));
sessionManager.setSessionValidationSchedulerEnabled(true);
SimpleCookie simpleCookie = new SimpleCookie();
simpleCookie.setName("cciinet.erp.session.id");
sessionManager.setSessionIdCookie(simpleCookie);
sessionManager.setSessionIdCookieEnabled(true);
sessionManager.setSessionDAO(sessionDao);
return sessionManager;
}

/**
* 注入 securityManager
*/
@Bean
public SecurityManager securityManager(SystemAuthorizingRealm customRealm, EhCacheManager shiroCacheManager/*, SessionManager sessionManager*/) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
// 设置realm.
/* sessionManager.setGlobalSessionTimeout(Long.valueOf(Global.getConfig("session.sessionTimeout")));
sessionManager.setSessionValidationInterval(Long.valueOf(Global.getConfig("session.sessionTimeoutClean")));
sessionManager.setSessionValidationSchedulerEnabled(true);*/
/* SimpleCookie simpleCookie = new SimpleCookie();
simpleCookie.setName("cciinet.erp.session.id");
sessionManager.setSessionIdCookie(simpleCookie);
sessionManager.setSessionIdCookieEnabled(true);
sessionManager.setSessionDAO(sessionDao);*/
securityManager.setRealm(customRealm);
securityManager.setCacheManager(shiroCacheManager);
// securityManager.setSessionManager(sessionManager);
securityManager.setRememberMeManager(null);
SecurityUtils.setSecurityManager(securityManager);

return securityManager;
}
}

springBoot shiro

标签:filters   映射   限时   class   edit   ida   print   author   new   

原文地址:https://www.cnblogs.com/-mzh/p/11583610.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!