herb.git - Gitblit

¶Ô±ÈÐÂÎÄ¼þ
			@@ -0,0 +1,283 @@
			package org.jeecg.config.shiro;

			import lombok.extern.slf4j.Slf4j;
			import org.apache.commons.pool2.impl.GenericObjectPoolConfig;
			import org.apache.shiro.mgt.DefaultSessionStorageEvaluator;
			import org.apache.shiro.mgt.DefaultSubjectDAO;
			import org.apache.shiro.mgt.SecurityManager;
			import org.apache.shiro.spring.LifecycleBeanPostProcessor;
			import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
			import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
			import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
			import org.crazycake.shiro.IRedisManager;
			import org.crazycake.shiro.RedisCacheManager;
			import org.crazycake.shiro.RedisClusterManager;
			import org.crazycake.shiro.RedisManager;
			import org.jeecg.common.constant.CommonConstant;
			import org.jeecg.common.util.oConvertUtils;
			import org.jeecg.config.JeecgBaseConfig;
			import org.jeecg.config.shiro.filters.CustomShiroFilterFactoryBean;
			import org.jeecg.config.shiro.filters.JwtFilter;
			import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
			import org.springframework.beans.factory.annotation.Autowired;
			import org.springframework.beans.factory.annotation.Value;
			import org.springframework.context.annotation.Bean;
			import org.springframework.context.annotation.Configuration;
			import org.springframework.context.annotation.DependsOn;
			import org.springframework.core.env.Environment;
			import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
			import org.springframework.util.StringUtils;
			import redis.clients.jedis.HostAndPort;
			import redis.clients.jedis.JedisCluster;

			import javax.annotation.Resource;
			import javax.servlet.Filter;
			import java.util.*;

			/**
			* @author: Scott
			* @date: 2018/2/7
			* @description: shiro éç½®ç±»
			*/

			@Slf4j
			@Configuration
			public class ShiroConfig {

			@Resource
			private LettuceConnectionFactory lettuceConnectionFactory;
			@Autowired
			private Environment env;
			@Resource
			private JeecgBaseConfig jeecgBaseConfig;

			/**
			* Filter Chainå®ä¹è¯´æ
			*
			* 1ãä¸ä¸ªURLå¯ä»¥éç½®å¤ä¸ªFilterï¼ä½¿ç¨éå·åé
			* 2ãå½è®¾ç½®å¤ä¸ªè¿æ»¤å¨æ¶ï¼å¨é¨éªè¯éè¿ï¼æè§ä¸ºéè¿
			* 3ãé¨åè¿æ»¤å¨å¯æå®åæ°ï¼å¦permsï¼roles
			*/
			@Bean("shiroFilterFactoryBean")
			public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
			CustomShiroFilterFactoryBean shiroFilterFactoryBean = new CustomShiroFilterFactoryBean();
			shiroFilterFactoryBean.setSecurityManager(securityManager);
			// æ¦æªå¨
			Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();

			//æ¯æymlæ¹å¼ï¼éç½®æ¦æªæé¤
			if(jeecgBaseConfig!=null && jeecgBaseConfig.getShiro()!=null){
			String shiroExcludeUrls = jeecgBaseConfig.getShiro().getExcludeUrls();
			if(oConvertUtils.isNotEmpty(shiroExcludeUrls)){
			String[] permissionUrl = shiroExcludeUrls.split(",");
			for(String url : permissionUrl){
			filterChainDefinitionMap.put(url,"anon");
			}
			}
			}
			// éç½®ä¸ä¼è¢«æ¦æªçé¾æ¥ é¡ºåºå¤æ
			filterChainDefinitionMap.put("/sys/cas/client/validateLogin", "anon"); //caséªè¯ç»å½
			filterChainDefinitionMap.put("/sys/randomImage/**", "anon"); //ç»å½éªè¯ç æ¥å£æé¤
			filterChainDefinitionMap.put("/sys/checkCaptcha", "anon"); //ç»å½éªè¯ç æ¥å£æé¤
			filterChainDefinitionMap.put("/sys/login", "anon"); //ç»å½æ¥å£æé¤
			filterChainDefinitionMap.put("/sys/mLogin", "anon"); //ç»å½æ¥å£æé¤
			filterChainDefinitionMap.put("/sys/logout", "anon"); //ç»åºæ¥å£æé¤
			filterChainDefinitionMap.put("/sys/thirdLogin/**", "anon"); //ç¬¬ä¸æ¹ç»å½
			filterChainDefinitionMap.put("/sys/getEncryptedString", "anon"); //è·åå å¯ä¸²
			filterChainDefinitionMap.put("/sys/sms", "anon");//çä¿¡éªè¯ç
			filterChainDefinitionMap.put("/sys/phoneLogin", "anon");//ææºç»å½
			filterChainDefinitionMap.put("/sys/user/checkOnlyUser", "anon");//æ ¡éªç¨æ·æ¯å¦åå¨
			filterChainDefinitionMap.put("/sys/user/register", "anon");//ç¨æ·æ³¨å
			filterChainDefinitionMap.put("/sys/user/phoneVerification", "anon");//ç¨æ·å¿è®°å¯ç éªè¯ææºå·
			filterChainDefinitionMap.put("/sys/user/passwordChange", "anon");//ç¨æ·æ´æ¹å¯ç
			filterChainDefinitionMap.put("/auth/2step-code", "anon");//ç»å½éªè¯ç
			filterChainDefinitionMap.put("/sys/common/static/**", "anon");//å¾çé¢è§ &ä¸è½½æä»¶ä¸éå¶token
			filterChainDefinitionMap.put("/sys/common/pdf/**", "anon");//pdfé¢è§
			filterChainDefinitionMap.put("/generic/**", "anon");//pdfé¢è§éè¦æä»¶

			filterChainDefinitionMap.put("/sys/getLoginQrcode/**", "anon"); //ç»å½äºç»´ç
			filterChainDefinitionMap.put("/sys/getQrcodeToken/**", "anon"); //çå¬æ«ç
			filterChainDefinitionMap.put("/sys/checkAuth", "anon"); //æææ¥å£æé¤


			filterChainDefinitionMap.put("/", "anon");
			filterChainDefinitionMap.put("/doc.html", "anon");
			filterChainDefinitionMap.put("/*/.js", "anon");
			filterChainDefinitionMap.put("/*/.css", "anon");
			filterChainDefinitionMap.put("/*/.html", "anon");
			filterChainDefinitionMap.put("/*/.svg", "anon");
			filterChainDefinitionMap.put("/*/.pdf", "anon");
			filterChainDefinitionMap.put("/*/.jpg", "anon");
			filterChainDefinitionMap.put("/*/.png", "anon");
			filterChainDefinitionMap.put("/*/.gif", "anon");
			filterChainDefinitionMap.put("/*/.ico", "anon");
			filterChainDefinitionMap.put("/*/.ttf", "anon");
			filterChainDefinitionMap.put("/*/.woff", "anon");
			filterChainDefinitionMap.put("/*/.woff2", "anon");

			filterChainDefinitionMap.put("/druid/**", "anon");
			filterChainDefinitionMap.put("/swagger-ui.html", "anon");
			filterChainDefinitionMap.put("/swagger/", "anon");
			filterChainDefinitionMap.put("/webjars/**", "anon");
			filterChainDefinitionMap.put("/v2/**", "anon");

			filterChainDefinitionMap.put("/sys/annountCement/show/**", "anon");

			//ç§¯æ¨æ¥è¡¨æé¤
			filterChainDefinitionMap.put("/jmreport/**", "anon");
			filterChainDefinitionMap.put("/*/.js.map", "anon");
			filterChainDefinitionMap.put("/*/.css.map", "anon");

			//å¤§å±æ¨¡æ¿ä¾å
			filterChainDefinitionMap.put("/test/bigScreen/**", "anon");
			filterChainDefinitionMap.put("/bigscreen/template1/**", "anon");
			filterChainDefinitionMap.put("/bigscreen/template1/**", "anon");
			//filterChainDefinitionMap.put("/test/jeecgDemo/rabbitMqClientTest/**", "anon"); //MQæµè¯
			//filterChainDefinitionMap.put("/test/jeecgDemo/html", "anon"); //æ¨¡æ¿é¡µé¢
			//filterChainDefinitionMap.put("/test/jeecgDemo/redis/**", "anon"); //redisæµè¯

			//websocketæé¤
			filterChainDefinitionMap.put("/websocket/**", "anon");//ç³»ç»éç¥åå¬å
			filterChainDefinitionMap.put("/newsWebsocket/**", "anon");//CMSæ¨¡å
			filterChainDefinitionMap.put("/vxeSocket/**", "anon");//JVxeTableæ çå·æ°ç¤ºä¾
			filterChainDefinitionMap.put("/drySocket/**", "anon");//å¹²ç¥æºéä¿¡

			//æ§è½çæ§ââå®å¨éæ£æ³é²TOEKNï¼duridè¿æ¥æ± ä¹æï¼
			//filterChainDefinitionMap.put("/actuator/**", "anon");
			//æµè¯æ¨¡åæé¤
			filterChainDefinitionMap.put("/test/seata/**", "anon");

			// å¹²ç¥è®¾å¤å®æ¶æ°æ®ä¸ä¼
			//filterChainDefinitionMap.put("/dry/dryOrder/**", "anon");

			// å¹²ç¥æµè¯
			filterChainDefinitionMap.put("/dry/dryResult/**", "anon");
			filterChainDefinitionMap.put("/dry/real/**", "anon");


			// æ·»å èªå·±çè¿æ»¤å¨å¹¶ä¸ååä¸ºjwt
			Map<String, Filter> filterMap = new HashMap<String, Filter>(1);
			//å¦æcloudServerä¸ºç©º åè¯´ææ¯åä½ éè¦å è½½è·¨åéç½®ãå¾®æå¡è·¨ååæ¢ã
			Object cloudServer = env.getProperty(CommonConstant.CLOUD_SERVER_KEY);
			filterMap.put("jwt", new JwtFilter(cloudServer==null));
			shiroFilterFactoryBean.setFilters(filterMap);
			// <!-- è¿æ»¤é¾å®ä¹ï¼ä»ä¸åä¸é¡ºåºæ§è¡ï¼ä¸è¬å°/**æ¾å¨æä¸ºä¸è¾¹
			filterChainDefinitionMap.put("/**", "jwt");

			// æªææçé¢è¿åJSON
			shiroFilterFactoryBean.setUnauthorizedUrl("/sys/common/403");
			shiroFilterFactoryBean.setLoginUrl("/sys/common/403");
			shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
			return shiroFilterFactoryBean;
			}

			@Bean("securityManager")
			public DefaultWebSecurityManager securityManager(ShiroRealm myRealm) {
			DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
			securityManager.setRealm(myRealm);

			/*
			* å³éshiroèªå¸¦çsessionï¼è¯¦æè§ææ¡£
			* http://shiro.apache.org/session-management.html#SessionManagement-
			* StatelessApplications%28Sessionless%29
			*/
			DefaultSubjectDAO subjectDAO = new DefaultSubjectDAO();
			DefaultSessionStorageEvaluator defaultSessionStorageEvaluator = new DefaultSessionStorageEvaluator();
			defaultSessionStorageEvaluator.setSessionStorageEnabled(false);
			subjectDAO.setSessionStorageEvaluator(defaultSessionStorageEvaluator);
			securityManager.setSubjectDAO(subjectDAO);
			//èªå®ä¹ç¼åå®ç°,ä½¿ç¨redis
			securityManager.setCacheManager(redisCacheManager());
			return securityManager;
			}

			/**
			* ä¸é¢çä»£ç æ¯æ·»å æ³¨è§£æ¯æ
			* @return
			*/
			@Bean
			@DependsOn("lifecycleBeanPostProcessor")
			public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
			DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
			defaultAdvisorAutoProxyCreator.setProxyTargetClass(true);
			/**
			* è§£å³éå¤ä»£çé®é¢ github#994
			* æ·»å åç¼å¤æ ä¸å¹é ä»»ä½Advisor
			*/
			defaultAdvisorAutoProxyCreator.setUsePrefix(true);
			defaultAdvisorAutoProxyCreator.setAdvisorBeanNamePrefix("_no_advisor");
			return defaultAdvisorAutoProxyCreator;
			}

			@Bean
			public static LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
			return new LifecycleBeanPostProcessor();
			}

			@Bean
			public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {
			AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
			advisor.setSecurityManager(securityManager);
			return advisor;
			}

			/**
			* cacheManager ç¼å rediså®ç°
			* ä½¿ç¨çæ¯shiro-rediså¼æºæä»¶
			*
			* @return
			*/
			public RedisCacheManager redisCacheManager() {
			log.info("===============(1)åå»ºç¼åç®¡çå¨RedisCacheManager");
			RedisCacheManager redisCacheManager = new RedisCacheManager();
			redisCacheManager.setRedisManager(redisManager());
			//redisä¸éå¯¹ä¸åç¨æ·ç¼å(æ¤å¤çidéè¦å¯¹åºuserå®ä½ä¸çidåæ®µ,ç¨äºå¯ä¸æ è¯)
			redisCacheManager.setPrincipalIdFieldName("id");
			//ç¨æ·æéä¿¡æ¯ç¼åæ¶é´
			redisCacheManager.setExpire(200000);
			return redisCacheManager;
			}

			/**
			* éç½®shiro redisManager
			* ä½¿ç¨çæ¯shiro-rediså¼æºæä»¶
			*
			* @return
			*/
			@Bean
			public IRedisManager redisManager() {
			log.info("===============(2)åå»ºRedisManager,è¿æ¥Redis..");
			IRedisManager manager;
			// redis åæºæ¯æï¼å¨éç¾¤ä¸ºç©ºï¼æèéç¾¤æ æºå¨æ¶åä½¿ç¨ add by jzyadmin@163.com
			if (lettuceConnectionFactory.getClusterConfiguration() == null \|\| lettuceConnectionFactory.getClusterConfiguration().getClusterNodes().isEmpty()) {
			RedisManager redisManager = new RedisManager();
			redisManager.setHost(lettuceConnectionFactory.getHostName());
			redisManager.setPort(lettuceConnectionFactory.getPort());
			redisManager.setDatabase(lettuceConnectionFactory.getDatabase());
			redisManager.setTimeout(0);
			if (!StringUtils.isEmpty(lettuceConnectionFactory.getPassword())) {
			redisManager.setPassword(lettuceConnectionFactory.getPassword());
			}
			manager = redisManager;
			}else{
			// rediséç¾¤æ¯æï¼ä¼åä½¿ç¨éç¾¤éç½®
			RedisClusterManager redisManager = new RedisClusterManager();
			Set<HostAndPort> portSet = new HashSet<>();
			lettuceConnectionFactory.getClusterConfiguration().getClusterNodes().forEach(node -> portSet.add(new HostAndPort(node.getHost() , node.getPort())));
			//update-begin--Author:scott Date:20210531 forï¼ä¿®æ¹éç¾¤æ¨¡å¼ä¸æªè®¾ç½®rediså¯ç çbug issues/I3QNIC
			if (oConvertUtils.isNotEmpty(lettuceConnectionFactory.getPassword())) {
			JedisCluster jedisCluster = new JedisCluster(portSet, 2000, 2000, 5,
			lettuceConnectionFactory.getPassword(), new GenericObjectPoolConfig());
			redisManager.setPassword(lettuceConnectionFactory.getPassword());
			redisManager.setJedisCluster(jedisCluster);
			} else {
			JedisCluster jedisCluster = new JedisCluster(portSet);
			redisManager.setJedisCluster(jedisCluster);
			}
			//update-end--Author:scott Date:20210531 forï¼ä¿®æ¹éç¾¤æ¨¡å¼ä¸æªè®¾ç½®rediså¯ç çbug issues/I3QNIC
			manager = redisManager;
			}
			return manager;
			}

			}