From c2fccb01b972176dc3da5a497b5e904025e9e98d Mon Sep 17 00:00:00 2001
From: bsw215583320 <baoshiwei121@163.com>
Date: 星期二, 16 四月 2024 15:06:51 +0800
Subject: [PATCH] Merge branch 'master' of http://210.22.126.130:1111/r/dry/herb
---
jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java | 283 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 283 insertions(+), 0 deletions(-)
diff --git a/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java b/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java
new file mode 100644
index 0000000..198ddd0
--- /dev/null
+++ b/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java
@@ -0,0 +1,283 @@
+package org.jeecg.config.shiro;
+
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.pool2.impl.GenericObjectPoolConfig;
+import org.apache.shiro.mgt.DefaultSessionStorageEvaluator;
+import org.apache.shiro.mgt.DefaultSubjectDAO;
+import org.apache.shiro.mgt.SecurityManager;
+import org.apache.shiro.spring.LifecycleBeanPostProcessor;
+import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
+import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
+import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
+import org.crazycake.shiro.IRedisManager;
+import org.crazycake.shiro.RedisCacheManager;
+import org.crazycake.shiro.RedisClusterManager;
+import org.crazycake.shiro.RedisManager;
+import org.jeecg.common.constant.CommonConstant;
+import org.jeecg.common.util.oConvertUtils;
+import org.jeecg.config.JeecgBaseConfig;
+import org.jeecg.config.shiro.filters.CustomShiroFilterFactoryBean;
+import org.jeecg.config.shiro.filters.JwtFilter;
+import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.DependsOn;
+import org.springframework.core.env.Environment;
+import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
+import org.springframework.util.StringUtils;
+import redis.clients.jedis.HostAndPort;
+import redis.clients.jedis.JedisCluster;
+
+import javax.annotation.Resource;
+import javax.servlet.Filter;
+import java.util.*;
+
+/**
+ * @author: Scott
+ * @date: 2018/2/7
+ * @description: shiro 閰嶇疆绫�
+ */
+
+@Slf4j
+@Configuration
+public class ShiroConfig {
+
+ @Resource
+ private LettuceConnectionFactory lettuceConnectionFactory;
+ @Autowired
+ private Environment env;
+ @Resource
+ private JeecgBaseConfig jeecgBaseConfig;
+
+ /**
+ * Filter Chain瀹氫箟璇存槑
+ *
+ * 1銆佷竴涓猆RL鍙互閰嶇疆澶氫釜Filter锛屼娇鐢ㄩ�楀彿鍒嗛殧
+ * 2銆佸綋璁剧疆澶氫釜杩囨护鍣ㄦ椂锛屽叏閮ㄩ獙璇侀�氳繃锛屾墠瑙嗕负閫氳繃
+ * 3銆侀儴鍒嗚繃婊ゅ櫒鍙寚瀹氬弬鏁帮紝濡俻erms锛宺oles
+ */
+ @Bean("shiroFilterFactoryBean")
+ public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
+ CustomShiroFilterFactoryBean shiroFilterFactoryBean = new CustomShiroFilterFactoryBean();
+ shiroFilterFactoryBean.setSecurityManager(securityManager);
+ // 鎷︽埅鍣�
+ Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
+
+ //鏀寔yml鏂瑰紡锛岄厤缃嫤鎴帓闄�
+ if(jeecgBaseConfig!=null && jeecgBaseConfig.getShiro()!=null){
+ String shiroExcludeUrls = jeecgBaseConfig.getShiro().getExcludeUrls();
+ if(oConvertUtils.isNotEmpty(shiroExcludeUrls)){
+ String[] permissionUrl = shiroExcludeUrls.split(",");
+ for(String url : permissionUrl){
+ filterChainDefinitionMap.put(url,"anon");
+ }
+ }
+ }
+ // 閰嶇疆涓嶄細琚嫤鎴殑閾炬帴 椤哄簭鍒ゆ柇
+ filterChainDefinitionMap.put("/sys/cas/client/validateLogin", "anon"); //cas楠岃瘉鐧诲綍
+ filterChainDefinitionMap.put("/sys/randomImage/**", "anon"); //鐧诲綍楠岃瘉鐮佹帴鍙f帓闄�
+ filterChainDefinitionMap.put("/sys/checkCaptcha", "anon"); //鐧诲綍楠岃瘉鐮佹帴鍙f帓闄�
+ filterChainDefinitionMap.put("/sys/login", "anon"); //鐧诲綍鎺ュ彛鎺掗櫎
+ filterChainDefinitionMap.put("/sys/mLogin", "anon"); //鐧诲綍鎺ュ彛鎺掗櫎
+ filterChainDefinitionMap.put("/sys/logout", "anon"); //鐧诲嚭鎺ュ彛鎺掗櫎
+ filterChainDefinitionMap.put("/sys/thirdLogin/**", "anon"); //绗笁鏂圭櫥褰�
+ filterChainDefinitionMap.put("/sys/getEncryptedString", "anon"); //鑾峰彇鍔犲瘑涓�
+ filterChainDefinitionMap.put("/sys/sms", "anon");//鐭俊楠岃瘉鐮�
+ filterChainDefinitionMap.put("/sys/phoneLogin", "anon");//鎵嬫満鐧诲綍
+ filterChainDefinitionMap.put("/sys/user/checkOnlyUser", "anon");//鏍¢獙鐢ㄦ埛鏄惁瀛樺湪
+ filterChainDefinitionMap.put("/sys/user/register", "anon");//鐢ㄦ埛娉ㄥ唽
+ filterChainDefinitionMap.put("/sys/user/phoneVerification", "anon");//鐢ㄦ埛蹇樿瀵嗙爜楠岃瘉鎵嬫満鍙�
+ filterChainDefinitionMap.put("/sys/user/passwordChange", "anon");//鐢ㄦ埛鏇存敼瀵嗙爜
+ filterChainDefinitionMap.put("/auth/2step-code", "anon");//鐧诲綍楠岃瘉鐮�
+ filterChainDefinitionMap.put("/sys/common/static/**", "anon");//鍥剧墖棰勮 &涓嬭浇鏂囦欢涓嶉檺鍒秚oken
+ filterChainDefinitionMap.put("/sys/common/pdf/**", "anon");//pdf棰勮
+ filterChainDefinitionMap.put("/generic/**", "anon");//pdf棰勮闇�瑕佹枃浠�
+
+ filterChainDefinitionMap.put("/sys/getLoginQrcode/**", "anon"); //鐧诲綍浜岀淮鐮�
+ filterChainDefinitionMap.put("/sys/getQrcodeToken/**", "anon"); //鐩戝惉鎵爜
+ filterChainDefinitionMap.put("/sys/checkAuth", "anon"); //鎺堟潈鎺ュ彛鎺掗櫎
+
+
+ filterChainDefinitionMap.put("/", "anon");
+ filterChainDefinitionMap.put("/doc.html", "anon");
+ filterChainDefinitionMap.put("/**/*.js", "anon");
+ filterChainDefinitionMap.put("/**/*.css", "anon");
+ filterChainDefinitionMap.put("/**/*.html", "anon");
+ filterChainDefinitionMap.put("/**/*.svg", "anon");
+ filterChainDefinitionMap.put("/**/*.pdf", "anon");
+ filterChainDefinitionMap.put("/**/*.jpg", "anon");
+ filterChainDefinitionMap.put("/**/*.png", "anon");
+ filterChainDefinitionMap.put("/**/*.gif", "anon");
+ filterChainDefinitionMap.put("/**/*.ico", "anon");
+ filterChainDefinitionMap.put("/**/*.ttf", "anon");
+ filterChainDefinitionMap.put("/**/*.woff", "anon");
+ filterChainDefinitionMap.put("/**/*.woff2", "anon");
+
+ filterChainDefinitionMap.put("/druid/**", "anon");
+ filterChainDefinitionMap.put("/swagger-ui.html", "anon");
+ filterChainDefinitionMap.put("/swagger**/**", "anon");
+ filterChainDefinitionMap.put("/webjars/**", "anon");
+ filterChainDefinitionMap.put("/v2/**", "anon");
+
+ filterChainDefinitionMap.put("/sys/annountCement/show/**", "anon");
+
+ //绉湪鎶ヨ〃鎺掗櫎
+ filterChainDefinitionMap.put("/jmreport/**", "anon");
+ filterChainDefinitionMap.put("/**/*.js.map", "anon");
+ filterChainDefinitionMap.put("/**/*.css.map", "anon");
+
+ //澶у睆妯℃澘渚嬪瓙
+ filterChainDefinitionMap.put("/test/bigScreen/**", "anon");
+ filterChainDefinitionMap.put("/bigscreen/template1/**", "anon");
+ filterChainDefinitionMap.put("/bigscreen/template1/**", "anon");
+ //filterChainDefinitionMap.put("/test/jeecgDemo/rabbitMqClientTest/**", "anon"); //MQ娴嬭瘯
+ //filterChainDefinitionMap.put("/test/jeecgDemo/html", "anon"); //妯℃澘椤甸潰
+ //filterChainDefinitionMap.put("/test/jeecgDemo/redis/**", "anon"); //redis娴嬭瘯
+
+ //websocket鎺掗櫎
+ filterChainDefinitionMap.put("/websocket/**", "anon");//绯荤粺閫氱煡鍜屽叕鍛�
+ filterChainDefinitionMap.put("/newsWebsocket/**", "anon");//CMS妯″潡
+ filterChainDefinitionMap.put("/vxeSocket/**", "anon");//JVxeTable鏃犵棔鍒锋柊绀轰緥
+ filterChainDefinitionMap.put("/drySocket/**", "anon");//骞茬嚗鏈洪�氫俊
+
+ //鎬ц兘鐩戞帶鈥斺�斿畨鍏ㄩ殣鎮f硠闇睺OEKN锛坉urid杩炴帴姹犱篃鏈夛級
+ //filterChainDefinitionMap.put("/actuator/**", "anon");
+ //娴嬭瘯妯″潡鎺掗櫎
+ filterChainDefinitionMap.put("/test/seata/**", "anon");
+
+ // 骞茬嚗璁惧瀹炴椂鏁版嵁涓婁紶
+ //filterChainDefinitionMap.put("/dry/dryOrder/**", "anon");
+
+ // 骞茬嚗娴嬭瘯
+ filterChainDefinitionMap.put("/dry/dryResult/**", "anon");
+ filterChainDefinitionMap.put("/dry/real/**", "anon");
+
+
+ // 娣诲姞鑷繁鐨勮繃婊ゅ櫒骞朵笖鍙栧悕涓簀wt
+ Map<String, Filter> filterMap = new HashMap<String, Filter>(1);
+ //濡傛灉cloudServer涓虹┖ 鍒欒鏄庢槸鍗曚綋 闇�瑕佸姞杞借法鍩熼厤缃�愬井鏈嶅姟璺ㄥ煙鍒囨崲銆�
+ Object cloudServer = env.getProperty(CommonConstant.CLOUD_SERVER_KEY);
+ filterMap.put("jwt", new JwtFilter(cloudServer==null));
+ shiroFilterFactoryBean.setFilters(filterMap);
+ // <!-- 杩囨护閾惧畾涔夛紝浠庝笂鍚戜笅椤哄簭鎵ц锛屼竴鑸皢/**鏀惧湪鏈�涓轰笅杈�
+ filterChainDefinitionMap.put("/**", "jwt");
+
+ // 鏈巿鏉冪晫闈㈣繑鍥濲SON
+ shiroFilterFactoryBean.setUnauthorizedUrl("/sys/common/403");
+ shiroFilterFactoryBean.setLoginUrl("/sys/common/403");
+ shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
+ return shiroFilterFactoryBean;
+ }
+
+ @Bean("securityManager")
+ public DefaultWebSecurityManager securityManager(ShiroRealm myRealm) {
+ DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
+ securityManager.setRealm(myRealm);
+
+ /*
+ * 鍏抽棴shiro鑷甫鐨剆ession锛岃鎯呰鏂囨。
+ * http://shiro.apache.org/session-management.html#SessionManagement-
+ * StatelessApplications%28Sessionless%29
+ */
+ DefaultSubjectDAO subjectDAO = new DefaultSubjectDAO();
+ DefaultSessionStorageEvaluator defaultSessionStorageEvaluator = new DefaultSessionStorageEvaluator();
+ defaultSessionStorageEvaluator.setSessionStorageEnabled(false);
+ subjectDAO.setSessionStorageEvaluator(defaultSessionStorageEvaluator);
+ securityManager.setSubjectDAO(subjectDAO);
+ //鑷畾涔夌紦瀛樺疄鐜�,浣跨敤redis
+ securityManager.setCacheManager(redisCacheManager());
+ return securityManager;
+ }
+
+ /**
+ * 涓嬮潰鐨勪唬鐮佹槸娣诲姞娉ㄨВ鏀寔
+ * @return
+ */
+ @Bean
+ @DependsOn("lifecycleBeanPostProcessor")
+ public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
+ DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
+ defaultAdvisorAutoProxyCreator.setProxyTargetClass(true);
+ /**
+ * 瑙e喅閲嶅浠g悊闂 github#994
+ * 娣诲姞鍓嶇紑鍒ゆ柇 涓嶅尮閰� 浠讳綍Advisor
+ */
+ defaultAdvisorAutoProxyCreator.setUsePrefix(true);
+ defaultAdvisorAutoProxyCreator.setAdvisorBeanNamePrefix("_no_advisor");
+ return defaultAdvisorAutoProxyCreator;
+ }
+
+ @Bean
+ public static LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
+ return new LifecycleBeanPostProcessor();
+ }
+
+ @Bean
+ public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {
+ AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
+ advisor.setSecurityManager(securityManager);
+ return advisor;
+ }
+
+ /**
+ * cacheManager 缂撳瓨 redis瀹炵幇
+ * 浣跨敤鐨勬槸shiro-redis寮�婧愭彃浠�
+ *
+ * @return
+ */
+ public RedisCacheManager redisCacheManager() {
+ log.info("===============(1)鍒涘缓缂撳瓨绠$悊鍣≧edisCacheManager");
+ RedisCacheManager redisCacheManager = new RedisCacheManager();
+ redisCacheManager.setRedisManager(redisManager());
+ //redis涓拡瀵逛笉鍚岀敤鎴风紦瀛�(姝ゅ鐨刬d闇�瑕佸搴攗ser瀹炰綋涓殑id瀛楁,鐢ㄤ簬鍞竴鏍囪瘑)
+ redisCacheManager.setPrincipalIdFieldName("id");
+ //鐢ㄦ埛鏉冮檺淇℃伅缂撳瓨鏃堕棿
+ redisCacheManager.setExpire(200000);
+ return redisCacheManager;
+ }
+
+ /**
+ * 閰嶇疆shiro redisManager
+ * 浣跨敤鐨勬槸shiro-redis寮�婧愭彃浠�
+ *
+ * @return
+ */
+ @Bean
+ public IRedisManager redisManager() {
+ log.info("===============(2)鍒涘缓RedisManager,杩炴帴Redis..");
+ IRedisManager manager;
+ // redis 鍗曟満鏀寔锛屽湪闆嗙兢涓虹┖锛屾垨鑰呴泦缇ゆ棤鏈哄櫒鏃跺�欎娇鐢� add by jzyadmin@163.com
+ if (lettuceConnectionFactory.getClusterConfiguration() == null || lettuceConnectionFactory.getClusterConfiguration().getClusterNodes().isEmpty()) {
+ RedisManager redisManager = new RedisManager();
+ redisManager.setHost(lettuceConnectionFactory.getHostName());
+ redisManager.setPort(lettuceConnectionFactory.getPort());
+ redisManager.setDatabase(lettuceConnectionFactory.getDatabase());
+ redisManager.setTimeout(0);
+ if (!StringUtils.isEmpty(lettuceConnectionFactory.getPassword())) {
+ redisManager.setPassword(lettuceConnectionFactory.getPassword());
+ }
+ manager = redisManager;
+ }else{
+ // redis闆嗙兢鏀寔锛屼紭鍏堜娇鐢ㄩ泦缇ら厤缃�
+ RedisClusterManager redisManager = new RedisClusterManager();
+ Set<HostAndPort> portSet = new HashSet<>();
+ lettuceConnectionFactory.getClusterConfiguration().getClusterNodes().forEach(node -> portSet.add(new HostAndPort(node.getHost() , node.getPort())));
+ //update-begin--Author:scott Date:20210531 for锛氫慨鏀归泦缇ゆā寮忎笅鏈缃畆edis瀵嗙爜鐨刡ug issues/I3QNIC
+ if (oConvertUtils.isNotEmpty(lettuceConnectionFactory.getPassword())) {
+ JedisCluster jedisCluster = new JedisCluster(portSet, 2000, 2000, 5,
+ lettuceConnectionFactory.getPassword(), new GenericObjectPoolConfig());
+ redisManager.setPassword(lettuceConnectionFactory.getPassword());
+ redisManager.setJedisCluster(jedisCluster);
+ } else {
+ JedisCluster jedisCluster = new JedisCluster(portSet);
+ redisManager.setJedisCluster(jedisCluster);
+ }
+ //update-end--Author:scott Date:20210531 for锛氫慨鏀归泦缇ゆā寮忎笅鏈缃畆edis瀵嗙爜鐨刡ug issues/I3QNIC
+ manager = redisManager;
+ }
+ return manager;
+ }
+
+}
--
Gitblit v1.9.3