springboot配置shiro許可權管理,網搜搜採集網站許可權控制程式碼
阿新 • • 發佈:2018-12-06
import outshine.shiro.authc.AccountSubjectFactory; import outshine.shiro.filter.AuthenticatedFilter; import outshine.shiro.realm.AccountRealm; import org.apache.shiro.cache.CacheManager; import org.apache.shiro.cache.ehcache.EhCacheManager; import org.apache.shiro.codec.Base64; import org.apache.shiro.session.mgt.SessionManager;import org.apache.shiro.spring.LifecycleBeanPostProcessor; import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.mgt.CookieRememberMeManager; import org.apache.shiro.web.mgt.DefaultWebSecurityManager;import org.apache.shiro.web.servlet.Cookie; import org.apache.shiro.web.servlet.ShiroHttpSession; import org.apache.shiro.web.servlet.SimpleCookie; import org.apache.shiro.web.session.mgt.DefaultWebSessionManager; import org.springframework.beans.factory.config.MethodInvokingFactoryBean; import org.springframework.cache.ehcache.EhCacheManagerFactoryBean;import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import javax.servlet.Filter; import java.util.HashMap; import java.util.LinkedHashMap; import java.util.Map; /** * shiro許可權管理的配置 * <p> * Created by langhsu on 2017/11/13. */ @Configuration public class ShiroConfig { @Bean public AccountSubjectFactory accountSubjectFactory() { return new AccountSubjectFactory(); } /** * 安全管理器 */ @Bean public DefaultWebSecurityManager securityManager(CookieRememberMeManager rememberMeManager, CacheManager cacheShiroManager, SessionManager sessionManager) { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(this.shiroAccountRealm()); securityManager.setCacheManager(cacheShiroManager); securityManager.setRememberMeManager(rememberMeManager); securityManager.setSessionManager(sessionManager); securityManager.setSubjectFactory(this.accountSubjectFactory()); return securityManager; } /** * session管理器(單機環境) */ @Bean public DefaultWebSessionManager defaultWebSessionManager(CacheManager cacheShiroManager) { DefaultWebSessionManager sessionManager = new DefaultWebSessionManager(); sessionManager.setCacheManager(cacheShiroManager); sessionManager.setSessionValidationInterval(1800 * 1000); sessionManager.setGlobalSessionTimeout(900 * 1000); sessionManager.setDeleteInvalidSessions(true); sessionManager.setSessionValidationSchedulerEnabled(true); Cookie cookie = new SimpleCookie(ShiroHttpSession.DEFAULT_SESSION_ID_NAME); cookie.setName("shiroCookie"); cookie.setHttpOnly(true); sessionManager.setSessionIdCookie(cookie); return sessionManager; } /** * 快取管理器 使用Ehcache實現 */ @Bean public CacheManager getCacheShiroManager(EhCacheManagerFactoryBean ehcache) { EhCacheManager ehCacheManager = new EhCacheManager(); ehCacheManager.setCacheManager(ehcache.getObject()); return ehCacheManager; } /** * 專案自定義的Realm */ @Bean public AccountRealm shiroAccountRealm() { return new AccountRealm(); } /** * rememberMe管理器, cipherKey生成見{@code Base64Test.java} */ @Bean public CookieRememberMeManager rememberMeManager(SimpleCookie rememberMeCookie) { CookieRememberMeManager manager = new CookieRememberMeManager(); manager.setCipherKey(Base64.decode("Z3VucwAAAAAAAAAAAAAAAA==")); manager.setCookie(rememberMeCookie); return manager; } /** * 記住密碼Cookie */ @Bean public SimpleCookie rememberMeCookie() { SimpleCookie simpleCookie = new SimpleCookie("rememberMe"); simpleCookie.setHttpOnly(true); simpleCookie.setMaxAge(7 * 24 * 60 * 60);//7天 return simpleCookie; } /** * Shiro的過濾器鏈 */ @Bean public ShiroFilterFactoryBean shiroFilter(DefaultWebSecurityManager securityManager) { ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean(); shiroFilter.setSecurityManager(securityManager); /** * 預設的登陸訪問url */ shiroFilter.setLoginUrl("/login"); /** * 登陸成功後跳轉的url */ shiroFilter.setSuccessUrl("/"); /** * 沒有許可權跳轉的url */ shiroFilter.setUnauthorizedUrl("/error/reject.html"); /** * 覆蓋預設的user攔截器(預設攔截器解決不了ajax請求 session超時的問題,若有更好的辦法請及時反饋作者) */ HashMap<String, Filter> myFilters = new HashMap<>(); myFilters.put("authc", new AuthenticatedFilter()); shiroFilter.setFilters(myFilters); /** * 配置shiro攔截器鏈 * * anon 不需要認證 * authc 需要認證 * user 驗證通過或RememberMe登入的都可以 * * 當應用開啟了rememberMe時,使用者下次訪問時可以是一個user,但不會是authc,因為authc是需要重新認證的 * * 順序從上到下,優先順序依次降低 * */ Map<String, String> hashMap = new LinkedHashMap<>(); hashMap.put("/login", "anon"); hashMap.put("/user*", "authc"); hashMap.put("/user/**", "authc"); hashMap.put("/post/**", "authc"); hashMap.put("/admin", "authc,perms[admin]"); hashMap.put("/admin/**", "authc,perms[admin]"); shiroFilter.setFilterChainDefinitionMap(hashMap); return shiroFilter; } /** * 在方法中 注入 securityManager,進行代理控制 */ @Bean public MethodInvokingFactoryBean methodInvokingFactoryBean(DefaultWebSecurityManager securityManager) { MethodInvokingFactoryBean bean = new MethodInvokingFactoryBean(); bean.setStaticMethod("org.apache.shiro.SecurityUtils.setSecurityManager"); bean.setArguments(new Object[]{securityManager}); return bean; } /** * Shiro生命週期處理器: * 用於在實現了Initializable介面的Shiro bean初始化時呼叫Initializable介面回撥(例如:UserRealm) * 在實現了Destroyable介面的Shiro bean銷燬時呼叫 Destroyable介面回撥(例如:DefaultSecurityManager) */ @Bean public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() { return new LifecycleBeanPostProcessor(); } /** * 啟用shrio授權註解攔截方式,AOP式方法級許可權檢查 */ @Bean public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) { AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor(); authorizationAttributeSourceAdvisor.setSecurityManager(securityManager); return authorizationAttributeSourceAdvisor; } }
這段程式碼在網搜搜 網站後臺管理軟體檢測通過.