Skip to content

K
kwell-mes
Commit 9e9bb8cd authored by zhoumaotao's avatar zhoumaotao
Browse files
Options

config调整

parent c30b95e5
Hide whitespace changes
Inline Side-by-side
Showing with 228 additions and 128 deletions
gavel/src/main/java/com/gavel/kwell/config/FilterConfig.java
View file @ 9e9bb8cd
package com.gavel.kwell.config;
import java.util.Arrays;
import com.gavel.framework.filter.RequestWrapperFilter;
import com.gavel.framework.filter.ThreadContextFilter;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.filter.CharacterEncodingFilter;
import com.gavel.framework.filter.AuthenticationFilter;
import com.gavel.framework.filter.RequestWrapperFilter;
import com.gavel.framework.filter.ThreadContextFilter;
import java.util.Arrays;
@Configuration
public class FilterConfig {
@Bean
public CharacterEncodingFilter characterEncodingFilter() {
CharacterEncodingFilter filter = new CharacterEncodingFilter();
filter.setEncoding("UTF-8");
filter.setForceEncoding(true);
return filter;
}
@SuppressWarnings({ "rawtypes", "unchecked" })
@Bean
public FilterRegistrationBean authenticationFilter() {
// 用户认证
AuthenticationFilter authenticationFilter = new AuthenticationFilter();
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
registrationBean.setName("authenticationFilter"); // 过滤器名称
registrationBean.setFilter(authenticationFilter); // 注入过滤器
registrationBean.setOrder(10);
registrationBean.addInitParameter("prefix", "/css,/js,/images,/lib,/fonts,/mock");
registrationBean.setUrlPatterns(Arrays.asList("/*")); //拦截规则
return registrationBean;
@Bean
public CharacterEncodingFilter characterEncodingFilter() {
CharacterEncodingFilter filter = new CharacterEncodingFilter();
filter.setEncoding("UTF-8");
filter.setForceEncoding(true);
return filter;
}
@SuppressWarnings({ "rawtypes", "unchecked" })
@Bean
// @Bean
// public FilterRegistrationBean authenticationFilter() {
// // 用户认证
// AuthenticationFilter authenticationFilter = new AuthenticationFilter();
// FilterRegistrationBean registrationBean = new FilterRegistrationBean();
// registrationBean.setName("authenticationFilter"); // 过滤器名称
// registrationBean.setFilter(authenticationFilter); // 注入过滤器
// registrationBean.setOrder(10);
// registrationBean.addInitParameter("prefix", "/css,/js,/images,/lib,/fonts,/mock");
// registrationBean.setUrlPatterns(Arrays.asList("/*")); //拦截规则
// return registrationBean;
// }
@Bean
public FilterRegistrationBean requestWrapperFilter() {
RequestWrapperFilter requestWrapperFilter = new RequestWrapperFilter();
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
......
gavel/src/main/java/com/gavel/kwell/config/ShiroConfig.java
View file @ 9e9bb8cd
package com.gavel.kwell.config;
import com.gavel.common.Constants;
import com.gavel.common.utils.StringUtils;
import com.gavel.framework.filter.GavelCommonLogoutFilter;
import com.gavel.framework.filter.ShiroAuthFilter;
import com.gavel.kzzx.auth.cas.GavelAuthenticationFilter;
import com.gavel.kzzx.auth.cas.GavelCasFilter;
import com.gavel.kzzx.auth.cas.GavelCasRealm;
import com.gavel.kzzx.auth.cas.GavelLogoutFilter;
import com.gavel.kzzx.auth.shiro.*;
import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.cache.MemoryConstrainedCacheManager;
import org.apache.shiro.cas.CasSubjectFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator;
import org.apache.shiro.session.mgt.eis.SessionIdGenerator;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.crazycake.shiro.RedisCacheManager;
import org.crazycake.shiro.RedisManager;
import org.crazycake.shiro.RedisSessionDAO;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
import org.springframework.web.filter.DelegatingFilterProxy;
import javax.servlet.Filter;
import java.util.LinkedHashMap;
import java.util.Map;
import com.gavel.common.utils.StringUtils;
import com.gavel.kzzx.auth.shiro.GavelAuthResource;
import com.gavel.kzzx.auth.shiro.GavelAuthorizationAttributeSourceAdvisor;
import com.gavel.kzzx.auth.shiro.GavelAuthorizingRealm;
import com.gavel.kzzx.auth.shiro.GavelHashedCredentialsMatcher;
@Configuration
@PropertySource(value = {"classpath:config.properties"})
public class ShiroConfig {
@Value("${shiro.cache:}")
private String cacheType;
@Autowired
private RedisConfig redisConfig;
@Bean
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
// 必须设置 SecurityManager
shiroFilterFactoryBean.setSecurityManager(securityManager);
// 设置login URL
shiroFilterFactoryBean.setLoginUrl("/login_view");
// 登录成功后要跳转的链接
shiroFilterFactoryBean.setSuccessUrl("/index");
shiroFilterFactoryBean.setFilterChainDefinitionMap(GavelAuthResource.init());
return shiroFilterFactoryBean;
}
/*
* 凭证匹配器 (由于我们的密码校验交给Shiro的SimpleAuthenticationInfo进行处理了
* 所以我们需要修改下doGetAuthenticationInfo中的代码; )
*/
@Bean
public GavelHashedCredentialsMatcher hashedCredentialsMatcher() {
GavelHashedCredentialsMatcher hashedCredentialsMatcher = new GavelHashedCredentialsMatcher();
hashedCredentialsMatcher.setHashAlgorithmName("md5");// 散列算法:这里使用MD5算法;
hashedCredentialsMatcher.setHashIterations(1);// 散列的次数,比如散列两次,相当于md5(md5(""));
return hashedCredentialsMatcher;
}
@Bean
public GavelAuthorizingRealm shiroRealm() {
GavelAuthorizingRealm shiroRealm = new GavelAuthorizingRealm();
shiroRealm.setCredentialsMatcher(hashedCredentialsMatcher());
return shiroRealm;
}
@Bean
public SecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
// 注入自定义的realm;
securityManager.setRealm(shiroRealm());
// 注入缓存管理器;
if (StringUtils.equals(cacheType, "redis"))
securityManager.setCacheManager(redisCacheManager());
else
securityManager.setCacheManager(cacheManager());
return securityManager;
}
/*
* 开启shiro aop注解支持 使用代理方式;所以需要开启代码支持;
*/
@Bean
public GavelAuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(
SecurityManager securityManager) {
GavelAuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new GavelAuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
}
/**
* DefaultAdvisorAutoProxyCreator,Spring的一个bean,由Advisor决定对哪些类的方法进行AOP代理。
*/
@Bean
public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
DefaultAdvisorAutoProxyCreator defaultAAP = new DefaultAdvisorAutoProxyCreator();
defaultAAP.setProxyTargetClass(true);
return defaultAAP;
}
/*
* shiro缓存管理器;
* 需要注入对应的其它的实体类中-->安全管理器:securityManager可见securityManager是整个shiro的核心;
*/
@Bean
public CacheManager cacheManager() {
return new MemoryConstrainedCacheManager();
}
/**
private static final String CAS_FILTER_URL = "/shiro-cas";
@Value("${sso.enable:false}")
private boolean ssoEnable;
@Value("${sso.server:}")
private String casServerUrl;
@Value("${shiro.cache:}")
private String cacheType;
@Autowired
private RedisConfig redisConfig;
@SuppressWarnings({ "rawtypes", "unchecked" })
@Bean
public FilterRegistrationBean filterRegistrationBean() {
FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
filterRegistration.setFilter(new DelegatingFilterProxy("shiroFilter"));
filterRegistration.addInitParameter("targetFilterLifecycle", "true");
filterRegistration.setEnabled(true);
filterRegistration.setOrder(1);
filterRegistration.addUrlPatterns("/*");
return filterRegistration;
}
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
// 必须设置 SecurityManager
shiroFilterFactoryBean.setSecurityManager(securityManager);
// 登录成功后要跳转的链接
shiroFilterFactoryBean.setSuccessUrl("/index");
if ( ssoEnable ) {
Map<String, Filter> filters = new LinkedHashMap<>();
shiroFilterFactoryBean.setFilters(filters);
filters.put("casFilter", new GavelCasFilter(casServerUrl));
filters.put("logout", new GavelLogoutFilter(casServerUrl, ssoEnable));
filters.put("authFilter", new GavelAuthenticationFilter(casServerUrl, ssoEnable));
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
filterChainDefinitionMap.put(CAS_FILTER_URL, "casFilter");
filterChainDefinitionMap.put("/logout", "logout");
filterChainDefinitionMap.put("/file/**", "anon");
filterChainDefinitionMap.put("/api/**", "anon");
filterChainDefinitionMap.put("/video.html", "anon");
filterChainDefinitionMap.put("/static/**", "anon");
filterChainDefinitionMap.put("/api/**", "anon");
filterChainDefinitionMap.put("/css/**", "anon");
filterChainDefinitionMap.put("/js/**", "anon");
filterChainDefinitionMap.put("/images/**", "anon");
filterChainDefinitionMap.put("/lib/**", "anon");
filterChainDefinitionMap.put("/fonts/**", "anon");
filterChainDefinitionMap.put("/mock/**", "anon");
filterChainDefinitionMap.put("/**", "authFilter");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
}
else {
// 设置login URL
shiroFilterFactoryBean.setLoginUrl("/login_view");
shiroFilterFactoryBean.setUnauthorizedUrl("/403");
shiroFilterFactoryBean.setSuccessUrl("/index");
Map<String, Filter> filters = new LinkedHashMap<>();
filters.put("permFilter", new ShiroAuthFilter());
filters.put("logout", new GavelCommonLogoutFilter());
shiroFilterFactoryBean.setFilters(filters);
Map<String, String> filterChainDefinitionMap = GavelAuthResource.init();
filterChainDefinitionMap.put("/logout", "logout");
filterChainDefinitionMap.put("/**", "permFilter");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
}
return shiroFilterFactoryBean;
}
/*
* 凭证匹配器 (由于我们的密码校验交给Shiro的SimpleAuthenticationInfo进行处理了
* 所以我们需要修改下doGetAuthenticationInfo中的代码; )
*/
@Bean
public GavelHashedCredentialsMatcher hashedCredentialsMatcher() {
GavelHashedCredentialsMatcher hashedCredentialsMatcher = new GavelHashedCredentialsMatcher();
hashedCredentialsMatcher.setHashAlgorithmName("md5");// 散列算法:这里使用MD5算法;
hashedCredentialsMatcher.setHashIterations(1);// 散列的次数,比如散列两次,相当于md5(md5(""));
return hashedCredentialsMatcher;
}
@Bean(name = "shiroRealm")
public GavelAuthorizingRealm shiroRealm() {
GavelAuthorizingRealm shiroRealm = new GavelAuthorizingRealm();
shiroRealm.setCredentialsMatcher(hashedCredentialsMatcher());
return shiroRealm;
}
@Bean(name = "casRealm")
public GavelCasRealm casRealm() {
GavelCasRealm casRealm = new GavelCasRealm();
// 认证通过后的默认角色
casRealm.setDefaultRoles("ROLE_USER");
// cas 服务端地址前缀
casRealm.setCasServerUrlPrefix(casServerUrl);
// 应用服务地址,用来接收cas服务端票证
// casRealm.setCasService(appServerUrl + CAS_FILTER_URL);
return casRealm;
}
@Bean("securityManager")
public SecurityManager securityManager(GavelCasRealm casRealm) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
// 注入自定义的realm;
if ( ssoEnable ) {
// 设置授权策略,此步骤必须在设置realm的前面,不然会报错realm未配置
//securityManager.setAuthenticator(authenticator);
securityManager.setSubjectFactory(new CasSubjectFactory());
// 设置自定义验证策略
securityManager.setRealm(casRealm);
} else {
securityManager.setRealm(shiroRealm());
}
// 注入缓存管理器;
if (StringUtils.equals(cacheType, "redis"))
securityManager.setCacheManager(redisCacheManager());
else
securityManager.setCacheManager(cacheManager());
securityManager.setSessionManager(sessionManager());
return securityManager;
}
/*
* 开启shiro aop注解支持 使用代理方式;所以需要开启代码支持;
*/
@Bean
public GavelAuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(
@Qualifier("securityManager")SecurityManager securityManager) {
GavelAuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new GavelAuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
}
/**
* DefaultAdvisorAutoProxyCreator,Spring的一个bean,由Advisor决定对哪些类的方法进行AOP代理。
*/
@Bean
public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
DefaultAdvisorAutoProxyCreator defaultAAP = new DefaultAdvisorAutoProxyCreator();
defaultAAP.setProxyTargetClass(true);
return defaultAAP;
}
/*
* shiro缓存管理器;
* 需要注入对应的其它的实体类中-->安全管理器:securityManager可见securityManager是整个shiro的核心;
*/
@Bean("ShiroCacheManager")
public CacheManager cacheManager() {
return new MemoryConstrainedCacheManager();
}
/**
* 配置会话ID生成器
* @return
*/
......@@ -118,14 +214,14 @@ public class ShiroConfig {
public SessionIdGenerator sessionIdGenerator() {
return new JavaUuidSessionIdGenerator();
}
/**
/**
* redisManager
*
* @return
*/
@Bean
@ConditionalOnProperty(value="shiro.cache", havingValue="redis", matchIfMissing=false)
@Bean("redisManager")
// @ConditionalOnProperty(value="shiro.cache", havingValue="redis", matchIfMissing=false)
public RedisManager redisManager() {
RedisManager redisManager = new RedisManager();
redisManager.setHost(redisConfig.getHost()+":"+redisConfig.getPort());
......@@ -133,7 +229,7 @@ public class ShiroConfig {
}
/**
* cacheManager
* cacheManager
*
* @return
*/
......@@ -148,23 +244,27 @@ public class ShiroConfig {
/**
* redisSessionDAO
*/
@ConditionalOnProperty(value="shiro.cache", havingValue="redis", matchIfMissing=false)
@Bean
// @ConditionalOnProperty(value="shiro.cache", havingValue="redis", matchIfMissing=false)
@Bean("redisSessionDAO")
public RedisSessionDAO redisSessionDAO() {
RedisSessionDAO redisSessionDAO = new RedisSessionDAO();
redisSessionDAO.setRedisManager(redisManager());
// redisSessionDAO.setSessionIdGenerator(new GavelSessionGenerator());
return redisSessionDAO;
}
/**
* sessionManager
*/
@ConditionalOnProperty(value="shiro.cache", havingValue="redis", matchIfMissing=false)
@Bean
public DefaultWebSessionManager SessionManager() {
DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
// @ConditionalOnProperty(value="shiro.cache", havingValue="redis", matchIfMissing=false)
@Bean("sessionManager")
public GavelSessionManager sessionManager() {
// DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
GavelSessionManager sessionManager = new GavelSessionManager();
sessionManager.setGlobalSessionTimeout(Constants.liveMills);
sessionManager.setSessionDAO(redisSessionDAO());
return sessionManager;
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment