config调整

9e9bb8cd · zhoumaotao · c30b95e5 · 9e9bb8cd · 9e9bb8cd
Commit 9e9bb8cd authored Apr 06, 2022 by zhoumaotao
Show whitespace changes
Inline Side-by-side

Showing with 228 additions and 128 deletions

FilterConfig.java gavel/src/main/java/com/gavel/kwell/config/FilterConfig.java +26 -26

ShiroConfig.java gavel/src/main/java/com/gavel/kwell/config/ShiroConfig.java +202 -102

No files found.
--- a/gavel/src/main/java/com/gavel/kwell/config/FilterConfig.java
+++ b/gavel/src/main/java/com/gavel/kwell/config/FilterConfig.java
 package com.gavel.kwell.config;
-import java.util.Arrays;
+import com.gavel.framework.filter.RequestWrapperFilter;
+import com.gavel.framework.filter.ThreadContextFilter;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.filter.CharacterEncodingFilter;
-import com.gavel.framework.filter.AuthenticationFilter;
+import java.util.Arrays;
-import com.gavel.framework.filter.RequestWrapperFilter;
-import com.gavel.framework.filter.ThreadContextFilter;
 @Configuration
 public class FilterConfig {
@@ -22,21 +22,21 @@ public class FilterConfig {
        return filter;
    }
-    @SuppressWarnings({ "rawtypes", "unchecked" })
-	@Bean
-    public FilterRegistrationBean authenticationFilter() {
-        // 用户认证
-        AuthenticationFilter authenticationFilter = new AuthenticationFilter();
-        FilterRegistrationBean registrationBean = new FilterRegistrationBean();
-        registrationBean.setName("authenticationFilter"); // 过滤器名称
-        registrationBean.setFilter(authenticationFilter); // 注入过滤器
-        registrationBean.setOrder(10);
-        registrationBean.addInitParameter("prefix", "/css,/js,/images,/lib,/fonts,/mock");
-        registrationBean.setUrlPatterns(Arrays.asList("/*")); //拦截规则
-        return registrationBean;
-    }
    @SuppressWarnings({ "rawtypes", "unchecked" })
+//	  @Bean
+//    public FilterRegistrationBean authenticationFilter() {
+//        // 用户认证
+//        AuthenticationFilter authenticationFilter = new AuthenticationFilter();
+//        FilterRegistrationBean registrationBean = new FilterRegistrationBean();
+//        registrationBean.setName("authenticationFilter"); // 过滤器名称
+//        registrationBean.setFilter(authenticationFilter); // 注入过滤器
+//        registrationBean.setOrder(10);
+//        registrationBean.addInitParameter("prefix", "/css,/js,/images,/lib,/fonts,/mock");
+//        registrationBean.setUrlPatterns(Arrays.asList("/*")); //拦截规则
+//        return registrationBean;
+//    }
    @Bean
    public FilterRegistrationBean requestWrapperFilter() {
        RequestWrapperFilter requestWrapperFilter = new RequestWrapperFilter();

--- a/gavel/src/main/java/com/gavel/kwell/config/ShiroConfig.java
+++ b/gavel/src/main/java/com/gavel/kwell/config/ShiroConfig.java
 package com.gavel.kwell.config;
+import com.gavel.common.Constants;
+import com.gavel.common.utils.StringUtils;
+import com.gavel.framework.filter.GavelCommonLogoutFilter;
+import com.gavel.framework.filter.ShiroAuthFilter;
+import com.gavel.kzzx.auth.cas.GavelAuthenticationFilter;
+import com.gavel.kzzx.auth.cas.GavelCasFilter;
+import com.gavel.kzzx.auth.cas.GavelCasRealm;
+import com.gavel.kzzx.auth.cas.GavelLogoutFilter;
+import com.gavel.kzzx.auth.shiro.*;
 import org.apache.shiro.cache.CacheManager;
 import org.apache.shiro.cache.MemoryConstrainedCacheManager;
+import org.apache.shiro.cas.CasSubjectFactory;
 import org.apache.shiro.mgt.SecurityManager;
 import org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator;
 import org.apache.shiro.session.mgt.eis.SessionIdGenerator;
 import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
 import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
-import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
 import org.crazycake.shiro.RedisCacheManager;
 import org.crazycake.shiro.RedisManager;
 import org.crazycake.shiro.RedisSessionDAO;
 import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.PropertySource;
+import org.springframework.web.filter.DelegatingFilterProxy;
+import javax.servlet.Filter;
+import java.util.LinkedHashMap;
+import java.util.Map;
-import com.gavel.common.utils.StringUtils;
-import com.gavel.kzzx.auth.shiro.GavelAuthResource;
-import com.gavel.kzzx.auth.shiro.GavelAuthorizationAttributeSourceAdvisor;
-import com.gavel.kzzx.auth.shiro.GavelAuthorizingRealm;
-import com.gavel.kzzx.auth.shiro.GavelHashedCredentialsMatcher;
 @Configuration
-@PropertySource(value = {"classpath:config.properties"})
 public class ShiroConfig {
+    private static final String CAS_FILTER_URL = "/shiro-cas";
+    @Value("${sso.enable:false}")
+    private boolean ssoEnable;
+    @Value("${sso.server:}")
+    private String casServerUrl;
    @Value("${shiro.cache:}")
    private String cacheType;
    @Autowired
    private RedisConfig redisConfig;
+    @SuppressWarnings({ "rawtypes", "unchecked" })
    @Bean
+    public FilterRegistrationBean filterRegistrationBean() {
+        FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
+        filterRegistration.setFilter(new DelegatingFilterProxy("shiroFilter"));
+        filterRegistration.addInitParameter("targetFilterLifecycle", "true");
+        filterRegistration.setEnabled(true);
+        filterRegistration.setOrder(1);
+        filterRegistration.addUrlPatterns("/*");
+        return filterRegistration;
+    }
+    @Bean(name = "shiroFilter")
    public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        // 必须设置 SecurityManager
        shiroFilterFactoryBean.setSecurityManager(securityManager);
+        // 登录成功后要跳转的链接
+        shiroFilterFactoryBean.setSuccessUrl("/index");
+        if ( ssoEnable ) {
+            Map<String, Filter> filters = new LinkedHashMap<>();
+            shiroFilterFactoryBean.setFilters(filters);
+            filters.put("casFilter", new GavelCasFilter(casServerUrl));
+            filters.put("logout", new GavelLogoutFilter(casServerUrl, ssoEnable));
+            filters.put("authFilter", new GavelAuthenticationFilter(casServerUrl, ssoEnable));
+            Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
+            filterChainDefinitionMap.put(CAS_FILTER_URL, "casFilter");
+            filterChainDefinitionMap.put("/logout", "logout");
+            filterChainDefinitionMap.put("/file/**", "anon");
+            filterChainDefinitionMap.put("/api/**", "anon");
+            filterChainDefinitionMap.put("/video.html", "anon");
+            filterChainDefinitionMap.put("/static/**", "anon");
+            filterChainDefinitionMap.put("/api/**", "anon");
+            filterChainDefinitionMap.put("/css/**", "anon");
+            filterChainDefinitionMap.put("/js/**", "anon");
+            filterChainDefinitionMap.put("/images/**", "anon");
+            filterChainDefinitionMap.put("/lib/**", "anon");
+            filterChainDefinitionMap.put("/fonts/**", "anon");
+            filterChainDefinitionMap.put("/mock/**", "anon");
+            filterChainDefinitionMap.put("/**", "authFilter");
+            shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
+        }
+        else {
            // 设置login URL
            shiroFilterFactoryBean.setLoginUrl("/login_view");
-		// 登录成功后要跳转的链接
+            shiroFilterFactoryBean.setUnauthorizedUrl("/403");
            shiroFilterFactoryBean.setSuccessUrl("/index");
-		shiroFilterFactoryBean.setFilterChainDefinitionMap(GavelAuthResource.init());
+            Map<String, Filter> filters = new LinkedHashMap<>();
+            filters.put("permFilter", new ShiroAuthFilter());
+            filters.put("logout", new GavelCommonLogoutFilter());
+            shiroFilterFactoryBean.setFilters(filters);
+            Map<String, String> filterChainDefinitionMap = GavelAuthResource.init();
+            filterChainDefinitionMap.put("/logout", "logout");
+            filterChainDefinitionMap.put("/**", "permFilter");
+            shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
+        }
        return shiroFilterFactoryBean;
    }
@@ -60,23 +129,50 @@ public class ShiroConfig {
        return hashedCredentialsMatcher;
    }
-	@Bean
+    @Bean(name = "shiroRealm")
    public GavelAuthorizingRealm shiroRealm() {
        GavelAuthorizingRealm shiroRealm = new GavelAuthorizingRealm();
        shiroRealm.setCredentialsMatcher(hashedCredentialsMatcher());
        return shiroRealm;
    }
-	@Bean
-	public SecurityManager securityManager() {
+    @Bean(name = "casRealm")
+    public GavelCasRealm casRealm() {
+        GavelCasRealm casRealm = new GavelCasRealm();
+        // 认证通过后的默认角色
+        casRealm.setDefaultRoles("ROLE_USER");
+        // cas 服务端地址前缀
+        casRealm.setCasServerUrlPrefix(casServerUrl);
+        // 应用服务地址，用来接收cas服务端票证
+        // casRealm.setCasService(appServerUrl + CAS_FILTER_URL);
+        return casRealm;
+    }
+    @Bean("securityManager")
+    public SecurityManager securityManager(GavelCasRealm casRealm) {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        // 注入自定义的realm;
+        if ( ssoEnable ) {
+            // 设置授权策略,此步骤必须在设置realm的前面，不然会报错realm未配置
+            //securityManager.setAuthenticator(authenticator);
+            securityManager.setSubjectFactory(new CasSubjectFactory());
+            // 设置自定义验证策略
+            securityManager.setRealm(casRealm);
+        } else {
            securityManager.setRealm(shiroRealm());
+        }
        // 注入缓存管理器;
        if (StringUtils.equals(cacheType, "redis"))
            securityManager.setCacheManager(redisCacheManager());
        else
            securityManager.setCacheManager(cacheManager());
+        securityManager.setSessionManager(sessionManager());
        return securityManager;
    }
@@ -85,7 +181,7 @@ public class ShiroConfig {
     */
    @Bean
    public GavelAuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(
-			SecurityManager securityManager) {
+            @Qualifier("securityManager")SecurityManager securityManager) {
        GavelAuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new GavelAuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
        return authorizationAttributeSourceAdvisor;
@@ -105,7 +201,7 @@ public class ShiroConfig {
     * shiro缓存管理器;
     * 需要注入对应的其它的实体类中-->安全管理器：securityManager可见securityManager是整个shiro的核心；
     */
-	@Bean
+    @Bean("ShiroCacheManager")
    public CacheManager cacheManager() {
        return new MemoryConstrainedCacheManager();
    }
@@ -124,8 +220,8 @@ public class ShiroConfig {
     *
     * @return
     */
-	@Bean
+    @Bean("redisManager")
-	@ConditionalOnProperty(value="shiro.cache", havingValue="redis", matchIfMissing=false)
+//	@ConditionalOnProperty(value="shiro.cache", havingValue="redis", matchIfMissing=false)
    public RedisManager redisManager() {
        RedisManager redisManager = new RedisManager();
        redisManager.setHost(redisConfig.getHost()+":"+redisConfig.getPort());
@@ -148,23 +244,27 @@ public class ShiroConfig {
    /**
     * redisSessionDAO
     */
-    @ConditionalOnProperty(value="shiro.cache", havingValue="redis", matchIfMissing=false)
+//    @ConditionalOnProperty(value="shiro.cache", havingValue="redis", matchIfMissing=false)
-    @Bean
+    @Bean("redisSessionDAO")
    public RedisSessionDAO redisSessionDAO() {
        RedisSessionDAO redisSessionDAO = new RedisSessionDAO();
        redisSessionDAO.setRedisManager(redisManager());
+//        redisSessionDAO.setSessionIdGenerator(new GavelSessionGenerator());
        return redisSessionDAO;
    }
    /**
     * sessionManager
     */
-    @ConditionalOnProperty(value="shiro.cache", havingValue="redis", matchIfMissing=false)
+//    @ConditionalOnProperty(value="shiro.cache", havingValue="redis", matchIfMissing=false)
-    @Bean
+    @Bean("sessionManager")
-    public DefaultWebSessionManager SessionManager() {
+    public GavelSessionManager sessionManager() {
-        DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
+//        DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
+        GavelSessionManager sessionManager = new GavelSessionManager();
+        sessionManager.setGlobalSessionTimeout(Constants.liveMills);
        sessionManager.setSessionDAO(redisSessionDAO());
        return sessionManager;
    }
 }