Skip to content

K
kwell-mes
Commit 9e9bb8cd authored by zhoumaotao's avatar zhoumaotao
Browse files
Options

config调整

parent c30b95e5
Show whitespace changes
Inline Side-by-side
Showing with 228 additions and 128 deletions
gavel/src/main/java/com/gavel/kwell/config/FilterConfig.java
View file @ 9e9bb8cd
package com.gavel.kwell.config;
import java.util.Arrays;
import com.gavel.framework.filter.RequestWrapperFilter;
import com.gavel.framework.filter.ThreadContextFilter;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.filter.CharacterEncodingFilter;
import com.gavel.framework.filter.AuthenticationFilter;
import com.gavel.framework.filter.RequestWrapperFilter;
import com.gavel.framework.filter.ThreadContextFilter;
import java.util.Arrays;
@Configuration
public class FilterConfig {
......@@ -22,21 +22,21 @@ public class FilterConfig {
return filter;
}
@SuppressWarnings({ "rawtypes", "unchecked" })
@Bean
public FilterRegistrationBean authenticationFilter() {
// 用户认证
AuthenticationFilter authenticationFilter = new AuthenticationFilter();
FilterRegistrationBean registrationBean = new FilterRegistrationBean();
registrationBean.setName("authenticationFilter"); // 过滤器名称
registrationBean.setFilter(authenticationFilter); // 注入过滤器
registrationBean.setOrder(10);
registrationBean.addInitParameter("prefix", "/css,/js,/images,/lib,/fonts,/mock");
registrationBean.setUrlPatterns(Arrays.asList("/*")); //拦截规则
return registrationBean;
}
@SuppressWarnings({ "rawtypes", "unchecked" })
// @Bean
// public FilterRegistrationBean authenticationFilter() {
// // 用户认证
// AuthenticationFilter authenticationFilter = new AuthenticationFilter();
// FilterRegistrationBean registrationBean = new FilterRegistrationBean();
// registrationBean.setName("authenticationFilter"); // 过滤器名称
// registrationBean.setFilter(authenticationFilter); // 注入过滤器
// registrationBean.setOrder(10);
// registrationBean.addInitParameter("prefix", "/css,/js,/images,/lib,/fonts,/mock");
// registrationBean.setUrlPatterns(Arrays.asList("/*")); //拦截规则
// return registrationBean;
// }
@Bean
public FilterRegistrationBean requestWrapperFilter() {
RequestWrapperFilter requestWrapperFilter = new RequestWrapperFilter();
......
gavel/src/main/java/com/gavel/kwell/config/ShiroConfig.java
View file @ 9e9bb8cd
package com.gavel.kwell.config;
import com.gavel.common.Constants;
import com.gavel.common.utils.StringUtils;
import com.gavel.framework.filter.GavelCommonLogoutFilter;
import com.gavel.framework.filter.ShiroAuthFilter;
import com.gavel.kzzx.auth.cas.GavelAuthenticationFilter;
import com.gavel.kzzx.auth.cas.GavelCasFilter;
import com.gavel.kzzx.auth.cas.GavelCasRealm;
import com.gavel.kzzx.auth.cas.GavelLogoutFilter;
import com.gavel.kzzx.auth.shiro.*;
import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.cache.MemoryConstrainedCacheManager;
import org.apache.shiro.cas.CasSubjectFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator;
import org.apache.shiro.session.mgt.eis.SessionIdGenerator;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.crazycake.shiro.RedisCacheManager;
import org.crazycake.shiro.RedisManager;
import org.crazycake.shiro.RedisSessionDAO;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
import org.springframework.web.filter.DelegatingFilterProxy;
import javax.servlet.Filter;
import java.util.LinkedHashMap;
import java.util.Map;
import com.gavel.common.utils.StringUtils;
import com.gavel.kzzx.auth.shiro.GavelAuthResource;
import com.gavel.kzzx.auth.shiro.GavelAuthorizationAttributeSourceAdvisor;
import com.gavel.kzzx.auth.shiro.GavelAuthorizingRealm;
import com.gavel.kzzx.auth.shiro.GavelHashedCredentialsMatcher;
@Configuration
@PropertySource(value = {"classpath:config.properties"})
public class ShiroConfig {
private static final String CAS_FILTER_URL = "/shiro-cas";
@Value("${sso.enable:false}")
private boolean ssoEnable;
@Value("${sso.server:}")
private String casServerUrl;
@Value("${shiro.cache:}")
private String cacheType;
@Autowired
private RedisConfig redisConfig;
@SuppressWarnings({ "rawtypes", "unchecked" })
@Bean
public FilterRegistrationBean filterRegistrationBean() {
FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
filterRegistration.setFilter(new DelegatingFilterProxy("shiroFilter"));
filterRegistration.addInitParameter("targetFilterLifecycle", "true");
filterRegistration.setEnabled(true);
filterRegistration.setOrder(1);
filterRegistration.addUrlPatterns("/*");
return filterRegistration;
}
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
// 必须设置 SecurityManager
shiroFilterFactoryBean.setSecurityManager(securityManager);
// 登录成功后要跳转的链接
shiroFilterFactoryBean.setSuccessUrl("/index");
if ( ssoEnable ) {
Map<String, Filter> filters = new LinkedHashMap<>();
shiroFilterFactoryBean.setFilters(filters);
filters.put("casFilter", new GavelCasFilter(casServerUrl));
filters.put("logout", new GavelLogoutFilter(casServerUrl, ssoEnable));
filters.put("authFilter", new GavelAuthenticationFilter(casServerUrl, ssoEnable));
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
filterChainDefinitionMap.put(CAS_FILTER_URL, "casFilter");
filterChainDefinitionMap.put("/logout", "logout");
filterChainDefinitionMap.put("/file/**", "anon");
filterChainDefinitionMap.put("/api/**", "anon");
filterChainDefinitionMap.put("/video.html", "anon");
filterChainDefinitionMap.put("/static/**", "anon");
filterChainDefinitionMap.put("/api/**", "anon");
filterChainDefinitionMap.put("/css/**", "anon");
filterChainDefinitionMap.put("/js/**", "anon");
filterChainDefinitionMap.put("/images/**", "anon");
filterChainDefinitionMap.put("/lib/**", "anon");
filterChainDefinitionMap.put("/fonts/**", "anon");
filterChainDefinitionMap.put("/mock/**", "anon");
filterChainDefinitionMap.put("/**", "authFilter");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
}
else {
// 设置login URL
shiroFilterFactoryBean.setLoginUrl("/login_view");
// 登录成功后要跳转的链接
shiroFilterFactoryBean.setUnauthorizedUrl("/403");
shiroFilterFactoryBean.setSuccessUrl("/index");
shiroFilterFactoryBean.setFilterChainDefinitionMap(GavelAuthResource.init());
Map<String, Filter> filters = new LinkedHashMap<>();
filters.put("permFilter", new ShiroAuthFilter());
filters.put("logout", new GavelCommonLogoutFilter());
shiroFilterFactoryBean.setFilters(filters);
Map<String, String> filterChainDefinitionMap = GavelAuthResource.init();
filterChainDefinitionMap.put("/logout", "logout");
filterChainDefinitionMap.put("/**", "permFilter");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
}
return shiroFilterFactoryBean;
}
......@@ -60,23 +129,50 @@ public class ShiroConfig {
return hashedCredentialsMatcher;
}
@Bean
@Bean(name = "shiroRealm")
public GavelAuthorizingRealm shiroRealm() {
GavelAuthorizingRealm shiroRealm = new GavelAuthorizingRealm();
shiroRealm.setCredentialsMatcher(hashedCredentialsMatcher());
return shiroRealm;
}
@Bean
public SecurityManager securityManager() {
@Bean(name = "casRealm")
public GavelCasRealm casRealm() {
GavelCasRealm casRealm = new GavelCasRealm();
// 认证通过后的默认角色
casRealm.setDefaultRoles("ROLE_USER");
// cas 服务端地址前缀
casRealm.setCasServerUrlPrefix(casServerUrl);
// 应用服务地址,用来接收cas服务端票证
// casRealm.setCasService(appServerUrl + CAS_FILTER_URL);
return casRealm;
}
@Bean("securityManager")
public SecurityManager securityManager(GavelCasRealm casRealm) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
// 注入自定义的realm;
if ( ssoEnable ) {
// 设置授权策略,此步骤必须在设置realm的前面,不然会报错realm未配置
//securityManager.setAuthenticator(authenticator);
securityManager.setSubjectFactory(new CasSubjectFactory());
// 设置自定义验证策略
securityManager.setRealm(casRealm);
} else {
securityManager.setRealm(shiroRealm());
}
// 注入缓存管理器;
if (StringUtils.equals(cacheType, "redis"))
securityManager.setCacheManager(redisCacheManager());
else
securityManager.setCacheManager(cacheManager());
securityManager.setSessionManager(sessionManager());
return securityManager;
}
......@@ -85,7 +181,7 @@ public class ShiroConfig {
*/
@Bean
public GavelAuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(
SecurityManager securityManager) {
@Qualifier("securityManager")SecurityManager securityManager) {
GavelAuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new GavelAuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
......@@ -105,7 +201,7 @@ public class ShiroConfig {
* shiro缓存管理器;
* 需要注入对应的其它的实体类中-->安全管理器:securityManager可见securityManager是整个shiro的核心;
*/
@Bean
@Bean("ShiroCacheManager")
public CacheManager cacheManager() {
return new MemoryConstrainedCacheManager();
}
......@@ -124,8 +220,8 @@ public class ShiroConfig {
*
* @return
*/
@Bean
@ConditionalOnProperty(value="shiro.cache", havingValue="redis", matchIfMissing=false)
@Bean("redisManager")
// @ConditionalOnProperty(value="shiro.cache", havingValue="redis", matchIfMissing=false)
public RedisManager redisManager() {
RedisManager redisManager = new RedisManager();
redisManager.setHost(redisConfig.getHost()+":"+redisConfig.getPort());
......@@ -148,23 +244,27 @@ public class ShiroConfig {
/**
* redisSessionDAO
*/
@ConditionalOnProperty(value="shiro.cache", havingValue="redis", matchIfMissing=false)
@Bean
// @ConditionalOnProperty(value="shiro.cache", havingValue="redis", matchIfMissing=false)
@Bean("redisSessionDAO")
public RedisSessionDAO redisSessionDAO() {
RedisSessionDAO redisSessionDAO = new RedisSessionDAO();
redisSessionDAO.setRedisManager(redisManager());
// redisSessionDAO.setSessionIdGenerator(new GavelSessionGenerator());
return redisSessionDAO;
}
/**
* sessionManager
*/
@ConditionalOnProperty(value="shiro.cache", havingValue="redis", matchIfMissing=false)
@Bean
public DefaultWebSessionManager SessionManager() {
DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
// @ConditionalOnProperty(value="shiro.cache", havingValue="redis", matchIfMissing=false)
@Bean("sessionManager")
public GavelSessionManager sessionManager() {
// DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
GavelSessionManager sessionManager = new GavelSessionManager();
sessionManager.setGlobalSessionTimeout(Constants.liveMills);
sessionManager.setSessionDAO(redisSessionDAO());
return sessionManager;
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment