0
点赞
收藏
分享

微信扫一扫

Shiro实例化配置Bean的实体类Service

花海书香 2022-05-17 阅读 41
redisapachespringJava编程语言


shiro权限管理的配置

/**
 * @author : 君子志邦
 * @desc : shiro权限管理的配置
 * @date : 2021-02-01
 **/

@Configuration
public class ShiroConfig {
    /**
     * 使用redis管理
     *
     * @return
     */
    @Bean(name="rediscachemanager")
    public RedisCacheManager cacheManager() {
        RedisCacheManager redisCacheManager = new RedisCacheManager();
        RedisManager redisManager = redisManager();
        redisCacheManager.setRedisManager(redisManager);
        //缓存前缀
        redisCacheManager.setKeyPrefix(SecurityConsts.PREFIX_SHIRO_CACHE);
        redisCacheManager.setExpire(redisManager.getTimeout());
        return redisCacheManager;
    }

    private RedisManager redisManager() {
        ShiroRedisConfig shiroRedisConfig = SpringContextHolder.getBean(ShiroRedisConfig.class);
        RedisManager redisManager = new RedisManager();
        redisManager.setHost(shiroRedisConfig.getHost());
        redisManager.setPort(shiroRedisConfig.getPort());
        // 配置缓存过期时间
        redisManager.setDatabase(shiroRedisConfig.getDatabase());
        redisManager.setTimeout(shiroRedisConfig.getTimeout());
        redisManager.setPassword(shiroRedisConfig.getPassword());
        return redisManager;
    }


    /**
     * redis seesionDao
     * @return
     */
    @Bean
    public RedisSessionDAO redisSessionDAO() {
        RedisSessionDAO redisSessionDAO = new RedisSessionDAO();
        redisSessionDAO.setRedisManager(redisManager());
        redisSessionDAO.setSessionIdGenerator(jwtUuidSessionIdGenerator());
        return redisSessionDAO;
    }

    /**
     * 自定义id生成器
     * @return
     */
    @Bean
    public JwtUuidSessionIdGenerator jwtUuidSessionIdGenerator() {
        return new JwtUuidSessionIdGenerator();
    }

    /**
     * shiro 相关的redis 缓存 ,用来缓存token
     *
     * @return
     */
    @Bean
    public RedisCache<String, String> shiroCache() {
        RedisManager redisManager = redisManager();
        return new RedisCache<>(redisManager,
                new StringSerializer(),
                new ObjectSerializer(),
                SecurityConsts.PREFIX_SHIRO_CACHE + SecurityConsts.PREFIX_SHIRO_JWT + ":",
                redisManager.getTimeout(),
                RedisCacheManager.DEFAULT_PRINCIPAL_ID_FIELD_NAME);
    }

    /**
     * LifecycleBeanPostProcessor 将Initializable和Destroyable的实现类统一
     * 在其内部自动分别调用了Initializable.init()和Destroyable.destroy()方法,从而达到管理shiro bean生命周期的目的。
     *
     * @return
     */
    @Bean
    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
        return new LifecycleBeanPostProcessor();
    }

    /**
     * DefaultAdvisorAutoProxyCreator是用来扫描上下文,寻找所有的Advistor(通知器),将这些Advisor应用到所有符合切入点的Bean中
     *
     * @return
     */
    @Bean
    @DependsOn("lifecycleBeanPostProcessor")
    public static DefaultAdvisorAutoProxyCreator getLifecycleBeanPostProcessor() {
        DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
        // 强制使用cglib 代理
        defaultAdvisorAutoProxyCreator.setProxyTargetClass(true);
        return defaultAdvisorAutoProxyCreator;
    }

    /**
     * 启用shrio授权注解拦截方式,AOP式方法级权限检查
     */
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
        advisor.setSecurityManager(securityManager);
        return advisor;
    }

    /**
     * 安全管理器
     */
    @Bean
    public DefaultWebSecurityManager securityManager(ShiroRealm shiroRealm) {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(shiroRealm);
        securityManager.setCacheManager(cacheManager());
        //todo
        //securityManager.setRememberMeManager(rememberMeManager);\
        securityManager.setSessionManager(sessionManager());
        return securityManager;
    }

    @Bean
    public DefaultWebSessionManager sessionManager() {
        JwtSessionManager sessionManager = new JwtSessionManager();
        sessionManager.setSessionDAO(redisSessionDAO());
        sessionManager.setSessionIdCookieEnabled(false);
        return sessionManager;
    }

    /**
     * Shiro的过滤器链
     */
    @Bean
    public ShiroFilterFactoryBean shiroFilter(DefaultWebSecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
        shiroFilter.setSecurityManager(securityManager);
        /**
         * 默认的登陆访问url
         */
        shiroFilter.setLoginUrl("/user/auth/login");
        /**
         * 没有权限跳转的url
         */
        shiroFilter.setUnauthorizedUrl("/global/api/error");
        // 添加jwt过滤器
        Map<String, Filter> filterMap = new HashMap<>();
        filterMap.put("jwt", jwtFilter());
        //限制同一帐号同时在线的个数。
        filterMap.put("kickout", kickoutSessionControlFilter());
        filterMap.put("user", new AppUserFilter());
        shiroFilter.setFilters(filterMap);
        //拦截器
        Map<String, String> hashMap = new LinkedHashMap<>();
        for (String nonePermissionRe : SystemConst.NONE_PERMISSION_RES) {
            hashMap.put(nonePermissionRe, "anon");
        }
        hashMap.put("/**", "jwt,user,kickout");
        shiroFilter.setFilterChainDefinitionMap(hashMap);
        return shiroFilter;
    }

    /**
     * 限制同一账号登录同时登录人数控制
     *
     * @return
     */
    @Bean
    public ApiKickOutSessionControlFilter kickoutSessionControlFilter() {
        ApiKickOutSessionControlFilter kickoutSessionControlFilter = new ApiKickOutSessionControlFilter();
        kickoutSessionControlFilter.setKickoutAfter(false);
        kickoutSessionControlFilter.setCacheManager(cacheManager());
        kickoutSessionControlFilter.setMaxSession(1);
        return kickoutSessionControlFilter;
    }

    @Bean
    public JwtFilter jwtFilter() {
        return new JwtFilter();
    }
}

shiro 鉴权类,主要是login之后的逻辑处理

import com.zeus.config.token.JwtToken;
import com.zeus.core.shiro.ShiroKit;
import com.zeus.pojo.dao.origin.User;
import com.zeus.pojo.vo.common.ShiroUser;
import com.zeus.service.auth.UserAuthService;
import com.zeus.utils.ToolUtil;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.crazycake.shiro.RedisCache;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;

import java.util.HashSet;
import java.util.List;
import java.util.Set;

/**
 * @author : 君子志邦
 * @desc :  shiro 鉴权类,主要是login之后的逻辑处理
 * @date : 6/23/2020
 **/
@Component
public class ShiroRealm extends AuthorizingRealm {

    @Qualifier(value = "adminUserAuthService")
    @Autowired
    private UserAuthService userAuthService;
    @Autowired
    private  RedisCache<String, String> shiroCache;
    /**
     * 判断token 是否是 jwt 类型
     * @param token
     * @return
     */
    @Override
    public boolean supports(AuthenticationToken token) {
        return token instanceof JwtToken;
    }

    /**
     * 用户名信息验证
     *
     * @param auth
     * @return
     * @throws AuthenticationException
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken auth)
            throws AuthenticationException {
        JwtToken token = (JwtToken) auth;
        User user = userAuthService.getUserByAccountOrPhone(token.getUsername());
        ShiroUser shiroUser = userAuthService.shiroUser(user);
        return userAuthService.info(shiroUser, user, super.getName());
    }

    /**
     * 检查用户权限
     *
     * @param principals
     * @return
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        ShiroUser shiroUser = ShiroKit.getShiroUser();
        List<Long> roleList = shiroUser.getRoleList();
        Set<String> permissionSet = new HashSet<>();
        Set<String> roleNameSet = new HashSet<>();
        for (Long roleId : roleList) {
            List<String> permissions = userAuthService.findPermissionsByRoleId(roleId);
            if (permissions != null) {
                for (String permission : permissions) {
                    if (ToolUtil.isNotEmpty(permission)) {
                        permissionSet.add(permission);
                    }
                }
            }
            String roleName = userAuthService.findRoleNameByRoleId(roleId);
            roleNameSet.add(roleName);
        }

        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        info.addStringPermissions(permissionSet);
        info.addRoles(roleNameSet);
        return info;
    }
    /**
     * 设置认证加密方式
     */
    @Override
    public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) {
        HashedCredentialsMatcher md5CredentialsMatcher = new HashedCredentialsMatcher();
        md5CredentialsMatcher.setHashAlgorithmName(ShiroKit.hashAlgorithmName);
        md5CredentialsMatcher.setHashIterations(ShiroKit.hashIterations);
        super.setCredentialsMatcher(md5CredentialsMatcher);
    }
}







举报

相关推荐

java 实体类集合转换和实体类转换

JAVAspringbootJava web

实体类注解

字段数据库实体类Java后端开发

Lombok库和实体类表单校验--Bean Validation API

javaspring表单虚拟化云计算

java XML字符串和bean实体类互转

xml字段ListJava后端开发yyds干货盘点

实体类中的注解

字段数据库数据库表

100 java 获取泛型的实体类配置

javaJava web

springmvc @Valid 接收实体类时出现bean为null的问题

@Valid保存编程语言

EJB之实体类

EJBMySQLJBossHibernateJDBCJava后端开发

java实体类转义

转义实体类UserJava后端开发

反向生成实体类

bc数据库jsonLinux系统/运维
0 条评论