增加博客权限认证授权整体流程

len-blog/pom.xml

@@ -28,33 +28,4 @@
             <version>4.12</version>
         </dependency>
     </dependencies>
-   <!-- <build>
-        <plugins>
-            <plugin>
-                <groupId>org.mybatis.generator</groupId>
-                <artifactId>mybatis-generator-maven-plugin</artifactId>
-                <version>1.3.5</version>
-                <configuration>
-                    <configurationFile>src/main/resources/generatorConfig.xml</configurationFile>
-                    <verbose>true</verbose>
-                    <overwrite>true</overwrite>
-                </configuration>
-                <executions>
-                    <execution>
-                        <id>Generate MyBatis Artifacts</id>
-                        <goals>
-                            <goal>generate</goal>
-                        </goals>
-                    </execution>
-                </executions>
-                <dependencies>
-                    <dependency>
-                        <groupId>mysql</groupId>
-                        <artifactId>mysql-connector-java</artifactId>
-                        <version>5.1.6</version>
-                    </dependency>
-                </dependencies>
-            </plugin>
-        </plugins>
-    </build>-->
 </project>

len-blog/src/main/java/com/len/controller/LabelController.java

@@ -6,6 +6,8 @@ import com.alibaba.fastjson.JSONObject;
 import com.len.base.BaseController;
 import com.len.entity.BlogLabel;
 import com.len.service.BlogLabelService;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
+import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -35,6 +37,7 @@ public class LabelController extends BaseController {
      * @return
      */
     @GetMapping("/getLabel")
+    @RequiresRoles("admin")
     public JSONArray label() {
         List<BlogLabel> blogLabels = blogLabelService.selectAll();
         JSONArray array = JSONArray.parseArray(JSON.toJSONString(blogLabels));

len-blog/src/main/java/com/len/controller/SignController.java

@@ -1,15 +1,24 @@
 package com.len.controller;
 
+import com.len.entity.SysRole;
+import com.len.entity.SysRoleUser;
 import com.len.entity.SysUser;
+import com.len.service.RoleService;
+import com.len.service.RoleUserService;
 import com.len.service.SysUserService;
 import com.len.util.JWTUtil;
+import com.len.util.JsonUtil;
 import com.len.util.Md5Util;
-import org.apache.shiro.authz.UnauthorizedException;
+import io.swagger.annotations.ApiOperation;
+import org.apache.shiro.authc.UnknownAccountException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
+import tk.mybatis.mapper.entity.Condition;
+
+import java.util.List;
+import java.util.stream.Collectors;
 
 /**
  * @author zhuxiaomeng
@@ -17,23 +26,48 @@ import org.springframework.web.bind.annotation.RestController;
  * @email 154040976@qq.com
  */
 @RestController
-@RequestMapping("/blog")
+@RequestMapping("/")
 public class SignController {
 
     @Autowired
     private SysUserService sysUserService;
 
-    @PostMapping("/login")
+    @Autowired
-    public String login(@RequestParam("username") String username,
+    private RoleService roleService;
-                              @RequestParam("password") String password) {
+
-        SysUser user=new SysUser();
+    @Autowired
-        user.setUsername(username);
+    private RoleUserService roleUserService;
-        SysUser sysUser=sysUserService.selectOne(user);
+
-        String pass = Md5Util.getMD5(password, username);
+    @ApiOperation(value = "/blogLogin", httpMethod = "POST", notes = "登录method")
-        if (sysUser.getPassword().equals(pass)) {
+    @PostMapping(value = "/blogLogin")
-            return JWTUtil.sign(username, password);
+    public JsonUtil blogLogin(SysUser user) {
-        } else {
+        String pass = user.getPassword();
-            throw new UnauthorizedException();
+        user.setPassword(null);
+        SysUser sysUser = sysUserService.selectOne(user);
+        if (sysUser == null) {
+            throw new UnknownAccountException("用户名或密码错误");
         }
+        String md5 = Md5Util.getMD5(pass, sysUser.getUsername());
+        if (!md5.equals(sysUser.getPassword())) {
+            throw new UnknownAccountException("用户名或密码错误");
+        }
+
+        Condition condition = new Condition(SysRoleUser.class);
+        condition.createCriteria().andEqualTo("userId", user.getId());
+        List<SysRoleUser> sysRoleUsers = roleUserService.selectByExample(condition);
+        List<String> roleList = sysRoleUsers
+                .stream()
+                .map(SysRoleUser::getRoleId)
+                .collect(Collectors.toList());
+
+        condition = new Condition(SysRole.class);
+        condition.createCriteria().andIn("id", roleList);
+        List<SysRole> sysRoles = roleService.selectByExample(condition);
+        List<String> roleNames = sysRoles
+                .stream()
+                .map(SysRole::getRoleName)
+                .collect(Collectors.toList());
+
+        return new JsonUtil(true, JWTUtil.sign(sysUser.getUsername(), roleNames, sysUser.getPassword()), 200);
     }
 }

len-blog/src/main/java/com/len/core/BlogRealm.java

@@ -0,0 +1,98 @@
+package com.len.core;
+
+import com.len.base.CurrentMenu;
+import com.len.base.CurrentRole;
+import com.len.base.CurrentUser;
+import com.len.core.shiro.ShiroUtil;
+import com.len.entity.SysUser;
+import com.len.service.MenuService;
+import com.len.service.RoleMenuService;
+import com.len.service.RoleUserService;
+import com.len.service.SysUserService;
+import com.len.util.JWTUtil;
+import com.len.util.JwtToken;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.shiro.authc.*;
+import org.apache.shiro.authz.AuthorizationInfo;
+import org.apache.shiro.authz.SimpleAuthorizationInfo;
+import org.apache.shiro.realm.AuthorizingRealm;
+import org.apache.shiro.subject.PrincipalCollection;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+/**
+ * @author zhuxiaomeng
+ * @date 2017/12/4.
+ * @email 154040976@qq.com
+ */
+@Service
+public class BlogRealm extends AuthorizingRealm {
+
+    @Autowired
+    private SysUserService userService;
+
+    @Autowired
+    private MenuService menuService;
+
+    @Autowired
+    private RoleUserService roleUserService;
+
+    @Autowired
+    private RoleMenuService roleMenuService;
+
+
+    @Override
+    public boolean supports(AuthenticationToken token) {
+        return token instanceof JwtToken;
+    }
+
+    /**
+     * 获取认证
+     *
+     * @param principalCollection
+     * @return
+     */
+    @Override
+    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
+        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
+        String name = (String) principalCollection.getPrimaryPrincipal();
+        JWTUtil.getUsername(name);
+        //根据用户获取角色 根据角色获取所有按钮权限
+        CurrentUser cUser = (CurrentUser) ShiroUtil.getSession().getAttribute("curentUser");
+        for (CurrentRole cRole : cUser.getCurrentRoleList()) {
+            info.addRole(cRole.getId());
+        }
+        for (CurrentMenu cMenu : cUser.getCurrentMenuList()) {
+            if (!StringUtils.isEmpty(cMenu.getPermission())) {
+                info.addStringPermission(cMenu.getPermission());
+            }
+        }
+        return info;
+    }
+
+    /**
+     * 获取授权
+     *
+     * @param authenticationToken
+     * @return
+     * @throws AuthenticationException
+     */
+    @Override
+    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken)
+            throws AuthenticationException {
+        JwtToken token = (JwtToken) authenticationToken;
+        String username = JWTUtil.getUsername(token.getToken());
+        if (StringUtils.isEmpty(username)) {
+            throw new UnknownAccountException("令牌无效");
+        }
+        SysUser s = userService.login(username);
+        if (s == null) {
+            throw new UnknownAccountException("用户名或密码错误");
+        }
+        if (!JWTUtil.verify(token.getToken(), username, s.getPassword())) {
+            throw new UnknownAccountException("用户名或密码错误");
+        }
+
+        return new SimpleAuthenticationInfo(token.getToken(), token.getToken(), getName());
+    }
+}

len-blog/src/main/java/com/len/core/BlogRetryLimitCredentialsMatcher.java

@@ -0,0 +1,72 @@
+package com.len.core;
+
+import cn.hutool.core.util.StrUtil;
+import com.len.util.CustomUsernamePasswordToken;
+import com.len.util.JWTUtil;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.shiro.authc.AuthenticationInfo;
+import org.apache.shiro.authc.AuthenticationToken;
+import org.apache.shiro.authc.ExcessiveAttemptsException;
+import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
+import org.apache.shiro.cache.Cache;
+import org.apache.shiro.cache.CacheManager;
+
+import java.util.concurrent.atomic.AtomicInteger;
+
+/**
+ * 验证器，增加了登录次数校验功能
+ * 限制尝试登陆次数,防止暴力破解
+ */
+@Slf4j
+public class BlogRetryLimitCredentialsMatcher extends HashedCredentialsMatcher {
+
+   /* private Cache<String, AtomicInteger> loginRetryCache;
+
+    private int maxRetryCount = 5;
+
+    *//*public void setMaxRetryCount(int maxRetryCount) {
+        this.maxRetryCount = maxRetryCount;
+    }
+    public BlogRetryLimitCredentialsMatcher(){
+    }*//*
+
+    *//**
+     * @param cacheManager
+     * @param maxRetryCount 最大尝试次数
+     *//*
+    public BlogRetryLimitCredentialsMatcher(CacheManager cacheManager, int maxRetryCount) {
+        this.maxRetryCount = maxRetryCount;
+        this.loginRetryCache = cacheManager.getCache("loginRetryCache");
+    }
+
+    public BlogRetryLimitCredentialsMatcher(CacheManager cacheManager) {
+        this(cacheManager, 5);
+    }
+
+    @Override
+    public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
+        CustomUsernamePasswordToken token1 = (CustomUsernamePasswordToken) token;
+        String username = token1.getUsername();
+        if (StringUtils.isEmpty(username) && !StringUtils.isEmpty(token1.getToken())) {
+            username = JWTUtil.getUsername(token1.getToken());
+        }
+        //retry count + 1
+        AtomicInteger retryCount = loginRetryCache.get(username) == null
+                ? new AtomicInteger(0) : loginRetryCache.get(username);
+        log.info("retryCount:{}, username:{}", retryCount, username);
+        if (retryCount.incrementAndGet() > this.maxRetryCount) {
+            log.warn("username: {} tried to login more than {} times in perid", username, this.maxRetryCount);
+            throw new ExcessiveAttemptsException(StrUtil.format("username: {} tried to login more than {} times in perid", username, this.maxRetryCount));
+        }
+        boolean matches = super.doCredentialsMatch(token1, info);
+
+        if (matches) {
+            loginRetryCache.remove(username);
+        } else {
+            loginRetryCache.put(username, retryCount);
+            log.info(String.valueOf(retryCount.get()));
+        }
+        return matches;
+    }*/
+}  

len-blog/src/main/java/com/len/core/MyBasicHttpAuthenticationFilter.java

@@ -0,0 +1,47 @@
+package com.len.core;
+
+import com.len.core.exception.UnauthorizedException;
+import com.len.util.JwtToken;
+import org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter;
+
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * @author zhuxiaomeng
+ * @date 2018/8/19.
+ * @email 154040976@qq.com
+ */
+public class MyBasicHttpAuthenticationFilter extends BasicHttpAuthenticationFilter {
+
+    @Override
+    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
+        if (isLoginAttempt(request, response)) {
+            try {
+                executeLogin(request, response);
+                return true;
+            } catch (Exception e) {
+                throw new UnauthorizedException(e.getMessage());
+            }
+        } else {
+            throw new UnauthorizedException("禁止访问");
+        }
+    }
+
+    @Override
+    protected boolean executeLogin(ServletRequest request, ServletResponse response) throws Exception {
+        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
+        String token = httpServletRequest.getHeader("Authorization");
+        JwtToken jwtToken = new JwtToken(token, "BlogLogin");
+        getSubject(request, response).login(jwtToken);
+        return true;
+    }
+
+    @Override
+    protected boolean isLoginAttempt(ServletRequest request, ServletResponse response) {
+        HttpServletRequest req = (HttpServletRequest) request;
+        String authorization = req.getHeader("Authorization");
+        return authorization != null;
+    }
+}

len-blog/src/main/java/com/len/core/exception/UnauthorizedException.java

@@ -0,0 +1,13 @@
+package com.len.core.exception;
+
+/**
+ * @author zhuxiaomeng
+ * @date 2018/8/19.
+ * @email 154040976@qq.com
+ * 未授权异常
+ */
+public class UnauthorizedException extends RuntimeException {
+    public UnauthorizedException(String msg) {
+        super(msg);
+    }
+}

len-core/src/main/java/com/len/base/BaseMapper.java

@@ -12,7 +12,7 @@ import java.util.List;
  * @email 154040976@qq.com
  * mapper封装 crud
  */
-public interface BaseMapper<T, E extends Serializable> extends tk.mybatis.mapper.common.BaseMapper<T>, MySqlMapper<T>, IdsMapper<T> {
+public interface BaseMapper<T, E extends Serializable> extends tk.mybatis.mapper.common.Mapper<T>, MySqlMapper<T>, IdsMapper<T> {
     /*
      *//**
      * 根据id删除

len-core/src/main/java/com/len/base/BaseService.java

@@ -1,8 +1,10 @@
 package com.len.base;
 
 import com.len.util.ReType;
+import org.apache.ibatis.session.RowBounds;
 
 import java.io.Serializable;
+import java.util.List;
 
 /**
  * @author zhuxiaomeng
@@ -10,54 +12,60 @@ import java.io.Serializable;
  * @email 154040976@qq.com
  * 通用service层
  */
-public interface BaseService<T, E extends Serializable> extends BaseMapper<T, E> {
+public interface BaseService<T, E extends Serializable> {
-    /**
-     * 根据id删除
-     * @param id
-     * @return
-     *//*
-  int deleteByPrimaryKey(E id);
 
-  *//**
+    public List<T> select(T t);
-     * 插入
-     * @param record
-     * @return
-     *//*
-  int insert(T record);
 
-  *//**
+    public List<T> selectAll();
-     *插入非空字段
-     * @param record
-     * @return
-     *//*
-  int insertSelective(T record);
 
-  *//**
+    public List<T> selectByIds(String ids);
-     * 根据id查询
-     * @param id
-     * @return
-     *//*
-  T selectByPrimaryKey(E id);
 
-  *//**
+    public int selectCount(T t);
-     * 更新非空数据
-     * @param record
-     * @return
-     *//*
-  int updateByPrimaryKeySelective(T record);
 
-  */
+    public int deleteByPrimaryKey(E id);
 
-    /**
+    public int insert(T record);
-     * 更新
-     *
-     * @param record
-     * @return
-     *//*
-  int updateByPrimaryKey(T record);
 
+    public int insertSelective(T record);
+
+    public int updateByPrimaryKeySelective(T record);
+
+    public int updateByPrimaryKey(T record);
+
+    public List<T> selectListByPage(T record);
+
+    public int deleteByPrimaryKey(Object o);
+
+    public int delete(T t);
+
+    public boolean existsWithPrimaryKey(Object o);
+
+    public T selectByPrimaryKey(Object o);
+
+    public T selectOne(T t);
+
+    public int deleteByIds(String s);
+
+    public int insertList(List<T> list);
+
+    public int insertUseGeneratedKeys(T t);
+
+    public int deleteByExample(Object o);
+
+    public List<T> selectByExample(Object o);
+
+    public int selectCountByExample(Object o);
+
+    public T selectOneByExample(Object o);
+
+    public int updateByExample(T t, Object o);
+
+    public int updateByExampleSelective(T t, Object o);
+
+    public List<T> selectByExampleAndRowBounds(Object o, RowBounds rowBounds);
+
+    public List<T> selectByRowBounds(T t, RowBounds rowBounds);
 
-  List<T> selectListByPage(T record);*/
 
     public ReType show(T t, int page, int limit);
 

len-core/src/main/java/com/len/util/CustomUsernamePasswordToken.java

@@ -11,11 +11,14 @@ public class CustomUsernamePasswordToken extends UsernamePasswordToken {
 
     private String type;
 
+
+
     public CustomUsernamePasswordToken(final String username, final String password, String loginType) {
         super(username,password);
         this.type = loginType;
     }
 
+
     public String getType() {
         return type;
     }

len-core/src/main/java/com/len/util/JWTUtil.java

@@ -7,6 +7,7 @@ import com.auth0.jwt.exceptions.JWTDecodeException;
 import com.auth0.jwt.interfaces.DecodedJWT;
 
 import java.util.Date;
+import java.util.List;
 
 public class JWTUtil {
 
@@ -34,8 +35,6 @@ public class JWTUtil {
     }
 
     /**
-     * 获得token中的信息无需secret解密也能获得
-     *
      * @return token中包含的用户名
      */
     public static String getUsername(String token) {
@@ -47,6 +46,21 @@ public class JWTUtil {
         }
     }
 
+    /**
+     * 获取角色组
+     *
+     * @param token
+     * @return
+     */
+    public static String[] getRoles(String token) {
+        try {
+            DecodedJWT jwt = JWT.decode(token);
+            return jwt.getClaim("roles").asArray(String.class);
+        } catch (JWTDecodeException e) {
+            return null;
+        }
+    }
+
     /**
      * 生成签名,5min后过期
      *
@@ -54,12 +68,16 @@ public class JWTUtil {
      * @param secret   用户的密码
      * @return 加密的token
      */
-    public static String sign(String username, String secret) {
+    public static String sign(String username, List<String> roles, String secret) {
         Date date = new Date(System.currentTimeMillis() + EXPIRE_TIME);
         Algorithm algorithm = Algorithm.HMAC256(secret);
+        String[] roleArr = new String[roles.size()];
+        roleArr = roles.toArray(roleArr);
         // 附带username信息
         return JWT.create()
                 .withClaim("username", username)
+//                .withClaim("roles", role)
+                .withArrayClaim("roles", roleArr)
                 .withExpiresAt(date)
                 .sign(algorithm);
     }

len-core/src/main/java/com/len/util/JsonUtil.java

@@ -2,6 +2,7 @@ package com.len.util;
 
 
 import com.alibaba.fastjson.JSONObject;
+import lombok.Data;
 
 /**
  * @author zhuxiaomeng
@@ -9,51 +10,45 @@ import com.alibaba.fastjson.JSONObject;
  * @email 154040976@qq.com
  * ajax 回执
  */
+@Data
 public class JsonUtil {
 
-  //默认成功
+    //默认成功
-  private boolean flag=true;
+    private boolean flag = true;
-  private String msg;
+    private String msg;
-  private JSONObject josnObj;
+    private JSONObject josnObj;
+    private Integer status;
 
-  public boolean isFlag() {
+    public boolean isFlag() {
-    return flag;
+        return flag;
-  }
+    }
 
-  public void setFlag(boolean flag) {
+    public void setFlag(boolean flag) {
-    this.flag = flag;
+        this.flag = flag;
-  }
+    }
 
-  public String getMsg() {
+    public JsonUtil() {
-    return msg;
+    }
-  }
 
-  public void setMsg(String msg) {
+    public JsonUtil(boolean flag, String msg) {
-    this.msg = msg;
+        this.flag = flag;
-  }
+        this.msg = msg;
+    }
 
-  public JSONObject getJosnObj() {
+    public JsonUtil(boolean flag, String msg, Integer status) {
-    return josnObj;
+        this.flag = flag;
-  }
+        this.msg = msg;
+        this.status = status;
+    }
 
-  public void setJosnObj(JSONObject josnObj) {
+    /**
-    this.josnObj = josnObj;
+     * restful 返回
-  }
+     */
+    public static JsonUtil error(String msg) {
+        return new JsonUtil(false, msg);
+    }
 
-
+    public static JsonUtil sucess(String msg) {
-  public JsonUtil() {
+        return new JsonUtil(true, msg);
-  }
+    }
-
-  public JsonUtil(boolean flag, String msg) {
-    this.flag = flag;
-    this.msg = msg;
-  }
-
-  /**restful 返回*/
-  public static JsonUtil error(String msg){
-    return new JsonUtil(false,msg);
-  }
-  public  static JsonUtil sucess(String msg){
-    return new JsonUtil(true,msg);
-  }
 }

len-core/src/main/java/com/len/util/JwtToken.java

@@ -0,0 +1,45 @@
+package com.len.util;
+
+import org.apache.shiro.authc.AuthenticationToken;
+
+/**
+ * @author zhuxiaomeng
+ * @date 2018/8/19.
+ * @email 154040976@qq.com
+ */
+public class JwtToken implements AuthenticationToken {
+
+    private String token;
+    private String type;
+
+    public JwtToken(String token,String type) {
+        this.token = token;
+        this.type=type;
+    }
+
+    @Override
+    public Object getPrincipal() {
+        return token;
+    }
+
+    @Override
+    public Object getCredentials() {
+        return token;
+    }
+
+    public String getToken() {
+        return token;
+    }
+
+    public void setToken(String token) {
+        this.token = token;
+    }
+
+    public String getType() {
+        return type;
+    }
+
+    public void setType(String type) {
+        this.type = type;
+    }
+}

len-sys/src/main/java/com/len/controller/LoginController.java

@@ -109,34 +109,6 @@ public class LoginController {
         return "/login";
     }
 
-    @ApiOperation(value = "/blogLogin", httpMethod = "POST", notes = "登录method")
-    @PostMapping(value = "/blogLogin")
-    public String blogLogin(SysUser user, Model model, String rememberMe, HttpServletRequest request) {
-        /*String codeMsg = (String) request.getAttribute("shiroLoginFailure");
-        if ("code.error".equals(codeMsg)) {
-            model.addAttribute("message", "验证码错误");
-            return "/login";
-        }*/
-        CustomUsernamePasswordToken token = new CustomUsernamePasswordToken(user.getUsername().trim(),
-                user.getPassword(), "BlogLogin");
-        Subject subject = ShiroUtil.getSubject();
-        String msg = null;
-        try {
-            subject.login(token);
-            if (subject.isAuthenticated()) {
-                return "redirect:/main";
-            }
-        } catch (UnknownAccountException | IncorrectCredentialsException e) {
-            msg = "用户名/密码错误";
-        } catch (ExcessiveAttemptsException e) {
-            msg = "登录失败多次，账户锁定10分钟";
-        }
-        if (msg != null) {
-            model.addAttribute("message", msg);
-        }
-        return "/login";
-    }
-
     @GetMapping("/main")
     public String main() {
         return "main/main";

len-sys/src/main/java/com/len/core/shiro/BlogRealm.java

@@ -1,128 +0,0 @@
-package com.len.core.shiro;
-
-import com.alibaba.fastjson.JSONArray;
-import com.len.base.CurrentMenu;
-import com.len.base.CurrentRole;
-import com.len.base.CurrentUser;
-import com.len.entity.SysMenu;
-import com.len.entity.SysRole;
-import com.len.entity.SysUser;
-import com.len.service.MenuService;
-import com.len.service.RoleMenuService;
-import com.len.service.RoleUserService;
-import com.len.service.SysUserService;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.shiro.authc.*;
-import org.apache.shiro.authz.AuthorizationInfo;
-import org.apache.shiro.authz.SimpleAuthorizationInfo;
-import org.apache.shiro.realm.AuthorizingRealm;
-import org.apache.shiro.realm.Realm;
-import org.apache.shiro.session.Session;
-import org.apache.shiro.subject.PrincipalCollection;
-import org.apache.shiro.subject.Subject;
-import org.apache.shiro.util.ByteSource;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
-
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.List;
-
-/**
- * @author zhuxiaomeng
- * @date 2017/12/4.
- * @email 154040976@qq.com
- */
-@Service
-public class BlogRealm extends AuthorizingRealm {
-
-  @Autowired
-  private SysUserService userService;
-
-  @Autowired
-  private MenuService menuService;
-
-  @Autowired
-  private RoleUserService roleUserService;
-
-  @Autowired
-  private RoleMenuService roleMenuService;
-
- /* @Override
-  public boolean supports(AuthenticationToken token) {
-    return super.supports(token);
-  }*/
-
-  /**
-   * 获取认证
-   * @param principalCollection
-   * @return
-   */
-  @Override
-  protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
-    SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
-    String name= (String) principalCollection.getPrimaryPrincipal();
-    //根据用户获取角色 根据角色获取所有按钮权限
-   CurrentUser cUser= (CurrentUser) ShiroUtil.getSession().getAttribute("curentUser");
-   for(CurrentRole cRole:cUser.getCurrentRoleList()){
-     info.addRole(cRole.getId());
-   }
-   for(CurrentMenu cMenu:cUser.getCurrentMenuList()){
-     if(!StringUtils.isEmpty(cMenu.getPermission()))
-     info.addStringPermission(cMenu.getPermission());
-   }
-    return info;
-  }
-
-  /**
-   * 获取授权
-   * @param authenticationToken
-   * @return
-   * @throws AuthenticationException
-   */
-  @Override
-  protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken)
-      throws AuthenticationException {
-    UsernamePasswordToken upToken = (UsernamePasswordToken) authenticationToken;
-    String name=upToken.getUsername();
-    String username=(String)authenticationToken.getPrincipal();
-    SysUser s=null;
-    try {
-      s = userService.login(username);
-    }catch (Exception e){
-      e.printStackTrace();
-    }
-    if(s==null){
-      throw new UnknownAccountException("账户密码不正确");
-    }else{
-      CurrentUser currentUser=new CurrentUser(s.getId(),s.getUsername(),s.getAge(),s.getEmail(),s.getPhoto(),s.getRealName());
-      Subject subject = ShiroUtil.getSubject();
-      /**角色权限封装进去*/
-      //根据用户获取菜单
-      List<SysMenu> menuList=new ArrayList<>(new HashSet<>(menuService.getUserMenu(s.getId())));
-      JSONArray json=menuService.getMenuJsonByUser(menuList);
-      Session session= subject.getSession();
-      session.setAttribute("menu",json);
-      CurrentMenu currentMenu=null;
-      List<CurrentMenu> currentMenuList=new ArrayList<>();
-      List<SysRole> roleList=new ArrayList<>();
-      for(SysMenu m:menuList){
-       currentMenu=new CurrentMenu(m.getId(),m.getName(),m.getPId(),m.getUrl(),m.getOrderNum(),m.getIcon(),m.getPermission(),m.getMenuType(),m.getNum());
-        currentMenuList.add(currentMenu);
-          roleList.addAll(m.getRoleList());
-      }
-      roleList= new ArrayList<>(new HashSet<>(roleList));
-      List<CurrentRole> currentRoleList=new ArrayList<>();
-      CurrentRole role=null;
-      for(SysRole r:roleList){
-        role=new CurrentRole(r.getId(),r.getRoleName(),r.getRemark());
-        currentRoleList.add(role);
-      }
-      currentUser.setCurrentRoleList(currentRoleList);
-      currentUser.setCurrentMenuList(currentMenuList);
-      session.setAttribute("curentUser",currentUser);
-    }
-    ByteSource byteSource=ByteSource.Util.bytes(username);
-    return new SimpleAuthenticationInfo(username,s.getPassword(), byteSource, getName());
-  }
-}

len-sys/src/main/java/com/len/core/shiro/LoginRealm.java

@@ -11,21 +11,12 @@ import com.len.service.MenuService;
 import com.len.service.RoleMenuService;
 import com.len.service.RoleUserService;
 import com.len.service.SysUserService;
-import java.util.ArrayList;
+import com.len.util.JWTUtil;
-import java.util.HashSet;
-import java.util.List;
 import org.apache.commons.lang3.StringUtils;
-import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.authc.*;
-import org.apache.shiro.authc.AuthenticationException;
-import org.apache.shiro.authc.AuthenticationInfo;
-import org.apache.shiro.authc.AuthenticationToken;
-import org.apache.shiro.authc.SimpleAuthenticationInfo;
-import org.apache.shiro.authc.UnknownAccountException;
-import org.apache.shiro.authc.UsernamePasswordToken;
 import org.apache.shiro.authz.AuthorizationInfo;
 import org.apache.shiro.authz.SimpleAuthorizationInfo;
 import org.apache.shiro.realm.AuthorizingRealm;
-import org.apache.shiro.realm.Realm;
 import org.apache.shiro.session.Session;
 import org.apache.shiro.subject.PrincipalCollection;
 import org.apache.shiro.subject.Subject;
@@ -33,101 +24,115 @@ import org.apache.shiro.util.ByteSource;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
 /**
  * @author zhuxiaomeng
  * @date 2017/12/4.
  * @email 154040976@qq.com
  */
 @Service
-public class LoginRealm extends AuthorizingRealm  {
+public class LoginRealm extends AuthorizingRealm {
 
-  @Autowired
+    @Autowired
-  private SysUserService userService;
+    private SysUserService userService;
 
-  @Autowired
+    @Autowired
-  private MenuService menuService;
+    private MenuService menuService;
 
-  @Autowired
+    @Autowired
-  private RoleUserService roleUserService;
+    private RoleUserService roleUserService;
 
-  @Autowired
+    @Autowired
-  private RoleMenuService roleMenuService;
+    private RoleMenuService roleMenuService;
 
- /* @Override
-  public boolean supports(AuthenticationToken token) {
-    return super.supports(token);
-  }*/
 
-  /**
+    /**
-   * 获取认证
+     * 获取授权
-   * @param principalCollection
+     *
-   * @return
+     * @param principalCollection
-   */
+     * @return
-  @Override
+     */
-  protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
+    @Override
-    SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
+    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
-    String name= (String) principalCollection.getPrimaryPrincipal();
+        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
-    //根据用户获取角色 根据角色获取所有按钮权限
+        String name = (String) principalCollection.getPrimaryPrincipal();
-   CurrentUser cUser= (CurrentUser) ShiroUtil.getSession().getAttribute("curentUser");
+        Set<String> realmNames = principalCollection.getRealmNames();
-   for(CurrentRole cRole:cUser.getCurrentRoleList()){
+        List<String> realmNameList = new ArrayList<>(realmNames);
-     info.addRole(cRole.getId());
+        if ("BlogLogin".equals(realmNameList.get(0))) {
-   }
+            String[] roles = JWTUtil.getRoles(name);
-   for(CurrentMenu cMenu:cUser.getCurrentMenuList()){
+            assert roles != null;
-     if(!StringUtils.isEmpty(cMenu.getPermission()))
+            for (String role : roles) {
-     info.addStringPermission(cMenu.getPermission());
+                info.addRole(role);
-   }
+            }
-    return info;
+        } else {
-  }
+            //根据用户获取角色 根据角色获取所有按钮权限
+            CurrentUser cUser = (CurrentUser) ShiroUtil.getSession().getAttribute("curentUser");
+            for (CurrentRole cRole : cUser.getCurrentRoleList()) {
+                info.addRole(cRole.getId());
+            }
+            for (CurrentMenu cMenu : cUser.getCurrentMenuList()) {
+                if (!StringUtils.isEmpty(cMenu.getPermission())){
+                    info.addStringPermission(cMenu.getPermission());
+                }
+            }
+        }
 
-  /**
+        return info;
-   * 获取授权
-   * @param authenticationToken
-   * @return
-   * @throws AuthenticationException
-   */
-  @Override
-  protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken)
-      throws AuthenticationException {
-    UsernamePasswordToken upToken = (UsernamePasswordToken) authenticationToken;
-    String name=upToken.getUsername();
-    String username=(String)authenticationToken.getPrincipal();
-    SysUser s=null;
-    try {
-      s = userService.login(username);
-    }catch (Exception e){
-      e.printStackTrace();
     }
-    if(s==null){
+
-      throw new UnknownAccountException("账户密码不正确");
+    /**
-    }else{
+     * 获取认证
-      CurrentUser currentUser=new CurrentUser(s.getId(),s.getUsername(),s.getAge(),s.getEmail(),s.getPhoto(),s.getRealName());
+     *
-      Subject subject = ShiroUtil.getSubject();
+     * @param authenticationToken
-      /**角色权限封装进去*/
+     * @return
-      //根据用户获取菜单
+     * @throws AuthenticationException
-      List<SysMenu> menuList=new ArrayList<>(new HashSet<>(menuService.getUserMenu(s.getId())));
+     */
-      JSONArray json=menuService.getMenuJsonByUser(menuList);
+    @Override
-      Session session= subject.getSession();
+    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken)
-      session.setAttribute("menu",json);
+            throws AuthenticationException {
-      CurrentMenu currentMenu=null;
+        UsernamePasswordToken upToken = (UsernamePasswordToken) authenticationToken;
-      List<CurrentMenu> currentMenuList=new ArrayList<>();
+        String username = (String) authenticationToken.getPrincipal();
-      List<SysRole> roleList=new ArrayList<>();
+        SysUser s = null;
-      for(SysMenu m:menuList){
+        try {
-       currentMenu=new CurrentMenu(m.getId(),m.getName(),m.getPId(),m.getUrl(),m.getOrderNum(),m.getIcon(),m.getPermission(),m.getMenuType(),m.getNum());
+            s = userService.login(username);
-        currentMenuList.add(currentMenu);
+        } catch (Exception e) {
-          roleList.addAll(m.getRoleList());
+            e.printStackTrace();
-      }
+        }
-      roleList= new ArrayList<>(new HashSet<>(roleList));
+        if (s == null) {
-      List<CurrentRole> currentRoleList=new ArrayList<>();
+            throw new UnknownAccountException("账户密码不正确");
-      CurrentRole role=null;
+        } else {
-      for(SysRole r:roleList){
+            CurrentUser currentUser = new CurrentUser(s.getId(), s.getUsername(), s.getAge(), s.getEmail(), s.getPhoto(), s.getRealName());
-        role=new CurrentRole(r.getId(),r.getRoleName(),r.getRemark());
+            Subject subject = ShiroUtil.getSubject();
-        currentRoleList.add(role);
+            /**角色权限封装进去*/
-      }
+            //根据用户获取菜单
-      currentUser.setCurrentRoleList(currentRoleList);
+            List<SysMenu> menuList = new ArrayList<>(new HashSet<>(menuService.getUserMenu(s.getId())));
-      currentUser.setCurrentMenuList(currentMenuList);
+            JSONArray json = menuService.getMenuJsonByUser(menuList);
-      session.setAttribute("curentUser",currentUser);
+            Session session = subject.getSession();
+            session.setAttribute("menu", json);
+            CurrentMenu currentMenu = null;
+            List<CurrentMenu> currentMenuList = new ArrayList<>();
+            List<SysRole> roleList = new ArrayList<>();
+            for (SysMenu m : menuList) {
+                currentMenu = new CurrentMenu(m.getId(), m.getName(), m.getPId(), m.getUrl(), m.getOrderNum(), m.getIcon(), m.getPermission(), m.getMenuType(), m.getNum());
+                currentMenuList.add(currentMenu);
+                roleList.addAll(m.getRoleList());
+            }
+            roleList = new ArrayList<>(new HashSet<>(roleList));
+            List<CurrentRole> currentRoleList = new ArrayList<>();
+            CurrentRole role = null;
+            for (SysRole r : roleList) {
+                role = new CurrentRole(r.getId(), r.getRoleName(), r.getRemark());
+                currentRoleList.add(role);
+            }
+            currentUser.setCurrentRoleList(currentRoleList);
+            currentUser.setCurrentMenuList(currentMenuList);
+            session.setAttribute("curentUser", currentUser);
+        }
+        ByteSource byteSource = ByteSource.Util.bytes(username);
+        return new SimpleAuthenticationInfo(username, s.getPassword(), byteSource, getName());
     }
-    ByteSource byteSource=ByteSource.Util.bytes(username);
-    return new SimpleAuthenticationInfo(username,s.getPassword(), byteSource, getName());
-  }
 }

len-sys/src/main/java/com/len/service/RoleService.java

@@ -12,6 +12,7 @@ import java.util.List;
 public interface RoleService extends BaseService<SysRole,String> {
 
 
+  @Override
   int deleteByPrimaryKey(String id);
 
   @Override

len-sys/src/main/java/com/len/service/RoleUserService.java

@@ -13,6 +13,7 @@ public interface RoleUserService  extends BaseService<SysRoleUser,String>{
 
   int deleteByPrimaryKey(SysRoleUser sysRoleUser);
 
+  @Override
   int insert(SysRoleUser sysRoleUser);
 
   int selectCountByCondition(SysRoleUser sysRoleUser);

len-sys/src/main/java/com/len/service/SysUserService.java

@@ -47,6 +47,7 @@ public interface SysUserService extends BaseService<SysUser,String> {
   int checkUser(String username);
 
 
+
   @Override
   int updateByPrimaryKey(SysUser sysUser);
 

len-web/src/main/java/com/len/config/MyModularRealmAuthenticator.java

@@ -1,12 +1,13 @@
 package com.len.config;
 
 import com.len.util.CustomUsernamePasswordToken;
+import com.len.util.JwtToken;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.shiro.authc.AuthenticationException;
 import org.apache.shiro.authc.AuthenticationInfo;
 import org.apache.shiro.authc.AuthenticationToken;
 import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
 import org.apache.shiro.realm.Realm;
-import org.springframework.context.annotation.Configuration;
 
 import java.util.ArrayList;
 import java.util.Collection;
@@ -19,11 +20,24 @@ import java.util.Collection;
  */
 public class MyModularRealmAuthenticator extends ModularRealmAuthenticator {
 
+
     @Override
     protected AuthenticationInfo doAuthenticate(AuthenticationToken authenticationToken) throws AuthenticationException {
         assertRealmsConfigured();
-        CustomUsernamePasswordToken token = (CustomUsernamePasswordToken) authenticationToken;
+        String type;
-        String type = token.getType();
+        AuthenticationToken token;
+        if (authenticationToken instanceof JwtToken) {
+            JwtToken token1 = (JwtToken) authenticationToken;
+            token = token1;
+            type = token1.getType();
+        } else {
+            CustomUsernamePasswordToken token1 = (CustomUsernamePasswordToken) authenticationToken;
+            token = token1;
+            type = token1.getType();
+        }
+        if (StringUtils.isEmpty(type)) {
+            throw new RuntimeException("登录认证授权类型不能为空");
+        }
         Collection<Realm> realms = getRealms();
         Collection<Realm> realmsList = new ArrayList<>();
         for (Realm realm : realms) {
@@ -34,4 +48,6 @@ public class MyModularRealmAuthenticator extends ModularRealmAuthenticator {
         return realmsList.size() == 1 ? doSingleRealmAuthentication(realmsList.iterator().next(), token)
                 : doMultiRealmAuthentication(realmsList, token);
     }
+
+
 }

len-web/src/main/java/com/len/config/ShiroConfig.java

@@ -1,8 +1,9 @@
 package com.len.config;
 
+import com.len.core.BlogRealm;
+import com.len.core.MyBasicHttpAuthenticationFilter;
 import com.len.core.filter.PermissionFilter;
 import com.len.core.filter.VerfityCodeFilter;
-import com.len.core.shiro.BlogRealm;
 import com.len.core.shiro.LoginRealm;
 import com.len.core.shiro.RetryLimitCredentialsMatcher;
 import org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy;
@@ -26,135 +27,152 @@ import java.util.*;
  * @author zhuxiaomeng
  * @date 2018/1/1.
  * @email 154040976@qq.com
- *spring shiro
+ * spring shiro
  * 元旦快乐：code everybody
  */
 @Configuration
 public class ShiroConfig {
 
-  @Bean
+    @Bean
-  public RetryLimitCredentialsMatcher getRetryLimitCredentialsMatcher(){
+    public RetryLimitCredentialsMatcher getRetryLimitCredentialsMatcher() {
 //    RetryLimitCredentialsMatcher rm = new RetryLimitCredentialsMatcher(getCacheManager(),2);
-    RetryLimitCredentialsMatcher rm = new RetryLimitCredentialsMatcher(getCacheManager());
+        RetryLimitCredentialsMatcher rm = new RetryLimitCredentialsMatcher(getCacheManager());
-    rm.setHashAlgorithmName("md5");
+        rm.setHashAlgorithmName("md5");
-    rm.setHashIterations(4);
+        rm.setHashIterations(4);
-    return rm;
+        return rm;
 
-  }
+    }
-  @Bean(name = "userLoginRealm")
-  public LoginRealm getLoginRealm(){
-    LoginRealm realm= new LoginRealm();
-    realm.setCredentialsMatcher(getRetryLimitCredentialsMatcher());
-    return realm;
-  }
-  @Bean(name = "blogLoginRealm")
-  public BlogRealm blogLoginRealm(){
-    BlogRealm realm= new BlogRealm();
-    realm.setCredentialsMatcher(getRetryLimitCredentialsMatcher());
-    return realm;
-  }
 
-  @Bean
+   /* @Bean
-  public EhCacheManager getCacheManager(){
+    public BlogRetryLimitCredentialsMatcher getBlogRetryLimitCredentialsMatcher() {
-    EhCacheManager ehCacheManager=new EhCacheManager();
+        BlogRetryLimitCredentialsMatcher rm = new BlogRetryLimitCredentialsMatcher(getCacheManager());
-    ehCacheManager.setCacheManagerConfigFile("classpath:ehcache/ehcache.xml");
+        rm.setHashAlgorithmName("md5");
-    return ehCacheManager;
+        rm.setHashIterations(4);
-  }
+        return rm;
 
-  @Bean
+    }*/
-  public LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() {
-    return new LifecycleBeanPostProcessor();
-  }
 
-  @Bean
+    @Bean(name = "userLoginRealm")
-  public  AtLeastOneSuccessfulStrategy getAtLeastOneSuccessfulStrategy(){
+    public LoginRealm getLoginRealm() {
-      AtLeastOneSuccessfulStrategy strategy=new AtLeastOneSuccessfulStrategy();
+        LoginRealm realm = new LoginRealm();
-      return strategy;
+        realm.setCredentialsMatcher(getRetryLimitCredentialsMatcher());
-  }
+        return realm;
-  @Bean
+    }
-  public MyModularRealmAuthenticator getMyModularRealmAuthenticator(){
-    MyModularRealmAuthenticator authenticator=new MyModularRealmAuthenticator();
-    authenticator.setAuthenticationStrategy(getAtLeastOneSuccessfulStrategy());
-    return authenticator;
-  }
-  @Bean(name="securityManager")
-  public SecurityManager getSecurityManager(@Qualifier("userLoginRealm") LoginRealm loginRealm,
-                                            @Qualifier("blogLoginRealm") BlogRealm blogLoginRealm){
-    DefaultWebSecurityManager dwm=new DefaultWebSecurityManager();
-    List<Realm> loginRealms=new ArrayList<>();
-    dwm.setAuthenticator(getMyModularRealmAuthenticator());
-    loginRealm.setName("UserLogin");
-    blogLoginRealm.setName("BlogLogin");
-    loginRealms.add(loginRealm);
-    loginRealms.add(blogLoginRealm);
-    dwm.setRealms(loginRealms);
-    dwm.setCacheManager(getCacheManager());
-    dwm.setSessionManager(defaultWebSessionManager());
-    return dwm;
-  }
 
-  @Bean
+    @Bean(name = "blogLoginRealm")
-  public PermissionFilter getPermissionFilter(){
+    public BlogRealm blogLoginRealm() {
-    PermissionFilter pf=new PermissionFilter();
+        return new BlogRealm();
-    return pf;
+    }
-  }
 
-  @Bean
+    @Bean
-  public VerfityCodeFilter getVerfityCodeFilter(){
+    public EhCacheManager getCacheManager() {
-    VerfityCodeFilter vf= new VerfityCodeFilter();
+        EhCacheManager ehCacheManager = new EhCacheManager();
-    vf.setFailureKeyAttribute("shiroLoginFailure");
+        ehCacheManager.setCacheManagerConfigFile("classpath:ehcache/ehcache.xml");
-    vf.setJcaptchaParam("code");
+        return ehCacheManager;
-    vf.setVerfitiCode(true);
+    }
-    return vf;
-  }
 
-  @Bean(name = "shiroFilter")
+    @Bean
-  public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") SecurityManager securityManager){
+    public LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() {
-    ShiroFilterFactoryBean sfb = new ShiroFilterFactoryBean();
+        return new LifecycleBeanPostProcessor();
-    sfb.setSecurityManager(securityManager);
+    }
-    sfb.setLoginUrl("/login");
-    sfb.setUnauthorizedUrl("/goLogin");
-    Map<String, Filter> filters=new HashMap<>();
-    filters.put("per",getPermissionFilter());
-    filters.put("verCode",getVerfityCodeFilter());
-    sfb.setFilters(filters);
-    Map<String, String> filterMap = new LinkedHashMap<>();
-    filterMap.put("/login","verCode,anon");
-    filterMap.put("/blogLogin","verCode,anon");
-    //filterMap.put("/login","anon");
-    filterMap.put("/getCode","anon");
-    filterMap.put("/blog/**","anon");
-    filterMap.put("/logout","logout");
-    filterMap.put("/plugin/**","anon");
-    filterMap.put("/user/**","per");
-    filterMap.put("/**","authc");
-    sfb.setFilterChainDefinitionMap(filterMap);
-    return sfb;
-  }
 
-  @Bean
+    @Bean
-  public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator() {
+    public AtLeastOneSuccessfulStrategy getAtLeastOneSuccessfulStrategy() {
-    DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
+        return new AtLeastOneSuccessfulStrategy();
-    advisorAutoProxyCreator.setProxyTargetClass(true);
+    }
-    return advisorAutoProxyCreator;
-  }
 
-  @Bean
+    @Bean
-  public AuthorizationAttributeSourceAdvisor getAuthorizationAttributeSourceAdvisor(@Qualifier("securityManager") SecurityManager securityManager){
+    public MyModularRealmAuthenticator getMyModularRealmAuthenticator() {
-    AuthorizationAttributeSourceAdvisor as=new AuthorizationAttributeSourceAdvisor();
+        MyModularRealmAuthenticator authenticator = new MyModularRealmAuthenticator();
-    as.setSecurityManager(securityManager);
+        authenticator.setAuthenticationStrategy(getAtLeastOneSuccessfulStrategy());
-    return as;
+        return authenticator;
-  }
+    }
-  @Bean
+
-  public DefaultWebSessionManager defaultWebSessionManager() {
+    @Bean(name = "securityManager")
-    DefaultWebSessionManager defaultWebSessionManager = new DefaultWebSessionManager();
+    public SecurityManager getSecurityManager(@Qualifier("userLoginRealm") LoginRealm loginRealm,
-    defaultWebSessionManager.setSessionIdCookieEnabled(true);
+                                              @Qualifier("blogLoginRealm") BlogRealm blogLoginRealm) {
-    defaultWebSessionManager.setGlobalSessionTimeout(21600000);
+        DefaultWebSecurityManager dwm = new DefaultWebSecurityManager();
-    defaultWebSessionManager.setDeleteInvalidSessions(true);
+        List<Realm> loginRealms = new ArrayList<>();
-    defaultWebSessionManager.setSessionValidationSchedulerEnabled(true);
+        dwm.setAuthenticator(getMyModularRealmAuthenticator());
-    defaultWebSessionManager.setSessionIdUrlRewritingEnabled(false);
+        loginRealm.setName("UserLogin");
-    return defaultWebSessionManager;
+        blogLoginRealm.setName("BlogLogin");
-  }
+        loginRealms.add(loginRealm);
+        loginRealms.add(blogLoginRealm);
+        dwm.setRealms(loginRealms);
+        dwm.setCacheManager(getCacheManager());
+        dwm.setSessionManager(defaultWebSessionManager());
+        return dwm;
+    }
+
+    @Bean
+    public PermissionFilter getPermissionFilter() {
+        return new PermissionFilter();
+    }
+
+    @Bean
+    public MyBasicHttpAuthenticationFilter getAuthenticationFilter() {
+        return new MyBasicHttpAuthenticationFilter();
+    }
+
+    @Bean
+    public VerfityCodeFilter getVerfityCodeFilter() {
+        VerfityCodeFilter vf = new VerfityCodeFilter();
+        vf.setFailureKeyAttribute("shiroLoginFailure");
+        vf.setJcaptchaParam("code");
+        vf.setVerfitiCode(true);
+        return vf;
+    }
+
+    @Bean(name = "shiroFilter")
+    public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") SecurityManager securityManager) {
+        ShiroFilterFactoryBean sfb = new ShiroFilterFactoryBean();
+        sfb.setSecurityManager(securityManager);
+        sfb.setLoginUrl("/login");
+        sfb.setUnauthorizedUrl("/goLogin");
+        Map<String, Filter> filters = new HashMap<>();
+        filters.put("per", getPermissionFilter());
+        filters.put("verCode", getVerfityCodeFilter());
+        filters.put("jwt", getAuthenticationFilter());
+        sfb.setFilters(filters);
+        Map<String, String> filterMap = new LinkedHashMap<>();
+        filterMap.put("/login", "verCode,anon");
+        filterMap.put("/blogLogin", "verCode,anon");
+        //filterMap.put("/login","anon");
+        filterMap.put("/getCode", "anon");
+        // filterMap.put("/blog/**", "anon");
+        filterMap.put("/logout", "logout");
+        filterMap.put("/plugin/**", "anon");
+        filterMap.put("/user/**", "per");
+        filterMap.put("/blog/**", "jwt");
+        filterMap.put("/**", "authc");
+        sfb.setFilterChainDefinitionMap(filterMap);
+        return sfb;
+    }
+
+    @Bean
+    public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator() {
+        DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
+        advisorAutoProxyCreator.setProxyTargetClass(true);
+        return advisorAutoProxyCreator;
+    }
+
+    @Bean
+    public AuthorizationAttributeSourceAdvisor getAuthorizationAttributeSourceAdvisor(@Qualifier("securityManager") SecurityManager securityManager) {
+        AuthorizationAttributeSourceAdvisor as = new AuthorizationAttributeSourceAdvisor();
+        as.setSecurityManager(securityManager);
+        return as;
+    }
+
+    @Bean
+    public DefaultWebSessionManager defaultWebSessionManager() {
+        DefaultWebSessionManager defaultWebSessionManager = new DefaultWebSessionManager();
+        defaultWebSessionManager.setSessionIdCookieEnabled(true);
+        defaultWebSessionManager.setGlobalSessionTimeout(21600000);
+        defaultWebSessionManager.setDeleteInvalidSessions(true);
+        defaultWebSessionManager.setSessionValidationSchedulerEnabled(true);
+        defaultWebSessionManager.setSessionIdUrlRewritingEnabled(false);
+        return defaultWebSessionManager;
+    }
 /*
   @Bean
   public FilterRegistrationBean delegatingFilterProxy(){