p96170835
/
diboot
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

modify: 移除shiro组件配置,在diboot-v2-starter中增加shiro-starter代替配置

This commit is contained in:
wuy 2019-10-12 14:54:53 +08:00
parent 8f330f624d
commit 054e5a28f4
24 changed files with 228 additions and 366 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
build.gradle
View File

@ -4,6 +4,7 @@ buildscript {
}
repositories {
mavenLocal() //maven库
maven{ url 'http://maven.diboot.com/repository/diboot'}
maven{ url 'http://maven.aliyun.com/nexus/content/groups/public/'}
}
dependencies {
@ -29,6 +30,7 @@ subprojects {
[compileJava,compileTestJava,javadoc]*.options*.encoding = 'UTF-8'
repositories {
mavenLocal() //maven库
maven{ url 'http://maven.diboot.com/repository/diboot/'}
maven{ url 'http://maven.aliyun.com/nexus/content/groups/public/'}
}
ext {//

1
diboot-docs/.vuepress/config.js
View File

@ -40,6 +40,7 @@ module.exports = {
['/guide/diboot-shiro/安装', '安装'],
['/guide/diboot-shiro/权限设置', '权限设置'],
['/guide/diboot-shiro/权限缓存', '权限缓存'],
['/guide/diboot-shiro/URL配置', 'URL配置'],
]
}
],

17
diboot-docs/guide/diboot-shiro/URL配置.md Normal file
View File

@ -0,0 +1,17 @@
# URL配置
> diboot-shiro URL配置可以让访问变得更加灵活
当前提供匿名访问url配置 和错误url配置
### 缓存配置
```properties
#忽略认证的url
diboot.shiro.configuration.ignore-auth-urls=/public/**/public2
#错误跳转的url: 默认不配置使用 /error
diboot.shiro.configuration.error-url=/error
```
::: tip
组件中已经设置了部分必要忽略认证的url详细可以查看com.diboot.shiro.starter.ShiroAutoConfiguration配置
:::

6
diboot-docs/guide/diboot-shiro/安装.md
View File

@ -23,7 +23,7 @@ repositories {
```
2. 引入依赖
```groovy
compile ("com.diboot:diboot-shiro:2.0.1")
compile("com.diboot:diboot-shiro-spring-boot-starter:2.0.3")
```
* Maven项目
@ -41,7 +41,7 @@ compile ("com.diboot:diboot-shiro:2.0.1")
```xml
<dependency>
<groupId>com.diboot</groupId>
<artifactId>diboot-shiro</artifactId>
<version>2.0.1</version>
<artifactId>diboot-shiro-spring-boot-starter</artifactId>
<version>2.0.3</version>
</dependency>
```

4
diboot-docs/guide/diboot-shiro/权限缓存.md
View File

@ -5,9 +5,9 @@
### 缓存配置
```properties
#是否开启缓存默认false
diboot.shiro.cache.permission-caching-enabled=true
diboot.shiro.configuration.cache.permission-caching-enabled=true
#缓存的方式memory
diboot.shiro.cache.cache-way=memory
diboot.shiro.configuration.cache.cache-way=memory
```
::: tip
注:暂时只支持内存缓存redis已经纳入开发计划

8
diboot-docs/guide/diboot-shiro/权限设置.md
View File

@ -7,15 +7,15 @@
```properties
#是否存储数据库默认false 不开启
diboot.shiro.auth.storage=true
diboot.shiro.configuration.auth.storage=true
#存储环境{dev, test, prod}
# 默认dev环境不会删除代码中不存在的权限多人协作开发时需要开启否则回删除对方新增的权限
diboot.shiro.auth.env=dev
diboot.shiro.configuration.auth.env=dev
#配置所有权限均可访问的角色
diboot.shiro.auth.has-all-permissions-role-list[0]=ALL1
diboot.shiro.auth.has-all-permissions-role-list[1]=ALL2
diboot.shiro.configuration.auth.has-all-permissions-role-list[0]=ALL1
diboot.shiro.configuration.auth.has-all-permissions-role-list[1]=ALL2
```
> `diboot.shiro.auth.has-all-permissions-role-list`配置可访问任意接口的权限,如果不配置,默认是角色`ADMIN`

2
diboot-example/build.gradle
View File

@ -3,7 +3,7 @@ apply plugin: 'org.springframework.boot'
dependencies {
// compile("com.diboot:diboot-shiro:2.0.1")
compile project(":diboot-shiro-wx-mp")
compile project(":diboot-shiro-wx-cp")
// compile project(":diboot-shiro-wx-cp")
compile project(":diboot-components-msg")
//

25
diboot-example/src/main/java/com/diboot/example/controller/TestController.java Normal file
View File

@ -0,0 +1,25 @@
package com.diboot.example.controller;
import com.diboot.core.vo.JsonResult;
import com.diboot.core.vo.Status;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
/**
* @author : wee
* @version : v todo
* @Date 2019-10-10 16:37
*/
@RestController
public class TestController {
@GetMapping("/jwturl")
public JsonResult get() {
return new JsonResult(Status.FAIL_EXCEPTION);
}
@GetMapping("/public/anon")
public JsonResult anon() {
return new JsonResult(Status.FAIL_EXCEPTION);
}
}

17
diboot-example/src/main/resources/application.properties.default
View File

@ -90,17 +90,18 @@ email.sender.name=
#权限配置
#是否存储数据库:默认不开启
diboot.shiro.auth.storage=true
diboot.shiro.configuration.auth.storage=true
#存储环境默认dev环境不会删除代码中不存在的权限
diboot.shiro.auth.env=dev
diboot.shiro.configuration.auth.env=dev
#配置所有权限均可访问的角色
diboot.shiro.auth.has-all-permissions-role-list[0]=ALL1
diboot.shiro.auth.has-all-permissions-role-list[1]=ALL2
diboot.shiro.auth.has-all-permissions-role-list[2]=ALL3
#diboot.shiro.auth.has-all-permissions-role-list[0]=ALL1
#diboot.shiro.auth.has-all-permissions-role-list[1]=ALL2
#diboot.shiro.auth.has-all-permissions-role-list[2]=ALL3
#权限缓存机制
diboot.shiro.cache.permission-caching-enabled=true
diboot.shiro.cache.cache-way=memory
diboot.shiro.configuration.cache.cache-way=memory
diboot.shiro.configuration.cache.permission-caching-enabled=true
diboot.shiro.configuration.ignore-auth-urls=/public/**
#------web页面访问的时候需要如下配置----
spring.mvc.view.prefix=/static

18
diboot-shiro-wx-mp/build.gradle
View File

@ -1,24 +1,12 @@
plugins {
id 'java'
}
group 'com.diboot'
version '2.0-alpha'
apply plugin: 'org.springframework.boot'
sourceCompatibility = 1.8
repositories {
mavenCentral()
}
dependencies {
compile project(":diboot-shiro")
// compile project(":diboot-shiro")
//
compile("com.github.binarywang:weixin-java-mp:3.2.0")
compile("com.diboot:diboot-shiro-spring-boot-starter:2.0.3")
testCompile group: 'junit', name: 'junit', version: '4.12'
}
}

7
diboot-shiro/build.gradle
View File

@ -1,13 +1,14 @@
apply plugin: 'org.springframework.boot'
dependencies {
compile project(":diboot-core")
// compile project(":diboot-core")
// compile("org.springframework.boot:spring-boot-configuration-processor")
compile("com.diboot:diboot-core-spring-boot-starter:2.0.3")
compile("org.apache.shiro:shiro-spring:1.4.1")
compile("org.aspectj:aspectjweaver")
compile("com.auth0:java-jwt:3.4.1",
"io.jsonwebtoken:jjwt:0.9.1")
testCompile group: 'junit', name: 'junit', version: '4.12'
}
}

10
diboot-shiro/src/main/java/com/diboot/shiro/authz/aop/AuthorizationWrapperAnnotationMethodInterceptor.java
View File

@ -1,8 +1,8 @@
package com.diboot.shiro.authz.aop;
import com.diboot.shiro.authz.annotation.AuthorizationWrapper;
import com.diboot.shiro.authz.config.AuthConfiguration;
import com.diboot.shiro.authz.handler.AuthorizationWrapperAnnotationHandler;
import com.diboot.shiro.authz.properties.AuthorizationProperties;
import org.apache.shiro.aop.AnnotationResolver;
import org.apache.shiro.aop.MethodInvocation;
import org.apache.shiro.authz.AuthorizationException;
@ -19,16 +19,16 @@ public class AuthorizationWrapperAnnotationMethodInterceptor extends Authorizing
* Default no-argument constructor that ensures this interceptor looks for
* {@link AuthorizationWrapper AuthorizationWrapper} annotations in a method declaration.
*/
public AuthorizationWrapperAnnotationMethodInterceptor(AuthorizationProperties authorizationProperties) {
super( new AuthorizationWrapperAnnotationHandler(authorizationProperties) );
public AuthorizationWrapperAnnotationMethodInterceptor(AuthConfiguration.Auth auth) {
super( new AuthorizationWrapperAnnotationHandler(auth) );
}
/**
* @param resolver
* @since 1.1
*/
public AuthorizationWrapperAnnotationMethodInterceptor(AnnotationResolver resolver, AuthorizationProperties authorizationProperties) {
super( new AuthorizationWrapperAnnotationHandler(authorizationProperties), resolver);
public AuthorizationWrapperAnnotationMethodInterceptor(AnnotationResolver resolver, AuthConfiguration.Auth auth) {
super( new AuthorizationWrapperAnnotationHandler(auth), resolver);
}
/**

4
diboot-shiro/src/main/java/com/diboot/shiro/authz/aop/CustomAopAllianceAnnotationsAuthorizingMethodInterceptor.java
View File

@ -1,6 +1,6 @@
package com.diboot.shiro.authz.aop;
import com.diboot.shiro.authz.properties.AuthorizationProperties;
import com.diboot.shiro.authz.config.AuthConfiguration;
import org.aopalliance.intercept.MethodInterceptor;
import org.aopalliance.intercept.MethodInvocation;
import org.apache.shiro.aop.AnnotationResolver;
@ -18,7 +18,7 @@ import java.util.List;
* @Date 2019-06-15 12:07
*/
public class CustomAopAllianceAnnotationsAuthorizingMethodInterceptor extends AnnotationsAuthorizingMethodInterceptor implements MethodInterceptor {
public CustomAopAllianceAnnotationsAuthorizingMethodInterceptor(AuthorizationProperties authorizationProperties) {
public CustomAopAllianceAnnotationsAuthorizingMethodInterceptor(AuthConfiguration.Auth authorizationProperties) {
List<AuthorizingAnnotationMethodInterceptor> interceptors =
new ArrayList<AuthorizingAnnotationMethodInterceptor>(6);
AnnotationResolver resolver = new SpringAnnotationResolver();

6
diboot-shiro/src/main/java/com/diboot/shiro/authz/aop/CustomAuthorizationAttributeSourceAdvisor.java
View File

@ -1,7 +1,7 @@
package com.diboot.shiro.authz.aop;
import com.diboot.shiro.authz.annotation.AuthorizationWrapper;
import com.diboot.shiro.authz.properties.AuthorizationProperties;
import com.diboot.shiro.authz.config.AuthConfiguration;
import org.apache.shiro.authz.annotation.*;
import org.apache.shiro.mgt.SecurityManager;
import org.slf4j.Logger;
@ -34,8 +34,8 @@ public class CustomAuthorizationAttributeSourceAdvisor extends StaticMethodMatch
/**
* Create a new AuthorizationAttributeSourceAdvisor.
*/
public CustomAuthorizationAttributeSourceAdvisor(AuthorizationProperties authorizationProperties) {
setAdvice(new CustomAopAllianceAnnotationsAuthorizingMethodInterceptor(authorizationProperties));
public CustomAuthorizationAttributeSourceAdvisor(AuthConfiguration.Auth auth) {
setAdvice(new CustomAopAllianceAnnotationsAuthorizingMethodInterceptor(auth));
}
public SecurityManager getSecurityManager() {

10
diboot-shiro/src/main/java/com/diboot/shiro/authz/cache/MemoryCondition.java vendored
View File

@ -1,6 +1,6 @@
package com.diboot.shiro.authz.cache;
import com.diboot.shiro.authz.properties.AuthCacheProperties;
import com.diboot.shiro.authz.config.AuthConfiguration;
import org.springframework.context.annotation.Condition;
import org.springframework.context.annotation.ConditionContext;
import org.springframework.core.type.AnnotatedTypeMetadata;
@ -17,10 +17,10 @@ public class MemoryCondition implements Condition {
@Override
public boolean matches(ConditionContext context, AnnotatedTypeMetadata metadata) {
//获取配置信息
Boolean enableCached = context.getEnvironment().getProperty(AuthCacheProperties.CACHE_PREFIX + ".permission-caching-enabled", Boolean.class);
Boolean enableCached = context.getEnvironment().getProperty("diboot.shiro.auth-configuration.cache.permission-caching-enabled", Boolean.class);
enableCached = enableCached == null ? true : enableCached;
AuthCacheProperties.CacheWay cacheWay = context.getEnvironment().getProperty(AuthCacheProperties.CACHE_PREFIX + ".cache-way", AuthCacheProperties.CacheWay.class);
cacheWay = cacheWay == null ? AuthCacheProperties.CacheWay.MEMORY : cacheWay;
return enableCached && AuthCacheProperties.CacheWay.MEMORY.equals(cacheWay);
AuthConfiguration.Cache.CacheWay cacheWay = context.getEnvironment().getProperty("diboot.shiro.auth-configuration.cache.cache-way", AuthConfiguration.Cache.CacheWay.class);
cacheWay = cacheWay == null ? AuthConfiguration.Cache.CacheWay.MEMORY : cacheWay;
return enableCached && AuthConfiguration.Cache.CacheWay.MEMORY.equals(cacheWay);
}
}

8
diboot-shiro/src/main/java/com/diboot/shiro/authz/cache/RedisCondition.java vendored
View File

@ -1,6 +1,6 @@
package com.diboot.shiro.authz.cache;
import com.diboot.shiro.authz.properties.AuthCacheProperties;
import com.diboot.shiro.authz.config.AuthConfiguration;
import org.springframework.context.annotation.Condition;
import org.springframework.context.annotation.ConditionContext;
import org.springframework.core.type.AnnotatedTypeMetadata;
@ -16,9 +16,9 @@ public class RedisCondition implements Condition {
@Override
public boolean matches(ConditionContext context, AnnotatedTypeMetadata metadata) {
//获取配置信息
Boolean enableCached = context.getEnvironment().getProperty(AuthCacheProperties.CACHE_PREFIX + ".permission-caching-enabled", Boolean.class);
Boolean enableCached = context.getEnvironment().getProperty("diboot.shiro.auth-configuration.cache.permission-caching-enabled", Boolean.class);
enableCached = enableCached == null ? false : enableCached;
AuthCacheProperties.CacheWay cacheWay = context.getEnvironment().getProperty(AuthCacheProperties.CACHE_PREFIX + ".cache-way", AuthCacheProperties.CacheWay.class);
return enableCached && AuthCacheProperties.CacheWay.REDIS.equals(cacheWay);
AuthConfiguration.Cache.CacheWay cacheWay = context.getEnvironment().getProperty("diboot.shiro.auth-configuration.cache..cache-way", AuthConfiguration.Cache.CacheWay.class);
return enableCached && AuthConfiguration.Cache.CacheWay.REDIS.equals(cacheWay);
}
}

125
diboot-shiro/src/main/java/com/diboot/shiro/authz/config/AuthConfiguration.java Normal file
View File

@ -0,0 +1,125 @@
package com.diboot.shiro.authz.config;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.Setter;
import java.util.List;
/**
* 权限配置
* @author : wee
* @version : v2.0
* @Date 2019-06-27 10:30
*/
@Getter
@Setter
public class AuthConfiguration {
/**
* 缓存相关
*/
private AuthConfiguration.Cache cache = new Cache();
/**
* 权限相关
*/
private AuthConfiguration.Auth auth = new Auth();
/**
* 忽略认证的url,使用分割
*/
private String ignoreAuthUrls;
/**
* 错误统一跳转路径
*/
private String errorUrl = "/error";
/**
* 权限缓存相关
*/
@Getter
@Setter
public static class Cache {
/**
* 是否开启权限缓存默认false
*/
private boolean permissionCachingEnabled = false;
/**
* 缓存方式默认内存缓存
*/
private CacheWay cacheWay = CacheWay.MEMORY;
/**
* 缓存方式
* <p>
* 当前提供本地缓存
* </p>
*/
@Getter
@AllArgsConstructor
public enum CacheWay {
/**
* 内存缓存
*/
MEMORY,
/**
* redis缓存 TODO 尚未实现暂不可用
*/
@Deprecated
REDIS;
}
}
/**
* 权限相关
*
*/
@Getter
@Setter
public static class Auth {
/**
* 设置权限存储的环境其中开发环境权限不会替换删除测试和生产会替换删除
*/
private EnvEnum env = EnvEnum.DEV;
/**
* 是否开启存储权限
*/
private boolean storage = false;
/**
* 具有所有权限的角色
*/
private List<String> hasAllPermissionsRoleList;
@Getter
@AllArgsConstructor
public enum EnvEnum {
/**
* 生产环境
*/
PROD("prod"),
/**
* 测试环境
*/
TEST("test"),
/**
* 开发环境
*/
DEV("dev");
private String env;
}
}
}

32
diboot-shiro/src/main/java/com/diboot/shiro/authz/config/AuthorizationAutoConfiguration.java
View File

@ -1,32 +0,0 @@
package com.diboot.shiro.authz.config;
import com.diboot.shiro.authz.properties.AuthCacheProperties;
import com.diboot.shiro.authz.properties.AuthorizationProperties;
import com.diboot.shiro.authz.storage.AuthorizationStorage;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
/**
* 权限配置
* @author : wee
* @version : v2.0
* @Date 2019-06-27 10:30
*/
@Configuration
@EnableConfigurationProperties({AuthorizationProperties.class, AuthCacheProperties.class})
public class AuthorizationAutoConfiguration {
@Autowired
private AuthorizationProperties authorizationProperties;
/**
* 注入权限存储
* @return
*/
@Bean
public AuthorizationStorage authorizationStorage() {
return new AuthorizationStorage(authorizationProperties.getEnv().getEnv(), authorizationProperties.isStorage());
}
}

12
diboot-shiro/src/main/java/com/diboot/shiro/authz/handler/AuthorizationWrapperAnnotationHandler.java
View File

@ -6,7 +6,7 @@ import com.diboot.core.util.V;
import com.diboot.core.vo.Status;
import com.diboot.shiro.authz.annotation.AuthorizationPrefix;
import com.diboot.shiro.authz.annotation.AuthorizationWrapper;
import com.diboot.shiro.authz.properties.AuthorizationProperties;
import com.diboot.shiro.authz.config.AuthConfiguration;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.aop.AnnotationResolver;
import org.apache.shiro.aop.MethodInvocation;
@ -29,14 +29,14 @@ public class AuthorizationWrapperAnnotationHandler extends AuthorizingAnnotation
/**
* 使用配置中的所有权限角色
*/
private AuthorizationProperties authorizationProperties;
private AuthConfiguration.Auth auth;
/**
* 标记服务的注解
*/
public AuthorizationWrapperAnnotationHandler(AuthorizationProperties authorizationProperties) {
public AuthorizationWrapperAnnotationHandler(AuthConfiguration.Auth auth) {
super(AuthorizationWrapper.class);
this.authorizationProperties = authorizationProperties;
this.auth = auth;
}
@ -70,8 +70,8 @@ public class AuthorizationWrapperAnnotationHandler extends AuthorizingAnnotation
AuthorizationWrapper authorizationWrapper = (AuthorizationWrapper)resolver.getAnnotation(mi, AuthorizationWrapper.class);
String[] perms = getAnnotationValue(authorizationWrapper);
//当系统配置的所有权限角色集合 如果当前用户包含其中任意一个角色直接允许访问否则对当前用户进行资源校验
if (V.notEmpty(authorizationProperties.getHasAllPermissionsRoleList())) {
for (String role : authorizationProperties.getHasAllPermissionsRoleList()) {
if (V.notEmpty(auth.getHasAllPermissionsRoleList())) {
for (String role : auth.getHasAllPermissionsRoleList()) {
if (subject.hasRole(role)) {
return;
}

49
diboot-shiro/src/main/java/com/diboot/shiro/authz/properties/AuthCacheProperties.java
View File

@ -1,49 +0,0 @@
package com.diboot.shiro.authz.properties;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.Getter;
import org.springframework.boot.context.properties.ConfigurationProperties;
/**
* @author : wee
* @version : v2.0
* @Date 2019-07-29 15:59
*/
@Data
@ConfigurationProperties(AuthCacheProperties.CACHE_PREFIX)
public class AuthCacheProperties {
public final static String CACHE_PREFIX = "diboot.shiro.cache";
/**
* 是否开启权限缓存默认false
*/
private boolean permissionCachingEnabled = false;
/**
* 缓存方式默认内存缓存
*/
private CacheWay cacheWay = CacheWay.MEMORY;
/**
* 缓存方式
* <p>
* 当前提供本地缓存
* </p>
*/
@Getter
@AllArgsConstructor
public enum CacheWay {
/**
* 内存缓存
*/
MEMORY,
/**
* redis缓存 TODO 尚未实现暂不可用
*/
@Deprecated
REDIS;
}
}

57
diboot-shiro/src/main/java/com/diboot/shiro/authz/properties/AuthorizationProperties.java
View File

@ -1,57 +0,0 @@
package com.diboot.shiro.authz.properties;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.Getter;
import org.springframework.boot.context.properties.ConfigurationProperties;
import java.util.List;
/**
* 权限入库配置文件
*
* @author : wee
* @version : v2.0
* @Date 2019-06-27 10:16
*/
@Data
@ConfigurationProperties(prefix = "diboot.shiro.auth")
public class AuthorizationProperties {
/**
* 设置权限存储的环境其中开发环境权限不会替换删除测试和生产会替换删除
*/
private EnvEnum env = EnvEnum.DEV;
/**
* 是否开启存储权限
*/
private boolean storage = false;
/**
* 具有所有权限的角色
*/
private List<String> hasAllPermissionsRoleList;
@Getter
@AllArgsConstructor
public enum EnvEnum {
/**
* 生产环境
*/
PROD("prod"),
/**
* 测试环境
*/
TEST("test"),
/**
* 开发环境
*/
DEV("dev");
private String env;
}
}

6
diboot-shiro/src/main/java/com/diboot/shiro/authz/storage/AuthorizationStorage.java
View File

@ -7,7 +7,7 @@ import com.diboot.core.util.S;
import com.diboot.core.util.V;
import com.diboot.shiro.authz.annotation.AuthorizationPrefix;
import com.diboot.shiro.authz.annotation.AuthorizationWrapper;
import com.diboot.shiro.authz.properties.AuthorizationProperties;
import com.diboot.shiro.authz.config.AuthConfiguration;
import com.diboot.shiro.entity.Permission;
import com.diboot.shiro.service.PermissionService;
import com.diboot.shiro.service.impl.PermissionServiceImpl;
@ -174,8 +174,8 @@ public class AuthorizationStorage {
}
} else {
//代码中不存在且生产环境/测试环境: 表示需要删除
if (AuthorizationProperties.EnvEnum.PROD.getEnv().equals(this.env) ||
AuthorizationProperties.EnvEnum.TEST.getEnv().equals(this.env)) {
if (AuthConfiguration.Auth.EnvEnum.PROD.getEnv().equals(this.env) ||
AuthConfiguration.Auth.EnvEnum.TEST.getEnv().equals(this.env)) {
removeCount++;
permission.setDeleted(true);
saveOrUpdateOrDeletePermissionList.add(permission);

6
diboot-shiro/src/main/java/com/diboot/shiro/authz/storage/StorageListener.java
View File

@ -1,6 +1,8 @@
package com.diboot.shiro.authz.storage;
import com.diboot.core.util.V;
import lombok.Getter;
import lombok.Setter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationListener;
import org.springframework.context.event.ContextRefreshedEvent;
@ -12,10 +14,10 @@ import org.springframework.stereotype.Component;
* @version : v1.0
* @Date 2019-08-28 10:44
*/
@Component
@Setter
@Getter
public class StorageListener implements ApplicationListener<ContextRefreshedEvent> {
@Autowired
private AuthorizationStorage authorizationStorage;
@Override

162
diboot-shiro/src/main/java/com/diboot/shiro/config/ShiroConfig.java
View File

@ -1,162 +0,0 @@
package com.diboot.shiro.config;
import com.diboot.core.util.V;
import com.diboot.shiro.authz.aop.CustomAuthorizationAttributeSourceAdvisor;
import com.diboot.shiro.authz.cache.MemoryCondition;
import com.diboot.shiro.authz.cache.RedisCacheManager;
import com.diboot.shiro.authz.cache.RedisCondition;
import com.diboot.shiro.authz.properties.AuthCacheProperties;
import com.diboot.shiro.authz.properties.AuthorizationProperties;
import com.diboot.shiro.jwt.BaseJwtAuthenticationFilter;
import com.diboot.shiro.jwt.BaseJwtRealm;
import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.cache.MemoryConstrainedCacheManager;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.filter.authc.AnonymousFilter;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;
import javax.servlet.Filter;
import java.util.LinkedHashMap;
import java.util.Map;
/***
*
* @author Yangzhao
* @version v2.0
* @date 2019/6/6
*/
@Configuration
@AutoConfigureAfter(AuthCacheProperties.class)
@EnableConfigurationProperties({AuthorizationProperties.class, AuthCacheProperties.class})
public class ShiroConfig {
private static final Logger logger = LoggerFactory.getLogger(ShiroConfig.class);
@Autowired
private AuthorizationProperties authorizationProperties;
@Autowired
private AuthCacheProperties authCacheProperties;
/**
* 将数据缓存到内存中
* @return
*/
@Bean("cacheManager")
@Conditional(MemoryCondition.class)
public CacheManager memoryCacheManager() {
return new MemoryConstrainedCacheManager();
}
/**
* 将数据存储到redis缓存
* @return
*/
@Bean("cacheManager")
@Conditional(RedisCondition.class)
public CacheManager redisCacheManager() {
return new RedisCacheManager();
}
@Bean
public Realm realm(){
BaseJwtRealm realm = new BaseJwtRealm();
if (authCacheProperties.isPermissionCachingEnabled()) {
//设置权限缓存
realm.setCachingEnabled(true);
CacheManager cacheManager = V.notEmpty(redisCacheManager())? redisCacheManager(): memoryCacheManager();
realm.setCacheManager(cacheManager);
}
return realm;
}
@Bean
public SecurityManager securityManager(){
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(realm());
return securityManager;
}
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager){
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
//Shiro securityManager
shiroFilterFactoryBean.setSecurityManager(securityManager);
//用户访问未对其授权的资源时的错误提示页面
shiroFilterFactoryBean.setUnauthorizedUrl("/error");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinition());
// 设置过滤器
Map<String, Filter> filters = new LinkedHashMap<>();
filters.put("anon", new AnonymousFilter());
filters.put("jwt", new BaseJwtAuthenticationFilter());
shiroFilterFactoryBean.setFilters(filters);
return shiroFilterFactoryBean;
}
@Bean
public Map filterChainDefinition(){
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
filterChainDefinitionMap.put("/", "anon");
filterChainDefinitionMap.put("/static/**", "anon");
filterChainDefinitionMap.put("/error/**", "anon");
filterChainDefinitionMap.put("/*.html", "anon");
filterChainDefinitionMap.put("/diboot/**", "anon");
filterChainDefinitionMap.put("/auth/login", "anon");
filterChainDefinitionMap.put("/auth/buildOAuthUrl", "anon");
filterChainDefinitionMap.put("/auth/apply", "anon");
filterChainDefinitionMap.put("/auth/register", "anon");
filterChainDefinitionMap.put("/auth/static", "anon");
filterChainDefinitionMap.put("/error", "anon");
filterChainDefinitionMap.put("/auth/logout", "logout");
filterChainDefinitionMap.put("/**", "jwt");
return filterChainDefinitionMap;
}
/**
* Shiro生命周期处理器
*/
@Bean
public static LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
/***
* 以下两个为使用注解权限相关的配置
* @return
*/
@Bean
@DependsOn({"lifecycleBeanPostProcessor"})
public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator() {
DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
advisorAutoProxyCreator.setProxyTargetClass(true);
return advisorAutoProxyCreator;
}
@Bean
public CustomAuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor() {
CustomAuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new CustomAuthorizationAttributeSourceAdvisor(authorizationProperties);
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager());
return authorizationAttributeSourceAdvisor;
}
}