ShiroConfig V2.0

技术文章 11个月前 完美者
1,885 0

标签:oba   getc   pre   角色   ber   out   登录页面   请求   target   

package com.aaa.shiro;

import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;
import java.util.Map;

/**

  • Created by cws
    */
    @Configuration
    public class ShiroConfig{

    @Bean(name = "sessionManager")
    public SessionManager sessionManager() {
    DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
    //设置session过期时间为1小时(单位:毫秒),默认为30分钟
    sessionManager.setGlobalSessionTimeout(60 * 60 * 1000);
    sessionManager.setSessionValidationSchedulerEnabled(true);

     return sessionManager;
    

    }

    /**

    • @param shiroRealm

    • @param sessionManager 授权和认证整合会话管理

    • @return
      */
      @Bean(name = "securityManager")
      public SecurityManager securityManager(ShiroRealm shiroRealm, SessionManager sessionManager) {
      DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
      securityManager.setRealm(shiroRealm);
      securityManager.setSessionManager(sessionManager);

      return securityManager;
      }

    /**

    • shiroFilterFactorybean

    • shiro的安全过滤器,过滤所有的请求,对请求分类拦截
      */
      @Bean
      public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
      ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
      shiroFilter.setSecurityManager(securityManager);
      //修改登录页面,所有的未认证的请求都去登录
      shiroFilter.setLoginUrl("/auth.html");
      //设置没有权限的跳转页面
      shiroFilter.setUnauthorizedUrl("/404.html");

      Map<String, String> filterMap = new LinkedHashMap<>();

      /**

      • 认证过滤器的分类
      • anon:无需认证
      • authc:必须认证才能到达
      • user:使用rememberme的时候才用
      • perms:访问的资源需要某个权限才能到达
      • roles:访问的资源需要某个角色才能到达
        */
        filterMap.put("/api/", "anon");
        filterMap.put("/assets/
        ", "anon");
        filterMap.put("/fonts/", "anon");
        filterMap.put("/maps/
        ", "anon");
        filterMap.put("/scripts/", "anon");
        filterMap.put("/styles/
        ", "anon");
        filterMap.put("/auth.html", "anon");
        filterMap.put("/reg.html", "anon");
        filterMap.put("/index.html", "anon");
        filterMap.put("/**", "authc");
        shiroFilter.setFilterChainDefinitionMap(filterMap);

      return shiroFilter;
      }

    @Bean(name = "lifecycleBeanPostProcessor")
    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
    return new LifecycleBeanPostProcessor();
    }

    @Bean
    public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
    DefaultAdvisorAutoProxyCreator proxyCreator = new DefaultAdvisorAutoProxyCreator();
    proxyCreator.setProxyTargetClass(true);
    return proxyCreator;
    }

    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
    AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
    advisor.setSecurityManager(securityManager);
    return advisor;
    }

}

ShiroConfig V2.0

标签:oba   getc   pre   角色   ber   out   登录页面   请求   target   

原文地址:https://www.cnblogs.com/cwshuo/p/13885655.html

版权声明:完美者 发表于 2020-10-31 1:23:40。
转载请注明:ShiroConfig V2.0 | 完美导航

暂无评论

暂无评论...