Spring shiro学习(三)
接上,本来想继续写,结果一输入就chrome崩溃,我只能另开一个了
sessionListeners、sessionFactory配置
<!-- 会话监听器 --> <bean id="sessionListener" class="com.zheng.upms.client.shiro.listener.UpmsSessionListener"/> <!-- session工厂 --> <bean id="sessionFactory" class="com.zheng.upms.client.shiro.session.UpmsSessionFactory"/>
rememberMeManager配置,配置了rememberMeCookie
<!-- rememberMe管理器 --> <bean id="rememberMeManager" class="org.apache.shiro.web.mgt.CookieRememberMeManager"> <!-- rememberMe cookie加密的密钥 建议每个项目都不一样 默认AES算法 密钥长度(128 256 512 位)--> <property name="cipherKey" value="#{T(org.apache.shiro.codec.Base64).decode('4AvVhmFLUs0KTA3Kprsdag==')}"/> <property name="cookie" ref="rememberMeCookie"/> </bean>
rememberMeCookie配置
<!-- rememberMe缓存cookie --> <bean id="rememberMeCookie" class="org.apache.shiro.web.servlet.SimpleCookie"> <constructor-arg value="rememberMe"/> <!-- 不会暴露给客户端 --> <property name="httpOnly" value="true"/> <!-- 记住我cookie生效时间 --> <property name="maxAge" value="${zheng.upms.rememberMe.timeout}"/> </bean>
其他配置
<!-- 设置SecurityUtils,相当于调用SecurityUtils.setSecurityManager(securityManager) --> <bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean"> <property name="staticMethod" value="org.apache.shiro.SecurityUtils.setSecurityManager"/> <property name="arguments" ref="securityManager"/> </bean> <!-- 开启Shiro Spring AOP权限注解@RequiresPermissions的支持 --> <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/> <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"> <property name="securityManager" ref="securityManager"/> </bean> <!-- Shiro生命周期处理器--> <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
authc过滤器用于进行身份认证/登录,验证用户是否拥有相应身份
在这里用UpmsAuthenticationFilter进行了重写,首先通过注解方式定义了upmsSessionDao
@Autowired
UpmsSessionDao upmsSessionDao;
重写了isAccessAllowed和onAccessDenied
@Override protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
//获取subject,创建用户名/密码身份验证Token Subject subject = getSubject(request, response);
//安全管理器会根据会话上下文创建session Session session = subject.getSession(); // 判断请求类型,包括clinet和server两种类型 String upmsType = PropertiesFileUtil.getInstance("zheng-upms-client").get("zheng.upms.type"); session.setAttribute(UpmsConstant.UPMS_TYPE, upmsType); if ("client".equals(upmsType)) { return validateClient(request, response); } if ("server".equals(upmsType)) { return subject.isAuthenticated(); } return false; } @Override protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception { StringBuffer sso_server_url = new StringBuffer(PropertiesFileUtil.getInstance("zheng-upms-client").get("zheng.upms.sso.server.url")); // server需要登录 String upmsType = PropertiesFileUtil.getInstance("zheng-upms-client").get("zheng.upms.type"); if ("server".equals(upmsType)) { WebUtils.toHttp(response).sendRedirect(sso_server_url.append("/sso/login").toString()); return false; } sso_server_url.append("/sso/index").append("?").append("appid").append("=").append(PropertiesFileUtil.getInstance("zheng-upms-client").get("zheng.upms.appID")); // 回跳地址 HttpServletRequest httpServletRequest = WebUtils.toHttp(request); StringBuffer backurl = httpServletRequest.getRequestURL(); String queryString = httpServletRequest.getQueryString(); if (StringUtils.isNotBlank(queryString)) { backurl.append("?").append(queryString); } sso_server_url.append("&").append("backurl").append("=").append(URLEncoder.encode(backurl.toString(), "utf-8")); WebUtils.toHttp(response).sendRedirect(sso_server_url.toString()); return false; }