Spring shiro学习(三)

接上,本来想继续写,结果一输入就chrome崩溃,我只能另开一个了

sessionListeners、sessionFactory配置

<!-- 会话监听器 -->
    <bean id="sessionListener" class="com.zheng.upms.client.shiro.listener.UpmsSessionListener"/>

    <!-- session工厂 -->
    <bean id="sessionFactory" class="com.zheng.upms.client.shiro.session.UpmsSessionFactory"/>

rememberMeManager配置,配置了rememberMeCookie

<!-- rememberMe管理器 -->
    <bean id="rememberMeManager" class="org.apache.shiro.web.mgt.CookieRememberMeManager">
        <!-- rememberMe cookie加密的密钥 建议每个项目都不一样 默认AES算法 密钥长度(128 256 512 位)-->
        <property name="cipherKey" value="#{T(org.apache.shiro.codec.Base64).decode('4AvVhmFLUs0KTA3Kprsdag==')}"/>
        <property name="cookie" ref="rememberMeCookie"/>
    </bean>

rememberMeCookie配置

<!-- rememberMe缓存cookie -->
    <bean id="rememberMeCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
        <constructor-arg value="rememberMe"/>
        <!-- 不会暴露给客户端 -->
        <property name="httpOnly" value="true"/>
        <!-- 记住我cookie生效时间 -->
        <property name="maxAge" value="${zheng.upms.rememberMe.timeout}"/>
    </bean>

其他配置

<!-- 设置SecurityUtils,相当于调用SecurityUtils.setSecurityManager(securityManager) -->
    <bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
        <property name="staticMethod" value="org.apache.shiro.SecurityUtils.setSecurityManager"/>
        <property name="arguments" ref="securityManager"/>
    </bean>

    <!-- 开启Shiro Spring AOP权限注解@RequiresPermissions的支持 -->
    <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/>
    <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
        <property name="securityManager" ref="securityManager"/>
    </bean>

    <!-- Shiro生命周期处理器-->
    <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>

 

authc过滤器用于进行身份认证/登录,验证用户是否拥有相应身份

在这里用UpmsAuthenticationFilter进行了重写,首先通过注解方式定义了upmsSessionDao

@Autowired
    UpmsSessionDao upmsSessionDao;

重写了isAccessAllowed和onAccessDenied

@Override
    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
     //获取subject,创建用户名/密码身份验证Token Subject subject
= getSubject(request, response);
     //安全管理器会根据会话上下文创建session Session session
= subject.getSession(); // 判断请求类型,包括clinet和server两种类型 String upmsType = PropertiesFileUtil.getInstance("zheng-upms-client").get("zheng.upms.type"); session.setAttribute(UpmsConstant.UPMS_TYPE, upmsType); if ("client".equals(upmsType)) { return validateClient(request, response); } if ("server".equals(upmsType)) { return subject.isAuthenticated(); } return false; } @Override protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception { StringBuffer sso_server_url = new StringBuffer(PropertiesFileUtil.getInstance("zheng-upms-client").get("zheng.upms.sso.server.url")); // server需要登录 String upmsType = PropertiesFileUtil.getInstance("zheng-upms-client").get("zheng.upms.type"); if ("server".equals(upmsType)) { WebUtils.toHttp(response).sendRedirect(sso_server_url.append("/sso/login").toString()); return false; } sso_server_url.append("/sso/index").append("?").append("appid").append("=").append(PropertiesFileUtil.getInstance("zheng-upms-client").get("zheng.upms.appID")); // 回跳地址 HttpServletRequest httpServletRequest = WebUtils.toHttp(request); StringBuffer backurl = httpServletRequest.getRequestURL(); String queryString = httpServletRequest.getQueryString(); if (StringUtils.isNotBlank(queryString)) { backurl.append("?").append(queryString); } sso_server_url.append("&").append("backurl").append("=").append(URLEncoder.encode(backurl.toString(), "utf-8")); WebUtils.toHttp(response).sendRedirect(sso_server_url.toString()); return false; }

 

posted on 2017-07-20 21:03  xgrowing  阅读(621)  评论(0编辑  收藏  举报