@Configuration
public class ShiroConfig {
private static final Logger logger = LoggerFactory.getLogger(ShiroConfig.class);
@Autowired
private PasswordMatcher passwordMatcher;
@Autowired
private JwtMatcher jwtMatcher;
/**
* 获取对shiro bean生命周期的管理实例
* @return
*/
@Bean
public static LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
/**
* 配置shiroFilter拦截器
* ShiroFilterFactoryBean 处理拦截资源文件问题。
* 注意:单独一个ShiroFilterFactoryBean配置是或报错的,因为在
* 初始化ShiroFilterFactoryBean的时候需要注入:SecurityManager
*
* Filter Chain定义说明
* 1、一个URL可以配置多个Filter,使用逗号分隔
* 2、当设置多个过滤器时,全部验证通过,才视为通过
* 3、部分过滤器可指定参数,如perms,roles
* @param securityManager
* @return
*/
@Bean
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
logger.info("Start==========进入shiroFilter拦截器");
RestShiroFilterFactoryBean shiroFilterFactoryBean = new RestShiroFilterFactoryBean();
// 必须设置 SecurityManager
shiroFilterFactoryBean.setSecurityManager(securityManager);
// 设置过滤器
Map<String,Filter> filters = new LinkedHashMap<>();
UserPasswordFilter userPasswordFilter = new UserPasswordFilter();
filters.put("auth",userPasswordFilter);
UserJwtFilter jwtFilter = new UserJwtFilter();
filters.put("jwt",jwtFilter);
GameServerFilter gameServerFilter = new GameServerFilter();
filters.put("game",gameServerFilter);
shiroFilterFactoryBean.setFilters(filters);
// 设置过滤规则
shiroFilterFactoryBean.setFilterChainDefinitionMap(initGetFilterChain());
return shiroFilterFactoryBean;
}
/**
* 初始化获取过滤链规则
* @return
*/
public Map<String,String> initGetFilterChain() {
Map<String,String> filterChain = new LinkedHashMap<>();
// -------------anon 默认过滤器忽略的URL
List<String> defalutAnon = Arrays.asList("/css/**","/js/**","/druid/**",
"/swagger-resources", "/v2/api-docs", "/v2/api-docs-ext", "/doc.html", "/webjars/**",
"/user/getDynamicSecretKey", "/user/getSmsCode/**",
"/gameServer/getGameServerAddr","/gameServer/addGameServerAddr",
"/activity/getActivityRedTime/**","/activity/robActivityRed");
defalutAnon.forEach(ignoredUrl -> filterChain.put(ignoredUrl,"anon"));
// -------------auth 默认需要认证过滤器的URL 走auth--PasswordFilter
List<String> defalutAuth = Arrays.asList("/user/login", "/user/register");
defalutAuth.forEach(authUrl -> filterChain.put(authUrl,"auth"));
// -------------游戏服务器 走game--gameServerFilter
List<String> defalutGame = Arrays.asList("/gameServer/delGameServerAddr","/gameServer/tokenProving/**",
"/gameServer/visitorLogin/**");
defalutGame.forEach(gameUrl -> filterChain.put(gameUrl,"game"));
// -------------dynamic 动态URL 走jwt--BJwtFilter
List<String> defalutJwt = Arrays.asList("/**");
defalutJwt.forEach(jwtUrl -> filterChain.put(jwtUrl,"jwt"));
return filterChain;
}
@Bean
public SecurityManager securityManager() {
DefaultWebSecurityManager dwsm = new DefaultWebSecurityManager();
// 设置授权
dwsm.setAuthenticator(new AModularRealmAuthenticator());
// 设置验证规则
Collection<Realm> realms = new ArrayList<>();
realms.add(passwordRealm());
realms.add(jwtRealm());
dwsm.setRealms(realms);
//停用shiro的session
DefaultSubjectDAO subjectDAO = (DefaultSubjectDAO) dwsm.getSubjectDAO();
DefaultSessionStorageEvaluator evaluator = (DefaultSessionStorageEvaluator) subjectDAO.getSessionStorageEvaluator();
ASubjectFactory subjectFactory = new ASubjectFactory(evaluator);
dwsm.setSubjectFactory(subjectFactory);
SecurityUtils.setSecurityManager(dwsm);
return dwsm;
}
/**
* password
* @return
*/
@Bean
public UserPasswordRealm passwordRealm(){
UserPasswordRealm passwordRealm = new UserPasswordRealm();
passwordRealm.setCredentialsMatcher(passwordMatcher);
passwordRealm.setAuthenticationTokenClass(UserPasswordToken.class);
return passwordRealm;
}
/**
* jwt
* @return
*/
@Bean
public JwtRealm jwtRealm(){
JwtRealm jwtRealm = new JwtRealm();
jwtRealm.setCredentialsMatcher(jwtMatcher);
jwtRealm.setAuthenticationTokenClass(JwtToken.class);
return jwtRealm;
}
/**
* 开启shiro aop注解支持.
* 使用代理方式;所以需要开启代码支持;
* @return
*/
@Bean
public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator(){
DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
advisorAutoProxyCreator.setProxyTargetClass(true);
return advisorAutoProxyCreator;
}
@Bean
public AuthorizationAttributeSourceAdvisor getAuthorizationAttributeSourceAdvisor(){
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager());
return authorizationAttributeSourceAdvisor;
}
