安全管理器设置
/**
* shiro 安全管理器设置
* @return SecurityManager
*/
@Bean
public SecurityManager securityManager() {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
List<Realm> realms = new ArrayList<>( );
realms.add( wxRealm() );
realms.add( userRealm() );
//设置securityManager 的 realm组.
securityManager.setRealms( realms );
//设置session管理器
securityManager.setSessionManager(sessionManager());
//自定义的模块化领域认证(cs)
ModularRealmAuthenticator authenticator = new WxModularRealmAuthenticator();
/*
* 设置 authenticator中的 realm 组
* 注意,这的设置 realm 和前面 securityManager 设置realm没有关系
* 两边都需要进行设置,这边的用于登录的校验, securityManager 中的暂时不确定
*/
authenticator.setRealms( realms );
securityManager.setAuthenticator( authenticator );
return securityManager;
session管理器
/**
* shiro session管理器
* 自定义了获取session的方式
*/
@Bean
public DefaultWebSessionManager sessionManager() {
//使用自定义的session管理器
DefaultWebSessionManager sessionManager = new WxSessionManager();
sessionManager.setGlobalSessionTimeout(tomcatTimeout * 1000);
sessionManager.setSessionDAO(sessionDAO());
Collection<SessionListener> listeners = new ArrayList<SessionListener>();
listeners.add(new BDSessionListener());
sessionManager.setSessionListeners(listeners);
return sessionManager;
}
shiro拦截器
/**
* shiro拦截器, 设置拦截规则
* @param securityManager 安全管理器
* @return shiroFilterFactoryBean
*/
@Bean
ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
shiroFilterFactoryBean.setLoginUrl("/login");
shiroFilterFactoryBean.setSuccessUrl("/index");
shiroFilterFactoryBean.setUnauthorizedUrl("/403");
LinkedHashMap<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
filterChainDefinitionMap.put("/home/**", "anon");
filterChainDefinitionMap.put("/login","anon");
filterChainDefinitionMap.put("/wxLogin","anon");
filterChainDefinitionMap.put("/css/**", "anon");
filterChainDefinitionMap.put("/js/**", "anon");
filterChainDefinitionMap.put("/fonts/**", "anon");
filterChainDefinitionMap.put("/img/**", "anon");
filterChainDefinitionMap.put("/docs/**", "anon");
filterChainDefinitionMap.put("/druid/**", "anon");
filterChainDefinitionMap.put("/upload/**", "anon");
filterChainDefinitionMap.put("/files/**", "anon");
filterChainDefinitionMap.put("/logout", "logout");
filterChainDefinitionMap.put("/", "anon");
filterChainDefinitionMap.put("/blog", "anon");
filterChainDefinitionMap.put("/blog/open/**", "anon");
filterChainDefinitionMap.put("/**", "authc");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
开启shiro aop注解支持
/**
* 开启shiro aop注解支持。
* 进行注解权限校验时需要使用代理方式;
* 所以需要开启代码支持;
*
* @param securityManager shiro 安全管理器
* @return AuthorizationAttributeSourceAdvisor
*/
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
}
转载于:https://my.oschina.net/u/2555967/blog/2961836