package com.boilerplate.server.init; import com.boilerplate.server.filter.AuthenticationFilter; import org.apache.shiro.cache.CacheManager; import org.apache.shiro.cache.ehcache.EhCacheManager; import org.apache.shiro.session.mgt.SessionManager; import org.apache.shiro.spring.LifecycleBeanPostProcessor; import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.apache.shiro.web.session.mgt.DefaultWebSessionManager; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import java.util.LinkedHashMap; import java.util.Map; @Configuration public class ShiroConfig { private static final Logger LOGGER = LoggerFactory.getLogger(ShiroConfig.class); private static Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>(); @Bean public ShiroRealm getShiroRealm() { return new ShiroRealm(); } @Bean public CacheManager getCacheManager() { return new EhCacheManager(); } @Bean public SessionManager getSessionManager() { DefaultWebSessionManager sessionManager = new DefaultWebSessionManager(); sessionManager.setGlobalSessionTimeout(180000); sessionManager.setDeleteInvalidSessions(true); return sessionManager; } @Bean public DefaultWebSecurityManager getDefaultWebSecurityManager() { DefaultWebSecurityManager dwsm = new DefaultWebSecurityManager(); dwsm.setRealm(getShiroRealm()); dwsm.setCacheManager(getCacheManager()); dwsm.setSessionManager(getSessionManager()); return dwsm; } /** * 方法层面的权限过滤, 用于支持shiro注解 */ @Bean public AuthorizationAttributeSourceAdvisor getAuthorizationAttributeSourceAdvisor() { AuthorizationAttributeSourceAdvisor aasa = new AuthorizationAttributeSourceAdvisor(); aasa.setSecurityManager(getDefaultWebSecurityManager()); return new AuthorizationAttributeSourceAdvisor(); } /** * 网络请求的权限过滤, 拦截外部请求 */ @Bean public ShiroFilterFactoryBean getShiroFilterFactoryBean() { ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); shiroFilterFactoryBean.setSecurityManager(getDefaultWebSecurityManager()); shiroFilterFactoryBean.getFilters().put("authc", new AuthenticationFilter()); filterChainDefinitionMap.put("/api/**", "authc"); shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap); return shiroFilterFactoryBean; } /** * 协助shiro初始化, 负责调用shiro的init与destory */ @Bean public LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() { return new LifecycleBeanPostProcessor(); } }