Java Code Examples for org.apache.shiro.web.mgt.DefaultWebSecurityManager

The following examples show how to use org.apache.shiro.web.mgt.DefaultWebSecurityManager. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: Moss   Source File: ShiroAuthConfig.java    License: Apache License 2.0 6 votes vote down vote up
@Bean("securityManager")
public DefaultWebSecurityManager getManager(UserService userService) {
    DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
    List<Realm> realms = Lists.newArrayList();
    realms.add(new DBRealm(userService));
    manager.setRealms(realms);

    /*
     * 关闭shiro自带的session,详情见文档
     * http://shiro.apache.org/session-management.html#SessionManagement-StatelessApplications%28Sessionless%29
     */
    DefaultSubjectDAO subjectDAO = new DefaultSubjectDAO();
    DefaultSessionStorageEvaluator defaultSessionStorageEvaluator = new DefaultSessionStorageEvaluator();
    defaultSessionStorageEvaluator.setSessionStorageEnabled(false);
    subjectDAO.setSessionStorageEvaluator(defaultSessionStorageEvaluator);
    manager.setSubjectDAO(subjectDAO);

    return manager;
}
 
Example 2
Source Project: web-flash   Source File: ShiroConfig.java    License: MIT License 6 votes vote down vote up
@Bean("securityManager")
public DefaultWebSecurityManager getManager(ApiRealm realm) {
    DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
    // 使用自己的realm
    manager.setRealm(realm);

    /*
     * 关闭shiro自带的session,详情见文档
     * http://shiro.apache.org/session-management.html#SessionManagement-StatelessApplications%28Sessionless%29
     */
    DefaultSubjectDAO subjectDAO = new DefaultSubjectDAO();
    DefaultSessionStorageEvaluator defaultSessionStorageEvaluator = new DefaultSessionStorageEvaluator();
    defaultSessionStorageEvaluator.setSessionStorageEnabled(false);
    subjectDAO.setSessionStorageEvaluator(defaultSessionStorageEvaluator);
    manager.setSubjectDAO(subjectDAO);

    return manager;
}
 
Example 3
Source Project: flash-waimai   Source File: ShiroConfig.java    License: MIT License 6 votes vote down vote up
@Bean("securityManager")
public DefaultWebSecurityManager getManager(ApiRealm realm) {
    DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
    // 使用自己的realm
    manager.setRealm(realm);

    /*
     * 关闭shiro自带的session,详情见文档
     * http://shiro.apache.org/session-management.html#SessionManagement-StatelessApplications%28Sessionless%29
     */
    DefaultSubjectDAO subjectDAO = new DefaultSubjectDAO();
    DefaultSessionStorageEvaluator defaultSessionStorageEvaluator = new DefaultSessionStorageEvaluator();
    defaultSessionStorageEvaluator.setSessionStorageEnabled(false);
    subjectDAO.setSessionStorageEvaluator(defaultSessionStorageEvaluator);
    manager.setSubjectDAO(subjectDAO);

    return manager;
}
 
Example 4
Source Project: flash-waimai   Source File: ShiroConfig.java    License: MIT License 6 votes vote down vote up
@Bean("shiroFilter")
public ShiroFilterFactoryBean factory(DefaultWebSecurityManager securityManager) {
    ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();

    // 添加自己的过滤器并且取名为jwt
    Map<String, Filter> filterMap =  Maps.newHashMap();
    filterMap.put("jwt", new JwtFilter());
    factoryBean.setFilters(filterMap);

    factoryBean.setSecurityManager(securityManager);
    factoryBean.setUnauthorizedUrl("/401");

    /*
     * 自定义url规则
     * http://shiro.apache.org/web.html#urls-
     */
    Map<String, String> filterRuleMap =  Maps.newHashMap();
    // 所有请求通过我们自己的JWT Filter
    filterRuleMap.put("/**", "jwt");
    // 访问401和404页面不通过我们的Filter
    filterRuleMap.put("/401", "anon");
    factoryBean.setFilterChainDefinitionMap(filterRuleMap);
    return factoryBean;
}
 
Example 5
Source Project: ShiroJwt   Source File: ShiroConfig.java    License: MIT License 6 votes vote down vote up
/**
 * 添加自己的过滤器,自定义url规则
 * Shiro自带拦截器配置规则
 * rest:比如/admins/user/**=rest[user],根据请求的方法,相当于/admins/user/**=perms[user:method] ,其中method为post,get,delete等
 * port:比如/admins/user/**=port[8081],当请求的url的端口不是8081是跳转到schemal://serverName:8081?queryString,其中schmal是协议http或https等,serverName是你访问的host,8081是url配置里port的端口,queryString是你访问的url里的?后面的参数
 * perms:比如/admins/user/**=perms[user:add:*],perms参数可以写多个,多个时必须加上引号,并且参数之间用逗号分割,比如/admins/user/**=perms["user:add:*,user:modify:*"],当有多个参数时必须每个参数都通过才通过,想当于isPermitedAll()方法
 * roles:比如/admins/user/**=roles[admin],参数可以写多个,多个时必须加上引号,并且参数之间用逗号分割,当有多个参数时,比如/admins/user/**=roles["admin,guest"],每个参数通过才算通过,相当于hasAllRoles()方法。//要实现or的效果看http://zgzty.blog.163.com/blog/static/83831226201302983358670/
 * anon:比如/admins/**=anon 没有参数,表示可以匿名使用
 * authc:比如/admins/user/**=authc表示需要认证才能使用,没有参数
 * authcBasic:比如/admins/user/**=authcBasic没有参数表示httpBasic认证
 * ssl:比如/admins/user/**=ssl没有参数,表示安全的url请求,协议为https
 * user:比如/admins/user/**=user没有参数表示必须存在用户,当登入操作时不做检查
 * 详情见文档 http://shiro.apache.org/web.html#urls-
 * @param securityManager
 * @return org.apache.shiro.spring.web.ShiroFilterFactoryBean
 * @author dolyw.com
 * @date 2018/8/31 10:57
 */
@Bean("shiroFilter")
public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager securityManager) {
    ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
    // 添加自己的过滤器取名为jwt
    Map<String, Filter> filterMap = new HashMap<>(16);
    filterMap.put("jwt", new JwtFilter());
    factoryBean.setFilters(filterMap);
    factoryBean.setSecurityManager(securityManager);
    // 自定义url规则使用LinkedHashMap有序Map
    LinkedHashMap<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>(16);
    // Swagger接口文档
    // filterChainDefinitionMap.put("/v2/api-docs", "anon");
    // filterChainDefinitionMap.put("/webjars/**", "anon");
    // filterChainDefinitionMap.put("/swagger-resources/**", "anon");
    // filterChainDefinitionMap.put("/swagger-ui.html", "anon");
    // filterChainDefinitionMap.put("/doc.html", "anon");
    // 公开接口
    // filterChainDefinitionMap.put("/api/**", "anon");
    // 登录接口放开
    filterChainDefinitionMap.put("/user/login", "anon");
    // 所有请求通过我们自己的JWTFilter
    filterChainDefinitionMap.put("/**", "jwt");
    factoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
    return factoryBean;
}
 
Example 6
Source Project: springboot-shiro-cas-mybatis   Source File: ShiroConfiguration.java    License: MIT License 6 votes vote down vote up
/**
 * 对过滤器进行调整
 *
 * @param securityManager
 * @return
 */
@Bean(name = "shiroFilter")
protected ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager securityManager, Config config) {
    ShiroFilterFactoryBean filterFactoryBean = super.shiroFilterFactoryBean();
    filterFactoryBean.setSecurityManager(securityManager);
    
    //过滤器设置
    Map<String, Filter> filters = new HashMap<>();
    SecurityFilter securityFilter = new SecurityFilter();
    securityFilter.setClients("cas,rest,jwt");
    securityFilter.setConfig(config);
    filters.put("casSecurityFilter", securityFilter);
    
    CallbackFilter callbackFilter = new CallbackFilter();
    callbackFilter.setConfig(config);
    filters.put("callbackFilter", callbackFilter);
    
    filterFactoryBean.setFilters(filters);
    

    return filterFactoryBean;
}
 
Example 7
Source Project: easyweb   Source File: ShiroConfiguration.java    License: Apache License 2.0 6 votes vote down vote up
@Bean(name = "shiroFilter")
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(
            DefaultWebSecurityManager securityManager,
            FormAuthenticationFilter formAuthenticationFilter) {

        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        // 必须设置 SecurityManager
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        // 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
        shiroFilterFactoryBean.setLoginUrl("/oss/login");
        // 登录成功后要跳转的连接
        shiroFilterFactoryBean.setSuccessUrl("/admin/index");
        shiroFilterFactoryBean.setUnauthorizedUrl("/403");
        Map map = new HashMap<>();
//        map.put("authc",formAuthenticationFilter);
        shiroFilterFactoryBean.setFilters(map);
        loadShiroFilterChain(shiroFilterFactoryBean);
        return shiroFilterFactoryBean;
    }
 
Example 8
Source Project: shiro-spring-boot-starter   Source File: ShiroManager.java    License: Apache License 2.0 6 votes vote down vote up
@Bean(name = "securityManager")
	@ConditionalOnMissingBean
	public DefaultSecurityManager securityManager(CacheManager shiroCacheManager) {
        DefaultWebSecurityManager dwsm = new DefaultWebSecurityManager();

        // 用自己的Factory实现替换默认
        // 用于关闭session功能
        dwsm.setSubjectFactory(new StatelessSubjectFactory());
        dwsm.setSessionManager(defaultSessionManager());
        // 关闭session存储
        ((DefaultSessionStorageEvaluator) ((DefaultSubjectDAO)dwsm.getSubjectDAO()).getSessionStorageEvaluator()).setSessionStorageEnabled(false);

//      <!-- 用户授权/认证信息Cache, 采用EhCache 缓存 -->
        dwsm.setCacheManager(shiroCacheManager);

        SecurityUtils.setSecurityManager(dwsm);
        return dwsm;
	}
 
Example 9
Source Project: spring-boot-quickstart   Source File: ShiroConfiguration.java    License: Apache License 2.0 6 votes vote down vote up
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager securityManager) {
    ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
    shiroFilterFactoryBean
            .setSecurityManager(securityManager);
    shiroFilterFactoryBean.setLoginUrl("/login");
    shiroFilterFactoryBean.setSuccessUrl("/");
    filterChainDefinitionMap.put("/login", "authc");
    filterChainDefinitionMap.put("/logout", "logout");
    filterChainDefinitionMap.put("/static/**", "anon");
    filterChainDefinitionMap.put("/api/**", "anon");
    filterChainDefinitionMap.put("/register/**", "anon");
    filterChainDefinitionMap.put("/admin/**", "roles[admin]");
    filterChainDefinitionMap.put("/**", "user");

    shiroFilterFactoryBean
            .setFilterChainDefinitionMap(filterChainDefinitionMap);
    return shiroFilterFactoryBean;
}
 
Example 10
Source Project: dropwizard-shiro   Source File: ShiroBundle.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Create the Shiro filter. Overriding this method allows for complete customization of how Shiro is initialized.
 */
protected Filter createFilter(final T configuration) {
    ShiroConfiguration shiroConfig = narrow(configuration);
    final IniWebEnvironment shiroEnv = new IniWebEnvironment();
    shiroEnv.setConfigLocations(shiroConfig.iniConfigs());
    shiroEnv.init();

    AbstractShiroFilter shiroFilter = new AbstractShiroFilter() {
        @Override
        public void init() throws Exception {
            Collection<Realm> realms = createRealms(configuration);
            WebSecurityManager securityManager = realms.isEmpty()
                    ? shiroEnv.getWebSecurityManager()
                    : new DefaultWebSecurityManager(realms);
            setSecurityManager(securityManager);
            setFilterChainResolver(shiroEnv.getFilterChainResolver());
        }
    };
    return shiroFilter;
}
 
Example 11
Source Project: dropwizard-shiro   Source File: ShiroBundle.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Create the Shiro filter. Overriding this method allows for complete customization of how Shiro is initialized.
 */
protected Filter createFilter(final T configuration) {
    ShiroConfiguration shiroConfig = narrow(configuration);
    final IniWebEnvironment shiroEnv = new IniWebEnvironment();
    shiroEnv.setConfigLocations(shiroConfig.iniConfigs());
    shiroEnv.init();

    AbstractShiroFilter shiroFilter = new AbstractShiroFilter() {
        @Override
        public void init() throws Exception {
            Collection<Realm> realms = createRealms(configuration);
            WebSecurityManager securityManager = realms.isEmpty()
                    ? shiroEnv.getWebSecurityManager()
                    : new DefaultWebSecurityManager(realms);
            setSecurityManager(securityManager);
            setFilterChainResolver(shiroEnv.getFilterChainResolver());
        }
    };
    return shiroFilter;
}
 
Example 12
Source Project: ZTuoExchange_framework   Source File: ShiroConfig.java    License: MIT License 5 votes vote down vote up
/**
 * @DependOn  :在初始化 defaultWebSecurityManager 实例前 强制先初始化 adminRealm ,ehCacheManager。。。。。
 * @param realm
 * @param ehCacheManager
 * @param cookieRememberMeManager
 * @return
 */

@Bean(name = "securityManager")
@DependsOn({"adminRealm","ehCacheManager","cookieRememberMeManager"})
public DefaultWebSecurityManager getDefaultWebSecurityManager(AdminRealm realm, EhCacheManager ehCacheManager,CookieRememberMeManager cookieRememberMeManager) {
    DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
    //设置realm.
    defaultWebSecurityManager.setRealm(realm);
    defaultWebSecurityManager.setCacheManager(ehCacheManager);
    defaultWebSecurityManager.setRememberMeManager(cookieRememberMeManager);
    return defaultWebSecurityManager;
}
 
Example 13
Source Project: MeetingFilm   Source File: ShiroConfig.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * 在方法中 注入 securityManager,进行代理控制
 */
@Bean
public MethodInvokingFactoryBean methodInvokingFactoryBean(DefaultWebSecurityManager securityManager) {
    MethodInvokingFactoryBean bean = new MethodInvokingFactoryBean();
    bean.setStaticMethod("org.apache.shiro.SecurityUtils.setSecurityManager");
    bean.setArguments(new Object[]{securityManager});
    return bean;
}
 
Example 14
Source Project: WebStack-Guns   Source File: ShiroConfig.java    License: MIT License 5 votes vote down vote up
/**
 * 在方法中 注入 securityManager,进行代理控制
 */
@Bean
public MethodInvokingFactoryBean methodInvokingFactoryBean(DefaultWebSecurityManager securityManager) {
    MethodInvokingFactoryBean bean = new MethodInvokingFactoryBean();
    bean.setStaticMethod("org.apache.shiro.SecurityUtils.setSecurityManager");
    bean.setArguments(new Object[]{securityManager});
    return bean;
}
 
Example 15
Source Project: chronus   Source File: ShiroConfiguration.java    License: Apache License 2.0 5 votes vote down vote up
@Bean
public DefaultWebSecurityManager securityManager(MyShiroRealm myShiroRealm, DefaultWebSessionManager sessionManager) {
    DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
    manager.setRealm(myShiroRealm);
    manager.setSessionManager(sessionManager);
    return manager;
}
 
Example 16
Source Project: ZTuoExchange_framework   Source File: ShiroConfig.java    License: MIT License 5 votes vote down vote up
/**
 * @DependOn  :在初始化 defaultWebSecurityManager 实例前 强制先初始化 adminRealm ,ehCacheManager。。。。。
 * @param realm
 * @param ehCacheManager
 * @param cookieRememberMeManager
 * @return
 */

@Bean(name = "securityManager")
@DependsOn({"adminRealm","ehCacheManager","cookieRememberMeManager"})
public DefaultWebSecurityManager getDefaultWebSecurityManager(AdminRealm realm, EhCacheManager ehCacheManager,CookieRememberMeManager cookieRememberMeManager) {
    DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
    //设置realm.
    defaultWebSecurityManager.setRealm(realm);
    defaultWebSecurityManager.setCacheManager(ehCacheManager);
    defaultWebSecurityManager.setRememberMeManager(cookieRememberMeManager);
    return defaultWebSecurityManager;
}
 
Example 17
Source Project: fastdep   Source File: ShiroConfig.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * securityManager
 *
 * @param authorizingRealm AuthorizingRealm bean
 * @return securityManager
 */
@Bean("securityManager")
@ConditionalOnMissingBean(SecurityManager.class)
public DefaultWebSecurityManager getManager(AuthorizingRealm authorizingRealm) {
    DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
    manager.setRealm(authorizingRealm);
    DefaultSubjectDAO subjectDAO = new DefaultSubjectDAO();
    DefaultSessionStorageEvaluator defaultSessionStorageEvaluator = new DefaultSessionStorageEvaluator();
    defaultSessionStorageEvaluator.setSessionStorageEnabled(false);
    subjectDAO.setSessionStorageEvaluator(defaultSessionStorageEvaluator);
    manager.setSubjectDAO(subjectDAO);
    return manager;
}
 
Example 18
Source Project: fastdep   Source File: ShiroConfig.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * shiroFilter
 *
 * @param securityManager securityManager bean
 * @param jwtUtil         jwt util bean
 * @return shiroFilter
 */
@Bean("shiroFilter")
@ConditionalOnMissingBean(ShiroFilter.class)
public ShiroFilterFactoryBean factory(DefaultWebSecurityManager securityManager, JwtUtil jwtUtil) {
    FastDepShiroJwtProperties fastDepShiroJwtProperties = jwtUtil.fastDepShiroJwtProperties;
    ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
    // define your filter and name it as jwt
    Map<String, Filter> filterMap = new HashMap<>(1);
    filterMap.put("jwt", new JwtFilter(jwtUtil));
    factoryBean.setFilters(filterMap);
    factoryBean.setSecurityManager(securityManager);
    /*
     * difine custom URL rule
     * http://shiro.apache.org/web.html#urls-
     */
    Map<String, FastDepShiroJwtProperties.ShiroRole> filter = fastDepShiroJwtProperties.getFilter();
    if (filter.size() > 0) {
        LinkedHashMap<String, String> filterRuleMap = filter.values().stream().
                collect(Collectors.toMap(FastDepShiroJwtProperties.ShiroRole::getPath,
                        FastDepShiroJwtProperties.ShiroRole::getRole, (key1, key2) -> key2, LinkedHashMap::new));
        // 401 and 404 page does not forward to our filter
        factoryBean.setFilterChainDefinitionMap(filterRuleMap);
    }
    if (fastDepShiroJwtProperties.getFilterChainDefinitions() != null) {
        factoryBean.setFilterChainDefinitions(fastDepShiroJwtProperties.getFilterChainDefinitions());
    }
    factoryBean.setLoginUrl(fastDepShiroJwtProperties.getLoginUrl());
    factoryBean.setSuccessUrl(fastDepShiroJwtProperties.getSuccessUrl());
    factoryBean.setUnauthorizedUrl(fastDepShiroJwtProperties.getUnauthorizedUrl());
    jwtUtil.fastDepShiroJwtAuthorization.shiroFilterFactoryBean(factoryBean);
    return factoryBean;
}
 
Example 19
Source Project: fastdep   Source File: ShiroConfig.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * AuthorizationAttributeSourceAdvisor
 *
 * @param securityManager securityManager bean
 * @return AuthorizationAttributeSourceAdvisor
 */
@Bean
@ConditionalOnMissingBean(AuthorizationAttributeSourceAdvisor.class)
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {
    AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
    advisor.setSecurityManager(securityManager);
    return advisor;
}
 
Example 20
Source Project: blog-sample   Source File: ShiroConfig.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * 注入securityManager
 */
@Bean
public SecurityManager securityManager() {
    DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
    manager.setRealm(shiroRealm());
    return manager;
}
 
Example 21
Source Project: litemall   Source File: ShiroConfig.java    License: MIT License 5 votes vote down vote up
@Bean
public DefaultWebSecurityManager defaultWebSecurityManager() {
    DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
    securityManager.setRealm(realm());
    securityManager.setSessionManager(sessionManager());
    return securityManager;
}
 
Example 22
/**
 * 当用户的环境配置了redisTemplate时则使用Redis做缓存
 *
 * @param realm         realm
 * @param redisTemplate spring RedisTemplate
 * @return DefaultWebSecurityManager
 */
@Bean
@Conditional(RedisEnableCondition.class)
public DefaultWebSecurityManager defaultWebSecurityManager(Realm realm, RedisTemplate<Object, Object> redisTemplate) {
    DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
    securityManager.setRealm(realm);
    //使用自定义的Redis缓存实现,依赖redisTemplate,keyNamespace可以默认为空
    securityManager.setCacheManager(this.getCacheManager(redisTemplate));
    return securityManager;
}
 
Example 23
/**
 * 当用户的环境没有配置redisTemplate时则使用ehcache做缓存
 *
 * @param realm realm
 * @return DefaultWebSecurityManager
 */
@Bean
@Conditional(RedisDisabledCondition.class)
public DefaultWebSecurityManager webSecurityManager(Realm realm) {
    DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
    securityManager.setRealm(realm);
    //使用ehcache当缓存
    EhCacheManager cacheManager = new EhCacheManager();
    securityManager.setCacheManager(cacheManager);
    return securityManager;
}
 
Example 24
Source Project: spring-boot-seed   Source File: ShiroConfiguration.java    License: MIT License 5 votes vote down vote up
/**
 * SecurityManager: 安全管理器,注入有Realm、SessionManager、RememberMeManager
 *
 * @return SecurityManager
 */
@Bean
public SecurityManager securityManager() {
    DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
    defaultWebSecurityManager.setRealm(baseRealm());
    defaultWebSecurityManager.setSessionManager(sessionManager());
    defaultWebSecurityManager.setRememberMeManager(rememberMeManager());
    return defaultWebSecurityManager;
}
 
Example 25
Source Project: watchdog-framework   Source File: ShiroConfiguration.java    License: MIT License 5 votes vote down vote up
@Bean
public SecurityManager securityManager(RedisCacheManager RedisCacheManager){
    DefaultWebSecurityManager manager =  new DefaultWebSecurityManager();
    manager.setRealm(myRealm());
    manager.setCacheManager(RedisCacheManager);
    /*
    * 关闭session存储,禁用Session作为存储策略的实现,
    * 但它没有完全地禁用Session所以需要配合SubjectFactory中的context.setSessionCreationEnabled(false)
    */
    //manager.setSessionManager(sessionManager());
    ((DefaultSessionStorageEvaluator) ((DefaultSubjectDAO)manager.getSubjectDAO())
            .getSessionStorageEvaluator()).setSessionStorageEnabled(false);
    manager.setSubjectFactory(new AgileSubjectFactory());
    return manager;
}
 
Example 26
/**
 * 授权管理器
 * 
 * @time 2018年4月10日 下午5:10:02.
 * 
 * @version V1.0
 * @return DefaultSecurityManager
 */
@Bean(name = "securityManager")
@ConditionalOnMissingBean
public DefaultSecurityManager securityManager() {
	DefaultSecurityManager sm = new DefaultWebSecurityManager();
	sm.setCacheManager(cacheManager());
	sm.setRememberMeManager(rememberMeManager());// 注入记住我
	return sm;
}
 
Example 27
Source Project: mysiteforme   Source File: ShiroConfig.java    License: Apache License 2.0 5 votes vote down vote up
@Bean
public SecurityManager securityManager(@Qualifier("authRealm")AuthRealm authRealm){
    logger.info("- - - - - - -shiro开始加载- - - - - - ");
    DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
    defaultWebSecurityManager.setRealm(authRealm);
    defaultWebSecurityManager.setRememberMeManager(rememberMeManager());
    defaultWebSecurityManager.setSessionManager(webSessionManager());
    defaultWebSecurityManager.setCacheManager(cacheManager());
    return defaultWebSecurityManager;
}
 
Example 28
Source Project: springboot-shiro-cas-mybatis   Source File: ShiroConfig.java    License: MIT License 5 votes vote down vote up
@Bean(name = "securityManager")
public DefaultWebSecurityManager defaultWebSecurityManager(@Qualifier("shiroRealm") ShiroRealm realm){
	DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
	securityManager.setRealm(realm);
	// 指定SubjectFactory
	securityManager.setSessionManager(this.sessionManager());
	securityManager.setCacheManager(this.redisCacheManager());
	return securityManager;
}
 
Example 29
Source Project: springboot-shiro-cas-mybatis   Source File: ShiroConfig.java    License: MIT License 5 votes vote down vote up
@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager securityManager){
	ShiroFilterFactoryBean factoryBean = new MyShiroFilterFactoryBean();
	factoryBean.setSecurityManager(securityManager);
	factoryBean.setLoginUrl("/restlogin");
	factoryBean.setSuccessUrl("/user");
	factoryBean.setUnauthorizedUrl("/403");

	loadShiroFilterChain(factoryBean);
	return factoryBean;
}
 
Example 30
Source Project: easyweb   Source File: ShiroConfiguration.java    License: Apache License 2.0 5 votes vote down vote up
@Bean(name = "securityManager")
    public DefaultWebSecurityManager getDefaultWebSecurityManager(
            SystemAuthorizingRealm myShiroRealm,
            DefaultWebSessionManager sessionManager,
            CacheManager shiroCacheManager) {
        DefaultWebSecurityManager dwsm = new DefaultWebSecurityManager();
        dwsm.setRealm(myShiroRealm);
        dwsm.setSessionManager(sessionManager);
//      <!-- 用户授权/认证信息Cache, 采用redis 缓存 -->
        dwsm.setCacheManager(shiroCacheManager);
        return dwsm;
    }