import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.LinkedHashMap;
import java.util.Map;
/**
* Created by cws
*/
@Configuration
public class ShiroConfig{
@Bean(name = "sessionManager")
public SessionManager sessionManager() {
DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
//设置session过期时间为1小时(单位:毫秒),默认为30分钟
sessionManager.setGlobalSessionTimeout(60 * 60 * 1000);
sessionManager.setSessionValidationSchedulerEnabled(true);
return sessionManager;
}
/**
* @param shiroRealm
* @param sessionManager 授权和认证整合会话管理
* @return
*/
@Bean(name = "securityManager")
public SecurityManager securityManager(ShiroRealm shiroRealm, SessionManager sessionManager) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(shiroRealm);
securityManager.setSessionManager(sessionManager);
return securityManager;
}
/**
* shiroFilterFactorybean
* shiro的安全过滤器,过滤所有的请求,对请求分类拦截
*/
@Bean
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
shiroFilter.setSecurityManager(securityManager);
//修改登录页面,所有的未认证的请求都去登录
shiroFilter.setLoginUrl("/auth.html");
//设置没有权限的跳转页面
shiroFilter.setUnauthorizedUrl("/404.html");
Map<String, String> filterMap = new LinkedHashMap<>();
/**
* 认证过滤器的分类
* anon:无需认证
* authc:必须认证才能到达
* user:使用rememberme的时候才用
* perms:访问的资源需要某个权限才能到达
* roles:访问的资源需要某个角色才能到达
*/
filterMap.put("/api/**", "anon");
filterMap.put("/assets/**", "anon");
filterMap.put("/fonts/**", "anon");
filterMap.put("/maps/**", "anon");
filterMap.put("/scripts/**", "anon");
filterMap.put("/styles/**", "anon");
filterMap.put("/auth.html", "anon");
filterMap.put("/reg.html", "anon");
filterMap.put("/index.html", "anon");
filterMap.put("/**", "authc");
shiroFilter.setFilterChainDefinitionMap(filterMap);
return shiroFilter;
}
@Bean(name = "lifecycleBeanPostProcessor")
public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
@Bean
public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
DefaultAdvisorAutoProxyCreator proxyCreator = new DefaultAdvisorAutoProxyCreator();
proxyCreator.setProxyTargetClass(true);
return proxyCreator;
}
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
advisor.setSecurityManager(securityManager);
return advisor;
}
}
