springboot_shiro_jwt配制依赖注入

package com.cmiinv.shp.auth.config;

import com.auth0.jwt.JWT;
import com.cmiinv.shp.auth.*;
import org.apache.shiro.mgt.DefaultSessionStorageEvaluator;
import org.apache.shiro.mgt.DefaultSubjectDAO;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.spring.web.config.DefaultShiroFilterChainDefinition;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;

/**
 * @author LiuQi
 */
@ConditionalOnClass({JWT.class, DefaultWebSecurityManager.class})
@EnableConfigurationProperties(AuthConfig.class)
@ConditionalOnBean(AuthService.class)
@Configuration
@AutoConfigureAfter(WebMvcAutoConfiguration.class)
public class AuthAutoConfiguration {

	@Bean
	@ConditionalOnMissingBean
	AuthRealm authRealm(AuthService authService) {
		AuthRealm realm = new AuthRealm(authService);
		realm.setAuthenticationTokenClass(JWTToken.class);
		return realm;
	}

	@Bean
	@ConditionalOnMissingBean
    DefaultWebSecurityManager securityManager(AuthRealm authRealm) {
		DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
		securityManager.setRealm(authRealm);
		// 为了提供无状态的Restful Service，需要禁用Shiro的Session持久化功能
		((DefaultSessionStorageEvaluator) ((DefaultSubjectDAO) securityManager.getSubjectDAO()).getSessionStorageEvaluator())
				.setSessionStorageEnabled(false);
		return securityManager;
	}

	@Bean
    LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
		return new LifecycleBeanPostProcessor();
	}

	@Bean
	@DependsOn("lifecycleBeanPostProcessor")
	DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
		DefaultAdvisorAutoProxyCreator creator = new DefaultAdvisorAutoProxyCreator();
		creator.setProxyTargetClass(true);
		return creator;
	}

	@Bean
    AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
		AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
		advisor.setSecurityManager(securityManager);
		return advisor;
	}

	@Bean
    ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager, AuthService authService) {
		ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
		shiroFilter.setSecurityManager(securityManager);
		shiroFilter.getFilters().put("jwt", new JWTFilter(authService));
		DefaultShiroFilterChainDefinition chain = new DefaultShiroFilterChainDefinition();
		chain.addPathDefinition("/**", "jwt[permissive]");
		shiroFilter.setFilterChainDefinitionMap(chain.getFilterChainMap());
		return shiroFilter;
	}

	@Bean
	@ConditionalOnMissingBean
	RequestCrossOriginLocator requestCrossOriginLocator() {
		return request -> request.getHeader("Origin");
	}

}