package com.cmiinv.shp.auth.config;
import com.auth0.jwt.JWT;
import com.cmiinv.shp.auth.*;
import org.apache.shiro.mgt.DefaultSessionStorageEvaluator;
import org.apache.shiro.mgt.DefaultSubjectDAO;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.spring.web.config.DefaultShiroFilterChainDefinition;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;
/**
* @author LiuQi
*/
@ConditionalOnClass({JWT.class, DefaultWebSecurityManager.class})
@EnableConfigurationProperties(AuthConfig.class)
@ConditionalOnBean(AuthService.class)
@Configuration
@AutoConfigureAfter(WebMvcAutoConfiguration.class)
public class AuthAutoConfiguration {
@Bean
@ConditionalOnMissingBean
AuthRealm authRealm(AuthService authService) {
AuthRealm realm = new AuthRealm(authService);
realm.setAuthenticationTokenClass(JWTToken.class);
return realm;
}
@Bean
@ConditionalOnMissingBean
DefaultWebSecurityManager securityManager(AuthRealm authRealm) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(authRealm);
// 为了提供无状态的Restful Service,需要禁用Shiro的Session持久化功能
((DefaultSessionStorageEvaluator) ((DefaultSubjectDAO) securityManager.getSubjectDAO()).getSessionStorageEvaluator())
.setSessionStorageEnabled(false);
return securityManager;
}
@Bean
LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
@Bean
@DependsOn("lifecycleBeanPostProcessor")
DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
DefaultAdvisorAutoProxyCreator creator = new DefaultAdvisorAutoProxyCreator();
creator.setProxyTargetClass(true);
return creator;
}
@Bean
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
advisor.setSecurityManager(securityManager);
return advisor;
}
@Bean
ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager, AuthService authService) {
ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
shiroFilter.setSecurityManager(securityManager);
shiroFilter.getFilters().put("jwt", new JWTFilter(authService));
DefaultShiroFilterChainDefinition chain = new DefaultShiroFilterChainDefinition();
chain.addPathDefinition("/**", "jwt[permissive]");
shiroFilter.setFilterChainDefinitionMap(chain.getFilterChainMap());
return shiroFilter;
}
@Bean
@ConditionalOnMissingBean
RequestCrossOriginLocator requestCrossOriginLocator() {
return request -> request.getHeader("Origin");
}
}
springboot_shiro_jwt配制依赖注入
猜你喜欢
转载自blog.csdn.net/maqingbin8888/article/details/83027443
今日推荐
周排行