发表于: 浏览: 618

ShiroConfig 文件

@Configuration
public class ShiroConfig {
	/**
	 * 过滤器默认权限表
	 * @param securityManager
	 * 初始化 ShiroFilterFactoryBean 的时候需要注入 SecurityManager
	 */
	@Bean
	public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
		ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
		// 必须设置 SecurityManager
		shiroFilterFactoryBean.setSecurityManager(securityManager);
		// setLoginUrl 如果不设置值,默认会自动寻找Web工程根目录下的"/login.jsp"页面 或 "/login" 映射
		shiroFilterFactoryBean.setLoginUrl("/login");
		// 设置无权限时跳转的 URL;
		shiroFilterFactoryBean.setUnauthorizedUrl("/unauthorized");// 没有权限
		// 设置拦截器,各类 URL 的权限拦截
		Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
		// 开放静态资源,static路径spring没有使用
		filterChainDefinitionMap.put("/assets/**", "anon"); 
		// 登出,固定写法??  
		filterChainDefinitionMap.put("/logout", "logout");
		// 其余接口一律拦截 ,(必须放在所有权限设置的最后,不然会导致所有 URL 都被拦截)
		filterChainDefinitionMap.put("/**", "authc");// 必须验证后才能访问
		shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
		return shiroFilterFactoryBean;
	}
	@Bean(name = "sessionDAO")
	public MemorySessionDAO getMemorySessionDAO() {
		return new MemorySessionDAO();
	}
	@Bean(name = "sessionIdCookie")
	public SimpleCookie getSimpleCookie() {
		SimpleCookie simpleCookie = new SimpleCookie();
		simpleCookie.setName("SHRIOSESSIONID");
		return simpleCookie;
	}
	/**
	 * 配置shiro session 的一个管理器
	 * @param sessionDAO
	 * @param simpleCookie
	 * @return
	 */
	@Bean(name = "sessionManager")
	public DefaultWebSessionManager getDefaultWebSessionManager(@Qualifier("sessionDAO") MemorySessionDAO sessionDAO, @Qualifier("sessionIdCookie") SimpleCookie simpleCookie) {
		DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
		sessionManager.setSessionDAO(sessionDAO);
		sessionManager.setSessionIdCookie(simpleCookie);
		return sessionManager;
	}
	/**
	 * 配置session的缓存管理器
	 * @return
	 */
	@Bean(name = "shiroCacheManager")
	public MemoryConstrainedCacheManager getMemoryConstrainedCacheManager() {
		return new MemoryConstrainedCacheManager();
	}
	/**
	 * 定义缓存使用的工具
	 */
	@Bean
	public EhCacheManager getCacheManager() {
		EhCacheManager cacheManager = new EhCacheManager();
		cacheManager.setCacheManagerConfigFile("classpath:config/ehcache.xml");
		return cacheManager;
	}
	/**
	 * 配置核心安全事务管理器
	 * @param authRealm
	 * @param shiroCacheManager
	 * @param sessionManager
	 * @return
	 */
	@Bean(name = "securityManager")
	public SecurityManager securityManager(@Qualifier("authRealm") AuthRealm authRealm, @Qualifier("shiroCacheManager") MemoryConstrainedCacheManager shiroCacheManager,
			@Qualifier("sessionManager") DefaultWebSessionManager sessionManager) {
		DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
		manager.setRealm(authRealm);
		manager.setCacheManager(shiroCacheManager);
		manager.setSessionManager(sessionManager);
		return manager;
	}
	/**
	 * 配置自定义的权限登录器
	 * @return
	 */
	@Bean(name = "authRealm")
	public AuthRealm authRealm() {
		AuthRealm authRealm = new AuthRealm();
		authRealm.setCredentialsMatcher(getRetryLimitHashedCredentialsMatcher());
		return authRealm;
	}
	/**
	 * 获取自定义的密码解析器
	 * @return
	 */
	@Bean
	public RetryLimitHashedCredentialsMatcher getRetryLimitHashedCredentialsMatcher() {
		RetryLimitHashedCredentialsMatcher retryLimitHashedCredentialsMatcher = new RetryLimitHashedCredentialsMatcher(getCacheManager());
		return retryLimitHashedCredentialsMatcher;
	}
	/**
	 * ShiroDialect,为了在thymeleaf里使用shiro的标签的bean
	 * @return
	 */
	@Bean(name = "shiroDialect")
	public ShiroDialect shiroDialect() {
		return new ShiroDialect();
	}
	/**
	 * 开启Shiro的注解(如@RequiresRoles,@RequiresPermissions),需借助SpringAOP扫描使用Shiro注解的类,并在必要时进行安全逻辑验证
	 * 配置以下两个bean(DefaultAdvisorAutoProxyCreator和AuthorizationAttributeSourceAdvisor)即可实现此功能
	 * @return
	 */
	@Bean
	public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator() {
		DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
		advisorAutoProxyCreator.setProxyTargetClass(true);
		return advisorAutoProxyCreator;
	}
	/**
	 * 开启aop注解支持
	 * @param securityManager
	 * @return
	 */
	@Bean
	public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
		AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
		authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
		return authorizationAttributeSourceAdvisor;
	}
}