I3_YF_SEAT
/
impp-core
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

shiro优化

Browse Source
yun-zuoyi
alwaysfrin 7 years ago
parent 537e5791c5
commit d9ea77507f
20 changed files with 53 additions and 861 deletions
Show Stats Download Patch File Download Diff File

15
modules/i3plus-core-api/src/main/java/cn/estsh/i3plus/core/api/iservice/busi/ISystemUserService.java → modules/i3plus-core-api/src/main/java/cn/estsh/i3plus/core/api/iservice/base/ISystemLoginService.java
Unescape Escape View File

@ -1,23 +1,20 @@
package cn.estsh.i3plus.core.api.iservice.busi;
package cn.estsh.i3plus.core.api.iservice.base;
import cn.estsh.i3plus.core.api.token.AdminToken;
import cn.estsh.i3plus.core.api.token.SaAdminToken;
import cn.estsh.i3plus.core.api.token.UserToken;
import cn.estsh.i3plus.pojo.model.common.Pager;
import cn.estsh.i3plus.pojo.base.shirotoken.AdminToken;
import cn.estsh.i3plus.pojo.base.shirotoken.SaAdminToken;
import cn.estsh.i3plus.pojo.base.shirotoken.UserToken;
import cn.estsh.i3plus.pojo.platform.bean.SessionUser;
import cn.estsh.i3plus.pojo.platform.bean.SysLocaleLanguage;
import cn.estsh.i3plus.pojo.platform.bean.SysLocaleResource;
import java.util.List;
/**
* @Description :
* @Description :
* @Reference :
* @Author : alwaysfrin
* @CreateDate : 2018-10-11 16:59
* @Modify:
**/
public interface ISystemUserService {
public interface ISystemLoginService {
SessionUser queryUserLogin(String loginName, String s, String languageCode);

15
modules/i3plus-core-api/src/main/java/cn/estsh/i3plus/core/api/token/AdminToken.java
Unescape Escape View File

@ -1,15 +0,0 @@
package cn.estsh.i3plus.core.api.token;
/**
* @Description : token
* @Reference :
* @Author : alwaysfrin
* @CreateDate : 2018-10-13 18:00
* @Modify:
**/
public class AdminToken extends BaseToken {
public AdminToken(String loginName, String loginPwd, String languageCode) {
super(loginName, loginPwd, languageCode);
}
}

59
modules/i3plus-core-api/src/main/java/cn/estsh/i3plus/core/api/token/BaseToken.java
Unescape Escape View File

@ -1,59 +0,0 @@
package cn.estsh.i3plus.core.api.token;
import org.apache.shiro.authc.AuthenticationToken;
/**
* @Description :
* @Reference :
* @Author : alwaysfrin
* @CreateDate : 2018-10-13 18:00
* @Modify:
**/
public class BaseToken implements AuthenticationToken {
private String loginName;
private String loginPwd;
private String languageCode;
public BaseToken(String loginName, String loginPwd, String languageCode) {
this.loginName = loginName;
this.loginPwd = loginPwd;
this.languageCode = languageCode;
}
//身份
@Override
public Object getPrincipal() {
return this.loginName;
}
//验证
@Override
public Object getCredentials() {
return this.loginPwd;
}
public String getLoginName() {
return loginName;
}
public void setLoginName(String loginName) {
this.loginName = loginName;
}
public String getLoginPwd() {
return loginPwd;
}
public void setLoginPwd(String loginPwd) {
this.loginPwd = loginPwd;
}
public String getLanguageCode() {
return languageCode;
}
public void setLanguageCode(String languageCode) {
this.languageCode = languageCode;
}
}

15
modules/i3plus-core-api/src/main/java/cn/estsh/i3plus/core/api/token/SaAdminToken.java
Unescape Escape View File

@ -1,15 +0,0 @@
package cn.estsh.i3plus.core.api.token;
/**
* @Description : token
* @Reference :
* @Author : alwaysfrin
* @CreateDate : 2018-10-13 18:00
* @Modify:
**/
public class SaAdminToken extends BaseToken {
public SaAdminToken(String loginName, String loginPwd, String languageCode) {
super(loginName, loginPwd, languageCode);
}
}

15
modules/i3plus-core-api/src/main/java/cn/estsh/i3plus/core/api/token/UserToken.java
Unescape Escape View File

@ -1,15 +0,0 @@
package cn.estsh.i3plus.core.api.token;
/**
* @Description : token
* @Reference :
* @Author : alwaysfrin
* @CreateDate : 2018-10-13 18:00
* @Modify:
**/
public class UserToken extends BaseToken {
public UserToken(String loginName, String loginPwd, String languageCode) {
super(loginName, loginPwd, languageCode);
}
}

106
modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/auth/AuthUtil.java
Unescape Escape View File

@ -1,106 +0,0 @@
package cn.estsh.i3plus.core.apiservice.auth;
import cn.estsh.i3plus.platform.common.enumutil.CommonEnumUtil;
import cn.estsh.i3plus.platform.common.util.CommonConstWords;
import cn.estsh.i3plus.pojo.platform.bean.SessionUser;
import cn.estsh.impp.framework.boot.util.ImppRedis;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.math.NumberUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
/**
* @Description :
* @Reference :
* @Author : alwaysfrin
* @CreateDate : 2018-10-13 13:21
* @Modify:
**/
public class AuthUtil {
public static final Logger LOGGER = LoggerFactory.getLogger(AuthUtil.class);
/**
*
*/
@Resource(name="redisSession")
private ImppRedis redisSession;
//登陆,保存会话对象
public static SessionUser login(AuthenticationToken token){
Subject subject = SecurityUtils.getSubject();
subject.login(token);
SessionUser sessionUser = (SessionUser) subject.getPrincipal();
//使用了redis此处不需要防止
if(sessionUser != null){
//userType为CommonEnumUtil.USER_TYPE.xxx.getCode()
setSessionUser(sessionUser);
}
return sessionUser;
}
/**
* 退
*/
public static void logout(){
Session session = SecurityUtils.getSubject().getSession(false);
if(session != null) {
session.removeAttribute(CommonConstWords.SESSION_USER);
session.touch();
session.stop();
}
}
/**
*
* @param user
* @return
*/
public static void setSessionUser(SessionUser user){
SecurityUtils.getSubject().getSession(true).setAttribute(CommonConstWords.SESSION_USER,user);
}
/**
*
* @return
*/
public static SessionUser getSessionUser(){
Session session = SecurityUtils.getSubject().getSession(false);
if(session != null){
return (SessionUser) session.getAttribute(CommonConstWords.SESSION_USER);
}else{
return null;
}
}
/**
*
* @param key
* @param obj
* @return
*/
public static void setSessionObject(String key,Object obj){
SecurityUtils.getSubject().getSession(true).setAttribute(key,obj);
}
/**
*
* @param key
* @return
*/
public static Object getSessionAttribute(String key){
Session session = SecurityUtils.getSubject().getSession(false);
if(session != null){
return (Object) session.getAttribute(key);
}else{
return null;
}
}
}

151
modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/auth/ShiroSessionRedisDaoImpl.java
Unescape Escape View File

@ -1,151 +0,0 @@
package cn.estsh.i3plus.core.apiservice.auth;
import cn.estsh.i3plus.platform.common.util.CommonConstWords;
import cn.estsh.impp.framework.boot.util.ImppRedis;
import com.alibaba.fastjson.JSONObject;
import org.apache.shiro.cache.Cache;
import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.cache.ehcache.EhCacheManager;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.UnknownSessionException;
import org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import javax.annotation.Resource;
import java.io.Serializable;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
/**
* @Description : redisshiro
* @Reference : 使ehcacheredis
*
* @Author : alwaysfrin
* @CreateDate : 2018-10-16 10:28
* @Modify:
**/
public class ShiroSessionRedisDaoImpl extends EnterpriseCacheSessionDAO {
public static final Logger LOGGER = LoggerFactory.getLogger(ShiroSessionRedisDaoImpl.class);
public static final int EXPIRE_TIME = 30 * 60; //会话保存时间 单位秒
public static final String LOCAL_SESSION_CACHE = "redis-shiro-session-cache";
/**
*
*/
@Resource(name="redisSession")
private ImppRedis redisSession;
//本地缓存
private Cache localCache;
private CacheManager localCacheManager;
public void setLocalCacheManager(CacheManager localCacheManager) {
this.localCacheManager = localCacheManager;
this.localCache = localCacheManager.getCache(LOCAL_SESSION_CACHE);
}
@Override
public void update(Session session) throws UnknownSessionException {
LOGGER.info("【更新缓存 : {}】{}",session,session.getId());
this.saveSession(session);
}
private void saveSession(Session session) {
if (session == null) {
LOGGER.error("【要存入的session为空】");
}else {
//LOGGER.info("【保存session至redis,id:{}】{}",session.getId(),session);
//设置会话过期时间
redisSession.putObject(session.getId().toString(),session,EXPIRE_TIME);
//放入本地缓存
localCache.put(session.getId(),session);
LOGGER.info("【保存session至redis,id:{}】{}",session.getId(),session);
}
}
@Override
protected Session getCachedSession(Serializable sessionId) {
//先从本地获取若本地没有再从redis中获取
Session s = (Session) localCache.get(sessionId);
if(s == null) {
s = (Session) redisSession.getObject(sessionId.toString());
LOGGER.info("【本地缓存不存在redis获取{}】{}", sessionId, s);
if(s != null) {
//放入本地缓存
localCache.put(sessionId, s);
LOGGER.info("【放入本地缓存:{}】{}", sessionId, s);
}
}else{
//LOGGER.info("【本地缓存获取:{}】{}", sessionId, s);
}
return s;
}
@Override
public void delete(Session session) {
if (session == null) {
}else {
LOGGER.error("【删除session-redis{}】",session.getId());
//redis删除
redisSession.deleteKey(session.getId().toString());
//本地缓存删除
localCache.remove(session.getId());
}
}
@Override
protected Serializable doCreate(Session session) {
LOGGER.info("【doCreate并保存{}】",session);
Serializable sessionId = this.generateSessionId(session);
this.assignSessionId(session, sessionId);
this.saveSession(session);
return sessionId;
}
@Override
protected Session doReadSession(Serializable sessionId) {
Session session = null;
if(sessionId != null) {
//先从本地缓存读取
Object obj = localCache.get(sessionId);
if(obj == null) {
LOGGER.info("【doReadSession-本地缓存不存在不存在:{}】", sessionId);
obj = redisSession.getObject(sessionId.toString());
if (obj == null) {
LOGGER.info("【doReadSession不存在{}】", sessionId);
} else {
LOGGER.info("【doReadSession{}】", sessionId);
session = (Session) obj;
}
}else{
LOGGER.info("【doReadSession-本地缓存获取:{}】", sessionId);
session = (Session) obj;
}
}
return session;
}
/**
* sessions
*/
@Override
public Collection<Session> getActiveSessions() {
Set<Session> sessions = new HashSet<>();
Set<String> keys = redisSession.getKeysSet("*");
LOGGER.info("【所有活动的key{}】",keys.size());
for(String key:keys){
sessions.add((Session)redisSession.getObject(key));
}
return sessions;
}
}

71
modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/auth/filter/AdminFilter.java
Unescape Escape View File

@ -1,71 +0,0 @@
package cn.estsh.i3plus.core.apiservice.auth.filter;
import cn.estsh.i3plus.core.apiservice.auth.AuthUtil;
import cn.estsh.i3plus.core.apiservice.configuration.ShiroAuthConfiguration;
import cn.estsh.i3plus.platform.common.enumutil.CommonEnumUtil;
import cn.estsh.i3plus.platform.common.util.CommonConstWords;
import cn.estsh.i3plus.pojo.model.busi.ResultBean;
import cn.estsh.i3plus.pojo.platform.bean.SessionUser;
import com.alibaba.fastjson.JSONObject;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
/**
* @Description :
* @Reference :
* @Author : alwaysfrin
* @CreateDate : 2018-10-13 19:17
* @Modify:
**/
public class AdminFilter extends AccessControlFilter {
public static final Logger LOGGER = LoggerFactory.getLogger(AdminFilter.class);
@Override
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
SessionUser sessionUser = AuthUtil.getSessionUser();
if(sessionUser != null && CommonEnumUtil.USER_TYPE.ADMIN.getCode().equals(sessionUser.getUserType())){
return true;
}else{
return false;
}
}
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
if (response instanceof HttpServletResponse) {
HttpServletResponse httpServletResponse = (HttpServletResponse)response;
httpServletResponse.setHeader("Content-Type", "application/json;charset=UTF-8");
httpServletResponse.setContentType("application/json;charset=UTF-8");
PrintWriter out = null;
try {
ResultBean result = new ResultBean();
result.setSuccess(false);
result.setErrorMsg("未登录");
result.setCode("need-login");
result.setUrl(ShiroAuthConfiguration.ADMIN_LOGIN_URI);
out = response.getWriter();
out.print(JSONObject.toJSONString(result));
out.flush();
} catch (IOException var11) {
LOGGER.error(var11.getMessage(), var11);
} finally {
if (out != null) {
out.close();
}
}
}
return false;
}
}

71
modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/auth/filter/SaAdminFilter.java
Unescape Escape View File

@ -1,71 +0,0 @@
package cn.estsh.i3plus.core.apiservice.auth.filter;
import cn.estsh.i3plus.core.apiservice.auth.AuthUtil;
import cn.estsh.i3plus.core.apiservice.configuration.ShiroAuthConfiguration;
import cn.estsh.i3plus.platform.common.enumutil.CommonEnumUtil;
import cn.estsh.i3plus.platform.common.util.CommonConstWords;
import cn.estsh.i3plus.pojo.model.busi.ResultBean;
import cn.estsh.i3plus.pojo.platform.bean.SessionUser;
import com.alibaba.fastjson.JSONObject;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
/**
* @Description :
* @Reference :
* @Author : alwaysfrin
* @CreateDate : 2018-10-13 19:17
* @Modify:
**/
public class SaAdminFilter extends AccessControlFilter {
public static final Logger LOGGER = LoggerFactory.getLogger(SaAdminFilter.class);
@Override
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
SessionUser sessionUser = AuthUtil.getSessionUser();
if(sessionUser != null && CommonEnumUtil.USER_TYPE.SA.getCode().equals(sessionUser.getUserType())){
return true;
}else{
return false;
}
}
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
if (response instanceof HttpServletResponse) {
HttpServletResponse httpServletResponse = (HttpServletResponse)response;
httpServletResponse.setHeader("Content-Type", "application/json;charset=UTF-8");
httpServletResponse.setContentType("application/json;charset=UTF-8");
PrintWriter out = null;
try {
ResultBean result = new ResultBean();
result.setSuccess(false);
result.setErrorMsg("未登录");
result.setCode("need-login");
result.setUrl(ShiroAuthConfiguration.SAADMIN_LOGIN_URI);
out = response.getWriter();
out.print(JSONObject.toJSONString(result));
out.flush();
} catch (IOException var11) {
LOGGER.error(var11.getMessage(), var11);
} finally {
if (out != null) {
out.close();
}
}
}
return false;
}
}

75
modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/auth/filter/UserFilter.java
Unescape Escape View File

@ -1,75 +0,0 @@
package cn.estsh.i3plus.core.apiservice.auth.filter;
import cn.estsh.i3plus.core.apiservice.auth.AuthUtil;
import cn.estsh.i3plus.core.apiservice.configuration.ShiroAuthConfiguration;
import cn.estsh.i3plus.platform.common.enumutil.CommonEnumUtil;
import cn.estsh.i3plus.platform.common.util.CommonConstWords;
import cn.estsh.i3plus.pojo.model.busi.ResultBean;
import cn.estsh.i3plus.pojo.platform.bean.SessionUser;
import com.alibaba.fastjson.JSONObject;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
/**
* @Description :
* @Reference :
* @Author : alwaysfrin
* @CreateDate : 2018-10-13 19:17
* @Modify:
**/
public class UserFilter extends AccessControlFilter {
public static final Logger LOGGER = LoggerFactory.getLogger(UserFilter.class);
@Override
protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse response, Object mappedValue) throws Exception {
SessionUser sessionUser = AuthUtil.getSessionUser();
if (sessionUser != null) {
LOGGER.info("===用户已登陆==={}",sessionUser);
return true;
} else {
LOGGER.info("===用户未登陆==={}",sessionUser);
return false;
}
}
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
if (response instanceof HttpServletResponse) {
LOGGER.info("===请求拒绝===请求路径:{}",((HttpServletRequest)request).getRequestURL());
HttpServletResponse httpServletResponse = (HttpServletResponse)response;
httpServletResponse.setHeader("Content-Type", "application/json;charset=UTF-8");
httpServletResponse.setContentType("application/json;charset=UTF-8");
PrintWriter out = null;
try {
ResultBean result = new ResultBean();
result.setSuccess(false);
result.setErrorMsg("未登录");
result.setCode("need-login");
result.setUrl(ShiroAuthConfiguration.USER_LOGIN_URI);
out = response.getWriter();
out.print(JSONObject.toJSONString(result));
out.flush();
} catch (IOException var11) {
LOGGER.error(var11.getMessage(), var11);
} finally {
if (out != null) {
out.close();
}
}
}
return false;
}
}

10
modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/auth/realm/AdminAuthRealm.java
Unescape Escape View File

@ -1,9 +1,7 @@
package cn.estsh.i3plus.core.apiservice.auth.realm;
import cn.estsh.i3plus.core.api.iservice.busi.ISystemUserService;
import cn.estsh.i3plus.core.api.token.AdminToken;
import cn.estsh.i3plus.core.api.token.SaAdminToken;
import cn.estsh.i3plus.core.api.token.UserToken;
import cn.estsh.i3plus.core.api.iservice.base.ISystemLoginService;
import cn.estsh.i3plus.pojo.base.shirotoken.AdminToken;
import cn.estsh.i3plus.pojo.platform.bean.SessionUser;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
@ -28,7 +26,7 @@ public class AdminAuthRealm extends AuthorizingRealm {
public static final Logger LOGGER = LoggerFactory.getLogger(AdminAuthRealm.class);
@Autowired
private ISystemUserService systemUserService;
private ISystemLoginService systemLoginService;
public AdminAuthRealm(){
//添加支持的token
@ -45,7 +43,7 @@ public class AdminAuthRealm extends AuthorizingRealm {
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//管理员令牌
SessionUser sessionUser = systemUserService.queryCheckAdminLogin((AdminToken) authenticationToken);
SessionUser sessionUser = systemLoginService.queryCheckAdminLogin((AdminToken) authenticationToken);
LOGGER.info("管理员令牌验证:{}",sessionUser);
return new SimpleAuthenticationInfo(sessionUser,((AdminToken) authenticationToken).getLoginPwd(),this.getName());
}

6
modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/auth/realm/DefaultModularRealm.java
Unescape Escape View File

@ -1,10 +1,10 @@
package cn.estsh.i3plus.core.apiservice.auth.realm;
import cn.estsh.i3plus.core.api.token.AdminToken;
import cn.estsh.i3plus.core.api.token.SaAdminToken;
import cn.estsh.i3plus.core.api.token.UserToken;
import cn.estsh.i3plus.core.apiservice.controller.DemoAuthController;
import cn.estsh.i3plus.platform.common.enumutil.CommonEnumUtil;
import cn.estsh.i3plus.pojo.base.shirotoken.AdminToken;
import cn.estsh.i3plus.pojo.base.shirotoken.SaAdminToken;
import cn.estsh.i3plus.pojo.base.shirotoken.UserToken;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;

9
modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/auth/realm/SaAuthRealm.java
Unescape Escape View File

@ -1,8 +1,7 @@
package cn.estsh.i3plus.core.apiservice.auth.realm;
import cn.estsh.i3plus.core.api.iservice.busi.ISystemUserService;
import cn.estsh.i3plus.core.api.token.SaAdminToken;
import cn.estsh.i3plus.core.api.token.UserToken;
import cn.estsh.i3plus.core.api.iservice.base.ISystemLoginService;
import cn.estsh.i3plus.pojo.base.shirotoken.SaAdminToken;
import cn.estsh.i3plus.pojo.platform.bean.SessionUser;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
@ -27,7 +26,7 @@ public class SaAuthRealm extends AuthorizingRealm {
public static final Logger LOGGER = LoggerFactory.getLogger(SaAuthRealm.class);
@Autowired
private ISystemUserService systemUserService;
private ISystemLoginService systemLoginService;
public SaAuthRealm(){
//添加支持的token
@ -44,7 +43,7 @@ public class SaAuthRealm extends AuthorizingRealm {
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//管理员令牌
SessionUser sessionUser = systemUserService.queryCheckSaAdminLogin((SaAdminToken) authenticationToken);
SessionUser sessionUser = systemLoginService.queryCheckSaAdminLogin((SaAdminToken) authenticationToken);
LOGGER.info("超级管理员令牌验证:{}",sessionUser);
return new SimpleAuthenticationInfo(sessionUser,((SaAdminToken) authenticationToken).getLoginPwd(),this.getName());
}

10
modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/auth/realm/UserAuthRealm.java
Unescape Escape View File

@ -1,7 +1,7 @@
package cn.estsh.i3plus.core.apiservice.auth.realm;
import cn.estsh.i3plus.core.api.iservice.busi.ISystemUserService;
import cn.estsh.i3plus.core.api.token.UserToken;
import cn.estsh.i3plus.core.api.iservice.base.ISystemLoginService;
import cn.estsh.i3plus.pojo.base.shirotoken.UserToken;
import cn.estsh.i3plus.pojo.platform.bean.SessionUser;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
@ -17,7 +17,7 @@ import org.springframework.beans.factory.annotation.Autowired;
/**
* @Description :
* @Reference :
* @Reference :-
* @Author : alwaysfrin
* @CreateDate : 2018-10-13 14:04
* @Modify:
@ -26,7 +26,7 @@ public class UserAuthRealm extends AuthorizingRealm {
public static final Logger LOGGER = LoggerFactory.getLogger(UserAuthRealm.class);
@Autowired
private ISystemUserService systemUserService;
private ISystemLoginService systemLoginService;
public UserAuthRealm(){
//添加支持的token
@ -43,7 +43,7 @@ public class UserAuthRealm extends AuthorizingRealm {
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//管理员令牌
SessionUser sessionUser = systemUserService.queryCheckUserLogin((UserToken) authenticationToken);
SessionUser sessionUser = systemLoginService.queryCheckUserLogin((UserToken) authenticationToken);
LOGGER.info("{}-用户令牌验证:{}",this.getName(),sessionUser);
return new SimpleAuthenticationInfo(sessionUser,((UserToken) authenticationToken).getLoginPwd(),this.getName());
}

230
modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/configuration/ShiroAuthConfiguration.java
Unescape Escape View File

@ -1,230 +0,0 @@
package cn.estsh.i3plus.core.apiservice.configuration;
import cn.estsh.i3plus.core.apiservice.auth.ShiroSessionRedisDaoImpl;
import cn.estsh.i3plus.core.apiservice.auth.filter.AdminFilter;
import cn.estsh.i3plus.core.apiservice.auth.filter.SaAdminFilter;
import cn.estsh.i3plus.core.apiservice.auth.filter.UserFilter;
import cn.estsh.i3plus.core.apiservice.auth.realm.AdminAuthRealm;
import cn.estsh.i3plus.core.apiservice.auth.realm.DefaultModularRealm;
import cn.estsh.i3plus.core.apiservice.auth.realm.SaAuthRealm;
import cn.estsh.i3plus.core.apiservice.auth.realm.UserAuthRealm;
import cn.estsh.i3plus.platform.common.enumutil.CommonEnumUtil;
import cn.estsh.impp.framework.boot.configuration.RedisConfig;
import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
import org.apache.shiro.cache.Cache;
import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.cache.ehcache.EhCacheManager;
import org.apache.shiro.codec.Base64;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;
import org.springframework.core.annotation.Order;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.servlet.Filter;
import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;
/**
* @Description : shiro
* @Reference :
* @Author : alwaysfrin
* @CreateDate : 2018-10-13 18:25
* @Modify:
**/
@Configuration
@AutoConfigureAfter(RedisConfig.class) //2类配置延后加载
public class ShiroAuthConfiguration {
public static final Logger LOGGER = LoggerFactory.getLogger(ShiroAuthConfiguration.class);
//三种登陆请求
public static String USER_LOGIN_URI = "/login";
public static String USER_FILTER_URI = "/operate/*";
public static String ADMIN_LOGIN_URI = "/adlogin";
public static String ADMIN_FILTER_URI = "/adoerate/*";
public static String SAADMIN_LOGIN_URI = "/salogin";
public static String SAADMIN_FILTER_URI = "/saoerate/*";
@Bean
public AdminAuthRealm adminAuthRealm(){
return new AdminAuthRealm();
}
@Bean
public SaAuthRealm saAuthRealm(){
return new SaAuthRealm();
}
@Bean
public UserAuthRealm userAuthRealm(){
return new UserAuthRealm();
}
public Map<String,Realm> supportRealmMap(){
//支持的授权规则
Map<String,Realm> realms = new HashMap();
realms.put(CommonEnumUtil.USER_TYPE.USER.getCode(),userAuthRealm());
realms.put(CommonEnumUtil.USER_TYPE.ADMIN.getCode(),adminAuthRealm());
realms.put(CommonEnumUtil.USER_TYPE.SA.getCode(),saAuthRealm());
return realms;
}
@Bean
public ModularRealmAuthenticator modularRealmAuthenticator(){
return new DefaultModularRealm(supportRealmMap());
}
@Bean
//@DependsOn("redisUtil")
public SecurityManager securityManager(){
LOGGER.info("【shiro-加载securityManager】");
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setAuthenticator(modularRealmAuthenticator());
securityManager.setRealms(supportRealmMap().values());
securityManager.setCacheManager(getEhCacheManage()); //缓存管理
securityManager.setSessionManager(getSessionManage()); //会话管理
//securityManager.setRememberMeManager(getRememberManager());
return securityManager;
}
/*@Bean
public CookieRememberMeManager getRememberManager(){
//rememberme cookie加密的密钥 建议每个项目都不一样 默认AES算法 密钥长度128 256 512 位),通过以下代码可以获取
//KeyGenerator keygen = KeyGenerator.getInstance("AES");
//SecretKey deskey = keygen.generateKey();
//System.out.println(Base64.encodeToString(deskey.getEncoded()));
CookieRememberMeManager meManager = new CookieRememberMeManager();
meManager.setCipherKey(Base64.decode("+vCeyY0qiyO1NdpOX9zX7w=="));
meManager.setCookie(rememberMeCookie());
return meManager;
}
*//**
* CipherKey
*//*
public static void main(String[] args){
KeyGenerator keygen = null;
try {
keygen = KeyGenerator.getInstance("AES");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
SecretKey deskey = keygen.generateKey();
System.out.println(Base64.encodeToString(deskey.getEncoded()));
}
@Bean
public SimpleCookie rememberMeCookie(){
//这个参数是cookie的名称对应前端的checkbox的name = rememberMe
SimpleCookie simpleCookie = new SimpleCookie("impp_remember_me");
//如果httyOnly设置为true则客户端不会暴露给客户端脚本代码使用HttpOnly cookie有助于减少某些类型的跨站点脚本攻击
simpleCookie.setHttpOnly(true);
//记住我cookie生效时间,默认30天 ,单位秒60 * 60 * 24 * 30
simpleCookie.setMaxAge(259200);
return simpleCookie;
}*/
@Bean
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
factoryBean.setSecurityManager(securityManager);
Map<String, Filter> filterMap = new HashMap();
filterMap.put("user_filter", new UserFilter());
filterMap.put("admin_filter", new AdminFilter());
filterMap.put("saadmin_filter", new SaAdminFilter());
factoryBean.setFilters(filterMap);
Map<String, String> filterChain = new LinkedHashMap();
//不需要过滤的路径,直接通过
filterChain.put(USER_LOGIN_URI, "anon");
filterChain.put(ADMIN_LOGIN_URI, "anon");
filterChain.put(SAADMIN_LOGIN_URI, "anon");
//需要过滤的路径
filterChain.put(USER_FILTER_URI, "user_filter");
filterChain.put(ADMIN_FILTER_URI, "admin_filter");
filterChain.put(SAADMIN_FILTER_URI, "saadmin_filter");
factoryBean.setFilterChainDefinitionMap(filterChain);
LOGGER.info("【shiro过滤】加载完成...");
return factoryBean;
}
/**
*
* @return
*/
@Bean(name = "ehCacheManager")
public CacheManager getEhCacheManage() {
LOGGER.info("【shiro-加载缓存cacheManager】");
EhCacheManager em = new EhCacheManager();
em.setCacheManagerConfigFile("classpath:cache_session.xml");
return em;
}
@Bean(name = "sessionManager")
public DefaultWebSessionManager getSessionManage() {
LOGGER.info("【shiro-加载sessionManager】");
DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
sessionManager.setSessionValidationScheduler(getExecutorServiceSessionValidationScheduler());
sessionManager.setSessionValidationSchedulerEnabled(true);
sessionManager.setDeleteInvalidSessions(true);
sessionManager.setSessionIdCookieEnabled(true);
sessionManager.setSessionIdCookie(getSessionIdCookie());
sessionManager.setSessionDAO(getShiroSessionRedisDaoImpl());
sessionManager.setGlobalSessionTimeout(30 * 60 * 1000); //30分钟有效期(以sessionDao中的有效时间为准)
// 可以添加session 创建、删除的监听器
return sessionManager;
}
@Bean
public ShiroSessionRedisDaoImpl getShiroSessionRedisDaoImpl(){
LOGGER.info("【shiro-加载缓存redisSessionManager】");
ShiroSessionRedisDaoImpl shiroSessionRedisDao = new ShiroSessionRedisDaoImpl();
LOGGER.info("【shiro-加载缓存cacheManager】");
shiroSessionRedisDao.setLocalCacheManager(getEhCacheManage() );
return shiroSessionRedisDao;
}
/**
*
* @return
*/
@Bean(name = "sessionValidationScheduler")
public ExecutorServiceSessionValidationScheduler getExecutorServiceSessionValidationScheduler() {
LOGGER.info("【shiro-加载sessionValidationScheduler】");
ExecutorServiceSessionValidationScheduler scheduler = new ExecutorServiceSessionValidationScheduler();
scheduler.setInterval(3 * 60 * 1000); //每3分钟执行一次验证
return scheduler;
}
@Bean(name = "sessionIdCookie")
public SimpleCookie getSessionIdCookie() {
LOGGER.info("【shiro-加载sessionIdCookie】");
SimpleCookie cookie = new SimpleCookie("sid");
cookie.setHttpOnly(true);
cookie.setMaxAge(-1);
return cookie;
}
}

15
modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/DemoAuthController.java
Unescape Escape View File

@ -1,12 +1,10 @@
package cn.estsh.i3plus.core.apiservice.controller;
import cn.estsh.i3plus.core.api.iservice.busi.ISystemUserService;
import cn.estsh.i3plus.core.apiservice.auth.AuthUtil;
import cn.estsh.i3plus.core.api.iservice.base.ISystemLoginService;
import cn.estsh.i3plus.platform.common.tool.EncryptTool;
import cn.estsh.i3plus.platform.common.util.CommonConstWords;
import cn.estsh.i3plus.pojo.factory.bean.MachineFactory;
import cn.estsh.i3plus.pojo.model.busi.ResultBean;
import cn.estsh.i3plus.pojo.platform.bean.SessionUser;
import cn.estsh.impp.framework.boot.auth.AuthUtil;
import cn.estsh.impp.framework.boot.exception.ImppBusiException;
import cn.estsh.impp.framework.boot.util.ImppRedis;
import io.swagger.annotations.Api;
@ -14,13 +12,10 @@ import io.swagger.annotations.ApiOperation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
import javax.annotation.Resource;
import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;
/**
* @Description :
@ -34,7 +29,7 @@ import java.security.NoSuchAlgorithmException;
public class DemoAuthController {
public static final Logger LOGGER = LoggerFactory.getLogger(DemoAuthController.class);
@Autowired
private ISystemUserService systemUserService;
private ISystemLoginService systemLoginService;
/**
*
*/
@ -46,7 +41,7 @@ public class DemoAuthController {
public ResultBean login(String loginName,String loginPwd,String languageCode){
LOGGER.info("用户登陆:{},{},{}",loginName,loginPwd,languageCode);
try {
SessionUser sUser = systemUserService.queryUserLogin(loginName,loginPwd,languageCode);
SessionUser sUser = systemLoginService.queryUserLogin(loginName,loginPwd,languageCode);
LOGGER.info("会员登陆:{}",sUser);
AuthUtil.setSessionObject("languageCode",languageCode);
@ -97,7 +92,7 @@ public class DemoAuthController {
LOGGER.info("管理员登陆:{},{},{}",loginName,loginPwd,languageCode);
try {
systemUserService.queryAdminLogin(loginName,EncryptTool.hexMD5(loginPwd),languageCode);
systemLoginService.queryAdminLogin(loginName,EncryptTool.hexMD5(loginPwd),languageCode);
return new ResultBean(true,"");
} catch (Exception e) {

22
modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/busi/SystemUserService.java → modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/base/SystemLoginService.java
Unescape Escape View File

@ -1,35 +1,31 @@
package cn.estsh.i3plus.core.apiservice.serviceimpl.busi;
package cn.estsh.i3plus.core.apiservice.serviceimpl.base;
import cn.estsh.i3plus.core.api.iservice.busi.ISystemUserService;
import cn.estsh.i3plus.core.api.token.AdminToken;
import cn.estsh.i3plus.core.api.token.SaAdminToken;
import cn.estsh.i3plus.core.api.token.UserToken;
import cn.estsh.i3plus.core.apiservice.auth.AuthUtil;
import cn.estsh.i3plus.core.apiservice.controller.DemoAuthController;
import cn.estsh.i3plus.core.api.iservice.base.ISystemLoginService;
import cn.estsh.i3plus.platform.common.enumutil.CommonEnumUtil;
import cn.estsh.i3plus.pojo.base.shirotoken.AdminToken;
import cn.estsh.i3plus.pojo.base.shirotoken.SaAdminToken;
import cn.estsh.i3plus.pojo.base.shirotoken.UserToken;
import cn.estsh.i3plus.pojo.platform.bean.SessionUser;
import cn.estsh.i3plus.pojo.platform.bean.SysUser;
import cn.estsh.i3plus.pojo.platform.repository.SysUserRepository;
import cn.estsh.impp.framework.boot.auth.AuthUtil;
import cn.estsh.impp.framework.boot.exception.ImppExceptionBuilder;
import cn.estsh.impp.framework.boot.exception.ImppExceptionEnum;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import javax.websocket.Session;
/**
* @Description :
* @Description :
* @Reference :
* @Author : alwaysfrin
* @CreateDate : 2018-10-13 17:18
* @Modify:
**/
@Service
public class SystemUserService implements ISystemUserService {
private static final Logger LOGGER = LoggerFactory.getLogger(SystemUserService.class);
public class SystemLoginService implements ISystemLoginService {
private static final Logger LOGGER = LoggerFactory.getLogger(SystemLoginService.class);
@Autowired
private SysUserRepository sysUserRDao;

14
modules/i3plus-core-apiservice/src/main/resources/application-dev.properties
Unescape Escape View File

@ -1,3 +1,17 @@
#用户登陆路径
filter.shiro.user.loginuri = /login
#系统管理员登陆路径
filter.shiro.admin.loginuri = /salogin
#运维人员登陆路径
filter.shiro.saadmin.loginuri = /salogin
#用户授权过滤路径
filter.shiro.user.filteruri = /operate/*
#用户授权过滤路径
filter.shiro.admin.filteruri = /adoperate/*
#用户授权过滤路径
filter.shiro.saadmin.filteruri = /saoperate/*
################ 主数据源 ################
# mysql
#spring.datasource.driver-class-name=com.mysql.jdbc.Driver

2
modules/i3plus-core-apiservice/src/main/resources/application.properties
Unescape Escape View File

@ -1,7 +1,7 @@
#项目名称
spring.application.name=${project.name}
#项目端口
server.port=8080
server.port=8081
#使用配置
spring.profiles.active=dev

3
modules/i3plus-core-apiservice/src/main/resources/log4j2.xml
Unescape Escape View File

@ -2,7 +2,8 @@
<configuration status="WARN">
<!--全局参数-->
<Properties>
<Property name="pattern">%d{yyyy-MM-dd HH:mm:ss,SSS} %5p %c{1}:%L - %m%n</Property>
<!-- %d{yyyy-MM-dd HH:mm:ss,SSS} %5p %c{1}:%L - %m%n -->
<Property name="pattern">[%-5p] %d{yyyy-MM-dd HH:mm:ss-SSS} %l:%m%n</Property>
</Properties>
<Loggers>
<Root level="${log4j2.level}">

Write Preview
Loading…
Cancel
Save