Skip to content

张雷 / skboot-zhongye

转到一个项目
切换导航栏
切换导航栏固定状态

审计记录

sk-module-system/src/main/java/com/skua/config/ShiroConfig.java 11.4 KB
原文件 普通视图 历史 永久链接
项目初始化
9aed77db
 
张雷 committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 
package com.skua.config;

import com.skua.modules.shiro.authc.ShiroRealm;
import com.skua.modules.shiro.authc.aop.JwtFilter;
import org.apache.shiro.mgt.DefaultSessionStorageEvaluator;
import org.apache.shiro.mgt.DefaultSubjectDAO;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;

import javax.servlet.Filter;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;

/**
 * shiro 配置类
 */

@Configuration
public class ShiroConfig {
	//测试git标签

    /**
     * Filter Chain定义说明
     * <p>
     * 1、一个URL可以配置多个Filter,使用逗号分隔
     * 2、当设置多个过滤器时,全部验证通过,才视为通过
     * 3、部分过滤器可指定参数,如perms,roles
     */
    @Bean("shiroFilter")
    public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        // 拦截器
        Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
        // cas验证登录
        filterChainDefinitionMap.put("/cas/client/validateLogin", "anon");
        // 配置不会被拦截的链接 顺序判断
        filterChainDefinitionMap.put("/sys/login", "anon"); //登录接口排除
        filterChainDefinitionMap.put("/sys/appLogin", "anon"); //移动端登录接口排除
        filterChainDefinitionMap.put("/sys/thirdLogin", "anon"); //三方系统登录接口排除
增加单点登录接口、OA待办对接接口、禅道BUG修改
4ac95c0a
 
张雷 committed
49 
        filterChainDefinitionMap.put("/sys/sso/login", "anon"); //单点登录接口排除
项目初始化
9aed77db
 
张雷 committed
50 51 52 
        filterChainDefinitionMap.put("/sys/logout", "anon"); //登出接口排除
        filterChainDefinitionMap.put("/sys/getEncryptedString", "anon"); //获取加密串
        filterChainDefinitionMap.put("/sys/sms", "anon");//短信验证码
化验日报-在线值
ea10bd28
 
dengxuelong committed
53 
        filterChainDefinitionMap.put("/report/jmReport/*", "anon");//积木报表
项目初始化
9aed77db
 
张雷 committed
54 55 56 57 58 
        filterChainDefinitionMap.put("/sys/phoneLogin", "anon");//手机登录
        filterChainDefinitionMap.put("/sys/user/checkOnlyUser", "anon");//校验用户是否存在
        filterChainDefinitionMap.put("/sys/user/register", "anon");//用户注册
        filterChainDefinitionMap.put("/sys/user/querySysUser", "anon");//根据手机号获取用户信息
        filterChainDefinitionMap.put("/sys/user/phoneVerification", "anon");//用户忘记密码验证手机号
增加初始化用户方法
e9f290b5
 
张雷 committed
59 
//        filterChainDefinitionMap.put("/sys/user/passwordChange", "anon");//用户更改密码
项目初始化
9aed77db
 
张雷 committed
60 61 62 63 
        filterChainDefinitionMap.put("/auth/2step-code", "anon");//登录验证码
        filterChainDefinitionMap.put("/sys/common/view/**", "anon");//图片预览不限制token
        filterChainDefinitionMap.put("/sys/common/download/**", "anon");//文件下载不限制token
        filterChainDefinitionMap.put("/sys/common/pdf/**", "anon");//pdf预览
kangwei : 药剂入库相关接口
5af91b6d
 
康伟 committed
64 65 
        filterChainDefinitionMap.put("/web/erp/materialAcceptanceForm/queryById", "anon");//采购入库,送货方查询验货单
        filterChainDefinitionMap.put("/web/erp/materialAcceptanceForm/senderSign", "anon");//采购入库,送货方签名
增加获取全部厂区机构接口
7c9c329e
 
张雷 committed
66 67 68 69 70 71 

        filterChainDefinitionMap.put("/web/erp/materialAcceptanceForm/edit", "anon"); //保存
        filterChainDefinitionMap.put("/web/equipment/supplierManage/list", "anon"); // 供应商
        filterChainDefinitionMap.put("/sys/dictItem/list", "anon");
        filterChainDefinitionMap.put("/sys/sysDepart/getTreeList", "anon");
kangwei : 药剂入库相关接口
5af91b6d
 
康伟 committed
72 73 
        filterChainDefinitionMap.put("/web/erp/materialIN/queryById", "anon");//采购入库,查询采购入库信息
        filterChainDefinitionMap.put("/generic/**", "anon");//pdf预览需要文件
增加单点登录接口、OA待办对接接口、禅道BUG修改
4ac95c0a
 
张雷 committed
74 
        filterChainDefinitionMap.put("/web/process/getProcessByPhone", "anon");//第三方获取待办事件
项目初始化
9aed77db
 
张雷 committed
75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 
        filterChainDefinitionMap.put("/", "anon");
        filterChainDefinitionMap.put("/doc.html", "anon");
        filterChainDefinitionMap.put("/**/*.js", "anon");
        filterChainDefinitionMap.put("/**/*.css", "anon");
        filterChainDefinitionMap.put("/**/*.html", "anon");
        filterChainDefinitionMap.put("/**/*.svg", "anon");
        filterChainDefinitionMap.put("/**/*.pdf", "anon");
        filterChainDefinitionMap.put("/**/*.jpg", "anon");
        filterChainDefinitionMap.put("/**/*.png", "anon");
        filterChainDefinitionMap.put("/**/*.ico", "anon");

        // update-begin--Author:sunjianlei Date:20190813 for:排除字体格式的后缀
        filterChainDefinitionMap.put("/**/*.ttf", "anon");
        filterChainDefinitionMap.put("/**/*.woff", "anon");
        // update-begin--Author:sunjianlei Date:20190813 for:排除字体格式的后缀

        filterChainDefinitionMap.put("/druid/**", "anon");
        filterChainDefinitionMap.put("/swagger-ui.html", "anon");
        filterChainDefinitionMap.put("/swagger**/**", "anon");
        filterChainDefinitionMap.put("/webjars/**", "anon");
        filterChainDefinitionMap.put("/v2/**", "anon");
增加初始化用户方法
e9f290b5
 
张雷 committed
96 
        filterChainDefinitionMap.put("/sys/init/**", "anon");
项目初始化
9aed77db
 
张雷 committed
97 98 99 100 101 102 103 104 105 

        //暂时放开表维护的shiro权限
        filterChainDefinitionMap.put("/v1/expert/expertInitConfig/**", "anon");
        filterChainDefinitionMap.put("/sys/sysGeneralProcess/**", "anon");
        filterChainDefinitionMap.put("/sys/sysExcelParse/**", "anon");
        filterChainDefinitionMap.put("/v1/customAnalysis/**", "anon");
        //获取app下载地址
        filterChainDefinitionMap.put("/app/appdownload/getAppDownLoad", "anon");
        //视频对接获取视频三方配置接口,认证放开
视频功能修改、文件上传大小修改、BUG修复
5ce6cd83
 
张雷 committed
106 
        filterChainDefinitionMap.put("/sys/video/getVideoIntegrateInfo", "anon");
项目初始化
9aed77db
 
张雷 committed
107 108 109 110 111 112 
        //三维系统对接设备台账档案请求权限放行
        filterChainDefinitionMap.put("/sys/sysCustomField/listModel", "anon");
        filterChainDefinitionMap.put("/sys/sysCustomField/listHead", "anon");
        filterChainDefinitionMap.put("/equip/equipInfo/archivesList", "anon");
        filterChainDefinitionMap.put("/sys/common/upload/**", "anon");
        filterChainDefinitionMap.put("/v1/system/datestandard/sysStructDict/noPageList", "anon");
项目禅道BUG修改
837b2884
 
张雷 committed
113 
//        filterChainDefinitionMap.put("/v1/report/reportDisplay/**", "anon");
项目初始化
9aed77db
 
张雷 committed
114 115 
        filterChainDefinitionMap.put("/v1/sys/factoryMonitorData/**", "anon");
        filterChainDefinitionMap.put("/sys/dict/getDictItems/**", "anon");
厂区人员、周报、设备、数字孪生数据接口修改
00d3760a
 
张雷 committed
116 117 
        //数字孪生设备、孪生体批量关联
        filterChainDefinitionMap.put("/equipment/batchConfigDigitaltwins", "anon");
项目初始化
9aed77db
 
张雷 committed
118 119 120 121 122 123 124 125 126 127 128 
        //性能监控
        filterChainDefinitionMap.put("/actuator/metrics/**", "anon");
        filterChainDefinitionMap.put("/actuator/httptrace/**", "anon");
        filterChainDefinitionMap.put("/actuator/redis/**", "anon");
        //排除Online请求
        filterChainDefinitionMap.put("/auto/cgform/**", "anon");
        //websocket排除
        filterChainDefinitionMap.put("/websocket/**", "anon");
        //flowable工作流权限过滤
        filterChainDefinitionMap.put("/process/diagram-view", "anon");
        filterChainDefinitionMap.put("/process/resource-view","anon");//工作流流程图
厂区人员、周报、设备、数字孪生数据接口修改
00d3760a
 
张雷 committed
129 
//        filterChainDefinitionMap.put("/report/headerConfig/**","anon");
项目初始化
9aed77db
 
张雷 committed
130 131 132 133 134 

        filterChainDefinitionMap.put("/v1/monitor/**","anon");//点表初始化导入
        filterChainDefinitionMap.put("/example/**","anon");
        //基础配置接口过滤
        filterChainDefinitionMap.put("/system/sysBaseConfig/getSysBaseConfig","anon");
危险作业人流程修改
4ea5969d
 
张雷 committed
135 136 
        //安全环保地图
        filterChainDefinitionMap.put("/safetyEnviron/map/**","anon");
项目初始化
9aed77db
 
张雷 committed
137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 
        // 统计查询
        filterChainDefinitionMap.put("/statisticsQuery/**","anon");

        //积木报表机构树
        filterChainDefinitionMap.put("/sys/sysDepart/jimu/tree","anon");

        // 访客信息
        filterChainDefinitionMap.put("/guest/guestInfo/add", "anon");
        filterChainDefinitionMap.put("/guest/guestInfo/queryById", "anon");
        filterChainDefinitionMap.put("/guest/guestInfo/queryByPhone", "anon");

        // 安健环
        filterChainDefinitionMap.put("/ajh/meetingAttend/web/save", "anon");
        filterChainDefinitionMap.put("/ajh/meetingReceipt/web/status", "anon");
        filterChainDefinitionMap.put("/ajh/meetingSend/queryById", "anon");

        // 压测demo
        filterChainDefinitionMap.put("/jmeter/**", "anon");
        filterChainDefinitionMap.put("/jmReport/**", "anon");
水厂运营大屏接口、报表编码抽取
c3ba1225
 
张雷 committed
156 
        filterChainDefinitionMap.put("/v1/operate/**", "anon");
过滤器修改
1a612ab8
 
张雷 committed
157 
        //设备导入
设备导入功能BUG修复
ab99bbdd
 
张雷 committed
158 
//        filterChainDefinitionMap.put("/equipment/importExcel", "anon");
过滤器修改
1a612ab8
 
张雷 committed
159 
//        filterChainDefinitionMap.put("/v1/factoryCenter/**", "anon");
项目初始化
9aed77db
 
张雷 committed
160
禅道BUG修改
81c652f7
 
张雷 committed
161 
        filterChainDefinitionMap.put("/harbinTechnology/fillReport/**", "anon");
项目初始化
9aed77db
 
张雷 committed
162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 

        // 添加自己的过滤器并且取名为jwt
        Map<String, Filter> filterMap = new HashMap<String, Filter>(1);
        filterMap.put("jwt", new JwtFilter());
        shiroFilterFactoryBean.setFilters(filterMap);
        // <!-- 过滤链定义,从上向下顺序执行,一般将/**放在最为下边
        filterChainDefinitionMap.put("/**", "jwt");

        // 未授权界面返回JSON
        shiroFilterFactoryBean.setUnauthorizedUrl("/sys/common/403");
        shiroFilterFactoryBean.setLoginUrl("/sys/common/403");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
        return shiroFilterFactoryBean;
    }

    @Bean("securityManager")
    public DefaultWebSecurityManager securityManager(ShiroRealm myRealm) {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(myRealm);

        /*
         * 关闭shiro自带的session,详情见文档
         * http://shiro.apache.org/session-management.html#SessionManagement-
         * StatelessApplications%28Sessionless%29
         */
        DefaultSubjectDAO subjectDAO = new DefaultSubjectDAO();
        DefaultSessionStorageEvaluator defaultSessionStorageEvaluator = new DefaultSessionStorageEvaluator();
        defaultSessionStorageEvaluator.setSessionStorageEnabled(false);
        subjectDAO.setSessionStorageEvaluator(defaultSessionStorageEvaluator);
        securityManager.setSubjectDAO(subjectDAO);

        return securityManager;
    }

    /**
     * 下面的代码是添加注解支持
     *
     * @return
     */
    @Bean
    @DependsOn("lifecycleBeanPostProcessor")
    public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
        DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
        defaultAdvisorAutoProxyCreator.setProxyTargetClass(true);
        return defaultAdvisorAutoProxyCreator;
    }

    @Bean
    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
        return new LifecycleBeanPostProcessor();
    }

    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
        advisor.setSecurityManager(securityManager);
        return advisor;
    }

}