package com.ygj.yuemum.shiro; import com.ygj.yuemum.service.admin.JlAdminUserService; import com.ygj.yuemum.shiro.sso.JWTAuthFilter; import com.ygj.yuemum.shiro.sso.JWTShiroRealm; import org.apache.shiro.authc.Authenticator; import org.apache.shiro.authc.pam.FirstSuccessfulStrategy; import org.apache.shiro.authc.pam.ModularRealmAuthenticator; import org.apache.shiro.mgt.SecurityManager; import org.apache.shiro.realm.Realm; import org.apache.shiro.session.mgt.SessionManager; import org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import javax.servlet.Filter; import java.util.Arrays; import java.util.LinkedHashMap; import java.util.Map; @Configuration public class ShiroConfig { @Autowired private JlAdminUserService jlAdminUserService; @Bean public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) { ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); // 必须设置 SecurityManager shiroFilterFactoryBean.setSecurityManager(securityManager); Map filterMap = shiroFilterFactoryBean.getFilters(); filterMap.put("authcToken", createAuthFilter(jlAdminUserService)); shiroFilterFactoryBean.setFilters(filterMap); // setLoginUrl 如果不设置值,默认会自动寻找Web工程根目录下的"/login.jsp"页面 或 "/login" 映射 shiroFilterFactoryBean.setLoginUrl("/webLogin"); // 设置无权限时跳转的 url; shiroFilterFactoryBean.setUnauthorizedUrl("/unauth"); // 设置拦截器 Map filterChainDefinitionMap = new LinkedHashMap<>(); //小程序开放权限 filterChainDefinitionMap.put("/addEquipmenteHireDetail", "anon"); filterChainDefinitionMap.put("/addEquipmenteHireHeadOnline", "anon"); filterChainDefinitionMap.put("/deleteEquipmenteHireHead", "anon"); filterChainDefinitionMap.put("/deleteWXUserDefAddress", "anon"); filterChainDefinitionMap.put("/checkStockDate", "anon"); filterChainDefinitionMap.put("/getBanners", "anon"); filterChainDefinitionMap.put("/getConsultant", "anon"); filterChainDefinitionMap.put("/getCustomerEq", "anon"); filterChainDefinitionMap.put("/getEquipmentTypes", "anon"); filterChainDefinitionMap.put("/getEqUserAddress", "anon"); filterChainDefinitionMap.put("/getIndexs", "anon"); filterChainDefinitionMap.put("/getMktInfos", "anon"); filterChainDefinitionMap.put("/getPackageDetail", "anon"); filterChainDefinitionMap.put("/getPackageLists", "anon"); filterChainDefinitionMap.put("/getPackageShowname", "anon"); filterChainDefinitionMap.put("/getPIClasses", "anon"); filterChainDefinitionMap.put("/getPIGroups", "anon"); filterChainDefinitionMap.put("/getPIServices", "anon"); filterChainDefinitionMap.put("/getPromotions", "anon"); filterChainDefinitionMap.put("/getWXCustomerCoupons", "anon"); filterChainDefinitionMap.put("/getWxDecrypt", "anon"); filterChainDefinitionMap.put("/getWXOpenid", "anon"); filterChainDefinitionMap.put("/getWXUserAddress", "anon"); filterChainDefinitionMap.put("/getYueSuo", "anon"); filterChainDefinitionMap.put("/insertCustomerBooking", "anon"); filterChainDefinitionMap.put("/insertEqCustomerBooking", "anon"); filterChainDefinitionMap.put("/insertWXUserAddress", "anon"); filterChainDefinitionMap.put("/updateWXUser", "anon"); filterChainDefinitionMap.put("/updateWXUserAddress", "anon"); filterChainDefinitionMap.put("/updateWXUserDefAddress", "anon"); filterChainDefinitionMap.put("/WXSendBookingMessage", "anon"); filterChainDefinitionMap.put("/WXSendOrderMessage", "anon"); filterChainDefinitionMap.put("/WXSendYSOrderMessage", "anon"); filterChainDefinitionMap.put("/getEquipmentAmount", "anon"); filterChainDefinitionMap.put("/getValidPO", "anon"); filterChainDefinitionMap.put("/getValidPosition", "anon"); filterChainDefinitionMap.put("/getWxPosition", "anon"); filterChainDefinitionMap.put("/insertPromotionUserInfo", "anon"); filterChainDefinitionMap.put("/checkDcIntroducers", "anon"); filterChainDefinitionMap.put("/getDcIntroduceLogs", "anon"); filterChainDefinitionMap.put("/getDcIntroducerExtracts", "anon"); filterChainDefinitionMap.put("/date_DcIntroducerExtracts", "anon"); filterChainDefinitionMap.put("/getAccountNumber", "anon"); filterChainDefinitionMap.put("/queryOneDcIntroducerExtract", "anon"); filterChainDefinitionMap.put("/insertDcIntroducerExtract", "anon"); filterChainDefinitionMap.put("/WXSendExtractMessage", "anon"); filterChainDefinitionMap.put("/insertDcIntroduceLog", "anon"); filterChainDefinitionMap.put("/getDcIntroducerConsultants", "anon"); filterChainDefinitionMap.put("/queryMineOrder", "anon"); filterChainDefinitionMap.put("/getYSOrder", "anon"); filterChainDefinitionMap.put("/insertYsOrderPay", "anon"); filterChainDefinitionMap.put("/checkCustomerPay", "anon"); filterChainDefinitionMap.put("/queryYSOrderReturn", "anon"); filterChainDefinitionMap.put("/updateEquipmenteHireHeadOnline", "anon"); filterChainDefinitionMap.put("/getIndexPromotions", "anon"); filterChainDefinitionMap.put("/CreatePOP", "anon"); filterChainDefinitionMap.put("/getPromotionDC", "anon"); filterChainDefinitionMap.put("/checkMkt", "anon"); filterChainDefinitionMap.put("/getBranches", "anon"); filterChainDefinitionMap.put("/insertPromotionDCUserInfo", "anon"); filterChainDefinitionMap.put("/updateDcIntroducerApplicant", "anon"); filterChainDefinitionMap.put("/updateAccountNumber", "anon"); filterChainDefinitionMap.put("/insertPromotionChannelLog", "anon"); filterChainDefinitionMap.put("/getPromotionTestByPrxID", "anon"); filterChainDefinitionMap.put("/getPromotionTestResultByPtID", "anon"); filterChainDefinitionMap.put("/insertPromotionTestUserScore", "anon"); filterChainDefinitionMap.put("/CreateTestShare", "anon"); filterChainDefinitionMap.put("/getPromotionDCByID", "anon"); filterChainDefinitionMap.put("/getPromotionTestUserScoreByOpenID", "anon"); filterChainDefinitionMap.put("/getPromotionTestResultShowByPrxID", "anon"); filterChainDefinitionMap.put("/getWXDianPing", "anon"); filterChainDefinitionMap.put("/getWXContentTypes", "anon"); filterChainDefinitionMap.put("/queryUserContent", "anon"); filterChainDefinitionMap.put("/getWXUser", "anon"); filterChainDefinitionMap.put("/getWXMMSearchQuestion", "anon"); filterChainDefinitionMap.put("/queryUserMMSearch", "anon"); filterChainDefinitionMap.put("/getMmInfoResume", "anon"); filterChainDefinitionMap.put("/getPackageImagesByID", "anon"); //萌动开放权限 filterChainDefinitionMap.put("/getNewUserCoupon", "anon"); filterChainDefinitionMap.put("/getConsultTaskCoupon", "anon"); filterChainDefinitionMap.put("/getDetectionTaskCoupon", "anon"); filterChainDefinitionMap.put("/getRechargeTaskCoupon", "anon"); //文件上传临时解决方案 filterChainDefinitionMap.put("/uploadPromotionImg", "anon"); filterChainDefinitionMap.put("/uploadImg", "anon"); filterChainDefinitionMap.put("/uploadPayImg", "anon"); filterChainDefinitionMap.put("/uploadMiniImg", "anon"); filterChainDefinitionMap.put("/uploadDianPingImg", "anon"); //简历分享问题 filterChainDefinitionMap.put("/getWeChatInfo", "anon"); //超人妈妈学院 filterChainDefinitionMap.put("/college/queryUserPoints", "anon"); filterChainDefinitionMap.put("/college/queryUserLearningCore", "anon"); filterChainDefinitionMap.put("/college/queryUserLearningPractice", "anon"); filterChainDefinitionMap.put("/college/queryUserLearningExperience", "anon"); filterChainDefinitionMap.put("/college/queryUserLearningCoreDetail", "anon"); filterChainDefinitionMap.put("/college/queryCoreDetail", "anon"); filterChainDefinitionMap.put("/college/queryTests", "anon"); filterChainDefinitionMap.put("/college/addTestDetail", "anon"); filterChainDefinitionMap.put("/college/queryPracticeDetail", "anon"); filterChainDefinitionMap.put("/college/queryExperienceDetail", "anon"); filterChainDefinitionMap.put("/college/addCollegeBooking", "anon"); filterChainDefinitionMap.put("/college/corePositive", "anon"); filterChainDefinitionMap.put("/college/coreLearningUpdate", "anon"); filterChainDefinitionMap.put("/college/coreLearningFinish", "anon"); filterChainDefinitionMap.put("/college/getCollegeBooking", "anon"); filterChainDefinitionMap.put("/college/bookingCancel", "anon"); filterChainDefinitionMap.put("/eLearning/index", "anon"); filterChainDefinitionMap.put("/eLearning/courseworkList", "anon"); filterChainDefinitionMap.put("/eLearning/courseworkDetail", "anon"); filterChainDefinitionMap.put("/eLearning/testList", "anon"); filterChainDefinitionMap.put("/eLearning/testComplete", "anon"); filterChainDefinitionMap.put("/eLearning/courseworkComplete", "anon"); filterChainDefinitionMap.put("/eLearning/courseworkUpdate", "anon"); filterChainDefinitionMap.put("/eLearning/courseworkBooking", "anon"); filterChainDefinitionMap.put("/college/addScholarships", "anon"); // ------------------------------------------------------------------ filterChainDefinitionMap.put("/college/queryRedeemIndex", "anon"); filterChainDefinitionMap.put("/college/queryRedeem", "anon"); filterChainDefinitionMap.put("/college/queryUserScholarshipsLog", "anon"); filterChainDefinitionMap.put("/college/queryRedeemDetail", "anon"); filterChainDefinitionMap.put("/college/userRedeem", "anon"); filterChainDefinitionMap.put("/college/enableCollege", "anon"); // //用户,需要角色权限 “user” // filterChainDefinitionMap.put("/user/**", "roles[user]"); // //管理员,需要角色权限 “admin” // filterChainDefinitionMap.put("/admin/**", "roles[admin]"); //开放登陆接口 filterChainDefinitionMap.put("/login", "anon"); //其余接口一律拦截 //主要这行代码必须放在所有权限设置的最后,不然会导致所有 url 都被拦截 filterChainDefinitionMap.put("/**", "authcToken,authc"); shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap); return shiroFilterFactoryBean; } /** * 自定义身份认证 realm; *

* 必须写这个类,并加上 @Bean 注解,目的是注入 CustomRealm, * 否则会影响 CustomRealm类 中其他类的依赖注入 */ @Bean public CustomRealm customRealm() { return new CustomRealm(); } @Bean public SessionManager sessionManager() { ShiroSessionManager shiroSessionManager = new ShiroSessionManager(); //这里可以不设置。Shiro有默认的session管理。如果缓存为Redis则需改用Redis的管理 shiroSessionManager.setSessionDAO(new EnterpriseCacheSessionDAO()); return shiroSessionManager; } @Bean public SecurityManager securityManager() { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); // securityManager.setRealm(customRealm()); securityManager.setAuthenticator(authenticator(jlAdminUserService)); //自定义session管理 securityManager.setSessionManager(sessionManager()); //自定义缓存实现 // securityManager.setCacheManager(ehCacheManager()); return securityManager; } protected JWTAuthFilter createAuthFilter(JlAdminUserService jlAdminUserService) { return new JWTAuthFilter(jlAdminUserService); } @Bean("jwtRealm") public Realm jwtShiroRealm(JlAdminUserService jlAdminUserService) { JWTShiroRealm myShiroRealm = new JWTShiroRealm(jlAdminUserService); return myShiroRealm; } @Bean public Authenticator authenticator(JlAdminUserService jlAdminUserService) { ModularRealmAuthenticator authenticator = new ModularRealmAuthenticator(); authenticator.setRealms(Arrays.asList(jwtShiroRealm(jlAdminUserService), customRealm())); authenticator.setAuthenticationStrategy(new FirstSuccessfulStrategy()); return authenticator; } }