package org.linlinjava.litemall.admin.shiro;

import com.alibaba.druid.util.StringUtils;

import org.apache.shiro.web.servlet.ShiroHttpServletRequest;

import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;

import org.apache.shiro.web.util.WebUtils;

import javax.servlet.ServletRequest;

import javax.servlet.ServletResponse;

import java.io.Serializable;

public class AdminWebSessionManager extends DefaultWebSessionManager {

    public static final String LOGIN_TOKEN_KEY = "X-Litemall-Admin-Token";

    private static final String REFERENCED_SESSION_ID_SOURCE = "Stateless request";

    @Override

    protected Serializable getSessionId(ServletRequest request, ServletResponse response) {

        String id = WebUtils.toHttp(request).getHeader(LOGIN_TOKEN_KEY);

        if (!StringUtils.isEmpty(id)) {

            request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE, REFERENCED_SESSION_ID_SOURCE);

            request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, id);

            request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE);

            return id;

        } else {

            return super.getSessionId(request, response);

        }

    }

}
package org.linlinjava.litemall.admin.shiro;

import org.apache.shiro.authc.*;

import org.apache.shiro.authz.AuthorizationException;

import org.apache.shiro.authz.AuthorizationInfo;

import org.apache.shiro.authz.SimpleAuthorizationInfo;

import org.apache.shiro.realm.AuthorizingRealm;

import org.apache.shiro.subject.PrincipalCollection;

import org.linlinjava.litemall.core.util.bcrypt.BCryptPasswordEncoder;

import org.linlinjava.litemall.db.domain.LitemallAdmin;

import org.linlinjava.litemall.db.service.LitemallAdminService;

import org.linlinjava.litemall.db.service.LitemallPermissionService;

import org.linlinjava.litemall.db.service.LitemallRoleService;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.util.Assert;

import org.springframework.util.StringUtils;

import java.util.List;

import java.util.Set;

public class AdminAuthorizingRealm extends AuthorizingRealm {

    @Autowired

    private LitemallAdminService adminService;

    @Autowired

    private LitemallRoleService roleService;

    @Autowired

    private LitemallPermissionService permissionService;

    @Override

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {

        if (principals == null) {

            throw new AuthorizationException("PrincipalCollection method argument cannot be null.");

        }

        LitemallAdmin admin = (LitemallAdmin) getAvailablePrincipal(principals);

        Integer[] roleIds = admin.getRoleIds();

        Set<String> roles = roleService.queryByIds(roleIds);

        Set<String> permissions = permissionService.queryByRoleIds(roleIds);

        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();

        info.setRoles(roles);

        info.setStringPermissions(permissions);

        return info;

    }

    @Override

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

        UsernamePasswordToken upToken = (UsernamePasswordToken) token;

        String username = upToken.getUsername();

        String password = new String(upToken.getPassword());

        if (StringUtils.isEmpty(username)) {

            throw new AccountException("用户名不能为空");

        }

        if (StringUtils.isEmpty(password)) {

            throw new AccountException("密码不能为空");

        }

        List<LitemallAdmin> adminList = adminService.findAdmin(username);

        Assert.state(adminList.size() < 2, "同一个用户名存在两个账户");

        if (adminList.size() == 0) {

            throw new UnknownAccountException("找不到用户(" + username + ")的帐号信息");

        }

        LitemallAdmin admin = adminList.get(0);

        BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();

        if (!encoder.matches(password, admin.getPassword())) {

            throw new UnknownAccountException("找不到用户(" + username + ")的帐号信息");

        }

        return new SimpleAuthenticationInfo(admin, password, getName());

    }

}
package org.linlinjava.litemall.admin.config;

import org.apache.shiro.mgt.SecurityManager;

import org.apache.shiro.realm.Realm;

import org.apache.shiro.session.mgt.SessionManager;

import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;

import org.apache.shiro.spring.web.ShiroFilterFactoryBean;

import org.apache.shiro.web.mgt.DefaultWebSecurityManager;

import org.linlinjava.litemall.admin.shiro.AdminAuthorizingRealm;

import org.linlinjava.litemall.admin.shiro.AdminWebSessionManager;

import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.Configuration;

import org.springframework.context.annotation.DependsOn;

import java.util.LinkedHashMap;

import java.util.Map;

@Configuration

public class ShiroConfig {

    @Bean

    public Realm realm() {

        return new AdminAuthorizingRealm();

    }

    @Bean

    public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {

        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();

        shiroFilterFactoryBean.setSecurityManager(securityManager);

        Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();

        filterChainDefinitionMap.put("/admin/auth/login", "anon");

        filterChainDefinitionMap.put("/admin/auth/401", "anon");

        filterChainDefinitionMap.put("/admin/auth/index", "anon");

        filterChainDefinitionMap.put("/admin/auth/403", "anon");

        filterChainDefinitionMap.put("/admin/index/index", "anon");

        filterChainDefinitionMap.put("/admin/**", "authc");

        shiroFilterFactoryBean.setLoginUrl("/admin/auth/401");

        shiroFilterFactoryBean.setSuccessUrl("/admin/auth/index");

        shiroFilterFactoryBean.setUnauthorizedUrl("/admin/auth/403");

        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);

        return shiroFilterFactoryBean;

    }

    @Bean

    public SessionManager sessionManager() {

        return new AdminWebSessionManager();

    }

    @Bean

    public DefaultWebSecurityManager defaultWebSecurityManager() {

        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();

        securityManager.setRealm(realm());

        securityManager.setSessionManager(sessionManager());

        return securityManager;

    }

    @Bean

    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {

        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor =

                new AuthorizationAttributeSourceAdvisor();

        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);

        return authorizationAttributeSourceAdvisor;

    }

    @Bean

    @DependsOn("lifecycleBeanPostProcessor")

    public static DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {

        DefaultAdvisorAutoProxyCreator creator = new DefaultAdvisorAutoProxyCreator();

        creator.setProxyTargetClass(true);

        return creator;

    }

}
package org.linlinjava.litemall.admin.config;

import org.apache.commons.logging.Log;

import org.apache.commons.logging.LogFactory;

import org.apache.shiro.authc.AuthenticationException;

import org.apache.shiro.authz.AuthorizationException;

import org.linlinjava.litemall.core.util.ResponseUtil;

import org.springframework.core.Ordered;

import org.springframework.core.annotation.Order;

import org.springframework.web.bind.annotation.ControllerAdvice;

import org.springframework.web.bind.annotation.ExceptionHandler;

import org.springframework.web.bind.annotation.ResponseBody;

@ControllerAdvice

@Order(value = Ordered.HIGHEST_PRECEDENCE)

public class ShiroExceptionHandler {

    private final Log logger = LogFactory.getLog(ShiroExceptionHandler.class);

    @ExceptionHandler(AuthenticationException.class)

    @ResponseBody

    public Object unauthenticatedHandler(AuthenticationException e) {

        logger.warn(e.getMessage(), e);

        return ResponseUtil.unlogin();

    }

    @ExceptionHandler(AuthorizationException.class)

    @ResponseBody

    public Object unauthorizedHandler(AuthorizationException e) {

        logger.warn(e.getMessage(), e);

        return ResponseUtil.unauthz();

    }

}

AdminWebSessionManager AdminAuthorizingRealm ShiroConfig ShiroExceptionHandler的更多相关文章

  1. ShiroConfig配置文件无法通过@Value加载yml变量的解决办法

    /** * 配置Shiro生命周期处理器 * 使用springboot整合shiro时,@value注解无法读取application.yml中的配置 *解决方法:将LifecycleBeanPost ...

  2. 解决自定义Shiro.Realm扩展类不能用注解(@Resource或@Autowire)自动装配的问题

    问题产生原因:加载Realm时其他Spring配置文件(xml)尚未加载,导致注入失败. 解决方法:编写一个设置类把注入工作提前完成. package com.xkt.shiro import org ...

  3. Spring boot 基于Spring MVC的Web应用和REST服务开发

    Spring Boot利用JavaConfig配置模式以及"约定优于配置"理念,极大简化了基于Spring MVC的Web应用和REST服务开发. Servlet: package ...

  4. 【shiro】shiro学习笔记1 - 初识shiro

    [TOC] 认证流程 st=>start: Start e=>end: End op1=>operation: 构造SecurityManager环境 op2=>operati ...

  5. 跟开涛老师学shiro -- INI配置

    之前章节我们已经接触过一些INI配置规则了,如果大家使用过如spring之类的IoC/DI容器的话,Shiro提供的INI配置也是非常类似的,即可以理解为是一个IoC/DI容器,但是区别在于它从一个根 ...

  6. 将 Shiro 作为一个许可为基础的应用程序 五:password加密/解密Spring应用

    考虑系统password的安全,眼下大多数系统都不会把password以明文的形式存放到数据库中. 一把会採取下面几种方式对password进行处理 password的存储 "编码" ...

  7. springboot(十四):springboot整合shiro-登录认证和权限管理

    这篇文章我们来学习如何使用Spring Boot集成Apache Shiro.安全应该是互联网公司的一道生命线,几乎任何的公司都会涉及到这方面的需求.在Java领域一般有Spring Security ...

  8. springboot+shiro

    作者:纯洁的微笑 出处:http://www.ityouknow.com/ 这篇文章我们来学习如何使用Spring Boot集成Apache Shiro.安全应该是互联网公司的一道生命线,几乎任何的公 ...

  9. shiro权限控制的简单实现

    权限控制常用的有shiro.spring security,两者相比较,各有优缺点,此篇文章以shiro为例,实现系统的权限控制. 一.数据库的设计 简单的五张表,用户.角色.权限及关联表: CREA ...

随机推荐

  1. LeetCode随想------Single Number-----关于异或的性质

    异或满足交换律,结合律 任何数X^X=0,X^0=X 自反性 A XOR B XOR B = A xor  0 = A  设有A,B两个变量,存储的值分别为a,b,则以下三行表达式将互换他们的值 表达 ...

  2. 毕设问题 ---链接Dreamweaver和eclipse

    在eclipse里面新建站点   https://blog.csdn.net/Slash_youth  我是一个搬运工  哈哈哈

  3. Python Learning Day4

    ---恢复内容开始--- 遇到的模块 NumPy:多维数组的有效操作. 高效的数学函数. Matplotlib:可视化:2D和(最近)3D图 SciPy:大型库实现各种数值算法,例如: 线性和非线性方 ...

  4. winform集成cefSharp,与页面进行交互

    /// <summary> /// 为了使网页能够与winForm交互 将 com 的可访问性设置为 true /// </summary> [System.Runtime.I ...

  5. .NET微信开发 配置微信公众号基本配置的几种方法

    自己最近搞了公众号,记录一下. 目的就是为了在微信公众号里启用服务器配置. 微信文档 其实微信文档已经写得很清楚了,也很简单.(微信的目的就是它发送一个get请求,希望我们能接受一下,然后给微信回个数 ...

  6. plt画log图

    import matplotlib.pyplot as plt import math import numpy as np x = np.arange(-0.85,0.95,0.05) #获得函数结 ...

  7. 五步解决windows系统慢的问题

    第一步:清理浏览器缓存 第二步:磁盘整理 第三步:碎片整理 第四步:清理系统临时文件 echo 正在清除系统垃圾文件,请稍等...... del /f /s /q %systemdrive%\*.tm ...

  8. Miller_Rabin素性测试

    1. 为什么需要素性测试? 我们其实已经知道有一些判断素数的方法,比如: 遍历测试:待测试数n与2,3,...√n做除法判断余数是否为零,如果没有任何一个数可以整除n,则说明n为素数 Wilson定理 ...

  9. JDBC-使用Java连接数据库-基础篇

    这是小主第一次写Java连接数据库博客,初学Java之时,Java连接数据库是我最头疼的,不过经过一个月的学习,也差不多略有收获,所以给大家分享一下. Java连接数据库大约需要五大步骤: 创建数据库 ...

  10. sp__helptable, sp__help******* help 存储过程

    from:  https://sqldbaknowledgeshare.wordpress.com/2014/11/27/general-help-procedures/ GENERAL HELP P ...