shiro 框架下配置可匿名訪問介面
阿新 • • 發佈:2021-10-22
shiro 框架下新增配置可匿名訪問介面
1.在ShiroConfig 檔案裡面。
shiroFilterFactoryBean 這個方法下
LinkedHashMap<String, String> filterChainDefinitionMap = new LinkedHashMap<>(); 注意只能是linkedHashMap
filterChainDefinitionMap.put("/platform/exceptionInfo/**","anon"); //開放路徑 和 anon是指不會被攔截的頁面的路徑
filterChainDefinitionMap.put("/**", "authc"); //需要認證的路徑 authc是需要認證才可訪問
2.如果這樣還不行,報403的話,應該是介面本身上面還有許可權驗證。
將這個註解註釋掉即可
3.ShiroConfig 全部內容
package com.bootdo.system.config; import at.pollux.thymeleaf.shiro.dialect.ShiroDialect; import com.bootdo.common.config.Constant; import com.bootdo.common.redis.shiro.RedisCacheManager; import com.bootdo.common.redis.shiro.RedisManager;下班記得打卡import com.bootdo.common.redis.shiro.RedisSessionDAO; import com.bootdo.system.filter.ApiFilter; import com.bootdo.system.filter.ShiroLoginFilter; import com.bootdo.system.shiro.CustomModularRealmAuthenticator; import com.bootdo.system.shiro.UserRealm; import com.bootdo.system.shiro.WeixinShiroRealm;//import org.apache.shiro.cache.CacheManager; import net.sf.ehcache.CacheManager; import org.apache.shiro.authc.credential.HashedCredentialsMatcher; import org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy; import org.apache.shiro.authc.pam.ModularRealmAuthenticator; import org.apache.shiro.cache.ehcache.EhCacheManager; import org.apache.shiro.mgt.SecurityManager; import org.apache.shiro.realm.Realm; import org.apache.shiro.session.SessionListener; import org.apache.shiro.session.mgt.eis.MemorySessionDAO; import org.apache.shiro.session.mgt.eis.SessionDAO; import org.apache.shiro.spring.LifecycleBeanPostProcessor; import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor; import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.apache.shiro.web.servlet.SimpleCookie; import org.apache.shiro.web.session.mgt.DefaultWebSessionManager; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.cache.ehcache.EhCacheCacheManager; import org.springframework.cache.ehcache.EhCacheManagerFactoryBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.io.ClassPathResource; import org.springframework.util.StringUtils; import org.springframework.web.servlet.HandlerExceptionResolver; import java.util.ArrayList; import java.util.Collection; import java.util.HashMap; import java.util.LinkedHashMap; import java.util.List; import java.util.Map; import javax.servlet.Filter; /** * @author bootdo [email protected] */ @Configuration public class ShiroConfig { @Value("${spring.redis.host}") private String host; @Value("${spring.redis.password}") private String password; @Value("${spring.redis.port}") private int port; @Value("${spring.redis.timeout}") private int timeout; @Value("${spring.cache.type}") private String cacheType ; @Value("${server.session-timeout}") private int tomcatTimeout; @Value("${spring.cache.ehcache.config}") private String EhCacheconfig ; @Bean public static LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() { return new LifecycleBeanPostProcessor(); } /** * ShiroDialect,為了在thymeleaf裡使用shiro的標籤的bean * * @return */ @Bean public ShiroDialect shiroDialect() { return new ShiroDialect(); } @Bean ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) { ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); shiroFilterFactoryBean.setSecurityManager(securityManager); //增加自定義過濾 Map<String, Filter> filters = new HashMap(); filters.put("jwt", new ApiFilter()); shiroFilterFactoryBean.setFilters(filters); //shiroFilterFactoryBean.setLoginUrl("/login"); shiroFilterFactoryBean.setSuccessUrl("/index"); shiroFilterFactoryBean.setUnauthorizedUrl("/403"); LinkedHashMap<String, String> filterChainDefinitionMap = new LinkedHashMap<>(); filterChainDefinitionMap.put("/platform/exceptionInfo/**","anon"); filterChainDefinitionMap.put("/login","anon"); filterChainDefinitionMap.put("/getSessionKey", "anon"); filterChainDefinitionMap.put("/getUserinfo", "anon"); filterChainDefinitionMap.put("/refrehtoken", "anon"); filterChainDefinitionMap.put("/css/**", "anon"); filterChainDefinitionMap.put("/js/**", "anon"); filterChainDefinitionMap.put("/fonts/**", "anon"); filterChainDefinitionMap.put("/img/**", "anon"); filterChainDefinitionMap.put("/images/**","anon"); filterChainDefinitionMap.put("/docs/**", "anon"); filterChainDefinitionMap.put("/druid/**", "anon"); filterChainDefinitionMap.put("/upload/**", "anon"); filterChainDefinitionMap.put("/files/**", "anon"); filterChainDefinitionMap.put("/logout", "logout"); //配置記住我或認證通過可以訪問的地址 filterChainDefinitionMap.put("/api/**", "jwt"); filterChainDefinitionMap.put("/", "anon"); filterChainDefinitionMap.put("/blog", "anon"); filterChainDefinitionMap.put("/blog/open/**", "anon"); filterChainDefinitionMap.put("/defaultKaptcha/**", "anon"); filterChainDefinitionMap.put("/weixin", "anon"); filterChainDefinitionMap.put("/wxbind/**", "anon"); filterChainDefinitionMap.put("/wx/**", "jwt");//暫時開放 filterChainDefinitionMap.put("/layui/**", "anon");// filterChainDefinitionMap.put("/**", "authc"); shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap); return shiroFilterFactoryBean; } @Bean public SecurityManager securityManager() { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); //設定realm. //設定realm. securityManager.setAuthenticator(modularRealmAuthenticator()); List<Realm> realms = new ArrayList<>(); //新增多個Realm realms.add(userRealm()); realms.add(jwtShiroRealm()); securityManager.setRealms(realms); // 自定義快取實現 使用redis if (Constant.CACHE_TYPE_REDIS.equals(cacheType)) { securityManager.setCacheManager(rediscacheManager()); } else { securityManager.setCacheManager(ehCacheManager()); } securityManager.setSessionManager(sessionManager()); return securityManager; } /** * 系統自帶的Realm管理,主要針對多realm * */ @Bean public ModularRealmAuthenticator modularRealmAuthenticator(){ //自己重寫的ModularRealmAuthenticator Map<String, Object> shiroAuthenticatorRealms = new HashMap<>(); shiroAuthenticatorRealms.put("adminShiroRealm", userRealm()); shiroAuthenticatorRealms.put("jwtShiroRealm", jwtShiroRealm()); CustomModularRealmAuthenticator modularRealmAuthenticator = new CustomModularRealmAuthenticator(); modularRealmAuthenticator.setDefinedRealms(shiroAuthenticatorRealms); modularRealmAuthenticator.setAuthenticationStrategy(new AtLeastOneSuccessfulStrategy()); return modularRealmAuthenticator; } /** * token身份認證realm; * @return */ @Bean(name="jwtShiroRealm") public WeixinShiroRealm jwtShiroRealm(){ WeixinShiroRealm jwtShiroRealm = new WeixinShiroRealm(); jwtShiroRealm.setCredentialsMatcher(customHashedCredentialsMatcher()); return new WeixinShiroRealm(); } @Bean(name = "customHashedCredentialsMatcher") public HashedCredentialsMatcher customHashedCredentialsMatcher(){ //logger.debug("ShiroConfiguration.adminHashedCredentialsMatcher()"); HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher(); hashedCredentialsMatcher.setHashAlgorithmName("md5");//雜湊演算法:這裡使用MD5演算法; hashedCredentialsMatcher.setHashIterations(1);//雜湊的次數,當於 m比如雜湊兩次,相d5(""); return hashedCredentialsMatcher; } @Bean UserRealm userRealm() { UserRealm userRealm = new UserRealm(); return userRealm; } /** * 開啟shiro aop註解支援. * 使用代理方式;所以需要開啟程式碼支援; * * @param securityManager * @return */ @Bean public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) { AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor(); authorizationAttributeSourceAdvisor.setSecurityManager(securityManager); return authorizationAttributeSourceAdvisor; } /** * 配置shiro redisManager * * @return */ @Bean public RedisManager redisManager() { RedisManager redisManager = new RedisManager(); redisManager.setHost(host); redisManager.setPort(port); redisManager.setExpire(tomcatTimeout);// 配置快取過期時間 redisManager.setTimeout(timeout); if (!StringUtils.isEmpty(password)) { redisManager.setPassword(password); } return redisManager; } /** * cacheManager 快取 redis實現 * 使用的是shiro-redis開源外掛 * * @return */ public RedisCacheManager rediscacheManager() { RedisCacheManager redisCacheManager = new RedisCacheManager(); redisCacheManager.setRedisManager(redisManager()); return redisCacheManager; } /** * RedisSessionDAO shiro sessionDao層的實現 通過redis * 使用的是shiro-redis開源外掛 */ @Bean public RedisSessionDAO redisSessionDAO() { RedisSessionDAO redisSessionDAO = new RedisSessionDAO(); redisSessionDAO.setRedisManager(redisManager()); return redisSessionDAO; } @Bean public SessionDAO sessionDAO() { if (Constant.CACHE_TYPE_REDIS.equals(cacheType)) { return redisSessionDAO(); } else { return new MemorySessionDAO(); } } /** * shiro session的管理 */ @Bean public DefaultWebSessionManager sessionManager() { DefaultWebSessionManager sessionManager = new DefaultWebSessionManager(); sessionManager.setGlobalSessionTimeout(tomcatTimeout * 1000); sessionManager.setSessionDAO(sessionDAO()); Collection<SessionListener> listeners = new ArrayList<SessionListener>(); listeners.add(new BDSessionListener()); sessionManager.setSessionListeners(listeners); sessionManager.setSessionIdUrlRewritingEnabled(false); SimpleCookie simpleCookie= new SimpleCookie(); simpleCookie.setName( Constant.SYSTEM_NAME+".session.id"); sessionManager.setSessionIdCookie(simpleCookie); return sessionManager; } @Bean public EhCacheManager ehCacheManager() { EhCacheManager em = new EhCacheManager(); em.setCacheManagerConfigFile(EhCacheconfig); //em.setCacheManager(cacheManager()); return em; } @Bean("cacheManager2") CacheManager cacheManager(){ return CacheManager.create(); } @Bean public ShiroLoginFilter shiroLoginFilter(){ return new ShiroLoginFilter(); } }