Search in sources :

Example 6 with ShiroFilterFactoryBean

use of org.apache.shiro.spring.web.ShiroFilterFactoryBean in project Spring-Family by Sierou-Java.

the class ShiroConfiguration method shiroFilter.

/**
 * ShiroFilterFactoryBean 处理拦截资源文件问题。
 * 注意:单独一个ShiroFilterFactoryBean配置是或报错的,以为在
 * 初始化ShiroFilterFactoryBean的时候需要注入:SecurityManager
 *
 *     Filter Chain定义说明
 *     1、一个URL可以配置多个Filter,使用逗号分隔
 *     2、当设置多个过滤器时,全部验证通过,才视为通过
 *     3、部分过滤器可指定参数,如perms,roles
 */
@Bean
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
    System.out.println("ShiroConfiguration.shirFilter()");
    ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
    // 必须设置 SecurityManager
    shiroFilterFactoryBean.setSecurityManager(securityManager);
    // 拦截器.
    Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
    // 配置退出过滤器,其中的具体的退出代码Shiro已经替我们实现了
    filterChainDefinitionMap.put("/logout", "logout");
    // 配置记住我或认证通过可以访问的地址
    filterChainDefinitionMap.put("/index", "user");
    filterChainDefinitionMap.put("/", "user");
    // <!-- 过滤链定义,从上向下顺序执行,一般将 /**放在最为下边 -->:这是一个坑呢,一不小心代码就不好使了;
    // <!-- authc:所有url都必须认证通过才可以访问; anon:所有url都都可以匿名访问-->
    filterChainDefinitionMap.put("/**", "authc");
    // 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
    shiroFilterFactoryBean.setLoginUrl("/login");
    // 登录成功后要跳转的链接
    shiroFilterFactoryBean.setSuccessUrl("/index");
    // 未授权界面;
    shiroFilterFactoryBean.setUnauthorizedUrl("/403");
    shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
    return shiroFilterFactoryBean;
}
Also used : ShiroFilterFactoryBean(org.apache.shiro.spring.web.ShiroFilterFactoryBean) LinkedHashMap(java.util.LinkedHashMap) ShiroFilterFactoryBean(org.apache.shiro.spring.web.ShiroFilterFactoryBean) Bean(org.springframework.context.annotation.Bean)

Example 7 with ShiroFilterFactoryBean

use of org.apache.shiro.spring.web.ShiroFilterFactoryBean in project shiro by apache.

the class AbstractShiroWebFilterConfiguration method shiroFilterFactoryBean.

protected ShiroFilterFactoryBean shiroFilterFactoryBean() {
    ShiroFilterFactoryBean filterFactoryBean = new ShiroFilterFactoryBean();
    filterFactoryBean.setLoginUrl(loginUrl);
    filterFactoryBean.setSuccessUrl(successUrl);
    filterFactoryBean.setUnauthorizedUrl(unauthorizedUrl);
    filterFactoryBean.setSecurityManager(securityManager);
    filterFactoryBean.setFilterChainDefinitionMap(shiroFilterChainDefinition.getFilterChainMap());
    return filterFactoryBean;
}
Also used : ShiroFilterFactoryBean(org.apache.shiro.spring.web.ShiroFilterFactoryBean)

Example 8 with ShiroFilterFactoryBean

use of org.apache.shiro.spring.web.ShiroFilterFactoryBean in project shiro by apache.

the class ShiroWebFilterConfiguration method filterShiroFilterRegistrationBean.

@Bean(name = "filterShiroFilterRegistrationBean")
@ConditionalOnMissingBean
protected FilterRegistrationBean filterShiroFilterRegistrationBean() throws Exception {
    FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
    filterRegistrationBean.setFilter((AbstractShiroFilter) shiroFilterFactoryBean().getObject());
    filterRegistrationBean.setOrder(1);
    return filterRegistrationBean;
}
Also used : FilterRegistrationBean(org.springframework.boot.web.servlet.FilterRegistrationBean) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) ShiroFilterFactoryBean(org.apache.shiro.spring.web.ShiroFilterFactoryBean) FilterRegistrationBean(org.springframework.boot.web.servlet.FilterRegistrationBean) Bean(org.springframework.context.annotation.Bean)

Example 9 with ShiroFilterFactoryBean

use of org.apache.shiro.spring.web.ShiroFilterFactoryBean in project wechat by dllwh.

the class ShiroConfig method shiroFilter.

/**
 * ----------------------------------------------------- Fields end
 */
/**
 * @方法描述 :
 *
 *       <pre>
 *  Shiro主过滤器本身功能十分强大,其强大之处就在于它支持任何基于URL路径表达式的、自定义的过滤器的执行
 *  Web应用中,Shiro可控制的Web请求必须经过Shiro主过滤器的拦截,Shiro对基于Spring的Web应用提供了完美的支持
 *       </pre>
 *
 * @return
 */
// @Bean("shiroFilter")
public ShiroFilterFactoryBean shiroFilter() {
    ShiroFilterFactoryBean shiroFilterFactory = new ShiroFilterFactoryBean();
    // Shiro的核心安全接口,这个属性是必须的
    shiroFilterFactory.setSecurityManager(securityManager());
    // 要求登录时的链接(可根据项目的URL进行替换),非必须的属性,如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
    shiroFilterFactory.setLoginUrl(FilterHelper.LOGIN_ACTION);
    // 登录成功后要跳转的链接
    shiroFilterFactory.setSuccessUrl(FilterHelper.LOGIN_ACTION);
    // 用户访问未对其授权的资源时,所显示的连接;
    shiroFilterFactory.setUnauthorizedUrl(FilterHelper.UNAUTHORIZED);
    /**
     * 自定义拦截器
     */
    Map<String, Filter> filtersMap = new LinkedHashMap<String, Filter>();
    // 登录校验
    filtersMap.put("loginFilter", new LoginFilter());
    // 角色判断校验
    filtersMap.put("roleFilter", new RoleFilter());
    // 权限校验
    filtersMap.put("permissionFilter", new PermissionFilter());
    filtersMap.put("kickoutFilter", kickoutSessionFilter());
    // 用户session
    filtersMap.put("userSessionFilter", new UserSessionFilter());
    shiroFilterFactory.setFilters(filtersMap);
    /**
     * Shiro连接约束配置,即权限控制map.
     * 第一个'/'代表的路径是相对于HttpServletRequest.getContextPath()的值来的
     */
    Map<String, String> filterMap = new LinkedHashMap<String, String>();
    filterMap.put("/loginController**", "anon");
    filterMap.put("/sysPage/**", "anon,kickoutFilter");
    filterMap.put("/homeController/**", "loginFilter");
    filterMap.put("/dataSourceController**", "authc,roleFilter[administrator]");
    filterMap.put("/**", "authc,loginFilter,permissionFilter,kickoutFilter");
    shiroFilterFactory.setFilterChainDefinitionMap(filterMap);
    return shiroFilterFactory;
}
Also used : ShiroFilterFactoryBean(org.apache.shiro.spring.web.ShiroFilterFactoryBean) RoleFilter(com.cdeledu.core.shiro.filter.RoleFilter) UserSessionFilter(com.cdeledu.core.shiro.filter.UserSessionFilter) LoginFilter(com.cdeledu.core.shiro.filter.LoginFilter) PermissionFilter(com.cdeledu.core.shiro.filter.PermissionFilter) KickoutSessionFilter(com.cdeledu.core.shiro.filter.KickoutSessionFilter) Filter(javax.servlet.Filter) RoleFilter(com.cdeledu.core.shiro.filter.RoleFilter) LoginFilter(com.cdeledu.core.shiro.filter.LoginFilter) PermissionFilter(com.cdeledu.core.shiro.filter.PermissionFilter) LinkedHashMap(java.util.LinkedHashMap) UserSessionFilter(com.cdeledu.core.shiro.filter.UserSessionFilter)

Example 10 with ShiroFilterFactoryBean

use of org.apache.shiro.spring.web.ShiroFilterFactoryBean in project littlefisher-system by littlefishercoder.

the class ShiroConfig method shirFilter.

@Bean
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
    ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
    shiroFilterFactoryBean.setSecurityManager(securityManager);
    // 过滤链定义,从上向下顺序执行,一般将/**放在最为下边
    // 这是一个坑呢,一不小心代码就不好使了
    Map<String, String> filterChainDefinitionMap = Maps.newLinkedHashMap();
    if (Boolean.valueOf(littleFisherProperties.getShiro().getSwaggerFileChainEnable())) {
        filterChainDefinitionMap.putAll(getSwaggerFilterChainDefinitionMap());
    }
    // 添加application.yml中的过滤链
    filterChainDefinitionMap.putAll(littleFisherProperties.getShiro().getFilterChainDefinition());
    // 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
    shiroFilterFactoryBean.setLoginUrl(littleFisherProperties.getShiro().getLoginUrl());
    // 登录成功后要跳转的链接
    shiroFilterFactoryBean.setSuccessUrl(littleFisherProperties.getShiro().getSuccessUrl());
    // 未授权界面
    shiroFilterFactoryBean.setUnauthorizedUrl(littleFisherProperties.getShiro().getUnauthorizedUrl());
    shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
    return shiroFilterFactoryBean;
}
Also used : ShiroFilterFactoryBean(org.apache.shiro.spring.web.ShiroFilterFactoryBean) ShiroFilterFactoryBean(org.apache.shiro.spring.web.ShiroFilterFactoryBean) Bean(org.springframework.context.annotation.Bean)

Aggregations

ShiroFilterFactoryBean (org.apache.shiro.spring.web.ShiroFilterFactoryBean)12 Bean (org.springframework.context.annotation.Bean)10 LinkedHashMap (java.util.LinkedHashMap)8 Filter (javax.servlet.Filter)2 KickoutSessionFilter (com.cdeledu.core.shiro.filter.KickoutSessionFilter)1 LoginFilter (com.cdeledu.core.shiro.filter.LoginFilter)1 PermissionFilter (com.cdeledu.core.shiro.filter.PermissionFilter)1 RoleFilter (com.cdeledu.core.shiro.filter.RoleFilter)1 UserSessionFilter (com.cdeledu.core.shiro.filter.UserSessionFilter)1 LogoutFilter (com.moon.admin.common.filter.LogoutFilter)1 RestfulFilter (com.moon.admin.common.filter.RestfulFilter)1 HashMap (java.util.HashMap)1 InitializingBean (org.springframework.beans.factory.InitializingBean)1 MethodInvokingFactoryBean (org.springframework.beans.factory.config.MethodInvokingFactoryBean)1 ConditionalOnMissingBean (org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean)1 FilterRegistrationBean (org.springframework.boot.web.servlet.FilterRegistrationBean)1 EhCacheManagerFactoryBean (org.springframework.cache.ehcache.EhCacheManagerFactoryBean)1