org.apache.shiro.web.mgt.DefaultWebSecurityManager Java Examples

@Bean("securityManager")
public DefaultWebSecurityManager getManager(UserService userService) {
    DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
    List<Realm> realms = Lists.newArrayList();
    realms.add(new DBRealm(userService));
    manager.setRealms(realms);

    /*
     * 关闭shiro自带的session，详情见文档
     * http://shiro.apache.org/session-management.html#SessionManagement-StatelessApplications%28Sessionless%29
     */
    DefaultSubjectDAO subjectDAO = new DefaultSubjectDAO();
    DefaultSessionStorageEvaluator defaultSessionStorageEvaluator = new DefaultSessionStorageEvaluator();
    defaultSessionStorageEvaluator.setSessionStorageEnabled(false);
    subjectDAO.setSessionStorageEvaluator(defaultSessionStorageEvaluator);
    manager.setSubjectDAO(subjectDAO);

    return manager;
}
 

/**
 * Create the Shiro filter. Overriding this method allows for complete customization of how Shiro is initialized.
 */
protected Filter createFilter(final T configuration) {
    ShiroConfiguration shiroConfig = narrow(configuration);
    final IniWebEnvironment shiroEnv = new IniWebEnvironment();
    shiroEnv.setConfigLocations(shiroConfig.iniConfigs());
    shiroEnv.init();

    AbstractShiroFilter shiroFilter = new AbstractShiroFilter() {
        @Override
        public void init() throws Exception {
            Collection<Realm> realms = createRealms(configuration);
            WebSecurityManager securityManager = realms.isEmpty()
                    ? shiroEnv.getWebSecurityManager()
                    : new DefaultWebSecurityManager(realms);
            setSecurityManager(securityManager);
            setFilterChainResolver(shiroEnv.getFilterChainResolver());
        }
    };
    return shiroFilter;
}
 

/**
 * Create the Shiro filter. Overriding this method allows for complete customization of how Shiro is initialized.
 */
protected Filter createFilter(final T configuration) {
    ShiroConfiguration shiroConfig = narrow(configuration);
    final IniWebEnvironment shiroEnv = new IniWebEnvironment();
    shiroEnv.setConfigLocations(shiroConfig.iniConfigs());
    shiroEnv.init();

    AbstractShiroFilter shiroFilter = new AbstractShiroFilter() {
        @Override
        public void init() throws Exception {
            Collection<Realm> realms = createRealms(configuration);
            WebSecurityManager securityManager = realms.isEmpty()
                    ? shiroEnv.getWebSecurityManager()
                    : new DefaultWebSecurityManager(realms);
            setSecurityManager(securityManager);
            setFilterChainResolver(shiroEnv.getFilterChainResolver());
        }
    };
    return shiroFilter;
}
 

@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager securityManager) {
    ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
    shiroFilterFactoryBean
            .setSecurityManager(securityManager);
    shiroFilterFactoryBean.setLoginUrl("/login");
    shiroFilterFactoryBean.setSuccessUrl("/");
    filterChainDefinitionMap.put("/login", "authc");
    filterChainDefinitionMap.put("/logout", "logout");
    filterChainDefinitionMap.put("/static/**", "anon");
    filterChainDefinitionMap.put("/api/**", "anon");
    filterChainDefinitionMap.put("/register/**", "anon");
    filterChainDefinitionMap.put("/admin/**", "roles[admin]");
    filterChainDefinitionMap.put("/**", "user");

    shiroFilterFactoryBean
            .setFilterChainDefinitionMap(filterChainDefinitionMap);
    return shiroFilterFactoryBean;
}
 

@Bean(name = "securityManager")
	@ConditionalOnMissingBean
	public DefaultSecurityManager securityManager(CacheManager shiroCacheManager) {
        DefaultWebSecurityManager dwsm = new DefaultWebSecurityManager();

        // 用自己的Factory实现替换默认
        // 用于关闭session功能
        dwsm.setSubjectFactory(new StatelessSubjectFactory());
        dwsm.setSessionManager(defaultSessionManager());
        // 关闭session存储
        ((DefaultSessionStorageEvaluator) ((DefaultSubjectDAO)dwsm.getSubjectDAO()).getSessionStorageEvaluator()).setSessionStorageEnabled(false);

//      <!-- 用户授权/认证信息Cache, 采用EhCache 缓存 -->
        dwsm.setCacheManager(shiroCacheManager);

        SecurityUtils.setSecurityManager(dwsm);
        return dwsm;
	}
 

@Bean(name = "shiroFilter")
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(
            DefaultWebSecurityManager securityManager,
            FormAuthenticationFilter formAuthenticationFilter) {

        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        // 必须设置 SecurityManager
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        // 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
        shiroFilterFactoryBean.setLoginUrl("/oss/login");
        // 登录成功后要跳转的连接
        shiroFilterFactoryBean.setSuccessUrl("/admin/index");
        shiroFilterFactoryBean.setUnauthorizedUrl("/403");
        Map map = new HashMap<>();
//        map.put("authc",formAuthenticationFilter);
        shiroFilterFactoryBean.setFilters(map);
        loadShiroFilterChain(shiroFilterFactoryBean);
        return shiroFilterFactoryBean;
    }
 

/**
 * 对过滤器进行调整
 *
 * @param securityManager
 * @return
 */
@Bean(name = "shiroFilter")
protected ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager securityManager, Config config) {
    ShiroFilterFactoryBean filterFactoryBean = super.shiroFilterFactoryBean();
    filterFactoryBean.setSecurityManager(securityManager);
    
    //过滤器设置
    Map<String, Filter> filters = new HashMap<>();
    SecurityFilter securityFilter = new SecurityFilter();
    securityFilter.setClients("cas,rest,jwt");
    securityFilter.setConfig(config);
    filters.put("casSecurityFilter", securityFilter);
    
    CallbackFilter callbackFilter = new CallbackFilter();
    callbackFilter.setConfig(config);
    filters.put("callbackFilter", callbackFilter);
    
    filterFactoryBean.setFilters(filters);
    

    return filterFactoryBean;
}
 

/**
 * 添加自己的过滤器，自定义url规则
 * Shiro自带拦截器配置规则
 * rest：比如/admins/user/**=rest[user],根据请求的方法，相当于/admins/user/**=perms[user：method] ,其中method为post，get，delete等
 * port：比如/admins/user/**=port[8081],当请求的url的端口不是8081是跳转到schemal：//serverName：8081?queryString,其中schmal是协议http或https等，serverName是你访问的host,8081是url配置里port的端口，queryString是你访问的url里的？后面的参数
 * perms：比如/admins/user/**=perms[user：add：*],perms参数可以写多个，多个时必须加上引号，并且参数之间用逗号分割，比如/admins/user/**=perms["user：add：*,user：modify：*"]，当有多个参数时必须每个参数都通过才通过，想当于isPermitedAll()方法
 * roles：比如/admins/user/**=roles[admin],参数可以写多个，多个时必须加上引号，并且参数之间用逗号分割，当有多个参数时，比如/admins/user/**=roles["admin,guest"],每个参数通过才算通过，相当于hasAllRoles()方法。//要实现or的效果看http://zgzty.blog.163.com/blog/static/83831226201302983358670/
 * anon：比如/admins/**=anon 没有参数，表示可以匿名使用
 * authc：比如/admins/user/**=authc表示需要认证才能使用，没有参数
 * authcBasic：比如/admins/user/**=authcBasic没有参数表示httpBasic认证
 * ssl：比如/admins/user/**=ssl没有参数，表示安全的url请求，协议为https
 * user：比如/admins/user/**=user没有参数表示必须存在用户，当登入操作时不做检查
 * 详情见文档 http://shiro.apache.org/web.html#urls-
 * @param securityManager
 * @return org.apache.shiro.spring.web.ShiroFilterFactoryBean
 * @author dolyw.com
 * @date 2018/8/31 10:57
 */
@Bean("shiroFilter")
public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager securityManager) {
    ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
    // 添加自己的过滤器取名为jwt
    Map<String, Filter> filterMap = new HashMap<>(16);
    filterMap.put("jwt", new JwtFilter());
    factoryBean.setFilters(filterMap);
    factoryBean.setSecurityManager(securityManager);
    // 自定义url规则使用LinkedHashMap有序Map
    LinkedHashMap<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>(16);
    // Swagger接口文档
    // filterChainDefinitionMap.put("/v2/api-docs", "anon");
    // filterChainDefinitionMap.put("/webjars/**", "anon");
    // filterChainDefinitionMap.put("/swagger-resources/**", "anon");
    // filterChainDefinitionMap.put("/swagger-ui.html", "anon");
    // filterChainDefinitionMap.put("/doc.html", "anon");
    // 公开接口
    // filterChainDefinitionMap.put("/api/**", "anon");
    // 登录接口放开
    filterChainDefinitionMap.put("/user/login", "anon");
    // 所有请求通过我们自己的JWTFilter
    filterChainDefinitionMap.put("/**", "jwt");
    factoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
    return factoryBean;
}
 

@Bean("shiroFilter")
public ShiroFilterFactoryBean factory(DefaultWebSecurityManager securityManager) {
    ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();

    // 添加自己的过滤器并且取名为jwt
    Map<String, Filter> filterMap =  Maps.newHashMap();
    filterMap.put("jwt", new JwtFilter());
    factoryBean.setFilters(filterMap);

    factoryBean.setSecurityManager(securityManager);
    factoryBean.setUnauthorizedUrl("/401");

    /*
     * 自定义url规则
     * http://shiro.apache.org/web.html#urls-
     */
    Map<String, String> filterRuleMap =  Maps.newHashMap();
    // 所有请求通过我们自己的JWT Filter
    filterRuleMap.put("/**", "jwt");
    // 访问401和404页面不通过我们的Filter
    filterRuleMap.put("/401", "anon");
    factoryBean.setFilterChainDefinitionMap(filterRuleMap);
    return factoryBean;
}
 

@Bean("securityManager")
public DefaultWebSecurityManager getManager(ApiRealm realm) {
    DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
    // 使用自己的realm
    manager.setRealm(realm);

    /*
     * 关闭shiro自带的session，详情见文档
     * http://shiro.apache.org/session-management.html#SessionManagement-StatelessApplications%28Sessionless%29
     */
    DefaultSubjectDAO subjectDAO = new DefaultSubjectDAO();
    DefaultSessionStorageEvaluator defaultSessionStorageEvaluator = new DefaultSessionStorageEvaluator();
    defaultSessionStorageEvaluator.setSessionStorageEnabled(false);
    subjectDAO.setSessionStorageEvaluator(defaultSessionStorageEvaluator);
    manager.setSubjectDAO(subjectDAO);

    return manager;
}
 

@Bean("securityManager")
public DefaultWebSecurityManager getManager(ApiRealm realm) {
    DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
    // 使用自己的realm
    manager.setRealm(realm);

    /*
     * 关闭shiro自带的session，详情见文档
     * http://shiro.apache.org/session-management.html#SessionManagement-StatelessApplications%28Sessionless%29
     */
    DefaultSubjectDAO subjectDAO = new DefaultSubjectDAO();
    DefaultSessionStorageEvaluator defaultSessionStorageEvaluator = new DefaultSessionStorageEvaluator();
    defaultSessionStorageEvaluator.setSessionStorageEnabled(false);
    subjectDAO.setSessionStorageEvaluator(defaultSessionStorageEvaluator);
    manager.setSubjectDAO(subjectDAO);

    return manager;
}
 

@Bean(name = "securityManager")
@DependsOn(value = {"cacheManager", "rememberMeManager", "mainRealm"})
public DefaultSecurityManager securityManager(Realm realm, RememberMeManager rememberMeManager,
                                              CacheManager cacheManager, SessionManager sessionManager) {
    DefaultSecurityManager sm = new DefaultWebSecurityManager();
    sm.setRealm(realm);
    sm.setCacheManager(cacheManager);
    sm.setSessionManager(sessionManager);
    sm.setRememberMeManager(rememberMeManager);
    return sm;
}
 

/**
 * 当用户的环境没有配置redisTemplate时则使用ehcache做缓存
 *
 * @param realm realm
 * @return DefaultWebSecurityManager
 */
@Bean
@Conditional(RedisDisabledCondition.class)
public DefaultWebSecurityManager webSecurityManager(Realm realm) {
    DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
    securityManager.setRealm(realm);
    //使用ehcache当缓存
    EhCacheManager cacheManager = new EhCacheManager();
    securityManager.setCacheManager(cacheManager);
    return securityManager;
}
 

/**
 * SecurityManager: 安全管理器，注入有Realm、SessionManager、RememberMeManager
 *
 * @return SecurityManager
 */
@Bean
public SecurityManager securityManager() {
    DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
    defaultWebSecurityManager.setRealm(baseRealm());
    defaultWebSecurityManager.setSessionManager(sessionManager());
    defaultWebSecurityManager.setRememberMeManager(rememberMeManager());
    return defaultWebSecurityManager;
}
 

@Bean
public SecurityManager securityManager(RedisCacheManager RedisCacheManager){
    DefaultWebSecurityManager manager =  new DefaultWebSecurityManager();
    manager.setRealm(myRealm());
    manager.setCacheManager(RedisCacheManager);
    /*
    * 关闭session存储，禁用Session作为存储策略的实现，
    * 但它没有完全地禁用Session所以需要配合SubjectFactory中的context.setSessionCreationEnabled(false)
    */
    //manager.setSessionManager(sessionManager());
    ((DefaultSessionStorageEvaluator) ((DefaultSubjectDAO)manager.getSubjectDAO())
            .getSessionStorageEvaluator()).setSessionStorageEnabled(false);
    manager.setSubjectFactory(new AgileSubjectFactory());
    return manager;
}
 

/**
 * 授权管理器
 * 
 * @time 2018年4月10日 下午5:10:02.
 * 
 * @version V1.0
 * @return DefaultSecurityManager
 */
@Bean(name = "securityManager")
@ConditionalOnMissingBean
public DefaultSecurityManager securityManager() {
	DefaultSecurityManager sm = new DefaultWebSecurityManager();
	sm.setCacheManager(cacheManager());
	sm.setRememberMeManager(rememberMeManager());// 注入记住我
	return sm;
}
 

/**
 * 在方法中 注入 securityManager,进行代理控制
 */
@Bean
public MethodInvokingFactoryBean methodInvokingFactoryBean(DefaultWebSecurityManager securityManager) {
    MethodInvokingFactoryBean bean = new MethodInvokingFactoryBean();
    bean.setStaticMethod("org.apache.shiro.SecurityUtils.setSecurityManager");
    bean.setArguments(new Object[]{securityManager});
    return bean;
}
 

@Bean(name = "securityManager")
public DefaultWebSecurityManager defaultWebSecurityManager(@Qualifier("shiroRealm") ShiroRealm realm){
	DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
	securityManager.setRealm(realm);
	// 指定SubjectFactory
	securityManager.setSessionManager(this.sessionManager());
	securityManager.setCacheManager(this.redisCacheManager());
	return securityManager;
}
 

@Bean(name = "shiroFilter")
public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager securityManager){
	ShiroFilterFactoryBean factoryBean = new MyShiroFilterFactoryBean();
	factoryBean.setSecurityManager(securityManager);
	factoryBean.setLoginUrl("/restlogin");
	factoryBean.setSuccessUrl("/user");
	factoryBean.setUnauthorizedUrl("/403");

	loadShiroFilterChain(factoryBean);
	return factoryBean;
}
 

@Bean(name = "securityManager")
    public DefaultWebSecurityManager getDefaultWebSecurityManager(
            SystemAuthorizingRealm myShiroRealm,
            DefaultWebSessionManager sessionManager,
            CacheManager shiroCacheManager) {
        DefaultWebSecurityManager dwsm = new DefaultWebSecurityManager();
        dwsm.setRealm(myShiroRealm);
        dwsm.setSessionManager(sessionManager);
//      <!-- 用户授权/认证信息Cache, 采用redis 缓存 -->
        dwsm.setCacheManager(shiroCacheManager);
        return dwsm;
    }
 

@Bean
public SecurityManager securityManager(@Qualifier("authRealm")AuthRealm authRealm){
    logger.info("- - - - - - -shiro开始加载- - - - - - ");
    DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
    defaultWebSecurityManager.setRealm(authRealm);
    defaultWebSecurityManager.setRememberMeManager(rememberMeManager());
    defaultWebSecurityManager.setSessionManager(webSessionManager());
    defaultWebSecurityManager.setCacheManager(cacheManager());
    return defaultWebSecurityManager;
}
 

@Bean
public DefaultWebSecurityManager getDefaultWebSecurityManager() {
    DefaultWebSecurityManager dwsm = new DefaultWebSecurityManager();
    dwsm.setRealm(getShiroRealm());
    dwsm.setCacheManager(getCacheManager());
    dwsm.setSessionManager(getSessionManager());
    return dwsm;
}
 

@Bean(name = "securityManager")
@DependsOn(value = {"cacheManager", "rememberMeManager", "mainRealm"})
public DefaultSecurityManager securityManager(Realm realm, RememberMeManager rememberMeManager, CacheManager cacheManager, SessionManager sessionManager) {
    DefaultSecurityManager sm = new DefaultWebSecurityManager();
    sm.setRealm(realm);
    sm.setCacheManager(cacheManager);
    sm.setSessionManager(sessionManager);
    sm.setRememberMeManager(rememberMeManager);

    return sm;
}
 

@Bean(name = "securityManager")
public DefaultWebSecurityManager getDefaultWebSecurityManager(AuthorizingRealm realm) {
    DefaultWebSecurityManager dwsm = new DefaultWebSecurityManager();
    dwsm.setRealm(realm);
    dwsm.setCacheManager(getEhCacheManager());
    return dwsm;
}
 

@Bean(name = "securityManager")
public DefaultWebSecurityManager getDefaultWebSecurityManager() {
    DefaultWebSecurityManager webSecurityManager = new DefaultWebSecurityManager();
    webSecurityManager.setRealm(getShiroJdbcRealm());
    // webSecurityManager.setCacheManager(getEhCacheManager());
    webSecurityManager.setCacheManager(getCacheManager());
    webSecurityManager.setSessionManager(getSessionManager());
    return webSecurityManager;
}
 

@Inject
public ShiroAuthenticationService(ZeppelinConfiguration conf) throws Exception {
  LOGGER.info("ShiroAuthenticationService is initialized");
  this.conf = conf;
  if (conf.getShiroPath().length() > 0) {
    try {
      Collection<Realm> realms =
          ((DefaultWebSecurityManager) org.apache.shiro.SecurityUtils.getSecurityManager())
              .getRealms();
      if (realms.size() > 1) {
        Boolean isIniRealmEnabled = false;
        for (Realm realm : realms) {
          if (realm instanceof IniRealm && ((IniRealm) realm).getIni().get("users") != null) {
            isIniRealmEnabled = true;
            break;
          }
        }
        if (isIniRealmEnabled) {
          throw new Exception(
              "IniRealm/password based auth mechanisms should be exclusive. "
                  + "Consider removing [users] block from shiro.ini");
        }
      }
    } catch (UnavailableSecurityManagerException e) {
      LOGGER.error("Failed to initialise shiro configuration", e);
    }
  }
}
 

@Bean(name = "securityManager")
@ConditionalOnMissingBean
public DefaultSecurityManager securityManager(CacheManager shiroCacheManager) {
	DefaultSecurityManager sm = new DefaultWebSecurityManager();
	sm.setCacheManager(shiroCacheManager);
	return sm;
}
 

/**
 * @DependOn  :在初始化 defaultWebSecurityManager 实例前 强制先初始化 adminRealm ，ehCacheManager。。。。。
 * @param realm
 * @param ehCacheManager
 * @param cookieRememberMeManager
 * @return
 */

@Bean(name = "securityManager")
@DependsOn({"adminRealm","ehCacheManager","cookieRememberMeManager"})
public DefaultWebSecurityManager getDefaultWebSecurityManager(AdminRealm realm, EhCacheManager ehCacheManager,CookieRememberMeManager cookieRememberMeManager) {
    DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
    //设置realm.
    defaultWebSecurityManager.setRealm(realm);
    defaultWebSecurityManager.setCacheManager(ehCacheManager);
    defaultWebSecurityManager.setRememberMeManager(cookieRememberMeManager);
    return defaultWebSecurityManager;
}
 

/**
 * 当用户的环境配置了redisTemplate时则使用Redis做缓存
 *
 * @param realm         realm
 * @param redisTemplate spring RedisTemplate
 * @return DefaultWebSecurityManager
 */
@Bean
@Conditional(RedisEnableCondition.class)
public DefaultWebSecurityManager defaultWebSecurityManager(Realm realm, RedisTemplate<Object, Object> redisTemplate) {
    DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
    securityManager.setRealm(realm);
    //使用自定义的Redis缓存实现，依赖redisTemplate，keyNamespace可以默认为空
    securityManager.setCacheManager(this.getCacheManager(redisTemplate));
    return securityManager;
}
 

/**
 * @DependOn  :在初始化 defaultWebSecurityManager 实例前 强制先初始化 adminRealm ，ehCacheManager。。。。。
 * @param realm
 * @param ehCacheManager
 * @param cookieRememberMeManager
 * @return
 */

@Bean(name = "securityManager")
@DependsOn({"adminRealm","ehCacheManager","cookieRememberMeManager"})
public DefaultWebSecurityManager getDefaultWebSecurityManager(AdminRealm realm, EhCacheManager ehCacheManager,CookieRememberMeManager cookieRememberMeManager) {
    DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
    //设置realm.
    defaultWebSecurityManager.setRealm(realm);
    defaultWebSecurityManager.setCacheManager(ehCacheManager);
    defaultWebSecurityManager.setRememberMeManager(cookieRememberMeManager);
    return defaultWebSecurityManager;
}