up

src/main/java/com/bsd/cases/conf/ShiroConfig.java

@@ -1,89 +1,89 @@
-//package com.bsd.cases.conf;
-//
-//import com.bsd.cases.shiro.CommonRealm;
-//import com.bsd.cases.shiro.JWTFilter;
-//import org.apache.shiro.mgt.DefaultSessionStorageEvaluator;
-//import org.apache.shiro.mgt.DefaultSubjectDAO;
-//import org.apache.shiro.spring.LifecycleBeanPostProcessor;
-//import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
-//import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
-//import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
-//import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
-//import org.springframework.context.annotation.Bean;
-//import org.springframework.context.annotation.Configuration;
-//import org.springframework.context.annotation.DependsOn;
-//
-//import javax.servlet.Filter;
-//import java.util.HashMap;
-//import java.util.Map;
-//
-//@Configuration
-//public class ShiroConfig {
-//
-//    @Bean("securityManager")
-//    public DefaultWebSecurityManager getManager() {
-//
-//        DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
-//        // 使用自己的realm
-//        manager.setRealm(MyRealm());
-//        DefaultSubjectDAO subjectDAO = new DefaultSubjectDAO();
-//        DefaultSessionStorageEvaluator defaultSessionStorageEvaluator = new DefaultSessionStorageEvaluator();
-//        defaultSessionStorageEvaluator.setSessionStorageEnabled(false);
-//        subjectDAO.setSessionStorageEvaluator(defaultSessionStorageEvaluator);
-//        manager.setSubjectDAO(subjectDAO);
-//
-//        return manager;
-//    }
-//
-//    @Bean("shiroFilter")
-//    public ShiroFilterFactoryBean factory(DefaultWebSecurityManager securityManager) {
-//        ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
-//
-//        // 添加自己的过滤器并且取名为jwt
-//        Map<String, Filter> filterMap = new HashMap<>();
-//        filterMap.put("jwt", new JWTFilter());
-//        factoryBean.setFilters(filterMap);
-//
-//        factoryBean.setSecurityManager(securityManager);
-//        factoryBean.setUnauthorizedUrl("/api/401");
-//
-//        Map<String, String> filterRuleMap = new HashMap<>();
-//        // 所有请求通过我们自己的JWT Filter
-//        filterRuleMap.put("/**", "jwt");
-//        // 访问401和404页面不通过我们的Filter
-//        filterRuleMap.put("/api/adminlogin", "anon");
-//        filterRuleMap.put("/api/autologin", "anon");
-//        filterRuleMap.put("/api/401", "anon");
-//        factoryBean.setFilterChainDefinitionMap(filterRuleMap);
-//        return factoryBean;
-//    }
-//
-//
-//    @Bean
-//    @DependsOn("lifecycleBeanPostProcessor")
-//    public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
-//
-//        DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
-//        defaultAdvisorAutoProxyCreator.setProxyTargetClass(true);
-//        return defaultAdvisorAutoProxyCreator;
-//    }
-//
-//    @Bean
-//    public CommonRealm MyRealm() {
-//        return new CommonRealm();
-//    }
-//
-//    @Bean
-//    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
-//        return new LifecycleBeanPostProcessor();
-//    }
-//
-//    @Bean
-//    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {
-//        AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
-//        advisor.setSecurityManager(securityManager);
-//        return advisor;
-//    }
-//
-//
-//}
+package com.bsd.cases.conf;
+
+import com.bsd.cases.shiro.JWTFilter;
+import com.bsd.cases.util.CommonRealm;
+import org.apache.shiro.mgt.DefaultSessionStorageEvaluator;
+import org.apache.shiro.mgt.DefaultSubjectDAO;
+import org.apache.shiro.spring.LifecycleBeanPostProcessor;
+import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
+import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
+import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
+import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.DependsOn;
+
+import javax.servlet.Filter;
+import java.util.HashMap;
+import java.util.Map;
+
+@Configuration
+public class ShiroConfig {
+
+    @Bean("securityManager")
+    public DefaultWebSecurityManager getManager() {
+
+        DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
+        // 使用自己的realm
+        manager.setRealm(MyRealm());
+        DefaultSubjectDAO subjectDAO = new DefaultSubjectDAO();
+        DefaultSessionStorageEvaluator defaultSessionStorageEvaluator = new DefaultSessionStorageEvaluator();
+        defaultSessionStorageEvaluator.setSessionStorageEnabled(false);
+        subjectDAO.setSessionStorageEvaluator(defaultSessionStorageEvaluator);
+        manager.setSubjectDAO(subjectDAO);
+
+        return manager;
+    }
+
+    @Bean("shiroFilter")
+    public ShiroFilterFactoryBean factory(DefaultWebSecurityManager securityManager) {
+        ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
+
+        // 添加自己的过滤器并且取名为jwt
+        Map<String, Filter> filterMap = new HashMap<>();
+        filterMap.put("jwt", new JWTFilter());
+        factoryBean.setFilters(filterMap);
+
+        factoryBean.setSecurityManager(securityManager);
+        factoryBean.setUnauthorizedUrl("/api/401");
+
+        Map<String, String> filterRuleMap = new HashMap<>();
+        // 所有请求通过我们自己的JWT Filter
+        filterRuleMap.put("/**", "jwt");
+        // 访问401和404页面不通过我们的Filter
+        filterRuleMap.put("/api/adminlogin", "anon");
+        filterRuleMap.put("/api/autologin", "anon");
+        filterRuleMap.put("/api/401", "anon");
+        factoryBean.setFilterChainDefinitionMap(filterRuleMap);
+        return factoryBean;
+    }
+
+
+    @Bean
+    @DependsOn("lifecycleBeanPostProcessor")
+    public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
+
+        DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
+        defaultAdvisorAutoProxyCreator.setProxyTargetClass(true);
+        return defaultAdvisorAutoProxyCreator;
+    }
+
+    @Bean
+    public CommonRealm MyRealm() {
+        return new CommonRealm();
+    }
+
+    @Bean
+    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
+        return new LifecycleBeanPostProcessor();
+    }
+
+    @Bean
+    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {
+        AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
+        advisor.setSecurityManager(securityManager);
+        return advisor;
+    }
+
+
+}

src/main/java/com/bsd/cases/conf/SwaggerConfig.java

@@ -19,15 +19,15 @@ public class SwaggerConfig {
         return new Docket(DocumentationType.SWAGGER_2)
                 .apiInfo(apiInfo())
                 .select()
-                .apis(RequestHandlerSelectors.basePackage("com.oceanspot.template.controller"))
+                .apis(RequestHandlerSelectors.basePackage("com.bsd.cases.controller"))
                 .paths(PathSelectors.any())
                 .build();
     }
 
     private ApiInfo apiInfo() {
         return new ApiInfoBuilder()
-                .title("Oceanspot RESTful APIs")
-                .description("Oceanspot API 接口文档")
+                .title("Cases RESTful APIs")
+                .description("Cases API 接口文档")
                 .version("1.0")
                 .build();
     }

src/main/java/com/bsd/cases/controller/CaseIndexController.java

@@ -35,7 +35,7 @@ public class CaseIndexController {
 
     @RequiresAuthentication
     @ApiOperation(value = "获取当前用", notes = "获取当前用户，只需要在Header设置token，不需要传参")
-    @GetMapping("user")
+    @PostMapping("user")
     public AjaxResult currentUser() {
 
         AjaxResult ajaxResult = new AjaxResult();

src/main/java/com/bsd/cases/util/CommonRealm.java

@@ -0,0 +1,75 @@
+package com.bsd.cases.util;
+
+import com.bsd.cases.model.CaseUsers;
+import com.bsd.cases.service.CaseUsersService;
+import com.bsd.cases.shiro.JWTToken;
+import org.apache.shiro.authc.AuthenticationException;
+import org.apache.shiro.authc.AuthenticationInfo;
+import org.apache.shiro.authc.AuthenticationToken;
+import org.apache.shiro.authc.SimpleAuthenticationInfo;
+import org.apache.shiro.authz.AuthorizationInfo;
+import org.apache.shiro.authz.SimpleAuthorizationInfo;
+import org.apache.shiro.realm.AuthorizingRealm;
+import org.apache.shiro.subject.PrincipalCollection;
+import org.springframework.stereotype.Component;
+
+import javax.annotation.Resource;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+
+@Component
+public class CommonRealm extends AuthorizingRealm {
+
+
+    @Resource
+    private CaseUsersService caseUsersService;
+
+    /**
+     * 大坑！，必须重写此方法，不然Shiro会报错
+     */
+    @Override
+    public boolean supports(AuthenticationToken token) {
+        return token instanceof JWTToken;
+    }
+
+    /**
+     * 只有当需要检测用户权限的时候才会调用此方法，例如checkRole,checkPermission之类的
+     */
+    @Override
+    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
+
+        String key = JWTUtil.getKey(principals.toString());
+        CaseUsers caseUsers = caseUsersService.selectByUserNoOrOpenId(key);
+        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
+        simpleAuthorizationInfo.addRole(caseUsers.getRole().toString());
+//        Set<String> permission = new HashSet<>(Arrays.asList(caseUsers.getPermission().split(",")));
+//        simpleAuthorizationInfo.addStringPermissions(permission);
+        return simpleAuthorizationInfo;
+    }
+
+    /**
+     * 默认使用此方法进行用户名正确与否验证，错误抛出异常即可。
+     */
+    @Override
+    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken auth) throws AuthenticationException {
+        String token = (String) auth.getCredentials();
+        // 解密获得username，用于和数据库进行对比
+        String username = JWTUtil.getKey(token);
+        if (username == null) {
+            throw new AuthenticationException("token invalid");
+        }
+
+        CaseUsers userBean = caseUsersService.selectByUserNoOrOpenId(username);
+        if (userBean == null) {
+            throw new AuthenticationException("User didn't existed!");
+        }
+        String key = userBean.getUserNo() == null ? userBean.getUserNo() : userBean.getOpenId();
+
+        if (!JWTUtil.verify(token, key)) {
+            throw new AuthenticationException("Username or password error");
+        }
+
+        return new SimpleAuthenticationInfo(token, token, "my_realm");
+    }
+}