up

5 years ago · abc023e91a
parent 09c28ce51b
commit abc023e91a
4 changed files with 168 additions and 93 deletions
--- a/src/main/java/com/bsd/cases/conf/ShiroConfig.java
+++ b/src/main/java/com/bsd/cases/conf/ShiroConfig.java
@ -1,89 +1,89 @@
-//package com.bsd.cases.conf;
+package com.bsd.cases.conf;
-//
+
-//import com.bsd.cases.shiro.CommonRealm;
+import com.bsd.cases.shiro.JWTFilter;
-//import com.bsd.cases.shiro.JWTFilter;
+import com.bsd.cases.util.CommonRealm;
-//import org.apache.shiro.mgt.DefaultSessionStorageEvaluator;
+import org.apache.shiro.mgt.DefaultSessionStorageEvaluator;
-//import org.apache.shiro.mgt.DefaultSubjectDAO;
+import org.apache.shiro.mgt.DefaultSubjectDAO;
-//import org.apache.shiro.spring.LifecycleBeanPostProcessor;
+import org.apache.shiro.spring.LifecycleBeanPostProcessor;
-//import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
+import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
-//import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
+import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
-//import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
+import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
-//import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
+import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
-//import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Bean;
-//import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Configuration;
-//import org.springframework.context.annotation.DependsOn;
+import org.springframework.context.annotation.DependsOn;
-//
+
-//import javax.servlet.Filter;
+import javax.servlet.Filter;
-//import java.util.HashMap;
+import java.util.HashMap;
-//import java.util.Map;
+import java.util.Map;
-//
+
-//@Configuration
+@Configuration
-//public class ShiroConfig {
+public class ShiroConfig {
-//
+
-//    @Bean("securityManager")
+    @Bean("securityManager")
-//    public DefaultWebSecurityManager getManager() {
+    public DefaultWebSecurityManager getManager() {
-//
+
-//        DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
+        DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
-//        // 使用自己的realm
+        // 使用自己的realm
-//        manager.setRealm(MyRealm());
+        manager.setRealm(MyRealm());
-//        DefaultSubjectDAO subjectDAO = new DefaultSubjectDAO();
+        DefaultSubjectDAO subjectDAO = new DefaultSubjectDAO();
-//        DefaultSessionStorageEvaluator defaultSessionStorageEvaluator = new DefaultSessionStorageEvaluator();
+        DefaultSessionStorageEvaluator defaultSessionStorageEvaluator = new DefaultSessionStorageEvaluator();
-//        defaultSessionStorageEvaluator.setSessionStorageEnabled(false);
+        defaultSessionStorageEvaluator.setSessionStorageEnabled(false);
-//        subjectDAO.setSessionStorageEvaluator(defaultSessionStorageEvaluator);
+        subjectDAO.setSessionStorageEvaluator(defaultSessionStorageEvaluator);
-//        manager.setSubjectDAO(subjectDAO);
+        manager.setSubjectDAO(subjectDAO);
-//
+
-//        return manager;
+        return manager;
-//    }
+    }
-//
+
-//    @Bean("shiroFilter")
+    @Bean("shiroFilter")
-//    public ShiroFilterFactoryBean factory(DefaultWebSecurityManager securityManager) {
+    public ShiroFilterFactoryBean factory(DefaultWebSecurityManager securityManager) {
-//        ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
+        ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
-//
+
-//        // 添加自己的过滤器并且取名为jwt
+        // 添加自己的过滤器并且取名为jwt
-//        Map<String, Filter> filterMap = new HashMap<>();
+        Map<String, Filter> filterMap = new HashMap<>();
-//        filterMap.put("jwt", new JWTFilter());
+        filterMap.put("jwt", new JWTFilter());
-//        factoryBean.setFilters(filterMap);
+        factoryBean.setFilters(filterMap);
-//
+
-//        factoryBean.setSecurityManager(securityManager);
+        factoryBean.setSecurityManager(securityManager);
-//        factoryBean.setUnauthorizedUrl("/api/401");
+        factoryBean.setUnauthorizedUrl("/api/401");
-//
+
-//        Map<String, String> filterRuleMap = new HashMap<>();
+        Map<String, String> filterRuleMap = new HashMap<>();
-//        // 所有请求通过我们自己的JWT Filter
+        // 所有请求通过我们自己的JWT Filter
-//        filterRuleMap.put("/**", "jwt");
+        filterRuleMap.put("/**", "jwt");
-//        // 访问401和404页面不通过我们的Filter
+        // 访问401和404页面不通过我们的Filter
-//        filterRuleMap.put("/api/adminlogin", "anon");
+        filterRuleMap.put("/api/adminlogin", "anon");
-//        filterRuleMap.put("/api/autologin", "anon");
+        filterRuleMap.put("/api/autologin", "anon");
-//        filterRuleMap.put("/api/401", "anon");
+        filterRuleMap.put("/api/401", "anon");
-//        factoryBean.setFilterChainDefinitionMap(filterRuleMap);
+        factoryBean.setFilterChainDefinitionMap(filterRuleMap);
-//        return factoryBean;
+        return factoryBean;
-//    }
+    }
-//
+
-//
+
-//    @Bean
+    @Bean
-//    @DependsOn("lifecycleBeanPostProcessor")
+    @DependsOn("lifecycleBeanPostProcessor")
-//    public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
+    public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
-//
+
-//        DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
+        DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
-//        defaultAdvisorAutoProxyCreator.setProxyTargetClass(true);
+        defaultAdvisorAutoProxyCreator.setProxyTargetClass(true);
-//        return defaultAdvisorAutoProxyCreator;
+        return defaultAdvisorAutoProxyCreator;
-//    }
+    }
-//
+
-//    @Bean
+    @Bean
-//    public CommonRealm MyRealm() {
+    public CommonRealm MyRealm() {
-//        return new CommonRealm();
+        return new CommonRealm();
-//    }
+    }
-//
+
-//    @Bean
+    @Bean
-//    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
+    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
-//        return new LifecycleBeanPostProcessor();
+        return new LifecycleBeanPostProcessor();
-//    }
+    }
-//
+
-//    @Bean
+    @Bean
-//    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {
+    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {
-//        AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
+        AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
-//        advisor.setSecurityManager(securityManager);
+        advisor.setSecurityManager(securityManager);
-//        return advisor;
+        return advisor;
-//    }
+    }
-//
+
-//
+
-//}
+}
--- a/src/main/java/com/bsd/cases/conf/SwaggerConfig.java
+++ b/src/main/java/com/bsd/cases/conf/SwaggerConfig.java
@ -19,15 +19,15 @@ public class SwaggerConfig {
        return new Docket(DocumentationType.SWAGGER_2)
                .apiInfo(apiInfo())
                .select()
-                .apis(RequestHandlerSelectors.basePackage("com.oceanspot.template.controller"))
+                .apis(RequestHandlerSelectors.basePackage("com.bsd.cases.controller"))
                .paths(PathSelectors.any())
                .build();
    }
    private ApiInfo apiInfo() {
        return new ApiInfoBuilder()
-                .title("Oceanspot RESTful APIs")
+                .title("Cases RESTful APIs")
-                .description("Oceanspot API 接口文档")
+                .description("Cases API 接口文档")
                .version("1.0")
                .build();
    }
--- a/src/main/java/com/bsd/cases/controller/CaseIndexController.java
+++ b/src/main/java/com/bsd/cases/controller/CaseIndexController.java
@ -35,7 +35,7 @@ public class CaseIndexController {
    @RequiresAuthentication
    @ApiOperation(value = "获取当前用", notes = "获取当前用户，只需要在Header设置token，不需要传参")
-    @GetMapping("user")
+    @PostMapping("user")
    public AjaxResult currentUser() {
        AjaxResult ajaxResult = new AjaxResult();
--- a/src/main/java/com/bsd/cases/util/CommonRealm.java
+++ b/src/main/java/com/bsd/cases/util/CommonRealm.java
@ -0,0 +1,75 @@
 package com.bsd.cases.util;
 import com.bsd.cases.model.CaseUsers;
 import com.bsd.cases.service.CaseUsersService;
 import com.bsd.cases.shiro.JWTToken;
 import org.apache.shiro.authc.AuthenticationException;
 import org.apache.shiro.authc.AuthenticationInfo;
 import org.apache.shiro.authc.AuthenticationToken;
 import org.apache.shiro.authc.SimpleAuthenticationInfo;
 import org.apache.shiro.authz.AuthorizationInfo;
 import org.apache.shiro.authz.SimpleAuthorizationInfo;
 import org.apache.shiro.realm.AuthorizingRealm;
 import org.apache.shiro.subject.PrincipalCollection;
 import org.springframework.stereotype.Component;
 import javax.annotation.Resource;
 import java.util.Arrays;
 import java.util.HashSet;
 import java.util.Set;
@Component
 public class CommonRealm extends AuthorizingRealm {
    @Resource
    private CaseUsersService caseUsersService;
    /**
     * 大坑！，必须重写此方法，不然Shiro会报错
     */
    @Override
    public boolean supports(AuthenticationToken token) {
        return token instanceof JWTToken;
    }
    /**
     * 只有当需要检测用户权限的时候才会调用此方法，例如checkRole,checkPermission之类的
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        String key = JWTUtil.getKey(principals.toString());
        CaseUsers caseUsers = caseUsersService.selectByUserNoOrOpenId(key);
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        simpleAuthorizationInfo.addRole(caseUsers.getRole().toString());
 //        Set<String> permission = new HashSet<>(Arrays.asList(caseUsers.getPermission().split(",")));
 //        simpleAuthorizationInfo.addStringPermissions(permission);
        return simpleAuthorizationInfo;
    }
    /**
     * 默认使用此方法进行用户名正确与否验证，错误抛出异常即可。
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken auth) throws AuthenticationException {
        String token = (String) auth.getCredentials();
        // 解密获得username，用于和数据库进行对比
        String username = JWTUtil.getKey(token);
        if (username == null) {
            throw new AuthenticationException("token invalid");
        }
        CaseUsers userBean = caseUsersService.selectByUserNoOrOpenId(username);
        if (userBean == null) {
            throw new AuthenticationException("User didn't existed!");
        }
        String key = userBean.getUserNo() == null ? userBean.getUserNo() : userBean.getOpenId();
        if (!JWTUtil.verify(token, key)) {
            throw new AuthenticationException("Username or password error");
        }
        return new SimpleAuthenticationInfo(token, token, "my_realm");
    }
 }