4 changed files with 93 additions and 168 deletions
--- a/src/main/java/com/bsd/cases/conf/ShiroConfig.java
+++ b/src/main/java/com/bsd/cases/conf/ShiroConfig.java
@ -1,89 +1,89 @@
-package com.bsd.cases.conf;
+//package com.bsd.cases.conf;
-
+//
-import com.bsd.cases.shiro.JWTFilter;
+//import com.bsd.cases.shiro.CommonRealm;
-import com.bsd.cases.util.CommonRealm;
+//import com.bsd.cases.shiro.JWTFilter;
-import org.apache.shiro.mgt.DefaultSessionStorageEvaluator;
+//import org.apache.shiro.mgt.DefaultSessionStorageEvaluator;
-import org.apache.shiro.mgt.DefaultSubjectDAO;
+//import org.apache.shiro.mgt.DefaultSubjectDAO;
-import org.apache.shiro.spring.LifecycleBeanPostProcessor;
+//import org.apache.shiro.spring.LifecycleBeanPostProcessor;
-import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
+//import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
-import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
+//import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
-import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
+//import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
-import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
+//import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
-import org.springframework.context.annotation.Bean;
+//import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
+//import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.DependsOn;
+//import org.springframework.context.annotation.DependsOn;
-
+//
-import javax.servlet.Filter;
+//import javax.servlet.Filter;
-import java.util.HashMap;
+//import java.util.HashMap;
-import java.util.Map;
+//import java.util.Map;
-
+//
-@Configuration
+//@Configuration
-public class ShiroConfig {
+//public class ShiroConfig {
-
+//
-    @Bean("securityManager")
+//    @Bean("securityManager")
-    public DefaultWebSecurityManager getManager() {
+//    public DefaultWebSecurityManager getManager() {
-
+//
-        DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
+//        DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
-        // 使用自己的realm
+//        // 使用自己的realm
-        manager.setRealm(MyRealm());
+//        manager.setRealm(MyRealm());
-        DefaultSubjectDAO subjectDAO = new DefaultSubjectDAO();
+//        DefaultSubjectDAO subjectDAO = new DefaultSubjectDAO();
-        DefaultSessionStorageEvaluator defaultSessionStorageEvaluator = new DefaultSessionStorageEvaluator();
+//        DefaultSessionStorageEvaluator defaultSessionStorageEvaluator = new DefaultSessionStorageEvaluator();
-        defaultSessionStorageEvaluator.setSessionStorageEnabled(false);
+//        defaultSessionStorageEvaluator.setSessionStorageEnabled(false);
-        subjectDAO.setSessionStorageEvaluator(defaultSessionStorageEvaluator);
+//        subjectDAO.setSessionStorageEvaluator(defaultSessionStorageEvaluator);
-        manager.setSubjectDAO(subjectDAO);
+//        manager.setSubjectDAO(subjectDAO);
-
+//
-        return manager;
+//        return manager;
-    }
+//    }
-
+//
-    @Bean("shiroFilter")
+//    @Bean("shiroFilter")
-    public ShiroFilterFactoryBean factory(DefaultWebSecurityManager securityManager) {
+//    public ShiroFilterFactoryBean factory(DefaultWebSecurityManager securityManager) {
-        ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
+//        ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
-
+//
-        // 添加自己的过滤器并且取名为jwt
+//        // 添加自己的过滤器并且取名为jwt
-        Map<String, Filter> filterMap = new HashMap<>();
+//        Map<String, Filter> filterMap = new HashMap<>();
-        filterMap.put("jwt", new JWTFilter());
+//        filterMap.put("jwt", new JWTFilter());
-        factoryBean.setFilters(filterMap);
+//        factoryBean.setFilters(filterMap);
-
+//
-        factoryBean.setSecurityManager(securityManager);
+//        factoryBean.setSecurityManager(securityManager);
-        factoryBean.setUnauthorizedUrl("/api/401");
+//        factoryBean.setUnauthorizedUrl("/api/401");
-
+//
-        Map<String, String> filterRuleMap = new HashMap<>();
+//        Map<String, String> filterRuleMap = new HashMap<>();
-        // 所有请求通过我们自己的JWT Filter
+//        // 所有请求通过我们自己的JWT Filter
-        filterRuleMap.put("/**", "jwt");
+//        filterRuleMap.put("/**", "jwt");
-        // 访问401和404页面不通过我们的Filter
+//        // 访问401和404页面不通过我们的Filter
-        filterRuleMap.put("/api/adminlogin", "anon");
+//        filterRuleMap.put("/api/adminlogin", "anon");
-        filterRuleMap.put("/api/autologin", "anon");
+//        filterRuleMap.put("/api/autologin", "anon");
-        filterRuleMap.put("/api/401", "anon");
+//        filterRuleMap.put("/api/401", "anon");
-        factoryBean.setFilterChainDefinitionMap(filterRuleMap);
+//        factoryBean.setFilterChainDefinitionMap(filterRuleMap);
-        return factoryBean;
+//        return factoryBean;
-    }
+//    }
-
+//
-
+//
-    @Bean
+//    @Bean
-    @DependsOn("lifecycleBeanPostProcessor")
+//    @DependsOn("lifecycleBeanPostProcessor")
-    public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
+//    public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
-
+//
-        DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
+//        DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
-        defaultAdvisorAutoProxyCreator.setProxyTargetClass(true);
+//        defaultAdvisorAutoProxyCreator.setProxyTargetClass(true);
-        return defaultAdvisorAutoProxyCreator;
+//        return defaultAdvisorAutoProxyCreator;
-    }
+//    }
-
+//
-    @Bean
+//    @Bean
-    public CommonRealm MyRealm() {
+//    public CommonRealm MyRealm() {
-        return new CommonRealm();
+//        return new CommonRealm();
-    }
+//    }
-
+//
-    @Bean
+//    @Bean
-    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
+//    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
-        return new LifecycleBeanPostProcessor();
+//        return new LifecycleBeanPostProcessor();
-    }
+//    }
-
+//
-    @Bean
+//    @Bean
-    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {
+//    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {
-        AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
+//        AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
-        advisor.setSecurityManager(securityManager);
+//        advisor.setSecurityManager(securityManager);
-        return advisor;
+//        return advisor;
-    }
+//    }
-
+//
-
+//
-}
+//}
--- a/src/main/java/com/bsd/cases/conf/SwaggerConfig.java
+++ b/src/main/java/com/bsd/cases/conf/SwaggerConfig.java
@ -19,15 +19,15 @@ public class SwaggerConfig {
        return new Docket(DocumentationType.SWAGGER_2)
                .apiInfo(apiInfo())
                .select()
-                .apis(RequestHandlerSelectors.basePackage("com.bsd.cases.controller"))
+                .apis(RequestHandlerSelectors.basePackage("com.oceanspot.template.controller"))
                .paths(PathSelectors.any())
                .build();
    }
    private ApiInfo apiInfo() {
        return new ApiInfoBuilder()
-                .title("Cases RESTful APIs")
+                .title("Oceanspot RESTful APIs")
-                .description("Cases API 接口文档")
+                .description("Oceanspot API 接口文档")
                .version("1.0")
                .build();
    }
--- a/src/main/java/com/bsd/cases/controller/CaseIndexController.java
+++ b/src/main/java/com/bsd/cases/controller/CaseIndexController.java
@ -35,7 +35,7 @@ public class CaseIndexController {
    @RequiresAuthentication
    @ApiOperation(value = "获取当前用", notes = "获取当前用户，只需要在Header设置token，不需要传参")
-    @PostMapping("user")
+    @GetMapping("user")
    public AjaxResult currentUser() {
        AjaxResult ajaxResult = new AjaxResult();
--- a/src/main/java/com/bsd/cases/util/CommonRealm.java
+++ b/src/main/java/com/bsd/cases/util/CommonRealm.java
@ -1,75 +0,0 @@
 package com.bsd.cases.util;
 import com.bsd.cases.model.CaseUsers;
 import com.bsd.cases.service.CaseUsersService;
 import com.bsd.cases.shiro.JWTToken;
 import org.apache.shiro.authc.AuthenticationException;
 import org.apache.shiro.authc.AuthenticationInfo;
 import org.apache.shiro.authc.AuthenticationToken;
 import org.apache.shiro.authc.SimpleAuthenticationInfo;
 import org.apache.shiro.authz.AuthorizationInfo;
 import org.apache.shiro.authz.SimpleAuthorizationInfo;
 import org.apache.shiro.realm.AuthorizingRealm;
 import org.apache.shiro.subject.PrincipalCollection;
 import org.springframework.stereotype.Component;
 import javax.annotation.Resource;
 import java.util.Arrays;
 import java.util.HashSet;
 import java.util.Set;
@Component
 public class CommonRealm extends AuthorizingRealm {
    @Resource
    private CaseUsersService caseUsersService;
    /**
     * 大坑！，必须重写此方法，不然Shiro会报错
     */
    @Override
    public boolean supports(AuthenticationToken token) {
        return token instanceof JWTToken;
    }
    /**
     * 只有当需要检测用户权限的时候才会调用此方法，例如checkRole,checkPermission之类的
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        String key = JWTUtil.getKey(principals.toString());
        CaseUsers caseUsers = caseUsersService.selectByUserNoOrOpenId(key);
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        simpleAuthorizationInfo.addRole(caseUsers.getRole().toString());
 //        Set<String> permission = new HashSet<>(Arrays.asList(caseUsers.getPermission().split(",")));
 //        simpleAuthorizationInfo.addStringPermissions(permission);
        return simpleAuthorizationInfo;
    }
    /**
     * 默认使用此方法进行用户名正确与否验证，错误抛出异常即可。
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken auth) throws AuthenticationException {
        String token = (String) auth.getCredentials();
        // 解密获得username，用于和数据库进行对比
        String username = JWTUtil.getKey(token);
        if (username == null) {
            throw new AuthenticationException("token invalid");
        }
        CaseUsers userBean = caseUsersService.selectByUserNoOrOpenId(username);
        if (userBean == null) {
            throw new AuthenticationException("User didn't existed!");
        }
        String key = userBean.getUserNo() == null ? userBean.getUserNo() : userBean.getOpenId();
        if (!JWTUtil.verify(token, key)) {
            throw new AuthenticationException("Username or password error");
        }
        return new SimpleAuthenticationInfo(token, token, "my_realm");
    }
 }