Spring Java注記構成のShiroセキュリティフレームワーク
21234 ワード
関連ソース:https://gitee.com/virens/multi_spring/tree/master/src/main/java/cn/virens/web/components/shiro
私は2つのインタフェースクラスを定義して、主にサービスを実現させて、後でサービスあるいはMyBatisを切り替えやすいようにします
Springフレームワーク内で使用されており、
私は2つのインタフェースクラスを定義して、主にサービスを実現させて、後でサービスあるいはMyBatisを切り替えやすいようにします
/** , */
public interface ShiroAuthorizingConsumer {
void onLoginSuccess(String username, String host);
void onLoginFailure(String username, String host);
}
/** & */
public interface ShiroAuthorizingProvider {
String login(String account);
Collection getRoles(String account);
Collection getResources(String account);
}
Springフレームワーク内で使用されており、
EhCacheCacheManagerが構成されており、またキャッシュ管理スキームの切り替えを容易にするため、私自身が書いたShiroキャッシュ管理は、主にshiro-ecacheパッケージを参照しています.SpringCacheManageは、org.apache.shiro.cache.CacheManagerインターフェースを実現する.public class SpringCacheManage implements CacheManager, ApplicationContextAware {
private ApplicationContext applicationContext;
private org.springframework.cache.CacheManager cacheManager;
@Override
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
this.applicationContext = applicationContext;
}
/**
* Spring
* @param cacheManager
*/
public SpringCacheManage(org.springframework.cache.CacheManager cacheManager) {
this.cacheManager = cacheManager;
}
/**
*
*/
@Override
public Cache getCache(String name) throws CacheException {
try {
return new SpringCache(getCacheManager().getCache(name));
} catch (Throwable t) {
throw new CacheException(t);
}
}
/**
* Spring , Bean
* @return
*/
protected org.springframework.cache.CacheManager getCacheManager() {
if (cacheManager == null) {
this.cacheManager = applicationContext.getBean(org.springframework.cache.CacheManager.class);
}
return cacheManager;
}
}
SpringCacheは、org.apache.shiro.cache.Cacheインターフェースを実現する.public class SpringCache implements Cache {
private final org.springframework.cache.Cache cache;
public SpringCache(org.springframework.cache.Cache cache) {
if (cache == null) throw new IllegalArgumentException("Cache argument cannot be null.");
this.cache = cache;
}
@Override
@SuppressWarnings("unchecked")
public V get(K key) throws CacheException {
if (key == null) return null;
try {
ValueWrapper vw = cache.get(key);
if (vw != null) {
return (V) vw.get();
} else {
return null;
}
} catch (Throwable t) {
throw new CacheException(t);
}
}
@Override
public V put(K key, V value) throws CacheException {
if (key == null) return null;
try {
V previous = get(key);
cache.put(key, value);
return previous;
} catch (Throwable t) {
throw new CacheException(t);
}
}
@Override
public V remove(K key) throws CacheException {
if (key == null) return null;
try {
V previous = get(key);
cache.evict(key);
return previous;
} catch (Throwable t) {
throw new CacheException(t);
}
}
@Override
public void clear() throws CacheException {
cache.clear();
}
@Override
public int size() {
throw new UnsupportedOperationException("invoke spring cache abstract size method not supported");
}
@Override
public Set keys() {
throw new UnsupportedOperationException("invoke spring cache abstract keys method not supported");
}
@Override
public Collection values() {
throw new UnsupportedOperationException("invoke spring cache abstract values method not supported");
}
}
SimpleAuthorizingRealmは、AuthorizingRealmに継承されたユーザ登録/権限チェッククラスであり、コンテキストにShiroAuthorizingProviderの実装beanが必要であり、beanの名前はshiro-simple-interfaceでなければならず、そこからShiroAuthorizingProviderインタフェースが実装されたBeanを取り出す.
public class SimpleAuthorizingRealm extends AuthorizingRealm implements ShiroRealmInterface {
private Logger logger = LoggerFactory.getLogger(SimpleAuthorizingRealm.class);
@Autowired
@Qualifier("shiro-simple-interface")
private ShiroAuthorizingProvider authorizingProvider;
public SimpleAuthorizingRealm() {
this(new HashedCredentialsMatcher("MD5"));
}
public SimpleAuthorizingRealm(CacheManager manager) {
this(manager, null);
}
public SimpleAuthorizingRealm(CredentialsMatcher matcher) {
this(null, matcher);
}
public SimpleAuthorizingRealm(CacheManager manager, CredentialsMatcher matcher) {
super(manager, matcher);
}
@Override
public void clearAuthorizationInfo(PrincipalCollection principals) {
this.clearCachedAuthorizationInfo(principals);
}
public ShiroAuthorizingProvider getAuthorizingProvider() {
return authorizingProvider;
}
public void setAuthorizingProvider(ShiroAuthorizingProvider authorizingInterface) {
this.authorizingProvider = authorizingInterface;
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
logger.debug(" ...");
try {
String account = (String) getAvailablePrincipal(principals);
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
authorizationInfo.addRoles(authorizingProvider.getRoles(account));//
authorizationInfo.addStringPermissions(authorizingProvider.getResources(account)); //
return authorizationInfo;
} catch (Exception e) {
throw new UnauthenticatedException();
}
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
logger.debug(" ...");
//
String account = String.valueOf(token.getPrincipal());
if (StrUtil.isEmpty(account)) { throw new UnknownAccountException(" "); }
String password = authorizingProvider.login(account);
if (StrUtil.isEmpty(password)) { throw new UnknownAccountException(" "); }
return new SimpleAuthenticationInfo(account, password, getName());
}
@Override
protected Object getAuthenticationCacheKey(AuthenticationToken token) {
return token("shrio:authentication:", token);
}
@Override
protected Object getAuthenticationCacheKey(PrincipalCollection principals) {
return object("shrio:authentication:", super.getAvailablePrincipal(principals));
}
@Override
protected Object getAuthorizationCacheKey(PrincipalCollection principals) {
return object("shrio:authorization:", principals);
}
private String token(String pref, AuthenticationToken token) {
return (token == null ? null : (pref + token.getPrincipal()));
}
private String object(String pref, Object obj) {
return (obj == null ? null : (pref + obj.toString()));
}
}
SimpleAuthorizingFilterは、FormAuthenticationFilterに継承された拡張クラスであり、主に認証コード検証を追加し、ShiroAuthorizingConsumerインタフェースを介してログイン結果をそのインタフェースを実現したサービスに渡してログ記録を実現するためである.
public class SimpleAuthorizingFilter extends FormAuthenticationFilter implements ShiroAuthorizingConsumerAware {
private Logger logger = LoggerFactory.getLogger(SimpleAuthorizingFilter.class);
@Autowired
@Qualifier("shiro-simple-interface")
private ShiroAuthorizingConsumer authorizingConsumer;
private boolean useCaptcha = false;//
private String captchaParam = "captcha";//
/**
*
*/
@Override
public boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
logger.debug("onPreHandle");
/** , , */
if (isAccessAllowed(request, response, mappedValue)) {
if (isLoginRequest(request, response)) {
WebUtils.issueRedirect(request, response, getSuccessUrl());
return false;
} else {
return true;
}
} else {
return onAccessDenied(request, response, mappedValue);
}
}
/**
*
*/
@Override
protected boolean executeLogin(ServletRequest request, ServletResponse response) throws Exception {
logger.info("executeLogin,RememberMe:" + isRememberMe(request));
if (isUseCaptcha() && verifyCactcha(request, response) == false) {
return onLoginFailure(null, new CaptchaErrorException(), request, response);
} else {
return super.executeLogin(request, response);
}
}
/**
*
*/
@Override
protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception {
this.authorizingConsumer.onLoginSuccess(getUsername(request), getHost(request));
return super.onLoginSuccess(token, subject, request, response);
}
/**
*
*/
@Override
protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) {
this.authorizingConsumer.onLoginFailure(getUsername(request), getHost(request));
return super.onLoginFailure(token, e, request, response);
}
/**
*
*/
@Override
protected void setFailureAttribute(ServletRequest request, AuthenticationException e) {
if (e instanceof CaptchaErrorException) {
request.setAttribute("success", false);
request.setAttribute("message", " ");
request.setAttribute(getFailureKeyAttribute(), e);
} else if (e instanceof UnknownAccountException) {
request.setAttribute("success", false);
request.setAttribute("message", " ");
request.setAttribute(getFailureKeyAttribute(), e);
} else if (e instanceof IncorrectCredentialsException) {
request.setAttribute("success", false);
request.setAttribute("message", " ");
request.setAttribute(getFailureKeyAttribute(), e);
} else {
request.setAttribute("success", false);
request.setAttribute("message", " ");
request.setAttribute(getFailureKeyAttribute(), e);
}
}
/**
*
*
* @return
*/
public boolean isUseCaptcha() {
return useCaptcha;
}
/**
*
*
* @param useCaptcha
*/
public void setUseCaptcha(boolean useCaptcha) {
this.useCaptcha = useCaptcha;
}
/**
*
*
* @return
*/
public String getCaptchaParam() {
return captchaParam;
}
/**
*
*
* @param captchaParam
*/
public void setCaptchaParam(String captchaParam) {
this.captchaParam = captchaParam;
}
public ShiroAuthorizingConsumer getAuthorizingConsumer() {
return authorizingConsumer;
}
@Override
public void setAuthorizingConsumer(ShiroAuthorizingConsumer authenticationInterface) {
this.authorizingConsumer = authenticationInterface;
}
@Override
protected String getHost(ServletRequest request) {
return RequestUtil.getRemoteAddr((HttpServletRequest) request);
}
/**
*
*
* @param request
* @return
*/
protected String getCaptcha(ServletRequest request) {
return request.getParameter(getCaptchaParam());
}
/**
* Session
*
* @param request
* @param response
* @return
*/
protected String getCaptcha(ServletRequest request, ServletResponse response) {
Subject subject = getSubject(request, response);
if (subject == null) { return null; }
Session session = subject.getSession(false);
if (session == null) { return null; }
return String.valueOf(session.getAttribute(getCaptchaParam()));
}
private boolean verifyCactcha(ServletRequest request, ServletResponse response) {
String tcode1 = getCaptcha(request);
String tcode2 = getCaptcha(request, response);
logger.debug(" :{}/{}", tcode1, tcode2);
return StrUtil.equalsIgnoreCase(tcode1, tcode2);
}
}
SpringShiroSourceConfigはShiroのコンフィギュレーションクラスです.
@Configuration
public class SpringShiroConfig {
@Value("${auth.url.success}")
private String successUrl;
@Value("${auth.url.redirect}")
private String redirectUrl;
@Value("${auth.url.unauthorized}")
private String unauthorizedUrl;
@Value("${auth.api.url.user}")
private String apiUserUrl;
@Value("${auth.api.url.login}")
private String apiLoginUrl;
@Value("${auth.api.url.logout}")
private String apiLogoutUrl;
@Value("${auth.simple.url.user}")
private String simpleUserUrl;
@Value("${auth.simple.url.login}")
private String simpleLoginUrl;
@Value("${auth.simple.url.logout}")
private String simpleLogoutUrl;
@Value("${auth.captcha}")
private Boolean captcha;
@Value("${auth.param.captcha}")
private String captchaName;
@Value("${auth.param.username}")
private String usernameName;
@Value("${auth.param.password}")
private String passwordName;
@Value("${auth.param.rememberme}")
private String rememberMeName;
@Value("${auth.param.failurekey}")
private String failureKeyAttribute;
/**
* Shiro
*
* @param cacheManager
* @return
*/
@Bean("shiro-cachemanager")
public SpringCacheManage springCacheManage(org.springframework.cache.CacheManager cacheManager) {
return new SpringCacheManage(cacheManager);
}
/**
*
*
* @param sessionDAO
* @return
*/
@Bean("shiro-sessionmanager")
public ServletContainerSessionManager sessionManager() {
return new ServletContainerSessionManager();
}
/**
* Realm
*
* @param authorizingProvider
* @return
*/
@Bean("shiro-simple-realm")
public SimpleAuthorizingRealm authorizingRealm(@Qualifier("shiro-simple-interface") ShiroAuthorizingProvider authorizingProvider) {
SimpleAuthorizingRealm realm = new SimpleAuthorizingRealm();
realm.setAuthorizationCachingEnabled(true);
realm.setAuthenticationCachingEnabled(true);
realm.setAuthorizingProvider(authorizingProvider);
realm.setAuthorizationCacheName("shiro-authorizationCache");
realm.setAuthenticationCacheName("shiro-authenticationCache");
return realm;
}
/**
* rememberMe
*
* @return
*/
@Bean("shiro-remembermemanager")
public CookieRememberMeManager rememberMeManager() {
CookieRememberMeManager rememberMeManager = new CookieRememberMeManager();
rememberMeManager.setCookie(new RememberMeCookie());
rememberMeManager.setCipherKey(Base64.decode("4AvVhmFLUs0KTA3Kprsdag=="));
return rememberMeManager;
}
/**
*
*
* @return
*/
@Bean("shiro-securitymanager")
public DefaultWebSecurityManager securityManager(//
@Qualifier("shiro-simple-realm") Realm realm, //
@Qualifier("shiro-cachemanager") SpringCacheManage cacheManager, //
@Qualifier("shiro-sessionmanager") SessionManager sessionManager, //
@Qualifier("shiro-remembermemanager") RememberMeManager rememberMeManager) {
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(realm);
securityManager.setCacheManager(cacheManager);
securityManager.setSessionManager(sessionManager);
securityManager.setRememberMeManager(rememberMeManager);
return securityManager;
}
/**
* Shiro Web
*
* @return
* @throws Exception
*/
@Bean("shiroFilter")
public ShiroFilterFactoryBean shiroFilter(@Qualifier("shiro-securitymanager") SecurityManager securityManager) throws Exception {
SimpleShiroFilterFactoryBean factoryBean = new SimpleShiroFilterFactoryBean();
factoryBean.setSecurityManager(securityManager);
factoryBean.setUnauthorizedUrl(unauthorizedUrl);
factoryBean.setLoginUrl(simpleLoginUrl);
factoryBean.setSuccessUrl(successUrl);
factoryBean.addFilter("simpleAuthorizingFilter", simpleAuthorizingFilter());
factoryBean.addFilter("simpleLogoutFilter", simpleLogoutFilter());
factoryBean.addFilter("simpleUserFilter", simpleUserFilter());
factoryBean.addFilter("ajaxAuthorizingFilter", ajaxAuthorizingFilter());
factoryBean.addFilter("ajaxLogoutFilter", ajaxLogoutFilter());
factoryBean.addFilter("ajaxUserFilter", ajaxUserFilter());
factoryBean.addFilterChain(simpleLoginUrl, "simpleAuthorizingFilter");
factoryBean.addFilterChain(simpleLogoutUrl, "simpleLogoutFilter");
factoryBean.addFilterChain(simpleUserUrl, "simpleUserFilter");
factoryBean.addFilterChain(apiLoginUrl, "ajaxAuthorizingFilter");
factoryBean.addFilterChain(apiLogoutUrl, "ajaxLogoutFilter");
factoryBean.addFilterChain(apiUserUrl, "ajaxUserFilter");
factoryBean.addFilterChain("/**", "anon");
return factoryBean;
}
/**
*
*
* @return
*/
@Bean
public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator() {
return new DefaultAdvisorAutoProxyCreator();
}
/**
*
*
* @return
*/
@Bean
public AuthorizationAttributeSourceAdvisor attributeSourceAdvisor(@Qualifier("shiro-securitymanager") SecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor attributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
attributeSourceAdvisor.setSecurityManager(securityManager);
return attributeSourceAdvisor;
}
@Bean
public AjaxUserFilter ajaxUserFilter() {
AjaxUserFilter ajaxUserFilter = new AjaxUserFilter();
ajaxUserFilter.setLoginUrl(apiLoginUrl);
return ajaxUserFilter;
}
@Bean
public AjaxLogoutFilter ajaxLogoutFilter() {
return new AjaxLogoutFilter();
}
@Bean
public AjaxAuthorizingFilter ajaxAuthorizingFilter() {
AjaxAuthorizingFilter ajaxFormFilter = new AjaxAuthorizingFilter();
ajaxFormFilter.setUseCaptcha(captcha);
ajaxFormFilter.setLoginUrl(apiLoginUrl);
ajaxFormFilter.setCaptchaParam(captchaName);
ajaxFormFilter.setUsernameParam(usernameName);
ajaxFormFilter.setPasswordParam(passwordName);
return ajaxFormFilter;
}
@Bean
public SimpleUserFilter simpleUserFilter() {
SimpleUserFilter simpleUserFilter = new SimpleUserFilter();
simpleUserFilter.setLoginUrl(simpleLoginUrl);
return simpleUserFilter;
}
@Bean
public SimpleLogoutFilter simpleLogoutFilter() {
SimpleLogoutFilter simpleLogoutFilter = new SimpleLogoutFilter();
simpleLogoutFilter.setRedirectUrl(redirectUrl);
return simpleLogoutFilter;
}
@Bean
public SimpleAuthorizingFilter simpleAuthorizingFilter() {
SimpleAuthorizingFilter simpleAuthcFilter = new SimpleAuthorizingFilter();
simpleAuthcFilter.setFailureKeyAttribute(failureKeyAttribute);
simpleAuthcFilter.setRememberMeParam(rememberMeName);
simpleAuthcFilter.setPasswordParam(passwordName);
simpleAuthcFilter.setUsernameParam(usernameName);
simpleAuthcFilter.setCaptchaParam(captchaName);
simpleAuthcFilter.setLoginUrl(simpleLoginUrl);
simpleAuthcFilter.setSuccessUrl(successUrl);
simpleAuthcFilter.setUseCaptcha(captcha);
return simpleAuthcFilter;
}
}