@Configuration
@EnableConfigurationProperties(value={com.sinosoftgz.starter.shiro.properties.ShiroProperties.class,com.sinosoftgz.starter.jwt.properties.JwtProperties.class})
@ConditionalOnProperty(prefix="spring.jwt",
name="enabled",
havingValue="true",
matchIfMissing=true)
public class ShiroJwtConfiguration
extends Object
| 限定符和类型 | 类和说明 |
|---|---|
static class |
ShiroJwtConfiguration.ShiroJwtWebMvcConfigurer |
| 构造器和说明 |
|---|
ShiroJwtConfiguration(JwtProperties jwtProperties,
ShiroProperties shiroProperties) |
| 限定符和类型 | 方法和说明 |
|---|---|
org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator |
advisorAutoProxyCreator()
*
开启Shiro的注解(如@RequiresRoles,@RequiresPermissions),
需借助SpringAOP扫描使用Shiro注解的类,并在必要时进行安全逻辑验证
*
配置以下两个bean(DefaultAdvisorAutoProxyCreator(可选)
和AuthorizationAttributeSourceAdvisor)即可实现此功能
*
|
org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor |
authorizationAttributeSourceAdvisor(org.apache.shiro.mgt.SecurityManager securityManager) |
org.springframework.boot.web.servlet.FilterRegistrationBean |
delegatingFilterProxy()
拦截器注册
|
org.springframework.boot.web.servlet.FilterRegistrationBean |
registration(ShiroJwtAccessControlFilter shiroJwtAccessControlFilter) |
org.apache.shiro.mgt.SecurityManager |
securityManager(ShiroJwtRealm shiroJwtRealm,
org.apache.shiro.mgt.SessionStorageEvaluator sessionStorageEvaluator,
org.apache.shiro.mgt.SubjectFactory subjectFactory,
org.apache.shiro.session.mgt.SessionManager sessionManager)
安全管理配置
|
org.apache.shiro.session.mgt.SessionManager |
sessionManager()
sessionManager通过sessionValidationSchedulerEnabled禁用掉会话调度器,
因为我们禁用掉了会话,所以没必要再定期过期会话了。
|
org.apache.shiro.mgt.SessionStorageEvaluator |
sessionStorageEvaluator()
注入SessionStorageEvaluator,关闭Session存储
|
org.apache.shiro.spring.web.ShiroFilterFactoryBean |
shiroFilterFactoryBean(org.apache.shiro.mgt.SecurityManager securityManager,
ShiroJwtAccessControlFilter shiroJwtAccessControlFilter)
拦截器配置
|
ShiroJwtAccessControlFilter |
shiroJwtAccessControlFilter()
Add.
|
ShiroJwtRealm |
shiroJwtRealm()
注入无状态的realm
|
CustomDefaultSubjectFactory |
subjectFactory()
自定义的无状态(不创建session)Subject工厂
|
TokenRefreshInterceptor |
tokenRefreshInterceptor(JwtProperties jwtProperties,
UserAuthBiz userAuthBiz,
JwtUtils jwtUtils) |
public ShiroJwtConfiguration(JwtProperties jwtProperties, ShiroProperties shiroProperties)
@Bean public ShiroJwtRealm shiroJwtRealm()
@Bean public CustomDefaultSubjectFactory subjectFactory()
@Bean public org.apache.shiro.session.mgt.SessionManager sessionManager()
@Bean public org.apache.shiro.mgt.SessionStorageEvaluator sessionStorageEvaluator()
@Bean public org.apache.shiro.mgt.SecurityManager securityManager(ShiroJwtRealm shiroJwtRealm, org.apache.shiro.mgt.SessionStorageEvaluator sessionStorageEvaluator, org.apache.shiro.mgt.SubjectFactory subjectFactory, org.apache.shiro.session.mgt.SessionManager sessionManager)
@Bean public ShiroJwtAccessControlFilter shiroJwtAccessControlFilter()
@Bean public org.springframework.boot.web.servlet.FilterRegistrationBean registration(ShiroJwtAccessControlFilter shiroJwtAccessControlFilter)
@Bean(name="shiroJwtFilterFactoryBean")
public org.apache.shiro.spring.web.ShiroFilterFactoryBean shiroFilterFactoryBean(org.apache.shiro.mgt.SecurityManager securityManager,
ShiroJwtAccessControlFilter shiroJwtAccessControlFilter)
@Bean public org.springframework.boot.web.servlet.FilterRegistrationBean delegatingFilterProxy()
@Bean public org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator()
@Bean public org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(org.apache.shiro.mgt.SecurityManager securityManager)
@Bean
@ConditionalOnProperty(prefix="spring.jwt",
name="enable-auto-refresh-token",
havingValue="true",
matchIfMissing=false)
public TokenRefreshInterceptor tokenRefreshInterceptor(JwtProperties jwtProperties,
UserAuthBiz userAuthBiz,
JwtUtils jwtUtils)
Copyright © 2024. All rights reserved.