From 511552abdbf336fc916a8888fc03263917c77872 Mon Sep 17 00:00:00 2001 From: thinkgem Date: Mon, 5 Jul 2021 21:20:50 +0800 Subject: [PATCH] =?UTF-8?q?=E9=87=8D=E5=91=BD=E5=90=8D=E7=B1=BB=20CasAuthe?= =?UTF-8?q?nticationFilter=20=E4=B8=BA=20CasFilter=EF=BC=9BFormAuthenticat?= =?UTF-8?q?ionFilter=20=E4=B8=BA=20FormFilter=EF=BC=9BPermissionsAuthoriza?= =?UTF-8?q?tionFilter=20=E4=B8=BA=20PermissionsFilter=EF=BC=9BRolesAuthori?= =?UTF-8?q?zationFilter=20=E4=B8=BA=20RolesFilter?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...thenticationFilter.java => CasFilter.java} | 8 ++-- ...henticationFilter.java => FormFilter.java} | 10 ++--- .../common/shiro/filter/InnerFilter.java | 2 +- ...tionFilter.java => PermissionsFilter.java} | 6 +-- ...horizationFilter.java => RolesFilter.java} | 6 +-- .../common/shiro/filter/UserFilter.java | 4 +- .../common/shiro/realm/AuthorizingRealm.java | 2 +- .../shiro/realm/CasAuthorizingRealm.java | 4 +- .../jeesite/modules/config/ShiroConfig.java | 42 +++++++++---------- .../modules/sys/web/AccountController.java | 8 ++-- .../modules/sys/web/LoginController.java | 6 +-- .../modules/sys/web/SsoController.java | 6 +-- .../src/main/resources/config/logger-core.xml | 4 +- 13 files changed, 53 insertions(+), 55 deletions(-) rename modules/core/src/main/java/com/jeesite/common/shiro/filter/{CasAuthenticationFilter.java => CasFilter.java} (82%) rename modules/core/src/main/java/com/jeesite/common/shiro/filter/{FormAuthenticationFilter.java => FormFilter.java} (95%) rename modules/core/src/main/java/com/jeesite/common/shiro/filter/{PermissionsAuthorizationFilter.java => PermissionsFilter.java} (89%) rename modules/core/src/main/java/com/jeesite/common/shiro/filter/{RolesAuthorizationFilter.java => RolesFilter.java} (65%) diff --git a/modules/core/src/main/java/com/jeesite/common/shiro/filter/CasAuthenticationFilter.java b/modules/core/src/main/java/com/jeesite/common/shiro/filter/CasFilter.java similarity index 82% rename from modules/core/src/main/java/com/jeesite/common/shiro/filter/CasAuthenticationFilter.java rename to modules/core/src/main/java/com/jeesite/common/shiro/filter/CasFilter.java index 6a7038ed..4e1186c9 100644 --- a/modules/core/src/main/java/com/jeesite/common/shiro/filter/CasAuthenticationFilter.java +++ b/modules/core/src/main/java/com/jeesite/common/shiro/filter/CasFilter.java @@ -15,7 +15,7 @@ import org.apache.shiro.web.util.WebUtils; import com.jeesite.common.lang.ExceptionUtils; import com.jeesite.common.lang.StringUtils; -import com.jeesite.common.shiro.realm.CasAuthorizingRealm; +import com.jeesite.common.shiro.realm.BaseAuthorizingRealm; /** * CAS过滤器 @@ -23,14 +23,14 @@ import com.jeesite.common.shiro.realm.CasAuthorizingRealm; * @version 2020-9-19 */ @SuppressWarnings("deprecation") -public class CasAuthenticationFilter extends org.apache.shiro.cas.CasFilter { +public class CasFilter extends org.apache.shiro.cas.CasFilter { /** * 登录成功调用事件 */ @Override protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception { - return FormAuthenticationFilter.onLoginSuccess((HttpServletRequest)request, (HttpServletResponse)response); + return FormFilter.onLoginSuccess((HttpServletRequest)request, (HttpServletResponse)response); } /** @@ -64,7 +64,7 @@ public class CasAuthenticationFilter extends org.apache.shiro.cas.CasFilter { } } - public void setAuthorizingRealm(CasAuthorizingRealm authorizingRealm) { + public void setAuthorizingRealm(BaseAuthorizingRealm authorizingRealm) { } diff --git a/modules/core/src/main/java/com/jeesite/common/shiro/filter/FormAuthenticationFilter.java b/modules/core/src/main/java/com/jeesite/common/shiro/filter/FormFilter.java similarity index 95% rename from modules/core/src/main/java/com/jeesite/common/shiro/filter/FormAuthenticationFilter.java rename to modules/core/src/main/java/com/jeesite/common/shiro/filter/FormFilter.java index 521a3d65..a4620351 100644 --- a/modules/core/src/main/java/com/jeesite/common/shiro/filter/FormAuthenticationFilter.java +++ b/modules/core/src/main/java/com/jeesite/common/shiro/filter/FormFilter.java @@ -48,7 +48,7 @@ import com.jeesite.modules.sys.utils.ValidCodeUtils; * @author ThinkGem * @version 2020-9-19 */ -public class FormAuthenticationFilter extends org.apache.shiro.web.filter.authc.FormAuthenticationFilter { +public class FormFilter extends org.apache.shiro.web.filter.authc.FormAuthenticationFilter { public static final String CAPTCHA_PARAM = "validCode"; // 验证码 public static final String MESSAGE_PARAM = "message"; // 登录返回消息 @@ -56,8 +56,8 @@ public class FormAuthenticationFilter extends org.apache.shiro.web.filter.authc. public static final String EXCEPTION_ATTRIBUTE_NAME = "exception"; // 异常类属性名 public static final String LOGIN_PARAM = "__login"; // 支持GET方式登录的参数 - private static final Logger logger = LoggerFactory.getLogger(FormAuthenticationFilter.class); - private static FormAuthenticationFilter instance; + private static final Logger logger = LoggerFactory.getLogger(FormFilter.class); + private static FormFilter instance; private BaseAuthorizingRealm authorizingRealm; private Cookie rememberUserCodeCookie; // 记住用户名Cookie @@ -65,7 +65,7 @@ public class FormAuthenticationFilter extends org.apache.shiro.web.filter.authc. /** * 构造方法 */ - public FormAuthenticationFilter() { + public FormFilter() { super(); rememberUserCodeCookie = new SimpleCookie(); rememberUserCodeCookie.setName(REMEMBER_USERCODE_PARAM); @@ -193,7 +193,7 @@ public class FormAuthenticationFilter extends org.apache.shiro.web.filter.authc. */ @Override protected void redirectToLogin(ServletRequest request, ServletResponse response) throws IOException { - PermissionsAuthorizationFilter.redirectToDefaultPath(request, response); + PermissionsFilter.redirectToDefaultPath(request, response); } /** diff --git a/modules/core/src/main/java/com/jeesite/common/shiro/filter/InnerFilter.java b/modules/core/src/main/java/com/jeesite/common/shiro/filter/InnerFilter.java index f2a51a01..8d94ad19 100644 --- a/modules/core/src/main/java/com/jeesite/common/shiro/filter/InnerFilter.java +++ b/modules/core/src/main/java/com/jeesite/common/shiro/filter/InnerFilter.java @@ -41,7 +41,7 @@ public class InnerFilter extends AccessControlFilter { @Override protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception { - return PermissionsAuthorizationFilter.redirectTo403Page(request, response); + return PermissionsFilter.redirectTo403Page(request, response); } } diff --git a/modules/core/src/main/java/com/jeesite/common/shiro/filter/PermissionsAuthorizationFilter.java b/modules/core/src/main/java/com/jeesite/common/shiro/filter/PermissionsFilter.java similarity index 89% rename from modules/core/src/main/java/com/jeesite/common/shiro/filter/PermissionsAuthorizationFilter.java rename to modules/core/src/main/java/com/jeesite/common/shiro/filter/PermissionsFilter.java index fd8f435e..2ab3b8b5 100644 --- a/modules/core/src/main/java/com/jeesite/common/shiro/filter/PermissionsAuthorizationFilter.java +++ b/modules/core/src/main/java/com/jeesite/common/shiro/filter/PermissionsFilter.java @@ -26,16 +26,16 @@ import com.jeesite.common.web.http.wrapper.GetHttpServletRequestWrapper; * @author ThinkGem * @version 2017-03-22 */ -public class PermissionsAuthorizationFilter extends org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter { +public class PermissionsFilter extends org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter { @Override protected void redirectToLogin(ServletRequest request, ServletResponse response) throws IOException { - PermissionsAuthorizationFilter.redirectToDefaultPath(request, response); + PermissionsFilter.redirectToDefaultPath(request, response); } @Override protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws IOException { - return PermissionsAuthorizationFilter.redirectTo403Page(request, response); + return PermissionsFilter.redirectTo403Page(request, response); } /** diff --git a/modules/core/src/main/java/com/jeesite/common/shiro/filter/RolesAuthorizationFilter.java b/modules/core/src/main/java/com/jeesite/common/shiro/filter/RolesFilter.java similarity index 65% rename from modules/core/src/main/java/com/jeesite/common/shiro/filter/RolesAuthorizationFilter.java rename to modules/core/src/main/java/com/jeesite/common/shiro/filter/RolesFilter.java index 1ea4272f..7ca8442d 100644 --- a/modules/core/src/main/java/com/jeesite/common/shiro/filter/RolesAuthorizationFilter.java +++ b/modules/core/src/main/java/com/jeesite/common/shiro/filter/RolesFilter.java @@ -13,16 +13,16 @@ import javax.servlet.ServletResponse; * @author ThinkGem * @version 2017-03-22 */ -public class RolesAuthorizationFilter extends org.apache.shiro.web.filter.authz.RolesAuthorizationFilter { +public class RolesFilter extends org.apache.shiro.web.filter.authz.RolesAuthorizationFilter { @Override protected void redirectToLogin(ServletRequest request, ServletResponse response) throws IOException { - PermissionsAuthorizationFilter.redirectToDefaultPath(request, response); + PermissionsFilter.redirectToDefaultPath(request, response); } @Override protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws IOException { - return PermissionsAuthorizationFilter.redirectTo403Page(request, response); + return PermissionsFilter.redirectTo403Page(request, response); } } diff --git a/modules/core/src/main/java/com/jeesite/common/shiro/filter/UserFilter.java b/modules/core/src/main/java/com/jeesite/common/shiro/filter/UserFilter.java index 1edc2e6b..fef0934d 100644 --- a/modules/core/src/main/java/com/jeesite/common/shiro/filter/UserFilter.java +++ b/modules/core/src/main/java/com/jeesite/common/shiro/filter/UserFilter.java @@ -17,12 +17,12 @@ public class UserFilter extends org.apache.shiro.web.filter.authc.UserFilter { @Override protected void redirectToLogin(ServletRequest request, ServletResponse response) throws IOException { - PermissionsAuthorizationFilter.redirectToDefaultPath(request, response); + PermissionsFilter.redirectToDefaultPath(request, response); } @Override protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws IOException { - return PermissionsAuthorizationFilter.redirectTo403Page(request, response); + return PermissionsFilter.redirectTo403Page(request, response); } } diff --git a/modules/core/src/main/java/com/jeesite/common/shiro/realm/AuthorizingRealm.java b/modules/core/src/main/java/com/jeesite/common/shiro/realm/AuthorizingRealm.java index a47f0144..9fb2d5f4 100644 --- a/modules/core/src/main/java/com/jeesite/common/shiro/realm/AuthorizingRealm.java +++ b/modules/core/src/main/java/com/jeesite/common/shiro/realm/AuthorizingRealm.java @@ -20,7 +20,7 @@ import com.jeesite.modules.sys.utils.LogUtils; import com.jeesite.modules.sys.utils.UserUtils; /** - * 系统安全认证实现类 + * 系统认证授权实现类 * @author ThinkGem * @version 2018-7-11 */ diff --git a/modules/core/src/main/java/com/jeesite/common/shiro/realm/CasAuthorizingRealm.java b/modules/core/src/main/java/com/jeesite/common/shiro/realm/CasAuthorizingRealm.java index 0958f87a..af9ebf04 100644 --- a/modules/core/src/main/java/com/jeesite/common/shiro/realm/CasAuthorizingRealm.java +++ b/modules/core/src/main/java/com/jeesite/common/shiro/realm/CasAuthorizingRealm.java @@ -36,7 +36,7 @@ import com.jeesite.modules.sys.utils.LogUtils; import com.jeesite.modules.sys.utils.UserUtils; /** - * 系统安全认证实现类 + * 系统认证授权实现类 * @author ThinkGem * @version 2020-9-19 */ @@ -175,7 +175,7 @@ public class CasAuthorizingRealm extends BaseAuthorizingRealm { @Override protected void assertCredentialsMatch(AuthenticationToken authcToken, AuthenticationInfo info) throws AuthenticationException { - // CAS的Ticket已经在doGetAuthenticationInfo()认证过了,这里就不验证身份了 + // 已经在 getFormToken 认证过了,这里就不验证身份了 } @Override diff --git a/modules/core/src/main/java/com/jeesite/modules/config/ShiroConfig.java b/modules/core/src/main/java/com/jeesite/modules/config/ShiroConfig.java index 2a908386..98e96881 100644 --- a/modules/core/src/main/java/com/jeesite/modules/config/ShiroConfig.java +++ b/modules/core/src/main/java/com/jeesite/modules/config/ShiroConfig.java @@ -26,12 +26,12 @@ import com.jeesite.common.collect.ListUtils; import com.jeesite.common.config.Global; import com.jeesite.common.shiro.cas.CasOutHandler; import com.jeesite.common.shiro.config.FilterChainDefinitionMap; -import com.jeesite.common.shiro.filter.CasAuthenticationFilter; -import com.jeesite.common.shiro.filter.FormAuthenticationFilter; +import com.jeesite.common.shiro.filter.CasFilter; +import com.jeesite.common.shiro.filter.FormFilter; import com.jeesite.common.shiro.filter.InnerFilter; import com.jeesite.common.shiro.filter.LogoutFilter; -import com.jeesite.common.shiro.filter.PermissionsAuthorizationFilter; -import com.jeesite.common.shiro.filter.RolesAuthorizationFilter; +import com.jeesite.common.shiro.filter.PermissionsFilter; +import com.jeesite.common.shiro.filter.RolesFilter; import com.jeesite.common.shiro.filter.UserFilter; import com.jeesite.common.shiro.realm.AuthorizingRealm; import com.jeesite.common.shiro.realm.CasAuthorizingRealm; @@ -43,7 +43,7 @@ import com.jeesite.common.shiro.web.WebSecurityManager; /** * Shiro配置 * @author ThinkGem - * @version 2018-7-11 + * @version 2021-7-6 */ @SuppressWarnings("deprecation") @Configuration(proxyBeanMethods = false) @@ -72,8 +72,8 @@ public class ShiroConfig { /** * CAS登录过滤器 */ - private CasAuthenticationFilter shiroCasFilter(CasAuthorizingRealm casAuthorizingRealm) { - CasAuthenticationFilter bean = new CasAuthenticationFilter(); + private CasFilter shiroCasFilter(CasAuthorizingRealm casAuthorizingRealm) { + CasFilter bean = new CasFilter(); bean.setAuthorizingRealm(casAuthorizingRealm); return bean; } @@ -81,8 +81,8 @@ public class ShiroConfig { /** * Form登录过滤器 */ - private FormAuthenticationFilter shiroAuthcFilter(AuthorizingRealm authorizingRealm) { - FormAuthenticationFilter bean = new FormAuthenticationFilter(); + private FormFilter shiroAuthcFilter(AuthorizingRealm authorizingRealm) { + FormFilter bean = new FormFilter(); bean.setAuthorizingRealm(authorizingRealm); return bean; } @@ -99,15 +99,15 @@ public class ShiroConfig { /** * 权限字符串过滤器 */ - private PermissionsAuthorizationFilter shiroPermsFilter() { - return new PermissionsAuthorizationFilter(); + private PermissionsFilter shiroPermsFilter() { + return new PermissionsFilter(); } /** * 角色权限过滤器 */ - private RolesAuthorizationFilter shiroRolesFilter() { - return new RolesAuthorizationFilter(); + private RolesFilter shiroRolesFilter() { + return new RolesFilter(); } /** @@ -125,13 +125,13 @@ public class ShiroConfig { bean.setBlockNonAscii(false); return bean; } - + /** * Shiro认证过滤器 */ @Bean - public ShiroFilterFactoryBean shiroFilter(WebSecurityManager webSecurityManager, - AuthorizingRealm authorizingRealm, CasAuthorizingRealm casAuthorizingRealm) { + public ShiroFilterFactoryBean shiroFilter(WebSecurityManager webSecurityManager, AuthorizingRealm authorizingRealm, + CasAuthorizingRealm casAuthorizingRealm) { ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean(); bean.setSecurityManager(webSecurityManager); bean.setLoginUrl(Global.getProperty("shiro.loginUrl")); @@ -171,7 +171,7 @@ public class ShiroConfig { } /** - * 系统安全认证实现类 + * CAS安全认证实现类 */ @Bean public CasAuthorizingRealm casAuthorizingRealm(SessionDAO sessionDAO, CasOutHandler casOutHandler) { @@ -187,9 +187,8 @@ public class ShiroConfig { * 定义Shiro安全管理配置 */ @Bean - public WebSecurityManager webSecurityManager(AuthorizingRealm authorizingRealm, - CasAuthorizingRealm casAuthorizingRealm, SessionManager sessionManager, - CacheManager shiroCacheManager) { + public WebSecurityManager webSecurityManager(AuthorizingRealm authorizingRealm, CasAuthorizingRealm casAuthorizingRealm, + SessionManager sessionManager, CacheManager shiroCacheManager) { WebSecurityManager bean = new WebSecurityManager(); Collection realms = ListUtils.newArrayList(); realms.add(authorizingRealm); // 第一个为权限授权控制类 @@ -197,9 +196,8 @@ public class ShiroConfig { bean.setRealms(realms); bean.setSessionManager(sessionManager); bean.setCacheManager(shiroCacheManager); - //bean.setRememberMeManager(null); // 关闭 RememberMe - // 设置支持CAS的subjectFactory bean.setSubjectFactory(new CasSubjectFactory()); + //bean.setRememberMeManager(null); // 关闭 RememberMe return bean; } diff --git a/modules/core/src/main/java/com/jeesite/modules/sys/web/AccountController.java b/modules/core/src/main/java/com/jeesite/modules/sys/web/AccountController.java index 6f411554..813a110d 100644 --- a/modules/core/src/main/java/com/jeesite/modules/sys/web/AccountController.java +++ b/modules/core/src/main/java/com/jeesite/modules/sys/web/AccountController.java @@ -27,7 +27,7 @@ import com.jeesite.common.msg.EmailUtils; import com.jeesite.common.msg.SmsUtils; import com.jeesite.common.service.ServiceException; import com.jeesite.common.shiro.authc.FormToken; -import com.jeesite.common.shiro.filter.FormAuthenticationFilter; +import com.jeesite.common.shiro.filter.FormFilter; import com.jeesite.common.web.BaseController; import com.jeesite.modules.sys.entity.User; import com.jeesite.modules.sys.service.UserService; @@ -88,7 +88,7 @@ public class AccountController extends BaseController{ if (!Global.getConfigToBoolean("user.loginByValidCode", "true")) { return renderResult(Global.FALSE, "验证码登录未开启,请设置:user.loginByValidCode=true"); } - FormToken formToken = FormAuthenticationFilter.newToken(request, response); + FormToken formToken = FormFilter.newToken(request, response); String s = validValidCode("login", formToken.getUsername(), loginValidCode, request); if (s != null) { return s; @@ -97,9 +97,9 @@ public class AccountController extends BaseController{ try { formToken.setInnerLogin(true); // 因为手机验证码已验证,所以无需再进行验证密码 UserUtils.getSubject().login(formToken); - FormAuthenticationFilter.onLoginSuccess(request, response); + FormFilter.onLoginSuccess(request, response); } catch (AuthenticationException e) { - FormAuthenticationFilter.onLoginFailure(e, request, response); + FormFilter.onLoginFailure(e, request, response); } return null; } diff --git a/modules/core/src/main/java/com/jeesite/modules/sys/web/LoginController.java b/modules/core/src/main/java/com/jeesite/modules/sys/web/LoginController.java index 473e806b..e6ed9eec 100644 --- a/modules/core/src/main/java/com/jeesite/modules/sys/web/LoginController.java +++ b/modules/core/src/main/java/com/jeesite/modules/sys/web/LoginController.java @@ -23,7 +23,7 @@ import org.springframework.web.bind.annotation.ResponseBody; import com.fasterxml.jackson.annotation.JsonView; import com.jeesite.common.config.Global; import com.jeesite.common.lang.StringUtils; -import com.jeesite.common.shiro.filter.FormAuthenticationFilter; +import com.jeesite.common.shiro.filter.FormFilter; import com.jeesite.common.shiro.realm.BaseAuthorizingRealm; import com.jeesite.common.shiro.realm.LoginInfo; import com.jeesite.common.web.BaseController; @@ -72,7 +72,7 @@ public class LoginController extends BaseController{ } // 获取登录数据 - model.addAllAttributes(FormAuthenticationFilter.getLoginData(request, response)); + model.addAllAttributes(FormFilter.getLoginData(request, response)); // 如果是Ajax请求,返回Json字符串。 if (ServletUtils.isAjaxRequest((HttpServletRequest)request)){ @@ -109,7 +109,7 @@ public class LoginController extends BaseController{ } // 获取登录失败数据 - model.addAllAttributes(FormAuthenticationFilter.getLoginFailureData(request, response)); + model.addAllAttributes(FormFilter.getLoginFailureData(request, response)); // 如果是Ajax请求,返回Json字符串。 if (ServletUtils.isAjaxRequest(request)){ diff --git a/modules/core/src/main/java/com/jeesite/modules/sys/web/SsoController.java b/modules/core/src/main/java/com/jeesite/modules/sys/web/SsoController.java index ba2ced75..5f377f7a 100644 --- a/modules/core/src/main/java/com/jeesite/modules/sys/web/SsoController.java +++ b/modules/core/src/main/java/com/jeesite/modules/sys/web/SsoController.java @@ -18,7 +18,7 @@ import com.jeesite.common.codec.EncodeUtils; import com.jeesite.common.config.Global; import com.jeesite.common.lang.ObjectUtils; import com.jeesite.common.shiro.authc.FormToken; -import com.jeesite.common.shiro.filter.FormAuthenticationFilter; +import com.jeesite.common.shiro.filter.FormFilter; import com.jeesite.common.web.BaseController; import com.jeesite.common.web.http.ServletUtils; import com.jeesite.modules.sys.entity.User; @@ -67,9 +67,9 @@ public class SsoController extends BaseController{ // FormToken 构造方法的三个参数:登录名、单点登录的令牌秘钥、请求对象 UserUtils.getSubject().login(new FormToken(username, token, request)); request.setAttribute("__url", EncodeUtils.decodeUrl2(url)); - FormAuthenticationFilter.onLoginSuccess(request, response); + FormFilter.onLoginSuccess(request, response); } catch (AuthenticationException e) { - FormAuthenticationFilter.onLoginFailure(e, request, response); + FormFilter.onLoginFailure(e, request, response); } return null; } diff --git a/modules/core/src/main/resources/config/logger-core.xml b/modules/core/src/main/resources/config/logger-core.xml index 38a3306c..ee27863f 100644 --- a/modules/core/src/main/resources/config/logger-core.xml +++ b/modules/core/src/main/resources/config/logger-core.xml @@ -43,7 +43,7 @@ - + \ No newline at end of file