From 711985fbe95892359160e29224f2d3becdf9c10d Mon Sep 17 00:00:00 2001 From: thinkgem Date: Sat, 17 Nov 2018 21:42:52 +0800 Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E=E5=86=85=E9=83=A8=E7=B3=BB?= =?UTF-8?q?=E7=BB=9F=E8=AE=BF=E9=97=AE=E8=BF=87=E6=BB=A4=E5=99=A8=EF=BC=8C?= =?UTF-8?q?=E5=8F=AF=E8=AE=BE=E7=BD=AE=E5=A4=9A=E4=B8=AA=E5=85=81=E8=AE=B8?= =?UTF-8?q?=E7=9A=84=E5=86=85=E9=83=A8=E7=B3=BB=E7=BB=9FIP=E5=9C=B0?= =?UTF-8?q?=E5=9D=80=E4=B8=B2=EF=BC=8C=E5=A4=9A=E4=B8=AA=E7=94=A8=E9=80=97?= =?UTF-8?q?=E5=8F=B7=E9=9A=94=E5=BC=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../common/shiro/filter/InnerFilter.java | 47 +++++++++++++++++++ .../jeesite/modules/config/ShiroConfig.java | 9 ++++ .../main/resources/config/jeesite-core.yml | 5 +- web/src/main/resources/config/application.yml | 5 +- 4 files changed, 64 insertions(+), 2 deletions(-) create mode 100644 modules/core/src/main/java/com/jeesite/common/shiro/filter/InnerFilter.java diff --git a/modules/core/src/main/java/com/jeesite/common/shiro/filter/InnerFilter.java b/modules/core/src/main/java/com/jeesite/common/shiro/filter/InnerFilter.java new file mode 100644 index 00000000..f2a51a01 --- /dev/null +++ b/modules/core/src/main/java/com/jeesite/common/shiro/filter/InnerFilter.java @@ -0,0 +1,47 @@ +/** + * Copyright (c) 2013-Now http://jeesite.com All rights reserved. + */ +package com.jeesite.common.shiro.filter; + +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; + +import org.apache.shiro.web.filter.AccessControlFilter; + +import com.jeesite.common.config.Global; +import com.jeesite.common.lang.StringUtils; + +/** + * 内部系统访问过滤器 + * @author ThinkGem + * @version 2018-11-10 + */ +public class InnerFilter extends AccessControlFilter { + + @Override + protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception { + boolean result = false; + String[] prefixes = (String[])mappedValue; + if (prefixes == null){ + prefixes = StringUtils.split(Global.getProperty( + "shiro.innerFilterAllowRemoteAddrs", "127.0.0.1"), ","); + } + if (prefixes != null && request instanceof HttpServletRequest){ + String ip = ((HttpServletRequest)request).getRemoteAddr(); + for (String prefix : prefixes){ + result = StringUtils.startsWithIgnoreCase(ip, StringUtils.trim(prefix)); + if (result){ + break; + } + } + } + return result; + } + + @Override + protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception { + return PermissionsAuthorizationFilter.redirectTo403Page(request, response); + } + +} diff --git a/modules/core/src/main/java/com/jeesite/modules/config/ShiroConfig.java b/modules/core/src/main/java/com/jeesite/modules/config/ShiroConfig.java index bdc242c2..829a7ca8 100644 --- a/modules/core/src/main/java/com/jeesite/modules/config/ShiroConfig.java +++ b/modules/core/src/main/java/com/jeesite/modules/config/ShiroConfig.java @@ -27,6 +27,7 @@ import com.jeesite.common.shiro.cas.CasOutHandler; import com.jeesite.common.shiro.config.FilterChainDefinitionMap; import com.jeesite.common.shiro.filter.CasAuthenticationFilter; import com.jeesite.common.shiro.filter.FormAuthenticationFilter; +import com.jeesite.common.shiro.filter.InnerFilter; import com.jeesite.common.shiro.filter.LogoutFilter; import com.jeesite.common.shiro.filter.PermissionsAuthorizationFilter; import com.jeesite.common.shiro.filter.RolesAuthorizationFilter; @@ -60,6 +61,13 @@ public class ShiroConfig { bean.addUrlPatterns("/*"); return bean; } + + /** + * 内部系统访问过滤器 + */ + private InnerFilter shiroInnerFilter() { + return new InnerFilter(); + } /** * CAS登录过滤器 @@ -120,6 +128,7 @@ public class ShiroConfig { bean.setLoginUrl(Global.getProperty("shiro.loginUrl")); bean.setSuccessUrl(Global.getProperty("adminPath")+"/index"); Map filters = bean.getFilters(); + filters.put("inner", shiroInnerFilter()); filters.put("cas", shiroCasFilter(casAuthorizingRealm)); filters.put("authc", shiroAuthcFilter(authorizingRealm)); filters.put("logout", shiroLogoutFilter(authorizingRealm)); diff --git a/modules/core/src/main/resources/config/jeesite-core.yml b/modules/core/src/main/resources/config/jeesite-core.yml index 67d27a46..5f85dc99 100644 --- a/modules/core/src/main/resources/config/jeesite-core.yml +++ b/modules/core/src/main/resources/config/jeesite-core.yml @@ -323,6 +323,9 @@ shiro: # 是否在登录后生成新的Session(默认false) isGenerateNewSessionAfterLogin: false + # 内部系统访问过滤器,可设置多个允许的内部系统IP地址串,多个用逗号隔开 + innerFilter.allowIp: 127.0.0.1 + # URI 权限过滤器定义 # filterChainDefinitions: | # /ReportServer/** = user @@ -442,7 +445,7 @@ web: id: '[a-zA-Z0-9_\-/#\u4e00-\u9fa5]{0,64}' user.loginCode: '[a-zA-Z0-9_\u4e00-\u9fa5]{4,20}' - # 关闭核心模块的Web功能(仅作为微服务时设为false) + # 核心模块的Web功能(仅作为微服务时设为false) core: enabled: true diff --git a/web/src/main/resources/config/application.yml b/web/src/main/resources/config/application.yml index 7222033a..ff7ebb69 100644 --- a/web/src/main/resources/config/application.yml +++ b/web/src/main/resources/config/application.yml @@ -369,6 +369,9 @@ logging: # # # 是否在登录后生成新的Session(默认false) # isGenerateNewSessionAfterLogin: false +# +# # 内部系统访问过滤器,可设置多个允许的内部系统IP地址串,多个用逗号隔开 +# innerFilter.allowIp: 127.0.0.1 # # # URI 权限过滤器定义 # filterChainDefinitions: | @@ -458,7 +461,7 @@ logging: # id: '[a-zA-Z0-9_\-/#\u4e00-\u9fa5]{0,64}' # user.loginCode: '[a-zA-Z0-9_\u4e00-\u9fa5]{4,20}' # -# # 关闭核心模块的Web功能(仅作为微服务时设为false) +# # 核心模块的Web功能(仅作为微服务时设为false) # core: # enabled: true