新增内部系统访问过滤器，可设置多个允许的内部系统IP地址串，多个用逗号隔开

modules/core/src/main/java/com/jeesite/common/shiro/filter/InnerFilter.java

@@ -0,0 +1,47 @@
+/**
+ * Copyright (c) 2013-Now http://jeesite.com All rights reserved.
+ */
+package com.jeesite.common.shiro.filter;
+
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.shiro.web.filter.AccessControlFilter;
+
+import com.jeesite.common.config.Global;
+import com.jeesite.common.lang.StringUtils;
+
+/**
+ * 内部系统访问过滤器
+ * @author ThinkGem
+ * @version 2018-11-10
+ */
+public class InnerFilter extends AccessControlFilter {
+
+	@Override
+	protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
+		boolean result = false;
+		String[] prefixes = (String[])mappedValue;
+		if (prefixes == null){
+			prefixes = StringUtils.split(Global.getProperty(
+					"shiro.innerFilterAllowRemoteAddrs", "127.0.0.1"), ",");
+		}
+		if (prefixes != null && request instanceof HttpServletRequest){
+			String ip = ((HttpServletRequest)request).getRemoteAddr();
+			for (String prefix : prefixes){
+				result = StringUtils.startsWithIgnoreCase(ip, StringUtils.trim(prefix));
+				if (result){
+					break;
+				}
+			}
+		}
+		return result;
+	}
+
+	@Override
+	protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
+		return PermissionsAuthorizationFilter.redirectTo403Page(request, response);
+	}
+	
+}

modules/core/src/main/java/com/jeesite/modules/config/ShiroConfig.java

@@ -27,6 +27,7 @@ import com.jeesite.common.shiro.cas.CasOutHandler;
 import com.jeesite.common.shiro.config.FilterChainDefinitionMap;
 import com.jeesite.common.shiro.filter.CasAuthenticationFilter;
 import com.jeesite.common.shiro.filter.FormAuthenticationFilter;
+import com.jeesite.common.shiro.filter.InnerFilter;
 import com.jeesite.common.shiro.filter.LogoutFilter;
 import com.jeesite.common.shiro.filter.PermissionsAuthorizationFilter;
 import com.jeesite.common.shiro.filter.RolesAuthorizationFilter;
@@ -60,6 +61,13 @@ public class ShiroConfig {
 		bean.addUrlPatterns("/*");
 		return bean;
 	}
+
+	/**
+	 * 内部系统访问过滤器
+	 */
+	private InnerFilter shiroInnerFilter() {
+		return new InnerFilter();
+	}
 	
 	/**
 	 * CAS登录过滤器
@@ -120,6 +128,7 @@ public class ShiroConfig {
 		bean.setLoginUrl(Global.getProperty("shiro.loginUrl"));
 		bean.setSuccessUrl(Global.getProperty("adminPath")+"/index");
 		Map<String, Filter> filters = bean.getFilters();
+		filters.put("inner", shiroInnerFilter());
 		filters.put("cas", shiroCasFilter(casAuthorizingRealm));
 		filters.put("authc", shiroAuthcFilter(authorizingRealm));
 		filters.put("logout", shiroLogoutFilter(authorizingRealm));

modules/core/src/main/resources/config/jeesite-core.yml

@@ -323,6 +323,9 @@ shiro:
   # 是否在登录后生成新的Session（默认false）
   isGenerateNewSessionAfterLogin: false
   
+  # 内部系统访问过滤器，可设置多个允许的内部系统IP地址串，多个用逗号隔开
+  innerFilter.allowIp: 127.0.0.1
+  
   # URI 权限过滤器定义
 #  filterChainDefinitions: |
 #    /ReportServer/** = user
@@ -442,7 +445,7 @@ web:
     id: '[a-zA-Z0-9_\-/#\u4e00-\u9fa5]{0,64}'
     user.loginCode: '[a-zA-Z0-9_\u4e00-\u9fa5]{4,20}'
 
-  # 关闭核心模块的Web功能（仅作为微服务时设为false）
+  # 核心模块的Web功能（仅作为微服务时设为false）
   core: 
     enabled: true