From 25cf266e99714ac5d428e66b40ce272325c91dd8 Mon Sep 17 00:00:00 2001
From: Pu Zhibing <393733352@qq.com>
Date: 星期六, 14 六月 2025 15:01:11 +0800
Subject: [PATCH] 修改管理后台账号和共享session等 屏蔽除出租车外的其他模块
---
ManagementQYTTravel/guns-admin/src/main/java/com/stylefeng/guns/config/web/ShiroConfig.java | 413 +++++++++++++++++++++++++++++-----------------------------
1 files changed, 206 insertions(+), 207 deletions(-)
diff --git a/ManagementQYTTravel/guns-admin/src/main/java/com/stylefeng/guns/config/web/ShiroConfig.java b/ManagementQYTTravel/guns-admin/src/main/java/com/stylefeng/guns/config/web/ShiroConfig.java
index 2ca8fd2..28c24e8 100644
--- a/ManagementQYTTravel/guns-admin/src/main/java/com/stylefeng/guns/config/web/ShiroConfig.java
+++ b/ManagementQYTTravel/guns-admin/src/main/java/com/stylefeng/guns/config/web/ShiroConfig.java
@@ -1,207 +1,206 @@
-package com.stylefeng.guns.config.web;
-
-import com.stylefeng.guns.config.properties.GunsProperties;
-import com.stylefeng.guns.core.intercept.GunsUserFilter;
-import com.stylefeng.guns.core.shiro.ShiroDbRealm;
-import org.apache.shiro.cache.CacheManager;
-import org.apache.shiro.cache.ehcache.EhCacheManager;
-import org.apache.shiro.codec.Base64;
-import org.apache.shiro.session.mgt.SessionManager;
-import org.apache.shiro.spring.LifecycleBeanPostProcessor;
-import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
-import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
-import org.apache.shiro.web.mgt.CookieRememberMeManager;
-import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
-import org.apache.shiro.web.servlet.Cookie;
-import org.apache.shiro.web.servlet.ShiroHttpSession;
-import org.apache.shiro.web.servlet.SimpleCookie;
-import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
-import org.apache.shiro.web.session.mgt.ServletContainerSessionManager;
-import org.springframework.beans.factory.config.MethodInvokingFactoryBean;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
-import org.springframework.cache.ehcache.EhCacheManagerFactoryBean;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-
-import javax.servlet.Filter;
-import java.util.HashMap;
-import java.util.LinkedHashMap;
-import java.util.Map;
-
-/**
- * shiro权限管理的配置
- *
- * @author fengshuonan
- * @date 2016年11月14日 下午3:03:44
- */
-@Configuration
-public class ShiroConfig {
-
- /**
- * 安全管理器
- */
- @Bean
- public DefaultWebSecurityManager securityManager(CookieRememberMeManager rememberMeManager, CacheManager cacheShiroManager, SessionManager sessionManager) {
- DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
- securityManager.setRealm(this.shiroDbRealm());
- securityManager.setCacheManager(cacheShiroManager);
- securityManager.setRememberMeManager(rememberMeManager);
- securityManager.setSessionManager(sessionManager);
- return securityManager;
- }
-
- /**
- * spring session管理器(多机环境)
- */
- @Bean
- @ConditionalOnProperty(prefix = "guns", name = "spring-session-open", havingValue = "true")
- public ServletContainerSessionManager servletContainerSessionManager() {
- return new ServletContainerSessionManager();
- }
-
- /**
- * session管理器(单机环境)
- */
- @Bean
- @ConditionalOnProperty(prefix = "guns", name = "spring-session-open", havingValue = "false")
- public DefaultWebSessionManager defaultWebSessionManager(CacheManager cacheShiroManager, GunsProperties gunsProperties) {
- DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
- sessionManager.setCacheManager(cacheShiroManager);
- sessionManager.setSessionValidationInterval(gunsProperties.getSessionValidationInterval() * 1000);
- sessionManager.setGlobalSessionTimeout(gunsProperties.getSessionInvalidateTime() * 1000);
- sessionManager.setDeleteInvalidSessions(true);
- sessionManager.setSessionValidationSchedulerEnabled(true);
- Cookie cookie = new SimpleCookie(ShiroHttpSession.DEFAULT_SESSION_ID_NAME);
- cookie.setName("shiroCookie");
- cookie.setHttpOnly(true);
- sessionManager.setSessionIdCookie(cookie);
- return sessionManager;
- }
-
- /**
- * 缓存管理器 使用Ehcache实现
- */
- @Bean
- public CacheManager getCacheShiroManager(EhCacheManagerFactoryBean ehcache) {
- EhCacheManager ehCacheManager = new EhCacheManager();
- ehCacheManager.setCacheManager(ehcache.getObject());
- return ehCacheManager;
- }
-
- /**
- * 项目自定义的Realm
- */
- @Bean
- public ShiroDbRealm shiroDbRealm() {
- return new ShiroDbRealm();
- }
-
- /**
- * rememberMe管理器, cipherKey生成见{@code Base64Test.java}
- */
- @Bean
- public CookieRememberMeManager rememberMeManager(SimpleCookie rememberMeCookie) {
- CookieRememberMeManager manager = new CookieRememberMeManager();
-// manager.setCipherKey(Base64.decode("Z3VucwAAAAAAAAAAAAAAAA=="));
- manager.setCookie(rememberMeCookie);
- return manager;
- }
-
- /**
- * 记住密码Cookie
- */
- @Bean
- public SimpleCookie rememberMeCookie() {
-// SimpleCookie simpleCookie = new SimpleCookie("rememberMe");
- SimpleCookie simpleCookie = new SimpleCookie("");
- simpleCookie.setHttpOnly(true);
- simpleCookie.setMaxAge(7 * 24 * 60 * 60);//7天
- return simpleCookie;
- }
-
- /**
- * Shiro的过滤器链
- */
- @Bean
- public ShiroFilterFactoryBean shiroFilter(DefaultWebSecurityManager securityManager) {
- ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
- shiroFilter.setSecurityManager(securityManager);
- /**
- * 默认的登陆访问url
- */
- shiroFilter.setLoginUrl("/login");
- /**
- * 登陆成功后跳转的url
- */
- shiroFilter.setSuccessUrl("/");
- /**
- * 没有权限跳转的url
- */
- shiroFilter.setUnauthorizedUrl("/global/error");
-
- /**
- * 覆盖默认的user拦截器(默认拦截器解决不了ajax请求 session超时的问题,若有更好的办法请及时反馈作者)
- */
- HashMap<String, Filter> myFilters = new HashMap<>();
- myFilters.put("user", new GunsUserFilter());
- shiroFilter.setFilters(myFilters);
-
- /**
- * 配置shiro拦截器链
- *
- * anon 不需要认证
- * authc 需要认证
- * user 验证通过或RememberMe登录的都可以
- *
- * 当应用开启了rememberMe时,用户下次访问时可以是一个user,但不会是authc,因为authc是需要重新认证的
- *
- * 顺序从上到下,优先级依次降低
- *
- * api开头的接口,走rest api鉴权,不走shiro鉴权
- *
- */
- Map<String, String> hashMap = new LinkedHashMap<>();
- hashMap.put("/base/**", "anon");
- hashMap.put("/static/**", "anon");
- hashMap.put("/gunsApi/**", "anon");
- hashMap.put("/login", "anon");
- hashMap.put("/global/sessionError", "anon");
- hashMap.put("/kaptcha", "anon");
- hashMap.put("/**", "user");
- shiroFilter.setFilterChainDefinitionMap(hashMap);
- return shiroFilter;
- }
-
- /**
- * 在方法中 注入 securityManager,进行代理控制
- */
- @Bean
- public MethodInvokingFactoryBean methodInvokingFactoryBean(DefaultWebSecurityManager securityManager) {
- MethodInvokingFactoryBean bean = new MethodInvokingFactoryBean();
- bean.setStaticMethod("org.apache.shiro.SecurityUtils.setSecurityManager");
- bean.setArguments(new Object[]{securityManager});
- return bean;
- }
-
- /**
- * Shiro生命周期处理器:
- * 用于在实现了Initializable接口的Shiro bean初始化时调用Initializable接口回调(例如:UserRealm)
- * 在实现了Destroyable接口的Shiro bean销毁时调用 Destroyable接口回调(例如:DefaultSecurityManager)
- */
- @Bean
- public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
- return new LifecycleBeanPostProcessor();
- }
-
- /**
- * 启用shrio授权注解拦截方式,AOP式方法级权限检查
- */
- @Bean
- public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {
- AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor =
- new AuthorizationAttributeSourceAdvisor();
- authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
- return authorizationAttributeSourceAdvisor;
- }
-
-}
+//package com.stylefeng.guns.config.web;
+//
+//import com.stylefeng.guns.config.properties.GunsProperties;
+//import com.stylefeng.guns.core.intercept.GunsUserFilter;
+//import com.stylefeng.guns.core.shiro.ShiroDbRealm;
+//import org.apache.shiro.cache.CacheManager;
+//import org.apache.shiro.cache.ehcache.EhCacheManager;
+//import org.apache.shiro.session.mgt.SessionManager;
+//import org.apache.shiro.spring.LifecycleBeanPostProcessor;
+//import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
+//import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
+//import org.apache.shiro.web.mgt.CookieRememberMeManager;
+//import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
+//import org.apache.shiro.web.servlet.Cookie;
+//import org.apache.shiro.web.servlet.ShiroHttpSession;
+//import org.apache.shiro.web.servlet.SimpleCookie;
+//import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
+//import org.apache.shiro.web.session.mgt.ServletContainerSessionManager;
+//import org.springframework.beans.factory.config.MethodInvokingFactoryBean;
+//import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+//import org.springframework.cache.ehcache.EhCacheManagerFactoryBean;
+//import org.springframework.context.annotation.Bean;
+//import org.springframework.context.annotation.Configuration;
+//
+//import javax.servlet.Filter;
+//import java.util.HashMap;
+//import java.util.LinkedHashMap;
+//import java.util.Map;
+//
+///**
+// * shiro权限管理的配置
+// *
+// * @author fengshuonan
+// * @date 2016年11月14日 下午3:03:44
+// */
+//@Configuration
+//public class ShiroConfig {
+//
+// /**
+// * 安全管理器
+// */
+// @Bean
+// public DefaultWebSecurityManager securityManager(CookieRememberMeManager rememberMeManager, CacheManager cacheShiroManager, SessionManager sessionManager) {
+// DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
+// securityManager.setRealm(this.shiroDbRealm());
+// securityManager.setCacheManager(cacheShiroManager);
+// securityManager.setRememberMeManager(rememberMeManager);
+// securityManager.setSessionManager(sessionManager);
+// return securityManager;
+// }
+//
+// /**
+// * spring session管理器(多机环境)
+// */
+// @Bean
+// @ConditionalOnProperty(prefix = "guns", name = "spring-session-open", havingValue = "true")
+// public ServletContainerSessionManager servletContainerSessionManager() {
+// return new ServletContainerSessionManager();
+// }
+//
+// /**
+// * session管理器(单机环境)
+// */
+// @Bean
+// @ConditionalOnProperty(prefix = "guns", name = "spring-session-open", havingValue = "false")
+// public DefaultWebSessionManager defaultWebSessionManager(CacheManager cacheShiroManager, GunsProperties gunsProperties) {
+// DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
+// sessionManager.setCacheManager(cacheShiroManager);
+// sessionManager.setSessionValidationInterval(gunsProperties.getSessionValidationInterval() * 1000);
+// sessionManager.setGlobalSessionTimeout(gunsProperties.getSessionInvalidateTime() * 1000);
+// sessionManager.setDeleteInvalidSessions(false);
+// sessionManager.setSessionValidationSchedulerEnabled(true);
+// Cookie cookie = new SimpleCookie(ShiroHttpSession.DEFAULT_SESSION_ID_NAME);
+// cookie.setName("shiroCookie");
+// cookie.setHttpOnly(true);
+// sessionManager.setSessionIdCookie(cookie);
+// return sessionManager;
+// }
+//
+// /**
+// * 缓存管理器 使用Ehcache实现
+// */
+// @Bean
+// public CacheManager getCacheShiroManager(EhCacheManagerFactoryBean ehcache) {
+// EhCacheManager ehCacheManager = new EhCacheManager();
+// ehCacheManager.setCacheManager(ehcache.getObject());
+// return ehCacheManager;
+// }
+//
+// /**
+// * 项目自定义的Realm
+// */
+// @Bean
+// public ShiroDbRealm shiroDbRealm() {
+// return new ShiroDbRealm();
+// }
+//
+// /**
+// * rememberMe管理器, cipherKey生成见{@code Base64Test.java}
+// */
+// @Bean
+// public CookieRememberMeManager rememberMeManager(SimpleCookie rememberMeCookie) {
+// CookieRememberMeManager manager = new CookieRememberMeManager();
+//// manager.setCipherKey(Base64.decode("Z3VucwAAAAAAAAAAAAAAAA=="));
+// manager.setCookie(rememberMeCookie);
+// return manager;
+// }
+//
+// /**
+// * 记住密码Cookie
+// */
+// @Bean
+// public SimpleCookie rememberMeCookie() {
+//// SimpleCookie simpleCookie = new SimpleCookie("rememberMe");
+// SimpleCookie simpleCookie = new SimpleCookie("");
+// simpleCookie.setHttpOnly(true);
+// simpleCookie.setMaxAge(7 * 24 * 60 * 60);//7天
+// return simpleCookie;
+// }
+//
+// /**
+// * Shiro的过滤器链
+// */
+// @Bean
+// public ShiroFilterFactoryBean shiroFilter(DefaultWebSecurityManager securityManager) {
+// ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
+// shiroFilter.setSecurityManager(securityManager);
+// /**
+// * 默认的登陆访问url
+// */
+// shiroFilter.setLoginUrl("/");
+// /**
+// * 登陆成功后跳转的url
+// */
+// shiroFilter.setSuccessUrl("/");
+// /**
+// * 没有权限跳转的url
+// */
+// shiroFilter.setUnauthorizedUrl("/global/error");
+//
+// /**
+// * 覆盖默认的user拦截器(默认拦截器解决不了ajax请求 session超时的问题,若有更好的办法请及时反馈作者)
+// */
+// HashMap<String, Filter> myFilters = new HashMap<>();
+// myFilters.put("user", new GunsUserFilter());
+// shiroFilter.setFilters(myFilters);
+//
+// /**
+// * 配置shiro拦截器链
+// *
+// * anon 不需要认证
+// * authc 需要认证
+// * user 验证通过或RememberMe登录的都可以
+// *
+// * 当应用开启了rememberMe时,用户下次访问时可以是一个user,但不会是authc,因为authc是需要重新认证的
+// *
+// * 顺序从上到下,优先级依次降低
+// *
+// * api开头的接口,走rest api鉴权,不走shiro鉴权
+// *
+// */
+// Map<String, String> hashMap = new LinkedHashMap<>();
+// hashMap.put("/base/**", "anon");
+// hashMap.put("/static/**", "anon");
+// hashMap.put("/gunsApi/**", "anon");
+// hashMap.put("/login", "anon");
+// hashMap.put("/global/sessionError", "anon");
+// hashMap.put("/kaptcha", "anon");
+// hashMap.put("/**", "user");
+// shiroFilter.setFilterChainDefinitionMap(hashMap);
+// return shiroFilter;
+// }
+//
+// /**
+// * 在方法中 注入 securityManager,进行代理控制
+// */
+// @Bean
+// public MethodInvokingFactoryBean methodInvokingFactoryBean(DefaultWebSecurityManager securityManager) {
+// MethodInvokingFactoryBean bean = new MethodInvokingFactoryBean();
+// bean.setStaticMethod("org.apache.shiro.SecurityUtils.setSecurityManager");
+// bean.setArguments(new Object[]{securityManager});
+// return bean;
+// }
+//
+// /**
+// * Shiro生命周期处理器:
+// * 用于在实现了Initializable接口的Shiro bean初始化时调用Initializable接口回调(例如:UserRealm)
+// * 在实现了Destroyable接口的Shiro bean销毁时调用 Destroyable接口回调(例如:DefaultSecurityManager)
+// */
+// @Bean
+// public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
+// return new LifecycleBeanPostProcessor();
+// }
+//
+// /**
+// * 启用shrio授权注解拦截方式,AOP式方法级权限检查
+// */
+// @Bean
+// public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {
+// AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor =
+// new AuthorizationAttributeSourceAdvisor();
+// authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
+// return authorizationAttributeSourceAdvisor;
+// }
+//
+//}
--
Gitblit v1.7.1