intellioa
/
base-project
6
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8955900d04'
${ noResults }
base-project/长春市教育局附加预算系统/base-parent-ccs/base-server/src/main/resources/applicationContext-shiro.xml

163 lines
6.6 KiB
Raw Blame History Escape

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd"
default-lazy-init="false">
<description>Shiro Configuration</description>
<!-- 加载配置属性文件 -->
<context:property-placeholder ignore-unresolvable="true" location="classpath*:/application.properties" />
<!-- 定义 Shiro 主要业务对象 -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<!-- 数据库认证的实现 com.dsideal.modules.sys.security.systemAuthorizingRealm -->
<property name="realm" ref="systemAuthorizingRealm"/>
<!-- session 管理器 -->
<property name="sessionManager" ref="sessionManager"/>
<!-- 缓存管理器 -->
<property name="cacheManager" ref="shiroCacheManager"/>
<!--rememberMe-->
<property name="rememberMeManager" ref="rememberMeManager"/>
</bean>
<bean id="systemAuthorizingRealm" class="com.dsideal.modules.sys.security.SystemAuthorizingRealm">
<property name="cachingEnabled" value="true"/>
<property name="authenticationCachingEnabled" value="false"/>
<property name="authenticationCacheName" value="authenticationCache"/>
<property name="authorizationCachingEnabled" value="true"/>
<property name="authorizationCacheName" value="authorizationCache"/>
<property name="cacheManager" ref="shiroCacheManager"/>
</bean>
<!--Session集群配置-->
<bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
<!-- session存储的实现 -->
<property name="sessionDAO" ref="shiroSessionDao"/>
<!-- sessionIdCookie的实现,用于重写覆盖容器默认的JSESSIONID -->
<property name="sessionIdCookie" ref="sessionIdCookie"/>
<!-- 超时时间 1800000 = 30分钟 -->
<property name="globalSessionTimeout" value="1800000"/>
<property name="sessionValidationScheduler" ref="sessionValidationScheduler"/>
<!-- 定时检查失效的session -->
<property name="sessionValidationSchedulerEnabled" value="true"/>
</bean>
<!--
指定本系统SESSIONID, 默认为: JSESSIONID
问题: 与SERVLET容器名冲突, 如JETTY, TOMCAT 等默认JSESSIONID,
当跳出SHIRO SERVLET时如ERROR-PAGE容器会为JSESSIONID重新分配值导致登录会话丢失!
-->
<bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
<property name="name" value="DSIDEALSESSION"/>
<!--<property name="domain" value="${domain}"/>-->
<property name="path" value="/"/>
</bean>
<!-- 会话Cookie模板 -->
<bean id="rememberMeCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
<constructor-arg value="rememberMe"/>
<property name="maxAge" value="2592000"/><!-- 30天 -->
</bean>
<bean id="rememberMeManager"
class="org.apache.shiro.web.mgt.CookieRememberMeManager">
<!-- shiro 反序列漏洞 2021-01-12 modify by chaisw -->
<property name="cipherKey" value="#{T(com.dsideal.framework.base.GenerateCipherKey).generateNewKey()}"/>
<!-- <property name="cipherKey" value=""/>-->
<property name="cookie" ref="rememberMeCookie"/>
</bean>
<!-- session存储的实现 -->
<bean id="shiroSessionDao" class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO">
<property name="activeSessionsCacheName" value="shiro-activeSessionCache"/>
</bean>
<!--
定时清理僵尸sessionShiro会启用一个后台守护线程定时执行清理操作
用户直接关闭浏览器造成的孤立会话
-->
<bean id="sessionValidationScheduler"
class="org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler">
<property name="interval" value="1800000"/>
<property name="sessionManager" ref="sessionManager"/>
</bean>
<bean id="formAuthenticationFilter" class="com.dsideal.modules.sys.security.FormAuthenticationFilter"/>
<!-- 安全认证过滤器 -->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<!-- shiro的核心安全接口 -->
<property name="securityManager" ref="securityManager" />
<!-- 要求登录时的链接 -->
<property name="loginUrl" value="${adminPath}/login" />
<!-- 登陆成功后要跳转的连接 -->
<property name="successUrl" value="${adminPath}" />
<!-- 未授权时要跳转的连接 -->
<property name="unauthorizedUrl" value="/unauth" />
<property name="filters">
<map>
<entry key="authc" value-ref="formAuthenticationFilter"/><!-- 基于表单验证 -->
</map>
</property>
<!-- shiro连接约束配置 anon 匿名 authc 需要认真-->
<property name="filterChainDefinitions">
<value>
/static/** = anon
/uploadFiles/** = user
/app/**= anon
/l/**= anon
${adminPath}/hasRole =anon
${adminPath}/checkPermissionByString = anon
${adminPath}/checkPermissionByPermission = anon
/weixin/** = anon
${adminPath}/oauth2 =anon
${adminPath}/autoLogin =anon
${adminPath}/wxOauth2 =anon
${adminPath}/tag/treeselectXkg =anon
${adminPath}/tree/unLoginOrgsSchoolTreeData =anon
${adminPath}/wxOauth =anon
${adminPath}/findPwdStep1 =anon
${adminPath}/findPwdStep2 =anon
${adminPath}/findPwdStep3 =anon
${adminPath}/valNum =anon
${adminPath}/restartNum =anon
${adminPath}/showErrorMessage =anon
${adminPath}/login = authc
${adminPath}/** = user
/sign/** = anon
</value>
</property>
</bean>
<!-- session 集群 redis
<bean id="shiroCacheManager" class="com.dsideal.common.security.shiro.ShiroRedisCacheManager">
<property name="cached" ref="redisCached"/>
</bean>-->
<!-- session 集群 ehcache -->
<!-- 用户授权信息Cache, 采用EhCache -->
<bean id="shiroCacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
<property name="cacheManagerConfigFile" value="classpath:cache/ehcache.xml"/>
</bean>
<!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
<!-- AOP式方法级权限检查 -->
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor">
<property name="proxyTargetClass" value="true" />
</bean>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>
</beans>
Reference in new issue View Git Blame Copy Permalink