接上篇授权与认证之jwt(四)创建OAuth2 Filter类 我们要创建的Shiroconfig类,是用来把OAuth2Filter和OAuth2Realm配置到Shiro框架,这样我们辛苦搭建的Shiro+WT才算生效。
@Configuration
public class ShiroConfig {
@Bean("securityManager")
public SecurityManager securityManager(OAuth2Realm oAuth2Realm) {
DefaultSecurityManager securityManager=new DefaultSecurityManager();;
securityManager.setRealm(oAuth2Realm);
securityManager.setRememberMeManager(null);
return securityManager;
}
@Bean("shiroFilter")
public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager,OAuth2Filter oAuth2Filter) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
//oauth过滤
Map<String, Filter> filters=new HashMap<>();
filters.put("oauth2",oAuth2Filter);
shiroFilterFactoryBean.setFilters(filters);
Map<String,String> filterMap=new LinkedHashMap<>();
filterMap.put("/webjars/**","anon");
filterMap.put("/druid/**","anon");
filterMap.put("/app/**","anon");
filterMap.put("/sys/login/**","anon");
filterMap.put("/swagger/**","anon");
filterMap.put("/swagger-ui.html","anon");
filterMap.put("/swagger-resources/**","anon");
filterMap.put("/v2/api-docs/**","anon");
filterMap.put("/captcha.jpg","anon");
filterMap.put("/user/register","anon");
filterMap.put("/user/login","anon");
filterMap.put("/test/**","anon");
filterMap.put("/**","oauth2");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
return shiroFilterFactoryBean;
}
@Bean("lifecycleBeanPostProcessor")
public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
return new LifecycleBeanPostProcessor();
}
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
}
}