第二十三章 多项目集中权限管理

pom.xml

@@ -38,6 +38,7 @@
         <module>shiro-example-chapter23-pom</module>
         <module>shiro-example-chapter23-app1</module>
         <module>shiro-example-chapter23-app2</module>
+        <module>shiro-example-chapter23-nginx</module>
     </modules>
 
 

shiro-example-chapter23-app1/src/main/webapp/success.jsp

@@ -5,7 +5,7 @@
     hello app1.<br/>
 
     <shiro:guest>
-        <a href="${pageContext.request.contextPath}/login?backurl=${pageContext.request.contextPath}">点击登录</a>
+        <a href="${pageContext.request.contextPath}/login?backUrl=${pageContext.request.contextPath}">点击登录</a>
     </shiro:guest>
 
     <shiro:authenticated>

shiro-example-chapter23-app2/src/main/java/com/github/zhangkaitao/shiro/chapter23/app2/web/controller/HelloController.java

@@ -28,7 +28,6 @@ public String setAttr(
         return "success";
     }
 
-
     @RequestMapping(value = "/attr", method = RequestMethod.GET)
     public String getAttr(
             @RequestParam("key") String key, Model model) {
@@ -41,5 +40,4 @@ public String getAttr(
     public String role2() {
         return "success";
     }
-
 }

shiro-example-chapter23-app2/src/main/webapp/success.jsp

@@ -5,7 +5,7 @@
     hello app1.<br/>
 
     <shiro:guest>
-        <a href="${pageContext.request.contextPath}/login?backurl=${pageContext.request.contextPath}">点击登录</a>
+        <a href="${pageContext.request.contextPath}/login?backUrl=${pageContext.request.contextPath}">点击登录</a>
     </shiro:guest>
 
     <shiro:authenticated>

shiro-example-chapter23-client/src/main/java/com/github/zhangkaitao/shiro/chapter23/client/ClientAuthenticationFilter.java

@@ -7,7 +7,6 @@
 import org.apache.shiro.web.filter.authc.AuthenticationFilter;
 import org.apache.shiro.web.util.SavedRequest;
 import org.apache.shiro.web.util.WebUtils;
-import org.springframework.util.StringUtils;
 
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
@@ -28,20 +27,35 @@ protected boolean isAccessAllowed(ServletRequest request, ServletResponse respon
 
     @Override
     protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
-        String successUrl = request.getParameter("backurl");
-        if(StringUtils.isEmpty(successUrl)) {
-            successUrl = getSuccessUrl();
-        }
-        saveRequest(request, successUrl);
+        String backUrl = request.getParameter("backUrl");
+        saveRequest(request, backUrl, getDefaultBackUrl(WebUtils.toHttp(request)));
         redirectToLogin(request, response);
         return false;
     }
-
-    protected void saveRequest(ServletRequest request, String successUrl) {
+    protected void saveRequest(ServletRequest request, String backUrl, String fallbackUrl) {
         Subject subject = SecurityUtils.getSubject();
         Session session = subject.getSession();
         HttpServletRequest httpRequest = WebUtils.toHttp(request);
-        SavedRequest savedRequest = new ClientSavedRequest(httpRequest, successUrl);
+        session.setAttribute("authc.fallbackUrl", fallbackUrl);
+        SavedRequest savedRequest = new ClientSavedRequest(httpRequest, backUrl);
         session.setAttribute(WebUtils.SAVED_REQUEST_KEY, savedRequest);
     }
+    private String getDefaultBackUrl(HttpServletRequest request) {
+        String scheme = request.getScheme();
+        String domain = request.getServerName();
+        int port = request.getServerPort();
+        String contextPath = request.getContextPath();
+        StringBuilder backUrl = new StringBuilder(scheme);
+        backUrl.append("://");
+        backUrl.append(domain);
+        if("http".equalsIgnoreCase(scheme) && port != 80) {
+            backUrl.append(String.valueOf(port));
+        } else if("https".equalsIgnoreCase(scheme) && port != 443) {
+            backUrl.append(String.valueOf(port));
+        }
+        backUrl.append(contextPath);
+        backUrl.append(getSuccessUrl());
+        return backUrl.toString();
+    }
+
 }

shiro-example-chapter23-client/src/main/java/com/github/zhangkaitao/shiro/chapter23/client/ClientRealm.java

@@ -16,19 +16,14 @@
  * <p>Version: 1.0
  */
 public class ClientRealm extends AuthorizingRealm {
-
     private RemoteServiceInterface remoteService;
     private String appKey;
-
     public void setRemoteService(RemoteServiceInterface remoteService) {
         this.remoteService = remoteService;
     }
-
     public void setAppKey(String appKey) {
         this.appKey = appKey;
     }
-
-
     @Override
     protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
         String username = (String) principals.getPrimaryPrincipal();
@@ -42,6 +37,6 @@ protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principal
     @Override
     protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
         //永远不会被调用
-        return null;
+        throw new UnsupportedOperationException("永远不会被调用");
     }
 }

shiro-example-chapter23-client/src/main/resources/client/shiro-client-default.properties

@@ -1,18 +1,21 @@
+#各应用的appKey
 client.app.key=
 #远程服务URL地址
 client.remote.service.url=http://localhost/chapter23-server/remoteService
 #登录地址
 client.login.url=http://localhost/chapter23-server/login
+#登录成功后，默认重定向到的地址
 client.success.url=/
-#未授权地址
+#未授权重定向到的地址
 client.unauthorized.url=http://localhost/chapter23-server/unauthorized
+#session id 域名
 client.cookie.domain=
+#session id 路径
 client.cookie.path=/
 #cookie中的session id名称
 client.session.id=sid
 #cookie中的remember me名称
 client.rememberMe.id=rememberMe
-client.session.timeout=1800000
 #过滤器 name=filter-ref;name=filter-ref
 client.filters=
 #过滤器链 格式 url=filters;url=filters

shiro-example-chapter23-client/src/main/resources/client/spring-client-shiro.xml

@@ -52,7 +52,6 @@
 
     <!-- 会话管理器 -->
     <bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
-        <property name="globalSessionTimeout" value="${client.session.timeout}"/>
         <property name="deleteInvalidSessions" value="false"/>
         <property name="sessionValidationSchedulerEnabled" value="false"/>
         <property name="sessionDAO" ref="sessionDAO"/>

shiro-example-chapter23-core/src/main/java/com/github/zhangkaitao/shiro/chapter23/core/ClientSavedRequest.java

@@ -14,14 +14,14 @@ public class ClientSavedRequest extends SavedRequest {
     private String domain;
     private int port;
     private String contextPath;
-    private String successUrl;
+    private String backUrl;
 
-    public ClientSavedRequest(HttpServletRequest request, String successUrl) {
+    public ClientSavedRequest(HttpServletRequest request, String backUrl) {
         super(request);
         this.scheme = request.getScheme();
         this.domain = request.getServerName();
         this.port = request.getServerPort();
-        this.successUrl = successUrl;
+        this.backUrl = backUrl;
         this.contextPath = request.getContextPath();
     }
 
@@ -41,35 +41,35 @@ public String getContextPath() {
         return contextPath;
     }
 
-    public String getSuccessUrl() {
-        return successUrl;
+    public String getBackUrl() {
+        return backUrl;
     }
 
     public String getRequestUrl() {
         String requestURI = getRequestURI();
-        if(successUrl != null) {//1
-            if(successUrl.toLowerCase().startsWith("http://") || successUrl.toLowerCase().startsWith("https://")) {
-                return successUrl;
-            } else if(!successUrl.startsWith(contextPath)) {//2
-                requestURI = contextPath + successUrl;
+        if(backUrl != null) {//1
+            if(backUrl.toLowerCase().startsWith("http://") || backUrl.toLowerCase().startsWith("https://")) {
+                return backUrl;
+            } else if(!backUrl.startsWith(contextPath)) {//2
+                requestURI = contextPath + backUrl;
             } else {//3
-                requestURI = successUrl;
+                requestURI = backUrl;
             }
         }
 
-        StringBuilder requestUrl = new StringBuilder(getScheme());//4
+        StringBuilder requestUrl = new StringBuilder(scheme);//4
         requestUrl.append("://");
-        requestUrl.append(getDomain());//5
+        requestUrl.append(domain);//5
         //6
-        if("http".equalsIgnoreCase(getScheme()) && getPort() != 80) {
+        if("http".equalsIgnoreCase(scheme) && port != 80) {
             requestUrl.append(String.valueOf(port));
-        } else if("https".equalsIgnoreCase(getScheme()) && getPort() != 443) {
+        } else if("https".equalsIgnoreCase(scheme) && port != 443) {
             requestUrl.append(String.valueOf(port));
         }
         //7
         requestUrl.append(requestURI);
         //8
-        if (successUrl == null && getQueryString() != null) {
+        if (backUrl == null && getQueryString() != null) {
             requestUrl.append("?").append(getQueryString());
         }
         return requestUrl.toString();

shiro-example-chapter23-nginx/pom.xml

@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>shiro-example</artifactId>
+        <groupId>com.github.zhangkaitao</groupId>
+        <version>1.0-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>shiro-example-chapter23-nginx</artifactId>
+
+
+</project>

shiro-example-chapter23-server/src/main/java/com/github/zhangkaitao/shiro/chapter23/service/AppService.java

@@ -19,5 +19,10 @@ public interface AppService {
     public App findOne(Long appId);
     public List<App> findAll();
 
+    /**
+     * 根据appKey查找AppId
+     * @param appKey
+     * @return
+     */
     public Long findAppIdByAppKey(String appKey);
 }

shiro-example-chapter23-server/src/main/java/com/github/zhangkaitao/shiro/chapter23/service/AuthorizationService.java

@@ -21,14 +21,14 @@ public interface AuthorizationService {
     public List<Authorization> findAll();
 
     /**
-     * 根据用户名查找其角色
+     * 根据AppKey和用户名查找其角色
      * @param username
      * @return
      */
     public Set<String> findRoles(String appKey, String username);
 
     /**
-     * 根据用户名查找其权限
+     * 根据AppKey和用户名查找权限字符串
      * @param username
      * @return
      */

shiro-example-chapter23-server/src/main/java/com/github/zhangkaitao/shiro/chapter23/web/shiro/filter/ServerFormAuthenticationFilter.java

@@ -0,0 +1,26 @@
+package com.github.zhangkaitao.shiro.chapter23.web.shiro.filter;
+
+import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
+import org.apache.shiro.web.util.WebUtils;
+import org.springframework.util.StringUtils;
+
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+
+/**
+ * <p>User: Zhang Kaitao
+ * <p>Date: 14-3-16
+ * <p>Version: 1.0
+ */
+public class ServerFormAuthenticationFilter extends FormAuthenticationFilter {
+
+    protected void issueSuccessRedirect(ServletRequest request, ServletResponse response) throws Exception {
+        String fallbackUrl = (String) getSubject(request, response)
+                .getSession().getAttribute("authc.fallbackUrl");
+        if(StringUtils.isEmpty(fallbackUrl)) {
+            fallbackUrl = getSuccessUrl();
+        }
+        WebUtils.redirectToSavedRequest(request, response, fallbackUrl);
+    }
+
+}

shiro-example-chapter23-server/src/main/resources/spring-config-shiro.xml

@@ -92,11 +92,10 @@
     </bean>
 
     <!-- 基于Form表单的身份验证过滤器 -->
-    <bean id="formAuthenticationFilter" class="org.apache.shiro.web.filter.authc.FormAuthenticationFilter">
+    <bean id="formAuthenticationFilter" class="com.github.zhangkaitao.shiro.chapter23.web.shiro.filter.ServerFormAuthenticationFilter">
         <property name="usernameParam" value="username"/>
         <property name="passwordParam" value="password"/>
         <property name="rememberMeParam" value="rememberMe"/>
-        <property name="loginUrl" value="/login"/>
     </bean>
 
     <bean id="sysUserFilter" class="com.github.zhangkaitao.shiro.chapter23.web.shiro.filter.SysUserFilter"/>