zheng-upms接入shiro认证和授权

zheng-common/pom.xml

@@ -76,7 +76,7 @@
         <!-- shiro -->
         <dependency>
             <groupId>org.apache.shiro</groupId>
-            <artifactId>shiro-core</artifactId>
+            <artifactId>shiro-spring</artifactId>
             <version>1.3.2</version>
         </dependency>
         <!-- mybatis -->

zheng-common/src/main/resources/springMVC-servlet.xml

@@ -54,8 +54,8 @@
 
 	<!-- 配置静态资源，不被DispatcherServlet处理，增加缓存时间 -->
 	<mvc:resources mapping="/resources/**" location="/resources/" cache-period="10" />
-	<mvc:resources location="classpath:/META-INF/resources/" mapping="swagger-ui.html"/>
+	<mvc:resources mapping="swagger-ui.html" location="classpath:/META-INF/resources/"/>
-	<mvc:resources location="classpath:/META-INF/resources/webjars/" mapping="/webjars/**"/>
+	<mvc:resources mapping="/webjars/**" location="classpath:/META-INF/resources/webjars/"/>
 	
 	<!-- 上传文件配置 20*1024*1024即20M resolveLazily属性启用是为了推迟文件解析，以便捕获文件大小异常 -->
 	<bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver">

zheng-upms/zheng-upms-server/src/main/java/com/zheng/upms/admin/controller/SSOController.java

@@ -10,6 +10,12 @@ import com.zheng.upms.dao.model.UpmsUserExample;
 import com.zheng.upms.rpc.api.UpmsSystemService;
 import com.zheng.upms.rpc.api.UpmsUserService;
 import org.apache.commons.lang.StringUtils;
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.authc.IncorrectCredentialsException;
+import org.apache.shiro.authc.LockedAccountException;
+import org.apache.shiro.authc.UnknownAccountException;
+import org.apache.shiro.authc.UsernamePasswordToken;
+import org.apache.shiro.subject.Subject;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -28,6 +34,8 @@ import java.util.Map;
 import java.util.Set;
 import java.util.UUID;
 
+import static org.apache.shiro.web.filter.mgt.DefaultFilter.user;
+
 /**
  * 单点登录管理
  * Created by shuzheng on 2016/12/10.
@@ -140,20 +148,38 @@ public class SSOController {
 			result.put("data", SystemConstant.NO_PASSWORD);
 			return result;
 		}
-		// 校验帐号密码
+//		// 校验帐号密码
-		UpmsUserExample upmsUserExample = new UpmsUserExample();
+//		UpmsUserExample upmsUserExample = new UpmsUserExample();
-		upmsUserExample.createCriteria()
+//		upmsUserExample.createCriteria()
-				.andUsernameEqualTo(username);
+//				.andUsernameEqualTo(username);
-		UpmsUser upmsUser = upmsUserService.selectFirstByExample(upmsUserExample);
+//		UpmsUser upmsUser = upmsUserService.selectFirstByExample(upmsUserExample);
-		if (null == upmsUser) {
+//		if (null == upmsUser) {
+//			result.put("result", false);
+//			result.put("data", SystemConstant.ERROR_USERNAME);
+//			return result;
+//		}
+//		if (!upmsUser.getPassword().equals(MD5Util.MD5(password + upmsUser.getSalt()))) {
+//			result.put("result", false);
+//			result.put("data", SystemConstant.ERROR_PASSWORD);
+//			return result;
+//		}
+		// 使用shiro认证
+		Subject subject = SecurityUtils.getSubject();
+		UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(username, password);
+		try {
+			subject.login(usernamePasswordToken);
+		} catch (UnknownAccountException e) {
 			result.put("result", false);
 			result.put("data", SystemConstant.ERROR_USERNAME);
 			return result;
-		}
+		} catch (IncorrectCredentialsException e) {
-		if (!upmsUser.getPassword().equals(MD5Util.MD5(password + upmsUser.getSalt()))) {
 			result.put("result", false);
 			result.put("data", SystemConstant.ERROR_PASSWORD);
 			return result;
+		} catch (LockedAccountException e) {
+			result.put("result", false);
+			result.put("data", SystemConstant.INVALID_ACCOUNT);
+			return result;
 		}
 		// 分配单点登录sessionId，不使用session获取会话id，改为cookie，防止session丢失
 		String sessionId = CookieUtil.getCookie(request, ZHENG_UPMS_SSO_SERVER_SESSION_ID);

zheng-upms/zheng-upms-server/src/main/java/com/zheng/upms/admin/controller/manage/SystemController.java

@@ -2,6 +2,9 @@ package com.zheng.upms.admin.controller.manage;
 
 import com.zheng.upms.dao.model.UpmsSystemExample;
 import com.zheng.upms.rpc.api.UpmsSystemService;
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -14,6 +17,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
  * Created by shuzheng on 2016/12/18.
  */
 @Controller
+@Api(value = "系统管理", description = "注册系统管理")
 @RequestMapping("/manage/system")
 public class SystemController {
 
@@ -22,12 +26,17 @@ public class SystemController {
 	@Autowired
 	private UpmsSystemService upmsSystemService;
 
-
+	@ApiOperation(value = "系统首页")
+	@RequiresPermissions("upms.system.read")
+    //@RequiresUser
 	@RequestMapping("/index")
 	public String index() {
 		return "/manage/system/index";
 	}
 
+	@ApiOperation(value = "系统列表")
+	@RequiresPermissions("upms.system.read")
+    //@RequiresUser
 	@RequestMapping("/list")
 	@ResponseBody
 	public Object list() {

zheng-upms/zheng-upms-server/src/main/java/com/zheng/upms/admin/realm/UpmsRealm.java

@@ -0,0 +1,80 @@
+package com.zheng.upms.admin.realm;
+
+import com.zheng.common.util.MD5Util;
+import com.zheng.upms.dao.model.UpmsUser;
+import com.zheng.upms.dao.model.UpmsUserExample;
+import com.zheng.upms.rpc.api.UpmsUserService;
+import org.apache.shiro.authc.*;
+import org.apache.shiro.authz.AuthorizationInfo;
+import org.apache.shiro.authz.SimpleAuthorizationInfo;
+import org.apache.shiro.realm.AuthorizingRealm;
+import org.apache.shiro.subject.PrincipalCollection;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * Created by shuzheng on 2017/1/20.
+ */
+public class UpmsRealm extends AuthorizingRealm {
+
+    private static Logger _log = LoggerFactory.getLogger(UpmsRealm.class);
+
+    @Autowired
+    private UpmsUserService upmsUserService;
+
+    /**
+     * 授权：验证权限时调用
+     * @param principalCollection
+     * @return
+     */
+    @Override
+    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
+        // 当前用户
+        UpmsUser upmsUser = (UpmsUser) principalCollection.getPrimaryPrincipal();
+        _log.info("授权：upmsUser={}", upmsUser);
+
+        // 全部权限 TODO
+        Set<String> permissions = new HashSet<>();
+        permissions.add("*:*:*");
+
+        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
+        simpleAuthorizationInfo.setStringPermissions(permissions);
+        return simpleAuthorizationInfo;
+    }
+
+    /**
+     * 认证：登录时调用
+     * @param authenticationToken
+     * @return
+     * @throws AuthenticationException
+     */
+    @Override
+    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
+        String username = (String) authenticationToken.getPrincipal();
+        String password = new String((char[]) authenticationToken.getCredentials());
+        _log.info("认证：username={}, password={}", username, password);
+
+        // 查询用户信息
+        UpmsUserExample upmsUserExample = new UpmsUserExample();
+        upmsUserExample.createCriteria()
+            .andUsernameEqualTo(username);
+        UpmsUser upmsUser = upmsUserService.selectFirstByExample(upmsUserExample);
+
+        if (null == upmsUser) {
+            throw new UnknownAccountException("帐号不存在！");
+        }
+        if (!upmsUser.getPassword().equals(MD5Util.MD5(password + upmsUser.getSalt()))) {
+            throw new IncorrectCredentialsException("密码错误！");
+        }
+        if (upmsUser.getStatus() == -1) {
+            throw new LockedAccountException("账号已被锁定！");
+        }
+
+        return new SimpleAuthenticationInfo(upmsUser, password, getName());
+    }
+
+}

zheng-upms/zheng-upms-server/src/main/resources/applicationContext-shiro.xml

@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xsi:schemaLocation="http://www.springframework.org/schema/beans
+	    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">
+
+    <description>zheng-upms</description>
+
+    <!--设置自定义realm，继承自AuthorizingRealm -->
+    <bean id="upmsRealm" class="com.zheng.upms.admin.realm.UpmsRealm"></bean>
+
+    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
+        <property name="realm" ref="upmsRealm"/>
+    </bean>
+
+    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
+        <property name="securityManager" ref="securityManager"/>
+        <property name="loginUrl" value="/sso/login"/>
+        <property name="successUrl" value="/manage"/>
+        <property name="unauthorizedUrl" value="/403"/>
+        <property name="filterChainDefinitions">
+            <value>
+                swagger-ui.html = anon
+                /webjars/** = anon
+                /resources/** = anon
+                /sso/login = anon
+                /manage/**=authc
+            </value>
+        </property>
+    </bean>
+
+    <!-- 设置SecurityUtils -->
+    <bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
+        <property name="staticMethod" value="org.apache.shiro.SecurityUtils.setSecurityManager"/>
+        <property name="arguments" ref="securityManager"/>
+    </bean>
+
+    <!-- @RequiresPermissions注解支持 -->
+    <!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->
+    <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
+    <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor"/>
+    <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
+        <property name="securityManager" ref="securityManager"/>
+    </bean>
+
+</beans>

zheng-upms/zheng-upms-server/src/main/webapp/WEB-INF/jsp/sso/login.jsp

@@ -90,6 +90,9 @@
                     if (10005 == json.data) {
                         alert("密码错误！");
                     }
+                    if (10006 == json.data) {
+                        alert("帐号被封！");
+                    }
                 }
             },
             error: function(error){

zheng-upms/zheng-upms-server/src/main/webapp/WEB-INF/web.xml

@@ -89,6 +89,20 @@
         <url-pattern>/manage/*</url-pattern>
     </filter-mapping>
 
+    <!-- shiro -->
+    <filter>
+        <filter-name>shiroFilter</filter-name>
+        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+        <init-param>
+            <param-name>targetFilterLifecycle</param-name>
+            <param-value>true</param-value>
+        </init-param>
+    </filter>
+    <filter-mapping>
+        <filter-name>shiroFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
+
     <!-- Druid连接池监控页面 -->
     <servlet>
         <servlet-name>DruidStatView</servlet-name>