refactor: 去掉已经废弃的类和方法
This commit is contained in:
parent
366aa6956b
commit
4017ec94ec
|
@ -1,14 +1,5 @@
|
|||
package io.metersphere.commons.utils;
|
||||
|
||||
import io.metersphere.security.CustomSessionIdGenerator;
|
||||
import io.metersphere.security.CustomSessionManager;
|
||||
import org.apache.shiro.cache.CacheManager;
|
||||
import org.apache.shiro.session.mgt.SessionManager;
|
||||
import org.apache.shiro.session.mgt.eis.AbstractSessionDAO;
|
||||
import org.apache.shiro.web.servlet.Cookie;
|
||||
import org.apache.shiro.web.servlet.SimpleCookie;
|
||||
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
|
||||
|
||||
import java.util.Map;
|
||||
|
||||
public class ShiroUtils {
|
||||
|
@ -94,26 +85,4 @@ public class ShiroUtils {
|
|||
filterChainDefinitionMap.put("/language", "apikey, authc");// 跳转到 /language 不用校验 csrf
|
||||
filterChainDefinitionMap.put("/mock", "apikey, authc"); // 跳转到 /mock接口 不用校验 csrf
|
||||
}
|
||||
|
||||
public static Cookie getSessionIdCookie() {
|
||||
SimpleCookie sessionIdCookie = new SimpleCookie();
|
||||
sessionIdCookie.setPath("/");
|
||||
sessionIdCookie.setName("MS_SESSION_ID");
|
||||
return sessionIdCookie;
|
||||
}
|
||||
|
||||
public static SessionManager getSessionManager(Long sessionTimeout, CacheManager cacheManager) {
|
||||
DefaultWebSessionManager sessionManager = new CustomSessionManager();
|
||||
sessionManager.setSessionIdUrlRewritingEnabled(false);
|
||||
sessionManager.setDeleteInvalidSessions(true);
|
||||
sessionManager.setSessionValidationSchedulerEnabled(true);
|
||||
sessionManager.setSessionIdCookie(ShiroUtils.getSessionIdCookie());
|
||||
sessionManager.setGlobalSessionTimeout(sessionTimeout * 1000);// 超时时间ms
|
||||
sessionManager.setCacheManager(cacheManager);
|
||||
AbstractSessionDAO sessionDAO = (AbstractSessionDAO) sessionManager.getSessionDAO();
|
||||
sessionDAO.setSessionIdGenerator(new CustomSessionIdGenerator());
|
||||
|
||||
//sessionManager.setSessionIdCookieEnabled(true);
|
||||
return sessionManager;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -4,6 +4,7 @@ import io.metersphere.commons.constants.SessionConstants;
|
|||
import io.metersphere.commons.utils.LogUtil;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.apache.shiro.SecurityUtils;
|
||||
import org.apache.shiro.authc.UsernamePasswordToken;
|
||||
import org.apache.shiro.web.filter.authc.AnonymousFilter;
|
||||
import org.apache.shiro.web.util.WebUtils;
|
||||
|
||||
|
@ -22,7 +23,7 @@ public class ApiKeyFilter extends AnonymousFilter {
|
|||
// sso 带了token的
|
||||
String userId = ApiKeySessionHandler.validate(httpRequest);
|
||||
if (StringUtils.isNotBlank(userId)) {
|
||||
SecurityUtils.getSubject().login(new MsUserToken(userId, ApiKeySessionHandler.random, "LOCAL"));
|
||||
SecurityUtils.getSubject().login(new UsernamePasswordToken(userId, ApiKeySessionHandler.random));
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
@ -31,7 +32,7 @@ public class ApiKeyFilter extends AnonymousFilter {
|
|||
if (!SecurityUtils.getSubject().isAuthenticated()) {
|
||||
String userId = ApiKeyHandler.getUser(WebUtils.toHttp(request));
|
||||
if (StringUtils.isNotBlank(userId)) {
|
||||
SecurityUtils.getSubject().login(new MsUserToken(userId, ApiKeySessionHandler.random, "LOCAL"));
|
||||
SecurityUtils.getSubject().login(new UsernamePasswordToken(userId, ApiKeySessionHandler.random));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,19 +0,0 @@
|
|||
package io.metersphere.security;
|
||||
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.apache.shiro.session.Session;
|
||||
import org.apache.shiro.session.mgt.eis.SessionIdGenerator;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.util.UUID;
|
||||
|
||||
public class CustomSessionIdGenerator implements SessionIdGenerator {
|
||||
@Override
|
||||
public Serializable generateId(Session session) {
|
||||
String threadSessionId = CustomSessionManager.threadSessionId.get();
|
||||
if (StringUtils.isNotBlank(threadSessionId)) {
|
||||
return threadSessionId;
|
||||
}
|
||||
return UUID.randomUUID().toString();
|
||||
}
|
||||
}
|
|
@ -1,31 +0,0 @@
|
|||
package io.metersphere.security;
|
||||
|
||||
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
|
||||
import org.apache.shiro.web.util.WebUtils;
|
||||
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import java.io.Serializable;
|
||||
|
||||
public class CustomSessionManager extends DefaultWebSessionManager {
|
||||
|
||||
static final ThreadLocal<String> threadSessionId = new ThreadLocal<>();
|
||||
|
||||
@Override
|
||||
protected Serializable getSessionId(ServletRequest request, ServletResponse response) {
|
||||
String id = null;
|
||||
HttpServletRequest httpRequest = WebUtils.toHttp(request);
|
||||
if (ApiKeyHandler.isApiKeyCall(httpRequest)) {
|
||||
// API调用同一个ak使用同一个session,避免调用频繁,导致session过多,内存泄漏
|
||||
id = httpRequest.getHeader(ApiKeyHandler.API_ACCESS_KEY);
|
||||
setSessionIdCookieEnabled(false);
|
||||
threadSessionId.set(id);
|
||||
return id;
|
||||
}
|
||||
// 线程池中线程可能会复用,非api删除
|
||||
threadSessionId.remove();
|
||||
setSessionIdCookieEnabled(true);
|
||||
return super.getSessionId(request, response);
|
||||
}
|
||||
}
|
|
@ -1,24 +0,0 @@
|
|||
package io.metersphere.security;
|
||||
|
||||
import org.apache.shiro.authc.UsernamePasswordToken;
|
||||
|
||||
public class MsUserToken extends UsernamePasswordToken {
|
||||
private String loginType;
|
||||
|
||||
public MsUserToken() {
|
||||
}
|
||||
|
||||
public MsUserToken(final String username, final String password, final String loginType) {
|
||||
super(username, password);
|
||||
this.loginType = loginType;
|
||||
}
|
||||
|
||||
public String getLoginType() {
|
||||
return loginType;
|
||||
}
|
||||
|
||||
public void setLoginType(String loginType) {
|
||||
this.loginType = loginType;
|
||||
}
|
||||
|
||||
}
|
|
@ -1,43 +0,0 @@
|
|||
package io.metersphere.security.realm;
|
||||
|
||||
import io.metersphere.commons.user.SessionUser;
|
||||
import io.metersphere.commons.utils.SessionUtils;
|
||||
import io.metersphere.dto.UserDTO;
|
||||
import io.metersphere.i18n.Translator;
|
||||
import io.metersphere.service.BaseUserService;
|
||||
import org.apache.shiro.authc.*;
|
||||
import org.apache.shiro.authz.AuthorizationInfo;
|
||||
import org.apache.shiro.realm.AuthorizingRealm;
|
||||
import org.apache.shiro.subject.PrincipalCollection;
|
||||
|
||||
import javax.annotation.Resource;
|
||||
|
||||
public abstract class BaseRealm extends AuthorizingRealm {
|
||||
@Resource
|
||||
private BaseUserService baseUserService;
|
||||
|
||||
@Override
|
||||
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
|
||||
UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
|
||||
|
||||
String userId = token.getUsername();
|
||||
String password = String.valueOf(token.getPassword());
|
||||
UserDTO user = baseUserService.getUserDTO(userId);
|
||||
if (user == null) {
|
||||
throw new UnknownAccountException(Translator.get("user_not_exist"));
|
||||
}
|
||||
SessionUser sessionUser = SessionUser.fromUser(user, SessionUtils.getSessionId());
|
||||
SessionUtils.putUser(sessionUser);
|
||||
return new SimpleAuthenticationInfo(userId, password, getName());
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isPermitted(PrincipalCollection principals, String permission) {
|
||||
return SessionUtils.hasPermission(SessionUtils.getCurrentWorkspaceId(), SessionUtils.getCurrentProjectId(), permission);
|
||||
}
|
||||
}
|
|
@ -12,6 +12,7 @@ import org.apache.shiro.SecurityUtils;
|
|||
import org.apache.shiro.authc.*;
|
||||
import org.apache.shiro.authz.AuthorizationInfo;
|
||||
import org.apache.shiro.authz.SimpleAuthorizationInfo;
|
||||
import org.apache.shiro.realm.AuthorizingRealm;
|
||||
import org.apache.shiro.subject.PrincipalCollection;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
@ -30,7 +31,7 @@ import java.util.Set;
|
|||
* set realm
|
||||
* </p>
|
||||
*/
|
||||
public class LocalRealm extends BaseRealm {
|
||||
public class LocalRealm extends AuthorizingRealm {
|
||||
|
||||
private Logger logger = LoggerFactory.getLogger(LocalRealm.class);
|
||||
@Resource
|
||||
|
@ -79,6 +80,11 @@ public class LocalRealm extends BaseRealm {
|
|||
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isPermitted(PrincipalCollection principals, String permission) {
|
||||
return SessionUtils.hasPermission(SessionUtils.getCurrentWorkspaceId(), SessionUtils.getCurrentProjectId(), permission);
|
||||
}
|
||||
|
||||
private UserDTO getUserWithOutAuthenticate(String userId) {
|
||||
UserDTO user = baseUserService.getUserDTO(userId);
|
||||
String msg;
|
||||
|
|
|
@ -26,7 +26,6 @@ import io.metersphere.request.LoginRequest;
|
|||
import io.metersphere.request.member.EditPassWordRequest;
|
||||
import io.metersphere.request.member.EditSeleniumServerRequest;
|
||||
import io.metersphere.request.member.QueryMemberRequest;
|
||||
import io.metersphere.security.MsUserToken;
|
||||
import org.apache.commons.collections.CollectionUtils;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.apache.shiro.SecurityUtils;
|
||||
|
@ -357,7 +356,7 @@ public class BaseUserService {
|
|||
}
|
||||
}
|
||||
|
||||
MsUserToken token = new MsUserToken(username, password, login);
|
||||
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
|
||||
Subject subject = SecurityUtils.getSubject();
|
||||
try {
|
||||
subject.login(token);
|
||||
|
|
Loading…
Reference in New Issue