refactor: 去掉已经废弃的类和方法
This commit is contained in:
parent
835d4fb8a4
commit
c9c3a947b4
|
@ -1,14 +1,5 @@
|
||||||
package io.metersphere.commons.utils;
|
package io.metersphere.commons.utils;
|
||||||
|
|
||||||
import io.metersphere.security.CustomSessionIdGenerator;
|
|
||||||
import io.metersphere.security.CustomSessionManager;
|
|
||||||
import org.apache.shiro.cache.CacheManager;
|
|
||||||
import org.apache.shiro.session.mgt.SessionManager;
|
|
||||||
import org.apache.shiro.session.mgt.eis.AbstractSessionDAO;
|
|
||||||
import org.apache.shiro.web.servlet.Cookie;
|
|
||||||
import org.apache.shiro.web.servlet.SimpleCookie;
|
|
||||||
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
|
|
||||||
|
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
public class ShiroUtils {
|
public class ShiroUtils {
|
||||||
|
@ -94,26 +85,4 @@ public class ShiroUtils {
|
||||||
filterChainDefinitionMap.put("/language", "apikey, authc");// 跳转到 /language 不用校验 csrf
|
filterChainDefinitionMap.put("/language", "apikey, authc");// 跳转到 /language 不用校验 csrf
|
||||||
filterChainDefinitionMap.put("/mock", "apikey, authc"); // 跳转到 /mock接口 不用校验 csrf
|
filterChainDefinitionMap.put("/mock", "apikey, authc"); // 跳转到 /mock接口 不用校验 csrf
|
||||||
}
|
}
|
||||||
|
|
||||||
public static Cookie getSessionIdCookie() {
|
|
||||||
SimpleCookie sessionIdCookie = new SimpleCookie();
|
|
||||||
sessionIdCookie.setPath("/");
|
|
||||||
sessionIdCookie.setName("MS_SESSION_ID");
|
|
||||||
return sessionIdCookie;
|
|
||||||
}
|
|
||||||
|
|
||||||
public static SessionManager getSessionManager(Long sessionTimeout, CacheManager cacheManager) {
|
|
||||||
DefaultWebSessionManager sessionManager = new CustomSessionManager();
|
|
||||||
sessionManager.setSessionIdUrlRewritingEnabled(false);
|
|
||||||
sessionManager.setDeleteInvalidSessions(true);
|
|
||||||
sessionManager.setSessionValidationSchedulerEnabled(true);
|
|
||||||
sessionManager.setSessionIdCookie(ShiroUtils.getSessionIdCookie());
|
|
||||||
sessionManager.setGlobalSessionTimeout(sessionTimeout * 1000);// 超时时间ms
|
|
||||||
sessionManager.setCacheManager(cacheManager);
|
|
||||||
AbstractSessionDAO sessionDAO = (AbstractSessionDAO) sessionManager.getSessionDAO();
|
|
||||||
sessionDAO.setSessionIdGenerator(new CustomSessionIdGenerator());
|
|
||||||
|
|
||||||
//sessionManager.setSessionIdCookieEnabled(true);
|
|
||||||
return sessionManager;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,6 +4,7 @@ import io.metersphere.commons.constants.SessionConstants;
|
||||||
import io.metersphere.commons.utils.LogUtil;
|
import io.metersphere.commons.utils.LogUtil;
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
import org.apache.shiro.SecurityUtils;
|
import org.apache.shiro.SecurityUtils;
|
||||||
|
import org.apache.shiro.authc.UsernamePasswordToken;
|
||||||
import org.apache.shiro.web.filter.authc.AnonymousFilter;
|
import org.apache.shiro.web.filter.authc.AnonymousFilter;
|
||||||
import org.apache.shiro.web.util.WebUtils;
|
import org.apache.shiro.web.util.WebUtils;
|
||||||
|
|
||||||
|
@ -22,7 +23,7 @@ public class ApiKeyFilter extends AnonymousFilter {
|
||||||
// sso 带了token的
|
// sso 带了token的
|
||||||
String userId = ApiKeySessionHandler.validate(httpRequest);
|
String userId = ApiKeySessionHandler.validate(httpRequest);
|
||||||
if (StringUtils.isNotBlank(userId)) {
|
if (StringUtils.isNotBlank(userId)) {
|
||||||
SecurityUtils.getSubject().login(new MsUserToken(userId, ApiKeySessionHandler.random, "LOCAL"));
|
SecurityUtils.getSubject().login(new UsernamePasswordToken(userId, ApiKeySessionHandler.random));
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
@ -31,7 +32,7 @@ public class ApiKeyFilter extends AnonymousFilter {
|
||||||
if (!SecurityUtils.getSubject().isAuthenticated()) {
|
if (!SecurityUtils.getSubject().isAuthenticated()) {
|
||||||
String userId = ApiKeyHandler.getUser(WebUtils.toHttp(request));
|
String userId = ApiKeyHandler.getUser(WebUtils.toHttp(request));
|
||||||
if (StringUtils.isNotBlank(userId)) {
|
if (StringUtils.isNotBlank(userId)) {
|
||||||
SecurityUtils.getSubject().login(new MsUserToken(userId, ApiKeySessionHandler.random, "LOCAL"));
|
SecurityUtils.getSubject().login(new UsernamePasswordToken(userId, ApiKeySessionHandler.random));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,19 +0,0 @@
|
||||||
package io.metersphere.security;
|
|
||||||
|
|
||||||
import org.apache.commons.lang3.StringUtils;
|
|
||||||
import org.apache.shiro.session.Session;
|
|
||||||
import org.apache.shiro.session.mgt.eis.SessionIdGenerator;
|
|
||||||
|
|
||||||
import java.io.Serializable;
|
|
||||||
import java.util.UUID;
|
|
||||||
|
|
||||||
public class CustomSessionIdGenerator implements SessionIdGenerator {
|
|
||||||
@Override
|
|
||||||
public Serializable generateId(Session session) {
|
|
||||||
String threadSessionId = CustomSessionManager.threadSessionId.get();
|
|
||||||
if (StringUtils.isNotBlank(threadSessionId)) {
|
|
||||||
return threadSessionId;
|
|
||||||
}
|
|
||||||
return UUID.randomUUID().toString();
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,31 +0,0 @@
|
||||||
package io.metersphere.security;
|
|
||||||
|
|
||||||
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
|
|
||||||
import org.apache.shiro.web.util.WebUtils;
|
|
||||||
|
|
||||||
import javax.servlet.ServletRequest;
|
|
||||||
import javax.servlet.ServletResponse;
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import java.io.Serializable;
|
|
||||||
|
|
||||||
public class CustomSessionManager extends DefaultWebSessionManager {
|
|
||||||
|
|
||||||
static final ThreadLocal<String> threadSessionId = new ThreadLocal<>();
|
|
||||||
|
|
||||||
@Override
|
|
||||||
protected Serializable getSessionId(ServletRequest request, ServletResponse response) {
|
|
||||||
String id = null;
|
|
||||||
HttpServletRequest httpRequest = WebUtils.toHttp(request);
|
|
||||||
if (ApiKeyHandler.isApiKeyCall(httpRequest)) {
|
|
||||||
// API调用同一个ak使用同一个session,避免调用频繁,导致session过多,内存泄漏
|
|
||||||
id = httpRequest.getHeader(ApiKeyHandler.API_ACCESS_KEY);
|
|
||||||
setSessionIdCookieEnabled(false);
|
|
||||||
threadSessionId.set(id);
|
|
||||||
return id;
|
|
||||||
}
|
|
||||||
// 线程池中线程可能会复用,非api删除
|
|
||||||
threadSessionId.remove();
|
|
||||||
setSessionIdCookieEnabled(true);
|
|
||||||
return super.getSessionId(request, response);
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,24 +0,0 @@
|
||||||
package io.metersphere.security;
|
|
||||||
|
|
||||||
import org.apache.shiro.authc.UsernamePasswordToken;
|
|
||||||
|
|
||||||
public class MsUserToken extends UsernamePasswordToken {
|
|
||||||
private String loginType;
|
|
||||||
|
|
||||||
public MsUserToken() {
|
|
||||||
}
|
|
||||||
|
|
||||||
public MsUserToken(final String username, final String password, final String loginType) {
|
|
||||||
super(username, password);
|
|
||||||
this.loginType = loginType;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getLoginType() {
|
|
||||||
return loginType;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setLoginType(String loginType) {
|
|
||||||
this.loginType = loginType;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,43 +0,0 @@
|
||||||
package io.metersphere.security.realm;
|
|
||||||
|
|
||||||
import io.metersphere.commons.user.SessionUser;
|
|
||||||
import io.metersphere.commons.utils.SessionUtils;
|
|
||||||
import io.metersphere.dto.UserDTO;
|
|
||||||
import io.metersphere.i18n.Translator;
|
|
||||||
import io.metersphere.service.BaseUserService;
|
|
||||||
import org.apache.shiro.authc.*;
|
|
||||||
import org.apache.shiro.authz.AuthorizationInfo;
|
|
||||||
import org.apache.shiro.realm.AuthorizingRealm;
|
|
||||||
import org.apache.shiro.subject.PrincipalCollection;
|
|
||||||
|
|
||||||
import javax.annotation.Resource;
|
|
||||||
|
|
||||||
public abstract class BaseRealm extends AuthorizingRealm {
|
|
||||||
@Resource
|
|
||||||
private BaseUserService baseUserService;
|
|
||||||
|
|
||||||
@Override
|
|
||||||
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
|
|
||||||
UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
|
|
||||||
|
|
||||||
String userId = token.getUsername();
|
|
||||||
String password = String.valueOf(token.getPassword());
|
|
||||||
UserDTO user = baseUserService.getUserDTO(userId);
|
|
||||||
if (user == null) {
|
|
||||||
throw new UnknownAccountException(Translator.get("user_not_exist"));
|
|
||||||
}
|
|
||||||
SessionUser sessionUser = SessionUser.fromUser(user, SessionUtils.getSessionId());
|
|
||||||
SessionUtils.putUser(sessionUser);
|
|
||||||
return new SimpleAuthenticationInfo(userId, password, getName());
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public boolean isPermitted(PrincipalCollection principals, String permission) {
|
|
||||||
return SessionUtils.hasPermission(SessionUtils.getCurrentWorkspaceId(), SessionUtils.getCurrentProjectId(), permission);
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -12,6 +12,7 @@ import org.apache.shiro.SecurityUtils;
|
||||||
import org.apache.shiro.authc.*;
|
import org.apache.shiro.authc.*;
|
||||||
import org.apache.shiro.authz.AuthorizationInfo;
|
import org.apache.shiro.authz.AuthorizationInfo;
|
||||||
import org.apache.shiro.authz.SimpleAuthorizationInfo;
|
import org.apache.shiro.authz.SimpleAuthorizationInfo;
|
||||||
|
import org.apache.shiro.realm.AuthorizingRealm;
|
||||||
import org.apache.shiro.subject.PrincipalCollection;
|
import org.apache.shiro.subject.PrincipalCollection;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
@ -30,7 +31,7 @@ import java.util.Set;
|
||||||
* set realm
|
* set realm
|
||||||
* </p>
|
* </p>
|
||||||
*/
|
*/
|
||||||
public class LocalRealm extends BaseRealm {
|
public class LocalRealm extends AuthorizingRealm {
|
||||||
|
|
||||||
private Logger logger = LoggerFactory.getLogger(LocalRealm.class);
|
private Logger logger = LoggerFactory.getLogger(LocalRealm.class);
|
||||||
@Resource
|
@Resource
|
||||||
|
@ -79,6 +80,11 @@ public class LocalRealm extends BaseRealm {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean isPermitted(PrincipalCollection principals, String permission) {
|
||||||
|
return SessionUtils.hasPermission(SessionUtils.getCurrentWorkspaceId(), SessionUtils.getCurrentProjectId(), permission);
|
||||||
|
}
|
||||||
|
|
||||||
private UserDTO getUserWithOutAuthenticate(String userId) {
|
private UserDTO getUserWithOutAuthenticate(String userId) {
|
||||||
UserDTO user = baseUserService.getUserDTO(userId);
|
UserDTO user = baseUserService.getUserDTO(userId);
|
||||||
String msg;
|
String msg;
|
||||||
|
|
|
@ -26,7 +26,6 @@ import io.metersphere.request.LoginRequest;
|
||||||
import io.metersphere.request.member.EditPassWordRequest;
|
import io.metersphere.request.member.EditPassWordRequest;
|
||||||
import io.metersphere.request.member.EditSeleniumServerRequest;
|
import io.metersphere.request.member.EditSeleniumServerRequest;
|
||||||
import io.metersphere.request.member.QueryMemberRequest;
|
import io.metersphere.request.member.QueryMemberRequest;
|
||||||
import io.metersphere.security.MsUserToken;
|
|
||||||
import org.apache.commons.collections.CollectionUtils;
|
import org.apache.commons.collections.CollectionUtils;
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
import org.apache.shiro.SecurityUtils;
|
import org.apache.shiro.SecurityUtils;
|
||||||
|
@ -357,7 +356,7 @@ public class BaseUserService {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
MsUserToken token = new MsUserToken(username, password, login);
|
UsernamePasswordToken token = new UsernamePasswordToken(username, password);
|
||||||
Subject subject = SecurityUtils.getSubject();
|
Subject subject = SecurityUtils.getSubject();
|
||||||
try {
|
try {
|
||||||
subject.login(token);
|
subject.login(token);
|
||||||
|
|
Loading…
Reference in New Issue