refactor: 去掉已经废弃的类和方法

This commit is contained in:
CaptainB 2022-11-04 14:47:25 +08:00 committed by 刘瑞斌
parent 835d4fb8a4
commit c9c3a947b4
8 changed files with 11 additions and 153 deletions

View File

@ -1,14 +1,5 @@
package io.metersphere.commons.utils; package io.metersphere.commons.utils;
import io.metersphere.security.CustomSessionIdGenerator;
import io.metersphere.security.CustomSessionManager;
import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.session.mgt.eis.AbstractSessionDAO;
import org.apache.shiro.web.servlet.Cookie;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import java.util.Map; import java.util.Map;
public class ShiroUtils { public class ShiroUtils {
@ -94,26 +85,4 @@ public class ShiroUtils {
filterChainDefinitionMap.put("/language", "apikey, authc");// 跳转到 /language 不用校验 csrf filterChainDefinitionMap.put("/language", "apikey, authc");// 跳转到 /language 不用校验 csrf
filterChainDefinitionMap.put("/mock", "apikey, authc"); // 跳转到 /mock接口 不用校验 csrf filterChainDefinitionMap.put("/mock", "apikey, authc"); // 跳转到 /mock接口 不用校验 csrf
} }
public static Cookie getSessionIdCookie() {
SimpleCookie sessionIdCookie = new SimpleCookie();
sessionIdCookie.setPath("/");
sessionIdCookie.setName("MS_SESSION_ID");
return sessionIdCookie;
}
public static SessionManager getSessionManager(Long sessionTimeout, CacheManager cacheManager) {
DefaultWebSessionManager sessionManager = new CustomSessionManager();
sessionManager.setSessionIdUrlRewritingEnabled(false);
sessionManager.setDeleteInvalidSessions(true);
sessionManager.setSessionValidationSchedulerEnabled(true);
sessionManager.setSessionIdCookie(ShiroUtils.getSessionIdCookie());
sessionManager.setGlobalSessionTimeout(sessionTimeout * 1000);// 超时时间ms
sessionManager.setCacheManager(cacheManager);
AbstractSessionDAO sessionDAO = (AbstractSessionDAO) sessionManager.getSessionDAO();
sessionDAO.setSessionIdGenerator(new CustomSessionIdGenerator());
//sessionManager.setSessionIdCookieEnabled(true);
return sessionManager;
}
} }

View File

@ -4,6 +4,7 @@ import io.metersphere.commons.constants.SessionConstants;
import io.metersphere.commons.utils.LogUtil; import io.metersphere.commons.utils.LogUtil;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.SecurityUtils; import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.web.filter.authc.AnonymousFilter; import org.apache.shiro.web.filter.authc.AnonymousFilter;
import org.apache.shiro.web.util.WebUtils; import org.apache.shiro.web.util.WebUtils;
@ -22,7 +23,7 @@ public class ApiKeyFilter extends AnonymousFilter {
// sso 带了token的 // sso 带了token的
String userId = ApiKeySessionHandler.validate(httpRequest); String userId = ApiKeySessionHandler.validate(httpRequest);
if (StringUtils.isNotBlank(userId)) { if (StringUtils.isNotBlank(userId)) {
SecurityUtils.getSubject().login(new MsUserToken(userId, ApiKeySessionHandler.random, "LOCAL")); SecurityUtils.getSubject().login(new UsernamePasswordToken(userId, ApiKeySessionHandler.random));
} }
return true; return true;
} }
@ -31,7 +32,7 @@ public class ApiKeyFilter extends AnonymousFilter {
if (!SecurityUtils.getSubject().isAuthenticated()) { if (!SecurityUtils.getSubject().isAuthenticated()) {
String userId = ApiKeyHandler.getUser(WebUtils.toHttp(request)); String userId = ApiKeyHandler.getUser(WebUtils.toHttp(request));
if (StringUtils.isNotBlank(userId)) { if (StringUtils.isNotBlank(userId)) {
SecurityUtils.getSubject().login(new MsUserToken(userId, ApiKeySessionHandler.random, "LOCAL")); SecurityUtils.getSubject().login(new UsernamePasswordToken(userId, ApiKeySessionHandler.random));
} }
} }

View File

@ -1,19 +0,0 @@
package io.metersphere.security;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.mgt.eis.SessionIdGenerator;
import java.io.Serializable;
import java.util.UUID;
public class CustomSessionIdGenerator implements SessionIdGenerator {
@Override
public Serializable generateId(Session session) {
String threadSessionId = CustomSessionManager.threadSessionId.get();
if (StringUtils.isNotBlank(threadSessionId)) {
return threadSessionId;
}
return UUID.randomUUID().toString();
}
}

View File

@ -1,31 +0,0 @@
package io.metersphere.security;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.apache.shiro.web.util.WebUtils;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import java.io.Serializable;
public class CustomSessionManager extends DefaultWebSessionManager {
static final ThreadLocal<String> threadSessionId = new ThreadLocal<>();
@Override
protected Serializable getSessionId(ServletRequest request, ServletResponse response) {
String id = null;
HttpServletRequest httpRequest = WebUtils.toHttp(request);
if (ApiKeyHandler.isApiKeyCall(httpRequest)) {
// API调用同一个ak使用同一个session避免调用频繁导致session过多内存泄漏
id = httpRequest.getHeader(ApiKeyHandler.API_ACCESS_KEY);
setSessionIdCookieEnabled(false);
threadSessionId.set(id);
return id;
}
// 线程池中线程可能会复用非api删除
threadSessionId.remove();
setSessionIdCookieEnabled(true);
return super.getSessionId(request, response);
}
}

View File

@ -1,24 +0,0 @@
package io.metersphere.security;
import org.apache.shiro.authc.UsernamePasswordToken;
public class MsUserToken extends UsernamePasswordToken {
private String loginType;
public MsUserToken() {
}
public MsUserToken(final String username, final String password, final String loginType) {
super(username, password);
this.loginType = loginType;
}
public String getLoginType() {
return loginType;
}
public void setLoginType(String loginType) {
this.loginType = loginType;
}
}

View File

@ -1,43 +0,0 @@
package io.metersphere.security.realm;
import io.metersphere.commons.user.SessionUser;
import io.metersphere.commons.utils.SessionUtils;
import io.metersphere.dto.UserDTO;
import io.metersphere.i18n.Translator;
import io.metersphere.service.BaseUserService;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import javax.annotation.Resource;
public abstract class BaseRealm extends AuthorizingRealm {
@Resource
private BaseUserService baseUserService;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
String userId = token.getUsername();
String password = String.valueOf(token.getPassword());
UserDTO user = baseUserService.getUserDTO(userId);
if (user == null) {
throw new UnknownAccountException(Translator.get("user_not_exist"));
}
SessionUser sessionUser = SessionUser.fromUser(user, SessionUtils.getSessionId());
SessionUtils.putUser(sessionUser);
return new SimpleAuthenticationInfo(userId, password, getName());
}
@Override
public boolean isPermitted(PrincipalCollection principals, String permission) {
return SessionUtils.hasPermission(SessionUtils.getCurrentWorkspaceId(), SessionUtils.getCurrentProjectId(), permission);
}
}

View File

@ -12,6 +12,7 @@ import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*; import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.subject.PrincipalCollection;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
@ -30,7 +31,7 @@ import java.util.Set;
* set realm * set realm
* </p> * </p>
*/ */
public class LocalRealm extends BaseRealm { public class LocalRealm extends AuthorizingRealm {
private Logger logger = LoggerFactory.getLogger(LocalRealm.class); private Logger logger = LoggerFactory.getLogger(LocalRealm.class);
@Resource @Resource
@ -79,6 +80,11 @@ public class LocalRealm extends BaseRealm {
} }
@Override
public boolean isPermitted(PrincipalCollection principals, String permission) {
return SessionUtils.hasPermission(SessionUtils.getCurrentWorkspaceId(), SessionUtils.getCurrentProjectId(), permission);
}
private UserDTO getUserWithOutAuthenticate(String userId) { private UserDTO getUserWithOutAuthenticate(String userId) {
UserDTO user = baseUserService.getUserDTO(userId); UserDTO user = baseUserService.getUserDTO(userId);
String msg; String msg;

View File

@ -26,7 +26,6 @@ import io.metersphere.request.LoginRequest;
import io.metersphere.request.member.EditPassWordRequest; import io.metersphere.request.member.EditPassWordRequest;
import io.metersphere.request.member.EditSeleniumServerRequest; import io.metersphere.request.member.EditSeleniumServerRequest;
import io.metersphere.request.member.QueryMemberRequest; import io.metersphere.request.member.QueryMemberRequest;
import io.metersphere.security.MsUserToken;
import org.apache.commons.collections.CollectionUtils; import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.SecurityUtils; import org.apache.shiro.SecurityUtils;
@ -357,7 +356,7 @@ public class BaseUserService {
} }
} }
MsUserToken token = new MsUserToken(username, password, login); UsernamePasswordToken token = new UsernamePasswordToken(username, password);
Subject subject = SecurityUtils.getSubject(); Subject subject = SecurityUtils.getSubject();
try { try {
subject.login(token); subject.login(token);