net.ifok.project.stateless.shiro.config

类 StatelessShiroConfig

java.lang.Object

net.ifok.project.stateless.shiro.config.StatelessShiroConfig

@Configuration
public class StatelessShiroConfig
extends Object

注意，无状态会话，shiro本身不需要缓存，缓存用来控制token过期

作者:

xqlee

构造器概要

构造器

构造器和说明
StatelessShiroConfig()

方法概要

限定符和类型	方法和说明
org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator	advisorAutoProxyCreator() * 开启Shiro的注解(如@RequiresRoles,@RequiresPermissions), 需借助SpringAOP扫描使用Shiro注解的类,并在必要时进行安全逻辑验证 * 配置以下两个bean(DefaultAdvisorAutoProxyCreator(可选) 和AuthorizationAttributeSourceAdvisor)即可实现此功能 *
org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor	authorizationAttributeSourceAdvisor(org.apache.shiro.mgt.SecurityManager securityManager)
org.springframework.boot.web.servlet.FilterRegistrationBean	delegatingFilterProxy() 拦截器注册
org.apache.shiro.mgt.SecurityManager	securityManager(StatelessRealm statelessRealm, org.apache.shiro.mgt.SessionStorageEvaluator sessionStorageEvaluator, org.apache.shiro.mgt.SubjectFactory subjectFactory, org.apache.shiro.session.mgt.SessionManager sessionManager) 安全管理配置
org.apache.shiro.session.mgt.SessionManager	sessionManager() sessionManager通过sessionValidationSchedulerEnabled禁用掉会话调度器， 因为我们禁用掉了会话，所以没必要再定期过期会话了。
org.apache.shiro.mgt.SessionStorageEvaluator	sessionStorageEvaluator() 注入SessionStorageEvaluator,关闭Session存储
org.apache.shiro.spring.web.ShiroFilterFactoryBean	shiroFilterFactoryBean(org.apache.shiro.mgt.SecurityManager securityManager, StatelessAccessControlFilter statelessAccessControlFilter) 拦截器配置
StatelessAccessControlFilter	statelessAuthcFilter() Add.
StatelessDefaultSubjectFactory	subjectFactory() 自定义的无状态（不创建session）Subject工厂
StatelessRealm	userRealm() 注入无状态的realm

从类继承的方法 java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

构造器详细资料

StatelessShiroConfig

public StatelessShiroConfig()

方法详细资料

userRealm

@Bean
public StatelessRealm userRealm()

注入无状态的realm

返回:

subjectFactory

@Bean
public StatelessDefaultSubjectFactory subjectFactory()

自定义的无状态（不创建session）Subject工厂

返回:

sessionManager

@Bean
public org.apache.shiro.session.mgt.SessionManager sessionManager()

sessionManager通过sessionValidationSchedulerEnabled禁用掉会话调度器， 因为我们禁用掉了会话，所以没必要再定期过期会话了。

返回:

sessionStorageEvaluator

@Bean
public org.apache.shiro.mgt.SessionStorageEvaluator sessionStorageEvaluator()

注入SessionStorageEvaluator,关闭Session存储

securityManager

@Bean
public org.apache.shiro.mgt.SecurityManager securityManager(StatelessRealm statelessRealm,
                                                                   org.apache.shiro.mgt.SessionStorageEvaluator sessionStorageEvaluator,
                                                                   org.apache.shiro.mgt.SubjectFactory subjectFactory,
                                                                   org.apache.shiro.session.mgt.SessionManager sessionManager)

安全管理配置

返回:

statelessAuthcFilter

@Bean
public StatelessAccessControlFilter statelessAuthcFilter()

Add. 访问控制器.

返回:

shiroFilterFactoryBean

@Bean(name="shiroFilterFactoryBean")
public org.apache.shiro.spring.web.ShiroFilterFactoryBean shiroFilterFactoryBean(org.apache.shiro.mgt.SecurityManager securityManager,
                                                                                                                       StatelessAccessControlFilter statelessAccessControlFilter)

拦截器配置

delegatingFilterProxy

@Bean
public org.springframework.boot.web.servlet.FilterRegistrationBean delegatingFilterProxy()

拦截器注册

advisorAutoProxyCreator

@Bean
public org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator()

* 开启Shiro的注解(如@RequiresRoles,@RequiresPermissions), 需借助SpringAOP扫描使用Shiro注解的类,并在必要时进行安全逻辑验证 * 配置以下两个bean(DefaultAdvisorAutoProxyCreator(可选) 和AuthorizationAttributeSourceAdvisor)即可实现此功能 *

authorizationAttributeSourceAdvisor

@Bean
public org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(org.apache.shiro.mgt.SecurityManager securityManager)