From 1f606f0c18f7f89a5476335a4213b0ef377185a6 Mon Sep 17 00:00:00 2001 From: dinggang <2498628697@qq.com> Date: Thu, 28 Jul 2022 16:28:34 +0800 Subject: [PATCH] =?UTF-8?q?1.=E8=A5=BF=E6=B5=B7=E5=B2=B8=E5=9F=BA=E7=A1=80?= =?UTF-8?q?=E8=AE=BE=E6=96=BD=E9=9C=80=E6=B1=82=E4=BF=AE=E6=94=B9=202.shir?= =?UTF-8?q?o=E7=9A=84jsessionid=E9=97=AE=E9=A2=98=E4=BF=AE=E5=A4=8DV1.0=20?= =?UTF-8?q?3.=E6=96=B0=E5=A2=9E=E5=9F=BA=E7=A1=80=E8=AE=BE=E6=96=BDsql?= =?UTF-8?q?=E5=AF=BC=E5=85=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../service/impl/ResourceServiceImpl.java | 8 +- .../modules/security/config/ShiroConfig.java | 23 ++++-- .../security/oauth2/CasSSOValidator.java | 1 - .../security/oauth2/ShiroSessionManager.java | 81 +++++++++++++++++++ .../resources/db/R__init_tb_data_resource.sql | 1 + 5 files changed, 105 insertions(+), 9 deletions(-) create mode 100644 renren-admin/src/main/java/io/renren/modules/security/oauth2/ShiroSessionManager.java create mode 100644 renren-admin/src/main/resources/db/R__init_tb_data_resource.sql diff --git a/renren-admin/src/main/java/io/renren/modules/resource/service/impl/ResourceServiceImpl.java b/renren-admin/src/main/java/io/renren/modules/resource/service/impl/ResourceServiceImpl.java index 584c4b71..c0712750 100644 --- a/renren-admin/src/main/java/io/renren/modules/resource/service/impl/ResourceServiceImpl.java +++ b/renren-admin/src/main/java/io/renren/modules/resource/service/impl/ResourceServiceImpl.java @@ -50,6 +50,7 @@ import okhttp3.*; import org.activiti.engine.HistoryService; import org.activiti.engine.history.HistoricProcessInstance; import org.activiti.engine.history.HistoricProcessInstanceQuery; +import org.apache.commons.lang3.ObjectUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.BeanUtils; @@ -1063,9 +1064,10 @@ public class ResourceServiceImpl extends CrudServiceImpl applicationEntities = tAbilityApplicationDao.selectList(queryWrapper); ArrayList cameraList = new ArrayList(); applicationEntities.forEach(index -> { - List channelDto1s = cameraChannelMapper.selectByChannelCode(index.getCameraList().replaceAll("\"", "")); - if (!channelDto1s.isEmpty()) { - cameraList.add(channelDto1s.get(0)); + //List channelDto1s = cameraChannelMapper.selectByChannelCode(index.getCameraList().replaceAll("\"", "")); + CameraChannelDto1 channelDto1s = JSON.toJavaObject(JSON.parseObject(index.getCameraList()), CameraChannelDto1.class); + if (ObjectUtils.allNotNull(channelDto1s)) { + cameraList.add(channelDto1s); } }); return cameraList; diff --git a/renren-admin/src/main/java/io/renren/modules/security/config/ShiroConfig.java b/renren-admin/src/main/java/io/renren/modules/security/config/ShiroConfig.java index dcbe3650..2ef8f6ad 100644 --- a/renren-admin/src/main/java/io/renren/modules/security/config/ShiroConfig.java +++ b/renren-admin/src/main/java/io/renren/modules/security/config/ShiroConfig.java @@ -2,6 +2,7 @@ package io.renren.modules.security.config; import io.renren.modules.security.oauth2.Oauth2Filter; import io.renren.modules.security.oauth2.Oauth2Realm; +import io.renren.modules.security.oauth2.ShiroSessionManager; import org.apache.shiro.mgt.SecurityManager; import org.apache.shiro.session.mgt.SessionManager; import org.apache.shiro.spring.LifecycleBeanPostProcessor; @@ -9,6 +10,7 @@ import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSource import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.apache.shiro.web.session.mgt.DefaultWebSessionManager; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -26,13 +28,21 @@ public class ShiroConfig { // @Autowired // private Oauth2Filter oauth2Filter; + //@Autowired + //private ShiroSessionManager shiroSessionManager; + + //@Bean + //public DefaultWebSessionManager sessionManager() { + // DefaultWebSessionManager sessionManager = new DefaultWebSessionManager(); + // sessionManager.setSessionValidationSchedulerEnabled(false); + // sessionManager.setSessionIdUrlRewritingEnabled(false); + // sessionManager.setGlobalSessionTimeout(-1000l); + // return sessionManager; + //} + @Bean public DefaultWebSessionManager sessionManager() { - DefaultWebSessionManager sessionManager = new DefaultWebSessionManager(); - sessionManager.setSessionValidationSchedulerEnabled(false); - sessionManager.setSessionIdUrlRewritingEnabled(false); - sessionManager.setGlobalSessionTimeout(-1000l); - return sessionManager; + return new ShiroSessionManager(); } @Bean("securityManager") @@ -77,6 +87,9 @@ public class ShiroConfig { filterMap.put("/bsabilityrecord/**", "anon"); filterMap.put("/act/his/getInstImage", "anon"); + filterMap.put("/resource/getApplyCameraList/**", "anon"); + filterMap.put("/resource/hls/getHls", "anon"); + /** * 资源上传 */ diff --git a/renren-admin/src/main/java/io/renren/modules/security/oauth2/CasSSOValidator.java b/renren-admin/src/main/java/io/renren/modules/security/oauth2/CasSSOValidator.java index 9ba491ba..ad63a583 100644 --- a/renren-admin/src/main/java/io/renren/modules/security/oauth2/CasSSOValidator.java +++ b/renren-admin/src/main/java/io/renren/modules/security/oauth2/CasSSOValidator.java @@ -1,6 +1,5 @@ package io.renren.modules.security.oauth2; -import cn.hutool.core.util.URLUtil; import org.apache.commons.lang3.StringUtils; import org.jasig.cas.client.validation.Assertion; import org.jasig.cas.client.validation.TicketValidationException; diff --git a/renren-admin/src/main/java/io/renren/modules/security/oauth2/ShiroSessionManager.java b/renren-admin/src/main/java/io/renren/modules/security/oauth2/ShiroSessionManager.java new file mode 100644 index 00000000..014455cc --- /dev/null +++ b/renren-admin/src/main/java/io/renren/modules/security/oauth2/ShiroSessionManager.java @@ -0,0 +1,81 @@ +package io.renren.modules.security.oauth2; + +import org.apache.commons.lang.StringUtils; +import org.apache.shiro.session.Session; +import org.apache.shiro.session.mgt.SessionContext; +import org.apache.shiro.web.servlet.ShiroHttpServletRequest; +import org.apache.shiro.web.session.mgt.DefaultWebSessionManager; +import org.apache.shiro.web.util.WebUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.stereotype.Component; + +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.Serializable; + +//@Component +public class ShiroSessionManager extends DefaultWebSessionManager { + /** + * 返回客户端的, + */ + public final String TOKEN_NAME = "token"; + /** + * 这个是客户端请求给服务端带的header + */ + public final static String HEADER_TOKEN_NAME = "token"; + public final static Logger log = LoggerFactory.getLogger(ShiroSessionManager.class); + private static final String REFERENCED_SESSION_ID_SOURCE = "Stateless request"; + + /** + * 重写getSessionId,分析请求头中的指定参数,做用户凭证sessionId + */ + @Override + protected Serializable getSessionId(ServletRequest request, ServletResponse response) { + String sessionId = WebUtils.toHttp(request).getHeader(HEADER_TOKEN_NAME); + log.info("获取的sessionId为" + sessionId); + if (StringUtils.isEmpty(sessionId)) { + return super.getSessionId(request, response); + } else { + //如果请求头中有 token 则其值为sessionId + request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE, REFERENCED_SESSION_ID_SOURCE); + request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, sessionId); + request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE); + return sessionId; + } + } + + /*@Override + protected void onStart(Session session, SessionContext context) { + log.info("执行onStart"); + if (!WebUtils.isHttp(context)) { + log.debug("SessionContext argument is not HTTP compatible or does not have an HTTP request/response pair. No session ID cookie will be set."); + } else { + HttpServletRequest request = WebUtils.getHttpRequest(context); + HttpServletResponse response = WebUtils.getHttpResponse(context); + Serializable sessionId = session.getId(); + this.storeSessionId(sessionId, request, response); + request.removeAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE); + request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_IS_NEW, Boolean.TRUE); + } + } + + *//** + * 把sessionId 放入 response header 中 + * onStart时调用 + * 没有sessionid时 会产生sessionid 并放入 response header中 + *//* + private void storeSessionId(Serializable currentId, HttpServletRequest ignored, HttpServletResponse response) { + if (currentId == null) { + String msg = "sessionId cannot be null when persisting for subsequent requests."; + throw new IllegalArgumentException(msg); + } else { + String idString = currentId.toString(); + response.setHeader(this.TOKEN_NAME, idString); + log.info("Set session ID header for session with id {}", idString); + log.trace("Set session ID header for session with id {}", idString); + } + }*/ +} \ No newline at end of file diff --git a/renren-admin/src/main/resources/db/R__init_tb_data_resource.sql b/renren-admin/src/main/resources/db/R__init_tb_data_resource.sql new file mode 100644 index 00000000..312fde5f --- /dev/null +++ b/renren-admin/src/main/resources/db/R__init_tb_data_resource.sql @@ -0,0 +1 @@ +REPLACE INTO `tb_data_resource`(`id`, `type`, `name`, `description`, `link`, `api_method_type`, `api_url`, `group_id`, `dept_id`, `dept_contacts`, `dept_phone`, `share_type`, `share_mode`, `share_condition`, `district_id`, `visits`, `del_flag`, `creator`, `create_date`, `updater`, `update_date`, `note1`, `note2`, `note3`, `note4`, `note5`, `enclosure`, `undercarriage_reason`, `undercarriage_user_name`, `info_list`, `total`, `visitor`, `apply_number`, `undercarriage_enclosure`) VALUES (8888888880000000001, '基础设施', '申请摄像头', NULL, '', NULL, NULL, NULL, 1067246875800000066, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 9, NULL, NULL, NULL, '2022-07-04 18:23:47', NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, '[]', 13, 5, NULL, NULL);