shiro-redis
直接引入
<dependency>
<groupId>org.crazycake</groupId>
<artifactId>shiro-redis</artifactId>
<version>3.2.1</version>
</dependency>
需要自定义逻辑的话,一些关键的实现(代码节选)
自定义认证和授权
AuthorizingRealm myRealm = new AuthorizingRealm (){
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
// 自定义认证逻辑...
return new SimpleAuthenticationInfo();
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
// 自定义授权逻辑...
return new SimpleAuthorizationInfo();
}
};
自定义过滤器
public class KickoutSessionFilter extends FormAuthenticationFilter {
@Override
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object o) {
return false;
}
@Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
// 过滤处理...
return false;
}
}
同时在ShiroConfig中配置上面的过滤器
@Bean
public ShiroFilterFactoryBean shiroFilter(DefaultWebSecurityManager securityManager) {
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(securityManager);
// 自定义过滤
Map<String, Filter> filterMap = shiroFilterFactoryBean.getFilters();
KickoutSessionFilter kickoutSessionFilter = new KickoutSessionFilter();
kickoutSessionFilter.setLoginUrl("/api/user/login");
filterMap.put("oauth2", kickoutSessionFilter);
shiroFilterFactoryBean.setFilters(filterMap);
shiroFilterFactoryBean.setLoginUrl("/api/user/login");
shiroFilterFactoryBean.setSuccessUrl("/");
//注意此处使用的是LinkedHashMap,是有顺序的,shiro会按从上到下的顺序匹配验证,匹配了就不再继续验证
//所以上面的url要苛刻,宽松的url要放在下面,尤其是"/**"要放到最下面,如果放前面的话其后的验证规则就没作用了。
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
filterChainDefinitionMap.put("/xxxx/xxxx", "oauth2");
filterChainDefinitionMap.put("/**", "anon");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
nginx 默认参数
client_max_body_size 默认为 1m
有上传文件操作的服务涉及到转发时 要注意这个值的设置
yapi
研究中
dockerfile
研究中
JAVA获取客户端ip
public static String getRemoteAddr(HttpServletRequest request) {
return request.getRemoteAddr();
}
在使用代理的情况下,可通过获取header中的属性
String[] HEADERS_TO_TRY = {
"X-Forwarded-For",
"Proxy-Client-IP",
"WL-Proxy-Client-IP",
"HTTP_X_FORWARDED_FOR",
"HTTP_X_FORWARDED",
"HTTP_X_CLUSTER_CLIENT_IP",
"HTTP_CLIENT_IP",
"HTTP_FORWARDED_FOR",
"HTTP_FORWARDED",
"HTTP_VIA",
"REMOTE_ADDR",
"X-Real-IP"};
其他实际问题
SpringBoot HikariPool 第一次连接超时