Merge remote-tracking branch 'origin/master'

hsweb-authorization/hsweb-authorization-security/pom.xml

@@ -1,15 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0"
-         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-    <parent>
-        <artifactId>hsweb-authorization</artifactId>
-        <groupId>org.hswebframework.web</groupId>
-        <version>3.0-SNAPSHOT</version>
-    </parent>
-    <modelVersion>4.0.0</modelVersion>
-
-    <artifactId>hsweb-authorization-security</artifactId>
-
-
-</project>

hsweb-authorization/hsweb-authorization-shiro/README.md

@@ -1,3 +0,0 @@
-# shiro 权限控制实现
-
-shiro实现已被砍,请看[basic实现](../hsweb-authorization-basic)

hsweb-authorization/hsweb-authorization-shiro/pom.xml

@@ -1,89 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  ~ /*
-  ~  * Copyright 2016 http://www.hswebframework.org
-  ~  *
-  ~  * Licensed under the Apache License, Version 2.0 (the "License");
-  ~  * you may not use this file except in compliance with the License.
-  ~  * You may obtain a copy of the License at
-  ~  *
-  ~  *     http://www.apache.org/licenses/LICENSE-2.0
-  ~  *
-  ~  * Unless required by applicable law or agreed to in writing, software
-  ~  * distributed under the License is distributed on an "AS IS" BASIS,
-  ~  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  ~  * See the License for the specific language governing permissions and
-  ~  * limitations under the License.
-  ~  */
-  -->
-
-<project xmlns="http://maven.apache.org/POM/4.0.0"
-         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-    <parent>
-        <artifactId>hsweb-authorization</artifactId>
-        <groupId>org.hswebframework.web</groupId>
-        <version>3.0-SNAPSHOT</version>
-    </parent>
-    <modelVersion>4.0.0</modelVersion>
-
-    <artifactId>hsweb-authorization-shiro</artifactId>
-
-    <properties>
-        <shiro.version>1.3.2</shiro.version>
-    </properties>
-    <dependencies>
-        <dependency>
-            <groupId>${project.parent.groupId}</groupId>
-            <artifactId>hsweb-authorization-api</artifactId>
-            <version>${project.parent.version}</version>
-        </dependency>
-
-        <dependency>
-            <groupId>org.hswebframework.web</groupId>
-            <artifactId>hsweb-commons-controller</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.shiro</groupId>
-            <artifactId>shiro-core</artifactId>
-            <version>${shiro.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.shiro</groupId>
-            <artifactId>shiro-spring</artifactId>
-            <version>${shiro.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.aspectj</groupId>
-            <artifactId>aspectjweaver</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.slf4j</groupId>
-            <artifactId>slf4j-api</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-web</artifactId>
-            <optional>true</optional>
-        </dependency>
-        <dependency>
-            <groupId>javax.servlet</groupId>
-            <artifactId>servlet-api</artifactId>
-            <version>2.5</version>
-            <optional>true</optional>
-        </dependency>
-        <dependency>
-            <groupId>org.hswebframework.web</groupId>
-            <artifactId>hsweb-authorization-oauth2-client</artifactId>
-            <version>${project.version}</version>
-            <optional>true</optional>
-        </dependency>
-    </dependencies>
-
-</project>

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/AutoSyncAuthenticationSupplier.java

@@ -1,130 +0,0 @@
-/*
- *  Copyright 2016 http://www.hswebframework.org
- *
- *  Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *
- */
-
-package org.hswebframework.web.authorization.shiro;
-
-import org.apache.shiro.SecurityUtils;
-import org.hswebframework.web.ThreadLocalUtils;
-import org.hswebframework.web.authorization.*;
-
-import java.io.Serializable;
-import java.util.List;
-import java.util.Map;
-import java.util.Objects;
-import java.util.Optional;
-
-/**
- * 可自动同步权限信息的权限获取器,当修改了权限信息后。
- * 如:{@link Authentication#setAttribute}会自动将修改后的数据同步到权限存储中
- *
- * @author zhouhao
- * @see AuthenticationSupplier
- * @see AuthenticationManager
- * @since 3.0
- */
-public class AutoSyncAuthenticationSupplier implements AuthenticationSupplier {
-    private AuthenticationManager authenticationManager;
-
-    public AutoSyncAuthenticationSupplier(AuthenticationManager authenticationManager) {
-        Objects.requireNonNull(authenticationManager);
-        this.authenticationManager = authenticationManager;
-    }
-
-    @Override
-    public Authentication get(String userId) {
-        Authentication nativeAuth = getNative(userId);
-        if (null == nativeAuth) return null;
-        return new AutoSyncAuthentication(nativeAuth);
-    }
-
-    @Override
-    public Authentication get() {
-        Authentication nativeAuth = getNative();
-        if (null == nativeAuth) return null;
-        return new AutoSyncAuthentication(nativeAuth);
-    }
-
-    protected Authentication getNative(String userId) {
-        // ThreadLocal cache
-        return ThreadLocalUtils.get(Authentication.class.getName(), () -> authenticationManager.getByUserId(userId));
-    }
-
-    protected Authentication getNative() {
-        //未授权并且未记住登录
-        if (!SecurityUtils.getSubject().isAuthenticated() && !SecurityUtils.getSubject().isRemembered()) return null;
-        String id = (String) SecurityUtils.getSubject().getPrincipal();
-        if (null == id) return null;
-        return getNative(id);
-    }
-
-    protected void sync(Authentication authentication) {
-        authenticationManager.sync(authentication);
-    }
-
-    class AutoSyncAuthentication implements Authentication {
-        private Authentication nativeAuth;
-
-        public AutoSyncAuthentication(Authentication nativeAuth) {
-            this.nativeAuth = nativeAuth;
-        }
-
-        @Override
-        public User getUser() {
-            return nativeAuth.getUser();
-        }
-
-        @Override
-        public List<Role> getRoles() {
-            return nativeAuth.getRoles();
-        }
-
-        @Override
-        public List<Permission> getPermissions() {
-            return nativeAuth.getPermissions();
-        }
-
-        @Override
-        public <T extends Serializable> Optional<T> getAttribute(String name) {
-            return nativeAuth.getAttribute(name);
-        }
-
-        @Override
-        public void setAttribute(String name, Serializable object) {
-            nativeAuth.setAttribute(name, object);
-            sync(nativeAuth);
-        }
-
-        @Override
-        public void setAttributes(Map<String, Serializable> attributes) {
-            nativeAuth.setAttributes(attributes);
-            sync(nativeAuth);
-        }
-
-        @Override
-        public <T extends Serializable> T removeAttributes(String name) {
-            T t = nativeAuth.removeAttributes(name);
-            sync(nativeAuth);
-            return t;
-        }
-
-        @Override
-        public Map<String, Serializable> getAttributes() {
-            return nativeAuth.getAttributes();
-        }
-    }
-}

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/ListenerAuthorizingRealm.java

@@ -1,98 +0,0 @@
-/*
- * Copyright 2016 http://www.hswebframework.org
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *       http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- */
-
-package org.hswebframework.web.authorization.shiro;
-
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.authc.AuthenticationException;
-import org.apache.shiro.authc.AuthenticationInfo;
-import org.apache.shiro.authc.AuthenticationToken;
-import org.apache.shiro.authc.SimpleAuthenticationInfo;
-import org.apache.shiro.authz.AuthorizationInfo;
-import org.apache.shiro.authz.SimpleAuthorizationInfo;
-import org.apache.shiro.authz.permission.WildcardPermission;
-import org.apache.shiro.realm.AuthorizingRealm;
-import org.apache.shiro.subject.PrincipalCollection;
-import org.apache.shiro.subject.Subject;
-import org.hswebframework.web.authorization.Authentication;
-import org.hswebframework.web.authorization.AuthenticationHolder;
-import org.hswebframework.web.authorization.Role;
-import org.hswebframework.web.authorization.listener.AuthorizationListener;
-import org.hswebframework.web.authorization.listener.event.AuthorizationSuccessEvent;
-
-import java.util.stream.Collectors;
-
-/**
- * @author zhouhao
- */
-public class ListenerAuthorizingRealm extends AuthorizingRealm
-        implements AuthorizationListener<AuthorizationSuccessEvent> {
-
-    public ListenerAuthorizingRealm() {
-        setAuthenticationTokenClass(SimpleAuthenticationToken.class);
-    }
-
-    @Override
-    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
-        String loginUserId = (String) super.getAvailablePrincipal(principals);
-        return createAuthorizationInfo(AuthenticationHolder.get(loginUserId));
-    }
-
-    @Override
-    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
-        if (token instanceof SimpleAuthenticationToken) {
-            return createAuthenticationInfo(((SimpleAuthenticationToken) token).getAuthentication());
-        }
-        throw new AuthenticationException(new UnsupportedOperationException("{token_un_supported}"));
-    }
-
-    private AuthenticationInfo createAuthenticationInfo(Authentication authentication) {
-        return new SimpleAuthenticationInfo(
-                authentication.getUser().getId(),
-                authentication.getUser().getUsername(),
-                ListenerAuthorizingRealm.class.getName());
-    }
-
-    public void loginOut(Authentication authentication) {
-        SecurityUtils.getSubject().logout();
-    }
-
-    protected AuthorizationInfo createAuthorizationInfo(Authentication authentication) {
-        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
-        authorizationInfo.addRoles(authentication.getRoles().stream().map(Role::getId).collect(Collectors.toList()));
-        authorizationInfo.addObjectPermissions(
-                authentication.getPermissions()
-                        .stream()
-                        .map(permission -> {
-                            String builder = permission.getId() + permission.getActions().stream()
-                                    .reduce((a1, a2) -> a1.concat(",").concat(a2))
-                                    .orElse("");
-                            return new WildcardPermission(builder);
-                        }).collect(Collectors.toList()));
-
-        return authorizationInfo;
-    }
-
-    @Override
-    public void on(AuthorizationSuccessEvent event) {
-        Authentication authentication = event.getAuthentication();
-        boolean remember = Boolean.valueOf((String) event.getParameter("remember").orElse("false"));
-        Subject subject = SecurityUtils.getSubject();
-        subject.login(new SimpleAuthenticationToken(authentication, remember));
-    }
-
-}

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/LoginExitListener.java

@@ -1,40 +0,0 @@
-/*
- *  Copyright 2016 http://www.hswebframework.org
- *
- *  Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *
- */
-
-package org.hswebframework.web.authorization.shiro;
-
-import org.hswebframework.web.authorization.listener.AuthorizationListener;
-import org.hswebframework.web.authorization.listener.event.AuthorizationExitEvent;
-
-/**
- *
- * @author zhouhao
- */
-public class LoginExitListener implements AuthorizationListener<AuthorizationExitEvent> {
-
-    private ListenerAuthorizingRealm listenerAuthorizingRealm;
-
-    public LoginExitListener(ListenerAuthorizingRealm listenerAuthorizingRealm) {
-        this.listenerAuthorizingRealm = listenerAuthorizingRealm;
-    }
-
-    @Override
-    public void on(AuthorizationExitEvent event) {
-        listenerAuthorizingRealm.loginOut(event.getAuthentication());
-    }
-}

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/ShiroAutoConfiguration.java

@@ -1,195 +0,0 @@
-/*
- * Copyright 2016 http://www.hswebframework.org
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *       http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- */
-
-package org.hswebframework.web.authorization.shiro;
-
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.authz.AuthorizationException;
-import org.apache.shiro.authz.UnauthenticatedException;
-import org.apache.shiro.cache.CacheManager;
-import org.apache.shiro.cache.MemoryConstrainedCacheManager;
-import org.apache.shiro.mgt.DefaultSecurityManager;
-import org.apache.shiro.mgt.SecurityManager;
-import org.apache.shiro.realm.AuthorizingRealm;
-import org.apache.shiro.session.mgt.DefaultSessionManager;
-import org.apache.shiro.spring.LifecycleBeanPostProcessor;
-import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
-import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
-import org.apache.shiro.web.mgt.WebSecurityManager;
-import org.hswebframework.web.authorization.AuthenticationHolder;
-import org.hswebframework.web.authorization.AuthenticationManager;
-import org.hswebframework.web.authorization.AuthenticationSupplier;
-import org.hswebframework.web.authorization.access.DataAccessController;
-import org.hswebframework.web.authorization.shiro.boost.BoostAuthorizationAttributeSourceAdvisor;
-import org.hswebframework.web.authorization.shiro.cache.SpringCacheManagerWrapper;
-import org.hswebframework.web.authorization.shiro.remember.SimpleRememberMeManager;
-import org.hswebframework.web.controller.message.ResponseMessage;
-import org.springframework.beans.BeansException;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.config.BeanPostProcessor;
-import org.springframework.boot.autoconfigure.condition.*;
-import org.springframework.boot.context.properties.EnableConfigurationProperties;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.core.Ordered;
-import org.springframework.core.annotation.Order;
-import org.springframework.http.HttpStatus;
-import org.springframework.web.bind.annotation.ExceptionHandler;
-import org.springframework.web.bind.annotation.ResponseBody;
-import org.springframework.web.bind.annotation.ResponseStatus;
-import org.springframework.web.bind.annotation.RestControllerAdvice;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-
-/**
- * @author zhouhao
- */
-@Configuration
-@Order(Ordered.LOWEST_PRECEDENCE)
-public class ShiroAutoConfiguration {
-
-    @Autowired(required = false)
-    private org.springframework.cache.CacheManager cacheManager;
-
-    @Bean
-    public CacheManager shiroCacheManager() {
-        if (cacheManager == null) {
-            return new MemoryConstrainedCacheManager();
-        } else {
-            return new SpringCacheManagerWrapper(cacheManager);
-        }
-    }
-
-    @Bean
-    @Order(Ordered.LOWEST_PRECEDENCE)
-    public ListenerAuthorizingRealm listenerAuthorizingRealm(CacheManager cacheManager) {
-        ListenerAuthorizingRealm realm = new ListenerAuthorizingRealm();
-        realm.setCacheManager(cacheManager);
-        return realm;
-    }
-
-    @Bean
-    @ConditionalOnMissingBean
-    public AutoSyncAuthenticationSupplier authorizationSupplier(AuthenticationManager authenticationManager) {
-        AutoSyncAuthenticationSupplier syncAuthenticationSupplier = new AutoSyncAuthenticationSupplier(authenticationManager);
-        return syncAuthenticationSupplier;
-    }
-
-    @Bean
-    public LoginExitListener loginExitListener(ListenerAuthorizingRealm listenerAuthorizingRealm) {
-        return new LoginExitListener(listenerAuthorizingRealm);
-    }
-
-    @Bean(name = "lifecycleBeanPostProcessor")
-    public LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() {
-        return new LifecycleBeanPostProcessor();
-    }
-
-    @Bean
-    public BeanPostProcessor authenticationSupplierBeanPostProcessor() {
-        return new BeanPostProcessor() {
-            @Override
-            public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
-                return bean;
-            }
-
-            @Override
-            public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
-                if (bean instanceof AuthenticationSupplier) {
-                    AuthenticationHolder.addSupplier(((AuthenticationSupplier) bean));
-                }
-                return bean;
-            }
-        };
-    }
-
-    @Bean(name = "securityManager")
-    @ConditionalOnWebApplication
-    public DefaultWebSecurityManager defaultWebSecurityManager(List<AuthorizingRealm> authorizingRealm,
-                                                               CacheManager cacheManager) {
-        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
-        securityManager.setRealms(new ArrayList<>(authorizingRealm));
-        securityManager.setCacheManager(cacheManager);
-        securityManager.setRememberMeManager(new SimpleRememberMeManager());
-        SecurityUtils.setSecurityManager(securityManager);
-        return securityManager;
-    }
-
-    @Bean(name = "securityManager")
-    @ConditionalOnNotWebApplication
-    public DefaultSecurityManager defaultSecurityManager(List<AuthorizingRealm> authorizingRealm,
-                                                         CacheManager cacheManager) {
-        DefaultSecurityManager securityManager = new DefaultSecurityManager();
-        securityManager.setRealms(new ArrayList<>(authorizingRealm));
-        securityManager.setCacheManager(cacheManager);
-        securityManager.setSessionManager(new DefaultSessionManager());
-        SecurityUtils.setSecurityManager(securityManager);
-        return securityManager;
-    }
-
-
-    @Bean
-    public BoostAuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager,
-                                                                                        DataAccessController dataAccessController) {
-        BoostAuthorizationAttributeSourceAdvisor advisor = new BoostAuthorizationAttributeSourceAdvisor(dataAccessController);
-        advisor.setSecurityManager(securityManager);
-        return advisor;
-    }
-
-    @Configuration
-    @EnableConfigurationProperties(ShiroProperties.class)
-    @ConditionalOnProperty(prefix = "hsweb.authorize", name = "enable", havingValue = "true", matchIfMissing = true)
-    static class FilterConfiguration {
-        @Autowired
-        private ShiroProperties shiroProperties;
-
-        @Bean(name = "shiroFilter")
-        public ShiroFilterFactoryBean shiroFilterFactoryBean(WebSecurityManager securityManager) {
-            ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
-            // 必须设置 SecurityManager
-            shiroFilterFactoryBean.setSecurityManager(securityManager);
-            if (null != shiroProperties)
-                shiroFilterFactoryBean.setFilterChainDefinitionMap(shiroProperties.getFilters());
-            else
-                shiroFilterFactoryBean.setFilterChainDefinitionMap(Collections.emptyMap());
-            shiroFilterFactoryBean.setSuccessUrl(shiroProperties.getSuccessUrl());
-            shiroFilterFactoryBean.setLoginUrl(shiroProperties.getLoginUrl());
-            shiroFilterFactoryBean.setUnauthorizedUrl(shiroProperties.getUnauthorizedUrl());
-            return shiroFilterFactoryBean;
-        }
-    }
-
-    @RestControllerAdvice
-    public static class UnAuthControllerAdvice {
-        @ExceptionHandler(AuthorizationException.class)
-        @ResponseStatus(HttpStatus.FORBIDDEN)
-        @ResponseBody
-        ResponseMessage handleException(AuthorizationException exception) {
-            return ResponseMessage.error(403, exception.getMessage());
-        }
-
-        @ExceptionHandler(UnauthenticatedException.class)
-        @ResponseStatus(HttpStatus.UNAUTHORIZED)
-        @ResponseBody
-        ResponseMessage handleException(UnauthenticatedException exception) {
-            return ResponseMessage.error(401, exception.getMessage() == null ? "{access_denied}" : exception.getMessage());
-        }
-    }
-
-}

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/ShiroProperties.java

@@ -1,92 +0,0 @@
-/*
- * Copyright 2016 http://www.hswebframework.org
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *       http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- */
-
-package org.hswebframework.web.authorization.shiro;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.InitializingBean;
-import org.springframework.boot.context.properties.ConfigurationProperties;
-
-import java.util.Map;
-
-/**
- * TODO 完成注释
- *
- * @author zhouhao
- */
-@ConfigurationProperties(prefix = "hsweb.authorize")
-public class ShiroProperties implements InitializingBean {
-    static Logger logger = LoggerFactory.getLogger(ShiroProperties.class);
-
-    private Map<String, String> filters;
-
-    private String loginUrl = "/401.html";
-
-    private String unauthorizedUrl = "";
-
-    private String successUrl = "/";
-
-    private boolean enable = true;
-
-    public String getLoginUrl() {
-        return loginUrl;
-    }
-
-    public void setLoginUrl(String loginUrl) {
-        this.loginUrl = loginUrl;
-    }
-
-    public String getUnauthorizedUrl() {
-        return unauthorizedUrl;
-    }
-
-    public void setUnauthorizedUrl(String unauthorizedUrl) {
-        this.unauthorizedUrl = unauthorizedUrl;
-    }
-
-    public String getSuccessUrl() {
-        return successUrl;
-    }
-
-    public void setSuccessUrl(String successUrl) {
-        this.successUrl = successUrl;
-    }
-
-    public Map<String, String> getFilters() {
-        return filters;
-    }
-
-    public void setFilters(Map<String, String> filters) {
-        this.filters = filters;
-    }
-
-    public boolean isEnable() {
-        return enable;
-    }
-
-    public void setEnable(boolean enable) {
-        this.enable = enable;
-    }
-
-    @Override
-    public void afterPropertiesSet() throws Exception {
-        if (logger.isDebugEnabled() && null != filters) {
-            filters.forEach((k, v) -> logger.debug("path [{}] use filter [{}]", k, v));
-        }
-    }
-}

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/SimpleAuthenticationToken.java

@@ -1,69 +0,0 @@
-/*
- * Copyright 2016 http://www.hswebframework.org
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *       http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- */
-
-package org.hswebframework.web.authorization.shiro;
-
-import org.apache.shiro.authc.AuthenticationToken;
-import org.apache.shiro.authc.HostAuthenticationToken;
-import org.apache.shiro.authc.RememberMeAuthenticationToken;
-import org.hswebframework.web.authorization.Authentication;
-
-/**
- * TODO 完成注释
- *
- * @author zhouhao
- */
-public class SimpleAuthenticationToken implements AuthenticationToken, HostAuthenticationToken, RememberMeAuthenticationToken {
-    private Authentication authentication;
-
-    private boolean rememberMe;
-
-    private String host;
-
-    public SimpleAuthenticationToken(Authentication authentication, boolean rememberMe) {
-        this.authentication = authentication;
-        this.rememberMe = rememberMe;
-    }
-
-    @Override
-    public Object getPrincipal() {
-        return authentication.getUser().getId();
-    }
-
-    @Override
-    public Object getCredentials() {
-        return authentication.getUser().getUsername();
-    }
-
-    public Authentication getAuthentication() {
-        return authentication;
-    }
-
-    @Override
-    public String getHost() {
-        return host;
-    }
-
-    public void setHost(String host) {
-        this.host = host;
-    }
-
-    @Override
-    public boolean isRememberMe() {
-        return rememberMe;
-    }
-}

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/SimpleMultiAuthentication.java

@@ -1,100 +0,0 @@
-/*
- *  Copyright 2016 http://www.hswebframework.org
- *
- *  Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *
- */
-
-package org.hswebframework.web.authorization.shiro;
-
-import org.hswebframework.web.authorization.*;
-
-import java.io.Serializable;
-import java.util.*;
-import java.util.stream.Collectors;
-
-/**
- * TODO 完成注释
- *
- * @author zhouhao
- */
-public class SimpleMultiAuthentication implements MultiAuthentication {
-
-    private Set<String> authenticationStore = new HashSet<>(4);
-
-    private String activeUserId;
-
-    @Override
-    public User getUser() {
-        return AuthenticationHolder.get(activeUserId).getUser();
-    }
-
-    @Override
-    public List<Role> getRoles() {
-        return AuthenticationHolder.get(activeUserId).getRoles();
-    }
-
-    @Override
-    public List<Permission> getPermissions() {
-        return AuthenticationHolder.get(activeUserId).getPermissions();
-    }
-
-    @Override
-    public <T extends Serializable> Optional<T> getAttribute(String name) {
-        return AuthenticationHolder.get(activeUserId).getAttribute(name);
-    }
-
-    @Override
-    public void setAttribute(String name, Serializable object) {
-        AuthenticationHolder.get(activeUserId).setAttribute(name, object);
-    }
-
-    @Override
-    public void setAttributes(Map<String, Serializable> attributes) {
-        AuthenticationHolder.get(activeUserId).setAttributes(attributes);
-    }
-
-    @Override
-    public <T extends Serializable> T removeAttributes(String name) {
-        return AuthenticationHolder.get(activeUserId).removeAttributes(name);
-    }
-
-    @Override
-    public Map<String, Serializable> getAttributes() {
-        return AuthenticationHolder.get(activeUserId).getAttributes();
-    }
-
-    @Override
-    public Set<Authentication> getAuthentications() {
-        return authenticationStore.stream()
-                .map(AuthenticationHolder::get)
-                .filter(Objects::nonNull)
-                .collect(Collectors.toSet());
-    }
-
-    @Override
-    public Authentication activate(String userId) {
-        if (!authenticationStore.contains(userId)) return null;
-        this.activeUserId = userId;
-        return AuthenticationHolder.get(userId);
-    }
-
-    @Override
-    public void addAuthentication(Authentication authentication) {
-        if (activeUserId == null) {
-            activeUserId = authentication.getUser().getId();
-        }
-        authenticationStore.add(authentication.getUser().getId());
-    }
-}

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/boost/BoostAuthorizationAttributeSourceAdvisor.java

@@ -1,97 +0,0 @@
-/*
- * Copyright 2016 http://www.hswebframework.org
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *       http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- */
-
-package org.hswebframework.web.authorization.shiro.boost;
-
-import org.aopalliance.intercept.MethodInvocation;
-import org.apache.shiro.aop.AnnotationResolver;
-import org.apache.shiro.authz.annotation.*;
-import org.apache.shiro.mgt.SecurityManager;
-import org.apache.shiro.spring.aop.SpringAnnotationResolver;
-import org.apache.shiro.spring.security.interceptor.AopAllianceAnnotationsAuthorizingMethodInterceptor;
-import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
-import org.hswebframework.web.AopUtils;
-import org.hswebframework.web.authorization.access.DataAccessController;
-import org.hswebframework.web.authorization.annotation.Authorize;
-import org.hswebframework.web.authorization.annotation.RequiresDataAccess;
-import org.hswebframework.web.authorization.annotation.RequiresExpression;
-import org.hswebframework.web.boost.aop.context.MethodInterceptorHolder;
-import org.springframework.aop.support.StaticMethodMatcherPointcutAdvisor;
-
-import java.lang.annotation.Annotation;
-import java.lang.reflect.Method;
-import java.util.Arrays;
-
-/**
- * @author zhouhao
- * @see AuthorizationAttributeSourceAdvisor
- * @see StaticMethodMatcherPointcutAdvisor
- */
-public class BoostAuthorizationAttributeSourceAdvisor extends StaticMethodMatcherPointcutAdvisor {
-    @SuppressWarnings("unchecked")
-    private static final Class<? extends Annotation>[] AUTHZ_ANNOTATION_CLASSES =
-            new Class[]{
-                    RequiresPermissions.class,
-                    RequiresRoles.class,
-                    RequiresUser.class,
-                    RequiresGuest.class,
-                    RequiresAuthentication.class,
-                    //自定义
-                    Authorize.class
-            };
-
-    protected SecurityManager securityManager = null;
-
-    /**
-     * Create a new AuthorizationAttributeSourceAdvisor.
-     *
-     * @param dataAccessController 数据权限控制器
-     */
-    public BoostAuthorizationAttributeSourceAdvisor(DataAccessController dataAccessController) {
-        AopAllianceAnnotationsAuthorizingMethodInterceptor interceptor =
-                new AopAllianceAnnotationsAuthorizingMethodInterceptor() {
-                    @Override
-                    public Object invoke(MethodInvocation methodInvocation) throws Throwable {
-                        MethodInterceptorHolder.create(methodInvocation).set();
-                        return super.invoke(methodInvocation);
-                    }
-                };
-        AnnotationResolver resolver = new SpringAnnotationResolver();
-        setAdvice(interceptor);
-    }
-
-    public SecurityManager getSecurityManager() {
-        return securityManager;
-    }
-
-    public void setSecurityManager(org.apache.shiro.mgt.SecurityManager securityManager) {
-        this.securityManager = securityManager;
-    }
-
-    public boolean matches(Method method, Class targetClass) {
-        Authorize authorize = AopUtils.findMethodAnnotation(targetClass, method, Authorize.class);
-        if (null != authorize) {
-            if (authorize.ignore()) return false;
-        }
-        authorize = AopUtils.findAnnotation(targetClass, Authorize.class);
-        if (null != authorize) {
-            if (authorize.ignore()) return false;
-        }
-        return Arrays.stream(AUTHZ_ANNOTATION_CLASSES)
-                .anyMatch(aClass -> AopUtils.findAnnotation(targetClass, method, aClass) != null);
-    }
-}

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/boost/SimpleAuthorizeMethodInterceptor.java

@@ -1,190 +0,0 @@
-/*
- *  Copyright 2016 http://www.hswebframework.org
- *
- *  Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *
- */
-
-package org.hswebframework.web.authorization.shiro.boost;
-
-import org.apache.shiro.aop.AnnotationResolver;
-import org.apache.shiro.authz.AuthorizationException;
-import org.apache.shiro.authz.UnauthenticatedException;
-import org.apache.shiro.authz.aop.AuthorizingAnnotationHandler;
-import org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor;
-import org.hswebframework.utils.ClassUtils;
-import org.hswebframework.utils.StringUtils;
-import org.hswebframework.web.ExpressionUtils;
-import org.hswebframework.web.authorization.Authentication;
-import org.hswebframework.web.authorization.Permission;
-import org.hswebframework.web.authorization.Role;
-import org.hswebframework.web.authorization.annotation.Authorize;
-import org.hswebframework.web.authorization.annotation.Logical;
-import org.hswebframework.web.boost.aop.context.MethodInterceptorHolder;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.lang.annotation.Annotation;
-import java.util.*;
-import java.util.function.Function;
-import java.util.function.Predicate;
-import java.util.stream.Collectors;
-
-/**
- * 对{@link Authorize} 注解的支持
- *
- * @author zhouhao
- */
-public class SimpleAuthorizeMethodInterceptor extends AuthorizingAnnotationMethodInterceptor {
-    public SimpleAuthorizeMethodInterceptor(AnnotationResolver resolver) {
-        super(new AuthorizeAnnotationHandler(), resolver);
-    }
-
-    private static final Logger logger = LoggerFactory.getLogger(SimpleAuthorizeMethodInterceptor.class);
-
-
-    static class AuthorizeAnnotationHandler extends AuthorizingAnnotationHandler {
-
-        public AuthorizeAnnotationHandler() {
-            super(Authorize.class);
-        }
-
-        @Override
-        public void assertAuthorized(Annotation a) throws AuthorizationException {
-            if (!(a instanceof Authorize)) return;
-            MethodInterceptorHolder holder = MethodInterceptorHolder.current();
-            if (null == holder) {
-                logger.warn("MethodInterceptorHolder is null,maybe config is error!");
-                return;
-            }
-            AuthorizeConfig authorizeConfig = new AuthorizeConfig(holder.getArgs());
-            Authorize authorize = ((Authorize) a);
-            if (authorize.ignore()) return;
-
-            if (authorize.merge()) {
-                Authorize classAnn = ClassUtils.getAnnotation(holder.getTarget().getClass(), Authorize.class);
-                if (null != classAnn) {
-                    if (classAnn.ignore()) return;
-                    authorizeConfig.put(classAnn);
-                }
-            }
-            authorizeConfig.put(authorize);
-
-            Authentication authentication = Authentication.current()
-                    .orElseThrow(() -> new UnauthenticatedException(authorizeConfig.message));
-            boolean access = true;
-            Logical logical = authorizeConfig.logical == Logical.DEFAULT ? Logical.OR : authorizeConfig.logical;
-            boolean logicalIsOr = logical == Logical.OR;
-            // 控制权限
-            if (!authorizeConfig.permission.isEmpty()) {
-                List<Permission> permissions = authentication.getPermissions().stream()
-                        .filter(permission -> {
-                            // 未持有任何一个权限
-                            if (!authorizeConfig.permission.contains(permission.getId())) return false;
-                            //未配置action
-                            if (authorizeConfig.action.isEmpty())
-                                return true;
-                            //判断action
-                            List<String> actions = permission.getActions()
-                                    .stream()
-                                    .filter(authorizeConfig.action::contains)
-                                    .collect(Collectors.toList());
-                            
-                            if (actions.isEmpty()) return false;
-
-                            //如果 控制逻辑是or,则只要过滤结果数量不为0.否则过滤结果数量必须和配置的数量相同
-                            return logicalIsOr ? actions.size() > 0 : permission.getActions().containsAll(actions);
-                        }).collect(Collectors.toList());
-                access = logicalIsOr ?
-                        permissions.size() > 0 :
-                        //权限数量和配置的数量相同
-                        permissions.size() == authorizeConfig.permission.size();
-            }
-            //控制角色
-            if (!authorizeConfig.role.isEmpty()) {
-                Function<Predicate<Role>, Boolean> func = logicalIsOr
-                        ? authentication.getRoles().stream()::anyMatch
-                        : authentication.getRoles().stream()::allMatch;
-                access = func.apply(role -> authorizeConfig.role.contains(role.getId()));
-            }
-            //控制用户
-            if (!authorizeConfig.user.isEmpty()) {
-                Function<Predicate<String>, Boolean> func = logicalIsOr
-                        ? authorizeConfig.user.stream()::anyMatch
-                        : authorizeConfig.user.stream()::allMatch;
-                access = func.apply(authentication.getUser().getUsername()::equals);
-            }
-            if (!access) {
-                throw new AuthorizationException(authorizeConfig.message);
-            }
-        }
-    }
-
-    static class AuthorizeConfig {
-        Set<String>         permission = new LinkedHashSet<>();
-        Set<String>         action     = new LinkedHashSet<>();
-        Set<String>         role       = new LinkedHashSet<>();
-        Set<String>         user       = new LinkedHashSet<>();
-        Logical             logical    = Logical.DEFAULT;
-        String              message    = "unauthorized";
-        Map<String, Object> var        = null;
-
-        public AuthorizeConfig(Map<String, Object> var) {
-            this.var = var;
-        }
-
-        public void put(Authorize authorize) {
-            permission.addAll(tryCompileExpression(authorize.permission()));
-            action.addAll(tryCompileExpression(authorize.action()));
-            role.addAll(tryCompileExpression(authorize.role()));
-            user.addAll(tryCompileExpression(authorize.user()));
-            if (!StringUtils.isNullOrEmpty(authorize.message())) {
-                message = tryCompileExpression(authorize.message());
-            }
-            if (authorize.logical() != Logical.DEFAULT)
-                logical = authorize.logical();
-        }
-
-        public String tryCompileExpression(String express) {
-            try {
-                return ExpressionUtils.analytical(express, var, "spel");
-            } catch (Exception e) {
-                throw new AuthorizationException("系统错误", e);
-            }
-//            if (express.startsWith("${") && express.endsWith("}")) {
-//                express = express.substring(2, express.length() - 1);
-//                DynamicScriptEngine spelEngine = DynamicScriptEngineFactory.getEngine("spel");
-//                String id = DigestUtils.md5Hex(express);
-//                try {
-//                    if (!spelEngine.compiled(id))
-//                        spelEngine.compile(id, express);
-//                    return String.valueOf(spelEngine.execute(id, var).getIfSuccess());
-//                } catch (Exception e) {
-//                    throw new AuthorizationException("系统错误", e);
-//                } finally {
-//                    //     spelEngine.remove(id);
-//                }
-//            } else {
-//                return express;
-//            }
-        }
-
-        public Collection<String> tryCompileExpression(String... expresses) {
-            return Arrays.stream(expresses)
-                    .filter(Objects::nonNull)
-                    .map(this::tryCompileExpression)
-                    .collect(Collectors.toSet());
-        }
-    }
-}

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/cache/SpringCacheManagerWrapper.java

@@ -1,41 +0,0 @@
-/*
- * Copyright 2016 http://www.hswebframework.org
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *       http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- */
-
-package org.hswebframework.web.authorization.shiro.cache;
-
-import org.apache.shiro.cache.AbstractCacheManager;
-import org.apache.shiro.cache.Cache;
-import org.apache.shiro.cache.CacheException;
-import org.springframework.cache.CacheManager;
-
-/**
- * TODO 完成注释
- *
- * @author zhouhao
- */
-public class SpringCacheManagerWrapper extends AbstractCacheManager {
-    private org.springframework.cache.CacheManager springCacheManager;
-
-    public SpringCacheManagerWrapper(CacheManager springCacheManager) {
-        this.springCacheManager = springCacheManager;
-    }
-
-    @Override
-    protected Cache createCache(String name) throws CacheException {
-        return new SpringCacheWrapper(springCacheManager.getCache(name));
-    }
-}

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/cache/SpringCacheWrapper.java

@@ -1,76 +0,0 @@
-/*
- * Copyright 2016 http://www.hswebframework.org
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *       http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- */
-
-package org.hswebframework.web.authorization.shiro.cache;
-
-import org.apache.shiro.cache.Cache;
-import org.apache.shiro.cache.CacheException;
-
-import java.util.Collection;
-import java.util.Set;
-
-/**
- * TODO 完成注释
- *
- * @author zhouhao
- */
-@SuppressWarnings("unchecked")
-public class SpringCacheWrapper<K, V> implements Cache<K, V> {
-    private org.springframework.cache.Cache springCache;
-
-    public SpringCacheWrapper(org.springframework.cache.Cache springCache) {
-        this.springCache = springCache;
-    }
-
-    @Override
-    public V get(K key) throws CacheException {
-        return (V) springCache.get(key);
-    }
-
-    @Override
-    public V put(K key, V value) throws CacheException {
-        springCache.put(key, value);
-        return value;
-    }
-
-    @Override
-    public V remove(K key) throws CacheException {
-        V old = get(key);
-        springCache.evict(key);
-        return old;
-    }
-
-    @Override
-    public void clear() throws CacheException {
-        springCache.clear();
-    }
-
-    @Override
-    public int size() {
-        throw new UnsupportedOperationException();
-    }
-
-    @Override
-    public Set<K> keys() {
-        throw new UnsupportedOperationException();
-    }
-
-    @Override
-    public Collection<V> values() {
-        throw new UnsupportedOperationException();
-    }
-}

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/oauth2sso/OAuth2SSOAuthorizingListener.java

@@ -1,69 +0,0 @@
-/*
- *  Copyright 2016 http://www.hswebframework.org
- *
- *  Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *
- */
-
-package org.hswebframework.web.authorization.shiro.oauth2sso;
-
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.subject.Subject;
-import org.hswebframework.web.authorization.Authentication;
-import org.hswebframework.web.authorization.oauth2.client.OAuth2RequestService;
-import org.hswebframework.web.authorization.oauth2.client.listener.OAuth2CodeAuthBeforeEvent;
-import org.hswebframework.web.authorization.oauth2.client.listener.OAuth2Listener;
-import org.hswebframework.web.authorization.oauth2.client.response.OAuth2Response;
-import org.hswebframework.web.authorization.shiro.SimpleAuthenticationToken;
-
-/**
- * @author zhouhao
- */
-public class OAuth2SSOAuthorizingListener
-        implements OAuth2Listener<OAuth2CodeAuthBeforeEvent> {
-
-    private OAuth2RequestService oAuth2RequestService;
-
-    private String userCenterServerId;
-
-    private String userAuthInfoApi = "oauth2/user-auth-info";
-
-    public OAuth2SSOAuthorizingListener(OAuth2RequestService oAuth2RequestService, String userCenterServerId) {
-        this.oAuth2RequestService = oAuth2RequestService;
-        this.userCenterServerId = userCenterServerId;
-    }
-
-    public void setUserAuthInfoApi(String userAuthInfoApi) {
-        this.userAuthInfoApi = userAuthInfoApi;
-    }
-
-    public void setUserCenterServerId(String userCenterServerId) {
-        this.userCenterServerId = userCenterServerId;
-    }
-
-    @Override
-    public void on(OAuth2CodeAuthBeforeEvent event) {
-        Authentication authentication = oAuth2RequestService
-                .create(userCenterServerId)
-                .byAuthorizationCode(event.getCode())
-                .request(userAuthInfoApi)
-                .get().onError(OAuth2Response.throwOnError)
-                .as(Authentication.class);
-
-        boolean remember = Boolean.valueOf(event.getParameter("remember").orElse("false"));
-        Subject subject = SecurityUtils.getSubject();
-        subject.login(new SimpleAuthenticationToken(authentication, remember));
-
-    }
-}

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/remember/DefaultRememberStorage.java

@@ -1,55 +0,0 @@
-/*
- *  Copyright 2016 http://www.hswebframework.org
- *
- *  Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *
- */
-
-package org.hswebframework.web.authorization.shiro.remember;
-
-import org.apache.shiro.subject.PrincipalCollection;
-import org.hswebframework.web.id.IDGenerator;
-
-import java.util.Map;
-import java.util.concurrent.ConcurrentHashMap;
-
-/**
- * @author zhouhao
- */
-public class DefaultRememberStorage implements RememberStorage {
-    private Map<String, RememberInfo> storage = new ConcurrentHashMap<>(256);
-
-    @Override
-    public RememberInfo create(PrincipalCollection collection) {
-        SimpleRememberInfo info = new SimpleRememberInfo(collection);
-        info.setCreateTime(System.currentTimeMillis());
-        info.setKey(IDGenerator.MD5.generate());
-        return info;
-    }
-
-    @Override
-    public RememberInfo get(String key) {
-        return storage.get(key);
-    }
-
-    @Override
-    public RememberInfo remove(String key) {
-        return storage.remove(key);
-    }
-
-    @Override
-    public void put(RememberInfo rememberInfo) {
-        storage.put(rememberInfo.getKey(), rememberInfo);
-    }
-}

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/remember/RememberInfo.java

@@ -1,41 +0,0 @@
-/*
- *  Copyright 2016 http://www.hswebframework.org
- *
- *  Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *
- */
-
-package org.hswebframework.web.authorization.shiro.remember;
-
-import org.apache.shiro.subject.PrincipalCollection;
-
-import java.io.Serializable;
-import java.util.Optional;
-
-/**
- * @author zhouhao
- */
-public interface RememberInfo extends Serializable {
-
-    String getKey();
-
-    <T> Optional<T> getProperty(String name);
-
-    <T> T setProperty(String name, T value);
-
-    PrincipalCollection getPrincipal();
-
-    Long getCreateTime();
-
-}

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/remember/RememberStorage.java

@@ -1,38 +0,0 @@
-/*
- *  Copyright 2016 http://www.hswebframework.org
- *
- *  Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *
- */
-
-package org.hswebframework.web.authorization.shiro.remember;
-
-import org.apache.shiro.subject.PrincipalCollection;
-
-/**
- * TODO 完成注释
- *
- * @author zhouhao
- */
-public interface RememberStorage {
-
-    RememberInfo create(PrincipalCollection collection);
-
-    RememberInfo get(String key);
-
-    RememberInfo remove(String key);
-
-    void put(RememberInfo rememberInfo);
-
-}

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/remember/SimpleRememberInfo.java

@@ -1,76 +0,0 @@
-/*
- *  Copyright 2016 http://www.hswebframework.org
- *
- *  Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *
- */
-
-package org.hswebframework.web.authorization.shiro.remember;
-
-import org.apache.shiro.subject.PrincipalCollection;
-
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Optional;
-
-/**
- * TODO 完成注释
- *
- * @author zhouhao
- */
-public class SimpleRememberInfo implements RememberInfo {
-    private PrincipalCollection principal;
-    private Map<String, Object> properties = new HashMap<>();
-
-    private String key;
-
-    private Long createTime;
-
-    public SimpleRememberInfo(PrincipalCollection principal) {
-        this.principal = principal;
-    }
-
-    public void setKey(String key) {
-        this.key = key;
-    }
-
-    @Override
-    public String getKey() {
-        return key;
-    }
-
-    @Override
-    public <T> Optional<T> getProperty(String name) {
-        return Optional.ofNullable((T) properties.get(name));
-    }
-
-    @Override
-    public <T> T setProperty(String name, T value) {
-        return (T) properties.put(name, value);
-    }
-
-    @Override
-    public PrincipalCollection getPrincipal() {
-        return principal;
-    }
-
-    @Override
-    public Long getCreateTime() {
-        return createTime;
-    }
-
-    public void setCreateTime(Long createTime) {
-        this.createTime = createTime;
-    }
-}

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/remember/SimpleRememberMeManager.java

@@ -1,124 +0,0 @@
-/*
- *  Copyright 2016 http://www.hswebframework.org
- *
- *  Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *
- */
-
-package org.hswebframework.web.authorization.shiro.remember;
-
-import org.apache.shiro.authc.*;
-import org.apache.shiro.mgt.RememberMeManager;
-import org.apache.shiro.subject.PrincipalCollection;
-import org.apache.shiro.subject.Subject;
-import org.apache.shiro.subject.SubjectContext;
-import org.apache.shiro.web.servlet.Cookie;
-import org.apache.shiro.web.servlet.SimpleCookie;
-import org.apache.shiro.web.subject.WebSubject;
-import org.apache.shiro.web.subject.WebSubjectContext;
-import org.apache.shiro.web.util.WebUtils;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-/**
- * TODO 完成注释
- *
- * @author zhouhao
- */
-public class SimpleRememberMeManager implements RememberMeManager {
-
-    public static final String DEFAULT_REMEMBER_ME_COOKIE_NAME = "rememberMe";
-
-    private Cookie cookie;
-
-    private RememberStorage rememberStorage = new DefaultRememberStorage();
-
-    public SimpleRememberMeManager() {
-        Cookie cookie = new SimpleCookie(DEFAULT_REMEMBER_ME_COOKIE_NAME);
-        cookie.setHttpOnly(true);
-        //One year should be long enough - most sites won't object to requiring a user to log in if they haven't visited
-        //in a year:
-        cookie.setMaxAge(Cookie.ONE_YEAR);
-        this.cookie = cookie;
-    }
-
-    public void setRememberStorage(RememberStorage rememberStorage) {
-        this.rememberStorage = rememberStorage;
-    }
-
-    public Cookie getCookie() {
-        return cookie;
-    }
-
-    public void setCookie(Cookie cookie) {
-        this.cookie = cookie;
-    }
-
-    protected String getRememberKey(SubjectContext context) {
-        if (!(context instanceof WebSubjectContext)) return null;
-        WebSubjectContext webSubjectContext = ((WebSubjectContext) context);
-        HttpServletRequest request = WebUtils.getHttpRequest(webSubjectContext);
-        HttpServletResponse response = WebUtils.getHttpResponse(webSubjectContext);
-        return getCookie().readValue(request, response);
-    }
-
-    @Override
-    public PrincipalCollection getRememberedPrincipals(SubjectContext subjectContext) {
-        String key = getRememberKey(subjectContext);
-        if (null == key) return null;
-        RememberInfo info = rememberStorage.get(key);
-        if (info == null) return null;
-        return info.getPrincipal();
-    }
-
-    @Override
-    public void forgetIdentity(SubjectContext subjectContext) {
-        String key = getRememberKey(subjectContext);
-        if (null == key) return;
-        rememberStorage.remove(key);
-    }
-
-    @Override
-    public void onSuccessfulLogin(Subject subject, AuthenticationToken token, AuthenticationInfo info) {
-        if (!(subject instanceof WebSubject)) return;
-        if (!(token instanceof RememberMeAuthenticationToken) || !((RememberMeAuthenticationToken) token).isRememberMe()) return;
-        PrincipalCollection principalCollection = info.getPrincipals();
-        HttpServletRequest request = WebUtils.getHttpRequest(subject);
-        HttpServletResponse response = WebUtils.getHttpResponse(subject);
-
-        getCookie().removeFrom(request, response);
-        RememberInfo rememberInfo = rememberStorage.create(principalCollection);
-        SimpleCookie simpleCookie = new SimpleCookie(getCookie());
-        simpleCookie.setValue(rememberInfo.getKey());
-        simpleCookie.saveTo(request, response);
-        rememberStorage.put(rememberInfo);
-    }
-
-    @Override
-    public void onFailedLogin(Subject subject, AuthenticationToken token, AuthenticationException ae) {
-        if (!(subject instanceof WebSubject)) return;
-        HttpServletRequest request = WebUtils.getHttpRequest(subject);
-        HttpServletResponse response = WebUtils.getHttpResponse(subject);
-        getCookie().removeFrom(request, response);
-    }
-
-    @Override
-    public void onLogout(Subject subject) {
-        if (!(subject instanceof WebSubject)) return;
-        HttpServletRequest request = WebUtils.getHttpRequest(subject);
-        HttpServletResponse response = WebUtils.getHttpResponse(subject);
-        getCookie().removeFrom(request, response);
-    }
-}

hsweb-authorization/hsweb-authorization-shiro/src/main/resources/META-INF/spring.factories

@@ -1,3 +0,0 @@
-# Auto Configure
-org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
-org.hswebframework.web.authorization.shiro.ShiroAutoConfiguration

hsweb-authorization/hsweb-authorization-shiro/src/test/java/org/hswebframework/web/authorization/shiro/ShiroTests.java

@@ -1,59 +0,0 @@
-/*
- *
- *  * Copyright 2016 http://www.hswebframework.org
- *  *
- *  * Licensed under the Apache License, Version 2.0 (the "License");
- *  * you may not use this file except in compliance with the License.
- *  * You may obtain a copy of the License at
- *  *
- *  *     http://www.apache.org/licenses/LICENSE-2.0
- *  *
- *  * Unless required by applicable law or agreed to in writing, software
- *  * distributed under the License is distributed on an "AS IS" BASIS,
- *  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  * See the License for the specific language governing permissions and
- *  * limitations under the License.
- *
- */
-
-package org.hswebframework.web.authorization.shiro;
-
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.authc.UsernamePasswordToken;
-import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
-import org.apache.shiro.mgt.DefaultSecurityManager;
-import org.apache.shiro.realm.SimpleAccountRealm;
-import org.apache.shiro.session.mgt.DefaultSessionManager;
-import org.apache.shiro.subject.Subject;
-import org.junit.Assert;
-import org.junit.Test;
-
-/**
- * @author zhouhao
- */
-public class ShiroTests {
-
-    @Test
-    public void simpleTest() {
-        DefaultSessionManager sessionManager = new DefaultSessionManager();
-        DefaultSecurityManager securityManager = new DefaultSecurityManager();
-
-        securityManager.setAuthenticator(new ModularRealmAuthenticator());
-        SimpleAccountRealm realm = new SimpleAccountRealm();
-        realm.addAccount("admin", "admin", "admin");
-
-        securityManager.setRealm(realm);
-        securityManager.setSessionManager(sessionManager);
-        SecurityUtils.setSecurityManager(securityManager);
-        Subject subject = SecurityUtils.getSubject();
-        UsernamePasswordToken token = new UsernamePasswordToken("admin", "admin");
-
-        token.setRememberMe(true);
-        subject.login(token);
-        Assert.assertTrue(subject.isAuthenticated());
-        Assert.assertTrue(subject.hasRole("admin"));
-        Assert.assertFalse(subject.hasRole("test"));
-
-        System.out.println();
-    }
-}

hsweb-authorization/pom.xml

@@ -14,8 +14,6 @@
     <modules>
         <module>hsweb-authorization-api</module>
         <module>hsweb-authorization-oauth2</module>
-        <module>hsweb-authorization-shiro</module>
-        <module>hsweb-authorization-security</module>
         <module>hsweb-authorization-basic</module>
         <module>hsweb-authorization-jwt</module>
     </modules>