MK 权限认证框架

shiro+pac4j+cas

##shiro.ini 配置文件解析

[main]
#org.pac4j.core.http:  pac4j相关的url解析器
urlResolver = org.pac4j.core.http.RelativeUrlResolver

#1.org.pac4j.cas.config： pac4j-cas，配置类 

#Pac4jCasConfiguration是自己写的不是pac4j， 继承CasConfiguration
casConfiguration = com.supermap.ibase.security.pac4jext.Pac4jCasConfiguration
casConfiguration.protocolName = CAS20
casConfiguration.timeTolerance = 30000
casConfiguration.urlResolver = $urlResolver
#casConfiguration.loginUrl = https://sso.supermap.com/v101/cas/login
casConfiguration.loginUrl = https://ssocdtest.supermap.com/login

#org.pac4j.cas.client：pac4j-cas 和cas client 配置一致，被pac4j整合了
casClient = org.pac4j.cas.client.CasClient
casClient.urlResolver = $urlResolver
casClient.configuration = $casConfiguration
casClient.callbackUrl = /web/mycontent/cloud/security/shiro-cas

#org.pac4j.core.client: 
clients = org.pac4j.core.client.Clients
clients.clients = $casClient
clients.defaultClient = $casClient

#org.pac4j.core.client: 
config = org.pac4j.core.config.Config
config.clients = $clients

#尝试获取shiro中记录的登录前地址，适配给pac4j框架
callbackLogic = com.isupermap.cloudmanagement.webview.security.LoginAdaptedCallbackLogic

#io.buji.pac4j.filter 
callbackFilter = io.buji.pac4j.filter.CallbackFilter
callbackFilter.config = $config
callbackFilter.multiProfile = true
callbackFilter.defaultUrl = /web/mycontent/cloud/security/loginsuccess
callbackFilter.callbackLogic = $callbackLogic

#org.apache.shiro.realm: shiro的权限realm   继承AuthorizingRealm
usernamepasswordrealm = com.isupermap.cloudmanagement.webview.security.Pac4jUserNamePasswordRealm
usernamepasswordrealm.principalNameAttribute = userId

#org.apache.shiro.realm: shiro的权限realm   继承AuthorizingRealm
superTestUserAuthorizationInfoRealm = com.isupermap.common.shiro.FixedAuthorizationInfoRealm

#org.apache.shiro.realm: shiro的权限realm   继承AuthorizingRealm
onlineuserrealm = com.isupermap.common.shiro.OnlineUserRealm

#org.apache.shiro.realm: shiro的权限realm   继承AuthorizingRealm
onlineuserrealmCache = com.isupermap.common.shiro.OnlineUserRealm
onlineuserrealmCache.authorizationCachingEnabled = true;
onlineuserrealmCache.cachingEnabled = true;
onlineuserrealmCache.authorizationCache = $autorizationSessionCache

#com.supermap.icloud.security: iportal-all 说是为了session共享
autorizationSessionCache = com.supermap.icloud.security.SubjectSessionCache

#管理的realm
managerRealm = com.supermap.online.security.shiro.ConfigurableSimpleAccountRealm


#多个realm
securityManager.realms = $onlineuserrealm,$onlineuserrealmCache,$managerRealm,$superTestUserAuthorizationInfoRealm,$usernamepasswordrealm



perms.loginUrl = /web/mycontent/cloud/security/login
roles.loginUrl = /web/mycontent/cloud/security/login

##执行顺序

/web/mycontent/cloud/security/loginsuccess
/web/mycontent/cloud/security/login


1.	CasClient   clientInit      callbackUrl
2.	RelativeUrlResolver compute 解析器，解析url
3.	CasAuthenticator  pac4j-cas 拿到st，检测
		AbstractUrlBasedTicketValidator pac4j-cas,向sso检测st
		
4.	Pac4jUserNamePasswordRealm doGetAuthenticationInfo shiro从pac4j拿到
5.	LoginAdaptedCallbackLogic redirectToOriginallyRequestedUrl 尝试获取shiro中记录的登录前地址，适配给pac4j框架
6.	OnlineUserRealm 配置写死的权限
7.	SubjectSessionCache

##未登录直接访问接口

 @GET
    @Path("/{id}")
    @Produces({ MediaType.TEXT_HTML, MediaType.APPLICATION_JSON })
    public OrderInfo<?> getOrder(@Component OrderComponent orderComponent, @PathParam("id") String id) {
        OrderInfo<?> orderInfo = orderComponent.getOrderInfo(id);
        HttpExceptions.notFoundIfNull(orderInfo, "Does not exist");
        return orderInfo;
    }

@Component OrderComponent orderComponent 没有注入而导致访问失败

资料：

https://blog.csdn.net/loveampzw/article/details/101389804?spm=1035.2023.3001.6557&utm_medium=distribute.pc_relevant_bbs_down.none-task-blog-2~default~OPENSEARCH~default-2.nonecase&depth_1-utm_source=distribute.pc_relevant_bbs_down.none-task-blog-2~default~OPENSEARCH~default-2.nonecase

{ 'username': '111111', 'password': '111111', 'passwordEncrypted': 'false', 'lt': 'LT-316441-fbib7fbX6Se73sYSlfIuKrfbMkBYWO-sso.supermap.com', 'execution': 'e1s1', '_eventId': 'submit',

​ 'jsessionid':'8477168D681D60C6FAED7804A1D8CE84'

​ }

username=liuchenyun&password=qq1994724&passwordEncrypted=false&lt=LT-315215-4p0ZXXmt4w3tPqaInBfkXQJmPCNQh9-sso.supermap.com&execution=e1s1&_eventId=submit

17615868563@163.com

WR9FT5CUhzGSbnxFZUz9fJHpn27MliS0MSoaWcY9QjA2dNGhhoXUoXjtcNtfFtlAqtA+HDORleCtB00qv4eHvKwqz313N4Yz5L3/w+TzqrOU1fSR9ol8Jx58cGEVuniI5pBIbjoQhDb9/47+6lFsYf7td4yGho3QcLNTMeVGXv4=

username=17615868563%40163.com&password=WR9FT5CUhzGSbnxFZUz9fJHpn27MliS0MSoaWcY9QjA2dNGhhoXUoXjtcNtfFtlAqtA+HDORleCtB00qv4eHvKwqz313N4Yz5L3/w+TzqrOU1fSR9ol8Jx58cGEVuniI5pBIbjoQhDb9/47+6lFsYf7td4yGho3QcLNTMeVGXv4=&passwordEncrypted=True&lt=LT-306603-1WkcK5EragFq1fgbFwClriDjnKsuxU-sso.supermap.com&execution=e1s1&_eventId=submit&submit=%E7%99%BB%E5%BD%95