chore: 删除过时的代码

2024-11-30 11:08:38 +08:00 · 2022-10-24 12:26:23 +08:00 · 2022-10-24 12:26:23 +08:00 · cc5bdc9d1a
commit cc5bdc9d1a
parent 8adacee396
3 changed files with 3 additions and 186 deletions
--- a/framework/sdk-parent/sdk/src/main/java/io/metersphere/autoconfigure/ShiroConfig.java
+++ b/framework/sdk-parent/sdk/src/main/java/io/metersphere/autoconfigure/ShiroConfig.java
@ -5,13 +5,8 @@ import io.metersphere.commons.utils.ShiroUtils;
 import io.metersphere.security.ApiKeyFilter;
 import io.metersphere.security.CsrfFilter;
 import io.metersphere.security.MsPermissionAnnotationMethodInterceptor;
-import io.metersphere.security.UserModularRealmAuthenticator;
-import io.metersphere.security.realm.LdapRealm;
 import io.metersphere.security.realm.LocalRealm;
-import org.apache.commons.lang3.StringUtils;
 import org.apache.shiro.aop.AnnotationResolver;
-import org.apache.shiro.authc.pam.FirstSuccessfulStrategy;
-import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
 import org.apache.shiro.authz.aop.*;
 import org.apache.shiro.cache.CacheManager;
 import org.apache.shiro.cache.MemoryConstrainedCacheManager;
@ -26,21 +21,14 @@ import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
 import org.apache.shiro.web.session.mgt.ServletContainerSessionManager;
 import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.EnvironmentAware;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.DependsOn;
-import org.springframework.context.event.ContextRefreshedEvent;
-import org.springframework.context.event.EventListener;
-import org.springframework.core.env.Environment;

 import javax.servlet.DispatcherType;
 import javax.servlet.Filter;
 import java.util.*;

-public class ShiroConfig implements EnvironmentAware {
-
-    private Environment env;
+public class ShiroConfig {

    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager sessionManager) {
@ -77,11 +65,6 @@ public class ShiroConfig implements EnvironmentAware {

    @Bean
    public SessionManager sessionManager() {
-        Long timeout = env.getProperty("spring.session.timeout", Long.class);
-        String storeType = env.getProperty("spring.session.store-type");
-        if (StringUtils.equals(storeType, "none")) {
-            return ShiroUtils.getSessionManager(timeout, memoryConstrainedCacheManager());
-        }
        return new ServletContainerSessionManager();
    }

@ -90,11 +73,11 @@ public class ShiroConfig implements EnvironmentAware {
     * 解决方法见 handleContextRefresh
     */
    @Bean(name = "securityManager")
-    public DefaultWebSecurityManager securityManager(SessionManager sessionManager, CacheManager cacheManager) {
+    public DefaultWebSecurityManager securityManager(SessionManager sessionManager, CacheManager cacheManager, Realm localRealm) {
        DefaultWebSecurityManager dwsm = new DefaultWebSecurityManager();
        dwsm.setSessionManager(sessionManager);
        dwsm.setCacheManager(cacheManager);
-        dwsm.setAuthenticator(modularRealmAuthenticator());
+        dwsm.setRealm(localRealm);
        return dwsm;
    }

@ -104,12 +87,6 @@ public class ShiroConfig implements EnvironmentAware {
        return new LocalRealm();
    }

-    @Bean
-    @DependsOn("lifecycleBeanPostProcessor")
-    public LdapRealm ldapRealm() {
-        return new LdapRealm();
-    }
-
    @Bean(name = "lifecycleBeanPostProcessor")
    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
        return new LifecycleBeanPostProcessor();
@ -123,13 +100,6 @@ public class ShiroConfig implements EnvironmentAware {
        return daap;
    }

-    @Bean
-    public ModularRealmAuthenticator modularRealmAuthenticator() {
-        //自己重写的ModularRealmAuthenticator
-        UserModularRealmAuthenticator modularRealmAuthenticator = new UserModularRealmAuthenticator();
-        modularRealmAuthenticator.setAuthenticationStrategy(new FirstSuccessfulStrategy());
-        return modularRealmAuthenticator;
-    }

    @Bean
    public AuthorizationAttributeSourceAdvisor getAuthorizationAttributeSourceAdvisor(DefaultWebSecurityManager sessionManager) {
@ -149,23 +119,4 @@ public class ShiroConfig implements EnvironmentAware {
        return aasa;
    }

-    /**
-     * 等到ApplicationContext 加载完成之后 装配shiroRealm
-     */
-    @EventListener
-    public void handleContextRefresh(ContextRefreshedEvent event) {
-        ApplicationContext context = event.getApplicationContext();
-        List<Realm> realmList = new ArrayList<>();
-        LocalRealm localRealm = context.getBean(LocalRealm.class);
-        LdapRealm ldapRealm = context.getBean(LdapRealm.class);
-        // 基本realm
-        realmList.add(localRealm);
-        realmList.add(ldapRealm);
-        context.getBean(DefaultWebSecurityManager.class).setRealms(realmList);
-    }
-
-    @Override
-    public void setEnvironment(Environment environment) {
-        this.env = environment;
-    }
 }
--- a/framework/sdk-parent/sdk/src/main/java/io/metersphere/security/UserModularRealmAuthenticator.java
+++ b/framework/sdk-parent/sdk/src/main/java/io/metersphere/security/UserModularRealmAuthenticator.java
@ -1,50 +0,0 @@
-package io.metersphere.security;
-
-import io.metersphere.commons.exception.MSException;
-import org.apache.shiro.authc.AuthenticationException;
-import org.apache.shiro.authc.AuthenticationInfo;
-import org.apache.shiro.authc.AuthenticationToken;
-import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
-import org.apache.shiro.realm.Realm;
-
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
-
-public class UserModularRealmAuthenticator extends ModularRealmAuthenticator {
-
-    @Override
-    protected AuthenticationInfo doAuthenticate(AuthenticationToken authenticationToken)
-            throws AuthenticationException {
-        // 判断getRealms()是否返回为空
-        assertRealmsConfigured();
-        // 强制转换回自定义的CustomizedToken
-        MsUserToken userToken = (MsUserToken) authenticationToken;
-        // 登录类型
-        String loginType = userToken.getLoginType();
-        // 所有Realm
-        Collection<Realm> realms = getRealms();
-        // 登录类型对应的所有Realm
-        List<Realm> typeRealms = new ArrayList<>();
-
-        // 默认使用本地验证
-        for (Realm realm : realms) {
-            if (realm == null) {
-                continue;
-            }
-            if (realm.getName().contains(loginType)) {
-                typeRealms.add(realm);
-            }
-        }
-
-        if (typeRealms.size() == 0) {
-            MSException.throwException("No realm");
-        }
-        // 判断是单Realm还是多Realm
-        if (typeRealms.size() == 1) {
-            return doSingleRealmAuthentication(typeRealms.get(0), userToken);
-        } else {
-            return doMultiRealmAuthentication(typeRealms, userToken);
-        }
-    }
-}
--- a/framework/sdk-parent/sdk/src/main/java/io/metersphere/security/realm/LdapRealm.java
+++ b/framework/sdk-parent/sdk/src/main/java/io/metersphere/security/realm/LdapRealm.java
@ -1,84 +0,0 @@
-package io.metersphere.security.realm;
-
-
-import io.metersphere.commons.constants.UserSource;
-import io.metersphere.commons.user.SessionUser;
-import io.metersphere.commons.utils.SessionUtils;
-import io.metersphere.dto.UserDTO;
-import io.metersphere.i18n.Translator;
-import io.metersphere.service.BaseUserService;
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.authc.*;
-import org.apache.shiro.authz.AuthorizationInfo;
-import org.apache.shiro.subject.PrincipalCollection;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import javax.annotation.Resource;
-import java.util.Arrays;
-
-
-/**
- * 自定义Realm 注入service 可能会导致在 service的aop 失效，例如@Transactional,
- * 解决方法：
- * <p>
- * 1. 这里改成注入mapper，这样mapper 中的事务失效<br/>
- * 2. 这里仍然注入service，在配置ShiroConfig 的时候不去set realm, 等到spring 初始化完成之后
- * set realm
- * </p>
- */
-public class LdapRealm extends BaseRealm {
-
-    private Logger logger = LoggerFactory.getLogger(LdapRealm.class);
-    @Resource
-    private BaseUserService baseUserService;
-
-    @Override
-    public String getName() {
-        return "LDAP";
-    }
-
-    /**
-     * 角色认证
-     */
-    @Override
-    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
-        String userId = (String) principals.getPrimaryPrincipal();
-        return LocalRealm.getAuthorizationInfo(userId, baseUserService);
-    }
-
-    /**
-     * 登录认证
-     */
-    @Override
-    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
-        UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
-
-        String userId = token.getUsername();
-        String password = String.valueOf(token.getPassword());
-
-        return loginLdapMode(userId, password);
-    }
-
-    private AuthenticationInfo loginLdapMode(String userId, String password) {
-        // userId 或 email 有一个相同就返回User
-        String email = (String) SecurityUtils.getSubject().getSession().getAttribute("email");
-        UserDTO user = baseUserService.getLoginUser(userId, Arrays.asList(UserSource.LDAP.name(), UserSource.LOCAL.name()));
-        String msg;
-        if (user == null) {
-            user = baseUserService.getUserDTOByEmail(email, UserSource.LDAP.name(), UserSource.LOCAL.name());
-            if (user == null) {
-                msg = "The user does not exist: " + userId;
-                logger.warn(msg);
-                throw new UnknownAccountException(Translator.get("user_not_exist") + userId);
-            }
-            userId = user.getId();
-        }
-
-        SessionUser sessionUser = SessionUser.fromUser(user, SessionUtils.getSessionId());
-        SessionUtils.putUser(sessionUser);
-        return new SimpleAuthenticationInfo(userId, password, getName());
-
-    }
-
-}