From 2f52e8c752122625f189ae7657e621db0d6d253c Mon Sep 17 00:00:00 2001
From: 李宇 <986321569@qq.com>
Date: 星期四, 28 一月 2021 09:39:19 +0800
Subject: [PATCH] 修改安全测评内容

---
 src/main/webapp/WEB-INF/spring-shiro.xml |   47 +++++++++++++++++++++++++++++++++++++++--------
 1 files changed, 39 insertions(+), 8 deletions(-)

diff --git a/src/main/webapp/WEB-INF/spring-shiro.xml b/src/main/webapp/WEB-INF/spring-shiro.xml
index 65070e9..357bd34 100644
--- a/src/main/webapp/WEB-INF/spring-shiro.xml
+++ b/src/main/webapp/WEB-INF/spring-shiro.xml
@@ -1,10 +1,10 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xmlns:util="http://www.springframework.org/schema/util"
+       xmlns:util="http://www.springframework.org/schema/util" xmlns:cache="http://www.springframework.org/schema/cache"
        xsi:schemaLocation="http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
-       http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
+       http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd http://www.springframework.org/schema/cache http://www.springframework.org/schema/cache/spring-cache.xsd">
 
     <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
 
@@ -60,8 +60,9 @@
     </bean>
 
     <!-- Cache Manager -->
-    <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
+    <bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheCacheManager">
         <property name="cacheManager" ref="ehcacheManager"/>
+        <property name="transactionAware" value="true"/>
     </bean>
 
     <!-- 如果有多个ehcacheManager要在bean加上p:shared="true" -->
@@ -69,9 +70,30 @@
         <property name="configLocation" value="WEB-INF/ehcache.xml"/>
     </bean>
 
+    <!-- cache注解，和spring-redis.xml中的只能使用一个 -->
+    <cache:annotation-driven cache-manager="cacheManager" proxy-target-class="true"/>
+
+    <bean id="shiroSpringCacheManager" class="com.nanometer.smartlab.realm.ShiroSpringCacheManager">
+        <property name="cacheManager" ref="cacheManager"></property>
+    </bean>
+
     <!--session manager-->
     <bean id="sessionManager"
-          class="org.apache.shiro.web.session.mgt.ServletContainerSessionManager">
+          class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
+        <!-- url上带sessionId 默认为true -->
+        <property name="sessionIdUrlRewritingEnabled" value="false"/>
+        <property name="sessionDAO" ref="sessionDAO"/>
+        <!-- cookie名称 -->
+        <property name="sessionIdCookie.name" value="gasid"/>
+        <!-- cookie生效路径 -->
+        <property name="sessionIdCookie.path" value="/"/>
+    </bean>
+
+    <!-- 会话DAO 用于会话的CRUD -->
+    <bean id="sessionDAO" class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO">
+        <!-- Session缓存名字，默认就是shiro-activeSessionCache -->
+        <property name="activeSessionsCacheName" value="activeSessionCache"/>
+        <property name="cacheManager" ref="shiroSpringCacheManager"/>
     </bean>
 
     <!--credentialsMatcher 密码加密-->
@@ -82,9 +104,9 @@
     </bean>
 
     <!--自定义 Realm-->
-    <bean id="authorizationRealm" class="com.nanometer.smartlab.realm.AuthorizationRealm">
-        <property name="credentialsMatcher" ref="md5Matcher"/>
-
+    <bean id="authorizationRealm" class="com.nanometer.smartlab.realm.ShiroDbRealm">
+        <constructor-arg index="0" name="cacheManager" ref="shiroSpringCacheManager"/>
+        <constructor-arg index="1" name="matcher" ref="credentialsMatcher"/>
         <!-- 启用身份验证缓存，即缓存AuthenticationInfo信息，默认false -->
         <property name="authenticationCachingEnabled" value="true"/>
         <!-- 缓存AuthenticationInfo信息的缓存名称 -->
@@ -92,12 +114,21 @@
         <!-- 缓存AuthorizationInfo信息的缓存名称 -->
         <property name="authorizationCacheName" value="authorizationCache"/>
     </bean>
+    <!-- 密码错误5次锁定5min -->
+    <bean id="credentialsMatcher" class="com.nanometer.smartlab.realm.RetryLimitCredentialsMatcher">
+        <constructor-arg ref="shiroSpringCacheManager"/>
+        <property name="retryLimitCacheName" value="fivMin"/>
+        <!-- 密码加密 1次md5,增强密码可修改此处 -->
+        <property name="hashAlgorithmName" value="MD5"/>
+        <property name="storedCredentialsHexEncoded" value="true"/>
+        <property name="hashIterations" value="1"/>
+    </bean>
 
     <!-- Security Manager -->
     <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
         <property name="realm" ref="authorizationRealm"/>
         <property name="rememberMeManager" ref="rememberMeManager"/>
-        <property name="cacheManager" ref="cacheManager"/>
+        <property name="cacheManager" ref="shiroSpringCacheManager"/>
         <property name="sessionManager" ref="sessionManager"/>
     </bean>
 

--
Gitblit v1.9.2