diff --git a/file-web/src/main/java/com/qiwenshare/file/config/exception/ExceptionConfig.java b/file-web/src/main/java/com/qiwenshare/file/config/exception/ExceptionConfig.java deleted file mode 100644 index ec3e96e..0000000 --- a/file-web/src/main/java/com/qiwenshare/file/config/exception/ExceptionConfig.java +++ /dev/null @@ -1,24 +0,0 @@ -package com.qiwenshare.file.config.exception; - -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import org.springframework.web.servlet.handler.SimpleMappingExceptionResolver; - -import java.util.Properties; - -@Configuration -public class ExceptionConfig { - - /** - * springMVC全局异常处理框架 - * @return - */ - @Bean - public SimpleMappingExceptionResolver resolver() { - SimpleMappingExceptionResolver resolver = new SimpleMappingExceptionResolver(); - Properties properties = new Properties(); - properties.setProperty("org.apache.shiro.authz.UnauthorizedException", "/403"); - resolver.setExceptionMappings(properties); - return resolver; - } -} \ No newline at end of file diff --git a/file-web/src/main/java/com/qiwenshare/file/config/shiro/MyShiroRealm.java b/file-web/src/main/java/com/qiwenshare/file/config/shiro/MyShiroRealm.java deleted file mode 100644 index b17e6c4..0000000 --- a/file-web/src/main/java/com/qiwenshare/file/config/shiro/MyShiroRealm.java +++ /dev/null @@ -1,87 +0,0 @@ -package com.qiwenshare.file.config.shiro; - -import com.qiwenshare.file.domain.UserBean; -import com.qiwenshare.file.service.UserService; -import org.apache.shiro.SecurityUtils; -import org.apache.shiro.authc.AuthenticationException; -import org.apache.shiro.authc.AuthenticationInfo; -import org.apache.shiro.authc.AuthenticationToken; -import org.apache.shiro.authc.SimpleAuthenticationInfo; -import org.apache.shiro.authz.AuthorizationInfo; -import org.apache.shiro.authz.SimpleAuthorizationInfo; -import org.apache.shiro.realm.AuthorizingRealm; -import org.apache.shiro.subject.PrincipalCollection; -import org.apache.shiro.util.ByteSource; - -import javax.annotation.Resource; -import java.util.HashMap; -import java.util.Map; - -public class MyShiroRealm extends AuthorizingRealm { - @Resource - private UserService userInfoService; - - public static Map qqLoginInfoMap = new HashMap<>(); - - @Override - protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { - System.out.println("权限配置-->MyShiroRealm.doGetAuthorizationInfo()"); - SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(); - - - return authorizationInfo; - } - - /*主要是用来进行身份认证的,也就是说验证用户输入的账号和密码是否正确。*/ - @Override - protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) - throws AuthenticationException { - //设置登录过期时间,永不过期 - SecurityUtils.getSubject().getSession().setTimeout(-1000L); - //获取用户的输入的账号. - String username = (String) token.getPrincipal(); - String password = new String((char[]) token.getCredentials()); - - UserBean qquserinfo = qqLoginInfoMap.get(username + password); - SimpleAuthenticationInfo authenticationInfo = null; - if (qquserinfo != null){ //qq登录 - qqLoginInfoMap.remove(username + password); - UserBean userInfo = userInfoService.selectUserByopenId(password); - - if (userInfo == null) { - return null; - } - - ByteSource byteSourceSalt = ByteSource.Util.bytes(userInfo.getSalt()); - authenticationInfo = new SimpleAuthenticationInfo( - userInfo, //用户名 - userInfo.getQqPassword(), //密码 - byteSourceSalt, - getName() //realm name - ); - }else { - - UserBean userInfo = userInfoService.findUserInfoByTelephone(username); - - if (userInfo == null) { - return null; - } - - ByteSource byteSourceSalt = ByteSource.Util.bytes(userInfo.getSalt()); - authenticationInfo = new SimpleAuthenticationInfo( - userInfo, //用户名 - userInfo.getPassword(), //密码 - byteSourceSalt, - getName() //realm name - ); - } - - //mailService.sendLoginSafeMail(userInfo); //登录邮件 - - return authenticationInfo; - } - - - - -} \ No newline at end of file diff --git a/file-web/src/main/java/com/qiwenshare/file/config/shiro/ShiroConfig.java b/file-web/src/main/java/com/qiwenshare/file/config/shiro/ShiroConfig.java deleted file mode 100644 index 8141282..0000000 --- a/file-web/src/main/java/com/qiwenshare/file/config/shiro/ShiroConfig.java +++ /dev/null @@ -1,143 +0,0 @@ -package com.qiwenshare.file.config.shiro; - -import com.qiwenshare.file.config.cors.MyCorsRegistration; -import org.apache.shiro.authc.credential.HashedCredentialsMatcher; -import org.apache.shiro.mgt.SecurityManager; -import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor; -import org.apache.shiro.spring.web.ShiroFilterFactoryBean; -import org.apache.shiro.web.mgt.DefaultWebSecurityManager; -import org.springframework.boot.web.servlet.FilterRegistrationBean; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import org.springframework.web.cors.UrlBasedCorsConfigurationSource; -import org.springframework.web.filter.CorsFilter; -import org.springframework.web.servlet.handler.SimpleMappingExceptionResolver; - -import java.util.LinkedHashMap; -import java.util.Map; -import java.util.Properties; - -@Configuration -public class ShiroConfig { - @Bean - public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) { - System.out.println("ShiroConfiguration.shirFilter()" + "mac"); - ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean(); - shiroFilterFactoryBean.setSecurityManager(securityManager); - //拦截器. - Map filterChainDefinitionMap = new LinkedHashMap(); - - //配置退出过滤器 - filterChainDefinitionMap.put("/logout", "logout"); - - // - //filterChainDefinitionMap.put("/user/userlogin", "authc"); - - // 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面 - //shiroFilterFactoryBean.setLoginUrl("/user/userlogin"); - // 登录成功后要跳转的链接 - //shiroFilterFactoryBean.setSuccessUrl("/user/userlogin"); - //未授权界面; - shiroFilterFactoryBean.setUnauthorizedUrl("/403"); - //filterChainDefinitionMap.put("/**", "perms"); - shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap); - return shiroFilterFactoryBean; - } - - /** - * 凭证匹配器 - * (由于我们的密码校验交给Shiro的SimpleAuthenticationInfo进行处理了 - * ) - * - * @return - */ - @Bean - public HashedCredentialsMatcher hashedCredentialsMatcher() { - HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher(); - hashedCredentialsMatcher.setHashAlgorithmName("md5");//散列算法:这里使用MD5算法; - hashedCredentialsMatcher.setHashIterations(1024);//散列的次数,比如散列两次,相当于 md5(md5("")); - return hashedCredentialsMatcher; - } - - @Bean - public MyShiroRealm myShiroRealm() { - MyShiroRealm myShiroRealm = new MyShiroRealm(); - myShiroRealm.setCredentialsMatcher(hashedCredentialsMatcher()); - return myShiroRealm; - } - - - @Bean - public SecurityManager securityManager() { - DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); - securityManager.setRealm(myShiroRealm()); - return securityManager; - } - -// @Bean -// public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator(){ -// DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator(); -// advisorAutoProxyCreator.setProxyTargetClass(true); -// return advisorAutoProxyCreator; -// } - - /** - * 开启shiro aop注解支持. - * 使用代理方式;所以需要开启代码支持; - * - * @param securityManager - * @return - */ - @Bean - public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) { - AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor(); - authorizationAttributeSourceAdvisor.setSecurityManager(securityManager); - return authorizationAttributeSourceAdvisor; - } - - @Bean(name = "simpleMappingExceptionResolver") - public SimpleMappingExceptionResolver - createSimpleMappingExceptionResolver() { - SimpleMappingExceptionResolver r = new SimpleMappingExceptionResolver(); - Properties mappings = new Properties(); - mappings.setProperty("DatabaseException", "databaseError");//数据库异常处理 - mappings.setProperty("UnauthorizedException", "403"); - r.setExceptionMappings(mappings); // None by default - r.setDefaultErrorView("error"); // No default - r.setExceptionAttribute("ex"); // Default is "exception" - //r.setWarnLogCategory("example.MvcLogger"); // No default - return r; - } - - @Bean - public FilterRegistrationBean filterRegistrationBean() { - // 对响应头进行CORS授权 - MyCorsRegistration corsRegistration = new MyCorsRegistration("*"); - - corsRegistration - //允许向该服务器提交请求的URI,*表示全部允许 - .allowedOrigins("*") - //允许提交请求的方法,*表示全部允许 - .allowedMethods("*") - //允许的头信息,*标识全部允许 - .allowedHeaders("*") - //暴露的头信息 - .exposedHeaders("access-control-allow-headers", - "access-control-allow-methods", - "access-control-allow-origin", - "access-control-max-age", - "X-Frame-Options") - //允许Cookie跨域,在做登录校验的时候有用CrossOrigin.DEFAULT_ALLOW_CREDENTIALS - .allowCredentials(true); - - // 注册CORS过滤器 - UrlBasedCorsConfigurationSource configurationSource = new UrlBasedCorsConfigurationSource(); - //第一个参数表示过滤的url,*表示过滤所有 - configurationSource.registerCorsConfiguration("/**", corsRegistration.getCorsConfiguration()); - CorsFilter corsFilter = new CorsFilter(configurationSource); - - return new FilterRegistrationBean(corsFilter); - } - - -} \ No newline at end of file diff --git a/file-web/src/main/java/com/qiwenshare/file/config/shiro/ShiroLoginFilter.java b/file-web/src/main/java/com/qiwenshare/file/config/shiro/ShiroLoginFilter.java deleted file mode 100644 index 9b303a9..0000000 --- a/file-web/src/main/java/com/qiwenshare/file/config/shiro/ShiroLoginFilter.java +++ /dev/null @@ -1,51 +0,0 @@ -package com.qiwenshare.file.config.shiro; - -import org.springframework.boot.web.servlet.ServletComponentScan; -import org.springframework.core.annotation.Order; -import org.springframework.stereotype.Component; - -import javax.servlet.*; -import javax.servlet.annotation.WebFilter; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; - -@Order(-100) -@Component -@ServletComponentScan -@WebFilter(urlPatterns = "/*",filterName = "shiroLoginFilter") -public class ShiroLoginFilter implements Filter { - - @Override - public void init(FilterConfig filterConfig) throws ServletException { - } - - @Override - public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException { - HttpServletResponse response = (HttpServletResponse) servletResponse; - HttpServletRequest request = (HttpServletRequest) servletRequest; - // 允许哪些Origin发起跨域请求 - String orgin = request.getHeader("Origin"); - // response.setHeader( "Access-Control-Allow-Origin", config.getInitParameter( "AccessControlAllowOrigin" ) ); - response.setHeader( "Access-Control-Allow-Origin", orgin ); - // 允许请求的方法 - response.setHeader( "Access-Control-Allow-Methods", "POST,GET,OPTIONS,DELETE,PUT" ); - //多少秒内,不需要再发送预检验请求,可以缓存该结果 - response.setHeader( "Access-Control-Max-Age", "3600" ); - // 表明它允许跨域请求包含xxx头 - response.setHeader( "Access-Control-Allow-Headers", "x-auth-token,Origin,Access-Token,X-Requested-With,Content-Type, Accept" ); - //是否允许浏览器携带用户身份信息(cookie) - response.setHeader( "Access-Control-Allow-Credentials", "true" ); - //prefight请求 - if (request.getMethod().equals( "OPTIONS" )) { - response.setStatus( 200 ); - return; - } - chain.doFilter( servletRequest, response ); - } - - @Override - public void destroy() { - - } -} \ No newline at end of file diff --git a/file-web/src/main/java/com/qiwenshare/file/service/FileService.java b/file-web/src/main/java/com/qiwenshare/file/service/FileService.java index ef62be8..3868648 100644 --- a/file-web/src/main/java/com/qiwenshare/file/service/FileService.java +++ b/file-web/src/main/java/com/qiwenshare/file/service/FileService.java @@ -4,6 +4,7 @@ import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl; import com.qiwenshare.common.cbb.DateUtil; import com.qiwenshare.common.operation.FileOperation; import com.qiwenshare.common.oss.AliyunOSSDelete; +import com.qiwenshare.common.util.FileUtil; import com.qiwenshare.common.util.PathUtil; import com.qiwenshare.file.api.IFileService; import com.qiwenshare.file.config.AliyunConfig; @@ -99,7 +100,6 @@ public class FileService extends ServiceImpl implements IF @Override public void deleteFile(FileBean fileBean, UserBean sessionUserBean) { - //UserBean sessionUserBean = (UserBean) SecurityUtils.getSubject().getPrincipal(); StorageBean storageBean = filetransferService.selectStorageBean(new StorageBean(sessionUserBean.getUserId())); long deleteSize = 0; String fileUrl = PathUtil.getStaticPath() + fileBean.getFileUrl(); @@ -117,10 +117,13 @@ public class FileService extends ServiceImpl implements IF deleteSize += file.getFileSize(); //1.3、删除服务器文件,只删除文件,目录是虚拟的 if (file.getFileUrl() != null && file.getFileUrl().indexOf("upload") != -1){ - if (file.getIsOSS() == 1) { + if (file.getIsOSS() != null && file.getIsOSS() == 1) { AliyunOSSDelete.deleteObject(qiwenFileConfig.getAliyun().getOss(), file.getFileUrl().substring(1)); } else { FileOperation.deleteFile(PathUtil.getStaticPath() + file.getFileUrl()); + if (FileUtil.isImageFile(file.getExtendName())) { + FileOperation.deleteFile(PathUtil.getStaticPath() + file.getFileUrl().replace(file.getTimeStampName(), file.getTimeStampName() + "_min")); + } } } @@ -136,10 +139,13 @@ public class FileService extends ServiceImpl implements IF } //删除服务器文件 if (fileBean.getFileUrl() != null && fileBean.getFileUrl().indexOf("upload") != -1){ - if (fileBean.getIsOSS() == 1) { + if (fileBean.getIsOSS() != null && fileBean.getIsOSS() == 1) { AliyunOSSDelete.deleteObject(qiwenFileConfig.getAliyun().getOss(), fileBean.getFileUrl().substring(1)); } else { FileOperation.deleteFile(fileUrl); + if (FileUtil.isImageFile(fileBean.getExtendName())) { + FileOperation.deleteFile(PathUtil.getStaticPath() + fileBean.getFileUrl().replace(fileBean.getTimeStampName(), fileBean.getTimeStampName() + "_min")); + } } } }