On branch 001-label-backend-spec

Changes to be committed: new file: src/main/java/com/label/common/shiro/BearerToken.java new file: src/main/java/com/label/common/shiro/ShiroConfig.java new file: src/main/java/com/label/common/shiro/TokenFilter.java new file: src/main/java/com/label/common/shiro/TokenPrincipal.java new file: src/main/java/com/label/common/shiro/UserRealm.java modified: src/main/java/com/label/common/statemachine/DatasetStatus.java new file: src/test/java/com/label/AbstractIntegrationTest.java new file: src/test/java/com/label/unit/StateMachineTest.java new file: src/test/resources/db/init.sql
2026-04-09 13:54:35 +08:00
parent 556f7b9672
commit 0cd99aa22c
9 changed files with 984 additions and 2 deletions
--- a/src/main/java/com/label/common/shiro/ShiroConfig.java
+++ b/src/main/java/com/label/common/shiro/ShiroConfig.java
@@ -0,0 +1,71 @@
+package com.label.common.shiro;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.label.common.redis.RedisService;
+import org.apache.shiro.mgt.SecurityManager;
+import org.apache.shiro.realm.Realm;
+import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
+import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+import jakarta.servlet.Filter;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * Shiro security configuration.
+ *
+ * Filter chain:
+ *   /api/auth/login  → anon  (no auth required)
+ *   /api/auth/logout → tokenFilter
+ *   /api/**          → tokenFilter (all other API endpoints require auth)
+ *   /actuator/**     → anon  (health check)
+ *   /**              → anon  (default)
+ *
+ * NOTE: spring.mvc.pathmatch.matching-strategy=ant_path_matcher MUST be set
+ * in application.yml for Shiro to work correctly with Spring Boot 3.
+ */
+@Configuration
+public class ShiroConfig {
+
+    @Bean
+    public UserRealm userRealm(RedisService redisService) {
+        return new UserRealm(redisService);
+    }
+
+    @Bean
+    public SecurityManager securityManager(UserRealm userRealm) {
+        DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
+        manager.setRealms(List.of(userRealm));
+        return manager;
+    }
+
+    @Bean
+    public TokenFilter tokenFilter(RedisService redisService, ObjectMapper objectMapper) {
+        return new TokenFilter(redisService, objectMapper);
+    }
+
+    @Bean
+    public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager,
+                                                          TokenFilter tokenFilter) {
+        ShiroFilterFactoryBean factory = new ShiroFilterFactoryBean();
+        factory.setSecurityManager(securityManager);
+
+        // Register custom filters
+        Map<String, Filter> filters = new LinkedHashMap<>();
+        filters.put("tokenFilter", tokenFilter);
+        factory.setFilters(filters);
+
+        // Filter chain definition (ORDER MATTERS - first match wins)
+        Map<String, String> filterChainDef = new LinkedHashMap<>();
+        filterChainDef.put("/api/auth/login", "anon");
+        filterChainDef.put("/actuator/**", "anon");
+        filterChainDef.put("/api/**", "tokenFilter");
+        filterChainDef.put("/**", "anon");
+        factory.setFilterChainDefinitionMap(filterChainDef);
+
+        return factory;
+    }
+}