技术知识总结 2022-2,3

shiro-redis

直接引入

        <dependency>
            <groupId>org.crazycake</groupId>
            <artifactId>shiro-redis</artifactId>
            <version>3.2.1</version>
        </dependency>

需要自定义逻辑的话，一些关键的实现（代码节选）
自定义认证和授权

        AuthorizingRealm myRealm = new AuthorizingRealm (){
            @Override
            protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
                // 自定义认证逻辑...
                return new SimpleAuthenticationInfo();
            }

            @Override
            protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
                // 自定义授权逻辑...
                return new SimpleAuthorizationInfo();
            }
        };

自定义过滤器

public class KickoutSessionFilter extends FormAuthenticationFilter {

    @Override
    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object o) {
        return false;
    }

    @Override
    protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
        // 过滤处理...
        return false;
    }
}

同时在ShiroConfig中配置上面的过滤器

    @Bean
    public ShiroFilterFactoryBean shiroFilter(DefaultWebSecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);

        // 自定义过滤
        Map<String, Filter> filterMap = shiroFilterFactoryBean.getFilters();
        KickoutSessionFilter kickoutSessionFilter = new KickoutSessionFilter();
        kickoutSessionFilter.setLoginUrl("/api/user/login");

        filterMap.put("oauth2", kickoutSessionFilter);
        shiroFilterFactoryBean.setFilters(filterMap);
        shiroFilterFactoryBean.setLoginUrl("/api/user/login");
        shiroFilterFactoryBean.setSuccessUrl("/");

        //注意此处使用的是LinkedHashMap，是有顺序的，shiro会按从上到下的顺序匹配验证，匹配了就不再继续验证
        //所以上面的url要苛刻，宽松的url要放在下面，尤其是"/**"要放到最下面，如果放前面的话其后的验证规则就没作用了。
        Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();

        filterChainDefinitionMap.put("/xxxx/xxxx", "oauth2");
        filterChainDefinitionMap.put("/**", "anon");

        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
        return shiroFilterFactoryBean;
    }

nginx 默认参数

client_max_body_size 默认为 1m
有上传文件操作的服务涉及到转发时 要注意这个值的设置

yapi

研究中

dockerfile

研究中

JAVA获取客户端ip

public static String getRemoteAddr(HttpServletRequest request) {  
        return request.getRemoteAddr();
}

在使用代理的情况下，可通过获取header中的属性

String[] HEADERS_TO_TRY = {   
        "X-Forwarded-For",  
        "Proxy-Client-IP",  
        "WL-Proxy-Client-IP",  
        "HTTP_X_FORWARDED_FOR",  
        "HTTP_X_FORWARDED",  
        "HTTP_X_CLUSTER_CLIENT_IP",  
        "HTTP_CLIENT_IP",  
        "HTTP_FORWARDED_FOR",  
        "HTTP_FORWARDED",  
        "HTTP_VIA",  
        "REMOTE_ADDR",  
        "X-Real-IP"}; 

其他实际问题

SpringBoot HikariPool 第一次连接超时