@Test
public void shouldReadNewPrefixesPropertyAndIncludeOldPrefixProperty() {
    this.context.register(EnableAutoConfig.class);
    TestPropertyValues
            .of("edison.application.management.base-path=/internal")
            .and("edison.ldap.enabled=true")
            .and("edison.ldap.host=localhost")
            .and("edison.ldap.rdn-identifier=test-rdn")
            .and("edison.ldap.base-dn=test-dn")
            .and("edison.ldap.prefix=/deprecatedTestPrefix")
            .and("edison.ldap.prefixes=/newTestPrefix")
            .applyTo(context);
    this.context.refresh();

    final FilterRegistrationBean<?> filterRegistrationBean = this.context.getBean("ldapAuthenticationFilter", FilterRegistrationBean.class);
    final ArrayList<String> urlPatterns = new ArrayList<String>(filterRegistrationBean.getUrlPatterns());
    assertThat(urlPatterns, hasSize(2));
    assertThat(urlPatterns, containsInAnyOrder("/deprecatedTestPrefix/*", "/newTestPrefix/*"));
}
 

@Bean
@ConditionalOnWebApplication
@ConditionalOnClass(name = "net.hasor.web.startup.RuntimeFilter")
public FilterRegistrationBean<?> hasorRuntimeFilter() {
    Objects.requireNonNull(this.appContext, "AppContext is not inject.");
    Filter runtimeFilter = null;
    if (this.filterWorkAt == WorkAt.Filter) {
        runtimeFilter = new RuntimeFilter(this.appContext);    // 过滤器模式
    } else {
        runtimeFilter = new EmptyFilter();      // 拦截器模式
    }
    //
    FilterRegistrationBean<Filter> filterBean = //
            new FilterRegistrationBean<>(runtimeFilter);
    filterBean.setUrlPatterns(Collections.singletonList(this.filterPath));
    filterBean.setOrder(this.filterOrder);
    filterBean.setName(RuntimeFilter.class.getName());
    return filterBean;
}
 

@Bean
public FilterRegistrationBean druidWebStatFilter(DruidDataSourceProperties druidProperties) {
    log.debug("druid web-stat-filter init...");
    DruidWebStatProperties properties = druidProperties.getWebStat();
    FilterRegistrationBean registration = new FilterRegistrationBean(new WebStatFilter());
    registration.addUrlPatterns(properties.getUrlPatterns());
    registration.addInitParameter("exclusions", properties.getExclusions());
    registration.addInitParameter("sessionStatEnable", Boolean.toString(properties.isSessionStatEnable()));
    if (!StringUtils.isEmpty(properties.getSessionStatMaxCount())) {
        registration.addInitParameter("sessionStatMaxCount",Integer.toString(properties.getSessionStatMaxCount()));
    }
    if (!StringUtils.isEmpty(properties.getPrincipalSessionName())) {
        registration.addInitParameter("principalSessionName", properties.getPrincipalSessionName());
    }
    if (!StringUtils.isEmpty(properties.getPrincipalCookieName())) {
        registration.addInitParameter("principalCookieName", properties.getPrincipalCookieName());
    }
    registration.addInitParameter("profileEnable", Boolean.toString(properties.isProfileEnable()));
    return registration;
}
 

/**
 * 默认的登录验证过滤器
 */
@Bean("authc")
public FilterRegistrationBean<TrustableFormAuthenticatingFilter> authenticationFilter(
		@Autowired(required = false) List<LoginListener> loginListeners,
		ShiroBizProperties properties) {
	
	TrustableFormAuthenticatingFilter authcFilter = new TrustableFormAuthenticatingFilter();

	// 是否验证验证码
	authcFilter.setCaptchaEnabled(properties.isEnabled());
	// 登录监听：实现该接口可监听账号登录失败和成功的状态，从而做业务系统自己的事情，比如记录日志
	authcFilter.setLoginListeners(loginListeners);
	
	//authcFilter.setSessionStateless(properties.isSessionStateless());
	
	/*
	 * * 自定义Filter通过@Bean注解后，被Spring Boot自动注册到了容器的Filter
	 * chain中，这样导致的结果是，所有URL都会被自定义Filter过滤， 而不是Shiro中配置的一部分URL。下面方式可以解决该问题
	 */

	FilterRegistrationBean<TrustableFormAuthenticatingFilter> registration = new FilterRegistrationBean<TrustableFormAuthenticatingFilter>(
			authcFilter);
	registration.setEnabled(false);
	return registration;
}
 

@Test
public void ensureBackwardsCompatibilityForPrefixesProperty() {
    this.context.register(EnableAutoConfig.class);
    TestPropertyValues
            .of("edison.application.management.base-path=/internal")
            .and("edison.ldap.enabled=true")
            .and("edison.ldap.host=localhost")
            .and("edison.ldap.rdn-identifier=test-rdn")
            .and("edison.ldap.base-dn=test-dn")
            .and("edison.ldap.prefix=/deprecatedTestPrefix")
            .applyTo(context);
    this.context.refresh();

    final FilterRegistrationBean<?> filterRegistrationBean = this.context.getBean("ldapAuthenticationFilter", FilterRegistrationBean.class);
    final ArrayList<String> urlPatterns = new ArrayList<String>(filterRegistrationBean.getUrlPatterns());
    assertThat(urlPatterns, hasSize(1));
    assertThat(urlPatterns, containsInAnyOrder("/deprecatedTestPrefix/*"));
}
 

/**
 * xss过滤拦截器
 */
@Bean
public FilterRegistrationBean<Filter> xssFilterRegistrationBean() {
    FilterRegistrationBean<Filter> filterRegistrationBean = new FilterRegistrationBean<>();
    filterRegistrationBean.setFilter(new XssFilter());
    filterRegistrationBean.setOrder(Integer.MAX_VALUE - 1);
    filterRegistrationBean.setEnabled(true);
    filterRegistrationBean.addUrlPatterns("/*");
    Map<String, String> initParameters = new HashMap<>();
    // excludes用于配置不需要参数过滤的请求url
    initParameters.put("excludes", "/favicon.ico,/img/*,/js/*,/css/*");
    // isIncludeRichText主要用于设置富文本内容是否需要过滤  TODO: 好像无效
    initParameters.put("isIncludeRichText", "true");
    // 配置过滤URL白名单
    initParameters.put(Constants.XSS_NOTICE_KEY, "");
    filterRegistrationBean.setInitParameters(initParameters);
    return filterRegistrationBean;
}
 

/*********************************************************************************************************/
//shiro设置
@Bean
public FilterRegistrationBean filterRegistrationBean() {
    FilterRegistrationBean<DelegatingFilterProxy> registration = new FilterRegistrationBean<>();
    registration.setFilter(new DelegatingFilterProxy());
    registration.addUrlPatterns("/api/*");
    registration.addInitParameter("targetFilterLifecycle", "true");
    registration.setName("shiroFilter");//名字必须和ShiroFilterFactoryBean一样
    return registration;
}
 

/**
 * 该过滤器用于实现单点登出功能，单点退出配置，一定要放在其他filter之前
 *
 * @return
 */
@Bean
public FilterRegistrationBean singleSignOutFilter() {
    FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
    filterRegistration.setFilter(new SingleSignOutFilter());
    filterRegistration.setEnabled(casEnabled);
    if (autoconfig.getSignOutFilters().size() > 0) {
        filterRegistration.setUrlPatterns(autoconfig.getSignOutFilters());
    } else {
        filterRegistration.addUrlPatterns("/*");
    }
    filterRegistration.addInitParameter("casServerUrlPrefix", autoconfig.getCasServerUrlPrefix());
    filterRegistration.setOrder(3);
    return filterRegistration;
}
 

@Bean
public FilterRegistrationBean<CrnFilter> crnFilterRegistrationBean() {
    FilterRegistrationBean<CrnFilter> registrationBean = new FilterRegistrationBean<>();
    CrnFilter filter = new CrnFilter();
    registrationBean.setFilter(filter);
    registrationBean.setOrder(CRN_FILTER_ORDER);
    return registrationBean;
}
 

@Bean
public FilterRegistrationBean shiroFilterRegistration() {
    FilterRegistrationBean registration = new FilterRegistrationBean();
    registration.setFilter(new DelegatingFilterProxy("shiroFilter"));
    //该值缺省为false，表示生命周期由SpringApplicationContext管理，设置为true则表示由ServletContainer管理
    registration.addInitParameter("targetFilterLifecycle", "true");
    registration.setEnabled(true);
    registration.setOrder(Integer.MAX_VALUE - 1);
    registration.addUrlPatterns("/*");
    return registration;
}
 

@Bean
public FilterRegistrationBean characterEncodingFilterRegistration() {
    FilterRegistrationBean registrationBean =
            new FilterRegistrationBean(characterEncodingFilter());
    registrationBean.setName("CharacterEncodingFilter");
    registrationBean.addUrlPatterns("/*");
    registrationBean.setOrder(1);
    return registrationBean;
}
 

/**
 * 取消 Shiro Filter 的/*自动注册行为
 * @param filter
 * @return
 */
@Bean
public FilterRegistrationBean disableRegistrationLogout(EasyLogoutFilter filter) {
    FilterRegistrationBean registration = new FilterRegistrationBean(filter);
    registration.setEnabled(false);
    return registration;
}
 

/***
	 * 异常解释
	 * @return
	 */
//	@Bean(BootWebCommonAutoConfig.BEAN_NAME_EXCEPTION_RESOLVER)
	/*@Bean
	public ResponseEntityExceptionHandler responseEntityExceptionHandler(){
		BootWebExceptionHandler handler = new BootWebExceptionHandler();
		return handler;
	}*/
	
	@Bean
	public FilterRegistrationBean requestContextFilter(){
		FilterRegistrationBean registration = new FilterRegistrationBean(new BootRequestContextFilter());
		registration.setOrder(Ordered.HIGHEST_PRECEDENCE+100);
		registration.setName("requestContextFilter");
		return registration;
	}
 

@Bean
public FilterRegistrationBean webStatFilter() {
    FilterRegistrationBean bean = new FilterRegistrationBean();
    bean.setFilter(new WebStatFilter());

    Map<String, String> initParams = new HashMap<>();
    initParams.put("exclusions", "*.js,*.css,/druid/*");

    bean.setInitParameters(initParams);

    bean.setUrlPatterns(Arrays.asList("/*"));

    return bean;
}
 

@Bean
public FilterRegistrationBean<OAuth2ClientContextFilter> oauth2ClientFilterRegistration(
		OAuth2ClientContextFilter filter, SecurityProperties security) {
	FilterRegistrationBean<OAuth2ClientContextFilter> registration = new FilterRegistrationBean<>();
	registration.setFilter(filter);
	registration.setOrder(security.getFilter().getOrder() - 10);
	return registration;
}
 

@SuppressWarnings({ "rawtypes", "unchecked" })
@Bean
   public FilterRegistrationBean containerBasedAuthenticationFilter(){

       FilterRegistrationBean filterRegistration = new FilterRegistrationBean();
       filterRegistration.setFilter(new ContainerBasedAuthenticationFilter());
       filterRegistration.setInitParameters(Collections.singletonMap("authentication-provider", "org.camunda.bpm.extension.keycloak.showcase.sso.KeycloakAuthenticationProvider"));
       filterRegistration.setOrder(101); // make sure the filter is registered after the Spring Security Filter Chain
       filterRegistration.addUrlPatterns("/app/*");
       return filterRegistration;
   }
 

@Bean
    public FilterRegistrationBean testFilterRegistration() {
        FilterRegistrationBean registration = new FilterRegistrationBean();
        registration.setFilter(new MyFilter());
        //过滤掉 /getUser 和/hello 的请求
        registration.addUrlPatterns("/getUser","/hello");
        //过滤掉所有请求
//      registration.addUrlPatterns("/*");
        registration.addInitParameter("paramName", "paramValue");
        registration.setName("MyFilter");
        registration.setOrder(1);
        return registration;
    }
 

@Bean
@SuppressWarnings({"rawtypes", "unchecked"}) // generic as of Spring Boot 2
public FilterRegistrationBean tracingFilter(
        final Tracer tracer) {

    final TracingFilter filter = new TracingFilter(tracer, emptyList(), null);
    final FilterRegistrationBean bean = new FilterRegistrationBean(filter);
    bean.setAsyncSupported(true);

    return bean;
}
 

@Bean
public FilterRegistrationBean filterLoginRegistration() {
    FilterRegistrationBean registration = new FilterRegistrationBean();
    //注入过滤器
    registration.setFilter(new LoginFilter());
    //拦截规则
    registration.addUrlPatterns("/member.html");
    //过滤器名称
    registration.setName("LoginFilter");
    //是否自动注册 false 取消Filter的自动注册
    registration.setEnabled(true);
    //过滤器顺序
    registration.setOrder(1);
    return registration;
}
 

@Bean
public FilterRegistrationBean catFilter() {
    FilterRegistrationBean registration = new FilterRegistrationBean();
    CatServletFilter filter = new CatServletFilter();
    registration.setFilter(filter);
    registration.addUrlPatterns("/*");
    registration.setName("cat-filter");
    registration.setOrder(1);
    return registration;
}
 

/**
 * 注册FilterRegistrationBean
 * @return
 */
@Bean
public FilterRegistrationBean<WebStatFilter> druidStatFilter() {
    FilterRegistrationBean<WebStatFilter> bean = new FilterRegistrationBean<>(new WebStatFilter());
    //添加过滤规则.
    bean.addUrlPatterns("/*");
    //添加不需要忽略的格式信息.
    bean.addInitParameter("exclusions","*.js,*.gif,*.jpg,*.png,*.css,*.ico,/druid/*");
    return bean;
}
 

@Bean
@ConditionalOnMissingBean(name = "juiserForwardedUserFilter")
public FilterRegistrationBean juiserForwardedUserFilter() {

    ForwardedUserFilterConfig cfg = juiserForwardedUserFilterConfig();

    Filter filter = new SpringForwardedUserFilter(forwardedHeaderConfig().getName(),
        juiserRequestUserFactory(),
        cfg.getRequestAttributeNames());

    FilterRegistrationBean bean = new FilterRegistrationBean();
    bean.setFilter(filter);
    bean.setEnabled(cfg.isEnabled());
    bean.setMatchAfter(cfg.isMatchAfter());
    bean.setOrder(cfg.getOrder());

    Set<DispatcherType> dispatcherTypes = cfg.getDispatcherTypes();
    if (!CollectionUtils.isEmpty(dispatcherTypes)) {
        bean.setDispatcherTypes(EnumSet.copyOf(dispatcherTypes));
    }
    Set<String> set = cfg.getServletNames();
    if (!CollectionUtils.isEmpty(set)) {
        bean.setServletNames(set);
    }
    set = cfg.getUrlPatterns();
    if (!CollectionUtils.isEmpty(set)) {
        bean.setUrlPatterns(set);
    }

    return bean;
}
 

@Bean
public FilterRegistrationBean<NakedDomainFilter> nakedDomainFilterRegistrationBean(EnvConfig envConfig) {
    FilterRegistrationBean<NakedDomainFilter> registrationBean =
            new FilterRegistrationBean<>(new NakedDomainFilter(envConfig));
    registrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE + 90); // before ReverseProxyFilter
    return registrationBean;
}
 

@Bean
public FilterRegistrationBean casAuthenticationFilterRegistrationBean(
        final CasAuthenticationFilter casAuthenticationFilter) {
    FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
    filterRegistrationBean.setFilter(casAuthenticationFilter);
    filterRegistrationBean.addUrlPatterns("/*");
    filterRegistrationBean.setOrder(3);
    return filterRegistrationBean;
}
 

@Bean
public FilterRegistrationBean<AssertionThreadLocalFilter> assertionThreadLocalFilter() {
	FilterRegistrationBean<AssertionThreadLocalFilter> filterRegistration = new FilterRegistrationBean<AssertionThreadLocalFilter>();
	filterRegistration.setFilter(new AssertionThreadLocalFilter());
	filterRegistration.setEnabled(casProperties.isEnabled());
	filterRegistration.addUrlPatterns(casProperties.getAssertionThreadLocalFilterUrlPatterns());
	filterRegistration.setOrder(6);
	return filterRegistration;
}
 

@Bean
public FilterRegistrationBean<HealthCheckFilter> healthCheckFilterRegistrationBean() {
    FilterRegistrationBean<HealthCheckFilter> registrationBean =
            new FilterRegistrationBean<>(new HealthCheckFilter());
    registrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE + 70); // before faviconFilter
    return registrationBean;
}
 

@Bean
public FilterRegistrationBean filterRegistrationBean() {
    FilterRegistrationBean<Filter> bean = new FilterRegistrationBean<>();
    bean.addUrlPatterns("/*");
    bean.setFilter(resourceServerFilter);
    return bean;
}
 

@Bean
public FilterRegistrationBean profilerFilterRegistration() {
    FilterRegistrationBean<Filter> registration = new FilterRegistrationBean<>();
    registration.setFilter(new PerfFilter());
    registration.addUrlPatterns("/*");
    registration.setName("profilerHttpFilter");
    registration.setOrder(1);

    return registration;
}
 

/**
 * druid监控 配置URI拦截策略
 */
@Bean
public FilterRegistrationBean druidStatFilter() {
    FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean(new WebStatFilter());
    //添加过滤规则.
    filterRegistrationBean.addUrlPatterns("/*");
    //添加不需要忽略的格式信息.
    filterRegistrationBean.addInitParameter(
            "exclusions", "/static/*,*.js,*.gif,*.jpg,*.png,*.css,*.ico,/druid,/druid/*");
    //用于session监控页面的用户名显示 需要登录后主动将username注入到session里
    filterRegistrationBean.addInitParameter("principalSessionName", "username");
    return filterRegistrationBean;
}
 

@Bean
public FilterRegistrationBean<CorsFilter> corsFilter() {
	UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
	CorsConfiguration config = new CorsConfiguration();
	config.setAllowCredentials(true);
	config.addAllowedOrigin("*");
	config.addAllowedHeader("*");
	config.addAllowedMethod("*");
	source.registerCorsConfiguration("/**", config);
	FilterRegistrationBean<CorsFilter> bean = new FilterRegistrationBean<>(new CorsFilter(source));
	bean.setOrder(0);
	return bean;
}