去除shiro

yt-app/app-service/pom.xml

@@ -20,16 +20,6 @@
     </properties>
 
     <dependencies>
-        <dependency>
-            <groupId>org.apache.shiro</groupId>
-            <artifactId>shiro-spring</artifactId>
-            <version>${shiro.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.crazycake</groupId>
-            <artifactId>shiro-redis</artifactId>
-            <version>3.2.3</version>
-        </dependency>
         <dependency>
             <groupId>mysql</groupId>
             <artifactId>mysql-connector-java</artifactId>

yt-app/app-service/src/main/java/com/ytpm/config/YtWebMvcConfigurerAdapter.java

@@ -1,8 +1,6 @@
 package com.ytpm.config;
 
 import com.ytpm.config.interceptor.HttpInterceptor;
-import com.ytpm.config.interceptor.PostHttpRequestInterceptor;
-import com.ytpm.config.interceptor.UserActionInterceptor;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
@@ -14,18 +12,9 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 @Configuration
 public class YtWebMvcConfigurerAdapter implements WebMvcConfigurer {
 
-    @Autowired
-    private UserActionInterceptor userActionInterceptor;
-    @Autowired
-    private PostHttpRequestInterceptor postHttpRequestInterceptor;
 
     @Override
     public void addInterceptors(InterceptorRegistry registry) {
         registry.addInterceptor(new HttpInterceptor()).addPathPatterns("/**").excludePathPatterns("/resources/**");
-        registry.addInterceptor(userActionInterceptor).addPathPatterns("/**").excludePathPatterns("/ad/**","/user/**","/wx/**","/question/**","/sys/toLogin*","/login/**","/resources/**","/fastDFS/**","/error",
-                "/doc.html","/api/v2/**","/v2/api-docs", "/configuration/ui", "/swagger-resources", "/configuration/security",
-                "/swagger-ui.html", "/webjars/**","/swagger-resources/configuration/ui","/swagger-ui.html");
-        registry.addInterceptor(postHttpRequestInterceptor).addPathPatterns("/**").excludePathPatterns("/sys/toLogin*","/resources/**"
-                ,"/login/**","/fastDFS/**","/error","/file/**","/customer/saveImageByOne");
     }
 }

yt-app/app-service/src/main/java/com/ytpm/config/interceptor/PostHttpRequestInterceptor.java

@@ -1,64 +0,0 @@
-package com.ytpm.config.interceptor;
-
-import com.alibaba.fastjson.JSON;
-import com.ytpm.constant.StrConstant;
-import com.ytpm.general.Result;
-import com.ytpm.general.StatusCode;
-import com.ytpm.app.model.ActiveUser;
-import com.ytpm.app.model.YtDyzUser;
-import com.ytpm.util.RedisService;
-import lombok.extern.slf4j.Slf4j;
-import org.apache.shiro.SecurityUtils;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
-import org.springframework.web.servlet.HandlerInterceptor;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-/**
- * Post 请求拦截器 记录用户操作行为
-
- */
-@Slf4j(topic = "请求拦截器")
-@Component
-public class PostHttpRequestInterceptor implements HandlerInterceptor {
-
-    @Autowired
-    private RedisService redisService;
-
-    @Override
-    public boolean preHandle(HttpServletRequest request,
-                             HttpServletResponse response, Object obj) throws Exception {
-        try {   //POST方法记录日志
-            if ("POST".equalsIgnoreCase(request.getMethod())) {
-                ActiveUser activeUser = (ActiveUser) SecurityUtils.getSubject().getPrincipal();
-                String userName = null;
-                String userId = null;
-                String ip = request.getRemoteAddr();
-                String uri = request.getRequestURI();
-                if (activeUser != null) {
-                    YtDyzUser user = activeUser.getUser();
-                    userName = user.getNickName();
-                    userId = user.getUserId();
-                    String redisKey = StrConstant.POST_SUBMIT_TIMES +userId+"_"+uri;
-                    long submitTimes = redisService.incrByExp(redisKey,500);
-                    if(submitTimes>1){
-                        log.error("post   error .....userId={},uri={}",userId,uri);
-                        response.setContentType("application/json;charset=utf-8");
-                        Result responseResult = new Result(StatusCode.ERROR, "操作太频繁，请稍后再试。");
-                        response.getWriter().print(JSON.toJSON(responseResult));
-                        return  false;
-                    }
-                }
-                //TODO 保存用户操作记录
-            }
-        } catch (Exception e) {
-            e.printStackTrace();
-            log.error("PostHttpRequestInterceptor error={}", e);
-        }
-        return true;
-    }
-
-
-}

yt-app/app-service/src/main/java/com/ytpm/config/interceptor/UserActionInterceptor.java

@@ -1,88 +0,0 @@
-package com.ytpm.config.interceptor;
-
-import com.ytpm.constant.StrConstant;
-import com.ytpm.general.Result;
-import com.ytpm.app.model.ActiveUser;
-import com.ytpm.app.model.YtDyzUser;
-import com.ytpm.util.ShiroFilterUtils;
-import lombok.extern.slf4j.Slf4j;
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.web.util.WebUtils;
-import org.springframework.stereotype.Component;
-import org.springframework.web.servlet.HandlerInterceptor;
-import org.springframework.web.servlet.ModelAndView;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-
-@Slf4j(topic = "用户登录/授权拦截器")
-@Component
-public class UserActionInterceptor implements HandlerInterceptor {
-
-
-    /**
-     * 退出后重定向的地址
-     */
-    private final String kickoutUrl = "/sys/toLogin";
-
-    @Override
-    public void afterCompletion(HttpServletRequest request,
-                                HttpServletResponse response, Object obj, Exception e)
-            throws Exception {
-        // TODO Auto-generated method stub
-//        logger.debug("整个请求完成之后调用。DispatcherServlet视图渲染完成之后。（主要是用于进行资源清理工作）");
-
-    }
-
-    @Override
-    public void postHandle(HttpServletRequest request,
-                           HttpServletResponse response, Object obj, ModelAndView mv)
-            throws Exception {
-        // TODO Auto-generated method stub
-//        logger.debug("请求处理之后调用；在视图渲染之前，controller处理之后。");
-
-    }
-
-    @Override
-    public boolean preHandle(HttpServletRequest request,
-                             HttpServletResponse response, Object obj) throws Exception {
-//        logger.debug("请求到达后台方法之前调用（controller之前）");
-        // 1. SecurityUtils获取session中的用户信息
-        // HttpSession session=request.getSession();
-        try {
-            ActiveUser activeUser = (ActiveUser) SecurityUtils.getSubject().getPrincipal();
-            if (activeUser != null) {
-                YtDyzUser user =activeUser.getUser();
-                request.setAttribute("userId",user.getUserId());
-                return true;
-            }
-            SecurityUtils.getSubject().logout();
-        } catch (Exception e) {
-            e.printStackTrace();
-            log.error("登录拦截器异常url={},e={}", request.getRequestURI(), e);
-        }
-        isAjaxResponse(request, response);
-        return false;
-    }
-
-    private boolean isAjaxResponse(HttpServletRequest request,
-                                   HttpServletResponse response) throws IOException {
-        /**
-         * 判断是否已经踢出
-         * 1.如果是Ajax 访问，那么给予json返回值提示。
-         * 2.如果是普通请求，直接跳转到登录页
-         */
-        //判断是不是Ajax请求s
-        if (ShiroFilterUtils.isAjax(request)) {
-            log.debug(getClass().getName() + "，判断已经踢出，重新登录后生效！");
-            Result responseResult = new Result(StrConstant.LOG_OUT, "重新登录");
-            ShiroFilterUtils.out(response, responseResult);
-        } else {
-            // 重定向
-            WebUtils.issueRedirect(request, response, kickoutUrl);
-        }
-        return false;
-    }
-
-}

yt-app/app-service/src/main/java/com/ytpm/config/shiro/ShiroAutoConfiguration.java

@@ -1,300 +0,0 @@
-package com.ytpm.config.shiro;
-
-import com.ytpm.util.MyRedisManager;
-import lombok.Data;
-import lombok.extern.slf4j.Slf4j;
-import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
-import org.apache.shiro.mgt.SecurityManager;
-import org.apache.shiro.session.mgt.SessionManager;
-import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
-import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
-import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
-import org.apache.shiro.web.servlet.SimpleCookie;
-import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
-import org.crazycake.shiro.RedisCacheManager;
-import org.crazycake.shiro.RedisManager;
-import org.crazycake.shiro.RedisSessionDAO;
-import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication.Type;
-import org.springframework.boot.context.properties.ConfigurationProperties;
-import org.springframework.boot.web.servlet.FilterRegistrationBean;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.web.filter.DelegatingFilterProxy;
-
-import javax.servlet.Filter;
-import java.util.HashMap;
-import java.util.Map;
-
-/**
- * 
- * @author gkHuang
- *
- */
-@Slf4j(topic = "shiro 自动装配")
-@Configuration
-@ConditionalOnWebApplication(type = Type.SERVLET)
-@ConditionalOnClass(value = { SecurityManager.class })
-@ConfigurationProperties(prefix = "shiro")
-@Data
-public class ShiroAutoConfiguration {
-
-	private static final String SHIRO_DIALECT = "shiroDialect";
-	private static final String SHIRO_FILTER = "shiroFilter";
-	private String hashAlgorithmName = "md5";// 加密方式
-	private int hashIterations = 2;// 散列次数
-	private String loginUrl = "/sys/toLogin";// 默认的登录页面
-	private String[] anonUrls;
-	private String logOutUrl;
-	private String[] authcUlrs;
-	@Value("${spring.redis.host}")
-	private static String redisHost;
-	@Value("${spring.redis.port}")
-	private static String redisPort;
-	@Value("${spring.redis.database}")
-	private static int redisDB;
-	@Value("${spring.redis.password}")
-	private static String redisPwd;
-
-	@Autowired
-	private MyRedisManager myRedisManager;
-
-	/**
-	 * 配置shiro的过滤器
-	 *
-	 */
-	@Bean(SHIRO_FILTER)
-	public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
-		ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
-		// 设置安全管理器
-		factoryBean.setSecurityManager(securityManager);
-		// 设置未登录的时要跳转的页面
-		factoryBean.setLoginUrl(loginUrl);
-		Map<String, String> filterChainDefinitionMap = new HashMap<>();
-		// 设置放行的路径
-		if (anonUrls != null && anonUrls.length > 0) {
-			for (String anon : anonUrls) {
-				filterChainDefinitionMap.put(anon, "anon");
-			}
-		}
-		// 设置登出的路径
-		if (null != logOutUrl) {
-			filterChainDefinitionMap.put(logOutUrl, "logout");
-		}
-		// 设置拦截的路径
-		if (authcUlrs != null && authcUlrs.length > 0) {
-			for (String authc : authcUlrs) {
-				filterChainDefinitionMap.put(authc, "authc");
-			}
-		}
-		filterChainDefinitionMap.put("/api/v2/**", "anon");
-		filterChainDefinitionMap.put("/doc.html", "anon");
-		filterChainDefinitionMap.put("/v2/api-docs", "anon");
-		filterChainDefinitionMap.put("/configuration/ui", "anon");
-		filterChainDefinitionMap.put("/swagger-resources/**", "anon");
-		filterChainDefinitionMap.put("/configuration/security", "anon");
-		filterChainDefinitionMap.put("/swagger-ui.html", "anon");
-		filterChainDefinitionMap.put("/webjars/**", "anon");
-		filterChainDefinitionMap.put("/swagger-resources/configuration/ui", "anon");
-//		filterChainDefinitionMap.put("/**", "authc");
-
-		Map<String, Filter> filters=new HashMap<>();
-//		filters.put("authc", new ShiroLoginFilter());
-		//配置过滤器
-		factoryBean.setFilters(filters);
-		factoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
-		return factoryBean;
-	}
-
-	/**
-	 * 注册shiro的委托过滤器，相当于之前在web.xml里面配置的
-	 *
-	 * @return
-	 */
-	@Bean
-	public FilterRegistrationBean<DelegatingFilterProxy> delegatingFilterProxy() {
-		FilterRegistrationBean<DelegatingFilterProxy> filterRegistrationBean = new FilterRegistrationBean<DelegatingFilterProxy>();
-		DelegatingFilterProxy proxy = new DelegatingFilterProxy();
-		proxy.setTargetFilterLifecycle(true);
-		proxy.setTargetBeanName(SHIRO_FILTER);
-		filterRegistrationBean.setFilter(proxy);
-		return filterRegistrationBean;
-	}
-
-	/**
-	 *  核心安全事务管理器
-	 * 配置SecurityManager
-	 */
-	@Bean("securityManager")
-	public SecurityManager securityManager() {
-		DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
-		// 设置realm.
-		securityManager.setRealm(userRealm());
-		// 自定义缓存实现 使用redis
-		securityManager.setCacheManager(cacheManager());
-		// 自定义session管理 使用redis
-		securityManager.setSessionManager(sessionManager());
-		return securityManager;
-	}
-
-
-	/**
-	 * cacheManager 缓存 redis实现
-	 * 使用的是shiro-redis开源插件
-	 *
-	 * @return
-	 */
-	public RedisCacheManager cacheManager() {
-		RedisCacheManager redisCacheManager = new RedisCacheManager();
-		redisCacheManager.setRedisManager(redisManager());
-		//redis中针对不同用户缓存
-		redisCacheManager.setPrincipalIdFieldName("id");
-		//用户权限信息缓存时间 秒（12h）
-		redisCacheManager.setExpire(43200);
-
-		return redisCacheManager;
-	}
-
-
-	/**
-	 * 配置shiro redisManager
-	 * 使用的是shiro-redis开源插件
-	 *
-	 * @return
-	 */
-	@Bean
-	public RedisManager redisManager() {
-//		RedisManager redisManager =myRedisManager;
-		RedisManager redisManager = new RedisManager();
-		redisManager.setHost(redisHost+":"+redisPort);
-		redisManager.setDatabase(redisDB);
-		redisManager.setPassword(redisPwd);
-		return redisManager;
-	}
-
-
-
-	/**
-	 * RedisSessionDAO shiro sessionDao层的实现 通过redis
-	 * 使用的是shiro-redis开源插件
-	 */
-	@Bean
-	public RedisSessionDAO redisSessionDAO() {
-		RedisSessionDAO redisSessionDAO = new RedisSessionDAO();
-		redisSessionDAO.setRedisManager(redisManager());
-		redisSessionDAO.setKeyPrefix("YT_SESSION_CACHE_");
-		return redisSessionDAO;
-	}
-
-
-	/**
-	 * 声明凭证匹配器
-	 */
-	@Bean("credentialsMatcher")
-	public HashedCredentialsMatcher hashedCredentialsMatcher() {
-		HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();
-		credentialsMatcher.setHashAlgorithmName(hashAlgorithmName);
-		credentialsMatcher.setHashIterations(hashIterations);
-		return credentialsMatcher;
-	}
-
-	/**
-	 * 声明userRealm
-	 */
-	@Bean("userRealm")
-	public UserRealm userRealm() {
-		UserRealm userRealm = new UserRealm();
-		// 注入凭证匹配器
-		userRealm.setCredentialsMatcher(hashedCredentialsMatcher());
-		//启用身份验证缓存，即缓存AuthenticationInfo信息，默认false
-		userRealm.setAuthenticationCachingEnabled(true);
-		//缓存AuthenticationInfo信息的缓存名称 在ehcache-shiro.xml中有对应缓存的配置
-		userRealm.setAuthenticationCacheName("authenticationCache");
-		//启用授权缓存，即缓存AuthorizationInfo信息，默认false
-		userRealm.setAuthorizationCachingEnabled(true);
-		//缓存AuthorizationInfo信息的缓存名称  在ehcache-shiro.xml中有对应缓存的配置
-		userRealm.setAuthorizationCacheName("authorizationCache");
-		return userRealm;
-	}
-
-
-
-	/**
-	 * 配置保存sessionId的cookie
-	 * 注意：这里的cookie 不是上面的记住我 cookie 记住我需要一个cookie session管理 也需要自己的cookie
-	 * 默认为: JSESSIONID 问题: 与SERVLET容器名冲突,重新定义为sid
-	 * @return
-	 */
-	@Bean("sessionIdCookie")
-	public SimpleCookie sessionIdCookie(){
-		//这个参数是cookie的名称
-		SimpleCookie simpleCookie = new SimpleCookie("sid");
-		//setcookie的httponly属性如果设为true的话，会增加对xss防护的安全系数。它有以下特点：
-
-		//setcookie()的第七个参数
-		//设为true后，只能通过http访问，javascript无法访问
-		//防止xss读取cookie
-//		simpleCookie.setHttpOnly(true);
-		simpleCookie.setPath("/");
-		//maxAge=-1表示浏览器关闭时失效此Cookie
-		simpleCookie.setMaxAge(-1);
-		return simpleCookie;
-	}
-
-
-
-	/**
-	 * 配置会话管理器，设定会话超时及保存
-	 * @return
-	 */
-	@Bean("sessionManager")
-	public SessionManager sessionManager() {
-		DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
-		sessionManager.setSessionIdCookie(sessionIdCookie());
-		sessionManager.setSessionDAO(redisSessionDAO());
-		sessionManager.setCacheManager(cacheManager());
-
-		//全局会话超时时间（单位毫秒），默认30分钟  1800000
-		sessionManager.setGlobalSessionTimeout(28800000);//8*60*60*1000 8个小时
-		//是否开启删除无效的session对象  默认为true
-		sessionManager.setDeleteInvalidSessions(true);
-		//是否开启定时调度器进行检测过期session 默认为true
-		sessionManager.setSessionValidationSchedulerEnabled(true);
-		//设置session失效的扫描时间, 清理用户直接关闭浏览器造成的孤立会话 默认为 1个小时
-		//设置该属性 就不需要设置 ExecutorServiceSessionValidationScheduler 底层也是默认自动调用ExecutorServiceSessionValidationScheduler
-		//暂时设置为 5秒 用来测试
-		sessionManager.setSessionValidationInterval(28800000);//8*60*60*1000 8个小时
-		//取消url 后面的 JSESSIONID
-		sessionManager.setSessionIdUrlRewritingEnabled(false);
-		return sessionManager;
-
-	}
-
-
-	/**
-	 * 加入注解的使用，不加入这个注解不生效
-	 * @param securityManager
-	 * @return
-	 */
-	@Bean
-	public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
-		AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
-		authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
-		return authorizationAttributeSourceAdvisor;
-	}
-	/**
-	 * 加入注解的使用，不加入这个注解不生效
-	 * @param
-	 * @return
-	 */
-	@Bean
-	public DefaultAdvisorAutoProxyCreator getDefaultAdvisorAutoProxyCreator() {
-		DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
-		advisorAutoProxyCreator.setProxyTargetClass(true);
-		return advisorAutoProxyCreator;
-	}
-}

yt-app/app-service/src/main/java/com/ytpm/config/shiro/ShiroLifecycleBeanPostProcessorConfig.java

@@ -1,18 +0,0 @@
-package com.ytpm.config.shiro;
-
-import org.apache.shiro.spring.LifecycleBeanPostProcessor;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-
-@Configuration
-public class ShiroLifecycleBeanPostProcessorConfig {
-
-	/**
-	 * 配置Shiro生命周期处理器
-	 * @return
-	 */
-	@Bean(name = "lifecycleBeanPostProcessor")
-	public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
-		return new LifecycleBeanPostProcessor();
-	}
-}

yt-app/app-service/src/main/java/com/ytpm/config/shiro/UserRealm.java

@@ -1,59 +0,0 @@
-package com.ytpm.config.shiro;
-
-import com.ytpm.app.model.ActiveUser;
-import com.ytpm.app.model.YtDyzUser;
-import com.ytpm.service.AppUserService;
-import org.apache.shiro.authc.AuthenticationException;
-import org.apache.shiro.authc.AuthenticationInfo;
-import org.apache.shiro.authc.AuthenticationToken;
-import org.apache.shiro.authc.SimpleAuthenticationInfo;
-import org.apache.shiro.authz.AuthorizationInfo;
-import org.apache.shiro.authz.SimpleAuthorizationInfo;
-import org.apache.shiro.realm.AuthorizingRealm;
-import org.apache.shiro.subject.PrincipalCollection;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.annotation.Lazy;
-
-
-//@Service
-public class UserRealm extends AuthorizingRealm {
-
-	@Autowired
-	@Lazy  //只有使用的时候才会加载
-	private AppUserService userService;
-
-	@Override
-	public String getName() {
-		return this.getClass().getSimpleName();
-	}
-
-	/**
-	 * 身份认证 / 登录，验证用户是不是拥有相应的身份；
-	 */
-	@Override
-	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
-		String openid = token.getPrincipal().toString();
-		YtDyzUser user = userService.selectByOpenid(openid);
-		if (null != user) {
-			ActiveUser activeUser = new ActiveUser();
-			activeUser.setUser(user);
-			activeUser.setId(user.getUserId());
-
-			//微信登录没有密码，这里默认使用昵称
-			SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(activeUser, user.getNickName(),
-					this.getName());
-			return info;
-		}
-		return null;
-	}
-
-	/**
-	 * 授权，即权限验证，验证某个已认证的用户是否拥有某个权限；
-	 */
-	@Override
-	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
-		SimpleAuthorizationInfo authorizationInfo=new SimpleAuthorizationInfo();
-		//TODO 用户授权认证
-		return authorizationInfo;
-	}
-}

yt-app/app-service/src/main/java/com/ytpm/controller/WxController.java

@@ -1,6 +1,5 @@
 package com.ytpm.controller;
 
-import cn.hutool.core.collection.CollUtil;
 import cn.hutool.core.util.IdUtil;
 import cn.hutool.core.util.StrUtil;
 import cn.hutool.http.HttpUtil;
@@ -19,22 +18,13 @@ import com.ytpm.feign.RiskFeign;
 import com.ytpm.general.RepMessage;
 import com.ytpm.general.Result;
 import com.ytpm.handle.CustomerException;
-import com.ytpm.app.model.ActiveUser;
 import com.ytpm.app.model.YtDyzLoginRecord;
 import com.ytpm.app.model.YtDyzPowerRecord;
 import com.ytpm.app.model.YtDyzUser;
-import com.ytpm.risk.view.RiskConfigView;
-import com.ytpm.risk.view.RiskTemplateView;
-import com.ytpm.util.DateUtil;
 import com.ytpm.util.RedisService;
-import com.ytpm.util.ShiroSubjectUtil;
-import com.ytpm.util.WebUtils;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import lombok.extern.slf4j.Slf4j;
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.authc.UsernamePasswordToken;
-import org.apache.shiro.subject.Subject;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.transaction.annotation.Transactional;
@@ -46,15 +36,9 @@ import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
 import javax.annotation.Resource;
-import java.lang.reflect.Field;
 import java.math.BigDecimal;
-import java.text.ParseException;
-import java.text.SimpleDateFormat;
-import java.util.Arrays;
 import java.util.Date;
-import java.util.List;
 import java.util.Objects;
-import java.util.stream.Collectors;
 
 
 @Slf4j
@@ -125,7 +109,6 @@ public class WxController {
             if(!old.getUserStatus().equals(UserStatusEnum.NORMAL.getCode())){
                 throw new CustomerException("当前用户处于"+UserStatusEnum.getByCode(old.getUserStatus())+"中,无法登录");
             }
-//            ShiroAuth(wxUserInfo);//Shiro 登录逻辑
             YtDyzUser newUser = new YtDyzUser();
             newUser.setNickName(wxUserInfo.getNickname());
             newUser.setHeadImg(wxUserInfo.getHeadimgurl());
@@ -159,21 +142,6 @@ public class WxController {
         return loginResult;
     }
 
-    /**
-     * Shiro 认证登录
-     */
-    private void ShiroAuth(WxUserInfo wxUserInfo) {
-        //获取当前用户Subject实例
-        Subject subject = SecurityUtils.getSubject();
-        UsernamePasswordToken token = new UsernamePasswordToken(wxUserInfo.getOpenid(), wxUserInfo.getNickname());
-        if(!subject.isAuthenticated()){
-            subject.login(token);
-            ActiveUser activeUser = (ActiveUser) subject.getPrincipal();
-            ShiroSubjectUtil.loginOut(activeUser.getUser());
-            WebUtils.getSession().setAttribute("user", activeUser.getUser());
-        }
-    }
-
     /**
      * 设置扩展信息
      */