Single sign-on concept
Single Sign On, referred to as SSO, is one of the most popular solutions for enterprise business integration. The definition of SSO is that in multiple application systems, users only need to log in once to access all mutually trusted application systems. Login logic is shown in the above figure
Implementation based on Spring Family Bucket
Technical selection:
Client:
maven dependency
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId></dependency><dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId></dependency><dependency> <groupId>org.springframework.security.oauth</groupId> <artifactId>spring-security-oauth2</artifactId></dependency><dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-jwt</artifactId></dependency>
EnableOAuth2Sso Annotation
Entry class configuration @@EnableOAuth2Sso
@SpringBootApplicationpublic class PigSsoClientDemoApplication { public static void main(String[] args) { SpringApplication.run(PigSsoClientDemoApplication.class, args); }}Configuration File
security: oauth2: client: client-id: pig client-secret: pig user-authorization-uri: http://localhost:3000/oauth/authorize access-token-uri: http://localhost:3000/oauth/token scope: server resource: jwt: key-uri: http://localhost:3000/oauth/token_key sessions: never
SSO authentication server
Authentication server configuration
@Configuration@Order(Integer.MIN_VALUE)@EnableAuthorizationServerpublic class PigAuthorizationConfig extends AuthorizationServerConfigurerAdapter { @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception { clients.inMemory() .withClient(authServerConfig.getClientId()) .secret(authServerConfig.getClientSecret()) .authorizedGrantTypes(SecurityConstants.REFRESH_TOKEN, SecurityConstants.PASSWORD, SecurityConstants.AUTHORIZATION_CODE) .scopes(authServerConfig.getScope()); } @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) { endpoints .tokenStore(new RedisTokenStore(redisConnectionFactory)) .accessTokenConverter(jwtAccessTokenConverter()) .authenticationManager(authenticationManager) .exceptionTranslator(pigWebResponseExceptionTranslator) .reuseRefreshTokens(false) .userDetailsService(userDetailsService); } @Override public void configure(AuthorizationServerSecurityConfigurer security) throws Exception { security .allowFormAuthenticationForClients() .tokenKeyAccess("isAuthenticated()") .checkTokenAccess("permitAll()"); } @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } @Bean public JwtAccessTokenConverter jwtAccessTokenConverter() { JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter(); jwtAccessTokenConverter.setSigningKey(CommonConstant.SIGN_KEY); return jwtAccessTokenConverter; }}The above is all the content of this article. I hope it will be helpful to everyone's learning and I hope everyone will support Wulin.com more.