單點登錄概念
單點登錄(Single Sign On),簡稱為SSO,是目前比較流行的企業業務整合的解決方案之一。 SSO的定義是在多個應用系統中,用戶只需要登錄一次就可以訪問所有相互信任的應用系統。登錄邏輯如上圖
基於Spring 全家桶的實現
技術選型:
客戶端:
maven依賴
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId></dependency><dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId></dependency><dependency> <groupId>org.springframework.security.oauth</groupId> <artifactId>spring-security-oauth2</artifactId></dependency><dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-jwt</artifactId></dependency>
EnableOAuth2Sso 註解
入口類配置@@EnableOAuth2Sso
@SpringBootApplicationpublic class PigSsoClientDemoApplication { public static void main(String[] args) { SpringApplication.run(PigSsoClientDemoApplication.class, args); }}配置文件
security: oauth2: client: client-id: pig client-secret: pig user-authorization-uri: http://localhost:3000/oauth/authorize access-token-uri: http://localhost:3000/oauth/token scope: server resource: jwt: key-uri: http://localhost:3000/oauth/token_key sessions: never
SSO認證服務器
認證服務器配置
@Configuration@Order(Integer.MIN_VALUE)@EnableAuthorizationServerpublic class PigAuthorizationConfig extends AuthorizationServerConfigurerAdapter { @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception { clients.inMemory() .withClient(authServerConfig.getClientId()) .secret(authServerConfig.getClientSecret()) .authorizedGrantTypes(SecurityConstants.REFRESH_TOKEN, SecurityConstants.PASSWORD,SecurityConstants.AUTHORIZATION_CODE) .scopes(authServerConfig.getScope()); } @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) { endpoints .tokenStore(new RedisTokenStore(redisConnectionFactory)) .accessTokenConverter(jwtAccessTokenConverter()) .authenticationManager(authenticationManager) .exceptionTranslator(pigWebResponseExceptionTranslator) .reuseRefreshTokens(false) .userDetailsService(userDetailsService); } @Override public void configure(AuthorizationServerSecurityConfigurer security) throws Exception { security .allowFormAuthenticationForClients() .tokenKeyAccess("isAuthenticated()") .checkTokenAccess("permitAll()"); } @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } @Bean public JwtAccessTokenConverter jwtAccessTokenConverter() { JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter(); jwtAccessTokenConverter.setSigningKey(CommonConstant.SIGN_KEY); return jwtAccessTokenConverter; }}以上就是本文的全部內容,希望對大家的學習有所幫助,也希望大家多多支持武林網。