详解基于Spring Cloud几行配置完成单点登录开发
程序员文章站
2023-11-29 16:07:34
单点登录概念
单点登录(single sign on),简称为 sso,是目前比较流行的企业业务整合的解决方案之一。sso的定义是在多个应用系统中,用户只需要登录一次就可...
单点登录概念
单点登录(single sign on),简称为 sso,是目前比较流行的企业业务整合的解决方案之一。sso的定义是在多个应用系统中,用户只需要登录一次就可以访问所有相互信任的应用系统。登录逻辑如上图
基于spring 全家桶的实现
技术选型:
- spring boot
- spring cloud
- spring security oauth2
客户端:
maven依赖
<dependency> <groupid>org.springframework.boot</groupid> <artifactid>spring-boot-starter-web</artifactid> </dependency> <dependency> <groupid>org.springframework.boot</groupid> <artifactid>spring-boot-starter-security</artifactid> </dependency> <dependency> <groupid>org.springframework.security.oauth</groupid> <artifactid>spring-security-oauth2</artifactid> </dependency> <dependency> <groupid>org.springframework.security</groupid> <artifactid>spring-security-jwt</artifactid> </dependency>
enableoauth2sso 注解
入口类配置@@enableoauth2sso
@springbootapplication public class pigssoclientdemoapplication { public static void main(string[] args) { springapplication.run(pigssoclientdemoapplication.class, args); } }
配置文件
security: oauth2: client: client-id: pig client-secret: pig user-authorization-uri: http://localhost:3000/oauth/authorize access-token-uri: http://localhost:3000/oauth/token scope: server resource: jwt: key-uri: http://localhost:3000/oauth/token_key sessions: never
sso认证服务器
认证服务器配置
@configuration @order(integer.min_value) @enableauthorizationserver public class pigauthorizationconfig extends authorizationserverconfigureradapter { @override public void configure(clientdetailsserviceconfigurer clients) throws exception { clients.inmemory() .withclient(authserverconfig.getclientid()) .secret(authserverconfig.getclientsecret()) .authorizedgranttypes(securityconstants.refresh_token, securityconstants.password,securityconstants.authorization_code) .scopes(authserverconfig.getscope()); } @override public void configure(authorizationserverendpointsconfigurer endpoints) { endpoints .tokenstore(new redistokenstore(redisconnectionfactory)) .accesstokenconverter(jwtaccesstokenconverter()) .authenticationmanager(authenticationmanager) .exceptiontranslator(pigwebresponseexceptiontranslator) .reuserefreshtokens(false) .userdetailsservice(userdetailsservice); } @override public void configure(authorizationserversecurityconfigurer security) throws exception { security .allowformauthenticationforclients() .tokenkeyaccess("isauthenticated()") .checktokenaccess("permitall()"); } @bean public passwordencoder passwordencoder() { return new bcryptpasswordencoder(); } @bean public jwtaccesstokenconverter jwtaccesstokenconverter() { jwtaccesstokenconverter jwtaccesstokenconverter = new jwtaccesstokenconverter(); jwtaccesstokenconverter.setsigningkey(commonconstant.sign_key); return jwtaccesstokenconverter; } }
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持。