详解基于Spring Cloud几行配置完成单点登录开发

程序员文章站 2023-11-29 16:07:34

单点登录概念单点登录（single sign on），简称为 sso，是目前比较流行的企业业务整合的解决方案之一。sso的定义是在多个应用系统中，用户只需要登录一次就可...

单点登录概念

单点登录（single sign on），简称为 sso，是目前比较流行的企业业务整合的解决方案之一。sso的定义是在多个应用系统中，用户只需要登录一次就可以访问所有相互信任的应用系统。登录逻辑如上图

基于spring 全家桶的实现

技术选型：

spring boot
spring cloud
spring security oauth2

客户端：

maven依赖

<dependency>
  <groupid>org.springframework.boot</groupid>
  <artifactid>spring-boot-starter-web</artifactid>
</dependency>
<dependency>
  <groupid>org.springframework.boot</groupid>
  <artifactid>spring-boot-starter-security</artifactid>
</dependency>
<dependency>
  <groupid>org.springframework.security.oauth</groupid>
  <artifactid>spring-security-oauth2</artifactid>
</dependency>
<dependency>
  <groupid>org.springframework.security</groupid>
  <artifactid>spring-security-jwt</artifactid>
</dependency>

enableoauth2sso 注解

入口类配置@@enableoauth2sso

@springbootapplication
public class pigssoclientdemoapplication {

  public static void main(string[] args) {
    springapplication.run(pigssoclientdemoapplication.class, args);
  }

}

配置文件

security:
 oauth2:
  client:
   client-id: pig
   client-secret: pig
   user-authorization-uri: http://localhost:3000/oauth/authorize
   access-token-uri: http://localhost:3000/oauth/token
   scope: server
  resource:
   jwt:
    key-uri: http://localhost:3000/oauth/token_key
 sessions: never

sso认证服务器

认证服务器配置

@configuration
@order(integer.min_value)
@enableauthorizationserver
public class pigauthorizationconfig extends authorizationserverconfigureradapter {
  @override
  public void configure(clientdetailsserviceconfigurer clients) throws exception {
    clients.inmemory()
        .withclient(authserverconfig.getclientid())
        .secret(authserverconfig.getclientsecret())
        .authorizedgranttypes(securityconstants.refresh_token, securityconstants.password,securityconstants.authorization_code)
        .scopes(authserverconfig.getscope());
  }

  @override
  public void configure(authorizationserverendpointsconfigurer endpoints) {
    endpoints
        .tokenstore(new redistokenstore(redisconnectionfactory))
        .accesstokenconverter(jwtaccesstokenconverter())
        .authenticationmanager(authenticationmanager)
        .exceptiontranslator(pigwebresponseexceptiontranslator)
        .reuserefreshtokens(false)
        .userdetailsservice(userdetailsservice);
  }

  @override
  public void configure(authorizationserversecurityconfigurer security) throws exception {
    security
        .allowformauthenticationforclients()
        .tokenkeyaccess("isauthenticated()")
        .checktokenaccess("permitall()");
  }

  @bean
  public passwordencoder passwordencoder() {
    return new bcryptpasswordencoder();
  }

  @bean
  public jwtaccesstokenconverter jwtaccesstokenconverter() {
    jwtaccesstokenconverter jwtaccesstokenconverter = new jwtaccesstokenconverter();
    jwtaccesstokenconverter.setsigningkey(commonconstant.sign_key);
    return jwtaccesstokenconverter;
  }
}

以上就是本文的全部内容，希望对大家的学习有所帮助，也希望大家多多支持。

上一篇： springboot+springmvc+mybatis项目整合

下一篇： Java语言Consistent Hash算法学习笔记（代码示例）