欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  IT编程

详解基于Spring Cloud几行配置完成单点登录开发

程序员文章站 2023-11-29 16:07:34
单点登录概念 单点登录(single sign on),简称为 sso,是目前比较流行的企业业务整合的解决方案之一。sso的定义是在多个应用系统中,用户只需要登录一次就可...

单点登录概念

单点登录(single sign on),简称为 sso,是目前比较流行的企业业务整合的解决方案之一。sso的定义是在多个应用系统中,用户只需要登录一次就可以访问所有相互信任的应用系统。登录逻辑如上图

基于spring 全家桶的实现

技术选型:

  1. spring boot
  2. spring cloud
  3. spring security oauth2

客户端:

maven依赖

<dependency>
  <groupid>org.springframework.boot</groupid>
  <artifactid>spring-boot-starter-web</artifactid>
</dependency>
<dependency>
  <groupid>org.springframework.boot</groupid>
  <artifactid>spring-boot-starter-security</artifactid>
</dependency>
<dependency>
  <groupid>org.springframework.security.oauth</groupid>
  <artifactid>spring-security-oauth2</artifactid>
</dependency>
<dependency>
  <groupid>org.springframework.security</groupid>
  <artifactid>spring-security-jwt</artifactid>
</dependency>

enableoauth2sso 注解

入口类配置@@enableoauth2sso

@springbootapplication
public class pigssoclientdemoapplication {

  public static void main(string[] args) {
    springapplication.run(pigssoclientdemoapplication.class, args);
  }

}

配置文件

security:
 oauth2:
  client:
   client-id: pig
   client-secret: pig
   user-authorization-uri: http://localhost:3000/oauth/authorize
   access-token-uri: http://localhost:3000/oauth/token
   scope: server
  resource:
   jwt:
    key-uri: http://localhost:3000/oauth/token_key
 sessions: never

sso认证服务器

认证服务器配置

@configuration
@order(integer.min_value)
@enableauthorizationserver
public class pigauthorizationconfig extends authorizationserverconfigureradapter {
  @override
  public void configure(clientdetailsserviceconfigurer clients) throws exception {
    clients.inmemory()
        .withclient(authserverconfig.getclientid())
        .secret(authserverconfig.getclientsecret())
        .authorizedgranttypes(securityconstants.refresh_token, securityconstants.password,securityconstants.authorization_code)
        .scopes(authserverconfig.getscope());
  }

  @override
  public void configure(authorizationserverendpointsconfigurer endpoints) {
    endpoints
        .tokenstore(new redistokenstore(redisconnectionfactory))
        .accesstokenconverter(jwtaccesstokenconverter())
        .authenticationmanager(authenticationmanager)
        .exceptiontranslator(pigwebresponseexceptiontranslator)
        .reuserefreshtokens(false)
        .userdetailsservice(userdetailsservice);
  }

  @override
  public void configure(authorizationserversecurityconfigurer security) throws exception {
    security
        .allowformauthenticationforclients()
        .tokenkeyaccess("isauthenticated()")
        .checktokenaccess("permitall()");
  }

  @bean
  public passwordencoder passwordencoder() {
    return new bcryptpasswordencoder();
  }

  @bean
  public jwtaccesstokenconverter jwtaccesstokenconverter() {
    jwtaccesstokenconverter jwtaccesstokenconverter = new jwtaccesstokenconverter();
    jwtaccesstokenconverter.setsigningkey(commonconstant.sign_key);
    return jwtaccesstokenconverter;
  }
}

以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持。