详解基于Spring Cloud几行配置完成单点登录开发
单点登录概念
单点登录(SingleSignOn),简称为SSO,是目前比较流行的企业业务整合的解决方案之一。SSO的定义是在多个应用系统中,用户只需要登录一次就可以访问所有相互信任的应用系统。登录逻辑如上图
基于Spring全家桶的实现
技术选型:
- SpringBoot
- SpringCloud
- SpringSecurityoAuth2
客户端:
maven依赖
org.springframework.boot spring-boot-starter-web org.springframework.boot spring-boot-starter-security org.springframework.security.oauth spring-security-oauth2 org.springframework.security spring-security-jwt
EnableOAuth2Sso注解
入口类配置@@EnableOAuth2Sso
@SpringBootApplication publicclassPigSsoClientDemoApplication{ publicstaticvoidmain(String[]args){ SpringApplication.run(PigSsoClientDemoApplication.class,args); } }
配置文件
security: oauth2: client: client-id:pig client-secret:pig user-authorization-uri:http://localhost:3000/oauth/authorize access-token-uri:http://localhost:3000/oauth/token scope:server resource: jwt: key-uri:http://localhost:3000/oauth/token_key sessions:never
SSO认证服务器
认证服务器配置
@Configuration @Order(Integer.MIN_VALUE) @EnableAuthorizationServer publicclassPigAuthorizationConfigextendsAuthorizationServerConfigurerAdapter{ @Override publicvoidconfigure(ClientDetailsServiceConfigurerclients)throwsException{ clients.inMemory() .withClient(authServerConfig.getClientId()) .secret(authServerConfig.getClientSecret()) .authorizedGrantTypes(SecurityConstants.REFRESH_TOKEN,SecurityConstants.PASSWORD,SecurityConstants.AUTHORIZATION_CODE) .scopes(authServerConfig.getScope()); } @Override publicvoidconfigure(AuthorizationServerEndpointsConfigurerendpoints){ endpoints .tokenStore(newRedisTokenStore(redisConnectionFactory)) .accessTokenConverter(jwtAccessTokenConverter()) .authenticationManager(authenticationManager) .exceptionTranslator(pigWebResponseExceptionTranslator) .reuseRefreshTokens(false) .userDetailsService(userDetailsService); } @Override publicvoidconfigure(AuthorizationServerSecurityConfigurersecurity)throwsException{ security .allowFormAuthenticationForClients() .tokenKeyAccess("isAuthenticated()") .checkTokenAccess("permitAll()"); } @Bean publicPasswordEncoderpasswordEncoder(){ returnnewBCryptPasswordEncoder(); } @Bean publicJwtAccessTokenConverterjwtAccessTokenConverter(){ JwtAccessTokenConverterjwtAccessTokenConverter=newJwtAccessTokenConverter(); jwtAccessTokenConverter.setSigningKey(CommonConstant.SIGN_KEY); returnjwtAccessTokenConverter; } }
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持毛票票。
声明:本文内容来源于网络,版权归原作者所有,内容由互联网用户自发贡献自行上传,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任。如果您发现有涉嫌版权的内容,欢迎发送邮件至:czq8825#qq.com(发邮件时,请将#更换为@)进行举报,并提供相关证据,一经查实,本站将立刻删除涉嫌侵权内容。