详解基于Spring Cloud几行配置完成单点登录开发

详解基于Spring Cloud几行配置完成单点登录开发

单点登录概念

单点登录（Single Sign On），简称为 SSO，是目前比较流行的企业业务整合的解决方案之一。SSO的定义是在多个应用系统中，用户只需要登录一次就可以访问所有相互信任的应用系统。登录逻辑如上图

基于Spring 全家桶的实现

技术选型：

Spring Boot

Spring Cloud

Spring Security oAuth2

客户端：

maven依赖

org.springframework.bohttp://ot

spring-boot-starter-web

org.springframework.boot

spring-boot-starter-security

org.springframework.security.oauth

spring-security-oauth2

org.springframework.security

spring-security-jwt

EnableOAuth2Sso 注解

入口类配置@@EnableOAuth2Sso

@SpringBootApplication

public class PigSsoClientDemoApplication {

public static void main(String[] args) {

SpringApplication.run(PigSsoClientDemoApplication.class, args);

}

}

配置文件

security:

oauth2:

client:

client-id: pig

client-secret: pig

user-authorization-uri: http://localhost:3000/oauth/authorize

access-token-uri: http://localhost:3000/oauth/token

scope: server

resource:

jwt:

key-uri: http://localhost:3000/oauth/token_key

sessions: never

SSO认证服务器

认证服务器配置

@Configuration

@Order(Integer.MIN_VALUE)

@EnableAuthorizationServer

public class PigAuthorizationConfig extends Authorihttp://zationServerConfigurerAdapter {

@Override

public void configure(ClientDetailsServiceConfigurer clients) throws Exception {

clients.inMemory()

.withClient(authServhdJTPNeKerConfig.getClientId())

.secret(authServerConfig.getClientSecret())

.authorizedGrantTypes(SecurityConstants.REFRESH_TOKEN, SecurityConstants.PASSWORD,SecurityConstants.AUTHORIZATION_CODE)

.scopes(authServerConfig.getScope());

}

@Override

public void configure(AuthorizationServerEndpointsConfigurer endpoints) {

endpoints

.tokenStore(new RedisTokenStore(redisConnectionFactory))

.accessTokenConverter(jwtAccessTokenConverter())

.authenticationManager(authenticationManager)

.exceptionTranslator(pigWebResponseExceptionTranslator)

.reuseRefreshTokens(false)

.userDetailsService(userDetailsService);

}

@Override

public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {

security

.allowFormAuthenticationForClients()

.tokenKeyAccess("isAuthenticated()")

.checkTokenAccess("permitAll()");

}

@Bean

public PasswordEncoder passwordEncoder() {

return new BCryptPasswordEncoder();

}

@Bean

public JwtAccessTokenConverterhdJTPNeK jwtAccessTokenConverter() {

JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();

jwtAccessTokenConverter.setSigningKey(CommonConstant.SIGN_KEY);

return jwtAccessTokenConverter;

}

}

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。