当前位置: 移动技术网 > IT编程>开发语言>Java > 详解基于Spring Cloud几行配置完成单点登录开发

详解基于Spring Cloud几行配置完成单点登录开发

2019年07月19日  | 移动技术网IT编程  | 我要评论

单点登录概念

单点登录(single sign on),简称为 sso,是目前比较流行的企业业务整合的解决方案之一。sso的定义是在多个应用系统中,用户只需要登录一次就可以访问所有相互信任的应用系统。登录逻辑如上图

基于spring 全家桶的实现

技术选型:

  1. spring boot
  2. spring cloud
  3. spring security oauth2

客户端:

maven依赖

<dependency>
  <groupid>org.springframework.boot</groupid>
  <artifactid>spring-boot-starter-web</artifactid>
</dependency>
<dependency>
  <groupid>org.springframework.boot</groupid>
  <artifactid>spring-boot-starter-security</artifactid>
</dependency>
<dependency>
  <groupid>org.springframework.security.oauth</groupid>
  <artifactid>spring-security-oauth2</artifactid>
</dependency>
<dependency>
  <groupid>org.springframework.security</groupid>
  <artifactid>spring-security-jwt</artifactid>
</dependency>

enableoauth2sso 注解

入口类配置@@enableoauth2sso

@springbootapplication
public class pigssoclientdemoapplication {

  public static void main(string[] args) {
    springapplication.run(pigssoclientdemoapplication.class, args);
  }

}

配置文件

security:
 oauth2:
  client:
   client-id: pig
   client-secret: pig
   user-authorization-uri: http://localhost:3000/oauth/authorize
   access-token-uri: http://localhost:3000/oauth/token
   scope: server
  resource:
   jwt:
    key-uri: http://localhost:3000/oauth/token_key
 sessions: never

sso认证服务器

认证服务器配置

@configuration
@order(integer.min_value)
@enableauthorizationserver
public class pigauthorizationconfig extends authorizationserverconfigureradapter {
  @override
  public void configure(clientdetailsserviceconfigurer clients) throws exception {
    clients.inmemory()
        .withclient(authserverconfig.getclientid())
        .secret(authserverconfig.getclientsecret())
        .authorizedgranttypes(securityconstants.refresh_token, securityconstants.password,securityconstants.authorization_code)
        .scopes(authserverconfig.getscope());
  }

  @override
  public void configure(authorizationserverendpointsconfigurer endpoints) {
    endpoints
        .tokenstore(new redistokenstore(redisconnectionfactory))
        .accesstokenconverter(jwtaccesstokenconverter())
        .authenticationmanager(authenticationmanager)
        .exceptiontranslator(pigwebresponseexceptiontranslator)
        .reuserefreshtokens(false)
        .userdetailsservice(userdetailsservice);
  }

  @override
  public void configure(authorizationserversecurityconfigurer security) throws exception {
    security
        .allowformauthenticationforclients()
        .tokenkeyaccess("isauthenticated()")
        .checktokenaccess("permitall()");
  }

  @bean
  public passwordencoder passwordencoder() {
    return new bcryptpasswordencoder();
  }

  @bean
  public jwtaccesstokenconverter jwtaccesstokenconverter() {
    jwtaccesstokenconverter jwtaccesstokenconverter = new jwtaccesstokenconverter();
    jwtaccesstokenconverter.setsigningkey(commonconstant.sign_key);
    return jwtaccesstokenconverter;
  }
}

以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持移动技术网。

您可能感兴趣的文章:

如对本文有疑问, 点击进行留言回复!!

相关文章:

验证码:
最近更新的文章
大家感兴趣的文章
移动技术网