基于springsecurity的sso单点登录

程序员文章站 2022-06-21 15:07:50

...

1.maven坐标

<properties>
<java.version>1.8</java.version>
<spring-cloud.version>Greenwich.SR1</spring-cloud.version>
</properties>

<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>

<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>

认证服务器配置：

@EnableAuthorizationServer 开启认证服务器

自定义配置类继承

	AuthorizationServerConfigurerAdapter，重写

configure(ClientDetailsServiceConfigurer clients)，定义客户端相关信息存入内存

clients.inMemory()
        .withClient("app-a")
        .secret(passwordEncoder.encode("app-a-1234"))
        .authorizedGrantTypes("refresh_token","authorization_code")
        .accessTokenValiditySeconds(3600)
        .autoApprove(true)
        .scopes("all")
        .redirectUris("http://127.0.0.1:9090/app1/login")
        .and()
        .withClient("app-b")
        .secret(passwordEncoder.encode("app-b-1234"))
        .autoApprove(true)
        .authorizedGrantTypes("refresh_token","authorization_code")
        .accessTokenValiditySeconds(7200)
        .scopes("all")
        .redirectUris("http://127.0.0.1:9091/app2/login")
        .and()
        .withClient("app-c")
        .secret(passwordEncoder.encode("app-c-1234"))
        .autoApprove(true)
        .authorizedGrantTypes("refresh_token","authorization_code")
        .accessTokenValiditySeconds(7200)
        .scopes("all")
        .redirectUris("http://127.0.0.1:9092/app3/login")
        .and()
        .withClient("app-d")
        .secret(passwordEncoder.encode("app-d-1234"))
        .autoApprove(true)
        .authorizedGrantTypes("refresh_token","authorization_code")
        .accessTokenValiditySeconds(7200)
        .scopes("all")
        .redirectUris("http://127.0.0.1:9093/app4/login");

实现UserdetailService，重写LoadUserByUsername,实现自己的认证逻辑

继承WebSecurityConfigurereAdapter, 重写 configure（HttpSecurity http）方法，配置登录方式，认证过滤等相关信息

客户端相关配置：

1.认证客户端启动类（或者配置类）开启 @EnableOAuth2Sso 注解，

2.配置文件（application.yml）中配置客户端连接认证的相关信息

security:
oauth2:
client:
client-id: app-c
client-secret: app-c-1234
# user-authorization-uri: http://127.0.0.1:8080/server/oauth/authorize
# access-token-uri: http://127.0.0.1:8080/server/oauth/token
user-authorization-uri: http://127.0.0.1:9777/oauth/authorize
access-token-uri: http://127.0.0.1:9777/oauth/token
resource:
jwt:
# key-uri: http://127.0.0.1:8080/server/oauth/token_key
key-uri: http://127.0.0.1:9777/oauth/token_key
server:
port: 9092
servlet:
context-path: /app3

注意：

如果认证服务器同时配置成资源服务器的话，认证服务器的WebSecurity中加入@Order(1)注解，确保认证服务器的过滤前先执行。否则客户端无法认证，报错，因为这个排查了2天的错误，，，，，

项目源码在百度网盘中

链接：https://pan.baidu.com/s/1g1U5WQIcfLCqVLhIrGTpmQ
提取码：x0a3

上一篇： Python代码解析LRC歌词文件

下一篇：单点登录 sso

基于springsecurity的sso单点登录

基于JWT的Token登录认证

浅谈谁都能看懂的单点登录（SSO）实现方式（附源码）

sso单点登录系统的压力测试

SSO单点登录

php 实现简单的登录功能示例【基于thinkPHP框架】

详解基于Spring Cloud几行配置完成单点登录开发

基于 Swoole 的微信扫码登录

jsp基于XML实现用户登录与注册的实例解析（附源码）

Python实现的登录验证系统完整案例【基于搭建的MVC框架】

Android端“被挤下线”功能的单点登录实现