基于springsecurity的sso单点登录
1.maven坐标
<properties>
<java.version>1.8</java.version>
<spring-cloud.version>Greenwich.SR1</spring-cloud.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
认证服务器配置:
@EnableAuthorizationServer 开启认证服务器
自定义配置类继承
AuthorizationServerConfigurerAdapter,重写
configure(ClientDetailsServiceConfigurer clients),定义客户端相关信息存入内存
clients.inMemory()
.withClient("app-a")
.secret(passwordEncoder.encode("app-a-1234"))
.authorizedGrantTypes("refresh_token","authorization_code")
.accessTokenValiditySeconds(3600)
.autoApprove(true)
.scopes("all")
.redirectUris("http://127.0.0.1:9090/app1/login")
.and()
.withClient("app-b")
.secret(passwordEncoder.encode("app-b-1234"))
.autoApprove(true)
.authorizedGrantTypes("refresh_token","authorization_code")
.accessTokenValiditySeconds(7200)
.scopes("all")
.redirectUris("http://127.0.0.1:9091/app2/login")
.and()
.withClient("app-c")
.secret(passwordEncoder.encode("app-c-1234"))
.autoApprove(true)
.authorizedGrantTypes("refresh_token","authorization_code")
.accessTokenValiditySeconds(7200)
.scopes("all")
.redirectUris("http://127.0.0.1:9092/app3/login")
.and()
.withClient("app-d")
.secret(passwordEncoder.encode("app-d-1234"))
.autoApprove(true)
.authorizedGrantTypes("refresh_token","authorization_code")
.accessTokenValiditySeconds(7200)
.scopes("all")
.redirectUris("http://127.0.0.1:9093/app4/login");
实现UserdetailService,重写LoadUserByUsername,实现自己的认证逻辑
继承WebSecurityConfigurereAdapter, 重写 configure(HttpSecurity http)方法,配置登录方式,认证过滤等相关信息
客户端相关配置:
1.认证客户端启动类(或者配置类) 开启 @EnableOAuth2Sso 注解,
2.配置文件(application.yml)中配置客户端连接认证的相关信息
security:
oauth2:
client:
client-id: app-c
client-secret: app-c-1234
# user-authorization-uri: http://127.0.0.1:8080/server/oauth/authorize
# access-token-uri: http://127.0.0.1:8080/server/oauth/token
user-authorization-uri: http://127.0.0.1:9777/oauth/authorize
access-token-uri: http://127.0.0.1:9777/oauth/token
resource:
jwt:
# key-uri: http://127.0.0.1:8080/server/oauth/token_key
key-uri: http://127.0.0.1:9777/oauth/token_key
server:
port: 9092
servlet:
context-path: /app3
注意:
如果认证服务器同时配置成资源服务器的话,认证服务器的WebSecurity中加入@Order(1)注解,确保认证服务器的过滤前先执行。否则客户端无法认证,报错,因为这个排查了2天的错误,,,,,
项目源码在百度网盘中
链接:https://pan.baidu.com/s/1g1U5WQIcfLCqVLhIrGTpmQ
提取码:x0a3
上一篇: Python代码解析LRC歌词文件
下一篇: 单点登录 sso