生活随笔
收集整理的這篇文章主要介紹了
Spring Security OAuth2 SSO 单点登录
小編覺(jué)得挺不錯(cuò)的,現(xiàn)在分享給大家,幫大家做個(gè)參考.
基于 Spring Security OAuth2 SSO 單點(diǎn)登錄系統(tǒng)
SSO簡(jiǎn)介
單點(diǎn)登錄(英語(yǔ):Single sign-on,縮寫為 SSO),又譯為單一簽入,一種對(duì)于許多相互關(guān)連,但是又是各自獨(dú)立的軟件系統(tǒng),提供訪問(wèn)控制的屬性。當(dāng)擁有這項(xiàng)屬性時(shí),當(dāng)用戶登錄時(shí),就可以獲取所有系統(tǒng)的訪問(wèn)權(quán)限,不用對(duì)每個(gè)單一系統(tǒng)都逐一登錄。這項(xiàng)功能通常是以輕型目錄訪問(wèn)協(xié)議(LDAP)來(lái)實(shí)現(xiàn),在服務(wù)器上會(huì)將用戶信息存儲(chǔ)到LDAP數(shù)據(jù)庫(kù)中。相同的,單一退出(single sign-off)就是指,只需要單一的退出動(dòng)作,就可以結(jié)束對(duì)于多個(gè)系統(tǒng)的訪問(wèn)權(quán)限。
Spring Security OAuth
Spring Security OAuth使用標(biāo)準(zhǔn)的Spring和Spring Security編程模型和配置慣例,為使用Spring Security with OAuth(1a)和OAuth2提供支持。OAuth協(xié)議
案例介紹
此工程分為三個(gè)模塊:授權(quán)服務(wù)器(sso-auth-server)、web應(yīng)用a(sso-client-a)、web應(yīng)用b(sso-client-b),想達(dá)到的目的是:某一個(gè)用戶在a系統(tǒng)登陸后在跳往b系統(tǒng)后不用在重復(fù)登錄。
-
sso-auth-server:
<dependencies><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency><dependency><groupId>org.springframework.security.oauth</groupId><artifactId>spring-security-oauth2</artifactId></dependency><dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-jwt</artifactId></dependency>
</dependencies>
server:port: 8082context-path: /auth_server
- SsoServerApplication.java
/*** @author Leone* @since 2018-05-07**/
@SpringBootApplication
public class SsoServerApplication {public static void main(String[] args) {SpringApplication.run(SsoServerApplication.class, args);}/*** 為測(cè)試環(huán)境添加相關(guān)的 Request Dumper information,便于調(diào)試** @return*/@Profile("!cloud")@BeanRequestDumperFilter requestDumperFilter() {return new RequestDumperFilter();}}
/*** @author Leone* @since 2018-05-07**/
@Component
public class SsoUserDetailsService implements UserDetailsService {@Autowiredprivate PasswordEncoder passwordEncoder;@Overridepublic UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {return new User(username, passwordEncoder.encode("admin"), AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER"));}
}
/*** @author Leone* @since 2018-05-07**/
@Configuration
public class SsoSecurityConfig extends WebSecurityConfigurerAdapter {@Autowiredprivate UserDetailsService userDetailsService;@Beanpublic PasswordEncoder passwordEncoder() {return new BCryptPasswordEncoder();}@Overrideprotected void configure(HttpSecurity http) throws Exception {http.formLogin().and().authorizeRequests().antMatchers("/**/*.js", "/**/*.css", "/**/*.jpg", "/**/*.png").permitAll().anyRequest().authenticated().and().csrf().disable();// http.formLogin().and().authorizeRequests().anyRequest().authenticated();}@Overrideprotected void configure(AuthenticationManagerBuilder auth) throws Exception {auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());}
}
/*** @author Leone* @since 2018-05-07**/
@Configuration
@EnableAuthorizationServer
public class SsoAuthServerConfig extends AuthorizationServerConfigurerAdapter {/*** 客戶端一些配置** @param clients* @throws Exception*/@Overridepublic void configure(ClientDetailsServiceConfigurer clients) throws Exception {clients.inMemory().withClient("client1").secret("secret1").authorizedGrantTypes("authorization_code", "refresh_token").scopes("all", "read", "write").autoApprove(true).and().withClient("client2").secret("secret2").authorizedGrantTypes("authorization_code", "refresh_token").scopes("all", "read", "write").autoApprove(true);}/*** 配置jwtTokenStore** @param endpoints* @throws Exception*/@Overridepublic void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {endpoints.tokenStore(jwtTokenStore()).accessTokenConverter(jwtAccessTokenConverter());}/*** springSecurity 授權(quán)表達(dá)式** @param security* @throws Exception*/@Overridepublic void configure(AuthorizationServerSecurityConfigurer security) throws Exception {security.tokenKeyAccess("isAuthenticated()");}/*** JwtTokenStore** @return*/@Beanpublic TokenStore jwtTokenStore() {return new JwtTokenStore(jwtAccessTokenConverter());}/*** 生成JTW token** @return*/@Beanpublic JwtAccessTokenConverter jwtAccessTokenConverter() {JwtAccessTokenConverter converter = new JwtAccessTokenConverter();converter.setSigningKey("andy");return converter;}
}
-
sso-client-a
<dependencies><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency><dependency><groupId>org.springframework.security.oauth</groupId><artifactId>spring-security-oauth2</artifactId></dependency><dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-jwt</artifactId></dependency></dependencies>
server:port: 8080context-path: /clienta
security:oauth2:client:clientId: client1clientSecret: secret1access-token-uri: http://127.0.0.1:8082/auth_server/oauth/token #請(qǐng)求令牌的地址user-authorization-uri: http://127.0.0.1:8082/auth_server/oauth/authorize #請(qǐng)求認(rèn)證的地址resource:jwt:key-uri: http://127.0.0.1:8082/auth_server/oauth/token_key #解析jwt令牌所需要密鑰的地址 <!DOCTYPE html>
<html lang="en">
<head><meta charset="UTF-8"><title>sso-client-A</title>
</head>
<body><h1>sso demo client-A</h1><a href="http://127.0.0.1:8081/clientb/index.html">訪問(wèn)client-b</a>
</body>
</html>
/*** @author Leone* @since 2018-05-07**/
@EnableOAuth2Sso
@SpringBootApplication
public class SsoClientA {public static void main(String[] args) {SpringApplication.run(SsoClientA.class, args);}
}
-
sso-client-b
<dependencies><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency><dependency><groupId>org.springframework.security.oauth</groupId><artifactId>spring-security-oauth2</artifactId></dependency><dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-jwt</artifactId></dependency></dependencies>
server:port: 8081context-path: /clientb
security:oauth2:client:clientId: client2clientSecret: secret2access-token-uri: http://127.0.0.1:8082/auth_server/oauth/tokenuser-authorization-uri: http://127.0.0.1:8082/auth_server/oauth/authorizeresource:jwt:key-uri: http://127.0.0.1:8082/auth_server/oauth/token_key <!DOCTYPE html>
<html lang="en">
<head><meta charset="UTF-8"><title>sso-client-B</title>
</head>
<body><h1>sso demo client-B</h1><a href="http://127.0.0.1:8080/clienta/index.html">訪問(wèn)client-a</a>
</body>
</html>
/*** @author Leone* @since 2018-05-07**/
@RestController
@EnableOAuth2Sso
@SpringBootApplication
public class SsoClientB {@Autowiredprivate OAuth2RestTemplate oAuth2RestTemplate;public static void main(String[] args) {SpringApplication.run(SsoClientB.class, args);}@GetMapping("/user")public Authentication user(Authentication user) {return user;}@Beanpublic OAuth2RestTemplate oAuth2RestTemplate(OAuth2ClientContext oAuth2ClientContext, OAuth2ProtectedResourceDetails details){return new OAuth2RestTemplate(details,oAuth2ClientContext);}
}
項(xiàng)目源碼:git@github.com:janlle/sso-server.git
總結(jié)
以上是生活随笔為你收集整理的Spring Security OAuth2 SSO 单点登录的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問(wèn)題。
如果覺(jué)得生活随笔網(wǎng)站內(nèi)容還不錯(cuò),歡迎將生活随笔推薦給好友。
