生活随笔
收集整理的這篇文章主要介紹了
Spring Security OAuth2 SSO 单点登录
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
基于 Spring Security OAuth2 SSO 單點登錄系統
SSO簡介
單點登錄(英語:Single sign-on,縮寫為 SSO),又譯為單一簽入,一種對于許多相互關連,但是又是各自獨立的軟件系統,提供訪問控制的屬性。當擁有這項屬性時,當用戶登錄時,就可以獲取所有系統的訪問權限,不用對每個單一系統都逐一登錄。這項功能通常是以輕型目錄訪問協議(LDAP)來實現,在服務器上會將用戶信息存儲到LDAP數據庫中。相同的,單一退出(single sign-off)就是指,只需要單一的退出動作,就可以結束對于多個系統的訪問權限。
Spring Security OAuth
Spring Security OAuth使用標準的Spring和Spring Security編程模型和配置慣例,為使用Spring Security with OAuth(1a)和OAuth2提供支持。OAuth協議
案例介紹
此工程分為三個模塊:授權服務器(sso-auth-server)、web應用a(sso-client-a)、web應用b(sso-client-b),想達到的目的是:某一個用戶在a系統登陸后在跳往b系統后不用在重復登錄。
-
sso-auth-server:
<dependencies><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency><dependency><groupId>org.springframework.security.oauth</groupId><artifactId>spring-security-oauth2</artifactId></dependency><dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-jwt</artifactId></dependency>
</dependencies>
server:port: 8082context-path: /auth_server
- SsoServerApplication.java
/*** @author Leone* @since 2018-05-07**/
@SpringBootApplication
public class SsoServerApplication {public static void main(String[] args) {SpringApplication.run(SsoServerApplication.class, args);}/*** 為測試環境添加相關的 Request Dumper information,便于調試** @return*/@Profile("!cloud")@BeanRequestDumperFilter requestDumperFilter() {return new RequestDumperFilter();}}
/*** @author Leone* @since 2018-05-07**/
@Component
public class SsoUserDetailsService implements UserDetailsService {@Autowiredprivate PasswordEncoder passwordEncoder;@Overridepublic UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {return new User(username, passwordEncoder.encode("admin"), AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER"));}
}
/*** @author Leone* @since 2018-05-07**/
@Configuration
public class SsoSecurityConfig extends WebSecurityConfigurerAdapter {@Autowiredprivate UserDetailsService userDetailsService;@Beanpublic PasswordEncoder passwordEncoder() {return new BCryptPasswordEncoder();}@Overrideprotected void configure(HttpSecurity http) throws Exception {http.formLogin().and().authorizeRequests().antMatchers("/**/*.js", "/**/*.css", "/**/*.jpg", "/**/*.png").permitAll().anyRequest().authenticated().and().csrf().disable();// http.formLogin().and().authorizeRequests().anyRequest().authenticated();}@Overrideprotected void configure(AuthenticationManagerBuilder auth) throws Exception {auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());}
}
/*** @author Leone* @since 2018-05-07**/
@Configuration
@EnableAuthorizationServer
public class SsoAuthServerConfig extends AuthorizationServerConfigurerAdapter {/*** 客戶端一些配置** @param clients* @throws Exception*/@Overridepublic void configure(ClientDetailsServiceConfigurer clients) throws Exception {clients.inMemory().withClient("client1").secret("secret1").authorizedGrantTypes("authorization_code", "refresh_token").scopes("all", "read", "write").autoApprove(true).and().withClient("client2").secret("secret2").authorizedGrantTypes("authorization_code", "refresh_token").scopes("all", "read", "write").autoApprove(true);}/*** 配置jwtTokenStore** @param endpoints* @throws Exception*/@Overridepublic void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {endpoints.tokenStore(jwtTokenStore()).accessTokenConverter(jwtAccessTokenConverter());}/*** springSecurity 授權表達式** @param security* @throws Exception*/@Overridepublic void configure(AuthorizationServerSecurityConfigurer security) throws Exception {security.tokenKeyAccess("isAuthenticated()");}/*** JwtTokenStore** @return*/@Beanpublic TokenStore jwtTokenStore() {return new JwtTokenStore(jwtAccessTokenConverter());}/*** 生成JTW token** @return*/@Beanpublic JwtAccessTokenConverter jwtAccessTokenConverter() {JwtAccessTokenConverter converter = new JwtAccessTokenConverter();converter.setSigningKey("andy");return converter;}
}
-
sso-client-a
<dependencies><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency><dependency><groupId>org.springframework.security.oauth</groupId><artifactId>spring-security-oauth2</artifactId></dependency><dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-jwt</artifactId></dependency></dependencies>
server:port: 8080context-path: /clienta
security:oauth2:client:clientId: client1clientSecret: secret1access-token-uri: http://127.0.0.1:8082/auth_server/oauth/token #請求令牌的地址user-authorization-uri: http://127.0.0.1:8082/auth_server/oauth/authorize #請求認證的地址resource:jwt:key-uri: http://127.0.0.1:8082/auth_server/oauth/token_key #解析jwt令牌所需要密鑰的地址 <!DOCTYPE html>
<html lang="en">
<head><meta charset="UTF-8"><title>sso-client-A</title>
</head>
<body><h1>sso demo client-A</h1><a href="http://127.0.0.1:8081/clientb/index.html">訪問client-b</a>
</body>
</html>
/*** @author Leone* @since 2018-05-07**/
@EnableOAuth2Sso
@SpringBootApplication
public class SsoClientA {public static void main(String[] args) {SpringApplication.run(SsoClientA.class, args);}
}
-
sso-client-b
<dependencies><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency><dependency><groupId>org.springframework.security.oauth</groupId><artifactId>spring-security-oauth2</artifactId></dependency><dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-jwt</artifactId></dependency></dependencies>
server:port: 8081context-path: /clientb
security:oauth2:client:clientId: client2clientSecret: secret2access-token-uri: http://127.0.0.1:8082/auth_server/oauth/tokenuser-authorization-uri: http://127.0.0.1:8082/auth_server/oauth/authorizeresource:jwt:key-uri: http://127.0.0.1:8082/auth_server/oauth/token_key <!DOCTYPE html>
<html lang="en">
<head><meta charset="UTF-8"><title>sso-client-B</title>
</head>
<body><h1>sso demo client-B</h1><a href="http://127.0.0.1:8080/clienta/index.html">訪問client-a</a>
</body>
</html>
/*** @author Leone* @since 2018-05-07**/
@RestController
@EnableOAuth2Sso
@SpringBootApplication
public class SsoClientB {@Autowiredprivate OAuth2RestTemplate oAuth2RestTemplate;public static void main(String[] args) {SpringApplication.run(SsoClientB.class, args);}@GetMapping("/user")public Authentication user(Authentication user) {return user;}@Beanpublic OAuth2RestTemplate oAuth2RestTemplate(OAuth2ClientContext oAuth2ClientContext, OAuth2ProtectedResourceDetails details){return new OAuth2RestTemplate(details,oAuth2ClientContext);}
}
項目源碼:git@github.com:janlle/sso-server.git
總結
以上是生活随笔為你收集整理的Spring Security OAuth2 SSO 单点登录的全部內容,希望文章能夠幫你解決所遇到的問題。
如果覺得生活随笔網站內容還不錯,歡迎將生活随笔推薦給好友。
