十年网站开发经验 + 多家企业客户 + 靠谱的建站团队
量身定制 + 运营维护+专业推广+无忧售后,网站问题一站解决
单点登录概念
成都创新互联公司是一家以重庆网站建设公司、网页设计、品牌设计、软件运维、seo优化排名、小程序App开发等移动开发为一体互联网公司。已累计为橡塑保温等众行业中小客户提供优质的互联网建站和软件开发服务。
单点登录(Single Sign On),简称为 SSO,是目前比较流行的企业业务整合的解决方案之一。SSO的定义是在多个应用系统中,用户只需要登录一次就可以访问所有相互信任的应用系统。登录逻辑如上图
基于Spring 全家桶的实现
技术选型:
客户端:
maven依赖
org.springframework.boot spring-boot-starter-web org.springframework.boot spring-boot-starter-security org.springframework.security.oauth spring-security-oauth3 org.springframework.security spring-security-jwt
EnableOAuth3Sso 注解
入口类配置@@EnableOAuth3Sso
@SpringBootApplication public class PigSsoClientDemoApplication { public static void main(String[] args) { SpringApplication.run(PigSsoClientDemoApplication.class, args); } }
配置文件
security: oauth3: client: client-id: pig client-secret: pig user-authorization-uri: http://localhost:3000/oauth/authorize access-token-uri: http://localhost:3000/oauth/token scope: server resource: jwt: key-uri: http://localhost:3000/oauth/token_key sessions: never
SSO认证服务器
认证服务器配置
@Configuration @Order(Integer.MIN_VALUE) @EnableAuthorizationServer public class PigAuthorizationConfig extends AuthorizationServerConfigurerAdapter { @Override public void configure(ClientDetailsServiceConfigurer clients) throws Exception { clients.inMemory() .withClient(authServerConfig.getClientId()) .secret(authServerConfig.getClientSecret()) .authorizedGrantTypes(SecurityConstants.REFRESH_TOKEN, SecurityConstants.PASSWORD,SecurityConstants.AUTHORIZATION_CODE) .scopes(authServerConfig.getScope()); } @Override public void configure(AuthorizationServerEndpointsConfigurer endpoints) { endpoints .tokenStore(new redisTokenStore(redisConnectionFactory)) .accessTokenConverter(jwtAccessTokenConverter()) .authenticationManager(authenticationManager) .exceptionTranslator(pigWebResponseExceptionTranslator) .reuseRefreshTokens(false) .userDetailsService(userDetailsService); } @Override public void configure(AuthorizationServerSecurityConfigurer security) throws Exception { security .allowFormAuthenticationForClients() .tokenKeyAccess("isAuthenticated()") .checkTokenAccess("permitAll()"); } @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } @Bean public JwtAccessTokenConverter jwtAccessTokenConverter() { JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter(); jwtAccessTokenConverter.setSigningKey(CommonConstant.SIGN_KEY); return jwtAccessTokenConverter; } }
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持创新互联。