詳解基于Spring Cloud幾行配置完成單點(diǎn)登錄開發(fā)

更新時(shí)間：2018年02月02日 15:23:37 作者：冷冷gg

這篇文章主要介紹了詳解基于Spring Cloud幾行配置完成單點(diǎn)登錄開發(fā)，小編覺得挺不錯(cuò)的，現(xiàn)在分享給大家，也給大家做個(gè)參考。一起跟隨小編過來看看吧

單點(diǎn)登錄概念

單點(diǎn)登錄（Single Sign On），簡稱為 SSO，是目前比較流行的企業(yè)業(yè)務(wù)整合的解決方案之一。SSO的定義是在多個(gè)應(yīng)用系統(tǒng)中，用戶只需要登錄一次就可以訪問所有相互信任的應(yīng)用系統(tǒng)。登錄邏輯如上圖

基于Spring 全家桶的實(shí)現(xiàn)

技術(shù)選型：

Spring Boot
Spring Cloud
Spring Security oAuth2

客戶端：

maven依賴

<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
  <groupId>org.springframework.security.oauth</groupId>
  <artifactId>spring-security-oauth2</artifactId>
</dependency>
<dependency>
  <groupId>org.springframework.security</groupId>
  <artifactId>spring-security-jwt</artifactId>
</dependency>

EnableOAuth2Sso 注解

入口類配置@@EnableOAuth2Sso

@SpringBootApplication
public class PigSsoClientDemoApplication {

  public static void main(String[] args) {
    SpringApplication.run(PigSsoClientDemoApplication.class, args);
  }

}

配置文件

security:
 oauth2:
  client:
   client-id: pig
   client-secret: pig
   user-authorization-uri: http://localhost:3000/oauth/authorize
   access-token-uri: http://localhost:3000/oauth/token
   scope: server
  resource:
   jwt:
    key-uri: http://localhost:3000/oauth/token_key
 sessions: never

SSO認(rèn)證服務(wù)器

認(rèn)證服務(wù)器配置

@Configuration
@Order(Integer.MIN_VALUE)
@EnableAuthorizationServer
public class PigAuthorizationConfig extends AuthorizationServerConfigurerAdapter {
  @Override
  public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
    clients.inMemory()
        .withClient(authServerConfig.getClientId())
        .secret(authServerConfig.getClientSecret())
        .authorizedGrantTypes(SecurityConstants.REFRESH_TOKEN, SecurityConstants.PASSWORD,SecurityConstants.AUTHORIZATION_CODE)
        .scopes(authServerConfig.getScope());
  }

  @Override
  public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
    endpoints
        .tokenStore(new RedisTokenStore(redisConnectionFactory))
        .accessTokenConverter(jwtAccessTokenConverter())
        .authenticationManager(authenticationManager)
        .exceptionTranslator(pigWebResponseExceptionTranslator)
        .reuseRefreshTokens(false)
        .userDetailsService(userDetailsService);
  }

  @Override
  public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
    security
        .allowFormAuthenticationForClients()
        .tokenKeyAccess("isAuthenticated()")
        .checkTokenAccess("permitAll()");
  }

  @Bean
  public PasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder();
  }

  @Bean
  public JwtAccessTokenConverter jwtAccessTokenConverter() {
    JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
    jwtAccessTokenConverter.setSigningKey(CommonConstant.SIGN_KEY);
    return jwtAccessTokenConverter;
  }
}

以上就是本文的全部內(nèi)容，希望對大家的學(xué)習(xí)有所幫助，也希望大家多多支持腳本之家。