> [单点登录](https://zh.wikipedia.org/wiki/%E5%96%AE%E4%B8%80%E7%99%BB%E5%85%A5)(英语:Single sign-on,缩写为 SSO),又译为单一签入,一种对于许多相互关连,但是又是各自独立的软件系统,提供访问控制的属性。当拥有这项属性时,当用户登录时,就可以获取所有系统的访问权限,不用对每个单一系统都逐一登录。这项功能通常是以轻型目录访问协议(LDAP)来实现,在服务器上会将用户信息存储到LDAP数据库中。相同的,单一注销(single sign-off)就是指,只需要单一的注销动作,就可以结束对于多个系统的访问权限。
## Security OAuth2 单点登录流程示意图
[![https://raw.githubusercontent.com/longfeizheng/longfeizheng.github.io/master/images/security/SpringSecurity-OAuth2-sso.png](https://raw.githubusercontent.com/longfeizheng/longfeizheng.github.io/master/images/security/SpringSecurity-OAuth2-sso.png "https://raw.githubusercontent.com/longfeizheng/longfeizheng.github.io/master/images/security/SpringSecurity-OAuth2-sso.png")](https://raw.githubusercontent.com/longfeizheng/longfeizheng.github.io/master/images/security/SpringSecurity-OAuth2-sso.png "https://raw.githubusercontent.com/longfeizheng/longfeizheng.github.io/master/images/security/SpringSecurity-OAuth2-sso.png")
1. 访问client1
2. `client1`将请求导向`sso-server`
3. 同意授权
4. 携带授权码`code`返回`client1`
5. `client1`拿着授权码请求令牌
6. 返回`JWT`令牌
7. `client1`解析令牌并登录
8. `client1`访问`client2`
9. `client2`将请求导向`sso-server`
10. 同意授权
11. 携带授权码`code`返回`client2`
12. `client2`拿着授权码请求令牌
13. 返回`JWT`令牌
14. `client2`解析令牌并登录
用户的登录状态是由`sso-server`认证中心来保存的,登录界面和账号密码的验证也是`sso-server`认证中心来做的(**`client1`和`clien2`返回`token`是不同的,但解析出来的用户信息是同一个用户**)。
## Security OAuth2 实现单点登录
### 项目结构
[![https://raw.githubusercontent.com/longfeizheng/longfeizheng.github.io/master/images/security/spring-security-oauth2-sso01.png](https://raw.githubusercontent.com/longfeizheng/longfeizheng.github.io/master/images/security/spring-security-oauth2-sso01.png "https://raw.githubusercontent.com/longfeizheng/longfeizheng.github.io/master/images/security/spring-security-oauth2-sso01.png")](https://raw.githubusercontent.com/longfeizheng/longfeizheng.github.io/master/images/security/spring-security-oauth2-sso01.png "https://raw.githubusercontent.com/longfeizheng/longfeizheng.github.io/master/images/security/spring-security-oauth2-sso01.png")
### sso-server
#### 认证服务器
```java
@Configuration
@EnableAuthorizationServer
public class SsoAuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
/**
* 客户端一些配置
* @param clients
* @throws Exception
*/
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("merryyou1")
.secret("merryyousecrect1")
.authorizedGrantTypes("authorization_code", "refresh_token")
.scopes("all")
.and()
.withClient("merryyou2")
.secret("merryyousecrect2")
.authorizedGrantTypes("authorization_code", "refresh_token")
.scopes("all");
}
/**
* 配置jwttokenStore
* @param endpoints
* @throws Exception
*/
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.tokenStore(jwtTokenStore()).accessTokenConverter(jwtAccessTokenConverter());
}
/**
* springSecurity 授权表达式,访问merryyou tokenkey时需要经过认证
* @param security
* @throws Exception
*/
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.tokenKeyAccess("isAuthenticated()");
}
/**
* JWTtokenStore
* @return
*/
@Bean
public TokenStore jwtTokenStore() {
return new JwtTokenStore(jwtAccessTokenConverter());
}
/**
* 生成JTW token
* @return
*/
@Bean
public JwtAccessTokenConverter jwtAccessTokenConverter(){
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setSigningKey("merryyou");
return converter;
}
}
```
#### security配置
```java
@Configuration
public class SsoSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin().loginPage("/authentication/require")
.loginProcessingUrl("/authentication/form")
.and().authorizeRequests()
.antMatchers("/authentication/require",
"/authentication/form",
"/**/*.js",
"/**/*.css",
"/**/*.jpg",
"/**/*.png",
"/**/*.woff2"
)
.permitAll()
.anyRequest().authenticated()
.and()
.csrf().disable();
// http.formLogin().and().authorizeRequests().anyRequest().authenticated();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
}
```
#### SsoUserDetailsService
```java
@Component
public class SsoUserDetailsService implements UserDetailsService {
@Autowired
private PasswordEncoder passwordEncoder;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
return new User(username, passwordEncoder.encode("123456"), AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER"));
}
}
```
#### application.yml
```yaml
server:
port: 8082
context-path: /uaa
spring:
freemarker:
allow-request-override: false
allow-session-override: false
cache: true
charset: UTF-8
check-template-location: true
content-type: text/html
enabled: true
expose-request-attributes: false
expose-session-attributes: false
expose-spring-macro-helpers: true
prefer-file-system-access: true
suffix: .ftl
template-loader-path: classpath:/templates/
```
### sso-client1
#### SsoClient1Application
```java
@SpringBootApplication
@RestController
@EnableOAuth2Sso
public class SsoClient1Application {
@GetMapping("/user")
public Authentication user(Authentication user) {
return user;
}
public static void main(String[] args) {
SpringApplication.run(SsoClient1Application.class, args);
}
}
```
#### application.yml
```java
auth-server: http://localhost:8082/uaa # sso-server地址
server:
context-path: /client1
port: 8083
security:
oauth2:
client:
client-id: merryyou1
client-secret: merryyousecrect1
user-authorization-uri: ${auth-server}/oauth/authorize #请求认证的地址
access-token-uri: ${auth-server}/oauth/token #请求令牌的地址
resource:
jwt:
key-uri: ${auth-server}/oauth/token_key #解析jwt令牌所需要密钥的地址
```
### sso-client2
#### 同sso-client1一致
效果如下:
[![https://raw.githubusercontent.com/longfeizheng/longfeizheng.github.io/master/images/security/spring-security-oauth2-sso01.gif](https://raw.githubusercontent.com/longfeizheng/longfeizheng.github.io/master/images/security/spring-security-oauth2-sso01.gif "htt
没有合适的资源?快使用搜索试试~ 我知道了~
温馨提示
spring boot整合spring security 实现SSO单点登陆 完整DEMO. 1、配置本地hosts 127.0.0.1 sso-login 127.0.0.1 sso-resource 127.0.0.1 sso-tmall 127.0.0.1 sso-taobao windows系统的路径在C:\WINDOWS\system32\drivers\etc Linux系统路径/etc/hosts 2、先后启动SsoServer、sso-resource、sso-client1、sso-client2 3、访问http://sso-taobao:8083/client1/ 或 http://sso-tmall:8084/client2/
资源推荐
资源详情
资源评论
收起资源包目录
spring boot 实现SSO单点登陆 (103个子文件)
SsoAuthorizationServerConfig.class 5KB
SsoSecurityConfig.class 4KB
SsoResourceServerConfig.class 3KB
SsoClient1Application.class 3KB
SsoClient2Application.class 3KB
SsoResourceApplication.class 1KB
SsoUserDetailsService.class 1KB
SsoServerApplication.class 1KB
LoginController.class 758B
.classpath 1KB
.classpath 1KB
.classpath 1KB
.classpath 1KB
font-awesome.min.css 30KB
font-awesome.min.css 30KB
style.css 7KB
style.css 7KB
common.css 2KB
common.css 2KB
reset.css 1KB
reset.css 1KB
Dockerfile 135B
Dockerfile 135B
Dockerfile 135B
Dockerfile 135B
login.ftl 3KB
login.ftl 3KB
index.html 274B
index.html 274B
index.html 226B
index.html 226B
SsoAuthorizationServerConfig.java 3KB
SsoSecurityConfig.java 2KB
SsoClient1Application.java 2KB
SsoClient2Application.java 2KB
SsoResourceServerConfig.java 1KB
SsoUserDetailsService.java 1016B
SsoResourceApplication.java 793B
SsoServerApplication.java 790B
LoginController.java 488B
logo_bg.jpg 1.74MB
logo_bg.jpg 1.74MB
cut.jpg 20KB
cut.jpg 20KB
jquery.min.js 94KB
jquery.min.js 94KB
common.js 733B
common.js 733B
README.md 9KB
MANIFEST.MF 110B
MANIFEST.MF 110B
MANIFEST.MF 110B
MANIFEST.MF 110B
banner.png 1021KB
banner.png 1021KB
logowz.png 9KB
logowz.png 9KB
org.eclipse.jdt.core.prefs 243B
org.eclipse.jdt.core.prefs 243B
org.eclipse.jdt.core.prefs 243B
org.eclipse.jdt.core.prefs 243B
org.eclipse.m2e.core.prefs 90B
org.eclipse.m2e.core.prefs 90B
org.eclipse.m2e.core.prefs 90B
org.eclipse.m2e.core.prefs 90B
org.eclipse.m2e.core.prefs 90B
org.eclipse.core.resources.prefs 62B
org.eclipse.core.resources.prefs 62B
org.eclipse.core.resources.prefs 62B
org.eclipse.core.resources.prefs 62B
.project 564B
.project 563B
.project 563B
.project 562B
.project 399B
pom.properties 270B
pom.properties 267B
pom.properties 267B
pom.properties 264B
build.sh 184B
build.sh 182B
build.sh 182B
build.sh 180B
fontawesome-webfont.woff2 75KB
fontawesome-webfont.woff2 75KB
pom.xml 2KB
pom.xml 1KB
pom.xml 1KB
pom.xml 1KB
pom.xml 1KB
pom.xml 1KB
pom.xml 1KB
pom.xml 1KB
pom.xml 1KB
docker-compose.yml 616B
application.yml 473B
application.yml 473B
application.yml 459B
application.yml 459B
application.yml 372B
共 103 条
- 1
- 2
资源评论
廷哥2020
- 粉丝: 4
- 资源: 15
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- Screenshot_20240427_031602.jpg
- 网页PDF_2024年04月26日 23-46-14_QQ浏览器网页保存_QQ浏览器转格式(6).docx
- 直接插入排序,冒泡排序,直接选择排序.zip
- 在排序2的基础上,再次对快排进行优化,其次增加快排非递归,归并排序,归并排序非递归版.zip
- 实现了7种排序算法.三种复杂度排序.三种nlogn复杂度排序(堆排序,归并排序,快速排序)一种线性复杂度的排序.zip
- 冒泡排序 直接选择排序 直接插入排序 随机快速排序 归并排序 堆排序.zip
- 课设-内部排序算法比较 包括冒泡排序、直接插入排序、简单选择排序、快速排序、希尔排序、归并排序和堆排序.zip
- Python排序算法.zip
- C语言实现直接插入排序、希尔排序、选择排序、冒泡排序、堆排序、快速排序、归并排序、计数排序,并带图详解.zip
- 常用工具集参考用于图像等数据处理
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功