爱站程序员基地Spring Security Oauth2 整合单点登录(SSO)
创建客户端
添加依赖
<?xml version="1.0" encoding="UTF-8"?><project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"><modelVersion>4.0.0</modelVersion><parent><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-parent</artifactId><version>2.2.2.RELEASE</version><relativePath/> <!-- lookup parent from repository --></parent><groupId>com.yjxxt</groupId><artifactId>oauth2client01demo</artifactId><version>0.0.1-SNAPSHOT</version><name>oauth2client01demo</name><description>Demo project for Spring Boot</description><properties><java.version>1.8</java.version><spring-cloud.version>Greenwich.SR2</spring-cloud.version></properties><dependencies><dependency><groupId>org.springframework.cloud</groupId><artifactId>spring-cloud-starter-oauth2</artifactId></dependency><dependency><groupId>org.springframework.cloud</groupId><artifactId>spring-cloud-starter-security</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency><dependency><groupId>io.jsonwebtoken</groupId><artifactId>jjwt</artifactId><version>0.9.0</version></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-test</artifactId><scope>test</scope></dependency></dependencies><dependencyManagement><dependencies><dependency><groupId>org.springframework.cloud</groupId><artifactId>spring-cloud-dependencies</artifactId><version>${spring-cloud.version}</version><type>pom</type><scope>import</scope></dependency></dependencies></dependencyManagement><build><plugins><plugin><groupId>org.springframework.boot</groupId><artifactId>spring-boot-maven-plugin</artifactId></plugin></plugins></build></project>
修改配置文件
application.properties
server.port=8081#防止Cookie冲突,冲突会导致登录验证不通过server.servlet.session.cookie.name=OAUTH2-CLIENT-SESSIONID01#授权服务器地址oauth2-server-url: http://localhost:8080#与授权服务器对应的配置security.oauth2.client.client-id=adminsecurity.oauth2.client.client-secret=112233security.oauth2.client.user-authorization-uri=${oauth2-server-url}/oauth/authorizesecurity.oauth2.client.access-token-uri=${oauth2-server-url}/oauth/tokensecurity.oauth2.resource.jwt.key-uri=${oauth2-server-url}/oauth/token_key
在启动类上添加@EnableOAuth2Sso注解来启用单点登录功能
package com.yjxxt.oauth2client01demo;import org.springframework.boot.SpringApplication;import org.springframework.boot.autoconfigure.SpringBootApplication;import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;@SpringBootApplication@EnableOAuth2Ssopublic class Oauth2client01demoApplication {public static void main(String[] args) {SpringApplication.run(Oauth2client01demoApplication.class, args);}}
添加接口用于获取当前登录用户信息
package com.yjxxt.oauth2client01demo.controller;import org.springframework.security.core.Authentication;import org.springframework.web.bind.annotation.GetMapping;import org.springframework.web.bind.annotation.RequestMapping;import org.springframework.web.bind.annotation.RestController;@RestController@RequestMapping("/user")public class UserController {@GetMapping("/getCurrentUser")public Object getCurrentUser(Authentication authentication) {return authentication;}}
修改认证服务器配置
修改授权服务器中的AuthorizationServerConfig类,将绑定的跳转路径为
http://localhost:8081/login,并添加获取秘钥时的身份认证
@Overridepublic void configure(ClientDetailsServiceConfigurer clients) throws Exception {clients.inMemory()//配置client_id.withClient("admin")//配置client-secret.secret(passwordEncoder.encode("112233"))//配置访问token的有效期.accessTokenValiditySeconds(3600)//配置刷新token的有效期.refreshTokenValiditySeconds(864000)//配置redirect_uri,用于授权成功后跳转// .redirectUris("http://www.baidu.com")//单点登录时配置.redirectUris("http://localhost:8081/login")//配置申请的权限范围.scopes("all")//自动授权配置.autoApprove(true)//配置grant_type,表示授权类型.authorizedGrantTypes("authorization_code","password","refresh_token");}@Overridepublic void configure(AuthorizationServerSecurityConfigurer security) {// 获取密钥需要身份认证,使用单点登录时必须配置security.tokenKeyAccess("isAuthenticated()");}
测试
启动授权服务和客户端服务;
访问客户端需要授权的接口http://localhost:8081/user/getCurrentUser
会跳转到授权服务的登录界面;
授权后会跳转到原来需要权限的接口地址,展示登录用户信息;
