SpringSecurity基于JWT實(shí)現(xiàn)SSO單點(diǎn)登錄詳解
SSO :同一個(gè)帳號(hào)在同一個(gè)公司不同系統(tǒng)上登陸
創(chuàng)新互聯(lián)公司專注于定襄企業(yè)網(wǎng)站建設(shè),成都響應(yīng)式網(wǎng)站建設(shè)公司,商城系統(tǒng)網(wǎng)站開發(fā)。定襄網(wǎng)站建設(shè)公司,為定襄等地區(qū)提供建站服務(wù)。全流程按需開發(fā),專業(yè)設(shè)計(jì),全程項(xiàng)目跟蹤,創(chuàng)新互聯(lián)公司專業(yè)和態(tài)度為您提供的服務(wù)
使用SpringSecurity實(shí)現(xiàn)類似于SSO登陸系統(tǒng)是十分簡(jiǎn)單的 下面我就搭建一個(gè)DEMO
首先來(lái)看看目錄的結(jié)構(gòu)
其中sso-demo是父工程項(xiàng)目 sso-client 、sso-client2分別對(duì)應(yīng)2個(gè)資源服務(wù)器,sso-server是認(rèn)證服務(wù)器
引入的pom文件
sso-demo
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>study.security.sso</groupId>
<artifactId>sso-demo</artifactId>
<version>1.0.0-SNAPSHOT</version>
<modules>
<module>sso-server</module>
<module>sso-client</module>
<module>sso-client2</module>
</modules>
<packaging>pom</packaging>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>io.spring.platform</groupId>
<artifactId>platform-bom</artifactId>
<version>Brussels-SR4</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>Dalston.SR2</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>2.3.2</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
<encoding>UTF-8</encoding>
</configuration>
</plugin>
</plugins>
</build>
</project>sso-server
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<artifactId>sso-demo</artifactId>
<groupId>study.security.sso</groupId>
<version>1.0.0-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>sso-server</artifactId>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth3</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-jwt</artifactId>
</dependency>
</dependencies>
</project>sso-client與sso-client2 pom 中的 是一樣的
1.sso-server
現(xiàn)在開始搭建認(rèn)證服務(wù)器
認(rèn)證服務(wù)器的目錄結(jié)構(gòu)如下
/**
* 認(rèn)證服務(wù)器配置
* Created by ZhuPengWei on 2018/1/11.
*/
@Configuration
@EnableAuthorizationServer
public class SsoAuthenticationServerConfig extends AuthorizationServerConfigurerAdapter {
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()
.withClient("client1")
.secret("client1")
.authorizedGrantTypes("authorization_code", "refresh_token")
.scopes("all")
.and()
.withClient("client2")
.secret("client2")
.authorizedGrantTypes("authorization_code", "refresh_token")
.scopes("all");
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.tokenStore(jwtTokenStore()).accessTokenConverter(jwtAccessTokenConverter());
}
/**
* 認(rèn)證服務(wù)器的安全配置
*
* @param security
* @throws Exception
*/
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
// 要訪問(wèn)認(rèn)證服務(wù)器tokenKey的時(shí)候需要經(jīng)過(guò)身份認(rèn)證
security.tokenKeyAccess("isAuthenticated()");
}
@Bean
public TokenStore jwtTokenStore() {
return new JwtTokenStore(jwtAccessTokenConverter());
}
@Bean
public JwtAccessTokenConverter jwtAccessTokenConverter() {
JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
// 保證JWT安全的唯一方式
jwtAccessTokenConverter.setSigningKey("ZPW");
return jwtAccessTokenConverter;
}
}/**
* 自定義用戶登陸邏輯配置
* Created by ZhuPengWei on 2018/1/13.
*/
@Configuration
public class SsoSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
/**
* 加密解密邏輯
*/
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// 改成表單登陸的方式 所有請(qǐng)求都需要認(rèn)證
http.formLogin().and().authorizeRequests().anyRequest().authenticated();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// 用自己的登陸邏輯以及加密器
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
}/**
* 自定義用戶登陸
* Created by ZhuPengWei on 2018/1/13.
*/
@Component
public class SsoUserDetailsService implements UserDetailsService {
@Autowired
private PasswordEncoder passwordEncoder;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
return new User(username,
passwordEncoder.encode("123456"),
AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER"));
}
}其中SsoApprovalEndPoint與SsoSpelView目的是去掉登陸之后授權(quán)的效果
注解 @FrameworkEndpoint
與@RestController注解相類似
如果聲明和@FrameworkEndpoint一模一樣的@RequestMapping
Spring框架處理的時(shí)候會(huì)優(yōu)先處理@RestController里面的
/**
* 自定義認(rèn)證邏輯
* Created by ZhuPengWei on 2018/1/13.
*/
@RestController
@SessionAttributes("authorizationRequest")
public class SsoApprovalEndpoint {
@RequestMapping("/oauth/confirm_access")
public ModelAndView getAccessConfirmation(Map<String, Object> model, HttpServletRequest request) throws Exception {
String template = createTemplate(model, request);
if (request.getAttribute("_csrf") != null) {
model.put("_csrf", request.getAttribute("_csrf"));
}
return new ModelAndView(new SsoSpelView(template), model);
}
protected String createTemplate(Map<String, Object> model, HttpServletRequest request) {
String template = TEMPLATE;
if (model.containsKey("scopes") || request.getAttribute("scopes") != null) {
template = template.replace("%scopes%", createScopes(model, request)).replace("%denial%", "");
} else {
template = template.replace("%scopes%", "").replace("%denial%", DENIAL);
}
if (model.containsKey("_csrf") || request.getAttribute("_csrf") != null) {
template = template.replace("%csrf%", CSRF);
} else {
template = template.replace("%csrf%", "");
}
return template;
}
private CharSequence createScopes(Map<String, Object> model, HttpServletRequest request) {
StringBuilder builder = new StringBuilder("<ul>");
@SuppressWarnings("unchecked")
Map<String, String> scopes = (Map<String, String>) (model.containsKey("scopes") ? model.get("scopes") : request
.getAttribute("scopes"));
for (String scope : scopes.keySet()) {
String approved = "true".equals(scopes.get(scope)) ? " checked" : "";
String denied = !"true".equals(scopes.get(scope)) ? " checked" : "";
String value = SCOPE.replace("%scope%", scope).replace("%key%", scope).replace("%approved%", approved)
.replace("%denied%", denied);
builder.append(value);
}
builder.append("</ul>");
return builder.toString();
}
private static String CSRF = "<input type='hidden' name='${_csrf.parameterName}' value='${_csrf.token}' />";
private static String DENIAL = "<form id='denialForm' name='denialForm' action='${path}/oauth/authorize' method='post'><input name='user_oauth_approval' value='false' type='hidden'/>%csrf%<label><input name='deny' value='Deny' type='submit'/></label></form>";
// 對(duì)源代碼進(jìn)行處理 隱藏授權(quán)頁(yè)面,并且使他自動(dòng)提交
private static String TEMPLATE = "<html><body><div style='display:none;'> <h2>OAuth Approval</h2>"
+ "<p>Do you authorize '${authorizationRequest.clientId}' to access your protected resources?</p>"
+ "<form id='confirmationForm' name='confirmationForm' action='${path}/oauth/authorize' method='post'><input name='user_oauth_approval' value='true' type='hidden'/>%csrf%%scopes%<label><input name='authorize' value='Authorize' type='submit'/></label></form>"
+ "%denial%</div><script>document.getElementById('confirmationForm').submit();</script></body></html>";
private static String SCOPE = "<li><div class='form-group'>%scope%: <input type='radio' name='%key%'"
+ " value='true'%approved%>Approve</input> <input type='radio' name='%key%' value='false'%denied%>Deny</input></div></li>";
}SsoSpelView 與 原來(lái)SpelView 是一樣的 只不過(guò)原來(lái)SpelView 不是public的類
application.properties
server.port=9999 server.context-path=/server
2.sso-client
相對(duì)于認(rèn)證服務(wù)器 資源服務(wù)器demo的配置就十分簡(jiǎn)單了
/**
* Created by ZhuPengWei on 2018/1/11.
*/
@SpringBootApplication
@RestController
@EnableOAuth3Sso
public class SsoClient1Application {
@GetMapping("/user")
public Authentication user(Authentication user) {
return user;
}
public static void main(String[] args) {
SpringApplication.run(SsoClient1Application.class, args);
}
}<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>SSO Client1</title> </head> <body> <h2>SSO Demo Client1</h2> <a rel="external nofollow" >訪問(wèn)client2</a> </body> </html>
application.properties
security.oauth3.client.client-id=client1 security.oauth3.client.client-secret=client1 #需要認(rèn)證時(shí)候跳轉(zhuǎn)的地址 security.oauth3.client.user-authorization-uri=http://127.0.0.1:9999/server/oauth/authorize #請(qǐng)求令牌地址 security.oauth3.client.access-token-uri=http://127.0.0.1:9999/server/oauth/token #解析 security.oauth3.resource.jwt.key-uri=http://127.0.0.1:9999/server/oauth/token_key #sso server.port=8080 server.context-path=/client1
3.sso-client2
資源服務(wù)器1和資源服務(wù)器2的目錄結(jié)構(gòu)是一樣的,改了相關(guān)的參數(shù)
/**
* Created by ZhuPengWei on 2018/1/11.
*/
@SpringBootApplication
@RestController
@EnableOAuth3Sso
public class SsoClient2Application {
@GetMapping("/user")
public Authentication user(Authentication user) {
return user;
}
public static void main(String[] args) {
SpringApplication.run(SsoClient2Application.class, args);
}
}<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>SSO Client2</title> </head> <body> <h2>SSO Demo Client2</h2> <a rel="external nofollow" >訪問(wèn)client1</a> </body> </html>
security.oauth3.client.client-id=client2 security.oauth3.client.client-secret=client2 #需要認(rèn)證時(shí)候跳轉(zhuǎn)的地址 security.oauth3.client.user-authorization-uri=http://127.0.0.1:9999/server/oauth/authorize #請(qǐng)求令牌地址 security.oauth3.client.access-token-uri=http://127.0.0.1:9999/server/oauth/token #解析 security.oauth3.resource.jwt.key-uri=http://127.0.0.1:9999/server/oauth/token_key #sso server.port=8060 server.context-path=/client2
好了 基于JWT實(shí)現(xiàn)SSO單點(diǎn)登錄的DEMO以及搭建完成了 下面來(lái)看看頁(yè)面的效果
在初次訪問(wèn)的時(shí)候
圖1
登陸成功之后
圖2
圖3
注意
寫SsoApprovalEndPoint與SsoSpelView目的是去掉登陸之后授權(quán)的效果如果不寫這2個(gè)類
在初次訪問(wèn)的登陸成功之后是有一步授權(quán)的操作的
比如說(shuō)圖1操作成功之后
點(diǎn)擊Authorize才會(huì)跳轉(zhuǎn)到圖2
以上就是本文的全部?jī)?nèi)容,希望對(duì)大家的學(xué)習(xí)有所幫助,也希望大家多多支持創(chuàng)新互聯(lián)。
網(wǎng)頁(yè)標(biāo)題:SpringSecurity基于JWT實(shí)現(xiàn)SSO單點(diǎn)登錄詳解
當(dāng)前鏈接:http://chinadenli.net/article22/jpsscc.html
成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián),為您提供響應(yīng)式網(wǎng)站、虛擬主機(jī)、服務(wù)器托管、企業(yè)網(wǎng)站制作、App開發(fā)、關(guān)鍵詞優(yōu)化
聲明:本網(wǎng)站發(fā)布的內(nèi)容(圖片、視頻和文字)以用戶投稿、用戶轉(zhuǎn)載內(nèi)容為主,如果涉及侵權(quán)請(qǐng)盡快告知,我們將會(huì)在第一時(shí)間刪除。文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如需處理請(qǐng)聯(lián)系客服。電話:028-86922220;郵箱:631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載,或轉(zhuǎn)載時(shí)需注明來(lái)源: 創(chuàng)新互聯(lián)
- 靜態(tài)網(wǎng)站設(shè)計(jì)包括哪些特點(diǎn),具體的優(yōu)勢(shì)有哪些 2019-06-27
- ?成都網(wǎng)站建設(shè)生成真靜態(tài)有什么好處? 2016-11-18
- 網(wǎng)站建設(shè)中關(guān)于靜態(tài)頁(yè)面和動(dòng)態(tài)頁(yè)面的區(qū)分 2016-10-02
- 靜態(tài)網(wǎng)站站內(nèi)結(jié)構(gòu)注意事項(xiàng) 2016-11-02
- 營(yíng)銷型網(wǎng)站建設(shè)中什么是動(dòng)態(tài)網(wǎng)站、靜態(tài)網(wǎng)站 2013-06-07
- 動(dòng)態(tài)網(wǎng)頁(yè)靜態(tài)化的優(yōu)點(diǎn) 2016-11-04
- 響應(yīng)式靜態(tài)網(wǎng)站設(shè)計(jì)公司是否滿足您的業(yè)務(wù)需求 2019-10-31
- 網(wǎng)站是否真的需要生成靜態(tài)或偽靜態(tài)? 2016-08-06
- 網(wǎng)站建設(shè)是動(dòng)態(tài)的好還是靜態(tài)的好 2014-05-19
- 網(wǎng)站建設(shè)動(dòng)態(tài)和靜態(tài)哪個(gè)好? 2016-11-12
- 網(wǎng)站偽靜態(tài)為什么有利于SEO優(yōu)化? 2015-12-12
- 成都網(wǎng)站設(shè)計(jì)使用動(dòng)態(tài)還是靜態(tài)? 2013-06-18