一、单点登录系统-Oauth2
(1)创建一个关于Spring-Security的Maven项目(下面以来为pom.xml文件中的内容,关于JDK版本,以及打包成jar或者war,插件可根据自己的需求进行添加)
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>1.2.68</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>`在这里插入代码片`
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
<optional>true</optional>
</dependency>
(2)相关配置类
@Configuration
@EnableConfigurationProperties(QkrhClientRegistrationProperties.class)
public class OAuth2LoginConfig {
@EnableWebSecurity
public static class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest().authenticated()
.and()
.oauth2Login()
.defaultSuccessUrl("认证成功之后的地址")
.redirectionEndpoint().baseUri("拦截重定向地址的,此处的URL要包含重定向地址。比如重定向地址为:/v1/chen/login/chen 那么此处的地址可为 /v1/chen/login/**");
//下面的设置实际上是针对不太符合oauth2协议的认证服务器进行自定一的处理,如果想QQ 微信之类的就不需要。可忽略
http.oauth2Login().userInfoEndpoint().userService(new CustomOAuth2UserService());
http.oauth2Login().tokenEndpoint().accessTokenResponseClient(customAccessTokenResponseClient());
}
private OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> customAccessTokenResponseClient() {
return new CustomPasswordTokenResponseClient();
}
}
@Autowired
private QkrhClientRegistrationProperties registrationProperties;
@Bean
public ClientRegistrationRepository clientRegistrationRepository() {
return new InMemoryClientRegistrationRepository(this.gfoaClientRegistration(registrationProperties));
}
private List<ClientRegistration> gfoaClientRegistration(QkrhClientRegistrationProperties registrationProperties){
List<ClientRegistration> clientRegistrationList = new ArrayList<>();
clientRegistrationList.add(
ClientRegistration.withRegistrationId(registrationProperties.getRegistrationId())
.clientId(registrationProperties.getClientId())
.clientSecret(registrationProperties.getClientSecret())
.clientAuthenticationMethod(ClientAuthenticationMethod.POST)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.redirectUriTemplate("{baseUrl}/v1/3rd/qkrh/login/{registrationId}")
// .scope("openid")
.authorizationUri(registrationProperties.getAuthorizationUri())
.tokenUri(registrationProperties.getTokenUri())
// .jwkSetUri(registrationProperties.getJwkSetUri())
.clientName(registrationProperties.getClientId())
.build());
return clientRegistrationList;
}
}
“{baseUrl}/v1/3rd/qkrh/login/{registrationId}” 这是重定向地址,当你访问 http://ip:port/login,进入选择客户端进行第三方认证,点击你注册好的客户端跳转到第三方登录系统,这个跳转连接是框架帮助你自动生成的。
(3)yml 文件
v:
p:
registration-id:
authorization-uri:
token-uri:
client-id:
client-secret:
q:
registration-id:
authorization-uri:
token-uri:
client-id:
client-secret:
上面的yml可多配置,主要是通过registration-id来区分是通过哪个客户端要验证,下面这个地方就会多个进行选择。
(4)读取yml文件的配置
@ConfigurationProperties(prefix = "vp")
public class QkrhClientRegistrationProperties {
private String authorizationUri;
private String tokenUri;
private String jwkSetUri;
private String redirectUri;
private String clientId;
private String clientSecret;
private String registrationId;
public String getAuthorizationUri() {
return authorizationUri;
}
public void setAuthorizationUri(String authorizationUri) {
this.authorizationUri = authorizationUri;
}
public String getTokenUri() {
return tokenUri;
}
public void setTokenUri(String tokenUri) {
this.tokenUri = tokenUri;
}
public String getJwkSetUri() {
return jwkSetUri;
}
public void setJwkSetUri(String jwkSetUri) {
this.jwkSetUri = jwkSetUri;
}
public String getRedirectUri() {
return redirectUri;
}
public void setRedirectUri(String redirectUri) {
this.redirectUri = redirectUri;
}
public String getClientId() {
return clientId;
}
public void setClientId(String clientId) {
this.clientId = clientId;
}
public String getClientSecret() {
return clientSecret;
}
public void setClientSecret(String clientSecret) {
this.clientSecret = clientSecret;
}
public String getRegistrationId() {
return registrationId;
}
public void setRegistrationId(String registrationId) {
this.registrationId = registrationId;
}
}
(5)controller(只需要写一个跳转成功之后的controller,然后单点到需要的地址就好。)
//只是示例
@RequestMapping("/v/success")
public String index(Model model, @RegisteredOAuth2AuthorizedClient OAuth2AuthorizedClient authorizedClient,
@AuthenticationPrincipal OAuth2User oauth2User, @RequestParam(required = false) String functionId,
HttpServletRequest request, HttpServletResponse response) throws IOException {
}
有问题可留言交流~ 只做个简单的记录。