基于Spring Cloud 快速配置完成单点登录开发

单点登录概念
单点登录（Single Sign On），简称为 SSO，是目前比较流行的企业业务整合的解决方案之一。SSO的定义是在多个应用系统中，用户只需要登录一次就可以访问所有相互信任的应用系统。登录逻辑如上图

基于Spring 全家桶的实现

技术选型：

 Spring Boot

 Spring Cloud 

 Spring Security oAuth2

客户端：

maven依赖

<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
 <dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-jwt</artifactId>
</dependency>

EnableOAuth2Sso 注解

入口类配置@@EnableOAuth2Sso

 @SpringBootApplication
 public class PigSsoClientDemoApplication {
public static void main(String[] args) {
SpringApplication.run(PigSsoClientDemoApplication.class, args);
 }
 }

配置文件

SSO认证服务器

认证服务器配置

@Configuration
@Order(Integer.MIN\_VALUE)
@EnableAuthorizationServe
public class PigAuthorizationConfig extends AuthorizationServerConfigurerAdapter {
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
    clients.inMemory()

            .withClient(authServerConfig.getClientId())

            .secret(authServerConfig.getClientSecret())

            .authorizedGrantTypes(SecurityConstants.REFRESH\_TOKEN, SecurityConstants.PASSWORD,SecurityConstants.AUTHORIZATION\_CODE)

            .scopes(authServerConfig.getScope());

}



@Override

public void configure(AuthorizationServerEndpointsConfigurer endpoints) {

    endpoints

            .tokenStore(new RedisTokenStore(redisConnectionFactory))

            .accessTokenConverter(jwtAccessTokenConverter())

            .authenticationManager(authenticationManager)

            .exceptionTranslator(pigWebResponseExceptionTranslator)

            .reuseRefreshTokens(false)

            .userDetailsService(userDetailsService);

}



@Override

public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {

    security

            .allowFormAuthenticationForClients()

            .tokenKeyAccess("isAuthenticated()")

            .checkTokenAccess("permitAll()");

}



@Bean

public PasswordEncoder passwordEncoder() {

    return new BCryptPasswordEncoder();

}



@Bean

public JwtAccessTokenConverter jwtAccessTokenConverter() {

    JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();

    jwtAccessTokenConverter.setSigningKey(CommonConstant.SIGN\_KEY);

    return jwtAccessTokenConverter;

} }

配置完成体验

1：访问SSO客户端的 index.html:
2：重定向到SSO服务端的 Basic 认证:
3：输入账号密码又重定向到原请求的 客户端index资源