OAuth2 实现单点登录 SSO,看这篇文章就对了!

最新推荐文章于 2024-08-14 16:50:57 发布
最新推荐文章于 2024-08-14 16:50:57 发布
阅读量1.2k 收藏 3
点赞数

  点击上方 "程序员小乐" ,关注公众号

8点20分,第一时间与你相约

每日英文

Smile and stop complaining about the things you can't change. Time keeps ticking whether you're happy or sad.

保持微笑,停止抱怨那些改变不了的事。无论你开心与否,时间总是不等人的。


每日掏心话

即使生命柔弱,飘摇,像风雨中的一朵小花,也要努力的绽放,去触摸阳光的温暖。


来自:废物大师兄 | 责编:乐乐

链接:cnblogs.com/cjsblog/p/10548022.html

640?wx_fmt=jpeg

图片来自网络


往日回顾:详细介绍!Linux 上几种常用的文件传输方式



   01 前言   

 
   
 
   

 
   
之前更新过一篇单点登录(我去!原来单点登录这么简单,这下糗大了!),没看的可以去了解下!
 
   

 
   
技术这东西吧,看别人写的好像很简单似的,到自己去写的时候就各种问题,“一看就会,一做就错”。网上关于实现SSO的文章一大堆,但是当你真的照着写的时候就会发现根本不是那么回事儿,简直让人抓狂,尤其是对于我这样的菜鸟。几经曲折,终于搞定了,决定记录下来,以便后续查看。先来看一下效果
 
   

 
   
640?wx_fmt=png
 
   

 
   
640?wx_fmt=png
 
   

 
   
640?wx_fmt=png
 
   

 
   

 
   
 
    

 
    
   02 准备   
 
   
 
   

 
   

 
   
2.1. 单点登录
 
   

 
   
最常见的例子是,我们打开淘宝APP,首页就会有天猫、聚划算等服务的链接,当你点击以后就直接跳过去了,并没有让你再登录一次
 
   

 
   
640?wx_fmt=jpeg
 
   

 
   
下面这个图是我在网上找的,我觉得画得比较明白:
 
   

 
   
640?wx_fmt=png
 
   

 
   
可惜有点儿不清晰,于是我又画了个简版的:
 
   

 
   
重要的是理解:
 
   

 
   

 
   
640?wx_fmt=png
 
   

 
   

 
   
 
    

 
    
   03 利用OAuth2实现单点登录   
 
   
 
   

 
   

 
   
接下来,只讲跟本例相关的一些配置,不讲原理,不讲为什么
 
   

 
   
众所周知,在OAuth2在有授权服务器、资源服务器、客户端这样几个角色,当我们用它来实现SSO的时候是不需要资源服务器这个角色的,有授权服务器和客户端就够了。
 
   

 
   
授权服务器当然是用来做认证的,客户端就是各个应用系统,我们只需要登录成功后拿到用户信息以及用户所拥有的权限即可
 
   

 
   
之前我一直认为把那些需要权限控制的资源放到资源服务器里保护起来就可以实现权限控制,其实是我想错了,权限控制还得通过Spring Security或者自定义拦截器来做
 
   

 
   
3.1.  Spring Security 、OAuth2、JWT、SSO
 
   

 
   
在本例中,一定要分清楚这几个的作用
 
   

 
   
首先,SSO是一种思想,或者说是一种解决方案,是抽象的,我们要做的就是按照它的这种思想去实现它
 
   

 
   
其次,OAuth2是用来允许用户授权第三方应用访问他在另一个服务器上的资源的一种协议,它不是用来做单点登录的,但我们可以利用它来实现单点登录。在本例实现SSO的过程中,受保护的资源就是用户的信息(包括,用户的基本信息,以及用户所具有的权限),而我们想要访问这这一资源就需要用户登录并授权,OAuth2服务端负责令牌的发放等操作,这令牌的生成我们采用JWT,也就是说JWT是用来承载用户的Access_Token的
 
   

 
   
最后,Spring Security是用于安全访问的,这里我们我们用来做访问权限控制
 
   

 
   

 
   
 
    

 
    
   04 认证服务器配置   
 
   
 
   

 
   

 
   
4.1.  Maven依赖
 
   

 
   
<?xml version="1.0" encoding="UTF-8"?><project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">    <modelVersion>4.0.0</modelVersion>    <parent>        <groupId>org.springframework.boot</groupId>        <artifactId>spring-boot-starter-parent</artifactId>        <version>2.1.3.RELEASE</version>        <relativePath/> <!-- lookup parent from repository -->    </parent>    <groupId>com.cjs.sso</groupId>    <artifactId>oauth2-sso-auth-server</artifactId>    <version>0.0.1-SNAPSHOT</version>    <name>oauth2-sso-auth-server</name>    <properties>        <java.version>1.8</java.version>    </properties>    <dependencies>        <dependency>            <groupId>org.springframework.boot</groupId>            <artifactId>spring-boot-starter-data-jpa</artifactId>        </dependency>        <dependency>            <groupId>org.springframework.boot</groupId>            <artifactId>spring-boot-starter-data-redis</artifactId>        </dependency>        <dependency>            <groupId>org.springframework.boot</groupId>            <artifactId>spring-boot-starter-security</artifactId>        </dependency>        <dependency>            <groupId>org.springframework.security.oauth.boot</groupId>            <artifactId>spring-security-oauth2-autoconfigure</artifactId>            <version>2.1.3.RELEASE</version>        </dependency>        <dependency>            <groupId>org.springframework.boot</groupId>            <artifactId>spring-boot-starter-thymeleaf</artifactId>        </dependency>        <dependency>            <groupId>org.springframework.boot</groupId>            <artifactId>spring-boot-starter-web</artifactId>        </dependency>        <dependency>            <groupId>org.springframework.session</groupId>            <artifactId>spring-session-data-redis</artifactId>        </dependency>        <dependency>            <groupId>mysql</groupId>            <artifactId>mysql-connector-java</artifactId>            <scope>runtime</scope>        </dependency>        <dependency>            <groupId>org.projectlombok</groupId>            <artifactId>lombok</artifactId>            <optional>true</optional>        </dependency>        <dependency>            <groupId>org.springframework.boot</groupId>            <artifactId>spring-boot-starter-test</artifactId>            <scope>test</scope>        </dependency>        <dependency>            <groupId>org.springframework.security</groupId>            <artifactId>spring-security-test</artifactId>            <scope>test</scope>        </dependency>        <dependency>            <groupId>org.apache.commons</groupId>            <artifactId>commons-lang3</artifactId>            <version>3.8.1</version>        </dependency>        <dependency>            <groupId>com.alibaba</groupId>            <artifactId>fastjson</artifactId>            <version>1.2.56</version>        </dependency>    </dependencies>    <build>        <plugins>            <plugin>                <groupId>org.springframework.boot</groupId>                <artifactId>spring-boot-maven-plugin</artifactId>            </plugin>        </plugins>    </build></project>"UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.1.3.RELEASE</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <groupId>com.cjs.sso</groupId>
    <artifactId>oauth2-sso-auth-server</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>oauth2-sso-auth-server</name>

    <properties>
        <java.version>1.8</java.version>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-jpa</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-redis</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.security.oauth.boot</groupId>
            <artifactId>spring-security-oauth2-autoconfigure</artifactId>
            <version>2.1.3.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-thymeleaf</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.session</groupId>
            <artifactId>spring-session-data-redis</artifactId>
        </dependency>
        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <optional>true</optional>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-test</artifactId>
            <scope>test</scope>
        </dependency>

        <dependency>
            <groupId>org.apache.commons</groupId>
            <artifactId>commons-lang3</artifactId>
            <version>3.8.1</version>
        </dependency>
        <dependency>
            <groupId>com.alibaba</groupId>
            <artifactId>fastjson</artifactId>
            <version>1.2.56</version>
        </dependency>

    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>

</project>
 
   

 
   
这里面最重要的依赖是:spring-security-oauth2-autoconfigure
 
   

 
   
4.2.  application.yml
 
   

 
   
spring:  datasource:    url: jdbc:mysql://localhost:3306/permission    username: root    password: 123456    driver-class-name: com.mysql.jdbc.Driver  jpa:    show-sql: true  session:    store-type: redis  redis:    host: 127.0.0.1    password: 123456    port: 6379server:  port: 8080
    url: jdbc:mysql://localhost:3306/permission
    username: root
    password: 123456
    driver-class-name: com.mysql.jdbc.Driver
  jpa:
    show-sql: true
  session:
    store-type: redis
  redis:
    host: 127.0.0.1
    password: 123456
    port: 6379
server:
  port: 8080
 
   

 
   
4.3. AuthorizationServerConfig(重要)
 
   

 
   
package com.cjs.sso.config;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.context.annotation.Primary;import org.springframework.security.core.token.DefaultToken;import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;import org.springframework.security.oauth2.provider.token.DefaultTokenServices;import org.springframework.security.oauth2.provider.token.TokenStore;import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;import javax.sql.DataSource;/** * @author ChengJianSheng * @date 2019-02-11 */@Configuration@EnableAuthorizationServerpublic class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {    @Autowired    private DataSource dataSource;    @Override    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {        security.allowFormAuthenticationForClients();        security.tokenKeyAccess("isAuthenticated()");    }    @Override    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {        clients.jdbc(dataSource);    }    @Override    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {        endpoints.accessTokenConverter(jwtAccessTokenConverter());        endpoints.tokenStore(jwtTokenStore());//        endpoints.tokenServices(defaultTokenServices());    }    /*@Primary    @Bean    public DefaultTokenServices defaultTokenServices() {        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();        defaultTokenServices.setTokenStore(jwtTokenStore());        defaultTokenServices.setSupportRefreshToken(true);        return defaultTokenServices;    }*/    @Bean    public JwtTokenStore jwtTokenStore() {        return new JwtTokenStore(jwtAccessTokenConverter());    }    @Bean    public JwtAccessTokenConverter jwtAccessTokenConverter() {        JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();        jwtAccessTokenConverter.setSigningKey("cjs");   //  Sets the JWT signing key        return jwtAccessTokenConverter;    }}
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.security.core.token.DefaultToken;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;

import javax.sql.DataSource;

/**
 * @author ChengJianSheng
 * @date 2019-02-11
 */
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

    @Autowired
private DataSource dataSource;

    @Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
        security.allowFormAuthenticationForClients();
        security.tokenKeyAccess("isAuthenticated()");
    }

    @Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.jdbc(dataSource);
    }

    @Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.accessTokenConverter(jwtAccessTokenConverter());
        endpoints.tokenStore(jwtTokenStore());
//        endpoints.tokenServices(defaultTokenServices());
    }

/*@Primary
    @Bean
    public DefaultTokenServices defaultTokenServices() {
        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setTokenStore(jwtTokenStore());
        defaultTokenServices.setSupportRefreshToken(true);
        return defaultTokenServices;
    }*/

    @Bean
public JwtTokenStore jwtTokenStore() {
return new JwtTokenStore(jwtAccessTokenConverter());
    }

    @Bean
public JwtAccessTokenConverter jwtAccessTokenConverter() {
        JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
        jwtAccessTokenConverter.setSigningKey("cjs");   //  Sets the JWT signing key
return jwtAccessTokenConverter;
    }

}
 
   

 
   
说明:
 
   

 
   
  1. 别忘了@EnableAuthorizationServer
  2. Token存储采用的是JWT
  3. 客户端以及登录用户这些配置存储在数据库,为了减少数据库的查询次数,可以从数据库读出来以后再放到内存中
 
   

 
   
4.4.  WebSecurityConfig(重要)
 
   

 
   
package com.cjs.sso.config;import com.cjs.sso.service.MyUserDetailsService;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;import org.springframework.security.config.annotation.web.builders.HttpSecurity;import org.springframework.security.config.annotation.web.builders.WebSecurity;import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;import org.springframework.security.crypto.password.PasswordEncoder;/** * @author ChengJianSheng * @date 2019-02-11 */@Configuration@EnableWebSecuritypublic class WebSecurityConfig extends WebSecurityConfigurerAdapter {    @Autowired    private MyUserDetailsService userDetailsService;    @Override    protected void configure(AuthenticationManagerBuilder auth) throws Exception {        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());    }    @Override    public void configure(WebSecurity web) throws Exception {        web.ignoring().antMatchers("/assets/**", "/css/**", "/images/**");    }    @Override    protected void configure(HttpSecurity http) throws Exception {        http.formLogin()                .loginPage("/login")                .and()                .authorizeRequests()                .antMatchers("/login").permitAll()                .anyRequest()                .authenticated()                .and().csrf().disable().cors();    }    @Bean    public PasswordEncoder passwordEncoder() {        return new BCryptPasswordEncoder();    }}
import com.cjs.sso.service.MyUserDetailsService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

/**
 * @author ChengJianSheng
 * @date 2019-02-11
 */
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
private MyUserDetailsService userDetailsService;

    @Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
    }

    @Override
public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/assets/**", "/css/**", "/images/**");
    }

    @Override
protected void configure(HttpSecurity http) throws Exception {
        http.formLogin()
                .loginPage("/login")
                .and()
                .authorizeRequests()
                .antMatchers("/login").permitAll()
                .anyRequest()
                .authenticated()
                .and().csrf().disable().cors();
    }

    @Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
    }

}
 
   

 
   
4.5.  自定义登录页面(一般来讲都是要自定义的)
 
   

 
   
package com.cjs.sso.controller;import org.springframework.stereotype.Controller;import org.springframework.web.bind.annotation.GetMapping;/** * @author ChengJianSheng * @date 2019-02-12 */@Controllerpublic class LoginController {    @GetMapping("/login")    public String login() {        return "login";    }    @GetMapping("/")    public String index() {        return "index";    }}
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;

/**
 * @author ChengJianSheng
 * @date 2019-02-12
 */
@Controller
public class LoginController {

    @GetMapping("/login")
public String login() {
return "login";
    }

    @GetMapping("/")
public String index() {
return "index";
    }

}
 
   

 
   
自定义登录页面的时候,只需要准备一个登录页面,然后写个Controller令其可以访问到即可,登录页面表单提交的时候method一定要是post,最重要的时候action要跟访问登录页面的url一样
 
   

 
   
千万记住了,访问登录页面的时候是GET请求,表单提交的时候是POST请求,其它的就不用管了
 
   

 
   
<!DOCTYPE html><html xmlns:th="http://www.thymeleaf.org"><head>    <meta charset="utf-8">    <meta http-equiv="X-UA-Compatible" content="IE=edge">    <title>Ela Admin - HTML5 Admin Template</title>    <meta name="description" content="Ela Admin - HTML5 Admin Template">    <meta name="viewport" content="width=device-width, initial-scale=1">    <link type="text/css" rel="stylesheet" th:href="@{/assets/css/normalize.css}">    <link type="text/css" rel="stylesheet" th:href="@{/assets/bootstrap-4.3.1-dist/css/bootstrap.min.css}">    <link type="text/css" rel="stylesheet" th:href="@{/assets/css/font-awesome.min.css}">    <link type="text/css" rel="stylesheet" th:href="@{/assets/css/style.css}"></head><body class="bg-dark"><div class="sufee-login d-flex align-content-center flex-wrap">    <div class="container">        <div class="login-content">            <div class="login-logo">                <h1 style="color: #57bf95;">欢迎来到王者荣耀</h1>            </div>            <div class="login-form">                <form th:action="@{/login}" method="post">                    <div class="form-group">                        <label>Username</label>                        <input type="text" class="form-control" name="username" placeholder="Username">                    </div>                    <div class="form-group">                        <label>Password</label>                        <input type="password" class="form-control" name="password" placeholder="Password">                    </div>                    <div class="checkbox">                        <label>                            <input type="checkbox"> Remember Me                        </label>                        <label class="pull-right">                            <a href="#">Forgotten Password?</a>                        </label>                    </div>                    <button type="submit" class="btn btn-success btn-flat m-b-30 m-t-30" style="font-size: 18px;">登录</button>                </form>            </div>        </div>    </div></div><script type="text/javascript" th:src="@{/assets/js/jquery-2.1.4.min.js}"></script><script type="text/javascript" th:src="@{/assets/bootstrap-4.3.1-dist/js/bootstrap.min.js}"></script><script type="text/javascript" th:src="@{/assets/js/main.js}"></script></body></html>"http://www.thymeleaf.org">
<head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <title>Ela Admin - HTML5 Admin Template</title>
    <meta name="description" content="Ela Admin - HTML5 Admin Template">
    <meta name="viewport" content="width=device-width, initial-scale=1">

    <link type="text/css" rel="stylesheet" th:href="@{/assets/css/normalize.css}">
    <link type="text/css" rel="stylesheet" th:href="@{/assets/bootstrap-4.3.1-dist/css/bootstrap.min.css}">
    <link type="text/css" rel="stylesheet" th:href="@{/assets/css/font-awesome.min.css}">
    <link type="text/css" rel="stylesheet" th:href="@{/assets/css/style.css}">

</head>
<body class="bg-dark">

<div class="sufee-login d-flex align-content-center flex-wrap">
    <div class="container">
        <div class="login-content">
            <div class="login-logo">
                <h1 style="color: #57bf95;">欢迎来到王者荣耀</h1>
            </div>
            <div class="login-form">
                <form th:action="@{/login}" method="post">
                    <div class="form-group">
                        <label>Username</label>
                        <input type="text" class="form-control" name="username" placeholder="Username">
                    </div>
                    <div class="form-group">
                        <label>Password</label>
                        <input type="password" class="form-control" name="password" placeholder="Password">
                    </div>
                    <div class="checkbox">
                        <label>
                            <input type="checkbox"> Remember Me
                        </label>
                        <label class="pull-right">
                            <a href="#">Forgotten Password?</a>
                        </label>
                    </div>
                    <button type="submit" class="btn btn-success btn-flat m-b-30 m-t-30" style="font-size: 18px;">登录</button>
                </form>
            </div>
        </div>
    </div>
</div>


<script type="text/javascript" th:src="@{/assets/js/jquery-2.1.4.min.js}"></script>
<script type="text/javascript" th:src="@{/assets/bootstrap-4.3.1-dist/js/bootstrap.min.js}"></script>
<script type="text/javascript" th:src="@{/assets/js/main.js}"></script>

</body>
</html>
 
   

 
   
4.6.  定义客户端
 
   

 
   
640?wx_fmt=png
 
   

 
   
640?wx_fmt=png
 
   

 
   
4.7.  加载用户
 
   

 
   
登录账户
 
   

 
   
package com.cjs.sso.domain;import lombok.Data;import org.springframework.security.core.GrantedAuthority;import org.springframework.security.core.userdetails.User;import java.util.Collection;/** * 大部分时候直接用User即可不必扩展 * @author ChengJianSheng * @date 2019-02-11 */@Datapublic class MyUser extends User {    private Integer departmentId;   //  举个例子,部门ID    private String mobile;  //  举个例子,假设我们想增加一个字段,这里我们增加一个mobile表示手机号    public MyUser(String username, String password, Collection<? extends GrantedAuthority> authorities) {        super(username, password, authorities);    }    public MyUser(String username, String password, boolean enabled, boolean accountNonExpired, boolean credentialsNonExpired, boolean accountNonLocked, Collection<? extends GrantedAuthority> authorities) {        super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);    }}
import lombok.Data;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.User;

import java.util.Collection;

/**
 * 大部分时候直接用User即可不必扩展
 * @author ChengJianSheng
 * @date 2019-02-11
 */
@Data
public class MyUser extends User {

private Integer departmentId;   //  举个例子,部门ID

private String mobile;  //  举个例子,假设我们想增加一个字段,这里我们增加一个mobile表示手机号

public MyUser(String username, String password, Collection<? extends GrantedAuthority> authorities) {
        super(username, password, authorities);
    }

public MyUser(String username, String password, boolean enabled, boolean accountNonExpired, boolean credentialsNonExpired, boolean accountNonLocked, Collection<? extends GrantedAuthority> authorities) {
        super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
    }
}
 
   

 
   
加载登录账户
 
   

 
   
package com.cjs.sso.service;import com.alibaba.fastjson.JSON;import com.cjs.sso.domain.MyUser;import com.cjs.sso.entity.SysPermission;import com.cjs.sso.entity.SysUser;import lombok.extern.slf4j.Slf4j;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.security.core.authority.SimpleGrantedAuthority;import org.springframework.security.core.userdetails.UserDetails;import org.springframework.security.core.userdetails.UserDetailsService;import org.springframework.security.core.userdetails.UsernameNotFoundException;import org.springframework.security.crypto.password.PasswordEncoder;import org.springframework.stereotype.Service;import org.springframework.util.CollectionUtils;import java.util.ArrayList;import java.util.List;/** * @author ChengJianSheng * @date 2019-02-11 */@Slf4j@Servicepublic class MyUserDetailsService implements UserDetailsService {    @Autowired    private PasswordEncoder passwordEncoder;    @Autowired    private UserService userService;    @Autowired    private PermissionService permissionService;    @Override    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {        SysUser sysUser = userService.getByUsername(username);        if (null == sysUser) {            log.warn("用户{}不存在", username);            throw new UsernameNotFoundException(username);        }        List<SysPermission> permissionList = permissionService.findByUserId(sysUser.getId());        List<SimpleGrantedAuthority> authorityList = new ArrayList<>();        if (!CollectionUtils.isEmpty(permissionList)) {            for (SysPermission sysPermission : permissionList) {                authorityList.add(new SimpleGrantedAuthority(sysPermission.getCode()));            }        }        MyUser myUser = new MyUser(sysUser.getUsername(), passwordEncoder.encode(sysUser.getPassword()), authorityList);        log.info("登录成功!用户: {}", JSON.toJSONString(myUser));        return myUser;    }}
import com.alibaba.fastjson.JSON;
import com.cjs.sso.domain.MyUser;
import com.cjs.sso.entity.SysPermission;
import com.cjs.sso.entity.SysUser;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import org.springframework.util.CollectionUtils;

import java.util.ArrayList;
import java.util.List;

/**
 * @author ChengJianSheng
 * @date 2019-02-11
 */
@Slf4j
@Service
public class MyUserDetailsService implements UserDetailsService {

    @Autowired
private PasswordEncoder passwordEncoder;

    @Autowired
private UserService userService;

    @Autowired
private PermissionService permissionService;

    @Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        SysUser sysUser = userService.getByUsername(username);
if (null == sysUser) {
log.warn("用户{}不存在", username);
throw new UsernameNotFoundException(username);
        }
        List<SysPermission> permissionList = permissionService.findByUserId(sysUser.getId());
        List<SimpleGrantedAuthority> authorityList = new ArrayList<>();
if (!CollectionUtils.isEmpty(permissionList)) {
for (SysPermission sysPermission : permissionList) {
                authorityList.add(new SimpleGrantedAuthority(sysPermission.getCode()));
            }
        }

        MyUser myUser = new MyUser(sysUser.getUsername(), passwordEncoder.encode(sysUser.getPassword()), authorityList);

log.info("登录成功!用户: {}", JSON.toJSONString(myUser));

return myUser;
    }
}
 
   

 
   
4.8.  验证
 
   

 
   
640?wx_fmt=png
 
   

 
   
当我们看到这个界面的时候,表示认证服务器配置完成  
 
   

 
   

 
   
 
    

 
    
   05 两个客户端   
 
   
 
   

 
   

 
   
5.1.  Maven依赖
 
   

 
   
<?xml version="1.0" encoding="UTF-8"?><project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">    <modelVersion>4.0.0</modelVersion>    <parent>        <groupId>org.springframework.boot</groupId>        <artifactId>spring-boot-starter-parent</artifactId>        <version>2.1.3.RELEASE</version>        <relativePath/> <!-- lookup parent from repository -->    </parent>    <groupId>com.cjs.sso</groupId>    <artifactId>oauth2-sso-client-member</artifactId>    <version>0.0.1-SNAPSHOT</version>    <name>oauth2-sso-client-member</name>    <description>Demo project for Spring Boot</description>    <properties>        <java.version>1.8</java.version>    </properties>    <dependencies>        <dependency>            <groupId>org.springframework.boot</groupId>            <artifactId>spring-boot-starter-data-jpa</artifactId>        </dependency>        <dependency>            <groupId>org.springframework.boot</groupId>            <artifactId>spring-boot-starter-oauth2-client</artifactId>        </dependency>        <dependency>            <groupId>org.springframework.boot</groupId>            <artifactId>spring-boot-starter-security</artifactId>        </dependency>        <dependency>            <groupId>org.springframework.security.oauth.boot</groupId>            <artifactId>spring-security-oauth2-autoconfigure</artifactId>            <version>2.1.3.RELEASE</version>        </dependency>        <dependency>            <groupId>org.springframework.boot</groupId>            <artifactId>spring-boot-starter-thymeleaf</artifactId>        </dependency>        <dependency>            <groupId>org.thymeleaf.extras</groupId>            <artifactId>thymeleaf-extras-springsecurity5</artifactId>            <version>3.0.4.RELEASE</version>        </dependency>        <dependency>            <groupId>org.springframework.boot</groupId>            <artifactId>spring-boot-starter-web</artifactId>        </dependency>        <dependency>            <groupId>com.h2database</groupId>            <artifactId>h2</artifactId>            <scope>runtime</scope>        </dependency>        <dependency>            <groupId>org.projectlombok</groupId>            <artifactId>lombok</artifactId>            <optional>true</optional>        </dependency>        <dependency>            <groupId>org.springframework.boot</groupId>            <artifactId>spring-boot-starter-test</artifactId>            <scope>test</scope>        </dependency>        <dependency>            <groupId>org.springframework.security</groupId>            <artifactId>spring-security-test</artifactId>            <scope>test</scope>        </dependency>    </dependencies>    <build>        <plugins>            <plugin>                <groupId>org.springframework.boot</groupId>                <artifactId>spring-boot-maven-plugin</artifactId>            </plugin>        </plugins>    </build></project>"UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.1.3.RELEASE</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <groupId>com.cjs.sso</groupId>
    <artifactId>oauth2-sso-client-member</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>oauth2-sso-client-member</name>
    <description>Demo project for Spring Boot</description>

    <properties>
        <java.version>1.8</java.version>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-jpa</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-oauth2-client</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.security.oauth.boot</groupId>
            <artifactId>spring-security-oauth2-autoconfigure</artifactId>
            <version>2.1.3.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-thymeleaf</artifactId>
        </dependency>
        <dependency>
            <groupId>org.thymeleaf.extras</groupId>
            <artifactId>thymeleaf-extras-springsecurity5</artifactId>
            <version>3.0.4.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <dependency>
            <groupId>com.h2database</groupId>
            <artifactId>h2</artifactId>
            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <optional>true</optional>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-test</artifactId>
            <scope>test</scope>
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>

</project>
 
   

 
   
5.2.  application.yml
 
   

 
   
server:  port: 8082  servlet:    context-path: /memberSystemsecurity:  oauth2:    client:      client-id: UserManagement      client-secret: user123      access-token-uri: http://localhost:8080/oauth/token      user-authorization-uri: http://localhost:8080/oauth/authorize    resource:      jwt:        key-uri: http://localhost:8080/oauth/token_key8082
  servlet:
    context-path: /memberSystem
security:
  oauth2:
    client:
      client-id: UserManagement
      client-secret: user123
      access-token-uri: http://localhost:8080/oauth/token
      user-authorization-uri: http://localhost:8080/oauth/authorize
    resource:
      jwt:
        key-uri: http://localhost:8080/oauth/token_key
 
   

 
   
640?wx_fmt=png
 
   

 
   
这里context-path不要设成/,不然重定向获取code的时候回被拦截
 
   

 
   
5.3.  WebSecurityConfig
 
   

 
   
package com.cjs.example.config;import com.cjs.example.util.EnvironmentUtils;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;import org.springframework.context.annotation.Configuration;import org.springframework.security.config.annotation.web.builders.HttpSecurity;import org.springframework.security.config.annotation.web.builders.WebSecurity;import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;/** * @author ChengJianSheng * @date 2019-03-03 */@EnableOAuth2Sso@Configurationpublic class WebSecurityConfig extends WebSecurityConfigurerAdapter {    @Autowired    private EnvironmentUtils environmentUtils;    @Override    public void configure(WebSecurity web) throws Exception {        web.ignoring().antMatchers("/bootstrap/**");    }    @Override    protected void configure(HttpSecurity http) throws Exception {        if ("local".equals(environmentUtils.getActiveProfile())) {            http.authorizeRequests().anyRequest().permitAll();        }else {            http.logout().logoutSuccessUrl("http://localhost:8080/logout")                    .and()                    .authorizeRequests()                    .anyRequest().authenticated()                    .and()                    .csrf().disable();        }    }}
import com.cjs.example.util.EnvironmentUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;


/**
 * @author ChengJianSheng
 * @date 2019-03-03
 */
@EnableOAuth2Sso
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
private EnvironmentUtils environmentUtils;

    @Override
public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/bootstrap/**");
    }

    @Override
protected void configure(HttpSecurity http) throws Exception {
if ("local".equals(environmentUtils.getActiveProfile())) {
            http.authorizeRequests().anyRequest().permitAll();
        }else {
            http.logout().logoutSuccessUrl("http://localhost:8080/logout")
                    .and()
                    .authorizeRequests()
                    .anyRequest().authenticated()
                    .and()
                    .csrf().disable();
        }
    }
}
 
   

 
   
说明:
 
   

 
   
  1. 最重要的注解是@EnableOAuth2Sso
  2. 权限控制这里采用Spring Security方法级别的访问控制,结合Thymeleaf可以很容易做权限控制
  3. 顺便多提一句,如果是前后端分离的话,前端需求加载用户的权限,然后判断应该显示那些按钮那些菜单
 
   

 
   
5.4.  MemberController
 
   

 
   
package com.cjs.example.controller;import org.springframework.security.access.prepost.PreAuthorize;import org.springframework.security.core.Authentication;import org.springframework.stereotype.Controller;import org.springframework.web.bind.annotation.GetMapping;import org.springframework.web.bind.annotation.PostMapping;import org.springframework.web.bind.annotation.RequestMapping;import org.springframework.web.bind.annotation.ResponseBody;import java.security.Principal;/** * @author ChengJianSheng * @date 2019-03-03 */@Controller@RequestMapping("/member")public class MemberController {    @GetMapping("/list")    public String list() {        return "member/list";    }    @GetMapping("/info")    @ResponseBody    public Principal info(Principal principal) {        return principal;    }    @GetMapping("/me")    @ResponseBody    public Authentication me(Authentication authentication) {        return authentication;    }    @PreAuthorize("hasAuthority('member:save')")    @ResponseBody    @PostMapping("/add")    public String add() {        return "add";    }    @PreAuthorize("hasAuthority('member:detail')")    @ResponseBody    @GetMapping("/detail")    public String detail() {        return "detail";    }}
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

import java.security.Principal;

/**
 * @author ChengJianSheng
 * @date 2019-03-03
 */
@Controller
@RequestMapping("/member")
public class MemberController {

    @GetMapping("/list")
public String list() {

return "member/list";
    }

    @GetMapping("/info")
    @ResponseBody
public Principal info(Principal principal) {
return principal;
    }

    @GetMapping("/me")
    @ResponseBody
public Authentication me(Authentication authentication) {
return authentication;
    }

    @PreAuthorize("hasAuthority('member:save')")
    @ResponseBody
    @PostMapping("/add")
public String add() {

return "add";
    }

    @PreAuthorize("hasAuthority('member:detail')")
    @ResponseBody
    @GetMapping("/detail")
public String detail() {
return "detail";
    }
}
 
   

 
   
5.5. Order项目跟它是一样的
 
   

 
   
server:  port: 8083  servlet:    context-path: /orderSystemsecurity:  oauth2:    client:      client-id: OrderManagement      client-secret: order123      access-token-uri: http://localhost:8080/oauth/token      user-authorization-uri: http://localhost:8080/oauth/authorize    resource:      jwt:        key-uri: http://localhost:8080/oauth/token_key8083
  servlet:
    context-path: /orderSystem
security:
  oauth2:
    client:
      client-id: OrderManagement
      client-secret: order123
      access-token-uri: http://localhost:8080/oauth/token
      user-authorization-uri: http://localhost:8080/oauth/authorize
    resource:
      jwt:
        key-uri: http://localhost:8080/oauth/token_key
 
   

 
   
5.6.  关于退出
 
   

 
   
退出就是清空用于与SSO客户端建立的所有的会话,简单的来说就是使所有端点的Session失效,如果想做得更好的话可以令Token失效,但是由于我们用的JWT,故而撤销Token就不是那么容易,关于这一点,在官网上也有提到:
 
   

 
   
640?wx_fmt=png
 
   

 
   
本例中采用的方式是在退出的时候先退出业务服务器,成功以后再回调认证服务器,但是这样有一个问题,就是需要主动依次调用各个业务服务器的logout
 
   

 
   

 
   
 
    

 
    
   06 工程结构   
 
   
 
   

 
   

 
   
640?wx_fmt=png
 
   

 
   
附上源码:  https://github.com/chengjiansheng/cjs-oauth2-sso-demo.git
 
   

 
   

 
   
 
    

 
    
   07 演示   
 
   
 
   

 
   

 
   
640?wx_fmt=png
 
   

 
   

 
   
 
    

 
    
   08 参考   
 
   
 
   

 
   

 
   
640?wx_fmt=png
 
   

 
   
 
    

 
    
   09 文档   
 
   
 
   

 
   

 
   
640?wx_fmt=png
 
   
640?wx_fmt=jpeg
 
   

 
   
说说你对单点登录的理解?
 
   

 
   
欢迎在留言区留下你的观点,一起讨论提高。如果今天的文章让你有新的启发,学习能力的提升上有新的认识,欢迎转发分享给更多人。
 
   

 
   
欢迎各位读者加入程序员小乐技术群,在公众号后台回复“加群”或者“学习”即可。
 
   
640?wx_fmt=png
 
   

 
   
猜你还想看
 
   

 
   
阿里、腾讯、百度、华为、京东最新面试题汇集
 
   
据说,这是史上最全的 Spring Boot 知识清单
 
   
切换到Linux工作,世界更美好
 
   
10年前被删的初恋,凌晨1点突然加我…
 
   
详细介绍!Linux 上几种常用的文件传输方式
 
   
不是每一个人都需要掌握一键登录!除非......
 
   

 
   
640?wx_fmt=png
 
   
关注「程序员小乐」,收看更多精彩内容
 
  
 
 
 


                

        

        

    

  


    

      

        

            

              
                
                  吧主
                
              
            

            

                关注
              
            

        

        

          
      

      









                



	

		

			

				
					
OAuth2实现单点登录SSO完整教程,其实不难!

				
			

			

				

					猿码天地
				

				

					03-29
					
					1024
					
				

			

		

		

			
				
我是猿人,一个热爱技术、热爱编程的IT猿。技术是开源的,知识是共享的!写作是对自己学习的总结和记录,如果您对 Java、分布式、微服务、中间件、Spring Boot、Spring Clo...

			
		

	



                

              
                



	

		

			

				
					
java oauth2.0单点登录_基于spring-security-oauth2实现单点登录(持续更新)

				
			

			

				

					weixin_39711721的博客
				

				

					02-17
					
					1348
					
				

			

		

		

			
				
基于spring-security-oauth2-实现单点登录文章代码地址:链接描述可以下载直接运行,基于springboot2.1.5,springcloud Greenwich版本实现。前面两篇写了认证oauth2通过内存还有jdbc实现认证中心。接下来我们采用oauth2实现管理系统的单点登录。说到这里,需要介绍几个注解:@EnableAuthorizationServer  该注解用来开启...

			
		

	



                


  
              

                


	

		

			

				
					
单点登录的流程图

				
			

			

				

					03-09
				

			

		

		

			
				
单点登录时我们常见的功能。
网站不可或缺
工作中遗留的文档,上传和大家分享。希望大家喜欢。
单域名和跨域名的单点登录基础逻辑。

			
		

	





	

		

			

				
					
OAuth2实现单点登录SSO

				
			

			

				

					weixin_34226182的博客
				

				

					03-21
					
					3383
					
				

			

		

		

			
				
1. 前言技术这东西吧,看别人写的好像很简单似的,到自己去写的时候就各种问题,“一看就会,一做就错”。网上关于实现SSO的文章一大堆,但是当你真的照着写的时候就会发现根本不是那么回事儿,简直让人抓狂,尤其是对于我这样的菜鸟。几经曲折,终于搞定了,决定记录下来,以便后续查看。先来看一下效果2. 准备2.1. 单点登录最常见的例子是,我们打开淘宝APP,首页就会有天猫、聚划算等服务的链接,当你点击以后...

			
		

	



		

			
		



	

		

			

				
					
【一图学技术】9.OAuth2.0授权框架&SSO单点登录图解及关系区别、使用场景

					
最新发布

				
			

			

				

					A-Itfuture的博客
				

				

					08-14
					
					1409
					
				

			

		

		

			
				
SSO单点登录)和OAuth 2.0是两种在身份验证和授权领域中常用的技术,它们各自有不同的概念、使用场景以及它们之间的关系和区别。
关系: 
SSOOAuth 2.0都关注身份认证和授权,致力于提高安全性和用户体验,在实际应用中,可能会根据具体需求结合使用。
技术区别:
SSO是一种思想或解决方案,更侧重于提供单一登录凭证来优化用户体验,而OAuth 2.0是一个具体的协议,侧重于为第三方应用提供灵活的授权访问。此外,SSO通常用于内部系统的整合,而OAuth 2.0则广泛用于第三方应用与平台的集成。

			
		

	





	

		

			

				
					
开源OAuth2框架 实现SSO单点登录

				
			

			

				

					zetor的专栏
				

				

					10-12
					
					3380
					
				

			

		

		

			
				
一、概述:

本文旨在使用Tkey开源架构 实现单点登录系统。

1. TKey:以 OAuth 2.0 标准为接口设计原则的单点登录系统(SSO)

纯粹的 HTTP,任意设备、任意场景
	跨域无状态,随意横向扩展,服务高可用
2. 选择tkey:

Tkey为开源框架,使用方便,易于扩展,完成度高,文档详细。

下载及文档请参考地址:

Github:https://github.com/cdk8s/tkey
	Gitee:https://gitee.com/cdk8s/tkey
二、实现单点登录服..

			
		

	





	

		

			

				
					
企业级java b2bc商城系统开源源码二次开发-SSO单点登录OAuth2.0 根据token获取用户信息

				
			

			

				

					weixin_45821812的博客
				

				

					02-17
					
					283
					
				

			

		

		

			
				
上一篇我根据框架中OAuth2.0的使用总结,画了SSO单点登录OAuth2.0 登出流程,今天我们看一下根据用户token获取yoghurt信息的流程:

      /** 
 * 根据token获取用户信息 
 * @param accessToken 
 * @return 
 * @throws Exception 
 */  
@RequestMapping(value = "/us...

			
		

	





	

		

			

				
					
Oauth2方式实现单点登录

					
热门推荐

				
			

			

				

					田培融的博客
				

				

					07-30
					
					1万+
					
				

			

		

		

			
				
下面先简单介绍一下Oauth2的原理
Oauth2是什么?
Oauth2是一种授权机制,用来授权给第三方应用,获取用户数据。
Oauth2是什么的解释 这是阮一峰老师的解释,因此解释的比较好了,就不在此重复了。
Oauth2 的原理
Oauth2 有四种授权模型  授权码,隐藏式,密码式,凭证式 目前主流的形式是授权码方式。  我们项目中使用的也是授权码方式。 这里就只介绍一下授权码方式 。
授权码方式
这块的内容完全是引用于Oauth2原理  只是为了方便大家截阅读不用在来回跳转。 其他的几种方式可以去这

			
		

	





	

		

			

				
					
模拟OAuth2 单点登录

				
			

			

				

					09-05
				

			

		

		

			
				
当你提到“模拟OAuth2 单点登录的java代码实现”时,我们可以探讨以下几个关键知识点:  1. **OAuth2 授权流程**:  OAuth2 提供了四种授权类型:授权码(Authorization Code)、隐式(Implicit)、密码(Resource ...

			
		

	





	

		

			

				
					
OAuth2.0实现单点登录

				
			

			

				

					GSON的博客
				

				

					06-11
					
					3413
					
				

			

		

		

			
				
在一开始的时候,应用服务器(客户端通过访问自己的应用服务器来进而访问其他服务)和验证服务器之间会共享一个 secret,这个东西没有其他人知道,而验证服务器在用户验证完成之后,会返回一个授权码,应用服务器最后将授权码和 secret 一起交给验证服务器进行验证,并且 Token 也是在服务端之间传递,不会直接给到客户端。首先用户访问页面时,会重定向到认证服务器,接着认证服务器给用户一个认证页面,等待用户授权,用户填写信息完成授权后,认证服务器返回 Token。

			
		

	





	

		

			

				
					
基于JWT实现SSO单点登录流程图解

				
			

			

				

					08-18
				

			

		

		

			
				
基于JWT实现SSO单点登录流程图解  基于JWT实现SSO单点登录流程图解是指使用JSON Web Token(JWT)来实现单点登录SSO)的机制。在这种机制中,用户只需要登录一次,就可以访问多个应用服务器上的资源,而不需要再次...

			
		

	





	

		

			

				
					
单点登录流程图

				
			

			

				

					12-06
				

			

		

		

			
				
单点登录设计,详细流程图。没有跨域名,使用二级域名共享机制实现

			
		

	





	

		

			

				
					
SSO单点登录流程图分析

				
			

			

				

					05-11
				

			

		

		

			
				
sso单点登录系统)简单说就是客户端第一次访问应用1的时候,由于没有登录,会被引导到登录页面进行登录,如果登录校验通过,将返回一个认证信息ticket,作为认证凭据。下次客户端访问应用2的时候,发送的url请求会携带着ticket作为自己的认证

			
		

	





	

		

			

				
					
SSO 单点登录解决方案 设计流程图

				
			

			

				

					07-28
				

			

		

		

			
				
软件设计方案,包括流程图 时序图,以及token 的介绍和生成规则

			
		

	





	

		

			

				
					
oauth2.0--基础--05--单点登陆设计

				
			

			

				

					zhou920786312的博客
				

				

					11-02
					
					440
					
				

			

		

		

			
				
1、介绍

框架:spring sercurity+oauth2.0+JWT
认证服务器和资源服务器在同一台机器(网关)
密码授权模式

去掉客户端信息表
去掉用户授权表



2、代码
2.1、结构

AuthorizationServer

OauthCanstant

ResouceServerConfig

TokenConfig

WebSecurityConfig

LoginController

UserDao

SpringDataUserDetailsService

applicati

			
		

	





	

		

			

				
					
单点登录流程图:

				
			

			

				

					赵亮的专栏
				

				

					05-06
					
					2692
					
				

			

		

		

			
				
关键点 :由于浏览器同源策略机制,cookie跨域访问是关键,可以通过JSONP的方式解决cookie跨域。


			
		

	





	

		

			

				
					
单点登录原理与简单实现

				
			

			

				

					芋艿V
				

				

					02-24
					
					228
					
				

			

		

		

			
				
点击上方“芋道源码”,选择“设为星标”管她前浪,还是后浪?能浪的浪,才是好浪!每天 8:55 更新文章,每天掉亿点点头发...源码精品专栏原创 | Java 2020 超神之路,很肝~中...

			
		

	





	

		

			

				
					
oauth2.0与单点登录

				
			

			

				

					weixin_40482816的博客
				

				

					02-26
					
					1万+
					
				

			

		

		

			
				
1、什么是 OAuth2.0

OAuth 是一个开放标准,该标准允许用户让第三方应用访问该用户在某一网站上存储的私密资源(如头像、照片、视频等),而在这个过程中无需将用户名和密码提供给第三方应用。实现这一功能是通过提供一个令牌(token),而不是用户名和密码来访问他们存放在特定服务提供者的数据。采用令牌(token)的方式可以让用户灵活的对第三方应用授权或者收回权限。

OAuth2.0 是 OAuth 协议的下一版本,但不向下兼容 OAuth 1.0。传统的 Web 开发登录认证一般都是基于 sess

			
		

	





	

		

			

				
					
单点登录流程

				
			

			

				

					YeahToYeah的博客
				

				

					06-25
					
					653
					
				

			

		

		

			
				
单点登录
单点登录流程图如下

这里省略Oauth2,想了解点击Oauth2

用户访问两个系统的主要流程如下

用户访问两个系统的主要流程如下
1.用户访问系统1,发现未登录,则会重定向到授权中心,然后用户输入账号密码,确认通过后返回code,然后通过code获取token
2.用户访问系统2,发现未登登录,则会重定向到授权中心,发现授权中心已登录,则直接返回code,然后通过code获取token


知是行之始,行是知之成 !


...

			
		

	





	

		

			

				
					

				
			

			

				

					
				

			

		

		

			
				

			
		

	



              




          




        



    





    



      

      

        
      

      





	

		
评论 1

	

	
	




  

    

      添加红包
      
    

    

      

        
        

          
          
        

        
请填写红包祝福语或标题

      

      

        
        

          
          
        

        
红包个数最小为10个

      

      

        
        

          
          
        

        
红包金额最低5元

      

      

        
        

          当前余额3.43前往充值 >
        

      

      

        

          需支付:10.00

        
        
      

    

  





  

    
    
  

  

    
    
  








  

    

      

        

          

            
            
成就一亿技术人!

          

          

        

        

          

          

            领取后你会自动成为博主和红包主的粉丝
            规则
          

        

      

      

        

          

            
              
            
            

              
hope_wisdom
 发出的红包
            

          

        

        

          

          

          

        

      

    

    

  



      
      

      
实付

      
使用余额支付

      

        

          

            
            点击重新获取
          

        

        
扫码支付

      

      

        
          
            
          
          
        
      

      

        
        钱包余额
          0
          

            
            

              

                
抵扣说明:

                
 1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
 2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

              

            

          

      

      余额充值