详解基于Spring Cloud几行配置完成单点登录开发

单点登录概念

单点登录（Single Sign On），简称为 SSO，是目前比较流行的企业业务整合的解决方案之一。SSO的定义是在多个应用系统中，用户只需要登录一次就可以访问所有相互信任的应用系统。登录逻辑如上图

基于Spring 全家桶的实现

技术选型：

1. Spring Boot

2. Spring Cloud

3. Spring Security oAuth2

客户端：

maven依赖

<dependency>
 <groupId>org.springframework.boot</groupId>
 <artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
 <groupId>org.springframework.boot</groupId>
 <artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
 <groupId>org.springframework.security.oauth</groupId>
 <artifactId>spring-security-oauth2</artifactId>
</dependency>
<dependency>
 <groupId>org.springframework.security</groupId>
 <artifactId>spring-security-jwt</artifactId>
</dependency>

EnableOAuth2Sso 注解

入口类配置@@EnableOAuth2Sso

@SpringBootApplication
public class PigSsoClientDemoApplication {

public static void main(String[] args) {
   SpringApplication.run(PigSsoClientDemoApplication.class, args);
 }

}

配置文件

security:
oauth2:
 client:
  client-id: pig
  client-secret: pig
  user-authorization-uri: http://localhost:3000/oauth/authorize
  access-token-uri: http://localhost:3000/oauth/token
  scope: server
 resource:
  jwt:
   key-uri: http://localhost:3000/oauth/token_key
sessions: never

SSO认证服务器

认证服务器配置

@Configuration
@Order(Integer.MIN_VALUE)
@EnableAuthorizationServer
public class PigAuthorizationConfig extends AuthorizationServerConfigurerAdapter {
 @Override
 public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
   clients.inMemory()
       .withClient(authServerConfig.getClientId())
       .secret(authServerConfig.getClientSecret())
       .authorizedGrantTypes(SecurityConstants.REFRESH_TOKEN, SecurityConstants.PASSWORD,SecurityConstants.AUTHORIZATION_CODE)
       .scopes(authServerConfig.getScope());
 }

@Override
 public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
   endpoints
       .tokenStore(new RedisTokenStore(redisConnectionFactory))
       .accessTokenConverter(jwtAccessTokenConverter())
       .authenticationManager(authenticationManager)
       .exceptionTranslator(pigWebResponseExceptionTranslator)
       .reuseRefreshTokens(false)
       .userDetailsService(userDetailsService);
 }

@Override
 public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
   security
       .allowFormAuthenticationForClients()
       .tokenKeyAccess("isAuthenticated()")
       .checkTokenAccess("permitAll()");
 }

@Bean
 public PasswordEncoder passwordEncoder() {
   return new BCryptPasswordEncoder();
 }

@Bean
 public JwtAccessTokenConverter jwtAccessTokenConverter() {
   JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
   jwtAccessTokenConverter.setSigningKey(CommonConstant.SIGN_KEY);
   return jwtAccessTokenConverter;
 }
}

来源：https://juejin.im/post/5a6e771e5188253dc3323b6b