Shulou(Shulou.com)06/02 Report--

It is believed that many inexperienced people do not know what to do about how to realize the SSO function of the public components of Yi Shui. therefore, this paper summarizes the causes and solutions of the problem. I hope you can solve this problem through this article.

Nowadays, with the development of Internet technology, the scale of network users is getting larger and larger. If every application of the company establishes a user system, it will not only greatly increase the workload of development, but also easily form an isolated island of information. Users need to register again when using each of the company's products. Therefore, in order to manage uniformly, many companies have established a unified authentication center, other applications need to obtain user information through single sign-on, and users do not need to re-register when they log on to other applications of the company. greatly save the company user import costs, but also improve the user experience.

For single sign-on (SSO), now the technology is more mature, there are many online tutorials, but many articles are not comprehensive, here based on the simple and clear introduction of spring security, how to achieve single sign-on function.

Before using single sign-on, you need to set up an authentication authority, for example, to quickly build your own authentication authority through the public components of Yi Shui, or you can use an existing authentication authority on the Internet, such as Google or github.

Add dependencies to the pom file

The complete pom file is as follows:

4.0.0 org.springframework.boot spring-boot-starter-parent 2.2.0.RELEASE com.yishuifengxiao.sso-client demo 0.0.1-SNAPSHOT demo Demo project for Spring Boot 1.8 org.springframework.boot spring-boot-starter-oauth3-client Org.springframework.boot spring-boot-starter-security org.springframework.boot spring-boot-starter-web org.projectlombok lombok true org.springframework.boot spring-boot- Maven-plugin II join configuration information

Add the following information to the configuration file

The name of the login type displayed on the spring.security.oauth3.client.registration.yishui.provider=yishui# login interface, but do not enter the spring.security.oauth3.client.registration.yishui.client-name=custom# corresponding clientIdspring.security.oauth3.client.registration.yishui.client-id=zhiyubujian# for the user and the corresponding clientSecretspring.security.oauth3.client.registration.yishui.client-secret=zhiyubujian# for the user. Here, the value is set to authorization_code. Indicates that the tokenspring.security.oauth3.client.registration.yishui.authorization-grant-type=authorization_code# callback address is obtained from the authorization server using the authorization code mode, which should be exactly the same as the callback address registered in the authorization server, otherwise it will make an error and wildcards are supported. You can also be configured as the complete address spring.security.oauth3.client.registration.yishui.redirect-uri= {baseUrl} / login/oauth3/code/ {registrationId} # spring.security.oauth3.client.registration.yishui.redirect-uri= http://192.168.0.172:8006/oauth3/code# license server authorization address spring.security.oauth3.client.provider.yishui.authorization-uri= http://192.168.0.172:8000/oauth/authorize# as follows The authorization server obtains the address of the token, the address of the spring.security.oauth3.client.provider.yishui.token-uri= http://192.168.0.172:8000/oauth/token# authorization server, the spring.security.oauth3.client.provider.yishui.user-info-uri= http://192.168.0.172:8000/me# value of the login user information. Must be configured, or there will be an error, spring.security.oauth3.client.provider.yishui.user-name-attribute=userAuthentication

Note:

The yishui in the above configuration can be any value, but it is generally best to have an identifiable value. For example, when logging in with a google account, you can configure it as follows:

Spring: security: oauth3: client: registration: google: client-id: google-client-id client-secret: google-client-secret three configuration startup file @ SpringBootApplication@RestController//@EnableOAuth3Ssopublic class DemoApplication {@ GetMapping ("/ me") public Authentication user (Authentication authentication) {return authentication } @ GetMapping ("/") public String index (Model model, @ RegisteredOAuth3AuthorizedClient OAuth3AuthorizedClient authorizedClient, @ AuthenticationPrincipal OAuth3User oauth3User) {model.addAttribute ("userName", oauth3User.getName ()); model.addAttribute ("clientName", authorizedClient.getClientRegistration (). GetClientName ()); model.addAttribute ("userAttributes", oauth3User.getAttributes ()); return "index" } public static void main (String [] args) {SpringApplication.run (DemoApplication.class, args);}} four uses single sign-on

After completing the above configuration, we can use the single sign-on feature.

For example, when we want to access http://localhost:8080/me, the system redirects to the default login page

Note: the default login page is displayed here. If you want to display a custom login interface, you can modify and beautify it by referring to the relevant sections in the common components of Yi Shui.

Click the login link above to jump to the login page of the authorization server

After entering a user name and password on this page, the request will be redirected to the original request address

The response results are as follows:

After reading the above, have you mastered the method of how to realize the SSO function of the common component of Yi Shui? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.