springboot oauth2实现单点登录实例

下面我将详细讲解如何使用Spring Boot OAuth2实现单点登录的完整攻略。主要分为以下几个步骤：

第一步：创建OAuth2授权服务器

在Spring Boot中实现OAuth2授权服务器需要通过添加spring-boot-starter-oauth2-server依赖来完成。具体实现步骤如下：

1. 添加maven依赖

<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-oauth2-server</artifactId>
</dependency>

1. 在application.yml中配置OAuth2服务器

spring:
  security:
    oauth2:
      client:
        registration:
          my-client: # 客户端名称，可以自己定义
            client-id: my-client-id
            client-secret: my-client-secret
            client-authentication-method: post
            authorization-grant-type: authorization_code
            redirect-uri-template: '{baseUrl}/login/oauth2/code/{registrationId}'
            scope: openid,profile,email
        provider:
          my-provider:
            authorize-uri: https://my-provider.com/oauth2/authorize # 授权地址
            token-uri: https://my-provider.com/oauth2/token # Token地址
            user-info-uri: https://my-provider.com/oauth2/userinfo # 获取用户信息地址
      resource:
        token-info-uri: https://my-provider.com/oauth2/introspect # JWT Token校验地址

1. 创建OAuth2授权服务器

@Configuration
@EnableAuthorizationServer
public class OAuth2AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private DataSource dataSource;

    @Bean
    public TokenStore tokenStore() {
        return new JdbcTokenStore(dataSource);
    }

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.jdbc(dataSource);
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.authenticationManager(authenticationManager).userDetailsService(userDetailsService)
                .tokenStore(tokenStore());
    }

}

第二步：创建资源服务器

创建资源服务器需要使用spring-boot-starter-security和spring-boot-starter-oauth2-resource-server依赖，具体实现步骤如下：

1. 添加maven依赖

<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-security</artifactId>
</dependency>

<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>

1. 配置资源服务器

spring:
  security:
    oauth2:
      resourceserver:
        jwt:
          issuer-uri: https://my-provider.com/oauth2/token # JWT管理服务器地址

1. 创建资源服务器

@Configuration
@EnableResourceServer
public class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests(authorizeRequests -> authorizeRequests.anyRequest().authenticated());
    }

}

第三步：编写客户端

客户端需要使用spring-security-oauth2-client，具体实现步骤如下：

1. 添加maven依赖

<dependency>
  <groupId>org.springframework.security.oauth.boot</groupId>
  <artifactId>spring-security-oauth2-autoconfigure</artifactId>
</dependency>

1. 创建OAuth2登录控制器

@Controller
public class OAuth2LoginController {

    @GetMapping("/login/oauth2/code/{registrationId}")
    public String oauth2LoginSuccess(WebRequest request, Authentication authentication) {
        // 处理登录成功逻辑
        return "redirect:/";
    }

    @ExceptionHandler(AccessDeniedException.class)
    public String handleAccessDeniedException() {
        return "redirect:/login";
    }

}

1. 配置客户端

spring:
  security:
    oauth2:
      client:
        registration:
          my-client: # 客户端名称，与授权服务器配置一致
            client-id: my-client-id
            client-secret: my-client-secret
            client-authentication-method: post
            authorization-grant-type: authorization_code
            redirect-uri: '{baseUrl}/login/oauth2/code/{registrationId}'
            scope: openid,profile,email
        provider:
          my-provider:
            authorization-uri: https://my-provider.com/oauth2/authorize # 授权地址
            token-uri: https://my-provider.com/oauth2/token # Token地址
            user-info-uri: https://my-provider.com/oauth2/userinfo # 获取用户信息地址

示例一：使用Google进行单点登录

以使用Google进行单点登录为例，具体实现步骤如下：

1. 获取Google开发者账号和秘钥

2. 在Google开发者控制台中创建OAuth2客户端

3. 将Google客户端配置插入application.yml文件

spring:
  security:
    oauth2:
      client:
        registration:
          google:
            client-id: GOOGLE_CLIENT_ID
            client-secret: GOOGLE_CLIENT_SECRET
            client-authentication-method: post
            authorization-grant-type: authorization_code
            redirect-uri-template: 'http://localhost:8080/login/oauth2/code/google'
            scope: openid,profile,email
        provider:
          google:
            issuer-uri: https://accounts.google.com

1. 在登录页面中添加Google登录按钮

<a href="/oauth2/authorization/google">Google登录</a>

1. 在OAuth2LoginController中进行Google授权成功处理

@GetMapping("/login/oauth2/code/google")
public String authorize(@AuthenticationPrincipal OAuth2User oauth2User, WebRequest request) {
    // 获取用户信息
    String openid = oauth2User.getAttribute("openid");
    String name = oauth2User.getAttribute("name");
    String email = oauth2User.getAttribute("email");
    // TODO 处理用户信息...
    return "redirect:/";
}

示例二：使用自定义OAuth2服务器进行单点登录

以使用自己的OAuth2服务器进行单点登录为例，具体实现步骤如下：

1. 配置OAuth2服务器

参考第一步

1. 配置OAuth2资源服务器

参考第二步

1. 创建客户端

参考第三步

1. 在登录页面中添加自定义OAuth2登录按钮

<a href="/oauth2/authorization/my-client">自定义OAuth2服务器登录</a>

1. 在OAuth2LoginController中进行自定义OAuth2服务器授权成功处理

参考示例一

以上就是使用Spring Boot OAuth2实现单点登录的完整攻略，包含Google和自定义OAuth2服务器两个示例。