Spring Security OAuth2单点登录

farkguidao · Jul 4, 2019 · 5958cf5 · 5958cf5
1 parent e6950fd
commit 5958cf5
Show file tree

Hide file tree

Showing 19 changed files with 480 additions and 0 deletions.
diff --git a/66.Spring-Security-OAuth2-SSO/pom.xml b/66.Spring-Security-OAuth2-SSO/pom.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <packaging>pom</packaging>
+    <modules>
+        <module>sso-application-one</module>
+        <module>sso-application-two</module>
+        <module>sso-server</module>
+    </modules>
+    <parent>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starter-parent</artifactId>
+        <version>2.1.6.RELEASE</version>
+        <relativePath/> <!-- lookup parent from repository -->
+    </parent>
+    <groupId>cc.mrbird</groupId>
+    <artifactId>sso</artifactId>
+    <version>0.0.1-SNAPSHOT</version>
+    <name>sso</name>
+    <description>Demo project for Spring Boot</description>
+
+    <properties>
+        <java.version>1.8</java.version>
+        <spring-cloud.version>Greenwich.SR1</spring-cloud.version>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.cloud</groupId>
+            <artifactId>spring-cloud-starter</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.cloud</groupId>
+            <artifactId>spring-cloud-starter-oauth2</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.cloud</groupId>
+            <artifactId>spring-cloud-starter-security</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+        </dependency>
+    </dependencies>
+
+    <dependencyManagement>
+        <dependencies>
+            <dependency>
+                <groupId>org.springframework.cloud</groupId>
+                <artifactId>spring-cloud-dependencies</artifactId>
+                <version>${spring-cloud.version}</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+            </plugin>
+        </plugins>
+    </build>
+</project>
diff --git a/66.Spring-Security-OAuth2-SSO/sso-application-one/pom.xml b/66.Spring-Security-OAuth2-SSO/sso-application-one/pom.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>sso</artifactId>
+        <groupId>cc.mrbird</groupId>
+        <version>0.0.1-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>sso-application-one</artifactId>
+
+
+</project>
diff --git a/...ecurity-OAuth2-SSO/sso-application-one/src/main/java/cc/mrbird/sso/SsoApplicaitonOne.java b/...ecurity-OAuth2-SSO/sso-application-one/src/main/java/cc/mrbird/sso/SsoApplicaitonOne.java
@@ -0,0 +1,17 @@
+package cc.mrbird.sso;
+
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
+import org.springframework.boot.builder.SpringApplicationBuilder;
+
+/**
+ * @author MrBird
+ */
+@EnableOAuth2Sso
+@SpringBootApplication
+public class SsoApplicaitonOne {
+
+    public static void main(String[] args) {
+        new SpringApplicationBuilder(SsoApplicaitonOne.class).run(args);
+    }
+}
diff --git a/.../sso-application-one/src/main/java/cc/mrbird/sso/client/config/WebSecurityConfigurer.java b/.../sso-application-one/src/main/java/cc/mrbird/sso/client/config/WebSecurityConfigurer.java
@@ -0,0 +1,15 @@
+package cc.mrbird.sso.client.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+/**
+ * @author MrBird
+ */
+@Order(101)
+@Configuration
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
+}
diff --git a/...SSO/sso-application-one/src/main/java/cc/mrbird/sso/client/controller/UserController.java b/...SSO/sso-application-one/src/main/java/cc/mrbird/sso/client/controller/UserController.java
@@ -0,0 +1,31 @@
+package cc.mrbird.sso.client.controller;
+
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.security.Principal;;
+
+/**
+ * @author MrBird
+ */
+@RestController
+public class UserController {
+
+    @GetMapping("user")
+    public Principal user(Principal principal) {
+        return principal;
+    }
+
+    @GetMapping("auth/test1")
+    @PreAuthorize("hasAuthority('user:add')")
+    public String authTest1(){
+        return "您拥有'user:add'权限";
+    }
+
+    @GetMapping("auth/test2")
+    @PreAuthorize("hasAuthority('user:update')")
+    public String authTest2(){
+        return "您拥有'user:update'权限";
+    }
+}
diff --git a/66.Spring-Security-OAuth2-SSO/sso-application-one/src/main/resources/application.yml b/66.Spring-Security-OAuth2-SSO/sso-application-one/src/main/resources/application.yml
@@ -0,0 +1,14 @@
+security:
+  oauth2:
+    client:
+      client-id: app-a
+      client-secret: app-a-1234
+      user-authorization-uri: http://127.0.0.1:8080/server/oauth/authorize
+      access-token-uri: http://127.0.0.1:8080/server/oauth/token
+    resource:
+      jwt:
+        key-uri: http://127.0.0.1:8080/server/oauth/token_key
+server:
+  port: 9090
+  servlet:
+    context-path: /app1
diff --git a/66.Spring-Security-OAuth2-SSO/sso-application-one/src/main/resources/static/index.html b/66.Spring-Security-OAuth2-SSO/sso-application-one/src/main/resources/static/index.html
@@ -0,0 +1,11 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>管理系统一</title>
+</head>
+<body>
+    <h1>管理系统一</h1>
+    <a href="http://127.0.0.1:9091/app2/index.html">跳转到管理系统二</a>
+</body>
+</html>
diff --git a/66.Spring-Security-OAuth2-SSO/sso-application-two/pom.xml b/66.Spring-Security-OAuth2-SSO/sso-application-two/pom.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>sso</artifactId>
+        <groupId>cc.mrbird</groupId>
+        <version>0.0.1-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>sso-application-two</artifactId>
+
+
+</project>
diff --git a/...ecurity-OAuth2-SSO/sso-application-two/src/main/java/cc/mrbird/sso/SsoApplicaitonTwo.java b/...ecurity-OAuth2-SSO/sso-application-two/src/main/java/cc/mrbird/sso/SsoApplicaitonTwo.java
@@ -0,0 +1,17 @@
+package cc.mrbird.sso;
+
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
+import org.springframework.boot.builder.SpringApplicationBuilder;
+
+/**
+ * @author MrBird
+ */
+@EnableOAuth2Sso
+@SpringBootApplication
+public class SsoApplicaitonTwo {
+
+    public static void main(String[] args) {
+        new SpringApplicationBuilder(SsoApplicaitonTwo.class).run(args);
+    }
+}
diff --git a/...SSO/sso-application-two/src/main/java/cc/mrbird/sso/client/controller/UserController.java b/...SSO/sso-application-two/src/main/java/cc/mrbird/sso/client/controller/UserController.java
@@ -0,0 +1,17 @@
+package cc.mrbird.sso.client.controller;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+/**
+ * @author MrBird
+ */
+@RestController
+public class UserController {
+
+    @GetMapping("user")
+    public Authentication user(Authentication authentication) {
+        return authentication;
+    }
+}
diff --git a/66.Spring-Security-OAuth2-SSO/sso-application-two/src/main/resources/application.yml b/66.Spring-Security-OAuth2-SSO/sso-application-two/src/main/resources/application.yml
@@ -0,0 +1,14 @@
+security:
+  oauth2:
+    client:
+      client-id: app-b
+      client-secret: app-b-1234
+      user-authorization-uri: http://127.0.0.1:8080/server/oauth/authorize
+      access-token-uri: http://127.0.0.1:8080/server/oauth/token
+    resource:
+      jwt:
+        key-uri: http://127.0.0.1:8080/server/oauth/token_key
+server:
+  port: 9091
+  servlet:
+    context-path: /app2
diff --git a/66.Spring-Security-OAuth2-SSO/sso-application-two/src/main/resources/static/index.html b/66.Spring-Security-OAuth2-SSO/sso-application-two/src/main/resources/static/index.html
@@ -0,0 +1,11 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>管理系统二</title>
+</head>
+<body>
+<h1>管理系统二</h1>
+<a href="http://127.0.0.1:9090/app1/index.html">跳转到管理系统一</a>
+</body>
+</html>
diff --git a/66.Spring-Security-OAuth2-SSO/sso-server/pom.xml b/66.Spring-Security-OAuth2-SSO/sso-server/pom.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>sso</artifactId>
+        <groupId>cc.mrbird</groupId>
+        <version>0.0.1-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>sso-server</artifactId>
+</project>
diff --git a/...ring-Security-OAuth2-SSO/sso-server/src/main/java/cc/mrbird/sso/SsoServerApplication.java b/...ring-Security-OAuth2-SSO/sso-server/src/main/java/cc/mrbird/sso/SsoServerApplication.java
@@ -0,0 +1,15 @@
+package cc.mrbird.sso;
+
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.builder.SpringApplicationBuilder;
+
+/**
+ * @author MrBird
+ */
+@SpringBootApplication
+public class SsoServerApplication {
+
+    public static void main(String[] args) {
+        new SpringApplicationBuilder(SsoServerApplication.class).run(args);
+    }
+}
diff --git a/...SO/sso-server/src/main/java/cc/mrbird/sso/server/config/SsoAuthorizationServerConfig.java b/...SO/sso-server/src/main/java/cc/mrbird/sso/server/config/SsoAuthorizationServerConfig.java
@@ -0,0 +1,72 @@
+package cc.mrbird.sso.server.config;
+
+import cc.mrbird.sso.server.service.UserDetailService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
+import org.springframework.security.oauth2.provider.token.TokenStore;
+import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
+import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
+
+/**
+ * @author MrBird
+ */
+@Configuration
+@EnableAuthorizationServer
+public class SsoAuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
+
+    @Autowired
+    private PasswordEncoder passwordEncoder;
+    @Autowired
+    private UserDetailService userDetailService;
+
+    @Bean
+    public TokenStore jwtTokenStore() {
+        return new JwtTokenStore(jwtAccessTokenConverter());
+    }
+
+    @Bean
+    public JwtAccessTokenConverter jwtAccessTokenConverter() {
+        JwtAccessTokenConverter accessTokenConverter = new JwtAccessTokenConverter();
+        accessTokenConverter.setSigningKey("test_key");
+        return accessTokenConverter;
+    }
+
+    @Override
+    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
+        clients.inMemory()
+                .withClient("app-a")
+                .secret(passwordEncoder.encode("app-a-1234"))
+                .authorizedGrantTypes("refresh_token","authorization_code")
+                .accessTokenValiditySeconds(3600)
+                .scopes("all")
+                .autoApprove(true)
+                .redirectUris("http://127.0.0.1:9090/app1/login")
+            .and()
+                .withClient("app-b")
+                .secret(passwordEncoder.encode("app-b-1234"))
+                .authorizedGrantTypes("refresh_token","authorization_code")
+                .accessTokenValiditySeconds(7200)
+                .scopes("all")
+                .autoApprove(true)
+                .redirectUris("http://127.0.0.1:9091/app2/login");
+    }
+
+    @Override
+    public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
+        endpoints.tokenStore(jwtTokenStore())
+                .accessTokenConverter(jwtAccessTokenConverter())
+                .userDetailsService(userDetailService);
+    }
+
+    @Override
+    public void configure(AuthorizationServerSecurityConfigurer security) {
+        security.tokenKeyAccess("isAuthenticated()"); // 获取密钥需要身份认证
+    }
+}
diff --git a/...ty-OAuth2-SSO/sso-server/src/main/java/cc/mrbird/sso/server/config/WebSecurityConfig.java b/...ty-OAuth2-SSO/sso-server/src/main/java/cc/mrbird/sso/server/config/WebSecurityConfig.java
@@ -0,0 +1,29 @@
+package cc.mrbird.sso.server.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+/**
+ * @author MrBird
+ */
+@Configuration
+public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.formLogin()
+            .and()
+                .authorizeRequests()
+                .anyRequest()
+                .authenticated();
+    }
+}