单点登录系统-Oauth2

一、单点登录系统-Oauth2

（1）创建一个关于Spring-Security的Maven项目（下面以来为pom.xml文件中的内容，关于JDK版本，以及打包成jar或者war，插件可根据自己的需求进行添加）

  		
			org.springframework.boot
			spring-boot-starter-oauth2-client
		
		
			org.springframework.boot
			spring-boot-starter-security
		
		
			org.springframework.boot
			spring-boot-starter-web
		
		
			org.springframework.boot
			spring-boot-starter-thymeleaf
		
		
        
    		com.alibaba
    		fastjson
    		1.2.68
		

		
			org.springframework.boot
			spring-boot-starter-test
			test
			
				
					org.junit.vintage
					junit-vintage-engine
				
			
		
		
			org.springframework.security`在这里插入代码片`
			spring-security-test
			test
		
		
			org.springframework.boot
			spring-boot-configuration-processor
			true
		

（2）相关配置类

@Configuration
@EnableConfigurationProperties(QkrhClientRegistrationProperties.class)
public class OAuth2LoginConfig {

    @EnableWebSecurity
    public static class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {

        @Override
        protected void configure(HttpSecurity http) throws Exception {
        	http.authorizeRequests()
        	.anyRequest().authenticated()
        	.and()
			.oauth2Login()
			.defaultSuccessUrl("认证成功之后的地址")
			.redirectionEndpoint().baseUri("拦截重定向地址的，此处的URL要包含重定向地址。比如重定向地址为：/v1/chen/login/chen 那么此处的地址可为 /v1/chen/login/**");
			//下面的设置实际上是针对不太符合oauth2协议的认证服务器进行自定一的处理，如果想QQ 微信之类的就不需要。可忽略
        	http.oauth2Login().userInfoEndpoint().userService(new CustomOAuth2UserService());
        	http.oauth2Login().tokenEndpoint().accessTokenResponseClient(customAccessTokenResponseClient());
        }
		private OAuth2AccessTokenResponseClient customAccessTokenResponseClient() {
		    return new CustomPasswordTokenResponseClient();
		}
    }
    
    @Autowired
    private QkrhClientRegistrationProperties registrationProperties;

    @Bean
    public ClientRegistrationRepository clientRegistrationRepository() {
        return new InMemoryClientRegistrationRepository(this.gfoaClientRegistration(registrationProperties));
    }
    private List gfoaClientRegistration(QkrhClientRegistrationProperties registrationProperties){
    	List clientRegistrationList = new ArrayList<>();
    		clientRegistrationList.add(
    				ClientRegistration.withRegistrationId(registrationProperties.getRegistrationId())
    	            .clientId(registrationProperties.getClientId())
    	            .clientSecret(registrationProperties.getClientSecret())
    	            .clientAuthenticationMethod(ClientAuthenticationMethod.POST)
    	            .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
    	            .redirectUriTemplate("{baseUrl}/v1/3rd/qkrh/login/{registrationId}")
//    	            .scope("openid")
    	            .authorizationUri(registrationProperties.getAuthorizationUri())
    	            .tokenUri(registrationProperties.getTokenUri())
//    	            .jwkSetUri(registrationProperties.getJwkSetUri())
    	            .clientName(registrationProperties.getClientId())
    	            .build());
		return clientRegistrationList;
    }
    
}

“{baseUrl}/v1/3rd/qkrh/login/{registrationId}” 这是重定向地址，当你访问 http://ip:port/login,进入选择客户端进行第三方认证，点击你注册好的客户端跳转到第三方登录系统，这个跳转连接是框架帮助你自动生成的。

（3）yml 文件

v:
    p:
      registration-id: 
      authorization-uri:
      token-uri: 
      client-id: 
      client-secret: 
    q:
      registration-id: 
      authorization-uri:
      token-uri: 
      client-id: 
      client-secret: 

上面的yml可多配置，主要是通过registration-id来区分是通过哪个客户端要验证，下面这个地方就会多个进行选择。

（4）读取yml文件的配置

@ConfigurationProperties(prefix = "vp")
public class QkrhClientRegistrationProperties {

	private String authorizationUri;
	private String tokenUri;
	private String jwkSetUri;
	private String redirectUri;
	private String clientId;
	private String clientSecret;
	private String registrationId;
	
	
	public String getAuthorizationUri() {
		return authorizationUri;
	}

	public void setAuthorizationUri(String authorizationUri) {
		this.authorizationUri = authorizationUri;
	}

	public String getTokenUri() {
		return tokenUri;
	}

	public void setTokenUri(String tokenUri) {
		this.tokenUri = tokenUri;
	}

	public String getJwkSetUri() {
		return jwkSetUri;
	}

	public void setJwkSetUri(String jwkSetUri) {
		this.jwkSetUri = jwkSetUri;
	}

	public String getRedirectUri() {
		return redirectUri;
	}

	public void setRedirectUri(String redirectUri) {
		this.redirectUri = redirectUri;
	}

	public String getClientId() {
		return clientId;
	}

	public void setClientId(String clientId) {
		this.clientId = clientId;
	}

	public String getClientSecret() {
		return clientSecret;
	}

	public void setClientSecret(String clientSecret) {
		this.clientSecret = clientSecret;
	}

	public String getRegistrationId() {
		return registrationId;
	}

	public void setRegistrationId(String registrationId) {
		this.registrationId = registrationId;
	}
}

（5）controller（只需要写一个跳转成功之后的controller,然后单点到需要的地址就好。）

//只是示例
@RequestMapping("/v/success")
	public String index(Model model, @RegisteredOAuth2AuthorizedClient OAuth2AuthorizedClient authorizedClient,
			@AuthenticationPrincipal OAuth2User oauth2User, @RequestParam(required = false) String functionId,
			HttpServletRequest request, HttpServletResponse response) throws IOException {
			}

有问题可留言交流~ 只做个简单的记录。