基于SpringBoot的单点登录实现

一、实现原理

本单点登录原理是基于SpringBoot的HandlerInterceptor拦截器实现的，大致思路如下：

SP提供单点登录接口，并通过HandlerInterceptor对该地址进行拦截。统一平台访问该SP时携带认证Token信息，HandlerInterceptor向IDP验证Token的合法性，验证通过后进入SP单点登录接口处理，验证失败跳转到统一登录地址。

拦截器在单点登录集成的Jar包中实现，SP只需在项目中引入Jar包并实现单点登录接口处理即可。

二、单点登录集成Jar实现

1、sso配置文件

/**

 * sso配置文件

 *

 * @author sunyp

 */

@Component

@ConfigurationProperties(prefix = "sso")  // 配置文件中的前缀

@Getter

@Setter

public class SSOConfig {

   //SP单点登录地址

   private String loginPath;

   //IDP认证地址

   private String server;

}

2、拦截器配置

/**

 * 单点登录拦截器配置

 */

@Configuration

@Getter

@Setter

public class SSOInterceptorConfig implements WebMvcConfigurer {

   @Autowired

   private SSOConfig config;

   @Override

   public void addInterceptors(InterceptorRegistry registry) {

      registry.addInterceptor(ssoAuthenticationInterceptor())

            .addPathPatterns(config.getLoginPath());

   }

   @Bean

   public SSOAuthenticationInterceptor ssoAuthenticationInterceptor() {

      return new SSOAuthenticationInterceptor();

   }

}

3、拦截器实现

/**

 * 单点登录拦截器

 */

@Getter

@Setter

public class SSOAuthenticationInterceptor implements HandlerInterceptor {

   @Autowired

   private SSOConfig config;

   @Override

   public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object object) throws Exception {

      //从参数中取出统一系统登录成功的token

      String token = request.getParameter("token");

      if (StringUtil.isEmpty(token)) {

         //没有token直接转到统一登录地址，默认会跳转到登录页

         response.sendRedirect(config.getServer());

         return false;

      }

      //去IDP验证token的合法性，合法会返回用户信息

      String result = HttpClientUtils.get(config.getServer() + "/sso/auth?token=" + token);

      if (result.equals("")) {

         response.sendRedirect(config.getServer());

         return false;

      }

      try {

         JSONObject jsonObject = JSONObject.parseObject(result);

         if (jsonObject.getInteger("code") != 200) {

            response.sendRedirect(config.getServer());

            return false;

         }

         JSONObject data = jsonObject.getJSONObject("data");

         if (!data.getBoolean("status")) {

            response.sendRedirect(config.getServer());

            return false;

         }

         request.setAttribute("loginName", data.getString("loginName"));

         request.setAttribute("userName", data.getString("userName"));

         return true;

      } catch (Exception e) {

         response.sendRedirect(config.getServer());

         return false;

      }

   }

   @Override

   public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {

   }

   @Override

   public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {

   }

}

三、SP端代码

1、单点登录处理

/**

 * 单点登录处理

 */

@Controller

@RequestMapping(value = "service/sso")

public class SSOLogin {

   @RequestMapping()

   @PassToken

   public void login(HttpServletRequest request, HttpServletResponse response) throws IOException {

      //单点登录成功后会进入此方法内部，可以从request中获取loginName和userName;

      String loginName = request.getAttribute("loginName").toString();

      String userName = request.getAttribute("userName").toString();

      //TODO 进行本地化权限处理

      //跳转到系统首页

      response.sendRedirect("/");

   }

}

2、配置文件

sso:

  loginPath: /service/sso  #单点登录接口

  server: http://192.168.34.110:8080/  #IDP地址