Design and implementation of single sign on system for 09 micro service version

brief introduction

Background analysis

In the traditional login system, each site implements its own special login module. The login status of each site does not recognize each other, and each site needs to log in manually one by one. For example:

Such a system is also called multipoint login system. The application is relatively cumbersome (each time you access the resource service, you need to log in again for authentication and authorization). At the same time, the repetition of the system code is also relatively high. Therefore, the single sign on system was born.

Single sign on system

Single Sign On (SSO) in English means that multiple sites share one authentication and authorization server. After logging in at any one site, users can access all other sites without logging in. In addition, sites can communicate directly through this login status. For example:

Quick start practice

The project structure is as follows:

Create certification authorization project

Add project dependency

  <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-starter-oauth2</artifactId>
    </dependency>
    <dependency>
        <groupId>com.alibaba.cloud</groupId>
        <artifactId>spring-cloud-starter-alibaba-nacos-discovery</artifactId>
    </dependency>
    <dependency>
        <groupId>com.alibaba.cloud</groupId>
        <artifactId>spring-cloud-starter-alibaba-nacos-config</artifactId>
    </dependency>

Build project profile

Create a bootstrap in the SCA auth project YML file, for example:

server:
  port: 8071
spring:
  application:
    name: sca-auth
  cloud:
    nacos:
      discovery:
        server-addr: localhost:8848
      config:
        server-addr: localhost:8848

Add project startup class

package com.jt;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class ResourceAuthApplication {
    public static void main(String[] args) {
        SpringApplication.run(ResourceAuthApplication.class, args);
    }
}

Start and access project

When the project is started, the system will generate a login password by default, for example:


Open browser input http://localhost:8071 Render the landing page, for example:


The default user name is user, and the password is the password presented on the console when the system is started. Execute the login test. The successful login is as follows:

Custom login logic

Define security configuration classes

package com.jt.auth.config;
@Configuration
public class SecurityConfig {
    /**
     * Define the spring security password encryption object
     */
    @Bean //The object name defaults to the method name
    public BCryptPasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }
}

Define user information processing objects

package com.jt.auth.service;
@Service
public class UserDetailServiceImpl implements UserDetailsService {
    @Autowired
    private BCryptPasswordEncoder passwordEncoder;
    /**
     * When we execute the login operation, the bottom layer will call this method through objects such as filters
     * @param username This parameter is the user name output by the page
     * @return Generally, it refers to the user information queried from the database based on the user name
     * @throws UsernameNotFoundException
     */
    @Override
    public UserDetails loadUserByUsername(String username)
            throws UsernameNotFoundException {
        //1. Query user information from database based on user name
        //User user=userMapper.selectUserByUsername(username);
        if(!"jack".equals(username))//Suppose this is information queried from a database
            throw new UsernameNotFoundException();
        //2. Encapsulate the user information into the UserDetails object and return it
        //Suppose the password is queried from the database
        String encodedPwd=passwordEncoder.encode("123456");
        //Suppose this permission information is also queried from the database
        List<GrantedAuthority> grantedAuthorities =AuthorityUtils.commaSeparatedStringToAuthorityList(
                "sys:res:retrieve,sys:res:create");
        //This user is the implementation of the UserDetails interface provided by spring security, which is used to encapsulate user information
        //Later, we can also build our own implementation of UserDetails interface based on our needs
        User user=new User(username,encodedPwd,grantedAuthorities);
        return user;
    }
}

Start the service for access testing

After starting the service, enter the login page, enter the user name jack and password 123456 for login test.

Summary

This chapter focuses on the design idea and specific implementation process of single point login in microservice architecture.

Keywords: Java Spring

Added by Amtran on Sun, 19 Dec 2021 18:35:51 +0200