Spring cloud Single Sign-On, springcloud Single Point

Source: Internet
Author: User
Tags oauth

Spring cloud Single Sign-On, springcloud Single Point
Summary springcloud-based Single Sign-on service and zuul-based gateway service (solving the session loss problem after zuul is forwarded to the authentication service) download the code: http://www.demodashi.com/demo/10313.html##

Before learning, please systematically learn about eureka, zuul, and spring security. Otherwise, it may be difficult to get started. I bought springcloud microservice practice, which is well written.

This project is based on springcloud Dalston. SR1. As the company decided to use spring cloud, when performing the authentication service in the early stage, it found that the session was lost after the request was forwarded to the authentication service through zuul gateway, and the csrf verification failure was reported. Most of the information on the Internet was unreliable, this problem has been solved through research. An example is provided for your reference.

Ii. Project

Iii. Service Description

① Service Registration (based on eureka): Project name: service-registry-server port: 8761

Startup class: cn.com. springcloudtest. cloud. service. registry. ServiceRegistryServerApplication

② Gateway service (based on zuul): Project name: api-gateway-server port: 8080

Startup class: cn.com. springcloudtest. cloud. api. gateway. ApiGatewayServerApplication

③ Authentication Service (based on oau2and spring security): Project name: uaa-server port: 7769

Startup class: cn.com. springcloudtest. cloud. uaa. UaaServerApplication

The authentication service uses redis to save the session and the client to the mysql database.

Iv. configuration file description

Some configuration authors do not fully understand the settings found on the internet, but such settings are OK.

① Service-registry-server service Registration configuration information is not described too much, standard usage

② Api-gateway-server gateway service configuration information

Spring: aop: # aop proxy proxyTargetClass: true application: name: api-gateway-serverserver: port: 8080 tomcat: uri-encoding: UTF-8 # Service Registration eureka: client: serviceUrl: defaultZone: http: // 127.0.0.1: 8761/eureka/# server: # enable-self-preservation: false # disable eureka self-protection, it is not recommended to disable self-protection in the production environment # the address of the Certification Center index page. If you log on to the Certification Center directly, the address uaa will be displayed. server. index-path:/uaa/index # authorization center jump path prefix uaa. server. service. path:/uaa/** # http. authorize. matchers:/**/css/**,/**/styles/**,/**/js/**,/**/plugin /**, /**/plugins/**,/**/template/**,/**/img/**,/**/fonts /**, /**/cvr100u/**,/css/**,/js/**,/plugin/**,/template/**,/img /**, /fonts/**,/cvr100u/** # gateway information zuul: routes: uaa-server: sensitiveHeaders: "*" # The sensitive headers can also be set globally (this is required) path: $ {uaa. server. service. path} stripPrefix: false add-proxy-headers: true # X-Forwarder-Host request header is added to the forwarding request by default # security authentication information security: basic: enabled: false oau2: sso: loginPath:/login client: accessTokenUri: http: // 127.0.0.1: 7769/uaa/oauth/token userAuthorizationUri:/uaa/oauth/authorize clientId: acme clientSecret: acmesecret resource: jwt: keyValue: | ----- begin public key ----- encrypt/decrypt + encrypt/decrypt/sfZC2G5EU7Oz0mhG8 + encrypt +/decrypt + QIDAQAB ----- end public key ----- id: openid serviceId: $ {PREFIX:} resource

③ Uaa-server configuration information

Spring: application: name: uaa-server # database connection information datasource: url: jdbc: mysql: // localhost: 3306/uaa? CharacterEncoding = UTF-8 username: root password: root driver-class-name: com. mysql. jdbc. driver max-idle: 5 max-wait: 10000 min-idle: 2 initial-size: 3 validation-query: SELECT 1 time-between-eviction-runs-millis: 18800 jdbc-interceptors: ConnectionState; SlowQueryReport (threshold = 50) jpa: database: MYSQL show-SQL: true # Use redis to store session, redis service address redis: host: 127.0.0.1 port: 6379 # Do not cache the thymeleaf template. configure this attribute in the development environment. do not configure thymeleaf: cache: false cache-period: 0 template: cache: falseserver: port: in the production environment: 7769 context-path:/uaa # authentication service context address (required) use-forward-headers: false tomcat: uri-encoding: UTF-8 # Service Registration eureka: instance: preferIpAddress: true client: serviceUrl: defaultZone: http: // 127.0.0.1: 8761/eureka/security: basic: enabled: false user: password ignored:/css /**, /js/**,/favicon. ico,/webjars/** sessions: NEVER # NEVER create a session by yourself # jwt information (custom attributes are used in the AuthorizationServerConfigurer configuration class) jwt: access: token: converter: resource: location: classpath: keystore. jks password: foobar key-pair-alias: test # custom attribute. http: authorize: # matchers, a set of URLs that do not pass authentication, is used in the websecuritycycler configuration class: /**/css/**,/**/js/**,/**/plugin/**,/**/template /**, /**/img/**,/**/fonts/**,/**/cvr100u/**,/css/**,/js /**, /plugin/**,/template/**,/img/**,/fonts/**,/cvr100u/** login: path:/login
V. java code configuration

① Api-gateway-server Service configurations are concentrated in the websecuritypolicer class, which is relatively simple to configure

② Uaa-server Service configurations are concentrated in AuthorizationServerConfigurer and WebSecurityConfigurer. AuthorizationServerConfigurer is a jwt-related configuration, WebSecurityConfigurer is a security-related configuration, and comments have been made in important part of the code.

Vi. Project Running Effect

Note: Read the readme.txt file before running the project.

User name: admin@163.com password: admin

Download Code: Workshop

 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.