整体效果

ruoyi-sso.mp4 (18.56MB)[单点案例] ruoyi系统接入pig (不分离) - 图2

整体设计思路

  1. 依赖于 OAuth2的授权码模式, pig 作为SSO 的认证中心
  2. pig 用户 包含 ruoyi 用户表的全部
  3. pig 负责 shirorealm 的认证过程,ruoyi 负责鉴权过程

基础环境

基于pig 3.5 & ruoyi 4.7 实现 sso 效果

pig 增加客户端

sys_oauth_client_details 表直接增加即可

  1. INSERT INTO `sys_oauth_client_details`(`client_id`, `resource_ids`, `client_secret`, `scope`, `authorized_grant_types`, `web_server_redirect_uri`, `authorities`, `access_token_validity`, `refresh_token_validity`, `additional_information`, `autoapprove`) VALUES ('ruoyi', NULL, 'ruoyi', 'server', 'refresh_token,authorization_code', 'http://127.0.0.1:80/sso/login', NULL, 43200, 2592001, NULL, 'true');

客户端SDK

ruoyi-framework/pom.xml 添加依赖

  1. <dependency>
  2.     <groupId>com.pig4cloud.shiro</groupId>
  3.     <artifactId>sso-sdk</artifactId>
  4.     <version>0.1.0</version>
  5. </dependency>

ruoyi-admin/application.yml 配置认证信息

  1. oauth2:
  2.   client:
  3.     client-id: ruoyi
  4.     client-secret: ruoyi
  5.     redirect-uri: http://127.0.0.1:${server.port}/sso/login  #登录回调地址
  6.     target-uri: http://127.0.0.1:${server.port}/  #登录后跳转到首页的地址
  7.     logout-uri: http://127.0.0.1:${server.port}/  #退出后跳转的地址
  8.     sso-server-uri: http://localhost:3000      #pig认证中心的地址
  9.     scope: server

ruoyi 代码调整

com.ruoyi.framework.shiro.realm 目录新增OAuth2Realm逻辑

  1. @Component
  2. public class OAuth2Realm extends UserRealm {
  3.     @Autowired
  4.     private ISysUserService userService;
  5.     @Autowired
  6.     private OAuth2SsoKit auth2SsoKit;
  8.     @Override
  9.     protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
  10.         OAuth2SsoAuthenticationToken oAuth2SsoAuthenticationToken = (OAuth2SsoAuthenticationToken) token;
  11.         String username = auth2SsoKit.getUser(oAuth2SsoAuthenticationToken.getCode());
  12.         SysUser sysUser = userService.selectUserByLoginName(username);
  13.         SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(sysUser, sysUser.getPassword(), ByteSource.Util.bytes(sysUser.getSalt()), getName());
  14.         oAuth2SsoAuthenticationToken.setUsername(sysUser.getUserName());
  15.         oAuth2SsoAuthenticationToken.setPassword(sysUser.getPassword().toCharArray());
  16.         return info;
  17.     }
  19.     @Override
  20.     public CredentialsMatcher getCredentialsMatcher() {
  21.         return (token, info) -> true;
  22.     }
  24.     @Override
  25.     public boolean supports(AuthenticationToken token) {
  26.         return token instanceof OAuth2SsoAuthenticationToken;
  27.     }
  28. }

ShiroConfig 配置

  1. /**
  2.  * 安全管理器 配置OAuth2Realm
  3.  */
  4. @Bean
  5. public SecurityManager securityManager(OAuth2Realm oAuth2Realm, UserRealm userRealm)
  6. {
  7.     securityManager.setRealms(Arrays.asList(oAuth2Realm, userRealm));
  8.     ...
  9.     return securityManager;
  10. }
  1.  /**
  2.   * Shiro过滤器配置
  3.   */
  4. @Bean
  5. public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager)
  6. {
  7.     ....
  8.         filterChainDefinitionMap.put("/sso/login", "anon"); # 开放sso/login endpoint
  10. }

SSO 登录地址

  1. # 如视频中增加 登录按钮
  2. http://127.0.0.1:80/sso/login

退出流程

  • 跳转 LogoutFilter.java

image.png

❤ 问题咨询

手势点击蓝字求关注简约风动态引导关注__2022-09-07+23_18_38.gif