spring security 登录

1.单体系统下的登录

 直接利用已经存在的cookie和session机制进行登录验证,就不需要自己实现一套登录验证机制.

    implementation 'org.springframework.boot:spring-boot-starter-security'
    implementation 'org.springframework.boot:spring-boot-starter-web'

直接引入包,添加spring security 的配置文件即可

@Configuration
@EnableWebSecurity
@Order(SecurityProperties.BASIC_AUTH_ORDER)
public class MultiHttpSecurityConfig extends WebSecurityConfigurerAdapter{

    @Bean
    public AuthenticationEventPublisher authenticationEventPublisher
            (ApplicationEventPublisher applicationEventPublisher) {
        return new DefaultAuthenticationEventPublisher(applicationEventPublisher);
    }
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .csrf().disable();
        http
            .formLogin().defaultSuccessUrl("/token", true)
        .and()
            .authorizeRequests()
            .antMatchers("/login", "/logout").permitAll()
            .anyRequest().authenticated();
    }
}

这样直接就实现了一套完整的登录系统,其余配置参考官方文档.因为底层是基于cookie和session实现的,所以整个实现比较简单快捷.

2.分布式系统下的登录

分布式下系统有多个服务,为了不同的服务之间能共享一个状态所以要用redis,spring也提供了spring session来做和spring security的集成,使得整个系统进行登录验证很简洁.

    implementation 'org.springframework.boot:spring-boot-starter-data-redis'
    implementation 'org.springframework.session:spring-session-data-redis'

引入以上的包,添加以下配置

@Configuration
@EnableRedisHttpSession 
public class RedisConfig {

    @Bean
    public LettuceConnectionFactory connectionFactory() {
        RedisStandaloneConfiguration redisConfig = new RedisStandaloneConfiguration("xx.x.xx.x",6379);
        redisConfig.setPassword("xxx");
        redisConfig.setDatabase(2);
        return new LettuceConnectionFactory(redisConfig); 
    }

}

即可开启spring session登录.

然后我们在使用nginx做代理

    server {
        listen       8084;
        server_name  server;

        #文件上传参数
        client_header_timeout 120s;
        client_body_timeout 120s;
        client_max_body_size 100m;
        client_body_buffer_size 10m;

        #charset koi8-r;
        charset utf-8;

        if ($http_FeignClient = 'true') {
            return 403 "Access to this resource on the server is denied!";
        }

        # nros前端首页
        location ~^/test.html {
            root html;
        }

        #H5前端加/
        location =/h5 {
            rewrite /h5 /h5/login;
        }

        
        
        # 后端网关
        location =/ {
            proxy_pass http://localhost:8085;
            proxy_redirect off;
            proxy_set_header Host $host:$server_port;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_connect_timeout 90;
            proxy_send_timeout 180;
            proxy_read_timeout 180;
            proxy_buffer_size 4k;
            proxy_buffers 4 32k;
            proxy_busy_buffers_size 64k;
            proxy_temp_file_write_size 64k;
            # websocket配置
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }
        
        location ~^/(login|token) {
            proxy_pass http://localhost:8085;
            proxy_redirect off;
            proxy_set_header Host $host:$server_port;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_connect_timeout 90;
            proxy_send_timeout 180;
            proxy_read_timeout 180;
            proxy_buffer_size 4k;
            proxy_buffers 4 32k;
            proxy_busy_buffers_size 64k;
            proxy_temp_file_write_size 64k;
            # websocket配置
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }
        location ~^/resource {
            proxy_pass http://localhost:8086;
            proxy_redirect off;
            proxy_set_header Host $host:$server_port;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_connect_timeout 90;
            proxy_send_timeout 180;
            proxy_read_timeout 180;
            proxy_buffer_size 4k;
            proxy_buffers 4 32k;
            proxy_busy_buffers_size 64k;
            proxy_temp_file_write_size 64k;
            # websocket配置
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }
        
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }

即可不用写额外的代码处理跨域问题,就能实现统一认证.