1.单体系统下的登录
直接利用已经存在的cookie和session机制进行登录验证,就不需要自己实现一套登录验证机制.
implementation 'org.springframework.boot:spring-boot-starter-security' implementation 'org.springframework.boot:spring-boot-starter-web'
直接引入包,添加spring security 的配置文件即可
@Configuration @EnableWebSecurity @Order(SecurityProperties.BASIC_AUTH_ORDER) public class MultiHttpSecurityConfig extends WebSecurityConfigurerAdapter{ @Bean public AuthenticationEventPublisher authenticationEventPublisher (ApplicationEventPublisher applicationEventPublisher) { return new DefaultAuthenticationEventPublisher(applicationEventPublisher); } @Override protected void configure(HttpSecurity http) throws Exception { http .csrf().disable(); http .formLogin().defaultSuccessUrl("/token", true) .and() .authorizeRequests() .antMatchers("/login", "/logout").permitAll() .anyRequest().authenticated(); } }
这样直接就实现了一套完整的登录系统,其余配置参考官方文档.因为底层是基于cookie和session实现的,所以整个实现比较简单快捷.
2.分布式系统下的登录
分布式下系统有多个服务,为了不同的服务之间能共享一个状态所以要用redis,spring也提供了spring session来做和spring security的集成,使得整个系统进行登录验证很简洁.
implementation 'org.springframework.boot:spring-boot-starter-data-redis' implementation 'org.springframework.session:spring-session-data-redis'
引入以上的包,添加以下配置
@Configuration @EnableRedisHttpSession public class RedisConfig { @Bean public LettuceConnectionFactory connectionFactory() { RedisStandaloneConfiguration redisConfig = new RedisStandaloneConfiguration("xx.x.xx.x",6379); redisConfig.setPassword("xxx"); redisConfig.setDatabase(2); return new LettuceConnectionFactory(redisConfig); } }
即可开启spring session登录.
然后我们在使用nginx做代理
server { listen 8084; server_name server; #文件上传参数 client_header_timeout 120s; client_body_timeout 120s; client_max_body_size 100m; client_body_buffer_size 10m; #charset koi8-r; charset utf-8; if ($http_FeignClient = 'true') { return 403 "Access to this resource on the server is denied!"; } # nros前端首页 location ~^/test.html { root html; } #H5前端加/ location =/h5 { rewrite /h5 /h5/login; } # 后端网关 location =/ { proxy_pass http://localhost:8085; proxy_redirect off; proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 90; proxy_send_timeout 180; proxy_read_timeout 180; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; # websocket配置 proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location ~^/(login|token) { proxy_pass http://localhost:8085; proxy_redirect off; proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 90; proxy_send_timeout 180; proxy_read_timeout 180; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; # websocket配置 proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location ~^/resource { proxy_pass http://localhost:8086; proxy_redirect off; proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 90; proxy_send_timeout 180; proxy_read_timeout 180; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; # websocket配置 proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } }
即可不用写额外的代码处理跨域问题,就能实现统一认证.