a466350665 / smart-sso Goto Github PK
View Code? Open in Web Editor NEWSpringBoot SSO 单点登录 权限认证,OAuth2实现,支持跨域、前后端分离、分布式部署
License: MIT License
SpringBoot SSO 单点登录 权限认证,OAuth2实现,支持跨域、前后端分离、分布式部署
License: MIT License
看了代码,他们通过过滤器sso-filter实现session同步,但是sso-client是一个jar被2个项目所引用,就算调用SessionUtils.setSessionUser(request, new SessionUser(token, account));这个为什么smart-sso-demo也能获取到session呢?
非java程序员, 部署起来自我感觉超级困难 0_0
App应用场景下有两个需求:
你用jdk版本、tomcat版本是什么
单点登录系统验证通过后,是有把token写入到cookie中,但应用系统检验token时,并没有从cookie取值,而是从queryString中取值,而且还再次做了一次跳转,以消除url中的token参数,如此一来,同时把所有的queryString参数都消除了。
单点登录系统验证通过后,往cookie中写入了token,跳转回应用系统页面时,其实不需要在url中携带token参数了,而且在应用系统这边检验token时,直接从cookie中取值即可,也无需再次跳转。如此不是很简单,很方便吗?
牵涉代码:com.smart.sso.client.SsoFilter类的isAccessAllowed方法。
你这个项目下载下来,到处是错误,根本运行不了,没发现嘛?
com.smart.sso.client.SsoFilter类的redirectLogin方法应修改为:
private void redirectLogin(HttpServletRequest request, HttpServletResponse response) throws IOException { if (isAjaxRequest(request)) { responseJson(response, SsoResultCode.SSO_TOKEN_ERROR, "未登录或已超时"); } else { SessionUtils.invalidate(request); StringBuffer backUrl = request.getRequestURL().append((request.getQueryString() != null) ? "?" + request.getQueryString() : ""); String ssoLoginUrl = new StringBuilder().append(isServer ? request.getContextPath() : ssoServerUrl) .append("/login?backUrl=").append(backUrl).toString(); response.sendRedirect(ssoLoginUrl); } }
现在一直使用1.0.0 ,这样会给使用者带来很大的困扰,如果你一直修改RpcUser结构的话,以及外界需要用到的任意实体,都必须升级最后面的版本。
或者使用 1.0.0-SNAPSHOT的方式来开发,这样你可以随时修改实体结构。
现在我就是出现了。使用RpcUser里面的getProfile,然后最新版本删掉了,
这对于release版本而言是非常不严谨的
所以请不要在release下修改实体结构,如果修改了,就打tag升级第二个数字的版本,整体结构改动过大就改动第一个版本,如果只是新增功能或者修复bug(不影响使用的前提下),就提升最后数字的版本。
感谢
能和spring-boot集成?
新增数据返回主键获取为null,不知道是不是改错了什么配置
token存在cookie中过期时间30分钟,也就是用户登录成功30分钟后token会自动失效那么又要重新登陆了是不是有些烦,当然这个时间可以设置长一些哈哈,30分钟我觉得有点短了,建议2小时
亲,这个项目啥开源协议啊?
Hi, I am currently looking into projects on github which are parametrically misusing cryptographic APIs for my research and I came across a few instances in your project where I found such misuses. These misuses have been highlighted in research papers such as
In your source code file AESUtils.java there are two functions encrypt(String, String) and decrypt(String, String). Following issues have been found in these two functions:
SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");
and at line 26
IvParameterSpec iv = new IvParameterSpec(INIT_VECTOR.getBytes("UTF-8"));
First parameters were not properly randomized in both cases. They should be randomized using java.security.SecureRandom class. And these ill prepared skeySpec and iv are later passed on as paramters in line 30 which results in another misuse.
In function decrypt(String, String) same issues as explained above are found at line 49, 50 and 53.
In another file PasswordProvider.java at line 42
MessageDigest md = MessageDigest.getInstance("MD5");
First parameter (with value "MD5") should be any of {SHA-256, SHA-384, SHA-512} as MD5 is widely known to be an insecure algorithm now.
I believe fixing these issues would help your product be more secure.
很多jar包下不下来
把smart用在前后端分离场景下,会出现跨域错误,目测是ssofilter下的截断请求后并redirect造成的,有没有办法解决,或者有什么其他比较好的方案吗?
I am trying to integrate the Smart SSO with our existing spring security project, is it possible?
Anybody can give some ideas?
可以把excludeList.contains(httpRequest.getServletPath()) 替换成下面的方式
这样的话,就可以使用/api/** 的方式过滤一组了,下面的代码参考spring-webmvc的
org.springframework.web.servlet.handler.MappedInterceptor#matches
private PathMatcher pathMatcher = new AntPathMatcher();
private boolean hasMatch(String path){
for (String exclude : excludeList) {
if(pathMatcher.match(exclude,path)){
return true;
}
}
return false;
}
你那边静态资源放在7牛上面加速。
但是我这边感觉很卡,能把项目目前的静态资源公布出来吗?
因为你这边会不断更新项目。但是我这边可能几个月维护更新一次账户系统。
你那边的静态资源修改,就可能导致我这边无法使用的问题。
非常感谢
server正常启动了,登录后,启动demo,并没有获取到单点登录的效果,demo没有获得应有的权限,请问这是什么原因导致?
floder.mkdir(); 建议修改成floder.mkdirs(); 不然用户建立的文件夹层级深了的话,floder.mkdir();只能建一级文件夹
艺术是还是艺术的啊?就是好奇,还有谢谢分享
#--------公用静态文件路径--------#
static.url=http://7xp08d.com1.z0.glb.clouddn.com/smart-static
#--------公用静态文件路径--------#
这个服务器的地址,配置了什么,解决了跨域访问资源
缺少单元测试,最好加单元测试
你好,想了解一下,启动项目后,会出现循环重定向,是什么问题?
我在群里请教个问题都不在有人搭理的,你建群有个什么用???
将smart工程下的pom.xml
改成
org.apache.maven.plugins
maven-war-plugin
2.6
/${project.artifactId}
你好!
如果我是多客户端账号共用怎么部署呢?类似demo 直接在 放 smart-sso 模块下,然后增加sso-client依赖 ,然后再server里配置项目名 就可以了吗 ?
Oct 13, 2017 5:16:06 PM org.apache.catalina.core.StandardContext listenerStart
严重: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener
org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Failed to import bean definitions from relative location [applicationContext-mybatis.xml]
Offending resource: class path resource [applicationContext.xml]; nested exception is org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Failed to import bean definitions from URL location [classpath:spring-mybatis.xml]
Offending resource: class path resource [applicationContext-mybatis.xml]; nested exception is org.springframework.beans.factory.BeanDefinitionStoreException: IOException parsing XML document from class path resource [spring-mybatis.xml]; nested exception is java.io.FileNotFoundException: class path resource [spring-mybatis.xml] cannot be opened because it does not exist
at org.springframework.beans.factory.parsing.FailFastProblemReporter.error(FailFastProblemReporter.java:70)
at org.springframework.beans.factory.parsing.ReaderContext.error(ReaderContext.java:85)
at org.springframework.beans.factory.parsing.ReaderContext.error(ReaderContext.java:76)
at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.importBeanDefinitionResource(DefaultBeanDefinitionDocumentReader.java:255)
at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.parseDefaultElement(DefaultBeanDefinitionDocumentReader.java:180)
at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.parseBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:165)
at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.doRegisterBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:138)
at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.registerBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:94)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.registerBeanDefinitions(XmlBeanDefinitionReader.java:508)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:392)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:336)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:304)
at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:181)
at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:217)
at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:188)
at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:125)
at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:94)
at org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:129)
at org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:604)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:509)
at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:446)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:328)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:107)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4853)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5314)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1408)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1398)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Failed to import bean definitions from URL location [classpath:spring-mybatis.xml]
Offending resource: class path resource [applicationContext-mybatis.xml]; nested exception is org.springframework.beans.factory.BeanDefinitionStoreException: IOException parsing XML document from class path resource [spring-mybatis.xml]; nested exception is java.io.FileNotFoundException: class path resource [spring-mybatis.xml] cannot be opened because it does not exist
at org.springframework.beans.factory.parsing.FailFastProblemReporter.error(FailFastProblemReporter.java:70)
at org.springframework.beans.factory.parsing.ReaderContext.error(ReaderContext.java:85)
at org.springframework.beans.factory.parsing.ReaderContext.error(ReaderContext.java:76)
at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.importBeanDefinitionResource(DefaultBeanDefinitionDocumentReader.java:229)
at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.parseDefaultElement(DefaultBeanDefinitionDocumentReader.java:180)
at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.parseBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:165)
at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.doRegisterBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:138)
at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.registerBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:94)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.registerBeanDefinitions(XmlBeanDefinitionReader.java:508)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:392)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:336)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:304)
at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.importBeanDefinitionResource(DefaultBeanDefinitionDocumentReader.java:239)
... 28 more
Caused by: org.springframework.beans.factory.BeanDefinitionStoreException: IOException parsing XML document from class path resource [spring-mybatis.xml]; nested exception is java.io.FileNotFoundException: class path resource [spring-mybatis.xml] cannot be opened because it does not exist
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:344)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:304)
at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:181)
at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:217)
at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.importBeanDefinitionResource(DefaultBeanDefinitionDocumentReader.java:223)
... 37 more
Caused by: java.io.FileNotFoundException: class path resource [spring-mybatis.xml] cannot be opened because it does not exist
at org.springframework.core.io.ClassPathResource.getInputStream(ClassPathResource.java:172)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:330)
... 41 more
RT,有支持菜单权限以及数据权限的计划吗?
isEnable
bit(1) NOT NULL COMMENT '是否启用',
倒是能插入,这个影响系统使用不?
按照你的文档启动,访问任何请求都是404,少了什么,zookeeper也打开了
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.