xuxueli / xxl-sso Goto Github PK
View Code? Open in Web Editor NEWA distributed single-sign-on framework.(分布式单点登录框架XXL-SSO)
Home Page: http://www.xuxueli.com/xxl-sso/
License: GNU General Public License v3.0
A distributed single-sign-on framework.(分布式单点登录框架XXL-SSO)
Home Page: http://www.xuxueli.com/xxl-sso/
License: GNU General Public License v3.0
感觉客户端项目最好还是不要连接sso-server的redis,如果能吧票据的校验换成http请求来请求sso-server而不是直接通过redis来查询会不会更好呢?这样客户端和sso-server的耦合度也低了很多
现在系统从文档上看支持mysql数据库,能否通过扩展或其他插件支持oracle数据库
所需的SpringBoot版本是什么?导入项目以后有一些配置参数(server.context-path)提示deprecated
个人认为还需要优化的以下几点,不知是否合理?
1:客户端登陆后应把自己的注销地址发到sso center
2:客户端应本地缓存session,且时间不超过sso center返回的有效时间;客户端自行检查本地session, 过期后再次跳到sso center进行认证
3:sso center接收注销请求后,主动调用客户端注销地址
登出做的还不够合理
SsoTokenLoginHelper.java 的第74行:
// After the expiration time has passed half, Auto refresh
if ((System.currentTimeMillis() - xxlUser.getExpireFreshTime()) > xxlUser.getExpireMinite()/2) {
xxlUser.setExpireFreshTime(System.currentTimeMillis());
SsoLoginStore.put(storeKey, xxlUser);
}
不能用毫秒与分钟进行比较。。。
需要考虑ajax请求的重定向兼容问题
admin/111111
WebMvcConfigurer是一个spring自带的接口,而且WebMvcConfigurerAdapter在Spring5中已经@deprecated
如体,前端项目使用的vue/react ,后端ssm,这样的项目怎么集成sso呢?
XxlSsoFilter的SsoLoginHelper.loginCheck(cookieSessionId);应该是需要到服务端去验证sessionId吧
可以封装个http请求去做验证,这样才真正的客户端与服务端分离,目前代码实现是直接在本地的redis缓存获取了,实际生产上客户端不知道服务端的redis的
hello, 源码中cookie domain不设置, 但web规范set-cookie中domain为空时会默认为当前访问的主机地址. 那请问多域名下cookie是如何跨域的
xxl-sso/xxl-sso-core/src/main/java/com/xxl/sso/core/entity/ReturnT.java
xxl-sso/xxl-sso-server/src/main/java/com/xxl/sso/server/core/result/ReturnT.java
这两个类貌似代码重复,是不是可以只保留 xxl-sso-core 中的 ReturnT.java
请问有没有跟SpringCloud集成的demo呀
1、基础服务为模块化,springboot版本2.2.4.RELEASE,XxlSsoConfig类初始化时无法通过@value获取xxl-sso相关配置值,导致服务无法启动;
2、代码中通过魔法值形式将xxl-sso固定写死启动服务时系统卡死在 JedisUtil.init(xxlSsoRedisAddress); 这一步,通过netstat -ano|grep 6379查询redis连接已建立,redis地址配置为rediss://:[email protected]:6379/0;
求指导,谢谢
希望增加未登录可以调用接口的实现,比如我需要开放给第三方的接口或者只是一个简单分享页面的简单数据调用这些不需要登录的场景,例如接口名已/open 开头的都不需要登录就可以调用这样,希望采纳。
当前redis的过期时间是固定的,时间到期之后,无论用户是否在操作,都会自动登出。个人认为这是不合适的,期望能够改进
token放在redis里没问题,但是redis地址暴露给其他client,这样就不科学了
看了下,好像每个client都是直接连上Redis去检查是否登陆的,难道不应该是统一通过Server的接口去统一校验的吗?Server端还可以做其他的统一的拦截处理
token验证方式增加jwt方式支持
对调 userID 与 version,否则同一用户在redis中仅存在一份session信息;
在已有过滤器[XxlSsoWebFilter]基础上,增加过滤器:仅校验sessionID的有效性,失败时不跳转SSO登陆页;
XxlSsoUser中的[plugininfo]改为:Map<String, Object> ;
修复bug:SsoTokenLoginHelper.loginCheck():用毫秒比分钟;
修复bug:SsoLoginStore.put(): redisExpireMinite 需改为 xxlUser.getExpireMinite() ;
你好。如题,为什么客户端还要配置redis呢?我认为这应该是server端实现的细节。
来个php和node.js,和asp 的接入方式吧!
2019-05-31 15:00:27.425 ERROR 18284 --- [nio-8220-exec-2] o.a.c.c.C.[.[.[/].[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is feign.codec.DecodeException: Could not extract response: no suitable HttpMessageConverter found for response type [class cn.bjhxat.entity.SysUser] and content type [text/html;charset=UTF-8]] with root cause
org.springframework.web.client.RestClientException: Could not extract response: no suitable HttpMessageConverter found for response type [class cn.bjhxat.entity.SysUser] and content type [text/html;charset=UTF-8]
at org.springframework.web.client.HttpMessageConverterExtractor.extractData(HttpMessageConverterExtractor.java:121) ~[spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE]
at org.springframework.cloud.openfeign.support.SpringDecoder.decode(SpringDecoder.java:59) ~[spring-cloud-openfeign-core-2.1.1.RELEASE.jar:2.1.1.RELEASE]
at org.springframework.cloud.openfeign.support.ResponseEntityDecoder.decode(ResponseEntityDecoder.java:62) ~[spring-cloud-openfeign-core-2.1.1.RELEASE.jar:2.1.1.RELEASE]
at feign.optionals.OptionalDecoder.decode(OptionalDecoder.java:36) ~[feign-core-10.1.0.jar:na]
at feign.SynchronousMethodHandler.decode(SynchronousMethodHandler.java:176) ~[feign-core-10.1.0.jar:na]
at feign.SynchronousMethodHandler.executeAndDecode(SynchronousMethodHandler.java:140) ~[feign-core-10.1.0.jar:na]
at feign.SynchronousMethodHandler.invoke(SynchronousMethodHandler.java:78) ~[feign-core-10.1.0.jar:na]
at feign.ReflectiveFeign$FeignInvocationHandler.invoke(ReflectiveFeign.java:103) ~[feign-core-10.1.0.jar:na]
at com.sun.proxy.$Proxy113.login(Unknown Source) ~[na:na]
at cn.bjhxat.service.impl.PayoutPaymentServiceImpl.getPayment(PayoutPaymentServiceImpl.java:24) ~[main/:na]
at cn.bjhxat.service.impl.PayoutPaymentServiceImpl$$FastClassBySpringCGLIB$$3710760a.invoke() ~[main/:na]
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218) ~[spring-core-5.1.7.RELEASE.jar:5.1.7.RELEASE]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:749) ~[spring-aop-5.1.7.RELEASE.jar:5.1.7.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) ~[spring-aop-5.1.7.RELEASE.jar:5.1.7.RELEASE]
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:295) ~[spring-tx-5.1.7.RELEASE.jar:5.1.7.RELEASE]
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:98) ~[spring-tx-5.1.7.RELEASE.jar:5.1.7.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.1.7.RELEASE.jar:5.1.7.RELEASE]
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:688) ~[spring-aop-5.1.7.RELEASE.jar:5.1.7.RELEASE]
at cn.bjhxat.service.impl.PayoutPaymentServiceImpl$$EnhancerBySpringCGLIB$$3af8df6d.getPayment() ~[main/:na]
at cn.bjhxat.web.PayoutPaymentController.getPayment(PayoutPaymentController.java:20) ~[main/:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_181]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_181]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_181]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_181]
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:190) ~[spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE]
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138) ~[spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104) ~[spring-webmvc-5.1.7.RELEASE.jar:5.1.7.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:892) ~[spring-webmvc-5.1.7.RELEASE.jar:5.1.7.RELEASE]
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:797) ~[spring-webmvc-5.1.7.RELEASE.jar:5.1.7.RELEASE]
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87) ~[spring-webmvc-5.1.7.RELEASE.jar:5.1.7.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1039) ~[spring-webmvc-5.1.7.RELEASE.jar:5.1.7.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:942) ~[spring-webmvc-5.1.7.RELEASE.jar:5.1.7.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1005) ~[spring-webmvc-5.1.7.RELEASE.jar:5.1.7.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:897) ~[spring-webmvc-5.1.7.RELEASE.jar:5.1.7.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:645) ~[javax.servlet-api-4.0.1.jar:4.0.1]
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:882) ~[spring-webmvc-5.1.7.RELEASE.jar:5.1.7.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:750) ~[javax.servlet-api-4.0.1.jar:4.0.1]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) ~[tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) ~[tomcat-embed-websocket-9.0.19.jar:9.0.19]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.19.jar:9.0.19]
at org.springframework.boot.actuate.web.trace.servlet.HttpTraceFilter.doFilterInternal(HttpTraceFilter.java:90) ~[spring-boot-actuator-2.1.5.RELEASE.jar:2.1.5.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.19.jar:9.0.19]
at com.xxl.sso.core.filter.XxlSsoWebFilter.doFilter(XxlSsoWebFilter.java:112) ~[xxl-sso-core-1.1.0.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.19.jar:9.0.19]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) ~[spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.19.jar:9.0.19]
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:92) ~[spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.19.jar:9.0.19]
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93) ~[spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.19.jar:9.0.19]
at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.filterAndRecordMetrics(WebMvcMetricsFilter.java:117) ~[spring-boot-actuator-2.1.5.RELEASE.jar:2.1.5.RELEASE]
at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:106) ~[spring-boot-actuator-2.1.5.RELEASE.jar:2.1.5.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.19.jar:9.0.19]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200) ~[spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-5.1.7.RELEASE.jar:5.1.7.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:200) ~[tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490) [tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) [tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) [tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) [tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408) [tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:836) [tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1747) [tomcat-embed-core-9.0.19.jar:9.0.19]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-9.0.19.jar:9.0.19]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_181]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_181]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-9.0.19.jar:9.0.19]
at java.lang.Thread.run(Thread.java:748) [na:1.8.0_181]
原文:
4.7 基于Token,相关感念
应为:
4.7 基于Token,相关概念
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'xxlSsoConfig' defined in file [C:\Users\Administrator\Desktop\code\xxl-sso\xxl-sso-server\target\classes\com\xxl\sso\server\config\XxlSsoConfig.class]: Invocation of init method failed; nested exception is redis.clients.jedis.exceptions.JedisExhaustedPoolException: Could not get a resource since the pool is exhausted
启动的时候报这个,为什么啊
redis需要增加password验证
rt
为了充分利用Redis自己的逻辑分库,可以改进JedisUtil类,将SSO中心用于登陆的信息存在Redis指定的库中,用以区分其他库里存储其他的内容信息,还有大多数的redis可能会设置密码
修改代码的地方:
``
String redisAddress = "http://username:password@ip:port/dbIndex";
JedisShardInfo jedisShardInfo = new JedisShardInfo(redisAddress);
``
希望作者重新考虑下,功能上说支持跨域,也就是说支持2个业务站点互相访问,根据cookie或者token获取用户信息这块,client居然直接去连sso-server的redis,很多情况下是不现实的,这些场景下也直接导致该方案不可用,已经有兄弟建议使用http的方式访问sso-server验证cookie/token并拿到认证主体,然后在本地应用构建session。
看了下源码,其实实现是回调url通过参数传sessionid,然后再写cookie,这里设置cookie的domain为null来实现“大规模”跨域,不但跨域,而且跨了所有域,也就是所有网站都能拿到你这个cookie,基本没有任何安全性可言····
弱弱提几点建议:
1、cookie的方式实现安全跨域确实比较麻烦,因为cookie天生不能跨域,所以有很多hack方法都需要在页面用js实现,比如使用ajax jsonp或者h5的iframe嵌套postMessage实现,不过这些可能都不是太通用的方案
2、token天生支持跨域,如jwt这类携带信息多还轻量级的token可以考虑支持
单点登录适用范围还是传统企业软件开发多一些,所以spring mvc 的应用比spring boot 更多。
增加框架的通用性,例如:sso-client.jar sso-server.war,达到真正的开箱及用
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.