springboot,aouth2,gateway(鉴权) 一、单体应用就使用sso单个项目实现。 二、springboot,aouth2方式就是要有一个前端和后端,前端加 @EnableOAuth2Sso @Configuration @EnableGlobalMethodSecurity(securedEnabled = true) public class SecurityConfig extends WebSecurityConfigurerAdapter { @Value("${auth-server}") private String authserver; @Override protected void configure(HttpSecurity http) throws Exception { http.headers().frameOptions().disable(); http.logout() .logoutSuccessUrl(authserver+"/exit"); http.authorizeRequests() .anyRequest() .authenticated() .and().cors().and().csrf().disable(); } } 在yml里面配置加入 auth-server: http://127.0.0.1:9950/auth security: oauth2: client: client-id: client client-secret: secret scope: all access-token-uri: ${auth-server}/oauth/token user-authorization-uri: ${auth-server}/oauth/authorize resource: token-info-uri: ${auth-server}/oauth/check_token 后端微服务提供者在Controller里面需要加入@CrossOrigin(allowCredentials="true",maxAge = 3600)//跨域 在yml里面配置加入 auth-server: http://127.0.0.1:9950/auth security: oauth2: client: client-id: client client-secret: secret scope: all resource: token-info-uri: ${auth-server}/oauth/check_token 三、springboot,aouth2,gateway配合在二上面将前端修改成无oauth2去掉增加的yml,WebSecurityConfigurerAdapter的内容,在页面里面使用sessionStorage进行set和get的access_token存取,用access_token进行访问后端微服务。 后端微服务提供者在Controller里面去掉@CrossOrigin(allowCredentials="true",maxAge = 3600) yml里面的内容保留。