A scheme for SSO __sso

Today, share a solution for SSO in web development.

1 background
Technology:
Java,redis,spring,spring Mvc,jackson,httpclient,mybatis,mysql.
Here mainly in the background of the concept of service to achieve, which requires that the previous paragraph will be a lot of effects are written, the back end only focus on services.

Here is a picture of the introduction of HA.

2 points to explain
All returned data formats are in JSON format
1sso is a separate service, abstracted here alone, features login, registration, SSO. Other business systems invoke the SSO service through HttpClient.

2 Use the UUID as the save of the cookie, the cookie save is to be unique, so using the UUID is to meet the requirements, if the concurrency is super large, consider other methods (UUID basic can be satisfied).

3redis Save user information, key in Redis, Redis_user_session_key_+token (UUID), value is JSON-formatted user information.

4 in the Business System request interceptor, get the requested source page URL and, if SSO is required, place the source page on the SSO login page, and after the SSO login succeeds, jump to the source page URL.

5 If the method that invokes SSO to obtain user information uses JSONP, then the service rollup that obtains the user information in the SSO system needs to be dealt with. This can be handled using the Mappingjacksonvalue class.

3 Core Code:
Interceptors for Business systems

Process
        //Determine if the user is logged in/
        out of the cookie before handler executes token
        String token = cookieutils.getcookievalue (Request, "Tt_ TOKEN ");
        Invoke the interface of the SSO system, in exchange for user information based on token.
        Tbuser user = Userservice.getuserbytoken (token);
        Cannot get user information
        if (null = = users) {
            //Jump to login page, pass user requested URL as parameter to login page.
            Response.sendredirect (Userservice.sso_domain_base_usrl + userservice.sso_page_login 
                    + "? redirect=" + Request.getrequesturl ());
            Returns false return False
            ;
        }
        Access to user information, release
        //Put user information into request
        Request.setattribute ("user", user);
        The return value determines whether handler is executed. true: execution, false: not executed. return
        true;

2sso Login Processing

list<tbuser> List = usermapper.selectbyexample (example);
        If you do not have this user name if (null = = List | | list.size () = 0) {return Jresult.build (400, "Username or password error");
        } tbuser user = List.get (0); Compare to Password if (! Digestutils.md5digestashex (Password.getbytes ()). Equals (User.getpassword ()) {return Jresult.build (400, "username or secret
        Code Error ");
        }//Generate token String token = Uuid.randomuuid (). toString ();
        Before saving the user, empty the password in the user object.
        User.setpassword (NULL);
        Write user information to Redis jedisclient.set (Redis_user_session_key + ":" + token, Jsonutils.objecttojson (user));

        Set the expiration time for the session jedisclient.expire (Redis_user_session_key + ":" + token, sso_session_expire);
        Add the logic of the write cookie, the expiration of the cookie is invalid when the browser is closed. Cookieutils.setcookie (Request, Response, "Tt_token", TOKEN); 

3sso Get user Information
Query user information from Redis based on token
String json = jedisclient.get (Redis_user_session_key + ":" + token);
To determine if it is empty
if (Stringutils.isblank (JSON)) {
Return Jresult.build (400, "This session has expired, please login again");
}
Update Expiration Time
Jedisclient.expire (Redis_user_session_key + ":" + token, sso_session_expire);
Return user Information
Return Jresult.ok (Jsonutils.jsontopojo (JSON, tbuser.class));

The source code will be given the address in the comment ha, after