Single Sign-on and Rights Management nature: HTTP redirection

Go on to the first part of the "single sign-on and Rights Management" series: Single Sign-on and Rights Management essence, this article is about HTTP redirection, which is the basic knowledge of completing single sign-on.

Single sign-on needs to jump across multiple Web projects, using redirection technology to automate login operations. In addition, when the actual resource is migrated to a different URL, you can use redirection technology to automatically jump to the new URL and keep the original URL valid by using the redirect technique to access the original URL.

This article mainly from the following aspects of the introduction:

• REDIRECT Basic concepts
• Nginx redirection
• servlet redirection
• Spring uses redirection

Basic Concept Fundamentals

In the HTTP protocol, the server redirects by sending a specific response, and after receiving the response, the browser can determine the redirect based on the status code and re-request it using the specified new URL. The response status code for the redirect is 3xx, and the different status codes represent different redirection types.

The browser retrieves the new URL from the location in the response header and sends the request again.

Redirection type

Redirection types include permanent redirection, temporary redirection, special redirection, and different redirection types, which affect the browser's operation on the one hand and the search engine's inclusion.

Permanent redirection, refers to the original URL is no longer used, should prefer the new URL, the search engine robot will encounter the status code, trigger the update operation, using the new URL. The common status codes are 301,moved permanently.

Temporary redirection, if the requested resource is temporarily unavailable, but can be accessed from somewhere else. The search engine does not record the temporary link. The common status codes are 302 found,307 temporary Redirect.

Special Redirect, 304 not Modified resource is not modified, will fetch Web page from local cache, multiple Choice, is a manual redirection, user can choose to redirect the page.

Set Redirection method

In addition to the redirection method described above, you can also use the HTML Metay element, or JS to implement redirection, but it is recommended that the above methods are preferred.

The Content property value, and the first number indicates how many seconds to wait before jumping.

window.location = "https://www.mi.com";

Nginx redirect Rewrite

The main function of Nginx rewrite is to implement URL redirection, and its syntax rules are as follows:

rewrite <regex> <replacement> [flag]

Regex regular matches URLs that require redirection
Replacement replace content to replace regular matched content with replacement
Flag flag, specifically as follows:

• Last: After matching this rule, continue to match the new rewrite;
• Break: This rule matches the completion is terminated, the following rules no longer match;
• Redirect: Returns 302 temporary redirect;
• Permanent: Returns 301 Permanent redirect;

Rewirte the label segment position of the parameter: server,location,if

Rewrite example

REDIRECT Mi.com to www.mi.com

server {        listen 80;        server_name mi.com;        rewrite ^/(.*) http://www.mi.com/$1 permanent;}

Return

Direct redirection via return is as follows:

server {    listen 80;    server_name example.com;    return 301 $scheme://www.mi.com$request_uri;}

servlet redirection

First of all to distinguish between the concept of forwarding and redirection, forwarding is done on the server, the address in the browser address bar will not change, is a request, redirection is done on the browser side, the browser address bar will change, is two requests.

Whether forwarding or redirection, do not output content to the client until the method is executed.

Forward

public void doPost(HttpServletRequest request,HttpServletResponse response) throws ServletException,IOException {     response.setContentType("text/html; charset=utf-8");     ServletContext sc = getServletContext();        RequestDispatcher dispatcher = null;     dispatcher = sc.getRequestDispatcher("index.jsp");                  

redirect

public void doPost(HttpServletRequest request,HttpServletResponse response) throws ServletException,IOException {     response.setContentType("text/html; charset=utf-8");     

Spring uses redirection without parameters

With parameters

public String test(RedirectAttributes attributes) {     attributes.addAttribute("hello", "hello");     

This automatically appends the parameters to the redirected URL.

Spring MVC 3.1 Adds a new feature, a flash property that implements pass parameters, and resolves duplicate commit issues.

A normal controller processing, processing is completed, will be forward to a successful operation of the page, if the user press F5, will be submitted again, if you use redirect, you can avoid this problem.

public String test(RedirectAttributes attributes)  {      attributes.addFlashAttribute("hello", "hello");    return "redirect:/toList";  }  

Single Sign-on and Rights Management nature: HTTP redirection