the definition of a single point of landing :
The abbreviation for SSO is one of the most popular solutions for enterprise business integration at present. SSO is defined in multiple application systems where users can access all trusted applications with only one login.
Technology Implementation Mechanism :
When the user first accesses the application System 1, because there is no login, will be guided to the authentication system for login, according to the user provided the login information, authentication system to authenticate, if through the effectiveness, should return to the user a certified credential--ticket; When users visit other applications, Will take this ticket, as the credentials of their own certification, the application system to accept the request will be sent to the ticket certification system, check the legality of ticket. With effectiveness, users can access application 2 and application System 3 without having to log in again.
The open source Jasig single Point login system includes the following:
CAS-SERVER-3.4.10: A unified User Login authentication system
cas-client-3.2.1: Files introduced by user clients
Take the Java system for example:
Integration steps for the Unified user system:
http://www.ja-sig.org/downloads/cas-clients/
1) Download CAS client jar packs
Cas-client-core-3.2.1.jar
Put this jar bag in the Web-inf\lib directory
2) Modify Web.xml add CAs filter filter
<!--for single point exit, which is used to implement single point logout, optional configuration-->
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<!--the filter is used for single point logout and optional configuration. -->
<filter>
<filter-name>cassingle Sign out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>cassingle Sign out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--the filter is responsible for the user's authentication and must be enabled-->
<filter>
<filter-name>CASFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://sso.haier.com:8443/cas/login</param-value>
<!--the server here is the service side of the ip-->
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://www.haiertest.com:58080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CASFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--the filter is responsible for ticket calibration, it must be enabled-->
<filter>
<filter-name>casvalidation filter</filter-name>
<filter-class>
Org.jasig.cas.client.validation.cas20proxyreceivingticketvalidationfilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://sso.haier.com:8443/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://www.haiertest.com:58080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>casvalidation filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--
The filter is responsible for implementing the package requested by HttpServletRequest,
For example, allow the developer to obtain the login name of the SSO logged-on user through the HttpServletRequest getremoteuser () method, optional configuration.
-->
<filter>
<filter-name>cashttpservletrequest wrapper filter</filter-name>
<filter-class>
Org.jasig.cas.client.util.httpservletrequestwrapperfilter</filter-class>
</filter>
<filter-mapping>
<filter-name>cashttpservletrequest wrapper filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--
The filter allows the developer to obtain the user's login name through Org.jasig.cas.client.util.AssertionHolder.
such as Assertionholder.getassertion (). Getprincipal (). GetName ().
-->
<filter>
<filter-name>casassertion Thread Local filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>casassertion Thread Local filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--automatically set the user information of the system according to the result of single sign-on-->
<filter>
<display-name>AutoSetUserAdapterFilter</display-name>
<filter-name>AutoSetUserAdapterFilter</filter-name>
<filter-class>com.haier.demo.filter.AutoSetUserAdapterFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AutoSetUserAdapterFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--======================== single sign-on end ========================-->
3 Add the Autosetuseradapterfilter class to automatically set session user information based on CAS information .
It is primarily through the _const_cas_assertion_ of CAs that the user name logged in from the CAS server is obtained, and then based on the user tools within the system ( Userutil.java to determine whether you have logged in, if there is no login based on the login to query user information from the database, and finally use the settings to set the user information to the current session.
This saves the user information in the Sessino, and we can get the currently logged-on user through the Userutil tool.
public class Autosetuseradapterfilter implements Filter {
/**
* Defaultconstructor.
*/
Publicautosetuseradapterfilter () {
}
/**
* @seeFilter #destroy ()
*/
Public Voiddestroy () {
}
/**
* Filtering logic: First to determine whether a single sign-on account is already in the system,
* If no user object is queried using the user query interface and set in session
* @seeFilter #dofilter (servletrequest, Servletresponse, Filterchain)
*/
Public Voiddofilter (ServletRequest request, servletresponse response, Filterchain chain) throws IOException,
servletexception {
HttpServletRequest HttpRequest = (httpservletrequest) request;
_const_cas_assertion_ is the session flag for login user names in CAs
Objectobject =httprequest.getsession (). getattribute ("_const_cas_assertion_");
if (object!= null) {
Assertion Assertion = (assertion) object;
String loginName = Assertion.getprincipal (). GetName ();
User user = Userutil.getcurrentuser (httprequest.getsession ());
The first time to log on to the system
if (user = null) {
Webapplicationcontext WCT =webapplicationcontextutils.getwebapplicationcontext (HttpRequest
. GetSession (). Getservletcontext ());
Usermanagerusermanager = (Usermanager) wct.getbean ("Usermanager");
User =usermanager.finduserbyloginname (LoginName);
Save user information to session
Userutil.saveusertosession (Httprequest.getsession (), user);
}
}
Chain.dofilter (request, response);
}
/**
* @seeFilter #init (filterconfig)
*/
Public Voidinit (Filterconfig fconfig) throws Servletexception {
}
}
Related knowledge: http://hhw3.blog.163.com/blog/static/2690966201411265579770/