3 Web-sso Implementation It is well known that WEB Protocol HTTP is a stateless protocol. A web app consists of a number of Web pages with a unique URL for each page. The user enters the page URL in the browser's address bar, and the browser sends the request to the Web server. For example, the browser sends two requests to the Web server and requests two pages. The requests for the two pages were using two separate HTTP connections respectively. The so-called stateless protocol is where the browser and Web server close the connection channel after the first request completes and reestablish the connection at the second request. The Web server does not distinguish which client the request is from, and all requests are treated equally, and are separate connections. This way is greatly different from the traditional C/s structure. But our usual application is stateful. Without mentioning SSO between different applications, you also need to save the user's login identity information in the same application. For example, the user logged on to page 1, but also mentioned that each client request is a separate connection, when the customer visited page 2 again, how to tell the Web server, the customer has just logged in? There is a convention between the browser and the server: Use cookie technology to maintain the state of the app. A cookie is a string that can be set by a Web server and can be saved in a browser. As shown, when the browser accesses page 1 o'clock, the Web server sets a cookie and returns the cookie and page 11 to the browser, which is saved after the browser receives the cookie, and when it accesses page 2, the cookie is also taken. When the Web server receives the request, it can read the value of the cookie, and it can judge and restore some users ' information status according to the content of the cookie value. Web-sso can fully use cookies to complete the storage of user login information, combining cookies in the browser with the ticket above to achieve SSO functionality. In order to complete a simple SSO feature, two parts of the collaboration are required:
- A unified identity authentication service.
- Modify the Web application so that each application is authenticated through this unified authentication service.
3.1 Example of Web SSO based on the above principles, I use the technology of the Java EE (JSP and servlet) to complete a simple sample with Web-sso. The sample contains an authentication server and two simple Web applications, enabling these two Web applications to perform Web-sso functions through a unified authentication service. All source code and binaries for this sample can be downloaded from the website address http://gceclub.sun.com.cn/wangyu/. Sample download, install deployment, and run Guide:
- The Web-sso sample is made up of three standard web applications, compressed into three zip files, and downloaded from the http://gceclub.sun.com.cn/wangyu/web-sso/. which
- Ssoauth (Http://gceclub.sun.com.cn/wangyu/web-sso/SSOAuth.zip) is an identity authentication service;
- SSOWebDemo1 (Http://gceclub.sun.com.cn/wangyu/web-sso/SSOWebDemo1.zip) and SSOWebDemo2 (http://gceclub.sun.com.cn/ Wangyu/web-sso/ssowebdemo2.zip) is the two web app used to demonstrate single sign-on.
- These three web applications did not make a war package because they could not be deployed directly, making minor changes based on the reader's deployment environment. The sample deployment and running environment has certain requirements, need to meet Servlet2.3 above standard Java EE container to run (such as Tomcat5,sun application Server 8, Jboss 4, etc.). In addition, the identity authentication service needs to JDK1.5 the operating environment. The reason to use JDK1.5 is because I use a thread-safe, high-performance Java collection class "Concurrentmap", only in JDK1.5.
- These three web applications can be deployed individually, and they can be deployed on different machines, different operating systems and different Java EE products, which are completely non-standard and platform-agnostic applications. There is a limitation, however, that the domain names of the two deployed applications (DEMO1, DEMO2) need to be the same, which in a later section explains the relationship between cookies and domain and how to make cross-domain Web-sso
- Unzip the Ssoauth.zip file, in Web. XML under/web-inf/, modify the properties of the "DomainName" to reflect the actual application deployment, domainname the domain name to which the two single sign-on apps (Demo1 and Demo2) belong. This domainname is not related to the domain name of the machine currently deployed by the Ssoauth service. My default setting is ". Sun.com". If you deploy DEMO1 and Demo2 machines without a domain name, enter an IP address or hostname (such as localhost), but if you use an IP address or hostname it means that demo1 and demo2 need to be deployed to a single machine. After setting up, depending on the Java EE container you choose, you may need to package Ssoauth This directory compression into a war file. This function can be accomplished with "JAR-CVF Ssoauth.war ssoauth/".
- Unzip the SSOWebDemo1 and SSOWebDemo2 files and find the Web. xml file under their/web-inf/, modifying several of these initialization parameters
<init-param>
<param-name>SSOServiceURL</param-name>
<param-value>http://wangyu.prc.sun.com:8080/SSOAuth/SSOAuth</param-value>
</init-param>
<init-param>
<param-name>SSOLoginPage</param-name>
<param-value>http://wangyu.prc.sun.com:8080/SSOAuth/login.jsp</param-value>
</init-param>
Modify the Ssoserviceurl and Ssologinpage to the machine name, port number, and root path (the default is Ssoauth) of the deployment Ssoauth application to reflect the actual deployment situation. After Setup, depending on the Java EE container you choose, you may need to package both SSOWebDemo1 and SSOWebDemo2 into two war files. This function can be accomplished with "JAR-CVF Ssowebdemo1.war ssowebdemo1/".
- Please enter the test URL (test.jsp) for the first web app, such as Http://wangyu.prc.sun.com:8080/SSOWebDemo1/test.jsp, which will automatically jump to the login interface if it is the first time, such as
- Log in using one of the three accounts from your system (for example, username: Wangyu, Password: Wangyu), and you will be able to see the test.jsp content successfully: Displays the current user name and welcome information.
- Please enter the test URL (test.jsp) for the second web app in the same browser, such as http://wangyu.prc.sun.com:8080/SSOWebDemo2/test.jsp. You will find that you do not need to log in again to see test.jsp content, as well as display the current user name and welcome information, and the welcome message explicitly displays the current app name (DEMO2).
The realization of Web-sso
