Cross-Server login authentication (SSO) process and JAVA Implementation

If our website needs to undergo unified authentication with another domain name, that is, to log on to our website, but the real function is provided on another website. Many of them are in passport mode.

 

The entire authentication can be completed in three steps

 

Step 1: Local verification

This is simple. Enter the local user name and password, then the server passes authentication, and return the correct cookie;

 

Step 2: perform remote authentication and return the remote connection

The local cookie is used to confirm the validity of the user. Then the server calls the remote login program and returns a URL of the remote authentication number. The URL contains a unique authentication code and uses location.

 

Step 3: Remote Logon

The client uses the URL of the previous step to access the remote server. The server confirms that the authentication code is correct and then returns the correct remote cookie.

 

So far, local authentication is achieved through a URL.

 

The following is the normal code, which is the authentication process of the Wulin hero of verycd. Its logon service is provided by verycd, while 9wee is provided by the real service.

 

Package Org. javaren. hero; <br/> Import Java. io. bufferedreader; <br/> Import Java. io. inputstream; <br/> Import Java. io. inputstreamreader; <br/> Import Java. io. outputstream; <br/> Import java.net. socket; <br/> Import java.net. urlencoder; <br/> Import Java. util. authentication; <br/>/** <br/> * cross-Server login verification (SSO) <br/> * @ author Java century network (java2000.net, laozizhu.com) <br/> */<br/> public class login {< Br/> Public static string getcookie () {<br/> system. out. print ("input Username:"); <br/> Plugin in = new partition (system. in); <br/> string username = in. next (); <br/> system. out. print ("Enter Password:"); <br/> string Password = in. next (); <br/> try {<br/> // local authentication <br/> string cookie = postlogin (username, password ); <br/> If (cookie = NULL) {<br/> return NULL; <br/>}< br/> // Server Remote Authentication <br/> string url = getlogin2 (Cookie); <br/> If (url = NULL) {<br/> return NULL; <br/>}< br/> // remote access authentication <br/> string cookie2 = getlogin3 (URL. substring ("http://s4.verycd.9wee.com ". length (); <br/> // system. out. println (cookie2); <br/> return cookie2; <br/>}catch (exception ex) {<br/> ex. printstacktrace (); <br/> return NULL; <br/>}< br/> Private Static string postlogin (string username, string password) throws ex Ception {<br/> Socket socket = new socket ("secure.verycd.com", 80); <br/> try {<br/> stringbuilder sb = new stringbuilder (); <br/> Sb. append ("post/signin? F = out HTTP/1.1/R/N "); <br/> Sb. append ("Host: secure.verycd.com/r/n"); <br/> Sb. append ("User-Agent: Mozilla/5.0 (windows; U; Windows NT 5.1; ZH-CN; RV: 1.9.1.3) Gecko/20090824 Firefox/3.5.3/R/N "); <br/> Sb. append ("accept: text/html, application/XHTML + XML, application/XML; q = 0.9, */*; q = 0.8/R/N "); <br/> Sb. append ("Accept-language: ZH-CN, ZH; q = 0.5/R/N"); <br/> Sb. append ("Accept-encoding: gzip, deflate/R/N"); <Br/> Sb. append ("Accept-charset: gb2312, UTF-8; q = 0.7, *; q = 0.7/R/N"); <br/> Sb. append ("Referer: http://secure.verycd.com/3rdServices/50hero/r/n"); <br/> Sb. append ("Content-Type: Application/X-WWW-form-urlencoded/R/N "); <br/> string data = "Ru = http % 3A % 2f % 2fsecure.verycd.com % 2f3rdservices % 2f50hero & login_submit = % E7 % 99% BB % E5 % BD % 95 & username =" <br/> + urlencoder. encode (username, "UTF-8") + "& Password =" + u Rlencoder. encode (password, "UTF-8"); <br/> Sb. append ("Content-Length:" + data. getbytes ("UTF-8 "). length + "/R/N"); <br/> Sb. append ("/R/N"); <br/> Sb. append (data); <br/> outputstream OS = socket. getoutputstream (); <br/> OS. write (sb. tostring (). getbytes ("UTF-8"); <br/> OS. flush (); <br/> inputstream is = socket. getinputstream (); <br/> bufferedreader reader = new bufferedreader (New inputstreamreader (I S, "UTF-8"); // read results <br/> string line; <br/> stringbuilder cookiesb = new stringbuilder (); <br/> int index; <br/> while (line = reader. readline ())! = NULL) {<br/> If (line. startswith ("Set-COOKIE:") {<br/> If (! Line. contains ("= deleted;") {<br/> Index = line. indexof (";"); <br/> If (index> 12) {<br/> cookiesb. append (line. substring (12, index + 1); <br/>}< br/>} else if (line. startswith ("Location:") {<br/> If (line. contains ("error_code") {<br/> return NULL; <br/>}< br/> is. close (); <br/> reader. close (); <br/> return cookiesb. tostring (); <br/>}finally {<br/> socket. close (); <Br/>}< br/> Private Static string getlogin2 (string cookie) throws exception {<br/> Socket socket = new socket ("secure.verycd.com", 80); <br/> try {<br/> stringbuilder sb = new stringbuilder (); <br/> Sb. append ("Get/signin? Ak = 50 hero & Ru = http % 3A % 2f % 2fs4.verycd.9wee.com % 2fpassport. php http/1.1/R/N "); <br/> Sb. append ("Host: secure.verycd.com/r/n"); <br/> Sb. append ("User-Agent: Mozilla/5.0 (windows; U; Windows NT 5.1; ZH-CN; RV: 1.9.1.3) Gecko/20090824 Firefox/3.5.3/R/N "); <br/> Sb. append ("accept: text/html, application/XHTML + XML, application/XML; q = 0.9, */*; q = 0.8/R/N "); <br/> Sb. append ("Accept-language: ZH-CN, ZH; q = 0.5/R/N"); <Br/> Sb. append ("Accept-encoding: gzip, deflate/R/N"); <br/> Sb. append ("Accept-charset: gb2312, UTF-8; q = 0.7, *; q = 0.7/R/N"); <br/> Sb. append ("Referer: http://secure.verycd.com/3rdServices/50hero/r/n"); <br/> Sb. append ("Cookie:" + Cookie + "/R/N"); <br/> Sb. append ("/R/N"); <br/> outputstream OS = socket. getoutputstream (); <br/> OS. write (sb. tostring (). getbytes ("UTF-8"); <br/> OS. flush (); <br/> inputst Ream is = socket. getinputstream (); <br/> bufferedreader reader = new bufferedreader (New inputstreamreader (is, "UTF-8"); // read the result <br/> string line; <br/> while (line = reader. readline ())! = NULL) {<br/> If (line. startswith ("Location:") {<br/> return line. substring (10); <br/>}< br/> is. close (); <br/> reader. close (); <br/> return NULL; <br/>}finally {<br/> socket. close (); <br/>}< br/> Private Static string getlogin3 (string URL) throws exception {<br/> Socket socket = new socket ("s4.verycd.9wee.com", 80); <br/> try {<br/> stringbuilder sb = new stringbuilder (); <Br/> Sb. append ("get" + URL + "HTTP/1.1/R/N"); <br/> Sb. append ("Host: s4.verycd.9wee.com/r/n"); <br/> Sb. append ("User-Agent: Mozilla/5.0 (windows; U; Windows NT 5.1; ZH-CN; RV: 1.9.1.3) Gecko/20090824 Firefox/3.5.3/R/N "); <br/> Sb. append ("accept: text/html, application/XHTML + XML, application/XML; q = 0.9, */*; q = 0.8/R/N "); <br/> Sb. append ("Accept-language: ZH-CN, ZH; q = 0.5/R/N"); <br/> Sb. append ("Accept -Encoding: gzip, deflate/R/N "); <br/> Sb. append ("Accept-charset: gb2312, UTF-8; q = 0.7, *; q = 0.7/R/N"); <br/> Sb. append ("Referer: http://secure.verycd.com/3rdServices/50hero/r/n"); <br/> Sb. append ("/R/n/R/N"); <br/> outputstream OS = socket. getoutputstream (); <br/> OS. write (sb. tostring (). getbytes ("UTF-8"); <br/> OS. flush (); <br/> inputstream is = socket. getinputstream (); <br/> bufferedreader reader = N EW bufferedreader (New inputstreamreader (is, "UTF-8"); // read results <br/> string line; <br/> stringbuilder cookiesb = new stringbuilder (); <br/> int index; <br/> while (line = reader. readline ())! = NULL) {<br/> If (line. length () = 0) {<br/> break; <br/>}< br/> If (line. startswith ("Set-COOKIE:") {<br/> Index = line. indexof (";"); <br/> If (index> 12) {<br/> cookiesb. append (line. substring (12, index + 1); <br/>}< br/> is. close (); <br/> reader. close (); <br/> return cookiesb. tostring (); <br/>}finally {<br/> socket. close (); <br/>}< br/>