Java Single Sign-on

About Single sign-on issues, we must be in the project, or go out to interview is certainly more or less encountered similar problems, the following I have summarized the theoretical knowledge of the implementation of the code is not necessary.

Java single-system implementation of single-sign-on the original as follows:

1, the user first login, send the user name and password, enter the system, the system to verify.

2. Verify that the user is correct if the login page is not correctly returned, if correct, create a session and hold an ID value to send to the user.

3, the user page to get the ID is generally stored in the cookie.

4. The next time a user needs to request a resource, send the ID value directly in the cookie plus the resource that needs to be requested.

5, get this ID after judging whether the correct and then return the resources to the user, if there is no such ID content, and back to the first step.

In Java, distributed systems implement single sign-on as follows:

1, the user first log on, send the user name and password, enter the login server, verify success, create a token, and then give the home System 1 authorization token, home System 1 will create a session.

2, the user in the request System 2, the System 2 does not know whether the user is logged in, and then after the request to the login server, the login server will see if there is an authorization token, if any, return to System 2, let system 2 create a session.

4, the first time the user requests for this system, will go to the login server for verification, after verification, there is no need to verify again.

5, when the user chooses to log off, only need to send out the instructions sent to the login server, the login server will be the user in the entire subsystem logoff.

It was just a summary of a single sign-on blog, and I felt that it was too long and summed up several key points.

Java Single Sign-on