Single Sign-on in Java Web site apps

Use the SSH architecture to illustrate:
1. Create a login management class Loginmanager
2. Define a collection in Loginmanager to manage the logged-in user.
3. In spring, configure Loginmanager as a singleton
4. If you are using a custom user management class, Name this class UserContext (representing the context of user authorization) for convenience.
5. If you are not using a custom user management class, use the session directly.
6. In the Login authorization object, check whether the user is a legitimate user, and if it is a legitimate user, find whether the user is online in the Loginmanager collection, and if not, add the user to the collection.
7. Processing strategy One: If the user is already online, then take the new login user's session and invalidate it, which will prevent the new logged-in user from logging in.
8. Processing Strategy Two: If the user is already online, remove the session of the online user, invalidate it, and then add the new login user to the Loginmanager collection. The logged-on user cannot perform a permission operation and can only log on again.

Code snippet:
1. Applicationcontext.xml

<BeanID= "Loginmanager"class= "Loginmanager"Scope= "Singleton" /><BeanID= "Action"class= "Loginaction"scopt= "Prototype" >    < Propertyname= "Laginmanager"ref= "Loginmanager" /></Bean>

2. Loginmanager.java

Collection<session>sessions; PublicSession Login (session session) { for(Session s:sessions) {if(S and session are the same user) policy one:returnSession Strategy two: {Sessions.add (session);//these two rows in the loop manipulate the collection class to throw an exceptionSessions.remove (s);//here is a simple demonstration code, which should be processed out of loop in the actual code.                returns;    }} sessions.add (session); return NULL;}

3. Loginaction.java

Loginmanager Loginmanager;  Public throws Exception {    take session    check    username, password if  (is a legitimate user) {        = Loginmanager.login ( session);         if (null! =session) Session.invalidate ();}    }

4. If you have customized the UserContext, you can change the collection to collection<usercontext> users;

5. Usercontext.java

Session session; Session getsession () {    returnthis. session;} Boolean Login (string userName, string password) {    Access database, check user name password     return  is legal;} Boolean Sameuser (UserContext UC) {    return uc.userName.equals (this. userName);}

6. Modify Loginmanager.java

Collection<usercontext>users; PublicUserContext Login (UserContext user) { for(UserContext uc:users) {if(Uc.sameuser (user)) policy one:returnUser Policy two: {users.add (user); //these two rows in the loop manipulate the collection class to throw an exceptionUsers.remove (UC);//here is a simple demonstration code, which should be processed out of loop in the actual code.            returnUC;    }} users.add (user); return NULL;}

7. Modify Loginaction.java

 Public throws Exception {    //  can also take session within UserContext.     New  UserContext ();    User.setsession (session);     if (User.login (userName, password)) {        = loginmanager.login (user);         if (null! =UC) uc.getsession (). invalidate ();}    }

Single Sign-on in Java Web site apps