My opinion on the first day contact of single sign-on

A few days ago the boss to set up the project framework, and then did not want me to follow up, but to do a single sign-on. I'm a cross-system. A little nervous, looked at the single sign on Sunday.

Theory carding:

Single Sign-on, or SSO, is one of the most popular solutions for enterprise business integration at the moment. The definition of SSO is that in multiple application systems, users can access all trusted applications with only one login.

When the user first accesses the application system, because has not logged in, will be directed to the authentication system to log in, according to the user provided login information, authentication system for identity verification, if through the verification, should return to the user a certified credential--ticket; When the user accesses another application, Will take this ticket, as the credentials of their own authentication, the application system to accept the request will send ticket to the authentication system for verification, check the legality of ticket. If verified, the user can access application System 2 and application 3 without having to log in again.

At present, in contrast, the original project based on the addition of an encryption layer, that is, the current user name in an encrypted way to another system, another system received a cryptographic string to parse him,

After parsing if the match is correct, log in directly (because at that time very tangled why encrypted transmission process does not encrypt the transmission of the past, so that the other side to decrypt the match? Instead of just giving the username, I tried transmitting a non-user fake name,

Error: Parse failed), if the user name matching failed to log in.

Here we will mainly show the secret process:

 PackageCom.zx.ps.aes;ImportJava.net.URLEncoder;ImportJavax.crypto.Cipher;ImportJavax.crypto.spec.SecretKeySpec;Importorg.apache.commons.codec.binary.Base64;/** * @author: CKx * @date: 2016-12-5 pm 9:32:52*/  Public classAesutil {//Encrypt     Public StaticString Encrypt (String sSrc, String SKey)throwsException {if(SKey = =NULL) {System.out.print ("Key is null NULL"); return NULL; }        //determine if key is 16-bit        if(Skey.length ()! = 16) {System.out.print ("Key length is not 16-bit"); return NULL; }        byte[] raw = Skey.getbytes ("Utf-8"); Secretkeyspec Skeyspec=NewSecretkeyspec (Raw, "AES"); Cipher Cipher= Cipher.getinstance ("aes/ecb/pkcs5padding");//"algorithm/Mode/complement Method"Cipher.init (Cipher.encrypt_mode, Skeyspec); byte[] encrypted = Cipher.dofinal (Ssrc.getbytes ("Utf-8")); return NewBase64 (). encodetostring (encrypted);//The BASE64 is used here to do transcoding functions, and can play 2 times encryption function.     }     //decryption     Public StaticString Decrypt (String sSrc, String SKey)throwsException {Try {            //determine if key is correct            if(SKey = =NULL) {System.out.print ("Key is null NULL"); return NULL; }            //determine if key is 16-bit            if(Skey.length ()! = 16) {System.out.print ("Key length is not 16-bit"); return NULL; }            byte[] raw = Skey.getbytes ("Utf-8"); Secretkeyspec Skeyspec=NewSecretkeyspec (Raw, "AES"); Cipher Cipher= Cipher.getinstance ("aes/ecb/pkcs5padding");            Cipher.init (Cipher.decrypt_mode, Skeyspec); byte[] encrypted1 =NewBase64 (). Decode (SSRC);//first decrypt with Base64 .            Try {                byte[] Original =cipher.dofinal (encrypted1); String originalstring=NewString (Original, "Utf-8"); returnoriginalstring; } Catch(Exception e) {System.out.println (e.tostring ()); return NULL; }        } Catch(Exception ex) {System.out.println (ex.tostring ()); return NULL; }    }      Public Static voidMain (string[] args)throwsException {/** AES-128-ECB encryption mode is used here and key needs to be 16 bits. */       //String ckey = "abcdefg123456789"; //strings that need to be encrypted//String CSRC = "Www.FDSA.soEEEEE";String ckey = "1234567891234567"; String CSRC= "20161201121212szzx"; String URL=urlencoder.encode ("Dtb90z5mwjtt7ojcu+zvjbqnuke2kpamffgpw2q8kfa=", "UTF-8");        System.out.println (URL);        System.out.println (CSRC); //EncryptString enstring =Aesutil.encrypt (CSRC, Ckey); System.out.println ("The encrypted string is:" +enstring); //decryptionString destring =Aesutil.decrypt (enstring, Ckey); System.out.println ("The decrypted string is:" +destring); }}

In the page of the system to another system jump hyperlink:

Encrypt the user and put the encrypted string in the hyperlink:

String ckey = "1234567891234567";             = "20161205193612zhongjunhua";            String ticket=aesutil.encrypt (CSRC, ckey);//Call encryption method to encrypt user            System.err.println ("###########" +  Ticket);            Dmp.put ("Zxssoticket", ticket);

This allows for simple single sign-on.

My opinion on the first day contact of single sign-on