Simple implementation of single sign-on (SSO)

Recently learned that SSO, had not really understood before, checked a bit, in the enterprise, or large sites will use this technology. 1. What is SSO

English full name: Single Sign on, point login.

SSO is a multiple application system in which users can access all trusted applications with only one login. It includes a machine that can map this major login to other applications for the same user's login

System. It is one of the more popular solutions for enterprise business integration.

In the current enterprise application environment, there are often many application systems, such as office automation (OA) system, financial management system, file management system, Information Inquiry system and so on. These application systems serve the information of the enterprise

The construction, has brought the very good benefit for the enterprise. However, it is not convenient for users to use these application systems. Every time users use the system, they must enter the user name and user password for authentication, and the application system is different, with

User account is different, users must also remember multiple sets of user names and user passwords. Especially for the number of application systems, the number of users are also many enterprises, this problem is particularly prominent. The cause of the problem is not the failure of system development,

But the lack of overall planning, the lack of a unified user login platform, the use of SSO technology can solve these problems.

In short, it is common to say that using SSO, one logon, you can use all the systems.
2. Basic principles of implementation of SSO

Look up the information from the Internet, simply draw a picture, the simplest implementation, use cookies.

3. Simple implementation

First, we need to build 3 project SSO projects, SSO_WEBDEMO01 Business Projects and sso_webdemo02 business projects.

A lot of the code in 3 projects is duplicated, and it's copied directly here.

3.1 SSO Project

Ssoaction

The simple implementation of the verification operation,

Package org.ygy.sso.action;
Import java.io.IOException;

Import Java.util.Map;
Import Javax.servlet.http.Cookie;

Import Javax.servlet.http.HttpServletResponse; Import Lombok.
Data; Import Lombok.

Equalsandhashcode;
Import Org.apache.struts2.interceptor.ServletResponseAware;
Import Org.apache.struts2.interceptor.SessionAware;

Import org.ygy.sso.entity.UserEntity;

Import Com.opensymphony.xwork2.ActionSupport; @Data @EqualsAndHashCode (callsuper=false) public class Ssoaction extends Actionsupport implements Servletresponseaware
	
	, sessionaware{private static final long serialversionuid = -1783731180470175728l;
	Private String AppName;
	Private String sessionId;
	
	Private String sourceURL;
	Private userentity user;
	Private HttpServletResponse response;
	
	Private Map<string, object> session;
	@Override public void Setservletresponse (HttpServletResponse response) {this.response = response; @Override public void Setsession (Map<string, object> session) {ThiS.session = session; //Jump to the Login interface public String login_input () {//Here you can get the parameters passed over,//here, you need a lot of verification operations, here is omitted System.out.println ("appname-
		> "+ appName);
		
		System.out.println ("sourceurl->" + sourceURL);
		
		Session.put ("sourceURL", sourceURL);
	return SUCCESS; Public String Login () throws IOException {//Here simple output user login information, do not do processing System.out.println (User.getname () + "-->" + u
		
		Ser.getpassword ());
		
		String ticket = System.currenttimemillis () + "";
		
		After the login succeeds, redirect to the original application String URL = (string) session.get ("sourceURL");
		Cookie cookie = new Cookie ("Sso.ticket", ticket);
		Cookie.setmaxage (60*60*3);
		Here is a problem with the domain of a cookie, which can be solved temporarily using the SetPath method.

		Cookie.setpath ("/");
		Redirect back, user most original request interface Response.addcookie (cookie);
		
		Response.sendredirect (URL);
	return NONE;
 }

}

Struts.xml

<?xml version= "1.0" encoding= "UTF-8"?> <!
DOCTYPE struts public
    "-//apache Software foundation//dtd struts Configuration 2.0//en"
    "http:// Struts.apache.org/dtds/struts-2.0.dtd ">

<struts>
	<constant name=" struts.i18n.encoding "value = "Utf-8" ></constant>
	<constant name= "struts.multipart.maxSize" value= "20971520"/>
    < Constant Name= "Struts.devmode" value= "true"/> <package "name=" P_sso "/" namespace= "extends="
    
	>
		
		<action name= "Login_input" class= "org.ygy.sso.action.SSOAction" method= "Login_input" >
			< Result name= "Success" >/login.jsp</result>
		</action>
		
		<action name= "Login" class= " Org.ygy.sso.action.SSOAction "method=" Login ">
		</action>
	</package>
	
</struts >

3.2 sso_webdemo01 Project

In the case of the business system, an interceptor is used here to intercept the request:

1. User access to the business system

2. In the interceptor, get a cookie to find out if the specified cookie exists

3. Exist, jump to the user to access the interface

4. Does not exist, then jump to the SSO authentication system for login verification

Package org.ygy.demo01.action;
Import Javax.servlet.http.Cookie;
Import Javax.servlet.http.HttpServletRequest;

Import Javax.servlet.http.HttpServletResponse;

Import Org.apache.struts2.ServletActionContext;
Import com.opensymphony.xwork2.ActionInvocation;

Import Com.opensymphony.xwork2.interceptor.Interceptor; public class Logininterceptor implements interceptor {private static final long Serialversionuid = 2012849085577361846L

	; public void Destroy () {//Todo auto-generated method stub} public void Init () {//Todo auto-generated method St UB} public String intercept (actioninvocation invocation) throws Exception {HttpServletRequest request = Servletact
		
		Ioncontext.getrequest ();
		
		String result = "Success";	String ticket = null;
		Login tag//1. Verify login: Via Cookie//ps: now because of cross-domain problems, unable to resolve cookie[] cookies = request.getcookies ();
				for (Cookie cookie:cookies) {if (Cookie.getname (). Equals ("Sso.ticket")) {ticket = Cookie.getvalue (); System.out.println ("Ok--> "+ ticket);
			Break
			
			There is no user logon information in the IF (ticket = = null) {//cookie), you need to jump to login String sourceURL = Request.getrequesturl (). toString ();
			HttpServletResponse response = Servletactioncontext.getresponse (); Response.sendredirect ("http://localhost:8080/sso/login_input.action?appName=webdemo01&&sourceUrl=" +
		sourceURL);
		else {//already has ticket, can go to SSO system get login information result = Invocation.invoke ();
	return result;
 }

}

Package org.ygy.demo01.action;

Import Com.opensymphony.xwork2.ActionSupport;

public class Demo01action extends Actionsupport {
	
	private static final long Serialversionuid = 847600349062523237l;
  public String Hello () {return
		SUCCESS;
	}
}

<?xml version= "1.0" encoding= "UTF-8"?> <! DOCTYPE struts Public "-//apache Software foundation//dtd struts Configuration 2.0//en" "http://struts.apache.org/ Dtds/struts-2.0.dtd "> <struts> <constant name=" struts.i18n.encoding "value=" Utf-8 "></constant" > <constant name= "struts.multipart.maxSize" value= "20971520"/> <constant name= "Struts.devmode" value= "tr UE "/> <package name=" p_webdemo01 "namespace="/"extends=" Struts-default "> <interceptors> <in Terceptor name= "auth" class= "Org.ygy.demo01.action.LoginInterceptor" ></interceptor> < Interceptor-stack name= "base" > <interceptor-ref name= "auth" ></interceptor-ref> <interceptor-ref Name= "Basicstack" ></interceptor-ref> </interceptor-stack> </interceptors> <default-inter Ceptor-ref name= "base" ></default-interceptor-ref> <action name= "Hello class=" Org.ygy.demo01.action.Demo01Action "method=" Hello "> <result name=" Success ">hello.jsp</result> </action> </package>
 </struts>

3.3 sso_webdemo02 Project

This and the above business System 1 is the same, you can simply copy. 3.4 Test

1. Access to the business system http://localhost:8080/sso_webdemo01/hello.action

Will jump to the SSO system to verify that the login interface is displayed

2. Enter basic information, login

3. The system will jump to

Simply say here, this is the simplest implementation, in-depth study, go to the Internet to check more information.

Note: The above description of the cookie is not quite right, you can look at this reprinted blog:

Use of Cookie.setpath ()