Single Sign-on in Java Web site apps

Source: Internet
Author: User

Use the SSH architecture to illustrate:
1. Create a login management class Loginmanager
2. Define a collection in Loginmanager to manage the logged-in user.
3. In spring, configure Loginmanager as a singleton
4. If you are using a custom user management class, Name this class UserContext (representing the context of user authorization) for convenience.
5. If you are not using a custom user management class, use the session directly.
6. In the Login authorization object, check whether the user is a legitimate user, and if it is a legitimate user, find whether the user is online in the Loginmanager collection, and if not, add the user to the collection.
7. Processing strategy One: If the user is already online, then take the new login user's session and invalidate it, which will prevent the new logged-in user from logging in.
8. Processing Strategy Two: If the user is already online, remove the session of the online user, invalidate it, and then add the new login user to the Loginmanager collection. The logged-on user cannot perform a permission operation and can only log on again.

Code snippet:
1. Applicationcontext.xml

<BeanID= "Loginmanager"class= "Loginmanager"Scope= "Singleton" /><BeanID= "Action"class= "Loginaction"scopt= "Prototype" >    < Propertyname= "Laginmanager"ref= "Loginmanager" /></Bean>

2. Loginmanager.java

Collection<session>sessions; PublicSession Login (session session) { for(Session s:sessions) {if(S and session are the same user) policy one:returnSession Strategy two: {Sessions.add (session);//these two rows in the loop manipulate the collection class to throw an exceptionSessions.remove (s);//here is a simple demonstration code, which should be processed out of loop in the actual code.                returns;    }} sessions.add (session); return NULL;}

3. Loginaction.java

Loginmanager Loginmanager;  Public throws Exception {    take session    check    username, password if  (is a legitimate user) {        = Loginmanager.login ( session);         if (null! =session) Session.invalidate ();}    }

4. If you have customized the UserContext, you can change the collection to collection<usercontext> users;

5. Usercontext.java

Session session; Session getsession () {    returnthis. session;} Boolean Login (string userName, string password) {    Access database, check user name password     return  is legal;} Boolean Sameuser (UserContext UC) {    return uc.userName.equals (this. userName);}

6. Modify Loginmanager.java

Collection<usercontext>users; PublicUserContext Login (UserContext user) { for(UserContext uc:users) {if(Uc.sameuser (user)) policy one:returnUser Policy two: {users.add (user); //these two rows in the loop manipulate the collection class to throw an exceptionUsers.remove (UC);//here is a simple demonstration code, which should be processed out of loop in the actual code.            returnUC;    }} users.add (user); return NULL;}

7. Modify Loginaction.java

 Public throws Exception {    //  can also take session within UserContext.     New  UserContext ();    User.setsession (session);     if (User.login (userName, password)) {        = loginmanager.login (user);         if (null! =UC) uc.getsession (). invalidate ();}    }

Single Sign-on in Java Web site apps

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.