What is single sign-on?
Single Sign-on, or SSO, is one of the most popular solutions for enterprise business integration at the moment. The definition of SSO is that in multiple application systems, users can access all trusted applications with only one login.
How to implement single sign-on
Using cookies as a voucher medium
The simplest way to implement a single sign-on is to use cookies as a medium to store user credentials.
After the user logs in to the parent app, the app returns an encrypted cookie that, when the user accesses the sub-app, carries this cookie, authorizes the app to decrypt the cookie and checks it, and checks to log in to the current user.
650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M01/89/C4/wKioL1gcKa3xuiSYAADozfjqaPQ359.jpg-wh_500x0-wm_3 -wmp_4-s_3166792663.jpg "title=" 79702-b33138a8d24fc12b.jpg "alt=" Wkiol1gcka3xuisyaadozfjqapq359.jpg-wh_50 "/>
A cookie exists in the browser when the user logs on
private void initcookie (string pin) {try { Cookievalidate cookievalidate = new cookievalidate (); Cookievalidate.setpin (PIN); Cookievalidate.setceshi (Securityutil.md5 (New stringbuffer (Cookieencrypt.get ("DesPrefix")). Append (PIN). Append (Dateutil.formatdate (New date ())). ToString ()); Cookievalidate.settest (Securityutil.encrypt (new stringbuffer (PIN). Append (","). Append (Dateutil.formatdate (New date ())). ToString (), Cookieencrypt.get ("Deskey")); Cookievalidate.setip (SECURITYUTIL.MD5 (request)); Cookievalidate.setbrower (SECURITYUTIL.MD5 (Request.getheader ("user-agent")); String cookiestring = escapeutil.escape (Jsonutil.tojson (cookievalidate)); Cookieutil.createdcookie (Cookieencrypt.get ("Logincookiename"), cookiestring, -1);} catch (exception e) {log.error ("###### initcookie error ######", e);}}
Log in the interceptor to determine if the cookie resolves the correct user
If you do not jump to the login page correctly
The problem with this approach:
1. Cookies are not safe
2, can not be implemented across the domain to avoid landing
Single Sign-on