The basic implementation of Java Web User single sign-on scheme __web

Source: Internet
Author: User
Tags java web

In the lab just finished project, there is such a requirement, an account can only be logged in one place at a time, if you log in elsewhere, you are prompted to log in elsewhere until the logged in account is invalidated or exited, and the same browser can only log on to one user at a time.

First, consider the problem of not being able to repeat logins. In the project, I use the session to store the user's information, when the user logs in, create a session, the user name, user logic ID, login time and other attributes into the session. Consider using application to prevent duplicate logons. Defines a variable loginusermap for a map<long,string> type. Each of its records stores the logical ID of the logged-on user and the SessionID of the corresponding session. This way, each time the user logs in to traverse Loginusermap, if there is no corresponding userlogicid or SessionID to allow logon, otherwise prompted to log in elsewhere.

					Determine whether to repeat login isloginexists = false;
					Ifsessioninvalidate = false;
					Loginusermap = (Map<long, string>) acx.getapplication (). get (Webconstant.login_user_map);
					if (Loginusermap = = null) {Loginusermap = new Hashmap<long, string> ();
					HttpServletRequest request = Servletactioncontext.getrequest ();
					String sessionId = Request.getsession (false). GetId ();
					System.out.println ("sessionId" + sessionId); For (Long UserlogicId2:loginUserMap.keySet ()) {if (!userlogicid2.equals userlogicid) &&!loginusermap.con
						Tainsvalue (sessionId)) {//different browsers do not allow the same user to repeat login continue; } if (Userlogicid2.equals (userlogicid) &&!loginusermap.containsvalue (sessionId)) {Setifsessionin
						Validate (TRUE);
						} isloginexists = true;
					Break
						} if (isloginexists) {settip ("loginexists");
					if (ifsessioninvalidate==true) {request.getsession (false). Invalidate (); }} ELSE {Loginusermap.put (USERLOGICID, sessionId);
						Acx.getapplication (). put (WEBCONSTANT.LOGIN_USER_MAP,LOGINUSERMAP);
						Acx.getsession (). Put (webconstant.user_id, GetUserName ());
						Acx.getsession (). Put (Webconstant.user_logicid,usermanageservice.findbyusername (GetUserName ()). GetLogicId ());
					       Acx.getsession (). Put (Webconstant.login_time, New Date ()); }


In the user exit operation, the corresponding user logicid and SessionID in the Loginusermap are purged, while the user information in the session is purged.

 Map<long, string> Loginusermap = (Map<long, string>) acx.getapplication (). Get (
		   WEBCONSTANT.LOGIN_USER_MAP);
		   String username=usermanageservice.findbylogicid (userlogicid). GetUserName ();	
		   if (Loginusermap.containskey (userlogicid)) {loginusermap.remove (userlogicid);
	    
		   } session.getservletcontext (). setattribute ("Loginusermap", Loginusermap);
		   Long id= (Long) Session.getattribute (WEBCONSTANT.USER_LOGICID);
		   
		   if (id!=null) this.userManageService.userLogout (ID);
		   Session.removeattribute (webconstant.user_id);
		   Session.removeattribute (WEBCONSTANT.USER_LOGICID);
		
		   Session.removeattribute (Webconstant.login_time);
		
		   Make session fail Session.invalidate ();
		   Response.setheader ("Cache-control", "No-cache");
		   Response.setheader ("Cache-control", "No-store");
		   Response.setdateheader ("Expires", 0); 
In the session Failure listener processing, also do the same operation, to ensure that the login session timeout from the Loginusermap to remove the user to ensure that the successor account can log on normally.
public class Sessionlistener implements httpsessionlistener{@Override public void sessioncreated (H
		Ttpsessionevent event) {} @Override public void sessiondestroyed (Httpsessionevent event) {//monitoring session Expiration and destruction
		HttpSession session=event.getsession ();
	
		ServletContext Application=session.getservletcontext ();
			 try{string Username= (String) session.getattribute (webconstant.user_id);
			 Long userlogicid= (Long) Session.getattribute (WEBCONSTANT.USER_LOGICID); Map<long, string> Loginusermap = (Map<long, string>) Application.getattribute (WebConstant.LOGIN_USER_MAP 
			 );
			 if (Loginusermap.containskey (userlogicid)) Loginusermap.remove (USERLOGICID);
			  Application.setattribute (Webconstant.login_user_map, Loginusermap);
		 System.out.println ("Session:" +session.getid () + "expired");
		 catch (Exception e) {System.out.println (E.getmessage ()); }
	}


}
Here, the basic can do to limit the user's repeated login, but rely on these exceptional conditions can still not be processed, such as the user in the process of closing the browser, login again, because the information recorded in the server-side application and did not follow the normal security exit process execution, then the login operation will prompt " Logged in elsewhere. " To resolve this issue, refer to the blog "Java Web user single sign-on exception processing user's abnormal exit."

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.