当前位置:首页 > 开发 > 互联网 > 正文

sso 同域之下简单模拟

发表于: 2012-05-03   作者:antlove   来源:转载   浏览次数:
SSO
摘要: 最近了解了下SSO,参考 http://blog.csdn.net/javachannel/article/details/752437 模拟了同域之下的通过cookie实现单点登录。 大体思路是: 1.当每次访问client端(指普通web应用)时,会进入client端的过滤器, 然后在过滤器中获取名为ticket的cookie,然后通过HttpURLConnection访问serve
最近了解了下SSO,参考 http://blog.csdn.net/javachannel/article/details/752437
模拟了同域之下的通过cookie实现单点登录。
大体思路是:
1.当每次访问client端(指普通web应用)时,会进入client端的过滤器,
然后在过滤器中获取名为ticket的cookie,然后通过HttpURLConnection访问server端(SSO服务).
2.server端获取传过来的cookie值,然后进行验证看是否用户已经登录,如果登录则返回用户名,
如果未登录则返回一个"failure"字符串。
3.客户端获取服务器端返回的字符串数据,然后进行判断,如果为"failure"则跳转到登录页面login.jsp,
否则正常显示.
4.当在login.jsp中输入用户名和密码后,会提交给SSO服务器,然后SSO服务器端会验证用户。如果验证通过,
会添加一个path为"/",domain为当前域,名字为"ticket"的cookie,并在内存中添加accounts和SSOIDs的2个Map
(accounts存储用户账户信息  键:username 值:password。SSOIDs存储名为ticket的cookie的value值
和username 之间的对应关系 键:cookie value 值:username)。

具体代码如下

客户端ssoclient:
jsp 页面
index.jsp
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
	<head>
		<title>Insert title here</title>
	</head>
	<body>
		<a href="result.jsp">进入结果页</a>
		<a href="result.jsp?action=logout">注销</a>
	</body>
</html>

result.jsp 页面
<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
	你好:${user}
</body>
</html>


客户端过滤器
SSOFilter.java
package com.filter;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class SSOFilter implements Filter {
	private static String cookieName="ticket";
	
	private static String ssoUrl="http://localhost:8080/ssoserver";
	
	private static String ssoAuthUrl=ssoUrl+"/SSOAuth";
	
	private static String ssoLoginUrl=ssoUrl+"/login.jsp";
	
	public void doFilter(ServletRequest req, ServletResponse res,
			FilterChain chain) throws IOException, ServletException {
		HttpServletRequest request=(HttpServletRequest) req;
		HttpServletResponse response=(HttpServletResponse) res;
		String result="failure";
        String url = request.getRequestURL().toString();
        String qstring = request.getQueryString();
        if (qstring == null) qstring ="";
 
        //检查http请求的head是否有需要的cookie
        String cookieValue ="";
        Cookie[] diskCookies = request.getCookies();
        if (diskCookies != null) {
            for (int i = 0; i < diskCookies.length; i++) {
                if(diskCookies[i].getName().equals(cookieName)){
                    cookieValue = diskCookies[i].getValue();
                    //如果找到了相应的cookie则效验其有效性
                    result = SSOService(cookieValue);
                }
            }
        }
        if (result.equals("failure")) { //效验失败或没有找到cookie,则需要登录
            response.sendRedirect(ssoLoginUrl+"?goto="+url);
        } else if (qstring.indexOf("logout") > 1) {//logout服务
            response.sendRedirect(ssoAuthUrl+"?goto="+url+"&action=logout&cookiename="+cookieValue);
        } else {//效验成功
            request.setAttribute("user",result);
            chain.doFilter(req, res);
        }  
	}

	// 验证cookie
    private String SSOService(String cookievalue) throws IOException {
        String authAction = "?action=authcookie&cookiename=";
        
        URL url = new URL(ssoAuthUrl+authAction+cookievalue); 
		HttpURLConnection conn=(HttpURLConnection) url.openConnection();
		conn.setDoOutput(true);  
        conn.setRequestMethod("POST"); 
        conn.connect();  

        InputStream is=conn.getInputStream();
        BufferedReader br=new BufferedReader(new InputStreamReader(is));
        StringBuffer bodyMessage=new StringBuffer();
        String line=null;
        while((line=br.readLine())!=null){
        	bodyMessage.append(line);
        }
        return bodyMessage.toString();
    }

	public void destroy() {
		
	}
	public void init(FilterConfig arg0) throws ServletException {
		
	}
}


服务器端ssoserver:
jsp 页面
login.jsp
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    
    <title>登录页面</title>
  </head>
  
  <body>
  		<form action="SSOAuth">
	    	用户名:<input type="text" name="username"/><br/>
	    	密码:<input type="password" name="password" /><br/>
	    	<input type="submit" value="提交"/>
  			<input type="hidden" value="${param.goto}" name="goto"/>
    	</form>
  </body>
</html>


服务器端接受请求的servlet
SSOAuth.java
package com.servlet;

import java.io.IOException;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;

import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class SSOAuth extends HttpServlet {

	private static final long serialVersionUID = 2259814016129033740L;
	
	// 存储用户账户信息  键:username 值:password
	private static  Map<String,String> accounts=new HashMap<String,String>();
	// 存储session id和username 之间的对应关系 键:sessionId 值:username
	private static  Map<String,String> SSOIDs=new HashMap<String,String>();
	// 写入浏览器的cookie
	private static String cookieName="ticket";
	
	public void doGet(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
		doPost(request, response);
	}

	public void doPost(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
		PrintWriter out = response.getWriter();
		String action = request.getParameter("action");
        String result="failure";
        if (action==null) {
            handlerFromLogin(request,response);
        } else if (action.equals("authcookie")){
            String cookievalue = request.getParameter("cookiename");
            if (cookievalue != null) result = authCookie(cookievalue);
            out.print(result);
            out.close();
        } else if (action.equals("authuser")) {
            result=authNameAndPasswd(request,response);
            out.print(result);
            out.close();
        } else if (action.equals("logout")) {
        	String cookievalue=request.getParameter("cookiename");
        	if (cookievalue != null){
				logout(response, cookievalue);
        	}
			String gotoURL = request.getParameter("goto");
			response.sendRedirect(gotoURL);
			out.close();
        	
        }
	}
	
	// 处理登录
	private void handlerFromLogin(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        String username = request.getParameter("username");
        String password = request.getParameter("password");
        
        boolean result= checkAccount(username, password);
        
        if (result==false)
            request.getRequestDispatcher("/login.jsp").forward(request, response);
        else {
            String gotoURL = request.getParameter("goto");
            String newID = createUID();
            // 添加账户信息
            accounts.put(username, password);
            // 添加sessionID 和 账户关联关系
            SSOIDs.put(newID, username);
            Cookie cookie = new Cookie(cookieName, newID);
            cookie.setValue(newID);
            cookie.setPath("/");
            
            response.addCookie(cookie);
            if (gotoURL == null||gotoURL.length()==0) {
            	response.sendRedirect("http://localhost:8080/ssoclient/index.jsp");
            }else{
            	response.sendRedirect(gotoURL);
            }
        }  
    }
	
	// 创建session id
	private String createUID(){
		return UUID.randomUUID().toString().replaceAll("-", "");
	}
	
	// 验证cookie
	private String authCookie(String cookie){
		String username=SSOIDs.get(cookie);
		if(username==null||username.length()==0){
			return "failure";
		}
		return username;
	}
	
	// 验证用户名和密码
	private String authNameAndPasswd(HttpServletRequest request, HttpServletResponse response){
        String username = request.getParameter("username");
        String password = request.getParameter("password");
        String pass = accounts.get(username);
        if ((pass==null)||(!pass.equals(password))){
        	return "failure";
        }
        return username;  
	}
	
	// 注销用户
	private void logout(HttpServletResponse response,String cookievalue){
		String username=SSOIDs.get(cookievalue);
		if(username==null){
			return ;
		}
		SSOIDs.remove(cookievalue);
		
		if(accounts.get(username)==null){
			return ;
		}
		accounts.remove(username);
		Cookie cookie=new Cookie(cookieName, cookievalue);
		cookie.setValue("");
		cookie.setMaxAge(0);
		cookie.setPath("/");
		response.addCookie(cookie);
	}

	// 验证账户
	private boolean checkAccount(String username,String password){
		Map<String,String> initData=new HashMap<String, String>();
		initData.put("admin", "admin");
		
		String pass=initData.get(username);
		
		if(password==null||!password.equals(pass)){
			return false;
		}
		return true; 
	}
}

sso 同域之下简单模拟

  • 0

    开心

    开心

  • 0

    板砖

    板砖

  • 0

    感动

    感动

  • 0

    有用

    有用

  • 0

    疑问

    疑问

  • 0

    难过

    难过

  • 0

    无聊

    无聊

  • 0

    震惊

    震惊

编辑推荐
在做完了TOMCAT的SSL设置后,接下来我们用CAS做一个简单的实例。 一、环境准备 下载相应的服务器端
引子 父页面里控制子页面 子页面里控制父页面 一、引子 我们先看一个示例,有两个页面,1.html通过i
SSO英文全称Single Sign On,单点登录。SSO是在多个应用系统中,用户只需要 登录一次就可以访问所有
SSO英文全称Single Sign On,单点登录。SSO是在多个应用系统中,用户只需要 登录一次就可以访问所有
最近在写一个Web的单之间点登录模块,所谓的单点登录就是使多个互相信任的应用系统之间只需要登录一
SSO是单点登录的意思.我相信各位都应该知道使用SSO有什么好处.那废话就不多说了.直接来说一下我的思
参考:http://jusescn.iteye.com/blog/757475,http://www.iteye.com/problems/61029 以及其他网上
有一个已经编译的asp.net 1.1的网站。为了改进录入的效率,改为由barcode扫描枪来替代手动。由于在
引子 父页面里控制子页面 子页面里控制父页面 一、引子 我们先看一个示例,有两个页面,1.html通过i
SSO单点登录 单点登录(Single Sign On),简称为 SSO,是目前比较流行的企业业务整合的解决方案之一
版权所有 IT知识库 CopyRight © 2009-2015 IT知识库 IT610.com , All Rights Reserved. 京ICP备09083238号