一、什么是单点登录SSO(Single Sign-On)
SSO是一种统一认证和授权机制,指访问同一服务器不同应用中的受保护资源的同一用户,只需要登录一次,即通过一个应用中的安全验证后,再访问其他应用中的受保护资源时,不再需要重新登录验证。
二、单点登录解决了什么问题
解决了用户只需要登录一次就可以访问所有相互信任的应用系统,而不用重复登录。
三、单点登录的技术实现机制
如下图所示:
登录成功 生成ticket身份令牌 并添加到Cookie 访问其他业务则验证ticket 存在则不需要再次登录 并获取Cookie 这里可以考虑拦截器进行验证
下面一个简单的实例 利用struts2实现一次登录 就可以访问所有
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>My JSP 'login.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
<!-- 登录页面 -->
</head>
<body>
<center>
<h1>请登录</h1>
<form action="${pageContext.request.contextPath}/sso/doLogin.action" name="doLogin" method="post">
用户名:<input type="text" name="username"/>
密码:<input type="password" name="password"/>
<input type="hidden" name="gotoUrl" value="${gotoUrl}"/>
<input type="submit" />
</form>
</center>
</body>
</html><%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>欢迎访问DEMO1</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body>
欢迎访问DEMO1的主页
</body>
</html><%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>欢迎访问DEMO2</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body>
欢迎访问DEMO2的主页
</body>
</html><?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE struts PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 2.1//EN" "http://struts.apache.org/dtds/struts-2.1.dtd">
<!--struts2配置 -->
<struts>
<package name="sso" extends="struts-default" namespace="/sso">
<action name="doLogin" class="com.kero99.ygc.sso.SSOAction" method="doLogin">
<result name="success" type="redirect">/${gotoUrl}</result>
</action>
</package>
<package name="dome1" extends="struts-default" namespace="/demo1">
<action name="main" class="com.kero99.ygc.demo1.Demo1Action" method="main">
<result name="success">/success1.jsp</result>
<result name="login">/login.jsp</result>
</action>
</package>
<package name="dome2" extends="struts-default" namespace="/demo2">
<action name="main" class="com.kero99.ygc.demo2.Demo2Action" method="main">
<result name="success">/success2.jsp</result>
<result name="login">/login.jsp</result>
</action>
</package>
</struts>//需要的struts2 jar
//结构流程图
package com.kero99.ygc.sso;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletResponse;
import org.apache.struts2.ServletActionContext;
import com.kero99.ygc.util.SSOCheck;
import com.opensymphony.xwork2.ActionSupport;
public class SSOAction extends ActionSupport {
/**
* SSO 登录验证 并添加到 Cookie 为了方便失败为null
* eg:http://localhost:8082/20170702_V1.0_sso/demo1/main.action
* 本人的访问路径20170702_V1.0_sso web Context root 可以进行更改成本地的
* gotoUrl 为 重定向路径
* util 下user=ygc pwd=123 为登录验证
* ckeckCookie 验证Cookie是否存在
* /demo1/main.action
* /demo2/main.action
* 进行测试
*
*/
private static final long serialVersionUID = 1L;
private String username;
private String password;
private String gotoUrl;
//登录接口
public String doLogin(){
System.out.println("login方法执行了...");
boolean ok=SSOCheck.checkLogin(username, password);
if(ok){
Cookie cookie=new Cookie("ssocookie","sso");
cookie.setPath("/");
HttpServletResponse response=ServletActionContext.getResponse();
response.addCookie(cookie);
return SUCCESS;
}
return null;
}
public String getGotoUrl() {
return gotoUrl;
}
public void setGotoUrl(String gotoUrl) {
this.gotoUrl = gotoUrl;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}package com.kero99.ygc.util;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
public class SSOCheck {
private static final String USERNAME="ygc";
private static final String PASSWORD="123";
//验证登录
public static boolean checkLogin(String username,String password){
if(username.equals(USERNAME) && password.equals(PASSWORD)){
return true;
}
return false;
}
//登录效验接口
public static boolean ckeckCookie(HttpServletRequest request){
Cookie[] cookies=request.getCookies();
if(cookies!=null){
for(Cookie cookie:cookies){
if(cookie.getName().equals("ssocookie") && cookie.getValue().equals("sso")){
return true;
}
}
}
return false;
}
}package com.kero99.ygc.demo1;
import javax.servlet.http.HttpServletRequest;
import org.apache.struts2.ServletActionContext;
import com.kero99.ygc.util.SSOCheck;
import com.opensymphony.xwork2.ActionSupport;
public class Demo1Action extends ActionSupport {
/**
* Demo1接口
*/
private static final long serialVersionUID = 1L;
private String gotoUrl;
public String main(){
HttpServletRequest request=ServletActionContext.getRequest();
if(SSOCheck.ckeckCookie(request)){
return SUCCESS;
}
gotoUrl="/demo1/main.action";
return LOGIN;
}
public String getGotoUrl() {
return gotoUrl;
}
public void setGotoUrl(String gotoUrl) {
this.gotoUrl = gotoUrl;
}
}package com.kero99.ygc.demo2;
import javax.servlet.http.HttpServletRequest;
import org.apache.struts2.ServletActionContext;
import com.kero99.ygc.util.SSOCheck;
import com.opensymphony.xwork2.ActionSupport;
public class Demo2Action extends ActionSupport {
/**
* Demo2接口
*/
private static final long serialVersionUID = 1L;
private String gotoUrl;
public String main(){
HttpServletRequest request=ServletActionContext.getRequest();
if(SSOCheck.ckeckCookie(request)){
return SUCCESS;
}
gotoUrl="/demo2/main.action";
return LOGIN;
}
public String getGotoUrl() {
return gotoUrl;
}
public void setGotoUrl(String gotoUrl) {
this.gotoUrl = gotoUrl;
}
}