cool hit counter sso system use_Intefrankly

sso system use


I: What is sso (single sign on) ? 

   sso (single sign-on system) simply means that the first time a client accesses application 1, it will be directed to the login page for login since it is not logged in, and if the login checks out, an authentication message ticket will be returned as the authentication credentials. The next time the client accesses application 2, the url request sent will carry a ticket as its own authentication credentials, and the server will submit the ticket carried by the request to the authentication center for comparison and inspection. If the inspection passes, application 2 can access the internal resource information without logging in.

II: The entire login process of a single sign-on system

(1) Traditional login method (under single application)

Figure 1: shows the traditional login method. There is no problem with this login mechanism under a project. But clustered environments can have situations that require users to log in multiple times

How do I resolve the situation of multiple user logins in a clustered environment?

There are two solutions to solving the multiple login problem: it is to solve the session sharing problem

1.Configure tomcat cluster, configure session sharing (session replication) in tomcat, but the problem is that tomcat deploys too many nodes and performance issues occur. So this does not generally apply

2.A session server can be used, is each node remains stateless and saves session information. Simulate a session.

Single sign-on is a solution proposed to solve the session sharing problem. Use redis to emulate session for unified session management.

(2) Business process using single sign-on

Login Process Explained.

The first step: the first visit, enter the login system to enter the user name password to verify the login, if the login is successful, generate Token object, as an authentication token (token is equivalent to the original jsessionid string, here use uuid)

Step 2: Store the returned token object information to the redis server. key is the token and value is the login user's information

Step 3: Since this is a mock session, you also need to set the expiration time of the key.

Step 4: Write the token (stored key) to the cookie as the url parameter information for the user request

Step 5: The user visits for the second time, first check whether the user is logged in, write the token in the cookie as the request parameter, the server will parse the token value from the url, and then query the redis server with the parsed token value as the key; if the query result is empty, it means the session has expired, and the client is asked to jump to the login page to complete the login operation; if the query result is not empty, the query information (information of the logged-in user) needs to be returned as an object, and then reset the expiration time of the key.

Step 6: Solve the cross-domain problem, use js to send ajax requests, use jsonp to solve the cross-domain problem. The data that needs to be returned by the server is in the format mycallback:{id:xx,name:xx}, so it is enough to splice the returned json data into the requested format.

III: The core code of the login process

    @Override
    public E3Result login(String username, String password) {
        try {
            TbUserExample example = new TbUserExample();
            Criteria criteria = example.createCriteria();
            criteria.andUsernameEqualTo(username);
            List<TbUser> list = userMapper.selectByExample(example);
            if (list == null || list.size() == 0) {
// Login failure
                return E3Result.build(400, "Incorrect username or password");
            }
             // Get the user object
            TbUser user = list.get(0);
             //Check user password
            if(!(user.getPassword()).equals(DigestUtils.md5Hex(password.getBytes()))) {
                 //Check Failure
                return E3Result.build(400, " Incorrect username or password");
            }

             // Login successful
             //1. Create token object, use uuid
            String token = UUID.randomUUID().toString();
             //2. store uuid as key and user information as value in redis
            jedisClient.set("USER_INFO:"+token, JsonUtils.objectToJson(user));
             //3. Set the expiration time, half an hour
            jedisClient.expire("USER_INFO:"+token, 1800);
            
             //4. Return the login success message
            
            return E3Result.ok(token);
            
        } catch (Exception e) {
            e.printStackTrace();
        }

        return null;
    }

Server-side solutions to cross-domain issues

    @RequestMapping(value = "/user/token/{token}", produces = MediaType.APPLICATION_JSON_VALUE)
    @ResponseBody
    public String getTokenName(@PathVariable String token, String callback) {
        E3Result result = tokenService.getToken(token);
        if (StringUtils.isNotBlank(callback)) {
            //  Splice in the data needed for the page to give things
            // mycall({id:1,name:z});
            String json = callback + "(" + JsonUtils.objectToJson(result) + ");";
            System.out.println(json);
            return json;
        }
        return JsonUtils.objectToJson(result);
    }

Client code.

var E3MALL = {
    checkLogin : function(){
     //name value of the cookie set by COOKIE_TOKEN_KEY
        var _ticket = $.cookie("COOKIE_TOKEN_KEY");
        if(!_ticket){
            return ;
        }
        $.ajax({
            url : "http://localhost:8088/user/token/" + _ticket,
            dataType : "jsonp",
            type : "GET",
            success : function(data){
                if(data.status == 200){
                    var username = data.data.username;
                    
                    var html = username + ", welcomes!<a href="http://www.e3mall.cn/user/logout.html" class="link-logout">[ exit]</a>";
                    $("#loginbar").html(html);
                }
            }
        });
    }
}

$(function(){
     // Check if you are already logged in, and if so, check your login information
    E3MALL.checkLogin();
});

Recommended>>
1、The Ctrip DARE regression test implementation two or three times
2、9 Niche and Stylish Hotel Website Designs That Will Make You Less Homebody
3、WPF UI across application domains CrossAppDomainUI
4、Spark calculator
5、Deploy AspNetCore 20 on Linux use the Nginx proxy server and listen to the project as a service using the Systemctl command

    已推荐到看一看 和朋友分享想法
    最多200字,当前共 发送

    已发送

    朋友将在看一看看到

    确定
    分享你的想法...
    取消

    分享想法到看一看

    确定
    最多200字,当前共

    发送中

    网络异常,请稍后重试

    微信扫一扫
    关注该公众号