sso单点登陆
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了sso单点登陆相关的知识,希望对你有一定的参考价值。
SSO在我们的应用中非常常见,例如我们在OA系统登录了,我们就可以直接进入采购系统,不需要再登录了,这样使我们非常方便。现在网上也有很多实现方法,于是乎我也想写一个看看。我主要用到的是cookie的机制。在此,分享给大家, 同时提供源代码下载。
进入主题:
工程说明
SSO的实现一般是会有一个SSO Server,也会叫认证中心,同时也会有被认证的系统,如OA系统、采购系统等,他们就相当于SSO Server的client。
为了更形象体现SSO,我写的SSO是有三个工程:一个SSO Server端口为8081,一个OA系统端口为8082,一个采购系统端口为8083。如图:
流程介绍
在整个SSO流程当,有两个流程非常重要,第一个是用户没有登录系统到登录系统的过程;第二是用户在一个系统当中已经登录(例如在OA系统中登录 了),但又想进入另一个系统(例如进入PRO系统)的过程,如果把这两个过程搞定了,那么SSO也就搞定了。我画了两幅图来说明这两个过程。
先看用户没有登录系统到登录系统的过程,如图:
1:用户通过URL访问OA系统。
2:在OA系统中的filter发现这个URL没有ticket(你暂且就把ticket看做是门票),此时就会跳转到SSO Server。
3:SSO Server中的filter发现该客户端中的cookie中没有相应信息,也即是一个没有登录的用户,那么会跳转到登录页面。
4:用户在登录页面填写相应信息,然后通过post方式提交到SSO Server中。
5:SSO Server会校验用户信息(我为了快,我的校验方式就是要用户名为:cloud,同时密码为:cloud),同时在cookie中放username。
6:将生成ticket和username放到JVMCache中,在实际项目应该放到Memcached中,它的用处等下分析。
7,8:就是在用户访问OA系统的URL基础上加上了一个ticket参数,这样跳转到OA系统。
(此时进入OA系统时,filter发现URL是带ticket的,则filter会根据带过来的ticket并通过HttpClient的形式去调用SSO Server中的TicektServlet,这样就会返回用户名,其实这个用户名就是从JVMCache拿到的,同时马上将这个ticket从JVMCache中移除,这样保证一个ticket只会用一次,然后把返回的用户名放到session中)
9:session中有了用户名,说明用户登录成功了,则会去本应该返问的servlet。
10,11:将OA系统返回的视图给用户。
第二过程,用户已经登录成功了,但要访问另一个系统,如图:
1:用户通过URL访问PRO系统。
2:在PRO系统中的filter发现这个URL没有ticket,此时就会跳转到SSO Server。此时,由于用户登录了,所以cookie中有相应的信息(例如用户名),此时SSO Server中的filter会生成一个ticket。
3:将生成的ticket和username放到JVMCache中。
4:就是在用户访问PRO系统的URL基础上加上了一个ticket参数,这样跳转到PRO系统。
(此时进入PRO系统时,filter发现URL是带ticket的,则filter会根据带过来的ticket并通过HttpClient的形式去调用SSO Server中的TicektServlet,这样就会返回用户名,其实这个用户名就是从JVMCache拿到的,同时马上将这个ticket从JVMCache中移除,这样保证一个ticket只会用一次,然后把返回的用户名放到session中)
5:session中有了用户名,说明用户登录成功了,则会去本应该返问的servlet。
5,7:将PRO系统返回的视图给用户。
关键代码
先看SSO Server工程中的代码:
pom.xml
(注意:端口为8081)
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.cloud.sso.server</groupId> <artifactId>sso-server</artifactId> <packaging>war</packaging> <version>0.0.1-SNAPSHOT</version> <name>sso-server Maven Webapp</name> <url>http://maven.apache.org</url> <dependencies> <dependency> <groupId>javax.servlet</groupId> <artifactId>servlet-api</artifactId> <version>2.5</version> <scope>provided</scope> </dependency> </dependencies> <build> <finalName>sso-server</finalName> <plugins> <plugin> <groupId>org.mortbay.jetty</groupId> <artifactId>jetty-maven-plugin</artifactId> <version>8.1.9.v20130131</version> <configuration> <stopKey>stop</stopKey> <stopPort>6000</stopPort> <webAppConfig> <contextPath>/sso</contextPath> </webAppConfig> <scanIntervalSeconds>4</scanIntervalSeconds> <connectors> <connector implementation="org.eclipse.jetty.server.nio.SelectChannelConnector"> <port>8081</port> <maxIdleTime>60000</maxIdleTime> </connector> </connectors> </configuration> </plugin> </plugins> </build> </project>
SSO Server中的filter
SSOServerFilter.java
package com.cloud.sso.server.filter; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import com.cloud.sso.server.JVMCache; public class SSOServerFilter implements Filter { @Override public void destroy() { } @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; String service = request.getParameter("service"); String ticket = request.getParameter("ticket"); Cookie[] cookies = request.getCookies(); String username = ""; if (null != cookies) { for (Cookie cookie : cookies) { if ("sso".equals(cookie.getName())) { username = cookie.getValue(); break; } } } if (null == service && null != ticket) { filterChain.doFilter(servletRequest, servletResponse); return; } if (null != username && !"".equals(username)) { long time = System.currentTimeMillis(); String timeString = username + time; JVMCache.TICKET_AND_NAME.put(timeString, username); StringBuilder url = new StringBuilder(); url.append(service); if (0 <= service.indexOf("?")) { url.append("&"); } else { url.append("?"); } url.append("ticket=").append(timeString); response.sendRedirect(url.toString()); } else { filterChain.doFilter(servletRequest, servletResponse); } } @Override public void init(FilterConfig arg0) throws ServletException { } }
两个servlet:
LoginServlet.java
package com.cloud.sso.server.servlet; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import com.cloud.sso.server.JVMCache; public class LoginServlet extends HttpServlet { private static final long serialVersionUID = -3170191388656385924L; @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { this.doPost(request, response); } @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String username = request.getParameter("username"); String password = request.getParameter("password"); String service = request.getParameter("service"); if ("cloud".equals(username) && "cloud".equals(password)) { Cookie cookie = new Cookie("sso", username); cookie.setPath("/"); response.addCookie(cookie); long time = System.currentTimeMillis(); String timeString = username + time; JVMCache.TICKET_AND_NAME.put(timeString, username); if (null != service) { StringBuilder url = new StringBuilder(); url.append(service); if (0 <= service.indexOf("?")) { url.append("&"); } else { url.append("?"); } url.append("ticket=").append(timeString); response.sendRedirect(url.toString()); } else { response.sendRedirect("/sso/index.jsp"); } } else { response.sendRedirect("/sso/index.jsp?service=" + service); } } }
TicketServlet.java
package com.cloud.sso.server.servlet; import java.io.IOException; import java.io.PrintWriter; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import com.cloud.sso.server.JVMCache; public class TicketServlet extends HttpServlet { private static final long serialVersionUID = 5964206637772848290L; @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { super.doGet(request, response); } @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String ticket = request.getParameter("ticket"); String username = JVMCache.TICKET_AND_NAME.get(ticket); JVMCache.TICKET_AND_NAME.remove(ticket); PrintWriter writer = response.getWriter(); writer.write(username); } }
JVMCache.java
package com.cloud.sso.server; import java.util.HashMap; import java.util.Map; public class JVMCache { public static Map<String, String> TICKET_AND_NAME = new HashMap<String, String>(); }
web.xml
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:jsp="http://java.sun.com/xml/ns/javaee/jsp" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5"> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> <filter> <filter-name>ssoServerFilter</filter-name> <filter-class>com.cloud.sso.server.filter.SSOServerFilter</filter-class> </filter> <filter-mapping> <filter-name>ssoServerFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <servlet> <servlet-name>login</servlet-name> <servlet-class>com.cloud.sso.server.servlet.LoginServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>login</servlet-name> <url-pattern>/user/login</url-pattern> </servlet-mapping> <servlet> <servlet-name>ticket</servlet-name> <servlet-class>com.cloud.sso.server.servlet.TicketServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>ticket</servlet-name> <url-pattern>/ticket</url-pattern> </servlet-mapping> </web-app>
下面是OA系统中的代码:
pom.xml
(注意:端口为8082)
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.cloud.sso.oa</groupId> <artifactId>sso-oa</artifactId> <packaging>war</packaging> <version>0.0.1-SNAPSHOT</version> <name>sso-oa Maven Webapp</name> <url>http://maven.apache.org</url> <dependencies> <dependency> <groupId>javax.servlet</groupId> <artifactId>servlet-api</artifactId> <version>2.5</version> <scope>provided</scope> </dependency> <dependency> <groupId>commons-httpclient</groupId> <artifactId>commons-httpclient</artifactId> <version>3.1</version> </dependency> </dependencies> <build> <finalName>sso-oa</finalName> <plugins> <plugin> <groupId>org.mortbay.jetty</groupId> <artifactId>jetty-maven-plugin</artifactId> <version>8.1.9.v20130131</version> <configuration> <stopKey>stop</stopKey> <stopPort>6000</stopPort> <webAppConfig> <contextPath>/oa</contextPath> </webAppConfig> <scanIntervalSeconds>4</scanIntervalSeconds> <connectors> <connector implementation="org.eclipse.jetty.server.nio.SelectChannelConnector"> <port>8082</port> <maxIdleTime>60000</maxIdleTime> </connector> </connectors> </configuration> </plugin> </plugins> </build> </project>
OA系统中的filter:
SSOClientFilter.java
package com.cloud.sso.oa.filter; import java.io.IOException; import java.net.URLEncoder; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.apache.commons.httpclient.HttpClient; import org.apache.commons.httpclient.methods.PostMethod; public class SSOClientFilter implements Filter { @Override public void destroy() { } @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; HttpSession session = request.getSession(); String username = (String) session.getAttribute("username"); String ticket = request.getParameter("ticket"); String url = URLEncoder.encode(request.getRequestURL().toString(), "UTF-8"); if (null == username) { if (null != ticket && !"".equals(ticket)) { PostMethod postMethod = new PostMethod("http://localhost:8081/sso/ticket"); postMethod.addParameter("ticket", ticket); HttpClient httpClient = new HttpClient(); try { httpClient.executeMethod(postMethod); username = postMethod.getResponseBodyAsString(); postMethod.releaseConnection(); } catch (Exception e) { e.printStackTrace(); } if (null != username && !"".equals(username)) { session.setAttribute("username", username); filterChain.doFilter(request, response); } else { response.sendRedirect("http://localhost:8081/sso/index.jsp?service=" + url); } } else { response.sendRedirect("http://localhost:8081/sso/index.jsp?service=" + url); } } else { filterChain.doFilter(request, response); } } @Override public void init(FilterConfig arg0) throws ServletException { } }
OAServlet.java
package com.cloud.sso.oa.servlet; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class OAServlet extends HttpServlet { private static final long serialVersionUID = 3615122544373006252L; @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { request.getRequestDispatcher("/WEB-INF/jsp/welcome.jsp").forward(request, response); } @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { this.doGet(request, response); } }
web.xml
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:jsp="http://java.sun.com/xml/ns/javaee/jsp" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5"> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> <filter> <filter-name>ssoClientFilter</filter-name> <filter-class>com.cloud.sso.oa.filter.SSOClientFilter</filter-class> </filter> <filter-mapping> <filter-name>ssoClientFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <servlet> <servlet-name>list</servlet-name> <servlet-class>com.cloud.sso.oa.servlet.OAServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>list</servlet-name> <url-pattern>/list</url-pattern> </servlet-mapping> </web-app>
下面是PRO系统的代码:
pom.xml
(注意:端口为8083)
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.cloud.sso.pro</groupId> <artifactId>sso-pro</artifactId> <packaging>war</packaging> <version>0.0.1-SNAPSHOT</version> <name>sso-pro Maven Webapp</name> <url>http://maven.apache.org</url> <dependencies> <dependency> <groupId>javax.servlet</groupId> <artifactId>servlet-api</artifactId> <version>2.5</version> <scope>provided</scope> </dependency> <dependency> <groupId>commons-httpclient</groupId> <artifactId>commons-httpclient</artifactId> <version>3.1</version> </dependency> </dependencies> <build> <finalName>sso-pro</finalName> <plugins> <plugin> <groupId>org.mortbay.jetty</groupId> <artifactId>jetty-maven-plugin</artifactId> <version>8.1.9.v20130131</version> <configuration> <stopKey>stop</stopKey> <stopPort>6000</stopPort> <webAppConfig> <contextPath>/pro</contextPath> </webAppConfig> <scanIntervalSeconds>4</scanIntervalSeconds> <connectors> <connector implementation="org.eclipse.jetty.server.nio.SelectChannelConnector"> <port>8083</port> <maxIdleTime>60000</maxIdleTime> </connector> </connectors> </configuration> </plugin> </plugins> </build> </project>
PRO系统中的filter
SSOClientFilter.java
package com.cloud.sso.pro.filter; import java.io.IOException; import java.net.URLEncoder; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.apache.commons.httpclient.HttpClient; import org.apache.commons.httpclient.methods.PostMethod; public class SSOClientFilter implements Filter { @Override public void destroy() { } @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; HttpSession session = request.getSession(); String username = (String) session.getAttribute("username"); String ticket = request.getParameter("ticket"); String url = URLEncoder.encode(request.getRequestURL().toString(), "UTF-8"); if (null == username) { if (null != ticket && !"".equals(ticket)) { PostMethod postMethod = new PostMethod("http://localhost:8081/sso/ticket"); postMethod.addParameter("ticket", ticket); HttpClient httpClient = new HttpClient(); try { httpClient.executeMethod(postMethod); username = postMethod.getResponseBodyAsString(); postMethod.releaseConnection(); } catch (Exception e) { e.printStackTrace(); } if (null != username && !"".equals(username)) { session.setAttribute("username", username); filterChain.doFilter(request, response); } else { response.sendRedirect("http://localhost:8081/sso/index.jsp?service=" + url); } } else { response.sendRedirect("http://localhost:8081/sso/index.jsp?service=" + url); } } else { filterChain.doFilter(request, response); } } @Override public void init(FilterConfig arg0) throws ServletException { } }
ProServlet.java
package com.cloud.sso.pro.servlet; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class ProServlet extends HttpServlet { private static final long serialVersionUID = -1334093914490423930L; @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { request.getRequestDispatcher("/WEB-INF/jsp/welcome.jsp").forward(request, response); } @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { super.doPost(request, response); } }
web.xml
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:jsp="http://java.sun.com/xml/ns/javaee/jsp" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5"> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> <filter> <filter-name>ssoClientFilter</filter-name> <filter-class>com.cloud.sso.pro.filter.SSOClientFilter</filter-class> </filter> <filter-mapping> <filter-name>ssoClientFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <servlet> <servlet-name>list</servlet-name> <servlet-class>com.cloud.sso.pro.servlet.ProServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>list</servlet-name> <url-pattern>/list</url-pattern> </servlet-mapping> </web-app>
运行结果:
1:分别启动这三个工程。
2:访问OA系统,URL:http://localhost:8082/oa/list
3:这样到登录页面,如图:
4:用户名为:cloud,密码为:cloud,点击登录则会显示,如图:
5:然后去进入PRO系统,URL:http://localhost:8083/pro/list,则就不需要登录了,直接进入,如图:
以上是关于sso单点登陆的主要内容,如果未能解决你的问题,请参考以下文章
Asp.Net 单点登录(SSO)|禁止重复登陆|登录强制下线