Single sign on

Time:2021-7-20

concept

Single sign on (SSO) is a one-time authentication login.When a user logs on to the authentication server once, he can access other related systems and application software in the single sign on systemThis method reduces the time consumption caused by login and assists user management. It is a popular login method at present

Business scenarios

Users only need to log in once, then they can access other authentication systems without logging in again
If the login information is stored on their own servers, users will log in frequently

Implementation strategy of single sign on

Steps:
1. When users input user name and password, they need to transfer data to JT web server for login
2. JT web server needs to transfer data to JT SSO server for data verification
3. JT SSO queries the database according to the user name / password to check whether the data is valid
4. If the user name and password are correct, save the data to redis after processing. Key = UUID
5. If the user writes redis successfully, the login credentials of the user should be returned to the client
6. Jt-web server saves the information of the obtained tip to the cookie of the client, which is convenient for the next useCookie sharingYes
Single sign on

cookie

Since the information cannot be stored in the server session, cookie is the key to the implementation of SSO

concept

  1. Cookie is a client technology that saves the data generated in the session in the client.
  2. Cookies work based on two headers: set cookie response header and cookie request header
  3. Through the set cookie response header, the cookie is sent from the server to the browser, and the browser is saved internally; Once the browser saves the cookie, every time the browser visits the server, it will send the cookie information back to the server through the cookie request header. When necessary, the server can obtain the data in the cookie in the request, so as to achieve some functions.

cookie API

1. Create cookie object

Cookie c = new Cookie(String name, String value);
//When creating a cookie, you need to specify the name and value of the cookie
//Once the cookie name is specified, it cannot be modified!

2. Add the cookie to the response

response.addCookie( Cookie c );
//Add the cookie to the response, the server is responsible for sending the cookie information to the browser, and then the browser saves it internally (you can call this method many times to add more than one cookie)

3. Get the array of all cookie objects in the request

Cookie[] cs = request.getCookies();
//Gets the cookie object array composed of all the cookies carried in the request. If no cookie is carried in the request, calling this method will return null.

4. Delete the cookie in the browser
There is no direct method to delete cookies in the API of cookies. You can delete cookies indirectly in other ways
Delete the cookie with the name of cart: you can send another cookie with the same name to the browser (that is, the name is also called cart), and set the maximum lifetime of the cookie to zero. Because the browser distinguishes the cookie according to the name of the cookie, if the cookie with the same name is sent to the browser twice before, the cookie sent later will cover the cookie sent before. Then the cookie sent is set to have zero lifetime, so the browser will delete it immediately after receiving it!

//Create a cookie named cart
Cookie c = new Cookie("cart", "");
//Set the maximum lifetime of the cookie to zero
c.setMaxAge( 0 );
//Add the cookie to the response and send it to the browser
response.addCookie( c );
Out. Write ("successfully deleted cookie named cart...);

5. Common methods of cookie

cookie.getName(); //  Get the name of the cookie
cookie.getValue(); //  Gets the value saved in the cookie
cookie.setValue(); //  Set / modify the value saved in the cookie (there is no setname method because the cookie name cannot be modified)
cookie.setMaxAge(); // Set the maximum lifetime of the cookie (if not set, the cookie will be destroyed at the end of a session by default!)

6.Setmaxage method: sets the maximum lifetime of a cookie
If this method is not set, the cookie is session level cookie by default, that is, the lifetime is one session. When the browser closes and the session ends, the cookie will also be destroyed (the cookie is stored in the browser’s memory by default. When the browser closes and the memory is released, the cookie will also be destroyed with the release of the memory.)
If this method is set, the cookie will not be saved to the browser’s memory, but will be saved to the browser’s temporary folder (that is, the hard disk) in the form of a file. In this way, when you close the browser, the memory will be released, and the cookie saved to the hard disk will not be destroyed. When you open the browser again, you can also get the cookie information on the hard disk.

example

Front end controller layer

/**
 *Complete the user login operation
 *URL address: http://www.jt.com/user/doLogin?r=0.8989367429030823
 *Parameter: username / password
 *Return value: JSON data of sysresult object
 *
 *  cookie.setMaxAge(-1);   Delete when closing browser session
 *  cookie.setMaxAge(0);    Delete cookie now
 *  cookie.setMaxAge(100);  A cookie can be stored in seconds
 *
 *  http://www.jt.com/saveUser/xxx
 *  cookie.setPath("/");
 *  cookie.setPath("/add");
 */
 @RequestMapping("/doLogin")
 @ResponseBody
 public SysResult doLogin(User user, HttpServletResponse response){
     //1. Realize the user's login operation!!!
     String ticket = dubboUserService.doLogin(user);
     //2. Check whether the ticket has a value
     if(StringUtils.isEmpty(ticket)){
         //Wrong user name or password
         return SysResult.fail();
     }
     //3. If the user's ticket is not null, it means that the login is correct and the data needs to be saved in the cookie
     //Cookies are required to be valid for 1.7 days. 2. Cookies can be shared in the domain name of jt.com. 3/
     Cookie cookie = new Cookie("JT_TICKET",ticket);
     cookie.setMaxAge(7*24*3600);
     cookie.setDomain("jt.com"); // Realize page sharing in jt.com
     cookie.setPath("/");        // The permission root of the cookie is valid
     response.addCookie(cookie); // Use response to save the cookie to the client
     return SysResult.success();
 }

Back end service implementation class

/**
 *1. Query the database according to the user name and password
 *2. Verify the validity of user data
 *3. If the user's data is correct, start single sign on
 *4. If the user data is incorrect, the ticket data can be null
 * @param user
 * @return
 */
@Override
public String doLogin(User user) {

    //1. Encrypt the password
    String password = DigestUtils.md5DigestAsHex(user.getPassword().getBytes());
    user.setPassword(password);
    //If the object is passed, the where condition is based on the non null property in the object
    QueryWrapper<User> queryWrapper = new QueryWrapper<>(user);
    User userDB = userMapper.selectOne(queryWrapper);
    //2. Check whether the data is valid
    if(userDB == null){
        return null;
    }
    //Userdb data is not null, user's input information is correct. Start single sign on
    //3.1 generating UUID dynamically
    String ticket = UUID.randomUUID().toString().replace("-", "");
    //3.2 desensitization treatment
    Userdb. Setpassword ("123456 do you believe it?");
    String userJSON = ObjectMapperUtil.toJSON(userDB);
    //3.3 save data to redis
    jedisCluster.setex(ticket, 7*24*60*60, userJSON);
    return ticket;
}

Front end and back end call through Dubbo and public interface

Recommended Today

SQL exercise 20 – Modeling & Reporting

This blog is used to review and sort out the common topic modeling architecture, analysis oriented architecture and integration topic reports in data warehouse. I have uploaded these reports to GitHub. If you are interested, you can have a lookAddress:https://github.com/nino-laiqiu/TiTanI recorded a relatively complete development process in my hexo blog deployed on GitHub. You can […]