只要解决了以上的问题,达到了开头讲得效果就可以说是SSO。最简单实现SSO的方法就是用Cookie,实现流程如下所示
以下是代码部份
package com.qj.sso.controller;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.converter.json.MappingJacksonValue;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import com.qj.bean.User;
import com.qj.bean.UserOpenid;
import com.qj.contants.ApiContants;
import com.qj.sms.SmsAct;
import com.qj.sso.annotation.MySign;
import com.qj.sso.service.UserOpenidService;
import com.qj.sso.service.UserService;
import com.qj.utils.CookieUtils;
import com.qj.utils.EhcacheUtil;
import com.qj.utils.ExceptionUtil;
import com.qj.utils.HttpClientUtil;
import com.qj.utils.JsonUtils;
import com.qj.utils.MD5Utils;
import com.qj.utils.StringCodeHelper;
import com.qj.utils.StringHelper;
import com.qj.utils.VrResult;
/***
* 登录
* @author HZW
*
*/
@Controller
public class UserController {
private static Logger log = LoggerFactory.getLogger(UserController.class);
@Autowired
private UserService service;
@Autowired
private UserOpenidService uoService;
@Value("${ACCOUNTSID}")
private String accountSid;
@Value("${TOKEN}")
private String token;
@Value("${APPID}")
private String appId;
@Value("${TEMPLATEID}")
private String templateId;
@Value("${vrstoreUrl}")
private String vrstoreUrl;
@Value("${KEY}")
private String key;
@Value("${webSite}")
private String webSite;
/***
* 测试集群缓存同步
* @return
*/
@RequestMapping(value="/test/sso",method=RequestMethod.GET)
public Object test(){
//把用户信息写入ehcache
//EhcacheUtil.put("org.news.pojo.News",ApiContants.USER_SESSIONID_KEY,":xxxxxxxx123213");
//Object object = EhcacheUtil.get("org.news.pojo.News",ApiContants.USER_SESSIONID_KEY);
//System.out.println(object.toString()+">>>");
return "请求成功";
}
/***
* 登录
*
* @return
*/
@RequestMapping(value="/loginsubmit")
@ResponseBody
public Object loginsubmit(@RequestBody User u,HttpServletRequest request, HttpServletResponse response,String callback){
VrResult result=null;
if(!MD5Utils.MD5(u.getData()+key).equals(u.getSign())){
return VrResult.build(400,"签名异常!");
}
if(u.getLoginType().equals("phone")){//账号密码
result=loginPhone(u,request,response);
}
if(u.getLoginType().equals("1")){//QQ
result=loginApi(u,request,response);
}
if(u.getLoginType().equals("2")){//微信登录
System.out.println();
result=loginApi(u,request,response);
}
if(u.getLoginType().equals("3")){//微博
result=loginApi(u,request,response);
}
if (null != callback) {
MappingJacksonValue mappingJacksonValue = new MappingJacksonValue(result);
mappingJacksonValue.setJsonpFunction(callback);
return mappingJacksonValue;
} else {
System.out.println(result.toString());
return result;
}
}
/***
* 账号密码登录
* @param req
* @param request
* @param response
* @return
*/
public VrResult loginPhone(User req,HttpServletRequest request, HttpServletResponse response){
try {
if(StringHelper.isNotNull(req.getUsername()) && StringHelper.isNotNull(req.getPassword())){
User user = service.findByUsername(req.getUsername());
//如果没有此用户名
if (null== user) {
return VrResult.build(400, "用户名不存在");
}
//比对密码
if (!user.getPassword().equals(MD5Utils.MD5(req.getPassword()))) {
return VrResult.build(400, "用户名或密码错误");
}
//生成token
String token =UUID.randomUUID().toString();
//保存用户之前,把用户对象中的密码清空。
user.setPassword(null);
user.setRegisterTime(null);
//把用户信息写入ehcache
EhcacheUtil.put(ApiContants.EHCZCHE_NAME,ApiContants.USER_SESSIONID_KEY+":"+token,JsonUtils.objectToJson(user));
//添加写cookie的逻辑,cookie的有效期是关闭浏览器就失效。
log.info(token);
user.setToken(token);
CookieUtils.setCookie(request, response, "VR_TOKEN", token);
return VrResult.build(200,"登录成功",JsonUtils.objectToJson(user));
}else{
log.info("用户名或密码不能为空!");
return VrResult.build(400, "用户名或密码不能为空!");
}
} catch (Exception e) {
e.printStackTrace();
return VrResult.build(500, ExceptionUtil.getStackTrace(e));