单点登录:
在公司中如果有两个系统A.B,这两个应用有关联,我们在A上处理完事情后,需要登录到B系统上继续工作,这时候我们要再次手动登录B系统.降低了我们的工作效率.为解决这个问题,我们使用单点登录技术,就可以解决登录A系统后,也可直接登录B系统,
案例: 淘宝,天猫,就实现了单点登录.
在域名相同的情况下使用Cookie+session+filter实现:
处理登录的servlet:
package cn.bbs.servlet;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class LoginServlet extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
this.doPost(request, response);
}
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String username = request.getParameter("username");
String password =request.getParameter("password");
if(username!=null && password!=null){
if(username.equals(password)){
request.getSession().setAttribute("user", username);
Cookie cookie = new Cookie("sso", username);
cookie.setDomain(".mysso.cn");//www.bbs.mysso.cn www.news.mysso.cn
cookie.setMaxAge(3600);//一个小时
cookie.setPath("/");
response.addCookie(cookie);
}
}
response.sendRedirect(request.getContextPath()+"/index.jsp");
}
}
处理自动登录的filter:
package cn.bbs.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
public class LoginFilter implements Filter {
@Override
public void destroy() {
// TODO Auto-generated method stub
}
@Override
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain arg2) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
if(request.getSession().getAttribute("user")== null){
Cookie[] cookies =request.getCookies();
if(cookies!=null && cookies.length>0){
for(Cookie cookie:cookies){
if("sso".equals(cookie.getName())){
String username = cookie.getValue();
request.getSession().setAttribute("user", username);
}
}
}
}
arg2.doFilter(request, res);
}
@Override
public void init(FilterConfig arg0) throws ServletException {
// TODO Auto-generated method stub
}
}
登录页面:
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8" isELIgnored="false"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>My JSP 'index.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
</head>
<body>
这是bbs页面<br>
<c:choose>
<c:when test="${ not empty sessionScope.user}">
欢迎你${sessionScope.user}
</c:when>
<c:otherwise>
您还没有登录,请登录
<form action="${pageContext.request.contextPath}/login" method="post">
<input type="text" name="username" ><br>
<input type="password" name="password"><br>
<input type="submit" value="登录">
</form>
</c:otherwise>
</c:choose>
</body>
</html>
我们需要配置两个虚拟主机:
修改tomcat的server.xml,注意8080端口要改成80.我们会直接敲地址访问,不会再通过8080.而是默认的80端口
<Host appBase="bbs" autoDeploy="true" name="www.bbs.mysso.cn" >
</Host>
<Host appBase="news" autoDeploy="true" name="www.news.mysso.cn" >
</Host>
加入我们的网址,修改host,
#你的ip www.bbs.mysso.cn
#你的ip www.news.mysso.cn
如果要www.bbs.mysso.cn,直接访问
需要在tomcat下目录下建立bbs和news两个目录,里面放ROOT文件夹,里面放WEB_INF等文件,这样方便我们访问,
news 文件夹相同:
模拟的话我们可以直接拷贝bbs下的ROOT到news下:
访问方式:
第一步访问:www.bbs.mysso.cn.登录
第二步:登录成功后关闭浏览器
第三步:www.news.mysso.cn
发现是登录成功的/
我们可以看浏览器存储的cookie发现存储的存入的,mysso.cn这样一个cookie.这就实现了三级域名相同下单点登录.
实现单点登录的框架cas
他的验证方式和在想支付差不多.例如我们去游乐场.我们要玩过山车,需要买票,我们做摩天轮也要买票,这我们这样做,进入游乐场的时候,统一买票不就可以了,这就需要登录代理了.cas就是这样做的,图示.