单点登录思路_单点登录传参-CSDN博客

本文链接：https://blog.csdn.net/zy_crazy_code/article/details/52047331

单点登录（Single Sign On），简称为 SSO，是目前比较流行的企业业务整合的解决方案之一。SSO的定义是在多个应用系统中，用户只需要登录一次就可以访问所有相互信任的应用系统。说白了就是平台之间互相访问不需要再登录。

首先要确认传参，传参一般要传系统编码（点击过来平台代号随便一个英文），用户名，后面一般还有一个当前时间否则的话任何事复制登录网址都能直接登录

其实是编码，不能够直接传，不然不安全，编码解码的方法有很多我也在这提供一个放在最后面。

首先要在web.xml中找到过滤器

再在过滤代码中判断，先判断seeion中是否有值

有：直接登录成功

没有：判断是否从别的平台传入的上面说的系统编码

编码不对返回登录页

编码正确用用户名带入到数据库中查出需要的数据然后再设入session中

大概思路就是这样

需要注意的是前台传参的时候要进行编码，并且是两次编码，否者很容易出错，后台解码只需要一次

window.location.href="http://135.161.231.77:7005/nxyxfx4/btnIndexAction.do?cpId="+encodeURI(encodeURI(cpId))+"&loginName="+encodeURI(encodeURI(loginName));

loginName = URLDecoder.decode(loginName, "utf-8"); 解码只需要一次

<filter-mapping>
<filter-name>SQLFilter</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>

public void doFilter(ServletRequest request, ServletResponse response,

FilterChain chain) throws IOException, ServletException {

HttpServletRequest req = (HttpServletRequest) request;

HttpServletResponse res = (HttpServletResponse) response;

dap.dao.common.DesEncrypter des = new dap.dao.common.DesEncrypter();

String cpId = request.getParameter("cpId");
String loginName = request.getParameter("loginName");
System.out.println("cpId==="+cpId+"loginName==="+loginName);
LoginDao dao = new LoginDao();
//add-by-20160530
final HttpSession session = req.getSession(true);
User user = (User) session.getAttribute(Constants.USER_KEY);
String outUrl=req.getRequestURI();
if(outUrl.indexOf(req.getContextPath()+"/btnLoginAction.do")==-1){
if(user == null){
if(!DAPUtil.isNull(cpId)){
cpId = URLDecoder.decode(cpId, "utf-8");
cpId = des.decrypt(cpId);
loginName = URLDecoder.decode(loginName, "utf-8");
loginName = des.decrypt(loginName);
System.out.println("cpId2==="+cpId+"loginName2==="+loginName+":"+"WXWL".equals(cpId));
if("WXWL".equals(cpId)){
user = dao.login(loginName);
session.setAttribute("user", user);
if(user==null){
}else{
String areaId = user.getAreaId();
System.out.println("areaId"+areaId);
String[] areaIdArr = areaId.split(",");
if(areaIdArr.length==5){
user.setAreaId("95");
}
}
}else{
res.sendRedirect(req.getContextPath()+"/login.jsp");
return;
}
}else{
res.sendRedirect(req.getContextPath()+"/login.jsp");
return;
}

}
}
chain.doFilter(request, response);
}

package dap.dao.common;
import java.io.*;
import java.net.*;
import java.security.spec.*;
import java.text.SimpleDateFormat;
import java.util.Date;

import javax.crypto.*;
import javax.crypto.spec.*;

import org.apache.log4j.Logger;

/**
* TTP2732 HNREQ_三并前功能_第二阶段_个性化需求-单点登录功能支撑_crm00031047_海南10000号系统单点登录方案
*
* @author yehq 2013-05-24
*
*/
public class DesEncrypter {
Cipher ecipher;
Cipher dcipher;
static Logger logger = Logger.getLogger("DesEncrypter");
// 8-byte Salt
byte[] salt = { (byte) 0xA9, (byte) 0x9B, (byte) 0xC8, (byte) 0x32,
(byte) 0x56, (byte) 0x35, (byte) 0xE3, (byte) 0x03 };

final static private String PASS_PHRASE = "password";

// Iteration count
int iterationCount = 19;

public DesEncrypter() {
this(PASS_PHRASE);
}

public DesEncrypter(String passPhrase) {
try {
// Create the key
KeySpec keySpec = new PBEKeySpec(passPhrase.toCharArray(), salt,
iterationCount);
SecretKey key = SecretKeyFactory.getInstance("PBEWithMD5AndDES")
.generateSecret(keySpec);
ecipher = Cipher.getInstance(key.getAlgorithm());
dcipher = Cipher.getInstance(key.getAlgorithm());

// Prepare the parameter to the ciphers
AlgorithmParameterSpec paramSpec = new PBEParameterSpec(salt,
iterationCount);

// Create the ciphers
ecipher.init(Cipher.ENCRYPT_MODE, key, paramSpec);
dcipher.init(Cipher.DECRYPT_MODE, key, paramSpec);
} catch (java.security.InvalidAlgorithmParameterException e) {
} catch (java.security.spec.InvalidKeySpecException e) {
} catch (javax.crypto.NoSuchPaddingException e) {
} catch (java.security.NoSuchAlgorithmException e) {
} catch (java.security.InvalidKeyException e) {
}
}

public String encrypt(String str) {
try {
// Encode the string into bytes using utf-8
byte[] utf8 = str.getBytes("UTF8");

// Encrypt
byte[] enc = ecipher.doFinal(utf8);

// Encode bytes to base64 to get a string
String base64 = new sun.misc.BASE64Encoder().encode(enc);

return URLEncoder.encode(base64, "ascii");
} catch (javax.crypto.BadPaddingException e) {
} catch (IllegalBlockSizeException e) {
} catch (UnsupportedEncodingException e) {
}
return null;
}

public String decrypt(String str) {
try {
String base64 = URLDecoder.decode(str, "ascii");

// Decode base64 to get bytes
byte[] dec = new sun.misc.BASE64Decoder().decodeBuffer(base64);

// Decrypt
byte[] utf8 = dcipher.doFinal(dec);

// Decode using utf-8
return new String(utf8, "UTF8");
} catch (javax.crypto.BadPaddingException e) {
} catch (IllegalBlockSizeException e) {
} catch (UnsupportedEncodingException e) {
} catch (IOException e) {
}

return null;
}

public static void main(String[] args) {
// Here is an example that uses the class
try {
// Create encrypter/decrypter class
DesEncrypter encrypter = new DesEncrypter();// 密钥 password
//
// String a = "1849-25";
// logger.debug(a);
//
// // Encrypt
// String encrypted = encrypter.encrypt(a);
// logger.debug(encrypted);
//
// // Decrypt
// String decrypted = encrypter.decrypt(encrypted);
// logger.debug(decrypted);
SimpleDateFormat sf = new SimpleDateFormat("yyyyMMdd HH:mm:ss");// yyyyMMddHHmmss
Date date = new Date();
System.out.println(sf.format(date));
System.out.println(encrypter.encrypt(sf.format(date)));
System.out.println(encrypter.decrypt(encrypter.encrypt(sf
.format(date))));

} catch (Exception e) {
}
}
}