definition
Single Sign On (Single Sign On), referred to as SSO, is one of the more popular solutions for enterprise business integration. The definition of SSO is that in multiple application systems, users only need to log in once to access all mutually trusted application systems.
Implementation principle of single sign-on for shared second-level domain names
First, according to the account number and password entered by the user, query the user information (user ID, user name, user type and other important and difficult-to-change fields ), and splicing the user's relevant information (user ID, user name, user type, etc. important and difficult to change) field) and the current timestamp (timestamp), encrypt the string with md5, and generate the session value value stored when the user logs in; at the same time, generate the key ( user number, user name, user type character ) to store the session value according to the relevant information of the user String splicing , encrypted with md5 process, the same user value will never change ) , store the generated key-value pair I (key, value) in redis , if the corresponding key already exists in redis , delete the redis key-value pair and store it again redis (the same account login and kick each other); calculate the expiration time of this login according to the timeout time of a login and the timestamp during encryption (usually it will be delayed 10~20 seconds to clear the login information in the cache redis) expireTime, put The login information of the user login is encapsulated into a User object, and the value of the previously stored redis is used as the key of the new redis storage, and the new key-value pair II (value, User , NX/XX, EX/PX, expireTime ) is stored in redis ; According to the pre-defined cookieKey, the II key of the user information redis will be storedAs the value of the cookie, write it into the browser (Response), set the second-level domain name of the cookie to the second-level domain name obtained by the server, the path Path to the root path ("/"), set the cookie timeout time to: time, and then jump to Go to the login success page index.html.
When refreshing the relevant functions of this application, the login page, or the trusted application of the same second-level domain name, filter all requests through the general filter Filter (excluding static resource files, pictures, and related requests that do not require authentication - login and registration pages), the filter will obtain the browser's cookie according to the second-level domain name (all trusted applications have the same cookieKey). If there is no corresponding cookie value, it will directly jump to the login page to prompt the customer to log in. If there is a cookie value, Use the cookie value as the key to obtain the value of redis. If the value is not obtained, it means that the login has expired and jumps to the login page (re-login is required). Otherwise, it means that the user has successfully logged in and directly enters the corresponding request page or system.
Md5 encryption method:
public class MD5Util {
public MD5Util() {
}
public static final String md5(String s) { //md5 encryption implementation 1
char[] hexDigits = new char[] { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
MessageDigest mdInst = null;
String result = null;
try {
byte[] inputBytes = s.getBytes("UTF-8");
mdInst = MessageDigest.getInstance("md5");
mdInst.update(inputBytes);
byte[] md = mdInst.digest();
int j = md.length;
char[] str = new char[j * 2];
int k = 0;
for (int i = 0; i < j; ++i) {
byte byte0 = md[i];
str[k++] = hexDigits[byte0 >>> 4 & 15];
str[k++] = hexDigits[byte0 & 15];
}
result = new String(str);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace ();
} catch (UnsupportedEncodingException e) {
e.printStackTrace ();
}
return result;
}
public synchronized static final String getMD5Str(String str) { //md5 encryption implementation 2
Logger log = Logger.getLogger(MD5Util.class);
MessageDigest messageDigest = null;
try{
messageDigest = MessageDigest.getInstance("MD5");
messageDigest.reset();
messageDigest.update(str.getBytes());
} catch (NoSuchAlgorithmException e) {
log.error("md5 error:"+e.getMessage(),e);
}
byte[] byteArray = messageDigest.digest();
StringBuffer md5StrBuff = new StringBuffer();
for (int i = 0; i < byteArray.length; i++) {
if (Integer.toHexString(0xFF & byteArray[i]).length() == 1)
md5StrBuff.append("0").append(Integer.toHexString(0xFF & byteArray[i]));
else
md5StrBuff.append(Integer.toHexString(0xFF & byteArray[i]));
}
return md5StrBuff.toString();
}
}
How to get the second-level domain name:
public static String getSecondLevelDomain(String host) {
String secondLevelDomain = GlobalVariable.secondLevelDomain;// second level domain name
if (null == secondLevelDomain) {
int index = host.indexOf(":");
String domain = null;
if (index == -1) {
domain = host;
} else {
domain = host.substring(0, index);
}
int index2 = domain.indexOf(".");
if (index2 == -1) {
secondLevelDomain = domain;
} else {
secondLevelDomain = domain.substring(index2);
}
GlobalVariable. secondLevelDomain = secondLevelDomain;
}
return secondLevelDomain;
}