[SSO] Implementation principle of single sign-on

Others 2022-04-27 17:19:12 views: 0

The unified authentication of the subsystem is handed over to the SSO to solve the problem, so that after one login, there is no need to enter the account password again after logging in to other systems. Record your own implementation logic below, and the code will be added later.

Set up a global interceptor

Set a global interceptor on the subsystem to exclude login-related requests, and other requests need to check the login information. Send the request information (mainly session, request request and parameter information you think necessary) to the SSO system, and the SSO system will process it uniformly. As for how to access the SSO system, you can configure the url to specify the API of the SSO system, or use the springcloud or dubbo of microservices to achieve it. The checked information is two values ​​in the session:

  • token: A random string generated when logging in.
  • timestamp: The timestamp when logging in.

Inspection method

First check whether there is a token. If it does not exist, it means that you have not logged in and you need to log in. Return the message that you need to log in and let the interceptor tell it to redirect.
There is a token, and then check the timestamp. Here you need to set a login validity period, such as half an hour, then take the current time to subtract the timestamp, and compare the difference with half an hour. If it exceeds half an hour, it is a login timeout, and it also returns that you need to log in. If there is no message for half an hour, then it is in the logged-in state, you can proceed to the next step, and the interceptor is released.

Implementation of no login

When debugging in the background, sometimes it is necessary to test some interface functions. If there is already a login interception, it will be very painful. So sometimes you can set a special value to achieve login-free operation, which is equivalent to opening a back door.
The simple thing is to add a parameter to the configuration, whether you need to check the login. Add this to the request and send it to SSO. When SSO checks the value that you set for this parameter without logging in, it will directly return the message without logging in, otherwise check it. that's fine.

SSO extension function

If the SSO system only checks the login, then the function of this system is too simple. It is better to increase the permission control of the role function and the visual interface that can be configured on the front end.

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=325746638&siteId=291194637
Recommended
Ranking
vue project automated build tools 1.0, support for multi-page build
JDBC add, update, delete data
SpringCloud combat service in response to the decline tutorial series (Chapter IV)
A segmentation fault (core dumped) error occurs when C+11 compiles and calls the PCL library
Django achieve websocket
Go语言并发之道--笔记1
Three-tier structure and application
Zhejiang data structure after-school exercise practice two 7-2 Reversing Linked List (25 points)
Front-end interview brushing day9 (updated daily high-frequency inspection points for front-end interviews)
The difference between the shell of the single and double quote
Daily
More
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)

Code World

© 2018 codetd.com