Cookie-based SSO middleware

<dependency>
    <groupId>com.baomidou</groupId>
    <artifactId>kisso</artifactId>
    <version>Maven official latest version shall prevail</version>
</dependency>

(1) What is kisso and how is it different from cas?

1. cas is a single sign-on system. It makes rules for you and can do it according to its requirements. After configuring (complex) everything, you can achieve single sign-on.

2. Kisso is a middleware that provides a component-based solution for cookie to build java web sso. You can use it no matter what architecture you use, just like a USB stick that needs to be plugged in and unplugged when not needed.

3. The cas is centrally verified. All requests are centrally verified by the cas. The disadvantage is that the cas service is under great pressure. kisso decentralized verification, each system verifies the legitimacy of the cookie, and the disadvantage is that the secret key should be well protected.

(2) Why is it a cookie instead of a session? What is the difference between them?

Kisso uses encrypted session cookie, which will be invalid immediately when the browser is closed. At the same time, it supports background login timeout and automatic logout, and supports client browser authentication, access ip and cookie security configuration.

1. The session is stored on the server side, and the cookie is stored on the client side. There are two states: " The first type: persistent cookies are time-sensitive, stored in the client's hard disk in the form of files, and automatically deleted when the life cycle ends. The second type: Temporary cookies, also known as session cookies, are placed in the browser's memory and automatically expire when the browser closes its life cycle."

2. In terms of simply not making any changes, the session is more secure. If the cookie adopts various security protection measures, the cookie at this time is as safe.

3. Cookies can easily implement distributed service deployment, single sign-on and cross-domain access and other issues. Replacing sessions with sessions requires dealing with session replication and various problems.

(3) What are the frequently asked questions?

To reiterate here, friends who download the source code first run it according to the example provided by the demo, and then rush to change it if you don’t want to come up. time is really worth it.

1. What is cross domain? There are 2 types of cross-domain here:

The first, the same root domain name with different subdomains, such as my.baomidou.com, sso.baomidou.com, other.baomidou.com At this time, to configure the domain, you only need to configure .baomidou.com.

Check out the normal demo: kisso_JFinal demo kisso_SpringMvc demo

The second, completely different domain name, such as sso.baomidou.com git.oschina.net is more complicated at this time kisso uses rsa encryption challenge verification (more complicated)

Check out the cross-domain demo: kisso_crossdomain cross-domain demo

2. Does it support changing to ip?

support! Note that when accessing, use ip to access. The configuration ip of the domain can be used, not .192.168.1.3. Be careful not to add a . dot in front of it at this time.

3. How to configure sso.properties?

In addition to the key, domain name, which must be modified, other default configurations can be checked or selected according to your needs. Click to select the configuration according to your own needs.

Many friends ask? Who is using kisso!?

Don't ask me how many stars I have, I will tell you a lot! ! (confidential)

(1) sso login status