单点登录实现

单点登录实现

本文是基于单点登录的代码简单实现，具体涉及到了三个工程

一个认证系统，两个子系统 。代码下载地址：http://download.csdn.net/download/qq_23994787/10139716

先看一下系统显示效果。

未登录状态访问子系统会直接跳转到终端认证系统

从任意子系统登录后，切换子系统不用再次登录

从任意子系统退出登录后，再次访问子系统跳转到认证页面里重新登录

实现代码

首先是认证系统SSOAuth

package com.sso.util;import java.io.IOException;import java.io.PrintWriter;import java.sql.Connection;import java.sql.DriverManager;import java.sql.PreparedStatement;import java.sql.ResultSet;import java.util.Date;import java.util.concurrent.ConcurrentHashMap;import java.util.concurrent.ConcurrentMap;import javax.servlet.ServletConfig;import javax.servlet.ServletException;import javax.servlet.http.Cookie;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;public class SSOAuth extends HttpServlet {private static final long serialVersionUID = 1L;private static ConcurrentMap<String, String> accounts;private static ConcurrentMap<String, String> SSOIDs;private String cookiename = "DesktopSSOID";private String domainname = null;public void init(ServletConfig config) throws ServletException {domainname = config.getInitParameter("domainname");cookiename = config.getInitParameter("cookiename");SSOIDs = new ConcurrentHashMap<String, String>();userMsg();}// 连接数据库查找用户信息public void userMsg() {    accounts = new ConcurrentHashMap<String, String>();Connection conn = null;String url = "jdbc:mysql://localhost:3306/test?useUnicode=true&characterEncoding=UTF8";String username = "root";String password = "root";try {Class.forName("com.mysql.jdbc.Driver");conn = DriverManager.getConnection(url, username,password);PreparedStatement ps = conn.prepareStatement("select * from user");ResultSet rs = ps.executeQuery();while (rs.next()) {accounts.put(rs.getString("username"), rs.getString("password"));System.out.println(accounts.toString());}rs.close();ps.close();conn.close();} catch (Exception e) {e.printStackTrace();}}protected void doGet(HttpServletRequest request,HttpServletResponse response) throws ServletException, IOException {request.setCharacterEncoding("utf-8");response.setCharacterEncoding("utf-8");response.setContentType("text/html;charset=utf8");processRequest(request, response);}protected void doPost(HttpServletRequest request,HttpServletResponse response) throws ServletException, IOException {request.setCharacterEncoding("utf-8");response.setCharacterEncoding("utf-8");response.setContentType("text/html;charset=utf8");processRequest(request, response);}protected void processRequest(HttpServletRequest request,HttpServletResponse response) throws ServletException, IOException {String action = request.getParameter("action");String result ="failed";PrintWriter out = response.getWriter();if (action == null) {handlerFromLogin(request, response);} else if (action.equals("authcookie")) {String myCookie = request.getParameter("cookiename");if (myCookie != null){result = authCookie(myCookie);}out.print(result);    out.close();} else if (action.equals("authuser")) {result = authNameAndPasswd(request, response);out.print(result);    out.close();} else if (action.equals("logout")) {String myCookie = request.getParameter("cookiename");logout(myCookie);out.close();}}/** * 验证用户名、密码，然后跳回原页面 */private void handlerFromLogin(HttpServletRequest request,HttpServletResponse response) throws ServletException, IOException {String username = request.getParameter("username");String password = request.getParameter("password");String pass = accounts.get(username);if ((pass == null) || (!pass.equals(password))) {  //DigestUtils.md5Hex(password)request.setAttribute("msg", "登录失败");request.getRequestDispatcher("/failed.jsp").forward(request, response);} else {String gotoURL = request.getParameter("goto") + "index.jsp";String newID = createUID();SSOIDs.put(newID, username);this.add2Cookie(response, this.cookiename, newID, 60 * 1000);System.out.println("登录成功, 返回前url:" + gotoURL);response.sendRedirect(gotoURL);}}/** * 添加至cookie */private void add2Cookie(HttpServletResponse response, String cookieName,String cookieValue, int maxAge) {Cookie cookie = new Cookie(cookieName, cookieValue);cookie.setDomain(this.domainname);cookie.setPath("/");cookie.setMaxAge(maxAge); // cookie一年内有效60*60*24*365response.addCookie(cookie);}/** * 身份验证 * @param value * @return */public static String authCookie(String value) {String result = SSOIDs.get(value);if (result == null) {result = "failed";System.out.println("身份验证失败");} else {System.out.println("身份验证成功");}return result;}/** * 验证用户名和密码    正确返回当前登录用户uid * @param request * @param response * @return */protected String authNameAndPasswd(HttpServletRequest request,HttpServletResponse response) {String username = request.getParameter("username");String password = request.getParameter("password");String pass = (String) accounts.get(username);if ((pass == null) || (!pass.equals(password)))  //DigestUtils.md5Hex(password)return "failed";String newID = createUID();SSOIDs.put(newID, username);return newID;}    /**     * 创建uid     * @return  String     */private static String createUID() {Date now = new Date();long time = now.getTime();return "sso" + time;}/** * 注销 * @param UID */private void logout(String UID) {System.out.println("---退出登录---" + UID);SSOIDs.remove(UID);}}

子系统

package com.sso.filter;import java.io.IOException;import java.io.PrintStream;import java.io.PrintWriter;import java.io.StringWriter;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.Cookie;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.apache.commons.httpclient.HttpClient;import org.apache.commons.httpclient.methods.GetMethod;public class SSOFilter implements Filter {private FilterConfig filterConfig = null;private String cookieName = "DesktopSSOID";private String SSOServiceURL = "http://localhost:8080/SSOAuth/SSOAuth";private String SSOLoginPage = "http://localhost:8080/SSOAuth/login.jsp";public void init(FilterConfig filterConfig) {System.out.println("------demo1初始化-----");this.filterConfig = filterConfig;this.cookieName = filterConfig.getInitParameter("cookieName");this.SSOServiceURL = filterConfig.getInitParameter("SSOServiceURL");this.SSOLoginPage = filterConfig.getInitParameter("SSOLoginPage");}public void destroy() {}public void doFilter(ServletRequest req, ServletResponse res,FilterChain chain) throws IOException, ServletException {// 控制台输出 拦截成功System.out.println("------demo1拦截器-------");HttpServletRequest request = (HttpServletRequest) req;HttpServletResponse response = (HttpServletResponse) res;String result = "failed";String path = request.getContextPath(); String url = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";System.out.println("demo1-----loginout请求-----"+url);// 获取路径参数？后部分内容String qstring = request.getQueryString();if (qstring == null) qstring = "";// 检查http请求的head是否有需要的cookieString cookieValue = "";Cookie[] diskCookies = request.getCookies();// 如果登录找到对应的cookieif (diskCookies != null) {for (int i = 0; i < diskCookies.length; i++) {if (diskCookies[i].getName().equals(this.cookieName)) {cookieValue = diskCookies[i].getValue();// 如果找到了相应的cookie则效验其有效性result = SSOService(cookieValue);System.out.println("-----demo1找到了 cookies!----");}}}// 效验失败或没有找到cookie，则需要登录if (result.equals("failed")) {response.sendRedirect(this.SSOLoginPage + "?goto=" + url);} else if (qstring.indexOf("logout") > 1) {// logout服务System.out.println("-----从demo1退出登陸!----");logoutService(cookieValue);response.sendRedirect(this.SSOLoginPage + "?goto=" + url);} else {// 效验成功request.setAttribute("SSOUser", result);  Throwable problem = null;try {chain.doFilter(req, res);} catch (Throwable t) {problem = t;t.printStackTrace();}if (problem != null) {if ((problem instanceof ServletException))throw ((ServletException) problem);if ((problem instanceof IOException))throw ((IOException) problem);sendProcessingError(problem, res);}}}// 校验登录cookieprivate String SSOService(String cookievalue) throws IOException {String authAction = "?action=authcookie&cookiename=";HttpClient httpclient = new HttpClient();GetMethod httpget = new GetMethod(this.SSOServiceURL + authAction+ cookievalue);try {httpclient.executeMethod(httpget);String result = httpget.getResponseBodyAsString();System.out.println("------------demo1------------"+result);return result;} finally {httpget.releaseConnection();}}// 校验登出cookieprivate void logoutService(String cookievalue) throws IOException {String authAction = "?action=logout&cookiename=";HttpClient httpclient = new HttpClient();GetMethod httpget = new GetMethod(this.SSOServiceURL + authAction+ cookievalue);try {httpclient.executeMethod(httpget);httpget.getResponseBodyAsString();} finally {httpget.releaseConnection();}}private void sendProcessingError(Throwable t, ServletResponse response) {String stackTrace = getStackTrace(t);if ((stackTrace != null) && (!stackTrace.equals(""))) {try {response.setContentType("text/html");PrintStream ps = new PrintStream(response.getOutputStream());PrintWriter pw = new PrintWriter(ps);pw.print("<html>\n<head>\n<title>Error</title>\n</head>\n<body>\n");pw.print("<h1>The resource did not process correctly</h1>\n<pre>\n");pw.print(stackTrace);pw.print("</pre></body>\n</html>");pw.close();ps.close();response.getOutputStream().close();} catch (Exception ex) {}} else{try {PrintStream ps = new PrintStream(response.getOutputStream());t.printStackTrace(ps);ps.close();response.getOutputStream().close();} catch (Exception ex) {}}}public static String getStackTrace(Throwable t) {String stackTrace = null;try {StringWriter sw = new StringWriter();PrintWriter pw = new PrintWriter(sw);t.printStackTrace(pw);pw.close();sw.close();stackTrace = sw.getBuffer().toString();} catch (Exception ex) {}return stackTrace;}public FilterConfig getFilterConfig() {return this.filterConfig;}public void setFilterConfig(FilterConfig filterConfig) {this.filterConfig = filterConfig;}}