一、单点登录介绍
单点登录(Single Sign On),简称为 SSO,是目前比较流行的企业业务整合的解决方案之一。SSO的定义是在多个应用系统中,用户只需要登录一次就可以访问所有相互信任的应用系统。
同域下:单点登录是巧用了Cookie顶域的特性。
不同域下:如果是不同域呢?不同域之间Cookie是不共享的,怎么办? 这个是使用CAS流程,单点登录的标准流程。
相关详情:https://yq.aliyun.com/articles/636281
https://blog.csdn.net/qq_34246546/article/details/79493208
二、同域下的单点登录:利用sessionID+cookie+redis
1. cookie工具类
package com.mmall.util; import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.StringUtils; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** * cookie工具类 */ @Slf4j public class CookieUtil { private static final String COOKIE_DOMAIN = "wangjun.com"; //顶级域名 private static final String COOKIE_NAME = "mmall_login_token";//cookieName /** * 从请求中读取cookie * @param request * @return */ public static String readLoginToken(HttpServletRequest request){ Cookie[] cks = request.getCookies(); if (cks != null){ for (Cookie cookie : cks){ log.info("read cookieName:{}, cookieValue:{}",cookie.getName(),cookie.getValue()); if (StringUtils.equals(cookie.getName(),COOKIE_NAME)){ log.info("return cookieName:{}, cookieValue:{}",cookie.getName(),cookie.getValue()); return cookie.getValue(); } } } return null; } /** * 写入cookie * @param response * @param token */ public static void writeLoginToken(HttpServletResponse response, String token){ Cookie cookie = new Cookie(COOKIE_NAME, token); cookie.setDomain(COOKIE_DOMAIN); cookie.setPath("/"); //代表根目录,根目录以下的代码和页面可以获取到cookie //单位秒,如果不设置maxage,cookie就不会写入硬盘,而是写入内存,只在当前页面有效 cookie.setMaxAge(60 * 60 * 24 * 365); log.info("write cookieName:{}, cookieValue:{}", cookie.getName(),cookie.getValue()); response.addCookie(cookie); } /** * 删除cookie * @param request * @param response */ public static void delLoginToken(HttpServletRequest request, HttpServletResponse response){ Cookie[] cks = request.getCookies(); if (cks != null){ for (Cookie cookie : cks){ if (StringUtils.equals(cookie.getName(),COOKIE_NAME)){ cookie.setDomain(COOKIE_DOMAIN); cookie.setPath("/"); cookie.setHttpOnly(true); //无法用脚本访问cookie。当然不能全面防止,但可以提高安全性 cookie.setMaxAge(0);//设置为0,代表删除此cookie log.info("del cookieName:{}, cookieValue:{}", cookie.getName(),cookie.getValue()); response.addCookie(cookie); return; } } } } }
2. redis相关内容
(1)使用集群:https://www.cnblogs.com/FondWang/p/11690791.html
(2)单机redis:https://www.cnblogs.com/FondWang/p/11681222.html
3. json对象转换
作用:将登录信息转换陈json,存储到redis中。
https://www.cnblogs.com/FondWang/p/11703197.html
4. 登录代码
@Controller @RequestMapping("/user/") public class UserController { @Autowired private IUserService iUserService; /** * 用户登录 * @param username * @param password * @param session * @return */ @RequestMapping(value = "login.do",method = RequestMethod.POST) @ResponseBody public ServiceResponse<User> login(String username, String password, HttpSession session, HttpServletResponse httpServletResponse){ ServiceResponse<User> response = iUserService.login(username, password); if (response.isSuccess()){ CookieUtil.writeLoginToken(httpServletResponse,session.getId()); //将内容写入cookie中 RedisShardedPoolUtil.setEx(session.getId(), JsonUtil.obj2String(response.getData()), Const.RedisCacheExtime.REDIS_SESSION_EXTIME); } return response; } /** * 登出 删除session * @param httpServletRequest * @return */ @RequestMapping(value = "logout.do",method = RequestMethod.POST) @ResponseBody public ServiceResponse<String> logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) { String loginToken = CookieUtil.readLoginToken(httpServletRequest); //获取cookie的sessionID,如果存在,删除登出 CookieUtil.delLoginToken(httpServletRequest,httpServletResponse); //删除cookie中对应的token用户信息 RedisShardedPoolUtil.del(loginToken); //删除对应redis的用户信息 return ServiceResponse.createBySuccess("已登出"); } }
三、不同域下的单点登录
待更新