CN108989334A - A kind of SSO single-point logging method based on JAVA - Google Patents
A kind of SSO single-point logging method based on JAVA Download PDFInfo
- Publication number
- CN108989334A CN108989334A CN201810933636.XA CN201810933636A CN108989334A CN 108989334 A CN108989334 A CN 108989334A CN 201810933636 A CN201810933636 A CN 201810933636A CN 108989334 A CN108989334 A CN 108989334A
- Authority
- CN
- China
- Prior art keywords
- sso
- logging
- bill
- application system
- page
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
Abstract
The present invention provides a kind of SSO single-point logging method based on JAVA, in user, application system, between SSO system and authoring system, third party system, single-sign-on is carried out by Cookie and public Token bill, i.e. user logs in application system, when first logging into, SSO system is directly logged in, if logined successfully, then verified by login page LDAP, into authoring system, the public Token bill of authorization message is obtained, by public Token bill in application system, access is completed in data sharing between SSO system and authoring system, third party system;The present invention does not completely depend on browser Cookie, compatible Cookie, 302 redirections etc., reduce the dependence to terminal, 302 excessive redirections when avoiding logging in, logging state, login banner are shared by using Token mode, it avoids repeat logon or malice from logging in, integrates the processor of Spring, solve files classes list.
Description
Technical field
The invention belongs to server log technical fields, and in particular to a kind of SSO single-point logging method based on JAVA.
Background technique
We frequently refer to the exchange of data in a browser, when client request server, if server needs
The User Status is recorded, just issues a Cookie to client browser using response.And client browser can be
Cookie is saved.When browser request server again, browser is together submitted the network address of request together with the Cookie
To server.Server obtains User Status by checking the Cookie.Just such as in login service device, server needs
Judge whether currently logged on user legitimate user and need to log in again by log-on message, it is used at present several
Server log mode, respectively there is advantage and disadvantage, and if Cookie is generated by server end, it is (usually clear to be sent to User-Agent
Look at device), the key/value of Cookie can be saved in the text file under some catalogue by browser, and next time requests same net
The Cookie is just sent when standing to server, cookie name claims and is worth can be developed oneself definition by server end, for JSP
Speech can also write direct jsessionid, and it includes the arbitrariness of information to screen simultaneously that such server, which can use Cookies,
Regular these information of maintenance, to judge the state in HTTP transmission.The most typical application of Cookies is to determine registration user
Whether have logged on website, user may be prompted, if next time enter this website when retain user information so as to
Simplify and log in formality, these are all the functions of Cookies, another important application occasion is " shopping cart " etc processing, user
Different commodity may be selected in the different pages of same home Web site whithin a period of time, these information can all be written
Cookies holds logging state by Cookie mode to extract information in complete payment, it was demonstrated that there are security risk,
And it cross-domain cannot realize and exempt to log in;Hold logging state also by JSONP mode, although son can be logged in analog encryption algorithm
Using;Login mode is carried out by the way of relying on page reorientation, it is difficult although can solve safe, cross-domain, realization complexity
To promote;Logic and service logic are logged in using user and turn round login mode at one piece, project complexity is excessively high, it is more difficult to multiplexing and
Promote, can not modularization, can not individually manage and permission control;If using between each product of entire product line, frequency
Numerous login mode needs frequently verifying when login, increases the threshold used, and reduce the overall experience sense used.
Summary of the invention
According to above-mentioned elaboration, the purpose of the present invention is to provide a kind of the SSO single-point logging method based on JAVA, use
Token mode shares logging state, login banner, compatible Cookie, 302 redirections etc., reduces the dependence to terminal, integrates
The processor of Spring solves files classes list.
Technical solution provided by the invention:
A kind of SSO single-point logging method based on JAVA, in user, application system, SSO system and authoring system, third
Between method, system, following steps are completed:
Q1, single-sign-on is carried out by Cookie and public Token bill, i.e. user logs in application system, for the first time
When login, directly login SSO system is verified if logined successfully by login page LDAP, into authoring system, is obtained
The public Token bill of authorization message, and the public Token bill of authorization message is returned into SSO system, and in application system
In, the logging request of user jumps to the page of access, such as logs in unsuccessful, then returns to error message, and return to application system
User's login page;
Q2, when accessing the application system page again, by requesting Get, Post parameter mode to enter SSO system and logged in
State verification verifies whether to have logged on, and if the verifying of SSO system has been in logging state, then returns to application system access page
Face returns to application system user (asu) login page if verifying is not logged in;
Q3, it has been in logging state in the verifying of SSO system, when returning to application system accession page, SSO system will be authorized
The public Token bill of information is passed to third party system, and third party system relies on Java filter, Spring by SSO system
Filter carries out the filtering of logging state, verifies whether to have logged on, and if the verifying of SSO system has been in logging state, then permits
Family allowable accesses third party system, if verifying is not logged in, returns to application system user (asu) login page.
In above-mentioned technical proposal, in Q2 and Q3, allow application system, SSO system, third party system by JVM caching,
The third parties such as Redis cache middleware, share public Token bill.
In above-mentioned technical proposal, public Token bill is shared, in authoring system, sets up corresponding authority limitation, permission point
Match, independent individual center.
The present invention does not completely depend on browser Cookie, compatible Cookie, 302 redirections etc., reduces the dependence to terminal,
302 excessive redirections, share logging state, login banner by using Token mode, avoid repeat logon when avoiding logging in
Or malice logs in, and integrates the processor of Spring, solves files classes list.
Specific embodiment
Technical solution of the present invention is clearly and completely described With reference to embodiment, it is clear that described
Embodiment be only a part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, ability
Domain those of ordinary skill every other embodiment obtained without creative efforts, belongs to guarantor of the present invention
The range of shield.
A kind of SSO single-point logging method based on JAVA, in user, application system, SSO system and authoring system, third
Between method, system, following steps are completed:
Q1, single-sign-on is carried out by Cookie and public Token bill, i.e. user logs in application system, for the first time
When login, directly login SSO system is verified if logined successfully by login page LDAP, into authoring system, is obtained
The public Token bill of authorization message, and the public Token bill of authorization message is returned into SSO system, and in application system
In, the logging request of user jumps to the page of access, such as logs in unsuccessful, then returns to error message, and return to application system
User's login page;
Q2, when accessing the application system page again, by requesting Get, Post parameter mode to enter SSO system and logged in
State verification verifies whether to have logged on, and if the verifying of SSO system has been in logging state, then returns to application system access page
Face returns to application system user (asu) login page if verifying is not logged in;
Q3, it has been in logging state in the verifying of SSO system, when returning to application system accession page, SSO system will be authorized
The public Token bill of information is passed to third party system, and third party system relies on Java filter, Spring by SSO system
Filter carries out the filtering of logging state, verifies whether to have logged on, and if the verifying of SSO system has been in logging state, then permits
Family allowable accesses third party system, if verifying is not logged in, returns to application system user (asu) login page.
In Q2 and Q3, allow application system, SSO system, third party system are slow by third parties such as JVM caching, Redis
Middleware is deposited, public Token bill is shared;
For sharing public Token bill, in authoring system, corresponding authority limitation is set up, authority distribution is independent personal
Center, when using public Token bill in application system, in SSO system and authoring system, third party system, corresponding progress
The safety of information is completed in data verification.
The foregoing describe basic principle of the invention and advantages.It should be understood by those skilled in the art that the present invention not by
The limitation of above-mentioned case study on implementation is merely illustrated the principles of the invention described in above-mentioned case study on implementation and specification, is not being departed from
Under the premise of spirit and scope of the invention, various changes and improvements may be made to the invention, these changes and improvements both fall within requirement
In the scope of the invention of protection.Claimed range of the invention is defined by the appending claims and its equivalent thereof.
Claims (3)
1. a kind of SSO single-point logging method based on JAVA, it is characterised in that: in user, application system, SSO system and authorization
Between system, third party system, following steps are completed:
Q1, single-sign-on is carried out by Cookie and public Token bill, i.e. user logs in application system, is first logging into
When, directly login SSO system is verified if logined successfully by login page LDAP, into authoring system, obtains authorization
The public Token bill of information, and the public Token bill of authorization message is returned into SSO system, and in application system, use
The logging request at family jumps to the page of access, such as logs in unsuccessful, then returns to error message, and return to application system user (asu) and step on
Record the page;
Q2, again access the application system page when, by request Get, Post parameter mode enter SSO system carry out logging state
Verifying, verifies whether to have logged on, and if the verifying of SSO system has been in logging state, then returns to application system accession page, such as
Verifying is not logged in, and returns to application system user (asu) login page;
Q3, logging state be in the verifying of SSO system, when return application system accession page, SSO system is by authorization message
Public Token bill be passed to third party system, third party system relies on Java filter, Spring filtering by SSO system
Device carries out the filtering of logging state, verifies whether to have logged on, and if the verifying of SSO system has been in logging state, then allows to use
Family accesses third party system, if verifying is not logged in, returns to application system user (asu) login page.
2. a kind of SSO single-point logging method based on JAVA according to claim 1, it is characterised in that: in Q2 and Q3,
Allow application system, SSO system, third party system cache middleware by third parties such as JVM caching, Redis, share public
Token bill.
3. a kind of SSO single-point logging method based on JAVA according to claim 1, it is characterised in that: share public
Token bill sets up corresponding authority limitation, authority distribution, independent individual center in authoring system.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810933636.XA CN108989334A (en) | 2018-08-16 | 2018-08-16 | A kind of SSO single-point logging method based on JAVA |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810933636.XA CN108989334A (en) | 2018-08-16 | 2018-08-16 | A kind of SSO single-point logging method based on JAVA |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108989334A true CN108989334A (en) | 2018-12-11 |
Family
ID=64554011
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810933636.XA Pending CN108989334A (en) | 2018-08-16 | 2018-08-16 | A kind of SSO single-point logging method based on JAVA |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108989334A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110753045A (en) * | 2019-10-14 | 2020-02-04 | 紫光云(南京)数字技术有限公司 | Single sign-on method between different domains |
CN112347437A (en) * | 2020-10-30 | 2021-02-09 | 银盛支付服务股份有限公司 | Third-party application login-free authorization method and system |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110067095A1 (en) * | 2009-09-14 | 2011-03-17 | Interdigital Patent Holdings, Inc. | Method and apparatus for trusted authentication and logon |
CN106302490A (en) * | 2016-08-23 | 2017-01-04 | 浪潮电子信息产业股份有限公司 | A kind of Web session structure based on Token and service calling method |
CN108040090A (en) * | 2017-11-27 | 2018-05-15 | 上海上实龙创智慧能源科技股份有限公司 | A kind of system combination method of more Web |
-
2018
- 2018-08-16 CN CN201810933636.XA patent/CN108989334A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110067095A1 (en) * | 2009-09-14 | 2011-03-17 | Interdigital Patent Holdings, Inc. | Method and apparatus for trusted authentication and logon |
CN106302490A (en) * | 2016-08-23 | 2017-01-04 | 浪潮电子信息产业股份有限公司 | A kind of Web session structure based on Token and service calling method |
CN108040090A (en) * | 2017-11-27 | 2018-05-15 | 上海上实龙创智慧能源科技股份有限公司 | A kind of system combination method of more Web |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110753045A (en) * | 2019-10-14 | 2020-02-04 | 紫光云(南京)数字技术有限公司 | Single sign-on method between different domains |
CN112347437A (en) * | 2020-10-30 | 2021-02-09 | 银盛支付服务股份有限公司 | Third-party application login-free authorization method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
AU2019206006B2 (en) | System and method for biometric protocol standards | |
US6993596B2 (en) | System and method for user enrollment in an e-community | |
CN102638454B (en) | Plug-in type SSO (single signon) integration method oriented to HTTP (hypertext transfer protocol) identity authentication protocol | |
Josang et al. | Usability and privacy in identity management architectures | |
CN101183932B (en) | Security identification system of wireless application service and login and entry method thereof | |
DE60130037T2 (en) | PROCESS AND SYSTEM FOR WEB-BASED CROSS-DOMAIN AUTHORIZATION WITH UNIQUE REGISTRATION | |
CN112468481B (en) | Single-page and multi-page web application identity integrated authentication method based on CAS | |
CN102469075A (en) | Integration authentication method based on WEB single sign on | |
CN104836803B (en) | Single-point logging method based on session mechanism | |
CN103179134A (en) | Single sign on method and system based on Cookie and application server thereof | |
CN107122674B (en) | Access method of oracle database applied to operation and maintenance auditing system | |
CN109413000B (en) | Anti-stealing-link method and anti-stealing-link network relation system | |
US20100031317A1 (en) | Secure access | |
CN101986598B (en) | Authentication method, server and system | |
CN106341428A (en) | Cross-domain access control method and system | |
CN106161364A (en) | A kind of personal authentication's credential management method and system based on mobile terminal | |
CN103178969B (en) | A kind of service authentication method and system | |
CN109040069A (en) | A kind of dissemination method, delivery system and the access method of cloud application program | |
CN108111518B (en) | Single sign-on method and system based on secure password proxy server | |
CN102143131A (en) | User logout method and authentication server | |
CN109274579A (en) | It is a kind of that user's uniform authentication method is applied based on wechat platform more | |
CN108989334A (en) | A kind of SSO single-point logging method based on JAVA | |
CN109684818A (en) | A kind of server log method for the cross-terminal formula for preventing owner's login password from revealing | |
Kuzminykh et al. | Mechanisms of ensuring security in Keystone service | |
CN114024763A (en) | Multi-system single-point authentication method based on kong |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181211 |