CN108989334A - A kind of SSO single-point logging method based on JAVA - Google Patents

A kind of SSO single-point logging method based on JAVA Download PDF

Info

Publication number
CN108989334A
CN108989334A CN201810933636.XA CN201810933636A CN108989334A CN 108989334 A CN108989334 A CN 108989334A CN 201810933636 A CN201810933636 A CN 201810933636A CN 108989334 A CN108989334 A CN 108989334A
Authority
CN
China
Prior art keywords
sso
logging
bill
application system
page
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810933636.XA
Other languages
Chinese (zh)
Inventor
宋国徽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Zhongke Wutong Network Technology Co Ltd
Original Assignee
Beijing Zhongke Wutong Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Zhongke Wutong Network Technology Co Ltd filed Critical Beijing Zhongke Wutong Network Technology Co Ltd
Priority to CN201810933636.XA priority Critical patent/CN108989334A/en
Publication of CN108989334A publication Critical patent/CN108989334A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos

Abstract

The present invention provides a kind of SSO single-point logging method based on JAVA, in user, application system, between SSO system and authoring system, third party system, single-sign-on is carried out by Cookie and public Token bill, i.e. user logs in application system, when first logging into, SSO system is directly logged in, if logined successfully, then verified by login page LDAP, into authoring system, the public Token bill of authorization message is obtained, by public Token bill in application system, access is completed in data sharing between SSO system and authoring system, third party system;The present invention does not completely depend on browser Cookie, compatible Cookie, 302 redirections etc., reduce the dependence to terminal, 302 excessive redirections when avoiding logging in, logging state, login banner are shared by using Token mode, it avoids repeat logon or malice from logging in, integrates the processor of Spring, solve files classes list.

Description

A kind of SSO single-point logging method based on JAVA
Technical field
The invention belongs to server log technical fields, and in particular to a kind of SSO single-point logging method based on JAVA.
Background technique
We frequently refer to the exchange of data in a browser, when client request server, if server needs The User Status is recorded, just issues a Cookie to client browser using response.And client browser can be Cookie is saved.When browser request server again, browser is together submitted the network address of request together with the Cookie To server.Server obtains User Status by checking the Cookie.Just such as in login service device, server needs Judge whether currently logged on user legitimate user and need to log in again by log-on message, it is used at present several Server log mode, respectively there is advantage and disadvantage, and if Cookie is generated by server end, it is (usually clear to be sent to User-Agent Look at device), the key/value of Cookie can be saved in the text file under some catalogue by browser, and next time requests same net The Cookie is just sent when standing to server, cookie name claims and is worth can be developed oneself definition by server end, for JSP Speech can also write direct jsessionid, and it includes the arbitrariness of information to screen simultaneously that such server, which can use Cookies, Regular these information of maintenance, to judge the state in HTTP transmission.The most typical application of Cookies is to determine registration user Whether have logged on website, user may be prompted, if next time enter this website when retain user information so as to Simplify and log in formality, these are all the functions of Cookies, another important application occasion is " shopping cart " etc processing, user Different commodity may be selected in the different pages of same home Web site whithin a period of time, these information can all be written Cookies holds logging state by Cookie mode to extract information in complete payment, it was demonstrated that there are security risk, And it cross-domain cannot realize and exempt to log in;Hold logging state also by JSONP mode, although son can be logged in analog encryption algorithm Using;Login mode is carried out by the way of relying on page reorientation, it is difficult although can solve safe, cross-domain, realization complexity To promote;Logic and service logic are logged in using user and turn round login mode at one piece, project complexity is excessively high, it is more difficult to multiplexing and Promote, can not modularization, can not individually manage and permission control;If using between each product of entire product line, frequency Numerous login mode needs frequently verifying when login, increases the threshold used, and reduce the overall experience sense used.
Summary of the invention
According to above-mentioned elaboration, the purpose of the present invention is to provide a kind of the SSO single-point logging method based on JAVA, use Token mode shares logging state, login banner, compatible Cookie, 302 redirections etc., reduces the dependence to terminal, integrates The processor of Spring solves files classes list.
Technical solution provided by the invention:
A kind of SSO single-point logging method based on JAVA, in user, application system, SSO system and authoring system, third Between method, system, following steps are completed:
Q1, single-sign-on is carried out by Cookie and public Token bill, i.e. user logs in application system, for the first time When login, directly login SSO system is verified if logined successfully by login page LDAP, into authoring system, is obtained The public Token bill of authorization message, and the public Token bill of authorization message is returned into SSO system, and in application system In, the logging request of user jumps to the page of access, such as logs in unsuccessful, then returns to error message, and return to application system User's login page;
Q2, when accessing the application system page again, by requesting Get, Post parameter mode to enter SSO system and logged in State verification verifies whether to have logged on, and if the verifying of SSO system has been in logging state, then returns to application system access page Face returns to application system user (asu) login page if verifying is not logged in;
Q3, it has been in logging state in the verifying of SSO system, when returning to application system accession page, SSO system will be authorized The public Token bill of information is passed to third party system, and third party system relies on Java filter, Spring by SSO system Filter carries out the filtering of logging state, verifies whether to have logged on, and if the verifying of SSO system has been in logging state, then permits Family allowable accesses third party system, if verifying is not logged in, returns to application system user (asu) login page.
In above-mentioned technical proposal, in Q2 and Q3, allow application system, SSO system, third party system by JVM caching, The third parties such as Redis cache middleware, share public Token bill.
In above-mentioned technical proposal, public Token bill is shared, in authoring system, sets up corresponding authority limitation, permission point Match, independent individual center.
The present invention does not completely depend on browser Cookie, compatible Cookie, 302 redirections etc., reduces the dependence to terminal, 302 excessive redirections, share logging state, login banner by using Token mode, avoid repeat logon when avoiding logging in Or malice logs in, and integrates the processor of Spring, solves files classes list.
Specific embodiment
Technical solution of the present invention is clearly and completely described With reference to embodiment, it is clear that described Embodiment be only a part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, ability Domain those of ordinary skill every other embodiment obtained without creative efforts, belongs to guarantor of the present invention The range of shield.
A kind of SSO single-point logging method based on JAVA, in user, application system, SSO system and authoring system, third Between method, system, following steps are completed:
Q1, single-sign-on is carried out by Cookie and public Token bill, i.e. user logs in application system, for the first time When login, directly login SSO system is verified if logined successfully by login page LDAP, into authoring system, is obtained The public Token bill of authorization message, and the public Token bill of authorization message is returned into SSO system, and in application system In, the logging request of user jumps to the page of access, such as logs in unsuccessful, then returns to error message, and return to application system User's login page;
Q2, when accessing the application system page again, by requesting Get, Post parameter mode to enter SSO system and logged in State verification verifies whether to have logged on, and if the verifying of SSO system has been in logging state, then returns to application system access page Face returns to application system user (asu) login page if verifying is not logged in;
Q3, it has been in logging state in the verifying of SSO system, when returning to application system accession page, SSO system will be authorized The public Token bill of information is passed to third party system, and third party system relies on Java filter, Spring by SSO system Filter carries out the filtering of logging state, verifies whether to have logged on, and if the verifying of SSO system has been in logging state, then permits Family allowable accesses third party system, if verifying is not logged in, returns to application system user (asu) login page.
In Q2 and Q3, allow application system, SSO system, third party system are slow by third parties such as JVM caching, Redis Middleware is deposited, public Token bill is shared;
For sharing public Token bill, in authoring system, corresponding authority limitation is set up, authority distribution is independent personal Center, when using public Token bill in application system, in SSO system and authoring system, third party system, corresponding progress The safety of information is completed in data verification.
The foregoing describe basic principle of the invention and advantages.It should be understood by those skilled in the art that the present invention not by The limitation of above-mentioned case study on implementation is merely illustrated the principles of the invention described in above-mentioned case study on implementation and specification, is not being departed from Under the premise of spirit and scope of the invention, various changes and improvements may be made to the invention, these changes and improvements both fall within requirement In the scope of the invention of protection.Claimed range of the invention is defined by the appending claims and its equivalent thereof.

Claims (3)

1. a kind of SSO single-point logging method based on JAVA, it is characterised in that: in user, application system, SSO system and authorization Between system, third party system, following steps are completed:
Q1, single-sign-on is carried out by Cookie and public Token bill, i.e. user logs in application system, is first logging into When, directly login SSO system is verified if logined successfully by login page LDAP, into authoring system, obtains authorization The public Token bill of information, and the public Token bill of authorization message is returned into SSO system, and in application system, use The logging request at family jumps to the page of access, such as logs in unsuccessful, then returns to error message, and return to application system user (asu) and step on Record the page;
Q2, again access the application system page when, by request Get, Post parameter mode enter SSO system carry out logging state Verifying, verifies whether to have logged on, and if the verifying of SSO system has been in logging state, then returns to application system accession page, such as Verifying is not logged in, and returns to application system user (asu) login page;
Q3, logging state be in the verifying of SSO system, when return application system accession page, SSO system is by authorization message Public Token bill be passed to third party system, third party system relies on Java filter, Spring filtering by SSO system Device carries out the filtering of logging state, verifies whether to have logged on, and if the verifying of SSO system has been in logging state, then allows to use Family accesses third party system, if verifying is not logged in, returns to application system user (asu) login page.
2. a kind of SSO single-point logging method based on JAVA according to claim 1, it is characterised in that: in Q2 and Q3, Allow application system, SSO system, third party system cache middleware by third parties such as JVM caching, Redis, share public Token bill.
3. a kind of SSO single-point logging method based on JAVA according to claim 1, it is characterised in that: share public Token bill sets up corresponding authority limitation, authority distribution, independent individual center in authoring system.
CN201810933636.XA 2018-08-16 2018-08-16 A kind of SSO single-point logging method based on JAVA Pending CN108989334A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810933636.XA CN108989334A (en) 2018-08-16 2018-08-16 A kind of SSO single-point logging method based on JAVA

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810933636.XA CN108989334A (en) 2018-08-16 2018-08-16 A kind of SSO single-point logging method based on JAVA

Publications (1)

Publication Number Publication Date
CN108989334A true CN108989334A (en) 2018-12-11

Family

ID=64554011

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810933636.XA Pending CN108989334A (en) 2018-08-16 2018-08-16 A kind of SSO single-point logging method based on JAVA

Country Status (1)

Country Link
CN (1) CN108989334A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110753045A (en) * 2019-10-14 2020-02-04 紫光云(南京)数字技术有限公司 Single sign-on method between different domains
CN112347437A (en) * 2020-10-30 2021-02-09 银盛支付服务股份有限公司 Third-party application login-free authorization method and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110067095A1 (en) * 2009-09-14 2011-03-17 Interdigital Patent Holdings, Inc. Method and apparatus for trusted authentication and logon
CN106302490A (en) * 2016-08-23 2017-01-04 浪潮电子信息产业股份有限公司 A kind of Web session structure based on Token and service calling method
CN108040090A (en) * 2017-11-27 2018-05-15 上海上实龙创智慧能源科技股份有限公司 A kind of system combination method of more Web

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110067095A1 (en) * 2009-09-14 2011-03-17 Interdigital Patent Holdings, Inc. Method and apparatus for trusted authentication and logon
CN106302490A (en) * 2016-08-23 2017-01-04 浪潮电子信息产业股份有限公司 A kind of Web session structure based on Token and service calling method
CN108040090A (en) * 2017-11-27 2018-05-15 上海上实龙创智慧能源科技股份有限公司 A kind of system combination method of more Web

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110753045A (en) * 2019-10-14 2020-02-04 紫光云(南京)数字技术有限公司 Single sign-on method between different domains
CN112347437A (en) * 2020-10-30 2021-02-09 银盛支付服务股份有限公司 Third-party application login-free authorization method and system

Similar Documents

Publication Publication Date Title
AU2019206006B2 (en) System and method for biometric protocol standards
US6993596B2 (en) System and method for user enrollment in an e-community
CN102638454B (en) Plug-in type SSO (single signon) integration method oriented to HTTP (hypertext transfer protocol) identity authentication protocol
Josang et al. Usability and privacy in identity management architectures
CN101183932B (en) Security identification system of wireless application service and login and entry method thereof
DE60130037T2 (en) PROCESS AND SYSTEM FOR WEB-BASED CROSS-DOMAIN AUTHORIZATION WITH UNIQUE REGISTRATION
CN112468481B (en) Single-page and multi-page web application identity integrated authentication method based on CAS
CN102469075A (en) Integration authentication method based on WEB single sign on
CN104836803B (en) Single-point logging method based on session mechanism
CN103179134A (en) Single sign on method and system based on Cookie and application server thereof
CN107122674B (en) Access method of oracle database applied to operation and maintenance auditing system
CN109413000B (en) Anti-stealing-link method and anti-stealing-link network relation system
US20100031317A1 (en) Secure access
CN101986598B (en) Authentication method, server and system
CN106341428A (en) Cross-domain access control method and system
CN106161364A (en) A kind of personal authentication's credential management method and system based on mobile terminal
CN103178969B (en) A kind of service authentication method and system
CN109040069A (en) A kind of dissemination method, delivery system and the access method of cloud application program
CN108111518B (en) Single sign-on method and system based on secure password proxy server
CN102143131A (en) User logout method and authentication server
CN109274579A (en) It is a kind of that user's uniform authentication method is applied based on wechat platform more
CN108989334A (en) A kind of SSO single-point logging method based on JAVA
CN109684818A (en) A kind of server log method for the cross-terminal formula for preventing owner's login password from revealing
Kuzminykh et al. Mechanisms of ensuring security in Keystone service
CN114024763A (en) Multi-system single-point authentication method based on kong

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20181211