java 实现sso 单点登录代码
时间: 2023-11-27 15:04:03 浏览: 33
以下是一个简单的 Java 实现 SSO 单点登录的代码:
1. 创建一个 SSOServer 类,用于处理用户登录和注销:
```
public class SSOServer {
private static SSOServer instance = null;
private Set<String> tokens = new HashSet<String>();
private SSOServer() {}
public static SSOServer getInstance() {
if (instance == null) {
instance = new SSOServer();
}
return instance;
}
public boolean login(String token) {
if (tokens.contains(token)) {
return false;
}
tokens.add(token);
return true;
}
public void logout(String token) {
tokens.remove(token);
}
public boolean isValid(String token) {
return tokens.contains(token);
}
}
```
2. 创建一个 LoginServlet 类,用于处理用户登录请求:
```
public class LoginServlet extends HttpServlet {
private static final String LOGIN_PAGE = "/login.jsp";
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String username = request.getParameter("username");
String password = request.getParameter("password");
// 验证用户名和密码
if (username.equals("admin") && password.equals("admin")) {
// 生成随机的 token
String token = UUID.randomUUID().toString();
// 将 token 存储到 session 中
request.getSession().setAttribute("token", token);
// 将 token 存储到 SSO 服务器中
SSOServer.getInstance().login(token);
// 跳转到成功页面
response.sendRedirect(request.getContextPath() + "/success.jsp");
} else {
// 登录失败,跳转到登录页面
request.setAttribute("error", "用户名或密码错误");
request.getRequestDispatcher(LOGIN_PAGE).forward(request, response);
}
}
}
```
3. 创建一个 LogoutServlet 类,用于处理用户注销请求:
```
public class LogoutServlet extends HttpServlet {
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// 从 session 中获取 token
String token = (String) request.getSession().getAttribute("token");
// 将 token 从 SSO 服务器中删除
SSOServer.getInstance().logout(token);
// 销毁 session
request.getSession().invalidate();
// 跳转到登录页面
response.sendRedirect(request.getContextPath() + "/login.jsp");
}
}
```
4. 在需要进行单点登录的应用程序中,创建一个 Filter 类,用于验证用户是否已登录:
```
public class SSOFilter implements Filter {
private static final String LOGIN_PAGE = "/login.jsp";
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
// 从 session 中获取 token
String token = (String) httpRequest.getSession().getAttribute("token");
if (token == null || !SSOServer.getInstance().isValid(token)) {
// 用户未登录或已过期,跳转到登录页面
httpResponse.sendRedirect(httpRequest.getContextPath() + LOGIN_PAGE);
} else {
// 用户已登录,继续执行请求
chain.doFilter(request, response);
}
}
}
```
5. 在 web.xml 中配置 Filter:
```
<filter>
<filter-name>SSOFilter</filter-name>
<filter-class>com.example.sso.SSOFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SSOFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
```
通过以上步骤,就可以实现 Java 的 SSO 单点登录功能。