Tuesday, November 17, 2009

Simplest SSO implementation

OA needs to be done with the project and the Portal of the SSO, two applications were on different servers, but top-level domain name is identical to the simple formula, and I said, it used domain cookie bar, they still will not talk for a long time doing,囧~~~~,

Suppose portal's domain name is portal.xxxx.com in the Portal log is complete, set a cookie:
<% @ Page language = "java" pageEncoding = "UTF-8"%>
<% @ Page import = "javax.servlet .*"%>
"%
/ / Login successful Domain Cookie Settings
Cookie cookie = new Cookie ( "ssoUserId", "zhangs ");// create a file called ssoUserId, the cookie value zhangs
/ / cookie.setDomain ( "xxxx.com ");// set cookie scope for xxxx.com so that all of the two domain names (such as www.xxxx.com, portal.xxxx.com, oa.xxxx.com) This cookie can obtain a
response.addCookie (cookie); / / write the cookie to the client
out.println ( "Login successful!");
% "

OA can read this cookie, to the user as the currently logged-on user
<% @ Page language = "java" pageEncoding = "UTF-8"%>
<% @ Page import = "javax.servlet .*"%>
"%
/ / Get single sign-on of the Cookie
Cookie [] cookies = request.getCookies ();
String ssoUserId = null;
for (int i = 0; i if ( "ssoUserId". equals (cookies [i]. getName ())){
ssoUserId = cookies [i]. getValue ();
)
)
out.println ( "SSO User Account:" + ssoUserId);
% "

If we consider the security issues, the userId encryption.