《跨服务器登录验证(单点登录sso)的过程和java实现》由会员分享,可在线阅读,更多相关《跨服务器登录验证(单点登录sso)的过程和java实现(5页珍藏版)》请在金锄头文库上搜索。
1、 如果我们的网站需要和另一个域名做统一认证,也就是在我们网站登录,但真正的功能却在另一个网站来提供。许多都以 passport 的方式。整个认证可以分三步完成第一步:本地验证这个很简单,输入本地的用户名和密码,然后服务器认证通过,并返回正确的Cookie;第二步:做远程认证,并返回远程连接通过本地Cookie,确认用户合法性,然后服务器端调用远程的登录程序,返回一个远程认证号的URL,这个URL里面包含了一个唯一的认证码,使用Location的方式第三步:远程登录客户端使用前一步的URL,访问远程的服务器,服务器确认认证码的正确性,再返回正确的远程Cookie.至此,本地认证,通过一个URL,
2、实现了远程认证。以下是示范代码,是Verycd的武林英雄的认证过程,其登录服务是verycd提供的,而真实服务时9wee提供的package org.javaren.hero;import java.io.BufferedReader;import java.io.InputStream;import java.io.InputStreamReader;import java.io.OutputStream;import .Socket;import .URLEncoder;import java.util.Scanner;/* 跨服务器登录验证(单点登录SSO)的过程和Java实现* * a
3、uthor JAVA世纪网(, )*/public class Login public static String getCookie() System.out.print(输入用户名:); Scanner in = new Scanner(System.in); String username = in.next(); System.out.print(输入密码:); String password = in.next(); try / 本地认证 String cookie = postLogin(username, password); if (cookie = null) return
4、 null; / 服务器远程认证 String url = getLogin2(cookie); if (url = null) return null; / 远程访问认证 String cookie2 = getLogin3(url.substring(http:/.length(); / System.out.println(cookie2); return cookie2; catch (Exception ex) ex.printStackTrace(); return null; private static String postLogin(String username, Str
5、ing password) throws Exception Socket socket = new Socket(, 80); try StringBuilder sb = new StringBuilder(); sb.append(POST /signin?f=out HTTP/1.1rn); sb.append(Host: rn); sb.append(User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.1.3) Gecko/ Firefox/3.5.3rn); sb.append(Accept: tex
6、t/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8rn); sb.append(Accept-Language: zh-cn,zh;q=0.5rn); sb.append(Accept-Encoding: gzip,deflatern); sb.append(Accept-Charset: GB2312,utf-8;q=0.7,*;q=0.7rn); sb.append(Referer: http:/ sb.append(Content-Type: application/x-www-form-urlencodedrn);
7、String data = ru=http%3A%2F%2F%2F3rdServices%2F50hero&login_submit=%E7%99%BB%E5%BD%95&username= + URLEncoder.encode(username, UTF-8) + &password= + URLEncoder.encode(password, UTF-8); sb.append(Content-Length: + data.getBytes(UTF-8).length + rn); sb.append(rn); sb.append(data); OutputStream os = soc
8、ket.getOutputStream(); os.write(sb.toString().getBytes(UTF-8); os.flush(); InputStream is = socket.getInputStream(); BufferedReader reader = new BufferedReader(new InputStreamReader(is, UTF-8); / 读取结果 String line; StringBuilder cookieSb = new StringBuilder(); int index; while (line = reader.readLine
9、() != null) if (line.startsWith(Set-Cookie:) if (!line.contains(=deleted;) index = line.indexOf(;); if (index 12) cookieSb.append(line.substring(12, index + 1); else if (line.startsWith(location:) if (line.contains(error_code) return null; is.close(); reader.close(); return cookieSb.toString(); fina
10、lly socket.close(); private static String getLogin2(String cookie) throws Exception Socket socket = new Socket(, 80); try StringBuilder sb = new StringBuilder(); sb.append(GET /signin?ak=50hero&ru=http%3A%2F%2F%2Fpassport.php HTTP/1.1rn); sb.append(Host: rn); sb.append(User-Agent: Mozilla/5.0 (Windo
11、ws; U; Windows NT 5.1; zh-CN; rv:1.9.1.3) Gecko/ Firefox/3.5.3rn); sb.append(Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8rn); sb.append(Accept-Language: zh-cn,zh;q=0.5rn); sb.append(Accept-Encoding: gzip,deflatern); sb.append(Accept-Charset: GB2312,utf-8;q=0.7,*;q=0.7rn);
12、sb.append(Referer: http:/ sb.append(Cookie: + cookie + rn); sb.append(rn); OutputStream os = socket.getOutputStream(); os.write(sb.toString().getBytes(UTF-8); os.flush(); InputStream is = socket.getInputStream(); BufferedReader reader = new BufferedReader(new InputStreamReader(is, UTF-8); / 读取结果 String line; while (line = reader.readLine() != null) if (line.startsWith(location:) return line.substring(10); is.close(); reader.close(); return null; f
