SSO [ OAuth2.0 ]

 

1) SSO英文全稱Single Sign On，單點登陸。

  　　SSO是在多個應用系統中，用戶只須要登陸一次就能夠訪問全部相互信任的應用系統。

它包括能夠將此次主要的登陸映射到其餘應用中用於同一個用戶的登陸的機制。

它是目前比較流行的企業業務整合的解決方案之一。(來源百度詞條)

服務器端:

 用的GitHub上基於OAuth2.0的sso項目

附github連接 : https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server

用maven 導下來後,部署後就能夠直接用了

而後用admin password登陸,配置一個client ,設置好client ID ,secret 和redirect url就能夠用了

 

這張圖是secret 

 

 

說明: client ID 和secret任意寫,用的時候一致就好了  ,重定向路徑 要和 須要使用這個服務的項目的路徑一致 ,其餘的先用默認值.

而後是測試應用

先上結果(第三方登陸返回的json數據 這裏只顯示了name和email )

 

  應用代碼:

　　login.jsp

 1 <%@ page language="java" contentType="text/html; charset=UTF-8"
 2     pageEncoding="UTF-8"%>
 3 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 4 <html>
 5 <head>
 6 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 7 <title>Test Single Sign On</title>
 8 </head>
 9 <body style="font-size: 40px">
10 <a href="${pageContext.request.contextPath}/LoginServlet" >第三方登陸</a>
11 
12 </body>
13 </html>

 

　　welcome.jsp

 1 <%@ page language="java" contentType="text/html; charset=UTF-8"
 2     pageEncoding="UTF-8"%>
 3 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 4 <html>
 5 <head>
 6 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 7 <title>Insert title here</title>
 8 <script type="text/javascript">
 9     function getAccessToken() {
10         var url = window.location.href;
11         var start = url.indexOf("#");
12         var end = url.indexOf("&");
13         var access_token = url.substring(start+1, end);
14 
15         if (access_token != null) {
16             var ajax = new XMLHttpRequest();
17             var url = "AccessServlet";
18             ajax.open("post", url);
19             ajax.setRequestHeader("Content-Type",
20                     "application/x-www-form-urlencoded");
21             var data = "access_toke="+access_token;
22             ajax.send(data);
23             //監聽消息
24             ajax.onreadystatechange = function() {
25                 if (ajax.readyState == 4) {
26                     if (ajax.status == 200) {
27                         var strJSON = ajax.responseText;
28                         var json = JSON.parse(strJSON);
29                         document.getElementById("name").innerHTML = json.name;
30                         document.getElementById("email").innerHTML = json.email;
31                     }
32                 }
33             }
34         }
35     }
36     getAccessToken();
37 </script>
38 
39 </head>
40 <body>
41 name:<span id ="name"></span>
42 <br>
43 email:<span id ="email"></span>
44 </body>
45 </html>

 

　　CallBackServlet.java

 1 package test_sso;
 2 
 3 import java.io.IOException;
 4 
 5 import javax.servlet.ServletException;
 6 import javax.servlet.annotation.WebServlet;
 7 import javax.servlet.http.HttpServlet;
 8 import javax.servlet.http.HttpServletRequest;
 9 import javax.servlet.http.HttpServletResponse;
10 
11 @WebServlet("/CallBackServlet")
12 public class CallBackServlet extends HttpServlet {
13     private static final long serialVersionUID = 1L;
14 
15     protected void doGet(HttpServletRequest request, HttpServletResponse response)
16             throws ServletException, IOException {
17         if (request.getParameter("code") != null) {
18             String code = request.getParameter("code");
19             System.out.println("code=" + code);
20             String url = "http://localhost:8080/openid-connect-server-webapp/authorize?" + "response_type=token"
21                     + "&grant_type=" + MyUtil.grant_type + "&code=" + code + "&client_id=" + MyUtil.clientID
22                     + "&client_secret=" + MyUtil.secret + "&redirect_uri=" + MyUtil.redrictURL;
23             ;
24             response.sendRedirect(url);
25         } else {
26             response.sendRedirect("welcome.jsp");
27         }
28     }
29 }

　　LoginServlet.java

 1 package test_sso;
 2 
 3 import java.io.IOException;
 4 
 5 import javax.servlet.ServletException;
 6 import javax.servlet.annotation.WebServlet;
 7 import javax.servlet.http.HttpServlet;
 8 import javax.servlet.http.HttpServletRequest;
 9 import javax.servlet.http.HttpServletResponse;
10 
11 @WebServlet("/LoginServlet")
12 public class LoginServlet extends HttpServlet {
13     private static final long serialVersionUID = 1L;
14 
15     protected void doGet(HttpServletRequest request, HttpServletResponse response)
16             throws ServletException, IOException {
17     
18         String url ="http://localhost:8080/openid-connect-server-webapp/authorize?" + 
19                     "response_type=code" + 
20                     "&client_id="+MyUtil.clientID+
21                     "&state=ok"+
22                     "redirect_uri="+MyUtil.redrictURL;
23         response.sendRedirect(url);
24 
25     }
26     protected void doPost(HttpServletRequest request, HttpServletResponse response)
27             throws ServletException, IOException {
28         doGet(request, response);
29 
30     }
31 }

　　MyUtil.jsp

 1 package test_sso;
 2 
 3 import java.io.IOException;
 4 
 5 import org.apache.http.HttpEntity;
 6 import org.apache.http.HttpResponse;
 7 import org.apache.http.client.ClientProtocolException;
 8 import org.apache.http.client.methods.HttpGet;
 9 import org.apache.http.impl.client.DefaultHttpClient;
10 import org.apache.http.util.EntityUtils;
11 
12 
13 import net.sf.json.JSONObject;
14 
15 public class MyUtil {
16     public static final String clientID = "123123";
17     public static final String redrictURL = "http://localhost:8080/test_sso/CallBackServlet";
18     public static final String secret = "hello";
19     public static final String grant_type = "authorization_code";
20 
21     public static JSONObject doGetJson(String url) throws ClientProtocolException, IOException {
22         JSONObject jsonObject = null;
23         DefaultHttpClient client = new DefaultHttpClient();
24         HttpGet httpGet = new HttpGet(url);
25         HttpResponse reponse = client.execute(httpGet);
26         HttpEntity entity = reponse.getEntity();
27         if (entity != null) {
28             System.out.println("~~~start~~~" + entity + "~~end~~~~~");
29             String result = EntityUtils.toString(entity, "utf-8");
30             jsonObject = JSONObject.fromObject(result);
31         }
32         httpGet.releaseConnection();
33         return jsonObject;
34     }
35 }

 

　　AccessServlet.java

 1 package test_sso;
 2 
 3 import java.io.IOException;
 4 import java.io.PrintWriter;
 5 import java.util.HashMap;
 6 import java.util.Map;
 7 
 8 import javax.servlet.ServletException;
 9 import javax.servlet.annotation.WebServlet;
10 import javax.servlet.http.HttpServlet;
11 import javax.servlet.http.HttpServletRequest;
12 import javax.servlet.http.HttpServletResponse;
13 
14 import net.sf.json.JSONObject;
15 import net.sf.json.util.JSONUtils;
16 
17 @WebServlet("/AccessServlet")
18 public class AccessServlet extends HttpServlet {
19     private static final long serialVersionUID = 1L;
20 
21     protected void doPost(HttpServletRequest request, HttpServletResponse response)
22             throws ServletException, IOException {
23         
24         String access_toke = request.getParameter("access_toke");
25         String url = "http://localhost:8080/openid-connect-server-webapp/userinfo?"+access_toke;
26         JSONObject jsonObject = MyUtil.doGetJson(url);
27         response.setContentType("text/html;charset=UTF-8");
28         PrintWriter pw = response.getWriter();
29         pw.write(jsonObject.toString());
30         pw.flush();
31         pw.close();
32 
33     }
34 
35 }

 

　　

目錄結構

 

 

若是對OAuth2.0不瞭解的,或者不知道這篇文章是幹啥,建議先看看大神

 阮一峯 http://www.ruanyifeng.com/blog/2014/05/oauth_2_0.html的博客 .