SSO(登录系统)
// 登錄功能(SSO單獨(dú)的服務(wù))
@Override
public TaotaoResult login(String username, String password) throws Exception {//根據(jù)用戶名查詢用戶信息TbUserExample example = new TbUserExample();Criteria criteria = example.createCriteria();criteria.andUsernameEqualTo(username);List<TbUser> list = userMapper.selectByExample(example);if (null == list || list.isEmpty()) {return TaotaoResult.build(400, "用戶不存在");}//核對密碼TbUser user = list.get(0);if (!DigestUtils.md5DigestAsHex(password.getBytes()).equals(user.getPassword())) {return TaotaoResult.build(400, "密碼錯誤");}//登錄成功,把用戶信息寫入redis//生成一個用戶tokenString token = UUID.randomUUID().toString();jedisCluster.set(USER_TOKEN_KEY + ":" + token, JsonUtils.objectToJson(user));//設(shè)置session過期時間jedisCluster.expire(USER_TOKEN_KEY + ":" + token, SESSION_EXPIRE_TIME);return TaotaoResult.ok(token);
}
其他子系統(tǒng)登錄時,請求SSO(登錄系統(tǒng))進(jìn)行登錄,將返回的token寫到Cookie中,下次訪問時則把Cookie帶上:
public TaotaoResult login(String username, String password, HttpServletRequest request, HttpServletResponse response) {//請求參數(shù)Map<String, String> param = new HashMap<>();param.put("username", username);param.put("password", password);//登錄處理String stringResult = HttpClientUtil.doPost(REGISTER_USER_URL + USER_LOGIN_URL, param);TaotaoResult result = TaotaoResult.format(stringResult);//登錄出錯if (result.getStatus() != 200) {return result;}//登錄成功后把取token信息,并寫入cookieString token = (String) result.getData();//寫入cookieCookieUtils.setCookie(request, response, "TT_TOKEN", token);//返回成功return result;}總結(jié):
-
SSO系統(tǒng)生成一個token,并將用戶信息存到Redis中,并設(shè)置過期時間
-
其他系統(tǒng)請求SSO系統(tǒng)進(jìn)行登錄,得到SSO返回的token,寫到Cookie中
-
每次請求時,Cookie都會帶上,攔截器得到token,判斷是否已經(jīng)登錄
=======================================
public ModelAndView login(String username, String password) {// 1.登錄成功 假設(shè)A系統(tǒng)已經(jīng)登錄成功// 2.使用UUID生成一個唯一tokenString token = UUID.randomUUID().toString();// 3.把用戶信息保存到redis。Key就是token,value就是user對象。jedis.set(token, user.toString());// 4.設(shè)置key的過期時間。模擬Session的過期時間。一般半個小時。jedis.expire(token,1800);Cookie[] cookies = request.getCookies();HttpUtil httpUtil = new HttpUtil("http://sso.com/sso/authcookies", Method.GET);String result = httpUtil.send(cookie.getName(), cookie.getValue());return new ModelAndView("index");}?
總結(jié)
- 上一篇: Spring中的事件机制
- 下一篇: Kafka系统的组件、角色以及和zook