转载/拾掇-SSO实现原理
转载/整理--SSO实现原理
/**
* @author Aray Chou
* Email: Aray(dot)Chou(dot)CN(at)gmail(dot)com
* Replace "(dot)" with "." and replace "(at)" with "@"
*/
package com.aray.core.filter;
import java.io.IOException;
import java.util.HashMap;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
* 用户登录<br/>
* 验证用户明密码,如果正确,让他访问/index.htm。同时将用户名存入session.
* 用户登录成功,找到以前登录的同名用户的session,标记它为用户未登录。
*/
public class Login extends HttpServlet
{
/** TODO add comments */
private static final long serialVersionUID = -1503457404159800655L;
/** 存放所有已登录的session, key为用户名 */
static final HashMap<String, HttpSession> ALL_SESSION = new HashMap<String, HttpSession>();
/*
* (non-Javadoc)
*
* @see javax.servlet.http.HttpServlet#doGet(javax.servlet.http.HttpServletRequest,
* javax.servlet.http.HttpServletResponse)
*/
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
{
exec(req, resp);
}
/**
* 用户登录,验证用户明密码,如果正确,让他访问/index.htm。同时将用户名存入session.
* 用户登录成功,找到以前登录的同名用户的session,标记它为用户未登录。
*
* @param req
* @param resp
*/
private void exec(HttpServletRequest req, HttpServletResponse resp)
{
String user = req.getParameter("user");
String password = req.getParameter("password");
if (password != null && password.equals("ILoveAray"))
{
// 用户密码验证成功,登录
HttpSession session = req.getSession(true);
session.setAttribute("user", user);
// 将登录信息放入ALL_SESSION
HttpSession exsistsSession = ALL_SESSION.put(user, session);
if (exsistsSession != null) // 以前登录的同名用户的session
{
// 标记用户登录失效
exsistsSession.removeAttribute("user");
// 标记此用户被ban
exsistsSession.setAttribute("banned", true);
}
;
// 访问首页
try
{
resp.sendRedirect("/index.htm");
}
catch (IOException e)
{
e.printStackTrace();
}
}
else
{
// 用户密码验证失败
}
}
/*
* (non-Javadoc)
*
* @see javax.servlet.http.HttpServlet#doPost(javax.servlet.http.HttpServletRequest,
* javax.servlet.http.HttpServletResponse)
*/
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
{
exec(req, resp);
}
}
/**
* @author Aray Chou
* Email: Aray(dot)Chou(dot)CN(at)gmail(dot)com
* Replace "(dot)" with "." and replace "(at)" with "@"
*/
package com.aray.core.filter;
import java.io.IOException;
import java.util.HashMap;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
* 用户登录<br/>
* 验证用户明密码,如果正确,让他访问/index.htm。同时将用户名存入session.
* 用户登录成功,找到以前登录的同名用户的session,标记它为用户未登录。
*/
public class Login extends HttpServlet
{
/** TODO add comments */
private static final long serialVersionUID = -1503457404159800655L;
/** 存放所有已登录的session, key为用户名 */
static final HashMap<String, HttpSession> ALL_SESSION = new HashMap<String, HttpSession>();
/*
* (non-Javadoc)
*
* @see javax.servlet.http.HttpServlet#doGet(javax.servlet.http.HttpServletRequest,
* javax.servlet.http.HttpServletResponse)
*/
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
{
exec(req, resp);
}
/**
* 用户登录,验证用户明密码,如果正确,让他访问/index.htm。同时将用户名存入session.
* 用户登录成功,找到以前登录的同名用户的session,标记它为用户未登录。
*
* @param req
* @param resp
*/
private void exec(HttpServletRequest req, HttpServletResponse resp)
{
String user = req.getParameter("user");
String password = req.getParameter("password");
if (password != null && password.equals("ILoveAray"))
{
// 用户密码验证成功,登录
HttpSession session = req.getSession(true);
session.setAttribute("user", user);
// 将登录信息放入ALL_SESSION
HttpSession exsistsSession = ALL_SESSION.put(user, session);
if (exsistsSession != null) // 以前登录的同名用户的session
{
// 标记用户登录失效
exsistsSession.removeAttribute("user");
// 标记此用户被ban
exsistsSession.setAttribute("banned", true);
}
;
// 访问首页
try
{
resp.sendRedirect("/index.htm");
}
catch (IOException e)
{
e.printStackTrace();
}
}
else
{
// 用户密码验证失败
}
}
/*
* (non-Javadoc)
*
* @see javax.servlet.http.HttpServlet#doPost(javax.servlet.http.HttpServletRequest,
* javax.servlet.http.HttpServletResponse)
*/
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException
{
exec(req, resp);
}
}