使用cookie+Filter实现单点登录

一、什么是单点登录(SSO)？ 

   单点登录其实就是实现这么一个功能。例如你登陆了www.bbs.njupt.com这个网站，当你再登陆www.news.njupt.com这个网站时，

就不需要再登陆了。以上两个网站一个很大的相似点，就是都有相同的域名.njupt.com 。

二、单点登录的代码实现

1、新建一个webproject ，名为sso_bbs  

2、导包

    导入单点登录的基本jar包(2个)

3、LoginServlet

   新建一个servlet，并将其servlet/JSP Mapping url 改成 /login

代码如下：

package com.njupt.sso.servlet;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class LoginServlet extends HttpServlet {

/**
* Constructor of the object.
*/
public LoginServlet() {
super();
}

/**
* Destruction of the servlet. <br>
*/
public void destroy() {
super.destroy(); // Just puts "destroy" string in log
// Put your code here
}

/**
* The doGet method of the servlet. <br>
*
* This method is called when a form has its tag value method equals to get.
*
* @param request the request send by the client to the server
* @param response the response send by the server to the client
* @throws ServletException if an error occurred
* @throws IOException if an error occurred
*/
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {

this.doPost(request, response);
}

/**
* The doPost method of the servlet. <br>
*
* This method is called when a form has its tag value method equals to post.
*
* @param request the request send by the client to the server
* @param response the response send by the server to the client
* @throws ServletException if an error occurred
* @throws IOException if an error occurred
*/
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {

String userName = request.getParameter("userName");
String password = request.getParameter("password");

if(userName != null && password != null){
if(userName.equals(password)){//登录成功，实际应查询数据库
request.getSession().setAttribute("user", userName);

//向客户端写入cookie
Cookie c = new Cookie("sso",userName);

c.setMaxAge(3600);//1小时
c.setDomain(".njupt.com");//www.bbs.njupt.com www.news.njupt.com
c.setPath("/");

response.addCookie(c);
}
}

response.sendRedirect(request.getContextPath() + "/index.jsp");
}

/**
* Initialization of the servlet. <br>
*
* @throws ServletException if an error occurs
*/
public void init() throws ServletException {
// Put your code here
}

}


4、修改host文件

到C:\Windows\System32\drivers\etc目录下找到名为host文件，并在其中加上以下代码：

127.0.0.1 localhost
127.0.0.1 www.bbs.njupt.com
127.0.0.1 www.news.njupt.com

5、server.xml
到tomcat的安装目录(E:\开发者工具\apache-tomcat-6.0.37-windows-x86\apache-tomcat-6.0.37\conf)下找到名为server.xml的文件

在该文件中加上以下代码：

<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">

<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->

<!-- Access log processes all example.
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt" pattern="common" resolveHosts="false"/>
-->

</Host>

<Host name="www.bbs.njupt.com" appBase="bbs">
</Host>

<Host name="www.news.njupt.com" appBase="news">

6、将sso_bbs项目中的webroot拷贝一份到tomcat的安装目录下的bbs、news文件夹，并改名为ROOT(因为服务器启动时会默认在ROOT文件夹中
寻找一个名为index.jsp的文件).如下图所示：



7、AutoLoginFilter

其功能主要是实现类似于一些网站中的"·····天免登陆"的功能

代码如下：

package com.njupt.sso.filter;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;

public class AutoLoginFilter implements Filter {

@Override
public void destroy() {

}

@Override
public void doFilter(ServletRequest req, ServletResponse resp,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;

if(request.getSession().getAttribute("user")== null){
Cookie[] cs = request.getCookies();

if (cs != null && cs.length > 0) {
for (Cookie c : cs) {
String cName = c.getName();
if (cName.equals("sso")) {
String userName = c.getValue();
request.getSession().setAttribute("user", userName);
}
}
}
}

chain.doFilter(request, resp);

}

@Override
public void init(FilterConfig arg0) throws ServletException {

}

}


8、web.xml

在web.xml中加上以下代码：

<filter>
<filter-name>autoLogin</filter-name>
<filter-class>com.njupt.sso.filter.AutoLoginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>autoLogin</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

9、注意，这是需要重新考一下webroot到tomcat安装目录中的bbs、news文件夹

10、这时便可以在地址栏中输入http://www.bbs.njupt.com:8080/，登陆成功以后，输入http://www.news.njupt.com:8080/时便不需要再登陆