Login of single architecture ： adopt cookie and session The conversational mechanism of .

shortcoming ： The server should store login information .

sso Single sign on ：

Implementation mode I ： Parent domain Cookie

​         Before we actually implement it , Let's talk about it first Cookie Scope of action .

        Cookie The scope of is defined by domain Properties and path Attributes together determine .domain The valid value of property is the domain name of the current domain or its parent domain /IP Address , stay Tomcat in ,domain Property is the domain name of the current domain by default /IP Address .path The valid value of the property is in “/” Path at the beginning , stay Tomcat in ,path Property defaults to current Web Context path of application . If you will Cookie Of domain Property to the parent domain of the current domain , Then think of it as the parent domain Cookie.Cookie There is a feature , In the parent domain Cookie Shared by subdomains , In other words , The child domain automatically inherits from the parent domain Cookie. utilize Cookie This characteristic of , It's not hard to imagine. , take Session ID（ or Token） Just save it to the parent domain . you 're right , We just need to put Cookie Of domain Property to the domain name of the parent domain （ The main domain name ）, At the same time Cookie Of path Property to the root path , In this way, all sub domain applications can access this Cookie 了 . However, this requires the domain name of the application system to be established under a common primary domain name , Such as tieba.baidu.com and map.baidu.com, They're all built on baidu.com Under the main domain name , Then they can achieve single sign on in this way .

shortcoming ：1. The server should centrally store a large amount of login information （ use redis Realization ）.

               2. To share primary domain .

Implementation mode II ： authentication center

Speaking of single sign on , I'm sure I'll see the term ：CAS （Central Authentication Service）, Now let's talk about it. CAS What happened .

If the login has been extracted as a system separately , We can still play like this . Now we have two systems , Namely www.java3y.com and www.java4y.com, One SSOwww.sso.com

First , Users want to access the system Awww.java3y.com Limited resources ( For example, shopping cart function , The shopping cart function can only be accessed after login ), System Awww.java3y.com Found that the user is not logged in , So redirect to sso authentication center , And take your own address as a parameter . The address of the request is as follows ：

www.sso.com?service=www.java3y.com
sso The authentication center found that the user was not logged in , Guide the user to the login page , The user enters the user name and password to log in , The user establishes a global session with the authentication center （ Make a copy of Token, writes Cookie in , Save in browser ）

And then , The certification authority redirects back to the system A, And put Token Carry the past to the system A, The redirected address is as follows ：

www.java3y.com?token=xxxxxxx
next , System A Go to sso The certification center verifies this Token Whether it is right , If correct , System A Establish a local session with the user （ establish Session）（ Can also be Token Store in cookie Inside , Next time you come, just call the method verification of the Certification Center ）. Here we are , System A And the user is already logged in .

here , Users want to access the system Bwww.java4y.com Limited resources ( For example, order function , The order function can only be accessed after login ), System Bwww.java4y.com Found that the user is not logged in , So redirect to sso authentication center , And take your own address as a parameter . The address of the request is as follows ：

www.sso.com?service=www.java4y.com
Be careful , Because before the user and authentication center www.sso.com A global session has been established （ At that time Cookie Saved to browser ）, So this time the system B Redirect to the certification authority www.sso.com Yes, you can Cookie Of .

According to the information brought by the Certification Center Cookie It is found that a global session has been established with the user , The certification authority redirects back to the system B, And put Token Carry the past to the system B, The redirected address is as follows ：

www.java4y.com?token=xxxxxxx
next , System B Go to sso The certification center verifies this Token Whether it is right , If correct , System B Establish a local session with the user （ establish Session）. Here we are , System B And the user is already logged in .

See here , Actually SSO The certification center is like a transit station .