SSO单点登录(Single sign-on)

1. 单独的登陆系统

有时候做微服务拆分的时候,登录注册会抽取出来单独做一个模块

2. 单点登录的架构

2.0 总体流程

  • SSO服务有登陆注册功能,还有验证token的功能
  • 除SSO服务外的服务都注册一个拦截器,拦截本服务的请求,如果检测到 URL 或者 Cookie 里有 token(说明SSO登录完了或者被伪造了token),就向SSO发送一个验证token的请求,验证成功就放行;验证失败就 重定向到SSO的登录页面(重定向的时候在URL后拼接本次被拦截的url-A)
www.sso.com?service=www.c21w.cc.com
  • SSO登录成功后,往redis中存放用户信息,然后给客户端颁发 token ,并按照url-A重定向到url-A请求
  • 之后再次被拦截,去验证token

2.1 创建一个sso模块

2.1.1 创建登录注册页面以及对应的请求路径

请求路径

————————

1. Separate login system

Sometimes, when splitting microservices, the login and registration will be extracted to make a separate module

2. Single sign on Architecture

2.0 overall process

  • SSO service has the function of login and registration, as well as the function of verifying token
  • All services except SSO service register an interceptor to intercept the request of this service. If a token is detected in the URL or cookie (indicating that sso has logged in or forged a token), it will send a request to SSO to verify the token, and it will be released if the verification is successful; If the verification fails, redirect to the SSO login page (when redirecting, splice the url-a intercepted this time after the URL)
www.sso.com?service=www.c21w.cc.com
  • After SSO logs in successfully, store the user information in redis, issue a token to the client, and redirect to the url-a request according to url-a
  • Then it is intercepted again to verify the token

2.1 create an SSO module

2.1.1 create login registration page and corresponding request path

Request path