Kisso of open source project

Java

Kisso open source project: https://gitee.com/baomidou/kisso

1、 Introduction

Kisso = cookie SSO cookie based SSO middleware, which is a Swiss Army knife for rapid development of java web login system (SSO).

The application scenarios are as follows:

1. Support single sign on

2. Support login cookie caching

3. Support XSS attack prevention, SQL injection and script injection

4. Support Base64 / MD5 / AES / PBE / RSA algorithm

5. Support browser client verification

6. Support cookie parameter configuration and extension

7. Support cross domain login and simulate login

8. Support online population statistics

9. Support the generation of dynamic picture verification code

10. Support app mobile API service verification, and adopt wechat public platform API verification mechanism for authentication

11. Kick out the specified login user is supported

2、 What is the principle of kisso and the difference between kisso and CAS

1. Kisso principle description

Kisso uses the encrypted session cookie mechanism to realize single sign on SSO service, which has the characteristics of "stateless" and "decentralized authentication".

a. The session is stored on the server and the cookie is stored on the client. There are two states:

The first one: persistent cookies are time sensitive, stored in the client's hard disk in the form of files, and are automatically deleted at the end of the life cycle;

The second type: temporary cookies, also known as session cookies, are placed in the browser's memory. When the browser is closed, it will automatically expire at the end of its life cycle.

b. The session is more secure simply by not making any changes. If various security measures are taken for cookies, they are as secure as cookies at this time.

c. Cookies can easily realize distributed service deployment, single sign on, cross domain access and other problems. Replacing session with session needs to deal with session replication and various problems.

2. The difference between kisso and CAS

a. CAS is a single sign on system. It makes rules for you. You can do it according to its requirements. You can realize single sign on by configuring (complex) everything;

b. Kisso is a middleware that provides cookies to build a component solution for Java Web SSO. No matter what architecture you use, you can use it, just like a USB flash disk that can be inserted and unplugged when you need to use it.

c. CAS centralized verification. All requests are centrally verified by CAS. However, the pressure of CAS service is huge. Kisso decentralized verification. Each system verifies the validity of cookies. The disadvantage secret key should be well protected.

3. Maven dependency

Note: (1) if you want to implement token parsing yourself, implement com baomidou. kisso. common. parser. Ssoparser class (parsing interface class). Modify the sso.properties property of the configuration file sso.parser.class. At this time, kisso will call the parsing class defined by you and do not need to rely on the fastjson library. (2) implement token encryption and com baomidou. kisso. common. encrypt. Ssoncrypt class (encryption and decryption interface class). Modify the sso.properties property of the configuration file. Sso.encrypt.class no longer needs to rely on the bcprov library

3、 SSO The configuration of properties is as follows. The default configuration can be used for others

4、 Disposition

1.web. XML configuration

2.spring-mvc. XML configuration

Choose one of the two methods

5、 Project module

6、 Cross domain principle

7、 Web access flowchart

8、 Mobile API access flow chart

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
分享
二维码
< <上一篇
下一篇>>