如何在我的java项目中实现单点登录?
[英]How to implement single sign-on in my java project?
问题描述
I need to implement single sign-on in my java web application which can achieve the following features: All the computer joined in my domain smb.local , after user login in the computer, and type http://localhost:8080 , my application know to use the current logined user to login into my web application. 
我需要在我的java web应用程序中实现单点登录,它可以实现以下功能:所有计算机都加入我的域smb.local,用户登录计算机后,输入http:// localhost:8080 ,我的应用程序知道使用当前登录的用户登录我的Web应用程序。 So what protocal should I implement ? 那么我应该实现什么样的协议呢? Or any reference ? 或者任何参考? Thanks very much ! 非常感谢 !
3 个解决方案
解决方案1
2 已采纳 2010-10-06 14:59:16
If you want to "automatically" extract the user's Windows credentials, one option (maybe the only one?) is NTLM . 如果要“自动”提取用户的Windows凭据,一个选项(可能是唯一的?)是NTLM 。 Once you've actually got the credentials, you'll need to check them against the authoritative source - Active Directory exposes details as LDAP, so most security frameworks would be able to cope with this. 实际获得凭据后,您需要根据权威来源检查它们 - Active Directory将详细信息公开为LDAP,因此大多数安全框架都能够应对此问题。
I've done such a thing a few years ago with Spring Security , including deriving privileges based on Windows group membership, and it worked very well. 几年前我使用Spring Security做过这样的事情,包括基于Windows组成员资格获得特权,并且它运行得非常好。
解决方案2
1 2010-10-06 14:54:52
Recently I worked with CAS from Jasig , you can also check OpenSSO or Josso to have a SSO. 最近我与Jasig的CAS合作 ,你也可以检查OpenSSO或Josso有一个SSO。 From there, you'll find the documentation of each project and how to integrate it in your application. 从那里,您将找到每个项目的文档以及如何将其集成到您的应用程序中。
For the automatic connection "as long as your logged on the computer", I'm not sure that's even possible. 对于“只要你登录电脑”的自动连接,我不确定是否可能。 If it is you'll certainly need a specific browser (and some plugins for this browser). 如果是你肯定需要一个特定的浏览器(以及这个浏览器的一些插件)。
解决方案3
0 2010-10-06 14:55:46
身份验证是否集中在任何位置(例如LDAP)?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.