1. Start and enter the http://localhost:8080/login user kisso password 123
2. Log in successfully, check the browser and find the kisso cookie, you have successfully integrated kisso!!
3. Log out of the http://localhost:8080/logout to see the kisso cookie disappears

Permissions

1. Login Access http://localhost:8080/test/permission/index.html has the permission to display the logged-in user
2. Test without permission to access http://localhost:8080/test/permission/userinfo.html Enter the no permission interface
Kisso Spring Boot demo

1. Start the execution of Application
2. Access
http://localhost:8080/token prompted to log in
3. Log in to access
http://localhost:8080/login Successfully go to the 2 steps to view

warehouse

https://search.maven.org/search?q=g:com.baomidou

<dependency>
<groupId>com.baomidou</groupId>
<artifactId>kisso</artifactId>
<version>3.8.1</version>
</dependency>
Use documentation
To generate a jwt ticket, the access request header is set to ‘accessToken=ticket content’, which is suitable for single sign-on in the front and back separation mode
String jwtToken = SSOToken.create().setId(1).setIssuer(“admin”).setOrigin(TokenOrigin.HTML5).getToken();

Parse the ticket
SSOToken ssoToken = SSOToken.parser(jwtToken);

Cookie Pattern Settings
SSOHelper.setCookie(request, response, new SSOToken().setId(String.valueOf(1)).setIssuer(“admin”));

Login Privilege Interceptor class SSOSpringInterceptor
Annotations do not intercept @LoginIgnore
yml config kisso.config….

Spring Boot

@ControllerAdvice
@Configuration
public class WebConfig implements WebMvcConfigurer {

@Override
public void addInterceptors(InterceptorRegistry registry) {
SSO Authorized Interceptor
SSOSpringInterceptor ssoInterceptor = new SSOSpringInterceptor();
ssoInterceptor.setHandlerInterceptor(new LoginHandlerInterceptor());
registry.addInterceptor(ssoInterceptor).addPathPatterns(“/**”).excludePathPatterns(“/v1/sso/**”);
}
}
Default HS512 algorithm
HS512 key, the configuration parameter kisso.config.sign-key
SSOHelper.getHS512SecretKey()
Toggle the RS512 algorithm

1. Configure the algorithm
kisso.config.sign-algorithm = RS512

2. Configure the private key public key certificate, and place the resources directory by default

RSA key, configuration parameter kisso.config.rsa-jks-store
Other parameters: CN=Server, OU=Unit, O=Organization, L=City, S=State, and C=US
RSA generates a jks key
$ keytool -genkeypair -alias jwtkey -keyalg RSA -dname “CN=llt” -keypass keypassword -keystore key.jks -storepass jkspassword

RSA generates certificates
RSA public key, configuration parameter kisso.config.rsa-cert-store
$ keytool -export -alias jwtkey -file public.cert -keystore key.jks -storepass jkspassword
Common security policies

1. Cookies marked as Secure should only be sent to the server via requests encrypted by the HTTPS protocol. With the HTTPS security protocol, cookies are protected from theft and tampering during transmission between the browser and the web server

2. HTTPOnly Setting the HTTPOnly attribute can prevent client scripts from accessing cookies through documents such as document.cookie, which can help avoid XSS attacks

3. SameSite The SameSite attribute prevents cookies from being sent when requested across sites, thus preventing CSRF attacks

SameSite can have the following three values:
1. Strict only allows one party to request to carry cookies, that is, the browser will only send cookies requested by the same site, that is, the URL of the current web page is exactly the same as the URL of the request.
2. Lax allows some third parties to request the porting of cookies
3. None will send cookies regardless of whether it is cross-site or not
The reason why cookies cannot be obtained now is because it was None by default, and Lax is defaulted to Chrome 80

The security configuration is as follows:

kisso:
config:
# Enabling HTTPS is effective and the transmission is more secure
cookie-secure: true
# Prevent XSS from scripting attacks
cookie-http-only: true
# Prevent CSRF cross-site attacks
cookie-same-site: Lax
# Encryption algorithm RSA
sign-algorithm: RS512

资源下载此资源为免费资源立即下载

Telegram:@John_Software

collect(0) Like (0)

Disclaimer: This article is published by a third party and represents the views of the author only and has nothing to do with this website. This site does not make any guarantee or commitment to the authenticity, completeness and timeliness of this article and all or part of its content, please readers for reference only, and please verify the relevant content. The publication or republication of articles by this website for the purpose of conveying more information does not mean that it endorses its views or confirms its description, nor does it mean that this website is responsible for its authenticity.

Ictcoder Free source code Java cookie-based SSO middleware https://ictcoder.com/kyym/java-cookie-based-sso-middleware.html

lllll

Share free open-source source code

Previous article： A Vue3 component library for developers, designers, and product managers

Next article： Metaverse project: face expression recognition system, supporting pictures and videos

Q&A

What is the delivery method?

1, automatic: after taking the photo, click the (download) link to download; 2. Manual: After taking the photo, contact the seller to issue it or contact the official to find the developer to ship.

View details

How long is the trading cycle?

1, the default transaction cycle of the source code: manual delivery of goods for 1-3 days, and the user payment amount will enter the platform guarantee until the completion of the transaction or 3-7 days can be issued, in case of disputes indefinitely extend the collection amount until the dispute is resolved or refunded!

View details

Matters needing attention

1. Heptalon will permanently archive the process of trading between the two parties and the snapshots of the traded goods to ensure that the transaction is true, effective and safe! 2, Seven PAWS can not guarantee such as "permanent package update", "permanent technical support" and other similar transactions after the merchant commitment, please identify the buyer; 3, in the source code at the same time there is a website demonstration and picture demonstration, and the site is inconsistent with the diagram, the default according to the diagram as the dispute evaluation basis (except for special statements or agreement); 4, in the absence of "no legitimate basis for refund", the commodity written "once sold, no support for refund" and other similar statements, shall be deemed invalid; 5, before the shooting, the transaction content agreed by the two parties on QQ can also be the basis for dispute judgment (agreement and description of the conflict, the agreement shall prevail); 6, because the chat record can be used as the basis for dispute judgment, so when the two sides contact, only communicate with the other party on the QQ and mobile phone number left on the systemhere, in case the other party does not recognize self-commitment. 7, although the probability of disputes is very small, but be sure to retain such important information as chat records, mobile phone messages, etc., in case of disputes, it is convenient for seven PAWS to intervene in rapid processing.

View details

Systemhere declaration

1. As a third-party intermediary platform, Qichou protects the security of the transaction and the rights and interests of both buyers and sellers according to the transaction contract (commodity description, content agreed before the transaction); 2, non-platform online trading projects, any consequences have nothing to do with mutual site; No matter the seller for any reason to require offline transactions, please contact the management report.

View details