摘要
摘要
随着计算机网络与信息技术的发展,企业网中应用系统越来越多。通常这些系统各自有一套认证系统,用户需要使用各种系统时,就必须逐一以输入口令等方式通过各种系统的身份认证。然而这强制需要用户记住不同系统的认证口令,繁琐的认证也增加了服务器的负荷。因此,需要一种独立的身份认证系统来统一管理各个应用系统的身份认证。
本文在分析了主流web单点登录系统相关技术和规范上,总结出一个单点登录系统的基本模型结构,以身份认证服务中心和身份认证服务客户端系统构成。并通过Java平台实现了一个具备基本认证功能的web单点登录系统。该系统采用模块化方式开发,各层次相对独立,减少了已有系统集成到单点登录系统的开发量。
关键词:单点登录,统一认证,信息系统,网站设计
Abstract
Abstract
With the development of computer network and Information Technology, the number of applications is increasing in enterprise network. However, each application system has its own identity authentication system. The user who wants to access these applications must be identified seriatim, like enter different password. But it compels user to remember each application’s password, also, it makes application servers tend to be overburdened. Consequently, an unaided identity authentication system is needs to manage each application’s identity authentication.
Base on the mainstream technique and criterion of web single sign-on system, this paper sums up a simple single sign-on system model which is composed identity authentication service center and identity authentication service client system. Base on the java platform, a simple web single sign-on system is carried out. This system adopts modularization development manner, the layers in system keep independence from each other, and it cut down integration workload.
Keywords: SSO, unite attestation, information system, web site design
目录 i
目 录
第一章 绪论 ................................................................................................................... 1
1.1 研究目的与意义 ................................................................................................ 1 1.2 国内外研究概述 ................................................................................................ 2 1.3 本文研究内容及组织结构 ................................................................................ 3 第二章 单点登录系统相关技术与规范 ...................................................................... 5
2.1 单点登录系统概念 ............................................................................................ 5 2.2 通用的标准解决方案 ........................................................................................ 7
2.2.1 通用安全服务应用程序接口(GSS-API) .......................................... 7 2.2.2开放软件基金会(OSF)-分布式计算环境(DCE) .................................... 8 2.2.3 嵌入式认证模块(PAM) .......................................................................... 9 2.3 现实解决方案 .................................................................................................. 10
2.3.1 Broker-Based(基于经纪人) SSO方案 ........................................... 10 2.3.2 Agent-Based (基于代理人) SSO方案 ........................................... 10 2.3.3 Token-Based(基于令牌) SSO方案 ................................................ 11 2.3.4 Agent and Broker-Based SSO方案 .................................................... 12 2.3.5 Gateway-Based(基于网关) SSO 方案 ........................................... 12 2.3.6 SAML-Based(基于安全断言标记语言)方案 ....................................... 13
第三章 web单点登录系统模型结构 ......................................................................... 15
3.1 系统模型 .......................................................................................................... 15
3.1.1 总体结构 ............................................................................................... 15 3.1.2 详细结构 ............................................................................................... 16 3.2 身份认证服务中心 .......................................................................................... 18
3.2.1 功能 ....................................................................................................... 18 3.2.2 结构 ....................................................................................................... 19 3.3 身份认证服务客户端 ...................................................................................... 20
3.3.1 功能 ....................................................................................................... 20 3.3.2 结构 ....................................................................................................... 21
ii 目录
3.4 系统运作流程 .................................................................................................. 22 第四章 系统实现......................................................................................................... 27
4.1 需求分析 .......................................................................................................... 27
4.1.1 功能需求 ............................................................................................... 27 4.1.2 性能需求 ............................................................................................... 27 4.1.3 运行需求 ............................................................................................... 27 4.2 开发平台及工具 .............................................................................................. 28 4.3 数据库设计 ...................................................................................................... 30 4.4 系统关键模块代码实现 .................................................................................. 32
4.3.1 数据库连接类 ....................................................................................... 32 4.3.2 认证中心票据的生成 ........................................................................... 36 4.3.3 认证中心对用户身份的认证 ............................................................... 36 4.3.4 认证客户端对用户身份的认证 ........................................................... 37
第五章 总结与展望 .................................................................................................... 41
5.1 本文总结 .......................................................................................................... 41 5.2 进一步研究方向 .............................................................................................. 41 致谢 ................................................................................................................................. 43 参考文献 ......................................................................................................................... 45
相关推荐:
loading