杀手:恶魔出没的世界免安装绿色中文版
1.12G · 2025-10-25
单点登录(SSO):一次登录,全网通行;一次退出,全网失效。
| 概念 | 说明 |
|---|---|
| CAS | Central Authentication Service(中央认证服务) |
| Token | 登录后颁发的 凭证(JWT、Ticket) |
| TGT | Ticket Granting Ticket(CAS 术语) |
| ST | Service Ticket(CAS 术语) |
| IdP | Identity Provider(身份提供者) |
| SP | Service Provider(服务提供者) |
| 类型 | 存储 | 代表协议 | 适用场景 |
|---|---|---|---|
| Cookie-Based | 浏览器 Cookie | CAS 2.0/3.0 | 同域名 |
| Token-Based | Header/LocalStorage | JWT/OIDC | 跨域、前后端分离 |
| OAuth2 | Access Token | OAuth2 + OIDC | 第三方登录 |
.example.com → 二级域名共享sequenceDiagram
participant U as 浏览器
participant F as 前端A
participant B as 后端A
participant S as SSO中心
participant F2 as 前端B
participant B2 as 后端B
F->>S: POST /api/login {user,pwd}
S->>F: 200 {token: jwt}
F->>B: GET /api/user Header: Authorization: Bearer jwt
B->>B: 验证 JWT → 成功
F2->>S: GET /api/user Header: Authorization: Bearer jwt
S->>F2: 200 {userInfo}
Header.Base64.Payload.Base64.Signature
{"alg":"HS256","typ":"JWT"}{"sub":"alice","exp":1719999999}HMACSHA256(header + "." + payload, secret)sequenceDiagram
participant U as 用户
participant C as 客户端
participant G as Google(IDP)
participant R as Resource Server
U->>C: 点击“用 Google 登录”
C->>G: 302 → authorize?client_id=xxx&response_type=code&scope=openid
U->>G: 登录并同意授权
G->>C: 302 → redirect_uri?code=AUTH_CODE
C->>G: POST /token {code, client_secret}
G->>C: 200 {access_token, id_token(JWT)}
C->>R: GET /userinfo Header: Bearer access_token
R->>C: 200 {sub: "alice", name: "Alice"}
src
├─ config/JwtConfig.java
├─ controller/LoginController.java
├─ filter/JwtFilter.java
└─ SpringBootSsoApplication.java
@Component
public class JwtProvider {
private final String secret = "demoSecretKey";
private final long validity = 3600_000; // 1h
public String generateToken(String username) {
return Jwts.builder()
.setSubject(username)
.setIssuedAt(new Date())
.setExpiration(new Date(System.currentTimeMillis() + validity))
.signWith(SignatureAlgorithm.HS256, secret)
.compact();
}
public boolean validateToken(String token) {
try {
Jwts.parser().setSigningKey(secret).parseClaimsJws(token);
return true;
} catch (JwtException e) {
return false;
}
}
}
@Component
public class JwtFilter extends OncePerRequestFilter {
@Autowired
private JwtProvider provider;
@Override
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response,
FilterChain filterChain) throws ServletException, IOException {
String header = request.getHeader("Authorization");
if (header != null && header.startsWith("Bearer ")) {
String token = header.substring(7);
if (provider.validateToken(token)) {
String username = Jwts.parser()
.setSigningKey(provider.secret)
.parseClaimsJws(token)
.getBody()
.getSubject();
SecurityContextHolder.getContext().setAuthentication(
new UsernamePasswordAuthenticationToken(username, null, Collections.emptyList()));
}
}
filterChain.doFilter(request, response);
}
}
@RestController
public class LoginController {
@Autowired
private JwtProvider provider;
@PostMapping("/login")
public Map<String, Object> login(@RequestBody LoginRequest req) {
// 省略密码校验
String token = provider.generateToken(req.getUsername());
return Map.of("token", token);
}
}
| 攻击 | 防护 |
|---|---|
| Token 泄露 | HTTPS + 短有效期 |
| XSS 窃取 | HttpOnly Cookie |
| CSRF | SameSite=Strict + CSRF Token |
| 重放攻击 | JWT 过期时间 + Redis 黑名单 |
graph TD
A[浏览器] -->|登录| B[SSO中心]
B -->|颁发 Token| A
A -->|携带 Token| C[系统A]
A -->|携带 Token| D[系统B]
C -->|验证 Token| B
D -->|验证 Token| B
1.12G · 2025-10-25
140M · 2025-10-25
21.8G · 2025-10-25
2025-10-25
2025/26 冬春航季即将启动,国航 C919 新增广州、西安、长沙等新航点
部分 Win11 23H2,Windows Server 2016/2022 安装微软 10 月累积更新失败,严重至“变砖”
