发送 HTTP POST 请求
为了实现单点注销,我希望用户在用户单击应用程序 A 上的注销时另外从应用程序 B 注销。是否可以使用某种形式的对应用程序 B 的 POST 请求来实现此目的? 即当用户单击注销时:
- 生成现有的 POST 请求以注销应用程序 A
- 并生成附加的 POST 请求以注销应用程序 B。
To implement single sign off, i would like the user to get logged out of application B additionally when ever the user clicks logout on application A. Is it possible to implement this using some form of a POST request to application B? i.e. when the user clicks on logout:
- Generate existing POST request to logout of application A
- Generate additional POST request to logout of application B as well.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(6)
如何使其成为基于 cookie 的身份验证? 相同的 cookie 对不同应用程序的用户进行身份验证(在您的情况下是 2 个不同的应用程序)。一旦用户从一个应用程序(应用程序 A)注销,就会使 cookie 失效(在到期日之前),以便每当用户发送 POST 请求时就可以休息应用程序(应用程序 B)的请求未得到处理。 每个应用程序都需要一个跟踪每个 POST 请求以验证 cookie 的 Servlet。
How about making it a cookie based authentication? A same cookie authenticates a user for various applications (in your case 2 different application.) Once a user sign off from one application (app A), invalidates a cookie (by expiry date) so that whenever a user sends a POST request to rest of the application (app B) the request is not processed. A Servlet that traces each POST request to validate the cookie is required for each application.
最简单的方法是检查您的 SSO 提供商是否具有单点登录功能。
对其进行编码并部署会使您的整体 IT 解决方案变得有点脆弱。
另一个建议是与您的(企业)架构师讨论这个问题,因为 SSO 通常是一项企业计划,并向她指出这篇文章中的(非常有说服力的)论点:http://lists.danga.com/pipermail/yadis/2005-July/001085.html
The cleanest way to do this is to check if your SSO provider has a single-sign-off feature.
Coding this up and deploying it would make your overall IT solution a bit brittle.
Another suggestion is to take this up with your (Enterprise) architect as SSO is usually an enterprise initiative and point her to (very cogent) arguments in this post : http://lists.danga.com/pipermail/yadis/2005-July/001085.html
是的,如何操作取决于您使用的编程语言。
例如,在 ASP.Net 下,您可以在处理应用程序 A 的注销事件时使用 System.Net.HttpWebRequest 向应用程序 B 发出注销请求
如果您可以发布您正在使用的语言,我可以给出一个正确的示例
Yes, how you do it depends on the programming language you are using.
For example under ASP.Net you'd use System.Net.HttpWebRequest within the handling of the Logout event of application A to make a logout request to application B
If you can post what language you're working in I can give a proper example
根据您的身份验证系统的实现,您可能/需要使用 JavaScript 而不是从服务器端发送 POST。
Depending on the implementation of your authentication system, probably you can/need to send the POST using JavaScript instead of from server-side.
如果没有具体信息,很难给出具体答案,但当您提到 POST 时,我假设涉及浏览器。
提交表单时会发生 POST(不使用 Javascript 或类似内容)。 由于该表单只能有一项操作,因此它只能定位一个服务器端页面。
一种解决方案是在收到一项操作后,简单地让应用程序 A 将注销凭据转发给应用程序 B,这样就有更多机会检查返回结果。
但是,如果您设置 POST 到不同的页面,请参阅本教程了解一个与 iframe 相关的技巧 - http://www.codeproject.com/KB/scripting/multiact.aspx
Without specific information, it's hard to give a specific answer, but as you're refering to POST, I'll assume a browser is involved.
POSTs (without using Javascript or similar) occur when a form is submitted. As the form can have only one action, it can only target one server-side page.
One solution is to simply have Application A forward sign-out credentials to Application B once one action is received, which allows for more opportunities to check returns.
If, however, you're set on POST'ing to different pages, see this tutorial for one iframe-related hack - http://www.codeproject.com/KB/scripting/multiact.aspx
如果您的登录会话由 cookie 存储,并且您不需要提供任何其他信息来注销应用程序 B,则在 javascript 中清除 cookie 通常会破坏会话并让用户注销。
If your login session is stored by a cookie, and there are nothing else you need to supply to log out of application B, clearing the cookie in javascript will usually destroy the session and sign the user out.