Information Security 16 min read
Implementing Single Sign-On (SSO) for Project Login System and Performance Testing with Groovy Scripts
The article explains how the project login system was upgraded to Single Sign-On (SSO), details two performance testing scenarios for single‑user logins, and provides Groovy and Java code examples for concurrent testing, token handling, and CAS credential verification.
FunTester
FunTester
Project login system upgraded to Single Sign-On (SSO), allowing users to authenticate once and access multiple trusted applications.
Two performance test scenarios are described: (1) a single user logging into a single system, and (2) a single user logging into two systems, with detailed step‑by‑step request flows.
Corresponding Groovy test script is provided, illustrating concurrent thread execution, token retrieval, and request handling.
import com.fun.base.constaint.ThreadBase
import com.fun.config.SqlConstant
import com.fun.frame.excute.Concurrent
import com.fun.utils.Time
import com.okayqa.teacherweb.base.OkayBase
import org.slf4j.Logger
import org.slf4j.LoggerFactory
class Tss extends OkayBase {
private static Logger logger = LoggerFactory.getLogger(Tss.class)
public static void main(String[] args) {
def threadNum = changeStringToInt(args[0])
def times = changeStringToInt(args[1])
SqlConstant.flag = false
def arrayList = new ArrayList<ThreadBase>()
for (int i = 0; i < threadNum; i++) {
def thread = new ThreadBase<Integer>(new Integer(i)) {
@Override
protected void before() {
}
@Override
protected void doing() throws Exception {
def mark = Time.getTimeStamp()
def base = getBase(changeStringToInt(getT()))
def mark0 = Time.getTimeStamp()
def i1 = mark0 - mark
logger.error("----------------" + i1 + EMPTY)
}
@Override
protected void after() {
}
}
thread.setTimes(times)
arrayList << thread
}
new Concurrent(arrayList).start()
allOver()
}
}Java classes for project user objects (OkayBase) and CAS credential verification (CasCredential) are presented, showing methods for login, cookie management, request construction, and response handling.
package com.okayqa.teacherweb.base;
import com.fun.base.bean.BeanUtil;
import com.fun.base.bean.RequestInfo;
import com.fun.base.interfaces.IBase;
import com.fun.config.HttpClientConstant;
import com.fun.config.SqlConstant;
import com.fun.config.SysInit;
import com.fun.frame.SourceCode;
import com.fun.frame.httpclient.FanLibrary;
import com.okayqa.common.CasCredential;
import com.okayqa.common.Common;
import com.okayqa.common.Users;
import com.okayqa.teacherweb.bean.UserInfoBean;
import com.okayqa.teacherweb.function.UserCenter;
import com.okayqa.teacherweb.profile.Profile;
import com.okayqa.teacherweb.profile.UserApi;
import net.sf.json.JSONObject;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpRequestBase;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.File;
/**
* 教师空间项目
* qa项目base类
*/
public class OkayBase extends SourceCode implements IBase {
private static Logger logger = LoggerFactory.getLogger(OkayBase.class);
private static OkayBase base;
public static final String HOST = Profile.HOST;
JSONObject loginResponse;
private UserInfoBean userInfoBean = new UserInfoBean();
long uid;
String token;
String username;
JSONObject cookies = new JSONObject();
public static OkayBase getBase() {
if (base == null) base = new OkayBase(0);
return base;
}
public static OkayBase getBase(int i) { return new OkayBase(i); }
public static OkayBase getBase(String name) { return new OkayBase(name); }
public JSONObject getCookies() { return cookies; }
public void setCookies(JSONObject cookies) { this.cookies = cookies; }
public void addCookie(JSONObject cookies) { this.cookies.putAll(cookies); }
@Override
public void login() {
String url = UserApi.LOGIN;
JSONObject params = new JSONObject();
params.put("loginType", "1");
params.put("platformType", "teacher");
params.put("username", username);
params.put("password", getPassword());
params.put("pictureVerifyCode", "");
params.put("phone", "");
params.put("traceno", "");
params.put("phoneVerifyCode", "");
JSONObject tgc = CasCredential.getTGC(HOST, params);
this.cookies = tgc.getJSONObject("cookie");
String location = tgc.containsKey("location") ? tgc.getString("location") : EMPTY;
if (!location.contains("ticket=ST-")) logger.error("登录失败!");
JSONObject getResponse = this.getGetResponse(location.replace(HOST, EMPTY));
UserCenter userCenter = new UserCenter(this.cookies);
userInfoBean = userCenter.getUserinfo();
logger.info("账号:{},昵称:{},学科名称:{},登录成功!", username, userInfoBean.getName(), userInfoBean.getSubjectName());
}
public String getPassword() { return Profile.PWD; }
public OkayBase(String username) { this.username = username; login(); }
public OkayBase(int i) { this.username = Users.getTeaUser(i); login(); }
protected OkayBase() {}
public OkayBase(OkayBase okayBase) {
this.uid = okayBase.uid;
this.username = okayBase.username;
this.token = okayBase.token;
this.userInfoBean = okayBase.userInfoBean;
this.cookies = okayBase.cookies;
}
public JSONObject getParams() { return getJson("_=" + getMark()); }
@Override
public void init(JSONObject jsonObject) {
addCookie(jsonObject);
HttpGet get = FanLibrary.getHttpGet(Profile.LOGIN_REDIRECT);
get.addHeader(FanLibrary.getCookies(jsonObject));
JSONObject response = FanLibrary.getHttpResponse(get);
JSONObject credential = CasCredential.verifyST(response.getString("location"));
addCookie(credential);
}
public JSONObject getLoginResponse() { return loginResponse; }
public long getUid() { return uid; }
public String getToken() { return token; }
public String getUname() { return username; }
public UserInfoBean getUserInfoBean() { return userInfoBean; }
@Override
public HttpGet getGet(String s) { return FanLibrary.getHttpGet(HOST + s); }
@Override
public HttpGet getGet(String s, JSONObject jsonObject) { return FanLibrary.getHttpGet(HOST + s, jsonObject); }
@Override
public HttpPost getPost(String s) { return FanLibrary.getHttpPost(HOST + s); }
@Override
public HttpPost getPost(String s, JSONObject jsonObject) { return FanLibrary.getHttpPost(HOST + s, jsonObject); }
@Override
public HttpPost getPost(String s, JSONObject jsonObject, File file) { return FanLibrary.getHttpPost(HOST + s, jsonObject, file); }
@Override
public boolean isRight(JSONObject jsonObject) {
if (jsonObject.containsKey("success")) return jsonObject.getBoolean("success");
int code = checkCode(jsonObject, new RequestInfo(getGet(HOST)));
try {
JSONObject data = jsonObject.getJSONObject("data");
return code == 0 && !data.isEmpty();
} catch (Exception e) {
output(jsonObject);
return false;
}
}
public int checkCode(JSONObject jsonObject, RequestInfo requestInfo) {
int code = TEST_ERROR_CODE;
if (SysInit.isBlack(requestInfo.getHost())) return code;
try { code = jsonObject.getInt("code"); }
catch (Exception e) { logger.warn("非标准响应:{}", jsonObject.toString()); }
return code;
}
public static void allOver() { FanLibrary.testOver(); }
}package com.okayqa.common;
import com.fun.config.HttpClientConstant;
import com.fun.frame.httpclient.FanLibrary;
import com.fun.utils.Regex;
import net.sf.json.JSONObject;
import org.apache.http.client.methods.HttpGet;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* cas服务验证类,主要解决web端登录验证功能
*/
class CasCredential extends FanLibrary {
static final String OR = "/";
private static Logger logger = LoggerFactory.getLogger(CasCredential.class);
String lt;
String execution;
CasCredential(String host) {
def get = getHttpGet(Common.CAS_LOGIN + (host.endsWith(OR) ? host : host + OR))
get.addHeader(Common.REQUEST_ID)
def response = getHttpResponse(get)
def string = response.getString("content")
this.lt = Regex.getRegex(string, "<input type=\"hidden\" name=\"lt\" value=\".*?\"/>")
this.execution = Regex.getRegex(string, " <input type=\"hidden\" name=\"execution\" value=\".*?\"/>")
}
static JSONObject getTGC(String host, JSONObject params) {
def credential = new CasCredential(host)
params.put("lt", credential.getLt());
params.put("execution", credential.getExecution())
params.put("_eventId", "submit");
def post = FanLibrary.getHttpPost(Common.CAS_LOGIN + (host.endsWith(OR) ? host : host + OR), params)
post.addHeader(Common.REQUEST_ID);
FanLibrary.getHttpResponse(post)
}
public static JSONObject verifyST(String url) {
HttpGet location = FanLibrary.getHttpGet(url);
location.addHeader(Common.REQUEST_ID);
JSONObject httpResponse = FanLibrary.getHttpResponse(location);
httpResponse.getJSONObject(HttpClientConstant.COOKIE) as JSONObject
}
}The article also links to a performance testing framework written in Java and Groovy, and lists additional technical and non‑technical articles for further reading.
Original Source
Signed-in readers can open the original source through BestHub's protected redirect.
Republication Notice
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Reader feedback
How this landed with the community
Rate this article
Was this worth your time?
Discussion
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.