Summary of the invention
In view of this, the invention provides a kind of single-point logging method, Fat Client, server and system, the problem of single-sign-on to web page can only be realized by Fat Client to solve in prior art.
To achieve these goals, the invention provides following scheme:
A kind of single-point logging method, is characterized in that, comprising:
Server receives the access request of browser;
Described server, according to the corresponding relation between the described access request preset and the address of Fat Client, obtains the address of described Fat Client;
Described server sends the address of described Fat Client to described browser, can process described access request by Fat Client to make browser according to the call by location of described Fat Client;
Described server receives the user profile logged in that described Fat Client sends;
The certification corresponding with described user profile identifies and sends to described Fat Client by described server, to make described Fat Client, described certification mark is sent to described browser;
Described server receives the described certification mark that described browser sends;
Response results is sent to described browser by described server.
A kind of single-point logging method, comprising:
Fat Client receives the call request that browser sends;
Described Fat Client sends the user profile of the user that Fat Client has logged in server;
The certification corresponding with described user profile that described Fat Client receives the transmission of described server identifies;
Described Fat Client sends described certification mark to browser.
A kind of single-point logging method, comprising:
Browser sends access request to server;
Described server, according to the corresponding relation between the described access request preset and the address of Fat Client, obtains the address of described Fat Client;
Described server sends the address of described Fat Client to described browser, can process described access request by Fat Client to make browser according to the call by location of described Fat Client;
The address of the Fat Client that described browser sends according to server, sends call request to described Fat Client, to obtain certification mark;
Described Fat Client receives the call request that browser sends, and sends the user profile of the user that Fat Client has logged in server;
The certification corresponding with described user profile that described Fat Client reception server sends identifies;
Described Fat Client sends described certification mark to browser;
Described browser receives the certification mark that Fat Client sends, and described certification mark is sent to server;
Described server returns response results according to described certification mark;
A kind of server, comprising:
Access request receiving element, for receiving the access request of browser;
Address acquisition unit, for according to the corresponding relation between the described access request preset and the address of Fat Client, obtains the address of described Fat Client;
Address transmitting element, for sending the address of described Fat Client to described browser, can process described access request by Fat Client to make browser according to the call by location of described Fat Client;
User profile receiving element, for receiving the user profile logged in that described Fat Client sends;
Certification mark transmitting element, sends to described Fat Client for the certification corresponding with described user profile being identified, and to make described Fat Client, described certification mark is sent to described browser;
Certification mark receiving element, for receiving the described certification mark that described browser sends;
Response results transmitting element, for sending to described browser by response results.
A kind of Fat Client, comprising:
Access request receiving element, for receiving the call request that browser sends;
User profile transmitting element, for sending the user profile of the user that described Fat Client has logged in server;
Certification mark receiving element, the certification corresponding with described user profile sent for receiving described server identifies;
Certification mark transmitting element, for sending described certification mark to browser.
A kind of single-node login system, comprising: browser, server and Fat Client, wherein:
Described browser is used for, send access request to server, according to the call by location Fat Client of the Fat Client that server sends, receive the certification mark that Fat Client sends, described certification mark is sent to server, and reception server identifies the response results returned according to described certification;
Described server is used for, receive the access request of browser, according to the corresponding relation between the described access request preset and the address of Fat Client, obtain the address of described Fat Client, the address of described Fat Client is sent to described browser, according to the call by location of described Fat Client, described access request can be processed by Fat Client to make browser, receive the user profile logged in that described Fat Client sends, the certification corresponding with described user profile is identified and sends to described Fat Client, to make described Fat Client, described certification mark is sent to described browser, receive the described certification mark that described browser sends, response results is sent to described browser,
Described Fat Client is used for, and receives the call request that browser sends, sends the user profile logged in server, and the certification corresponding with described user profile receiving the transmission of described server identifies, and sends described certification mark to browser.
As can be seen from above-mentioned technical scheme, in the embodiment of the present invention, after user logs in Fat Client, when logging in web page by browser, according to the relation between the access request preset and Fat Client, can call the Fat Client acquisition certification corresponding with the user profile of user listed on Fat Client to identify, browser by the certification of server, realizes the access to object web page by this certification mark.Do not need to input user's name and password again, achieve the single-sign-on object of various ways, simplify operation, convenient for users.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
The invention discloses a kind of single-point logging method, do not need to input the user profile logging in client, the certification being returned to browser by client identifies the object realizing single-sign-on, and simplify operation, its embodiment is as follows:
Embodiment one
The embodiment of the present invention 1 discloses a kind of single-point logging method, and its idiographic flow as shown in Figure 1, comprising:
The access request of step S11, reception browser;
Step S12, according to the corresponding relation between described access request and the address of Fat Client, obtain the address of described Fat Client;
Step S13, send the address of described Fat Client to described browser, according to the call by location of described Fat Client, described access request can be processed by Fat Client to make browser;
Step S14, receive described Fat Client send the user profile logged in;
Step S15, the certification corresponding with described user profile identified send to described Fat Client, to make described Fat Client, described certification mark is sent to described browser;
Step S16, receive the described certification mark that described browser sends;
Step S17, response results is sent to described browser.
Windows system supports registered network protocol handling program.Such as, after having installed emule, as long as at IE(or other browsers) in the network address that starts of input " ed2k: // ", browser will call emule to process this URL.This is because emule is when installation, a log-in protocol handling procedure list item can be with the addition of at system registry, specify ed2k agreement and processed by emule.
So, according to above-mentioned feature, we can register an agreement in windows system, such as, be called " sso " agreement, specifying needs the Fat Client carrying out SSO as the handling procedure of this agreement, sets up the corresponding relation between access request and Fat Client.And then according in said process, when user logs in the web webpage of this system, if the client not by logging in, then jump to a URL started with " SSO: ".System will call Fat Client that we specify to process this URL, and such as, to obtain a certification mark, token TOKEN, browser by the authentication of this certification mark by server, and then realizes single logging-on server.
Above-mentioned steps can be found out, single-point logging method disclosed by the invention does not need to input and logs in the user profile of client, but realizes the object of single-sign-on by the certification mark that client returns to browser, simplifies operation.
Embodiment two
Disclosed in the embodiment of the present invention 3, the flow process of single-point logging method as shown in Figure 2, comprising:
The access request of step S21, reception browser;
Step S22, according to the corresponding relation between described access request and the address of Fat Client, obtain the address of described Fat Client;
Step S23, send the address of described Fat Client to described browser, according to the call by location of described Fat Client, described access request can be processed by Fat Client to make browser;
Step S24, receive the user profile of the user logged in that described Fat Client sends, the user profile in this step comprises: user's name or session id;
Step S25, the certification corresponding with described user profile identified send to described Fat Client, to make described Fat Client, described certification mark is sent to described browser;
Step S26, receive the described certification mark that described browser sends;
Step S27, judge that the certification mark received is whether correct, if correct, perform step S28, if mistake, perform step S29;
Step S28, the page documents of access request being specified feed back to described browser;
Step S29, send request miscue to browser.
The certification added in the present embodiment receiving identifies the process verified, thus ensure that the accuracy of navigation process, avoid the certification mark caused due to the mistake in transmitting procedure incorrect, and then affect the accuracy of server to browser return information.Result according to judging sends different response results to browser.The present embodiment does not limit concrete response results, such as, when judging that certification mark is incorrect, the prompting of certification again can also be sent to browser, concrete response results type is determined according to actual conditions, as long as can realize user-friendly object.
Can be found out by above-mentioned steps, after user logs in Fat Client, when user logs in web page again, just the certification mark that Fat Client sends the current user's name that logged in and/or session id and then obtains server can be called, browser is forwarded to again by Fat Client, finally send certification by browser to identify to server, by the certification of server, realize the access to object web page.As long as active user has logged in Fat Client, just can log in the webpage of this system by any way, not need to input user's name and password again, realize the single-sign-on of various ways, facilitate user, improve Consumer's Experience, be specially adapted to user and there is the situation evaluating electron stream.
Embodiment three
The single-point logging method that present embodiment discloses is applicable to Fat Client, and its idiographic flow as shown in Figure 3, comprising:
The call request that step S31, reception browser send;
The address of the Fat Client that browser is obtained according to the corresponding relation between access request and the address of Fat Client by server, access Fat Client.
Step S32, send the user profile of the user logged in server;
After receiving access request, send the user profile logged in server, comprising user name or session id.
Step S33, receive described server send the certification corresponding with described user profile identify;
Server sends a certification mark to Fat Client, such as token TOKEN.
Step S34, to send described certification mark to browser.
In the present embodiment, Fat Client by the certification obtained from server end mark send to browser, make browser can by this certification mark send to server to verify, make server when recognize just identify correct, the access request of browser can be accepted, realize single-sign-on.
Embodiment four
The embodiment of the present invention 4 discloses a kind of single-point logging method, and its idiographic flow as shown in Figure 4, comprising:
Step 41, browser send access request to server;
The address of step 42, acquisition Fat Client;
In this step, described server, according to the corresponding relation between described access request and the address of Fat Client, obtains the address of described Fat Client;
Step 43, described server send the address of described Fat Client to described browser;
In this step, server sends the address of described Fat Client to described browser, can process described access request by Fat Client to make browser according to the call by location of described Fat Client;
Step 44, send call request to described Fat Client;
In this step, the address of the Fat Client that described browser sends according to server, sends call request to described Fat Client, to obtain certification mark;
Step 45, send the user profile of the user that Fat Client has logged in server;
In this step, described Fat Client receives the call request that browser sends, and sends the user profile of the user that Fat Client has logged in server;
The certification corresponding with described user profile that step 46, described Fat Client reception server send identifies;
Step 47, described Fat Client send described certification mark to browser;
Step 48, described browser receive the certification mark that Fat Client sends, and described certification mark is sent to server;
Step 49, described server return response results according to described certification mark;
Above-mentioned steps can be found out, single-point logging method disclosed by the invention does not need to input the user profile logging in client, but is identified the object realizing single-sign-on to browser by client return authentication, simplifies operation.
The present invention discloses a kind of server realizing single-sign-on, its structure as shown in Figure 4, comprise: access request receiving element 51, address acquisition unit 52, address transmitting element 53, user profile receiving element 54, certification mark transmitting element 55, certification mark receiving element 56 and response results transmitting element 57, wherein:
Access request receiving element 51 is for receiving the access request of browser; Address acquisition unit 52, for according to the corresponding relation between described access request and the address of Fat Client, obtains the address of described Fat Client; Address transmitting element 53, for sending the address of described Fat Client to described browser, can process described access request by Fat Client to make browser according to the call by location of described Fat Client; The user profile logged in that user profile receiving element 54 sends for receiving described Fat Client; Certification mark transmitting element 55 sends to described Fat Client for the certification corresponding with described user profile being identified, and to make described Fat Client, described certification mark is sent to described browser; The described certification mark that certification mark receiving element 56 sends for receiving described browser; Response results transmitting element 57 is for sending to described browser by response results.
Whether wherein, described response results transmitting element 57 comprises: judging unit 571, correct for judging the certification mark received; Page documents transmitting element 572, for when certification mark is correct, is sent to described browser by the page documents that described access request is specified; Miscue unit 573, for when described certification mark is incorrect, sends request bomp to described browser.
The present invention discloses a kind of Fat Client realizing single-sign-on, its structure as shown in Figure 6, comprising: access request receiving element 61, user profile transmitting element 62, certification mark receiving element 63 and certification mark transmitting element 64, wherein,
The call request that access request receiving element 61 sends for receiving browser; User profile transmitting element 62 is for sending the user profile logged in server; Certification mark receiving element 63 identifies for the certification corresponding with described user profile receiving the transmission of described server; Certification mark transmitting element 64 is for sending described certification mark to browser.
The present invention further discloses a kind of single-node login system, its structure as shown in Figure 7, comprising: browser 71, server 72 and Fat Client 73, wherein:
Described browser 71 for, send access request to server, according to the call by location Fat Client of the Fat Client that server sends, receive the certification mark that Fat Client sends, described certification mark is sent to server, and reception server identifies the response results returned according to described certification;
Described server 72 for, receive the access request of browser, according to the corresponding relation between described access request and the address of Fat Client, obtain the address of described Fat Client, the address of described Fat Client is sent to described browser, according to the call by location of described Fat Client, described access request can be processed by Fat Client to make browser, receive the user profile logged in that described Fat Client sends, the certification corresponding with described user profile is identified and sends to described Fat Client, to make described Fat Client, described certification mark is sent to described browser, receive the described certification mark that described browser sends, response results is sent to described browser,
Described Fat Client 73 for, receive browser send call request, sends the user profile logged in server, receive described server send the certification corresponding with described user profile identify, to browser send described certification identify.Single-point logging method disclosed by the invention, Fat Client, server and system, can realize after user has logged in the client of a C/S type, even if its by initiatively in a browser the mode of the web page network address of input system log in homepage, also can by the certification mark that Fat Client sends the current user's name that logged in and/or session id and then obtains server just can be called, browser is forwarded to again by Fat Client, finally send certification by browser to identify to server, by the certification of server, realize the access to object web page, and do not need at input username and password, simplify operating process, facilitate Consumer's Experience.
In this specification, each embodiment adopts the mode of going forward one by one to describe, and what each embodiment stressed is the difference with other embodiments, between each embodiment identical similar portion mutually see.For device disclosed in embodiment, because it corresponds to the method disclosed in Example, so description is fairly simple, relevant part illustrates see method part.
Professional can recognize, in conjunction with unit and the algorithm steps of each example of embodiment disclosed herein description, can realize with electronic hardware, computer software or the combination of the two, in order to the interchangeability of hardware and software is clearly described, generally describe composition and the step of each example in the above description according to function.These functions perform with hardware or software mode actually, depend on application-specific and the design constraint of technical scheme.Professional and technical personnel can use distinct methods to realize described function to each specifically should being used for, but this realization should not thought and exceeds scope of the present invention.
The software module that the method described in conjunction with embodiment disclosed herein or the step of algorithm can directly use hardware, processor to perform, or the combination of the two is implemented.Software module can be placed in the storage medium of other form any known in random asccess memory (RAM), internal memory, read-only memory (ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or technical field.
To the above-mentioned explanation of the disclosed embodiments, professional and technical personnel in the field are realized or uses the present invention.To be apparent for those skilled in the art to the multiple amendment of these embodiments, General Principle as defined herein can without departing from the spirit or scope of the present invention, realize in other embodiments.Therefore, the present invention can not be restricted to these embodiments shown in this article, but will meet the widest scope consistent with principle disclosed herein and features of novelty.