CN104935599B - A kind of general-purpose rights control management method and system - Google Patents
A kind of general-purpose rights control management method and system Download PDFInfo
- Publication number
- CN104935599B CN104935599B CN201510342201.4A CN201510342201A CN104935599B CN 104935599 B CN104935599 B CN 104935599B CN 201510342201 A CN201510342201 A CN 201510342201A CN 104935599 B CN104935599 B CN 104935599B
- Authority
- CN
- China
- Prior art keywords
- general
- login
- information
- plug
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Abstract
The present invention discloses a kind of general-purpose rights control management method and system, and method includes:Plug-in unit is individually distributed by general-purpose rights management system for access system to the user login information that general-purpose rights management system forwards access system includes system banner, the system banner;Plug-in unit obtains the login result information about user login information that general-purpose rights management system is returned;Plug-in unit controls the show or hide in the access system with the associated visualization resource of plug-in unit according to login result information.The permission unification of access system is managed by the present invention by, using the plug-in unit with general-purpose rights communication, being realized in access system by general-purpose rights management system.
Description
Technical field
The present invention relates to permissions to control correlative technology field, especially a kind of general-purpose rights control management method and system.
Background technology
With the intensification of IT application in enterprises, the information system of each enterprise is increasing, and each system is required for the system
Resource is managed, such as various menus and the control of button permission.At present generally in each enterprise information system, for user and
Function privilege possessed by role, is all managed independently, for entire enterprise, is disperseed to user authority management, some are matched
Repetition is set, and often set system is required for development of user rights management and setting, repeated workload is bigger, and is unfavorable for uniting
One management.
Invention content
Based on this, it is necessary to fail to provide a kind of centralized permission control unified for other systems for the prior art
Management method provides a kind of general-purpose rights control management method and system.
A kind of general-purpose rights control management method, including:
Forwarding step is logged in, including:Plug-in unit manages the use that system forwards access system includes system banner to general-purpose rights
Family log-on message, the system banner are that access system is individually distributed by general-purpose rights management system, the general-purpose rights management
System verifies the system banner of user login information, if the system banner of user login information is verified, leads to
The login result information about user login information is returned to Rights Management System, if the system banner of user login information is tested
Card failure, then do not return to the login result information about user login information;
Login result obtaining step, including:What plug-in unit acquisition general-purpose rights management system was returned logs in letter about user
The login result information of breath;
Resource shows step, including:Plug-in unit is associated in the access system with plug-in unit according to login result information, control
Visualization resource show or hide.
A kind of general-purpose rights Control management system, including:
Forwarding module is logged in, is used for:Plug-in unit manages the use that system forwards access system includes system banner to general-purpose rights
Family log-on message, the system banner are that access system is individually distributed by general-purpose rights management system, the general-purpose rights management
System verifies the system banner of user login information, if the system banner of user login information is verified, leads to
The login result information about user login information is returned to Rights Management System, if the system banner of user login information is tested
Card failure, then do not return to the login result information about user login information;
Login result acquisition module, is used for:What plug-in unit acquisition general-purpose rights management system was returned logs in letter about user
The login result information of breath;
Resource display module, is used for:Plug-in unit is associated in the access system with plug-in unit according to login result information, control
Visualization resource show or hide.
The present invention in access system by, using the plug-in unit with general-purpose rights communication, realizing access system
Permission it is unified be managed by general-purpose rights management system, while plug-in unit is according to the login knot in general-purpose rights management system
Fruit information controls the show or hide of the visualization resource in access system so that general-purpose rights management system can dock
The visualization resource for entering system is directly controlled, and so as to the permission of unified each system of centralized control, reduces access system
Exploitation.
Description of the drawings
Fig. 1 is the work flow diagram that a kind of general-purpose rights of the present invention control management method;
Fig. 2 is the overall framework figure of preferred embodiment;
Fig. 3 is the functional schematic that general-purpose rights manage system in preferred embodiment;
Fig. 4 is a kind of structure mould block diagram of general-purpose rights Control management system of the present invention.
Specific implementation mode
The present invention will be further described in detail in the following with reference to the drawings and specific embodiments.
The work flow diagram of management method is controlled for a kind of general-purpose rights of the present invention as shown in Figure 1, including:
Step S101, including:Plug-in unit is stepped on to the user that general-purpose rights management system forwards access system includes system banner
Information is recorded, the system banner is that access system is individually distributed by general-purpose rights management system, and the general-purpose rights manage system
The system banner of user login information is verified, if the system banner of user login information is verified, general power
Login result information of the management system return about user login information is limited, if the system banner verification of user login information is lost
It loses, does not then return to the login result information about user login information;
Step S102, including:Plug-in unit obtains the login about user login information that general-purpose rights management system is returned
Result information;
Step S103, including:Plug-in unit according to login result information, control in the access system with plug-in unit is associated can
Show or hide depending on changing resource.
The user login information of access system access system in step S101 of the present invention can then be forwarded by plug-in unit
System is managed to general-purpose rights, and obtains the login result information about user login information in step s 102.System banner
Preferably appkey and token, the administrative staff of access system, the system that access system is safeguarded in general-purpose rights management system
Information, such as systematic name, visit capacity, general-purpose rights system can generate unique appkey and token, be shown in system page
Face.The exploitation of access system and administrative staff are written the appkey and token generated in the configuration file of access system,
The plug-in unit integrated will send message every time, when such as log-on message, information and appkey, token be sent jointly to lead to
With permission system, general-purpose rights management system can be which access system sending permission is verified according to appkey and token judgements
Information request verifies appkey and token, and non-access system hair is refused in the refusal request operation if incorrect
Send request.The show or hide of visualization resource of the plug-in unit control in access system in step S103.Wherein, visualization resource
Refer to the resource that can be shown to user's observation, such as:Menu or button etc..Plug-in unit is according to login result information, control
Visualization resource associated with it show or hide in access system.Therefore, arbitrary access system, as long as being integrated with this hair
Bright provided plug-in unit, then can complete the verification of user login information.System and plug-in unit are managed by general-purpose rights, is applied to
It integrates and uses in access system.Each system can be avoided individually to develop rights management and user authentication function.Effective drop
Low cost is simultaneously managed permission and user information conducive to unified.
The step S103 in one of the embodiments, specifically includes:
If the login result information is to indicate that general-purpose rights manage system and pass through to user login information login,
Display and the associated visualization resource of plug-in unit in access system;
If the login result information is to indicate that general-purpose rights manage system to user login information login failure,
It is hidden and the associated visualization resource of plug-in unit in access system.
It is illustrated in figure 2 the overall framework figure of highly preferred embodiment of the present invention, the plug-in unit 22 of most preferred embodiment uses shiro
By customized development realize interface and control basis, by webservice protocol realization general-purpose rights manage system 21 with
The plug-in unit 22 that access system 23 integrates is communicated, and the interface of permissions base is realized by the exploitation of customization.
Wherein, as shown in figure 3, general-purpose rights management system 21 includes:Application management module 211, resource management module
212, Role Management module 213, organization and administration module 214, user role distribution module 215, role-security distribution module 216,
User group's distribution module 217 and user management module 218.Specifically, application management module 211 is for manage access
System, visualization resources, the Role Management module 213 such as menu, the button of resource management module 212 for Management Access System are used for
The Role Information of management system, organizational information of the organization and administration module 214 for management, user role distribution module 215 are used for
Assigned role is distributed to user, role-security distribution module 216, which is used to distribute to role, specifies permission, user group's distribution module
217 to user for distributing binding group information, and user management module 218 is used for managing user information.
Use shiro plug-in units, self-defined exploitation login authentication interface each in order to access in general-purpose rights management system
A application system.Self-defined exploitation realm files, to carry out purview certification.Purview certification is externally provided using webservice
Interface, physical interface have authentication role information, certification authority information, authentication role group information, certification permission group information, and certification is answered
Use information.System gives the system each accessed individually to distribute appkey and token, so that access system passes through in integrated access
Interface is incoming to be authenticated.Universal card is provided with jar packet forms.This is verified when the plug-in unit is mainly provided in login first to step on
It employs whether family exists in general-purpose rights management system, is not logged in if user is not present.
In one of the embodiments, in the step S103, by label control in the access system with plug-in unit
The show or hide of associated visualization resource.
Preferably, the step S103, specifically includes:
If the login result information is to indicate that general-purpose rights manage system and pass through to user login information login,
The visualization resource by labeled marker is shown in access system;
If the login result information is to indicate that general-purpose rights manage system to user login information login failure,
The visualization resource by labeled marker is hidden in access system.
In preferred embodiment, plug-in unit is for providing label form interface in the access system page, for access
The developer of system can use label in the menu and button of the page, parameter necessary to transmitting in the label, if had
Authority information menu and/or button that then display label is identified.Specific label form such as $ shiro.lacksRole (String
role)。
Further include in one of the embodiments,:Step is explained, including:
Plug-in unit is explained the user information verification of plug-in unit in response to access system and is called, and obtains general-purpose rights and manages system pair
The verification result of user information verification, and verification result is returned into access system.
In preferred embodiment, in the concrete kind of access system, the permission that plug-in unit provides can be used to explain.With
Family Information Authentication, which is explained, calls, and specifically has the note of verification role and role's group, the note of verifying authorization and permission group, verification
Appkey and token1 is explained, and verifies the note of personal information.Wherein note form such as@RequiresPermissions ("
account:Create ") shown in.
For the present invention inside plug-in unit, label and note are all to use webservice technologies, pass through interface as client
General-purpose rights are called to manage server of the system.General-purpose rights management system and access system can be made close by the use of plug-in unit
It is integrated, and the label of standard can be provided and explained and be used as api, unify externally access.
The login result information includes login status and pre-registers in general-purpose rights in one of the embodiments,
The user role of management system, the step S103, specifically includes:
If the login result information is to indicate that general-purpose rights manage system and pass through to user login information login,
Display is associated with plug-in unit and meets the visualization resource of user role in access system;
If the login result information is to indicate that general-purpose rights manage system to user login information login failure,
It is hidden and the associated visualization resource of plug-in unit in access system.
The administrative staff of access system need to fill in user's letter in general-purpose rights system maintenance institute's access system information
Breath, Role Information and corresponding authority information.Plug-in unit in access system is according to the different user role informations configured
Label is explained to show different visualization resources.
It is illustrated in figure 4 a kind of structure mould block diagram of general-purpose rights Control management system of the present invention, including:
Forwarding module 401 is logged in, is used for:It includes system banner that plug-in unit manages system forwards access system to general-purpose rights
User login information, the system banner are that access system is individually distributed by general-purpose rights management system, the general-purpose rights pipe
Reason system verifies the system banner of user login information, if the system banner of user login information is verified,
General-purpose rights manage login result information of the system return about user login information, if the system banner of user login information
Authentication failed does not return to the login result information about user login information then;
Login result acquisition module 402, is used for:What plug-in unit acquisition general-purpose rights management system was returned logs in about user
The login result information of information;
Resource display module 403, is used for:Plug-in unit according to login result information, control in the access system with plug-in unit
The show or hide of associated visualization resource.
The resource display module in one of the embodiments, is specifically used for:
If the login result information is to indicate that general-purpose rights manage system and pass through to user login information login,
Display and the associated visualization resource of plug-in unit in access system;
If the login result information is to indicate that general-purpose rights manage system to user login information login failure,
It is hidden and the associated visualization resource of plug-in unit in access system.
In one of the embodiments, in the resource display module, by label control in the access system with
The show or hide of the associated visualization resource of plug-in unit.
Further include in one of the embodiments,:Module is explained, is used for:
Plug-in unit is explained the user information verification of plug-in unit in response to access system and is called, and obtains general-purpose rights and manages system pair
The verification result of user information verification, and verification result is returned into access system.
The login result information includes login status and pre-registers in general-purpose rights in one of the embodiments,
The user role of management system, the resource display module, is specifically used for:
If the login result information is to indicate that general-purpose rights manage system and pass through to user login information login,
Display is associated with plug-in unit and meets the visualization resource of user role in access system;
If the login result information is to indicate that general-purpose rights manage system to user login information login failure,
It is hidden and the associated visualization resource of plug-in unit in access system.
Only several embodiments of the present invention are expressed for above example, the description thereof is more specific and detailed, but can not
Therefore it is interpreted as the limitation to the scope of the claims of the present invention.It should be pointed out that for those of ordinary skill in the art,
Without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to the protection model of the present invention
It encloses.Therefore, the protection domain of patent of the present invention should be determined by the appended claims.
Claims (10)
1. a kind of general-purpose rights control management method, which is characterized in that including:
Forwarding step is logged in, including:Plug-in unit is stepped on to the user that general-purpose rights management system forwards access system includes system banner
Information is recorded, the system banner is that access system is individually distributed by general-purpose rights management system, and the general-purpose rights manage system
The system banner of user login information is verified, if the system banner of user login information is verified, general power
Login result information of the management system return about user login information is limited, if the system banner verification of user login information is lost
It loses, does not then return to the login result information about user login information;
Login result obtaining step, including:Plug-in unit obtain that general-purpose rights management system returned about user login information
Login result information;
Resource shows step, including:Plug-in unit according to login result information, control in the access system with plug-in unit is associated can
Show or hide depending on changing resource;
Visualization resource refers to the resource that can be shown to user's observation.
2. general-purpose rights according to claim 1 control management method, which is characterized in that the resource shows step, tool
Body includes:
If the login result information is to indicate that general-purpose rights manage system and pass through to user login information login, accessing
Display and the associated visualization resource of plug-in unit in system;
If the login result information is to indicate that general-purpose rights manage system to user login information login failure, accessing
It is hidden and the associated visualization resource of plug-in unit in system.
3. general-purpose rights according to claim 1 control management method, which is characterized in that in the resource display step,
The show or hide in the access system with the associated visualization resource of plug-in unit is controlled by label.
4. general-purpose rights according to claim 1 control management method, which is characterized in that further include:Explain step, packet
It includes:
Plug-in unit is explained the user information verification of plug-in unit in response to access system and is called, and obtains general-purpose rights and manages system to user
The verification result of Information Authentication, and verification result is returned into access system.
5. general-purpose rights according to claim 1 control management method, which is characterized in that the login result information includes
Login status and the user role that system is managed in general-purpose rights is pre-registered, the resource shows step, specifically includes:
If the login result information is to indicate that general-purpose rights manage system and pass through to user login information login, accessing
Display is associated with plug-in unit and meets the visualization resource of user role in system;
If the login result information is to indicate that general-purpose rights manage system to user login information login failure, accessing
It is hidden and the associated visualization resource of plug-in unit in system.
6. a kind of general-purpose rights Control management system, which is characterized in that including:
Forwarding module is logged in, is used for:Plug-in unit is stepped on to the user that general-purpose rights management system forwards access system includes system banner
Information is recorded, the system banner is that access system is individually distributed by general-purpose rights management system, and the general-purpose rights manage system
The system banner of user login information is verified, if the system banner of user login information is verified, general power
Login result information of the management system return about user login information is limited, if the system banner verification of user login information is lost
It loses, does not then return to the login result information about user login information;
Login result acquisition module, is used for:Plug-in unit obtain that general-purpose rights management system returned about user login information
Login result information;
Resource display module, is used for:Plug-in unit according to login result information, control in the access system with plug-in unit is associated can
Show or hide depending on changing resource;
Visualization resource refers to the resource that can be shown to user's observation.
7. general-purpose rights Control management system according to claim 6, which is characterized in that the resource display module, tool
Body is used for:
If the login result information is to indicate that general-purpose rights manage system and pass through to user login information login, accessing
Display and the associated visualization resource of plug-in unit in system;
If the login result information is to indicate that general-purpose rights manage system to user login information login failure, accessing
It is hidden and the associated visualization resource of plug-in unit in system.
8. general-purpose rights Control management system according to claim 6, which is characterized in that in the resource display module,
The show or hide in the access system with the associated visualization resource of plug-in unit is controlled by label.
9. general-purpose rights Control management system according to claim 6, which is characterized in that further include:Module is explained, is used
In:
Plug-in unit is explained the user information verification of plug-in unit in response to access system and is called, and obtains general-purpose rights and manages system to user
The verification result of Information Authentication, and verification result is returned into access system.
10. general-purpose rights Control management system according to claim 6, which is characterized in that the login result packet
It includes login status and pre-registers the user role for managing system in general-purpose rights, the resource display module is specifically used for:
If the login result information is to indicate that general-purpose rights manage system and pass through to user login information login, accessing
Display is associated with plug-in unit and meets the visualization resource of user role in system;
If the login result information is to indicate that general-purpose rights manage system to user login information login failure, accessing
It is hidden and the associated visualization resource of plug-in unit in system.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510342201.4A CN104935599B (en) | 2015-06-18 | 2015-06-18 | A kind of general-purpose rights control management method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510342201.4A CN104935599B (en) | 2015-06-18 | 2015-06-18 | A kind of general-purpose rights control management method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104935599A CN104935599A (en) | 2015-09-23 |
CN104935599B true CN104935599B (en) | 2018-10-16 |
Family
ID=54122571
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510342201.4A Active CN104935599B (en) | 2015-06-18 | 2015-06-18 | A kind of general-purpose rights control management method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104935599B (en) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105182668A (en) * | 2015-09-18 | 2015-12-23 | 成都虹昇光电科技有限公司 | Laser projector |
CN105227551A (en) * | 2015-09-24 | 2016-01-06 | 四川长虹电器股份有限公司 | The uniform permission administration method of XBRL application platform |
CN105701415B (en) * | 2016-01-04 | 2018-10-12 | 上海斐讯数据通信技术有限公司 | A kind of mobile terminal kernel Rights Management System and method |
CN106095428A (en) * | 2016-06-07 | 2016-11-09 | 乐视控股(北京)有限公司 | The interface allocation method of a kind of cooperation channel and device |
CN106453425A (en) * | 2016-12-09 | 2017-02-22 | 郑州云海信息技术有限公司 | Multiuser right management method and multiuser right management system for using host plugin |
CN106934272B (en) * | 2017-02-09 | 2021-09-07 | 北京奇虎科技有限公司 | Application information verification method and device |
CN107707572A (en) * | 2017-11-21 | 2018-02-16 | 国云科技股份有限公司 | A kind of WEB safety access control methods of based role |
CN110276872B (en) * | 2019-06-27 | 2021-03-23 | 绿城科技产业服务集团有限公司 | Automatic access control authorization method based on face recognition |
CN113239373A (en) * | 2021-04-30 | 2021-08-10 | 中核武汉核电运行技术股份有限公司 | Authority management system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102739427A (en) * | 2011-04-15 | 2012-10-17 | 北京百度网讯科技有限公司 | Internet encyclopedia user management system, producing method thereof, and access method of applications |
CN102902916A (en) * | 2012-09-17 | 2013-01-30 | 攀枝花学院 | Authority control method universal for application programs |
CN103632082A (en) * | 2013-12-10 | 2014-03-12 | 惠州华阳通用电子有限公司 | Universal permission management system and universal permission management method |
CN103986734A (en) * | 2014-06-05 | 2014-08-13 | 东信和平科技股份有限公司 | Authentication management method and authentication management system applicable to high-security service system |
-
2015
- 2015-06-18 CN CN201510342201.4A patent/CN104935599B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102739427A (en) * | 2011-04-15 | 2012-10-17 | 北京百度网讯科技有限公司 | Internet encyclopedia user management system, producing method thereof, and access method of applications |
CN102902916A (en) * | 2012-09-17 | 2013-01-30 | 攀枝花学院 | Authority control method universal for application programs |
CN103632082A (en) * | 2013-12-10 | 2014-03-12 | 惠州华阳通用电子有限公司 | Universal permission management system and universal permission management method |
CN103986734A (en) * | 2014-06-05 | 2014-08-13 | 东信和平科技股份有限公司 | Authentication management method and authentication management system applicable to high-security service system |
Non-Patent Citations (1)
Title |
---|
基于Apache Shiro框架的通用权限设计与实现;程小恩;《企业技术开发》;20131231;第32卷(第24,27,30,33,36期);第17-18页 * |
Also Published As
Publication number | Publication date |
---|---|
CN104935599A (en) | 2015-09-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104935599B (en) | A kind of general-purpose rights control management method and system | |
CN106411857B (en) | A kind of private clound GIS service access control method based on virtual isolation mech isolation test | |
CN103327084B (en) | The cloud storage system of a kind of public and private mixed distribution formula and cloud storage method | |
CN100502307C (en) | Integrated user safety management method and device | |
CN108293045A (en) | Single-sign-on Identity Management between local and remote system | |
US8578452B2 (en) | Method for securely creating a new user identity within an existing cloud account in a cloud computing system | |
US10931608B2 (en) | Integration of chat messaging in email | |
CN105378768A (en) | Proximity and context aware mobile workspaces in enterprise systems | |
CN103152179A (en) | Uniform identity authentication method suitable for multiple application systems | |
CN109691057A (en) | Sensitive content is convertibly fetched via private contents distribution network | |
US8291214B2 (en) | Apparatus and method for secure remote processing | |
CN113360862A (en) | Unified identity authentication system, method, electronic device and storage medium | |
JP2013029994A (en) | Server apparatus, information processing method, and program | |
KR20140148441A (en) | System and method for automatic provisioning of managed devices | |
CN104283961A (en) | Community management cloud service integration platform and method | |
JPWO2014049709A1 (en) | Policy management system, ID provider system, and policy evaluation apparatus | |
CN103778379B (en) | Application in management equipment performs and data access | |
CN109462577A (en) | A kind of third party communicates the inside login system and method for SSO in time | |
CN107749862A (en) | A kind of data encryption centrally stored method, server, user terminal and system | |
CN106209735A (en) | A kind of information processing method, device and Electronic Health Record system | |
CN107749854A (en) | Client-based single-point logging method and system | |
KR20120067105A (en) | Social verification login system being possible to verify user and providing method thereof | |
CN111861383A (en) | On-line home office safety platform | |
Werner et al. | Designing suitable access control for web-connected smart home platforms | |
CN104392527B (en) | Gate inhibition current request sending method, passing control method, passing method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |