CN106254319A - A kind of light application log-in control method and device - Google Patents
A kind of light application log-in control method and device Download PDFInfo
- Publication number
- CN106254319A CN106254319A CN201610584288.0A CN201610584288A CN106254319A CN 106254319 A CN106254319 A CN 106254319A CN 201610584288 A CN201610584288 A CN 201610584288A CN 106254319 A CN106254319 A CN 106254319A
- Authority
- CN
- China
- Prior art keywords
- light application
- electronic certificate
- user
- local client
- platform server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The present invention provides a kind of light application log-in control method and device, the method includes: after receiving the first electronic certificate request message of light application, send the second electronic certificate request message to Platform Server, described second electronic certificate request message carries login identification information, the mark of described light application;Receive the response message carrying electronic certificate that described Platform Server returns;Described electronic certificate is sent to described light application.By technical scheme, potential safety hazard can be avoided, it is ensured that the safety of light application message.And after user signs in local client, avoiding the need for the participation of user, it is not necessary to user inputs information again, improves user's experience, simplifies user and processes, and user operation is easier.
Description
Technical field
The present invention relates to communication technical field, particularly relate to a kind of light application log-in control method and device.
Background technology
LAPP (Light APP, gently application) is a kind of without downloading, i.e. searching global function APP i.e., the existing this locality that matches in excellence or beauty
The Consumer's Experience of client (also referred to as local APP, Native APP), possesses again being retrieved and intelligence distribution of webpage APP
Characteristic, will effectively solve high-quality application, the problem docked with user's request of good service.User if desired uses native client
The function of end, then need to download and install this local client on the terminal device, such as wechat client, Baidu's client etc..
In contrast to this, for realizing the function of light application, it is not necessary to download on the terminal device and install light applications client, only needing
To create the shortcut icon of light application on the interface of local client, by this shortcut icon, user can visit easily
Ask light application.Such as Jingdone district in wechat client, ooze row, subscribe to number, the light application such as public number.
At present, in order to improve user's experience, simplify user and process, based on single-sign-on function, when user logs in this
During ground client, need to input the information such as username and password.After signing in local client, if user accesses local visitor
Light application in the end of family, then need not again input username and password, but directly accesses the light application in local client.
This is convenient for users to operate to a large extent, but is also introduced into the hidden danger that information security is out of control simultaneously, should for enterprise-level
For scene, this problem is the most prominent.
Summary of the invention
The present invention provides one gently to apply log-in control method, applies on local client, and described local client exists
Far-end has the Platform Server providing service for it, and described Platform Server is also the light application service that described light application is corresponding
Device provides service, and described method includes:
After received the first electronic certificate request message of described light application by application interface, to described platform service
Device sends the second electronic certificate request message, carries user at described local client in described second electronic certificate request message
On log in identification information and the mark of described light application;
Receive the response message carrying electronic certificate that described Platform Server returns;
By described application interface, described electronic certificate being sent to described light application, described electronic certificate is described gently should
Determine that described user has with server and log in the foundation of described light application permission.
The present invention provides one gently to apply log-in control method, applies on Platform Server, and described Platform Server is used
In providing service for local client, and described Platform Server also provides clothes for the light application server that described light application is corresponding
Business, described method includes:
Receive the electronic certificate from described local client and ask message, described electronic certificate request message carries use
Family logs in identification information and the mark of described light application on described local client;
Described login identification information and the mark of described light application is obtained from described electronic certificate request message, and in advance
If access control list search whether correspondence record;
If it is, determine that described user has a logon rights of described light application, and for described user generate electronics with
Card;
The first response message carrying described electronic certificate is sent to described local client, and described electronics will be carried
Second response message of voucher is sent to described light application server;Wherein, described electronic certificate is described light application server
Determine that described user has the foundation logging in described light application permission.
The present invention provides a kind of light application to log in control device, applies on local client, and described local client exists
Far-end has the Platform Server providing service for it, and described Platform Server is also the light application service that described light application is corresponding
Device provides service, and described device specifically includes:
Sending module, after asking message at the first electronic certificate being received described light application by application interface,
Send the second electronic certificate request message to described Platform Server, described second electronic certificate request message carries user and exists
Login identification information on described local client and the mark of described light application;
Receiver module, for receiving the response message carrying electronic certificate that described Platform Server returns;
Described sending module, is additionally operable to, by described application interface, described electronic certificate is sent to described light application, institute
Stating electronic certificate is that described light application server determines that described user has the foundation logging in described light application permission.
The present invention provides a kind of light application to log in control device, applies on Platform Server, and described Platform Server is used
In providing service for local client, and described Platform Server also provides clothes for the light application server that described light application is corresponding
Business, described device specifically includes:
Receiver module, asks message, the request of described electronic certificate to disappear for receiving the electronic certificate from local client
Breath carries user's login identification information on described local client and the mark of described light application;
Enquiry module, for obtaining described login identification information and described light application from described electronic certificate request message
Mark, and default access control list search whether correspondence record;
Generation module, for when there being the record of correspondence, it is determined that described user has described in described access control list
The logon rights of light application, and generate electronic certificate for described user;
Sending module, for the first response message carrying described electronic certificate is sent to described local client, and
The second response message carrying described electronic certificate is sent to described light application server;Described electronic certificate is described gently should
Determine that described user has with server and log in the foundation of described light application permission.
Based on technique scheme, in the embodiment of the present invention, for light application, it is possible to achieve following demand: not
It is logged on the light application that all users of local client can access in local client, but only specific user is
It is able to access that this is gently applied.Therefore potential safety hazard can be avoided, it is ensured that the safety of light application message.And sign in user
After local client, avoid the need for the participation of user, it is not necessary to user inputs information again, improve user's experience, simplify
User processes, and user operation is easier.
Accompanying drawing explanation
In order to the embodiment of the present invention or technical scheme of the prior art are clearly described, below will be to the present invention
In embodiment or description of the prior art, the required accompanying drawing used is briefly described, it should be apparent that, in describing below
Accompanying drawing is only some embodiments described in the present invention, for those of ordinary skill in the art, it is also possible to according to these
Accompanying drawing obtains other accompanying drawing.
Fig. 1 is the application scenarios schematic diagram in one embodiment of the present invention;
Fig. 2 is the light flow chart applying log-in control method in one embodiment of the present invention;
Fig. 3 is the light flow chart applying log-in control method in another embodiment of the present invention;
Fig. 4 is the light flow chart applying log-in control method in another embodiment of the present invention;
Fig. 5 is the hardware structure diagram of the local client in one embodiment of the present invention;
Fig. 6 is that the light application in one embodiment of the present invention logs in the structure chart controlling device;
Fig. 7 is the hardware structure diagram of the Platform Server in one embodiment of the present invention;
Fig. 8 is that the light application in one embodiment of the present invention logs in the structure chart controlling device.
Detailed description of the invention
In terminology used in the present invention merely for the sake of describing the purpose of specific embodiment, and the unrestricted present invention.This
" a kind of ", " described " and " being somebody's turn to do " of singulative used in bright and claims is also intended to include majority form, unless
Context clearly shows that other implication.It is also understood that term "and/or" used herein refers to comprise one or more
Any or all of the project of listing being associated may combination.
Although should be appreciated that in the present invention possible employing term first, second, third, etc. to describe various information, but this
A little information should not necessarily be limited by these terms.These terms are only used for same type of information is distinguished from each other out.Such as, without departing from
In the case of the scope of the invention, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as
One information.Depend on linguistic context, additionally, the word used " if " can be construed to " ... time " or " when ... "
Or " in response to determining ".
For problems of the prior art, the embodiment of the present invention proposes one and gently applies log-in control method, permissible
It is applied to include in the system of local client, Platform Server and light application server, and in local client, comprises one
Or multiple light application.As it is shown in figure 1, be embodiment of the present invention application scenarios schematic diagram, local client is arranged on terminal and sets
On standby (such as mobile terminal, PC (personal computer), panel computer etc.), and by creating one on the interface of local client
Shortcut icon, by this shortcut icon, user can access light application easily.Additionally, local client has at far-end
There is provided the Platform Server of service for it, and this Platform Server also provides service for the light application server that light application is corresponding.
Such as, local client is wechat client, and light application can be the Jingdone district in wechat client, Platform Server can be for
Wechat client provides the wechat server of service, and light application server can be Jingdone district server.
In one example, Platform Server and light application server are the servers on logical meaning, and it may be located at
On same physical server, naturally it is also possible on different physical servers.Such as, company A develops local client 1,
The light application 1 of integrated our company in local client 1, so, Platform Server and the light light application server applying 1 correspondence
1 just may be located on same physical server.On this basis, Platform Server and light application server 1 may be considered that
Being two functional modules on same physical server, Platform Server and the interaction of light application server 1, be two
The interaction of functional module.The most such as, company A develops local client 1, is integrated with the light of company B in local client 1
Application 2, so, the light application server 2 of Platform Server and light application 2 correspondences is located on different physical servers.?
On the basis of this, Platform Server and the interaction of light application server 2, for the mutual mistake between different physical servers
Journey, comparatively speaking, is a kind of remote interaction needing to cross over network.
As in figure 2 it is shown, be that the light application in an example logs in the method flow diagram controlled.
Step 201, when receiving the information such as username and password of user's input, it is allowed to user signs in native client
End.
Step 202, after signing in local client, when in user accesses local client when gently applying, the gentliest should
With receive user logging request, and to light application server send logging request.
Step 203, light application server are after receiving logging request, it is allowed to user accesses this and gently applies, to light application
Return logins successfully the page, and provides the user this service gently applied.In subsequent process, user can access and gently apply clothes
The service that business device provides.
Under aforesaid way, all users signing in local client can have access to gently should in local client
With.But along with increasing of light application type, for some light application, it is likely to be of following demand: be not to sign in this
All users of ground client, can access the light application in this local client, but only specific user can visit
Ask that this is gently applied.Obviously aforesaid way will be unable to meet this needs, thus causes potential safety hazard.Such as, in local client 1
Comprising light application 1 and light application 2, light application 1 comprises company's multidate information, and all users can access, but gently application 2 comprises
Corporate financial information, only specific user (such as accounting and leader) can access.Obviously, under aforesaid way, company personnel exists
After installing and log in local client 1, can have access to gently apply 2, thus cause the leakage of financial information.
For above-mentioned discovery, the light application that can access for all users, flow process shown in Fig. 2 is used to process,
This processing procedure repeats no more.The light application that can access for only specific user, uses technical solution of the present invention, follow-up
The light application of process each means the light application that only specific user can access.
In one example, can visit for only signing in specific user's (according to demand configuration) of local client
The light application asked, can configure the login identification information of specific user on this light application server that gently application is corresponding, and this is stepped on
Record identification information includes user name, and such as user 1, user 2 etc., it represents user 1 and the user 2 only signing in local client
It is able to access that this is gently applied.Light application server can send registration message to Platform Server, carries this in this registration message
The mark gently applied and the login identification information with all users logging in this light application permission are (such as user 1, user 2
Deng).Platform Server receives the registration message from light application server, and safeguards the mark of light application in access control list
With all users log in identification information corresponding relation, as shown in table 1, for the example of access control list.
Table 1
The mark of light application | Log in identification information |
Light application 1 | User 1, user 2 |
Light application 2 | User 10, user 11 |
Propose in the embodiment of the present invention gently applies log-in control method, applies on local client, as it is shown on figure 3,
On the basis of user signs in local client, the method comprises the following steps:
Step 301, after received this first electronic certificate request message gently applied by application interface, is taken to platform
Business device sends the second electronic certificate request message, carries user on local client in this second electronic certificate request message
Log in identification information and this mark gently applied.
Step 302, the response message carrying electronic certificate that receiving platform server returns.
Step 303, is sent to this by this application interface by this electronic certificate and gently applies.Wherein, this electronic certificate is light
Application server determines that this user has the foundation logging in this light application permission.
For step 301, in one example, when user need to access in local client when gently applying, gently apply
Logging request can be received, and after receiving logging request, be not to send logging request to light application server, but logical
Cross application interface and send the first electronic certificate request message to local client.
Local client, after receiving the first electronic certificate request message, obtains this mark gently applied and this user
Login identification information on local client, generates and comprises this mark gently applied and the second electronics of this login identification information
Request for credentials message, and send the second electronic certificate request message to Platform Server.
Platform Server receiving from local client second electronic certificate request message after, from the second electronics with
Card request message obtains the identification information that logs in and the mark of light application of user, looks in access control list (as shown in table 1)
Look for the record whether having correspondence.If it is, Platform Server determines that this user has this logon rights gently applied, and it is this use
Family generate electronic certificate, the first response message carrying this electronic certificate is sent to local client, will carry this electronics with
Second response message of card is sent to light application server.If it does not, Platform Server determines that this user does not have this and gently applies
Logon rights, refuse to generate electronic certificate for this user, the 3rd response message not carrying electronic certificate be sent to this locality
Client.
Introduced during superincumbent, meeting access control list shown in Maintenance Table 1 on Platform Server, based on
This, Platform Server can utilize the mark logging in identification information and light application to inquire about this access control list, if there being correspondence
Record, then illustrate that this user has this logon rights gently applied, without corresponding record, then illustrate that this user does not has
This logon rights gently applied.
It is that during this user generates electronic certificate, the concrete form of this electronic certificate does not limits at Platform Server
System, can be the character string being made up of random digit, numeral, character, a password etc..
For step 302, local client can receive the response carrying electronic certificate of Platform Server return and disappear
Breath, or do not carry the response message of electronic certificate.If receiving the response message carrying electronic certificate, then perform step
303, i.e. by this application interface, this electronic certificate is sent to this and gently applies.If receiving the response not carrying electronic certificate
Message, then show the login failure page on local client, or, the sound of electronic certificate will not carried by this application interface
Answer message to be sent to this gently to apply.
In one example, after local client receives the response message not carrying electronic certificate, determine and do not allow to use
Family accesses this and gently applies, and shows the login failure page on local client, to notify that user can not access this and gently apply.Base
In aforesaid way, it is not necessary to light application carries out subsequent treatment, it is possible to reduce mutual between local client and light application, it is possible to
Mutual with reduce between light application with light application server.
In one example, if electronic certificate is sent to gently apply by local client, then light application can be to gently should
The logging request carrying this electronic certificate is sent with server.Light application server, after receiving this logging request, utilizes this
Ground storage electronic certificate (i.e. Platform Server by second response message send electronic certificate) to the electronics received with
Card is made whether effectively to verify.Wherein, in proof procedure, if locally stored electronic certificate and the electronics received with
Demonstrate,prove identical, then light application server determines that the electronic certificate received is effective, it is allowed to user accesses this and gently applies, and gently applies to this
Return logins successfully the page, and provides the user this service gently applied, and in subsequent process, user can access and gently apply clothes
The service that business device provides.If locally stored electronic certificate is different from the electronic certificate received, then light application server is true
Surely the electronic certificate received is invalid, does not allow user to access this and gently applies, and gently applies the return login failure page to this, with
Notify that user can not access this and gently apply.
In one example, if the response message not carrying electronic certificate is sent to gently apply, then by local client
Light application can send the logging request not carrying electronic certificate to light application server.Light application server is stepped on receiving this
After record request, owing to not carrying electronic certificate, the most do not allow user to access this and gently apply, gently apply to this and return login failure
The page, to notify that user can not access this and gently apply.
Wherein, light application server the reason verified electronic certificate is: prevent user from forging electronic certificate, and
Sign in light application based on the electronic certificate forged, thus ensure the safety of light application.
In one example, electronic certificate is disposable electronic certificate, i.e. electronic certificate use is the most invalid.Example
As, Platform Server, after electronic certificate is sent to local client and light application server, deletes this electronic certificate.This
Ground client, after being sent to gently apply by electronic certificate, deletes this electronic certificate.Gently apply and electronic certificate is being sent to gently
After application server, delete this electronic certificate.Light application server is utilizing the locally stored electronic certificate electricity to receiving
After sub-voucher is made whether effectively to verify, if the electronic certificate received is effective, then locally stored electronic certificate is deleted
Remove.
In one example, application interface includes JavaScript interface.All light application can be carried by local client
For a JavaScript interface, being realized by JavaScript interface alternately between local client and light application.
Local client can also to all light application provide Cordova function, Cordova function provide one group device-dependent
API (Application Programming Interface, application programming interface), organizes API by this, and light application is just
Primary functions of the equipments can be accessed, such as the photographic head of terminal unit, mike etc., it is possible to obtain dependency number from terminal unit
According to, perform correlation function.
Based on technique scheme, in the embodiment of the present invention, for light application, it is possible to achieve following demand: be not
Sign in the light application that all users of local client can access in local client, but only specific user's ability
Enough access this gently to apply.Therefore potential safety hazard can be avoided, it is ensured that the safety of light application message.And sign in this user
After ground client, in this way it is no longer necessary to the participation of user, it is not necessary to user inputs information again, improve user's experience, simplify
User processes, and user operation is easier.
Propose in the embodiment of the present invention gently applies log-in control method, it is also possible to apply on Platform Server, platform
Server is for providing service for local client, and the light application server that gently application is corresponding for this provides service, such as Fig. 4 institute
Showing, the method may comprise steps of:
Step 401, receives the electronic certificate from local client and asks message, carry in this electronic certificate request message
User's identification information that logs on local client and the mark of light application.
Step 402, obtains from this electronic certificate request message and logs in identification information and the mark of light application, and presetting
Access control list search whether correspondence record;If it is, perform step 403.
Step 403, determines that user has the logon rights of light application, and generates electronic certificate for user.
Wherein, electronic certificate is that light application server determines that user has the foundation logging in light application permission.
Step 404, is sent to local client by the first response message carrying this electronic certificate, and will carry this electronics
Second response message of voucher is sent to light application server.
In one example, after default access control list searches whether the record of correspondence, if it is not, then determine
This user does not have this logon rights gently applied, and refuses to generate electronic certificate for this user, and will not carry electronic certificate
The 3rd response message be sent to local client.
Based on technique scheme, in the embodiment of the present invention, for light application, it is possible to achieve following demand: be not
Sign in the light application that all users of local client can access in local client, but only specific user's ability
Enough access this gently to apply.Therefore potential safety hazard can be avoided, it is ensured that the safety of light application message.And sign in this user
After ground client, in this way it is no longer necessary to the participation of user, it is not necessary to user inputs information again, improve user's experience, simplify
User processes, and user operation is easier.
Based on the inventive concept as said method, the embodiment of the present invention additionally provides a kind of light application and logs in control
Device, applies on local client.This gently application log in and control device and can be realized by software, it is also possible to by hardware or
The mode of person's software and hardware combining realizes.As a example by implemented in software, as the device on a logical meaning, by its place
The processor of local client, computer program instructions corresponding in reading non-volatile storage is formed.From hardware view
For, as it is shown in figure 5, the light a kind of hardware configuration applying the local client logging in control device place proposed for the present invention
Figure, in addition to the processor shown in Fig. 5, nonvolatile memory, local client may also include other hardware, such as responsible process
The forwarding chip of message, network interface, internal memory etc.;From the point of view of from hardware configuration, local client it is also possible that distributed apparatus,
Potentially include multiple interface card, in order to carry out the extension of Message processing at hardware view.
As shown in Figure 6, for the structure chart of the light application login control device that the present invention proposes, apply at local client
On, described local client far-end have for its provide service Platform Server, described Platform Server be also described gently
The light application server offer service that application is corresponding, described device specifically includes:
Sending module 11, in the first electronic certificate request message being received described light application by application interface
After, sending the second electronic certificate request message to described Platform Server, described second electronic certificate request message carries user
Login identification information on described local client and the mark of described light application;
Receiver module 12, for receiving the response message carrying electronic certificate that described Platform Server returns;
Described sending module 11, is additionally operable to, by described application interface, described electronic certificate is sent to described light application,
Described electronic certificate is that described light application server determines that described user has the foundation logging in described light application permission.
In one example, described sending module 11, it is additionally operable to sending the second electronic certificate to described Platform Server
After request message, if receiving the response message not carrying electronic certificate that described Platform Server returns, then described
The login failure page is shown on local client, or, the response message of electronic certificate will not carried by described application interface
It is sent to described light application.
Described device also includes (not shown in FIG.): removing module, for being connect by described application at described sending module
After described electronic certificate is sent to described light application by mouth, delete described electronic certificate.
Based on the inventive concept as said method, the embodiment of the present invention additionally provides a kind of light application and logs in control
Device, applies on Platform Server.This gently application log in and control device and can be realized by software, it is also possible to by hardware or
The mode of person's software and hardware combining realizes.As a example by implemented in software, as the device on a logical meaning, by its place
The processor of Platform Server, computer program instructions corresponding in reading non-volatile storage is formed.From hardware view
For, as it is shown in fig. 7, the light a kind of hardware configuration applying the Platform Server logging in control device place proposed for the present invention
Figure, in addition to the processor shown in Fig. 7, nonvolatile memory, Platform Server may also include other hardware, such as responsible process
The forwarding chip of message, network interface, internal memory etc.;From the point of view of from hardware configuration, Platform Server it is also possible that distributed apparatus,
Potentially include multiple interface card, in order to carry out the extension of Message processing at hardware view.
As shown in Figure 8, for the structure chart of the light application login control device that the present invention proposes, apply at Platform Server
On, described Platform Server is for providing service for local client, and described Platform Server is also described light application correspondence
Light application server provide service, described device specifically includes:
Receiver module 21, asks message, the request of this electronic certificate to disappear for receiving the electronic certificate from local client
Breath carries user's login identification information on described local client and the mark of described light application;
Enquiry module 22, for obtaining described login identification information and described gently should from described electronic certificate request message
Mark, and default access control list search whether correspondence record;
Generation module 23, for when there being the record of correspondence, it is determined that described user has institute in described access control list
State the logon rights of light application, and generate electronic certificate for described user;
Sending module 24, for the first response message carrying described electronic certificate is sent to described local client,
And the second response message carrying described electronic certificate is sent to described light application server;Described electronic certificate be described gently
Application server determines that described user has the foundation logging in described light application permission.
Described generation module 23, is additionally operable to when not having the record of correspondence in described access control list, it is determined that described use
Family does not have the logon rights of described light application, and refuses to generate electronic certificate for described user;
Described sending module 24, is additionally operable to the 3rd response message not carrying electronic certificate is sent to described native client
End.
Described receiver module 21, is additionally operable to receive the registration message from described light application server, described registration message
In carry the mark of described light application and there is the login identification information of all users logging in described light application permission;Institute
State the corresponding relation logging in identification information of mark and the described all users safeguarding described light application in access control list.
Described device also includes (not shown in FIG.): removing module, for carrying described electronics at described sending module
First response message of voucher is sent to described local client, and is sent by the second response message carrying described electronic certificate
After described light application server, delete described electronic certificate.
Through the above description of the embodiments, those skilled in the art is it can be understood that can be by the present invention
Software adds the mode of required general hardware platform and realizes, naturally it is also possible to by hardware, but a lot of in the case of the former is more
Good embodiment.Based on such understanding, prior art is contributed by technical scheme the most in other words
Part can embody with the form of software product, and this computer software product is stored in a storage medium, if including
Dry instruction is with so that a computer equipment (can be personal computer, server, or the network equipment etc.) performs this
Method described in each embodiment bright.It will be appreciated by those skilled in the art that accompanying drawing is the schematic diagram of a preferred embodiment,
Module or flow process in accompanying drawing are not necessarily implemented necessary to the present invention.
It will be appreciated by those skilled in the art that the module in the device in embodiment can describe according to embodiment to carry out point
It is distributed in the device of embodiment, it is also possible to carry out respective change and be disposed other than in one or more devices of the present embodiment.On
The module stating embodiment can merge into a module, it is possible to is further split into multiple submodule.The invention described above embodiment
Sequence number, just to describing, does not represent the quality of embodiment.
The several specific embodiments being only the present invention disclosed above, but, the present invention is not limited to this, any ability
What the technical staff in territory can think change all should fall into protection scope of the present invention.
Claims (14)
1. a light application log-in control method, applies on local client, it is characterised in that described local client is far
End has the Platform Server providing service for it, and described Platform Server is also the light application server that described light application is corresponding
Thering is provided service, described method includes:
After received the first electronic certificate request message of described light application by application interface, send out to described Platform Server
Send the second electronic certificate request message, described second electronic certificate request message carries user on described local client
Log in identification information and the mark of described light application;
Receive the response message carrying electronic certificate that described Platform Server returns;
By described application interface, described electronic certificate being sent to described light application, described electronic certificate is described light application clothes
Business device determines that described user has the foundation logging in described light application permission.
Method the most according to claim 1, it is characterised in that described send the second electronic certificate to described Platform Server
After request message, described method also includes:
If receiving the response message not carrying electronic certificate that described Platform Server returns, then at described local client
The upper display login failure page, or, the response message not carrying electronic certificate is sent to described by described application interface
Light application.
Method the most according to claim 1 and 2, it is characterised in that described by described application interface by described electronics with
After card is sent to described light application, described method also includes:
Delete described electronic certificate.
4. a light application log-in control method, applies on Platform Server, it is characterised in that described Platform Server is used for
There is provided service for local client, and described Platform Server also provides clothes for the light application server that described light application is corresponding
Business, described method includes:
Receive the electronic certificate from described local client and ask message, described electronic certificate request message carries user and exists
Login identification information on described local client and the mark of described light application;
Described login identification information and the mark of described light application is obtained from described electronic certificate request message, and default
Access control list searches whether the record of correspondence;
If it is, determine that described user has the logon rights of described light application, and generate electronic certificate for described user;
The first response message carrying described electronic certificate is sent to described local client, and described electronic certificate will be carried
The second response message be sent to described light application server;Wherein, described electronic certificate is that described light application server determines
Described user has the foundation logging in described light application permission.
Method the most according to claim 4, it is characterised in that described searched whether correspondence in default access control list
Record after, described method also includes:
If it does not, determine that described user does not have a logon rights of described light application, and refuse for described user generate electronics with
Card, and the 3rd response message not carrying electronic certificate is sent to described local client.
6. according to the method described in claim 4 or 5, it is characterised in that described method also includes:
Receive from the registration message of described light application server, described registration message carries described light application mark and
There is the login identification information of all users logging in described light application permission;Described access control list is safeguarded and described gently should
Mark with described all users log in identification information corresponding relation.
7. according to the method described in claim 4 or 5, it is characterised in that described the first of the described electronic certificate that will carry responds
Message is sent to described local client, and the second response message carrying described electronic certificate is sent to described light application clothes
After business device, described method also includes:
Delete described electronic certificate.
8. light application logs in and controls a device, applies on local client, it is characterised in that described local client is far
End has the Platform Server providing service for it, and described Platform Server is also the light application server that described light application is corresponding
Thering is provided service, described device specifically includes:
Sending module, for after receiving the first electronic certificate request message of described light application, to institute by application interface
State Platform Server and send the second electronic certificate request message, described second electronic certificate request message carries user described
Login identification information on local client and the mark of described light application;
Receiver module, for receiving the response message carrying electronic certificate that described Platform Server returns;
Described sending module, is additionally operable to, by described application interface, described electronic certificate is sent to described light application, described electricity
Sub-voucher is that described light application server determines that described user has the foundation logging in described light application permission.
Device the most according to claim 8, it is characterised in that
Described sending module, is additionally operable to after sending the second electronic certificate request message to described Platform Server, if connect
Receive the response message not carrying electronic certificate that described Platform Server returns, then on described local client, show login
Failure page, or, by described application interface, the response message not carrying electronic certificate is sent to described light application.
Device the most according to claim 8 or claim 9, it is characterised in that also include:
Removing module, for being sent to described light application at described sending module by described application interface by described electronic certificate
Afterwards, described electronic certificate is deleted.
11. 1 kinds of light application log in and control device, apply on Platform Server, it is characterised in that described Platform Server is used
In providing service for local client, and described Platform Server also provides clothes for the light application server that described light application is corresponding
Business, described device specifically includes:
Receiver module, asks message, described electronic certificate request message to be taken for receiving the electronic certificate from local client
On described local client, identification information and the mark of described light application is logged in user;
Enquiry module, for obtaining described login identification information and the mark of described light application from described electronic certificate request message
Know, and search whether the record of correspondence in default access control list;
Generation module, for when there being the record of correspondence in described access control list, it is determined that described user has described gently should
Logon rights, and generate electronic certificate for described user;
Sending module, for the first response message carrying described electronic certificate is sent to described local client, and will take
The second response message with described electronic certificate is sent to described light application server;Described electronic certificate is described light application clothes
Business device determines that described user has the foundation logging in described light application permission.
12. devices according to claim 11, it is characterised in that
Described generation module, is additionally operable to when not having the record of correspondence in described access control list, it is determined that described user does not has
There is the logon rights of described light application, and refuse to generate electronic certificate for described user;
Described sending module, is additionally operable to the 3rd response message not carrying electronic certificate is sent to described local client.
13. according to the device described in claim 11 or 12, it is characterised in that
Described receiver module, is additionally operable to receive the registration message from described light application server, carries in described registration message
The mark of described light application and there is the login identification information of all users logging in described light application permission;In described access
Control table is safeguarded the mark of described light application and the corresponding relation logging in identification information of described all users.
14. according to the device described in claim 11 or 12, it is characterised in that also include:
Removing module, for being sent to described this locality at described sending module by the first response message carrying described electronic certificate
Client, and after the second response message carrying described electronic certificate is sent to described light application server, delete described
Electronic certificate.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610584288.0A CN106254319B (en) | 2016-07-22 | 2016-07-22 | Light application login control method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610584288.0A CN106254319B (en) | 2016-07-22 | 2016-07-22 | Light application login control method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106254319A true CN106254319A (en) | 2016-12-21 |
CN106254319B CN106254319B (en) | 2020-01-03 |
Family
ID=57603699
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610584288.0A Active CN106254319B (en) | 2016-07-22 | 2016-07-22 | Light application login control method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106254319B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107483509A (en) * | 2017-10-09 | 2017-12-15 | 武汉斗鱼网络科技有限公司 | A kind of auth method, server and readable storage medium storing program for executing |
CN110247938A (en) * | 2018-03-08 | 2019-09-17 | 中国移动通信集团有限公司 | A kind of method of application management, equipment and computer storage medium |
CN111526111A (en) * | 2019-02-02 | 2020-08-11 | 腾讯科技(深圳)有限公司 | Control method, device and equipment for logging in light application and computer storage medium |
CN113179254A (en) * | 2021-04-01 | 2021-07-27 | 杭州数跑科技有限公司 | System login method and device, electronic equipment and storage medium |
CN113722693A (en) * | 2021-09-09 | 2021-11-30 | 国网福建省电力有限公司漳州供电公司 | RPA platform login method, system, device and storage medium based on biological recognition |
CN114844671A (en) * | 2022-03-21 | 2022-08-02 | 云控智行科技有限公司 | Data access method, device and equipment |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102739708B (en) * | 2011-04-07 | 2015-02-04 | 腾讯科技(深圳)有限公司 | System and method for accessing third party application based on cloud platform |
CN104660566A (en) * | 2013-11-22 | 2015-05-27 | 中国电信股份有限公司 | Method and system applied to authentication control |
CN105282126A (en) * | 2014-07-24 | 2016-01-27 | 腾讯科技(北京)有限公司 | Login authentication method, terminal and server |
CN103051630B (en) * | 2012-12-21 | 2016-01-27 | 微梦创科网络科技(中国)有限公司 | Method, the Apparatus and system of third-party application mandate is realized based on open platform |
CN105763547A (en) * | 2016-02-04 | 2016-07-13 | 中国联合网络通信集团有限公司 | Third-party authorization method and third-party authorization system |
CN105791249A (en) * | 2014-12-26 | 2016-07-20 | 深圳云之家网络有限公司 | Third-party application processing method, device and system |
-
2016
- 2016-07-22 CN CN201610584288.0A patent/CN106254319B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102739708B (en) * | 2011-04-07 | 2015-02-04 | 腾讯科技(深圳)有限公司 | System and method for accessing third party application based on cloud platform |
CN103051630B (en) * | 2012-12-21 | 2016-01-27 | 微梦创科网络科技(中国)有限公司 | Method, the Apparatus and system of third-party application mandate is realized based on open platform |
CN104660566A (en) * | 2013-11-22 | 2015-05-27 | 中国电信股份有限公司 | Method and system applied to authentication control |
CN105282126A (en) * | 2014-07-24 | 2016-01-27 | 腾讯科技(北京)有限公司 | Login authentication method, terminal and server |
CN105791249A (en) * | 2014-12-26 | 2016-07-20 | 深圳云之家网络有限公司 | Third-party application processing method, device and system |
CN105763547A (en) * | 2016-02-04 | 2016-07-13 | 中国联合网络通信集团有限公司 | Third-party authorization method and third-party authorization system |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107483509A (en) * | 2017-10-09 | 2017-12-15 | 武汉斗鱼网络科技有限公司 | A kind of auth method, server and readable storage medium storing program for executing |
CN107483509B (en) * | 2017-10-09 | 2019-12-03 | 武汉斗鱼网络科技有限公司 | A kind of auth method, server and readable storage medium storing program for executing |
CN110247938A (en) * | 2018-03-08 | 2019-09-17 | 中国移动通信集团有限公司 | A kind of method of application management, equipment and computer storage medium |
CN111526111A (en) * | 2019-02-02 | 2020-08-11 | 腾讯科技(深圳)有限公司 | Control method, device and equipment for logging in light application and computer storage medium |
CN113179254A (en) * | 2021-04-01 | 2021-07-27 | 杭州数跑科技有限公司 | System login method and device, electronic equipment and storage medium |
CN113722693A (en) * | 2021-09-09 | 2021-11-30 | 国网福建省电力有限公司漳州供电公司 | RPA platform login method, system, device and storage medium based on biological recognition |
CN114844671A (en) * | 2022-03-21 | 2022-08-02 | 云控智行科技有限公司 | Data access method, device and equipment |
Also Published As
Publication number | Publication date |
---|---|
CN106254319B (en) | 2020-01-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106254319A (en) | A kind of light application log-in control method and device | |
CN103249045B (en) | A kind of methods, devices and systems of identification | |
CN108632253B (en) | Client data security access method and device based on mobile terminal | |
CN108293045A (en) | Single-sign-on Identity Management between local and remote system | |
CN113079134B (en) | Mobile terminal access method, mobile terminal access device, computer equipment and medium | |
US20180227296A1 (en) | Authentication on thin clients using independent devices | |
CN110730153A (en) | Account configuration method, device and system of cloud equipment and data processing method | |
US11063942B2 (en) | Enhanced authentication method using dynamic geographical location information | |
CN106470145B (en) | Instant messaging method and device | |
CN103916637A (en) | Method and device for safely sharing monitoring front end device | |
CN104168304A (en) | System and method for single-sign-on in virtual desktop infrastructure environment | |
US9819669B1 (en) | Identity migration between organizations | |
CN105099986A (en) | Network game data sharing method and server | |
CN106301772A (en) | Cipher set-up method, device and for arranging the device of password | |
CN105228149A (en) | Access point method of attachment, device and access point | |
CN103929482A (en) | Method and device for safely having access to monitoring front-end device | |
US10505784B2 (en) | Techniques for accessing logical networks via a virtualized gateway | |
CN108135026A (en) | Wi-Fi connection method, computer equipment and storage medium | |
CN104767621A (en) | Single-point security certification method for having access to enterprise data through mobile application | |
CN113055185A (en) | Token-based authentication method and device, storage medium and electronic device | |
CN106254328A (en) | A kind of access control method and device | |
CN104065674A (en) | Terminal device and information processing method | |
US9886572B2 (en) | Lie vault | |
KR102393500B1 (en) | Login system and authentication method | |
CN102137045A (en) | Method and system for implementing group information interaction on community platform |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant after: Xinhua three Technology Co., Ltd. Address before: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant before: Huasan Communication Technology Co., Ltd. |
|
CB02 | Change of applicant information | ||
GR01 | Patent grant | ||
GR01 | Patent grant |