CN106254319A - A kind of light application log-in control method and device - Google Patents

A kind of light application log-in control method and device Download PDF

Info

Publication number
CN106254319A
CN106254319A CN201610584288.0A CN201610584288A CN106254319A CN 106254319 A CN106254319 A CN 106254319A CN 201610584288 A CN201610584288 A CN 201610584288A CN 106254319 A CN106254319 A CN 106254319A
Authority
CN
China
Prior art keywords
light application
electronic certificate
user
local client
platform server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610584288.0A
Other languages
Chinese (zh)
Other versions
CN106254319B (en
Inventor
孙文武
王洪彬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou H3C Technologies Co Ltd
Original Assignee
Hangzhou H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou H3C Technologies Co Ltd filed Critical Hangzhou H3C Technologies Co Ltd
Priority to CN201610584288.0A priority Critical patent/CN106254319B/en
Publication of CN106254319A publication Critical patent/CN106254319A/en
Application granted granted Critical
Publication of CN106254319B publication Critical patent/CN106254319B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present invention provides a kind of light application log-in control method and device, the method includes: after receiving the first electronic certificate request message of light application, send the second electronic certificate request message to Platform Server, described second electronic certificate request message carries login identification information, the mark of described light application;Receive the response message carrying electronic certificate that described Platform Server returns;Described electronic certificate is sent to described light application.By technical scheme, potential safety hazard can be avoided, it is ensured that the safety of light application message.And after user signs in local client, avoiding the need for the participation of user, it is not necessary to user inputs information again, improves user's experience, simplifies user and processes, and user operation is easier.

Description

A kind of light application log-in control method and device
Technical field
The present invention relates to communication technical field, particularly relate to a kind of light application log-in control method and device.
Background technology
LAPP (Light APP, gently application) is a kind of without downloading, i.e. searching global function APP i.e., the existing this locality that matches in excellence or beauty The Consumer's Experience of client (also referred to as local APP, Native APP), possesses again being retrieved and intelligence distribution of webpage APP Characteristic, will effectively solve high-quality application, the problem docked with user's request of good service.User if desired uses native client The function of end, then need to download and install this local client on the terminal device, such as wechat client, Baidu's client etc.. In contrast to this, for realizing the function of light application, it is not necessary to download on the terminal device and install light applications client, only needing To create the shortcut icon of light application on the interface of local client, by this shortcut icon, user can visit easily Ask light application.Such as Jingdone district in wechat client, ooze row, subscribe to number, the light application such as public number.
At present, in order to improve user's experience, simplify user and process, based on single-sign-on function, when user logs in this During ground client, need to input the information such as username and password.After signing in local client, if user accesses local visitor Light application in the end of family, then need not again input username and password, but directly accesses the light application in local client. This is convenient for users to operate to a large extent, but is also introduced into the hidden danger that information security is out of control simultaneously, should for enterprise-level For scene, this problem is the most prominent.
Summary of the invention
The present invention provides one gently to apply log-in control method, applies on local client, and described local client exists Far-end has the Platform Server providing service for it, and described Platform Server is also the light application service that described light application is corresponding Device provides service, and described method includes:
After received the first electronic certificate request message of described light application by application interface, to described platform service Device sends the second electronic certificate request message, carries user at described local client in described second electronic certificate request message On log in identification information and the mark of described light application;
Receive the response message carrying electronic certificate that described Platform Server returns;
By described application interface, described electronic certificate being sent to described light application, described electronic certificate is described gently should Determine that described user has with server and log in the foundation of described light application permission.
The present invention provides one gently to apply log-in control method, applies on Platform Server, and described Platform Server is used In providing service for local client, and described Platform Server also provides clothes for the light application server that described light application is corresponding Business, described method includes:
Receive the electronic certificate from described local client and ask message, described electronic certificate request message carries use Family logs in identification information and the mark of described light application on described local client;
Described login identification information and the mark of described light application is obtained from described electronic certificate request message, and in advance If access control list search whether correspondence record;
If it is, determine that described user has a logon rights of described light application, and for described user generate electronics with Card;
The first response message carrying described electronic certificate is sent to described local client, and described electronics will be carried Second response message of voucher is sent to described light application server;Wherein, described electronic certificate is described light application server Determine that described user has the foundation logging in described light application permission.
The present invention provides a kind of light application to log in control device, applies on local client, and described local client exists Far-end has the Platform Server providing service for it, and described Platform Server is also the light application service that described light application is corresponding Device provides service, and described device specifically includes:
Sending module, after asking message at the first electronic certificate being received described light application by application interface, Send the second electronic certificate request message to described Platform Server, described second electronic certificate request message carries user and exists Login identification information on described local client and the mark of described light application;
Receiver module, for receiving the response message carrying electronic certificate that described Platform Server returns;
Described sending module, is additionally operable to, by described application interface, described electronic certificate is sent to described light application, institute Stating electronic certificate is that described light application server determines that described user has the foundation logging in described light application permission.
The present invention provides a kind of light application to log in control device, applies on Platform Server, and described Platform Server is used In providing service for local client, and described Platform Server also provides clothes for the light application server that described light application is corresponding Business, described device specifically includes:
Receiver module, asks message, the request of described electronic certificate to disappear for receiving the electronic certificate from local client Breath carries user's login identification information on described local client and the mark of described light application;
Enquiry module, for obtaining described login identification information and described light application from described electronic certificate request message Mark, and default access control list search whether correspondence record;
Generation module, for when there being the record of correspondence, it is determined that described user has described in described access control list The logon rights of light application, and generate electronic certificate for described user;
Sending module, for the first response message carrying described electronic certificate is sent to described local client, and The second response message carrying described electronic certificate is sent to described light application server;Described electronic certificate is described gently should Determine that described user has with server and log in the foundation of described light application permission.
Based on technique scheme, in the embodiment of the present invention, for light application, it is possible to achieve following demand: not It is logged on the light application that all users of local client can access in local client, but only specific user is It is able to access that this is gently applied.Therefore potential safety hazard can be avoided, it is ensured that the safety of light application message.And sign in user After local client, avoid the need for the participation of user, it is not necessary to user inputs information again, improve user's experience, simplify User processes, and user operation is easier.
Accompanying drawing explanation
In order to the embodiment of the present invention or technical scheme of the prior art are clearly described, below will be to the present invention In embodiment or description of the prior art, the required accompanying drawing used is briefly described, it should be apparent that, in describing below Accompanying drawing is only some embodiments described in the present invention, for those of ordinary skill in the art, it is also possible to according to these Accompanying drawing obtains other accompanying drawing.
Fig. 1 is the application scenarios schematic diagram in one embodiment of the present invention;
Fig. 2 is the light flow chart applying log-in control method in one embodiment of the present invention;
Fig. 3 is the light flow chart applying log-in control method in another embodiment of the present invention;
Fig. 4 is the light flow chart applying log-in control method in another embodiment of the present invention;
Fig. 5 is the hardware structure diagram of the local client in one embodiment of the present invention;
Fig. 6 is that the light application in one embodiment of the present invention logs in the structure chart controlling device;
Fig. 7 is the hardware structure diagram of the Platform Server in one embodiment of the present invention;
Fig. 8 is that the light application in one embodiment of the present invention logs in the structure chart controlling device.
Detailed description of the invention
In terminology used in the present invention merely for the sake of describing the purpose of specific embodiment, and the unrestricted present invention.This " a kind of ", " described " and " being somebody's turn to do " of singulative used in bright and claims is also intended to include majority form, unless Context clearly shows that other implication.It is also understood that term "and/or" used herein refers to comprise one or more Any or all of the project of listing being associated may combination.
Although should be appreciated that in the present invention possible employing term first, second, third, etc. to describe various information, but this A little information should not necessarily be limited by these terms.These terms are only used for same type of information is distinguished from each other out.Such as, without departing from In the case of the scope of the invention, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as One information.Depend on linguistic context, additionally, the word used " if " can be construed to " ... time " or " when ... " Or " in response to determining ".
For problems of the prior art, the embodiment of the present invention proposes one and gently applies log-in control method, permissible It is applied to include in the system of local client, Platform Server and light application server, and in local client, comprises one Or multiple light application.As it is shown in figure 1, be embodiment of the present invention application scenarios schematic diagram, local client is arranged on terminal and sets On standby (such as mobile terminal, PC (personal computer), panel computer etc.), and by creating one on the interface of local client Shortcut icon, by this shortcut icon, user can access light application easily.Additionally, local client has at far-end There is provided the Platform Server of service for it, and this Platform Server also provides service for the light application server that light application is corresponding. Such as, local client is wechat client, and light application can be the Jingdone district in wechat client, Platform Server can be for Wechat client provides the wechat server of service, and light application server can be Jingdone district server.
In one example, Platform Server and light application server are the servers on logical meaning, and it may be located at On same physical server, naturally it is also possible on different physical servers.Such as, company A develops local client 1, The light application 1 of integrated our company in local client 1, so, Platform Server and the light light application server applying 1 correspondence 1 just may be located on same physical server.On this basis, Platform Server and light application server 1 may be considered that Being two functional modules on same physical server, Platform Server and the interaction of light application server 1, be two The interaction of functional module.The most such as, company A develops local client 1, is integrated with the light of company B in local client 1 Application 2, so, the light application server 2 of Platform Server and light application 2 correspondences is located on different physical servers.? On the basis of this, Platform Server and the interaction of light application server 2, for the mutual mistake between different physical servers Journey, comparatively speaking, is a kind of remote interaction needing to cross over network.
As in figure 2 it is shown, be that the light application in an example logs in the method flow diagram controlled.
Step 201, when receiving the information such as username and password of user's input, it is allowed to user signs in native client End.
Step 202, after signing in local client, when in user accesses local client when gently applying, the gentliest should With receive user logging request, and to light application server send logging request.
Step 203, light application server are after receiving logging request, it is allowed to user accesses this and gently applies, to light application Return logins successfully the page, and provides the user this service gently applied.In subsequent process, user can access and gently apply clothes The service that business device provides.
Under aforesaid way, all users signing in local client can have access to gently should in local client With.But along with increasing of light application type, for some light application, it is likely to be of following demand: be not to sign in this All users of ground client, can access the light application in this local client, but only specific user can visit Ask that this is gently applied.Obviously aforesaid way will be unable to meet this needs, thus causes potential safety hazard.Such as, in local client 1 Comprising light application 1 and light application 2, light application 1 comprises company's multidate information, and all users can access, but gently application 2 comprises Corporate financial information, only specific user (such as accounting and leader) can access.Obviously, under aforesaid way, company personnel exists After installing and log in local client 1, can have access to gently apply 2, thus cause the leakage of financial information.
For above-mentioned discovery, the light application that can access for all users, flow process shown in Fig. 2 is used to process, This processing procedure repeats no more.The light application that can access for only specific user, uses technical solution of the present invention, follow-up The light application of process each means the light application that only specific user can access.
In one example, can visit for only signing in specific user's (according to demand configuration) of local client The light application asked, can configure the login identification information of specific user on this light application server that gently application is corresponding, and this is stepped on Record identification information includes user name, and such as user 1, user 2 etc., it represents user 1 and the user 2 only signing in local client It is able to access that this is gently applied.Light application server can send registration message to Platform Server, carries this in this registration message The mark gently applied and the login identification information with all users logging in this light application permission are (such as user 1, user 2 Deng).Platform Server receives the registration message from light application server, and safeguards the mark of light application in access control list With all users log in identification information corresponding relation, as shown in table 1, for the example of access control list.
Table 1
The mark of light application Log in identification information
Light application 1 User 1, user 2
Light application 2 User 10, user 11
Propose in the embodiment of the present invention gently applies log-in control method, applies on local client, as it is shown on figure 3, On the basis of user signs in local client, the method comprises the following steps:
Step 301, after received this first electronic certificate request message gently applied by application interface, is taken to platform Business device sends the second electronic certificate request message, carries user on local client in this second electronic certificate request message Log in identification information and this mark gently applied.
Step 302, the response message carrying electronic certificate that receiving platform server returns.
Step 303, is sent to this by this application interface by this electronic certificate and gently applies.Wherein, this electronic certificate is light Application server determines that this user has the foundation logging in this light application permission.
For step 301, in one example, when user need to access in local client when gently applying, gently apply Logging request can be received, and after receiving logging request, be not to send logging request to light application server, but logical Cross application interface and send the first electronic certificate request message to local client.
Local client, after receiving the first electronic certificate request message, obtains this mark gently applied and this user Login identification information on local client, generates and comprises this mark gently applied and the second electronics of this login identification information Request for credentials message, and send the second electronic certificate request message to Platform Server.
Platform Server receiving from local client second electronic certificate request message after, from the second electronics with Card request message obtains the identification information that logs in and the mark of light application of user, looks in access control list (as shown in table 1) Look for the record whether having correspondence.If it is, Platform Server determines that this user has this logon rights gently applied, and it is this use Family generate electronic certificate, the first response message carrying this electronic certificate is sent to local client, will carry this electronics with Second response message of card is sent to light application server.If it does not, Platform Server determines that this user does not have this and gently applies Logon rights, refuse to generate electronic certificate for this user, the 3rd response message not carrying electronic certificate be sent to this locality Client.
Introduced during superincumbent, meeting access control list shown in Maintenance Table 1 on Platform Server, based on This, Platform Server can utilize the mark logging in identification information and light application to inquire about this access control list, if there being correspondence Record, then illustrate that this user has this logon rights gently applied, without corresponding record, then illustrate that this user does not has This logon rights gently applied.
It is that during this user generates electronic certificate, the concrete form of this electronic certificate does not limits at Platform Server System, can be the character string being made up of random digit, numeral, character, a password etc..
For step 302, local client can receive the response carrying electronic certificate of Platform Server return and disappear Breath, or do not carry the response message of electronic certificate.If receiving the response message carrying electronic certificate, then perform step 303, i.e. by this application interface, this electronic certificate is sent to this and gently applies.If receiving the response not carrying electronic certificate Message, then show the login failure page on local client, or, the sound of electronic certificate will not carried by this application interface Answer message to be sent to this gently to apply.
In one example, after local client receives the response message not carrying electronic certificate, determine and do not allow to use Family accesses this and gently applies, and shows the login failure page on local client, to notify that user can not access this and gently apply.Base In aforesaid way, it is not necessary to light application carries out subsequent treatment, it is possible to reduce mutual between local client and light application, it is possible to Mutual with reduce between light application with light application server.
In one example, if electronic certificate is sent to gently apply by local client, then light application can be to gently should The logging request carrying this electronic certificate is sent with server.Light application server, after receiving this logging request, utilizes this Ground storage electronic certificate (i.e. Platform Server by second response message send electronic certificate) to the electronics received with Card is made whether effectively to verify.Wherein, in proof procedure, if locally stored electronic certificate and the electronics received with Demonstrate,prove identical, then light application server determines that the electronic certificate received is effective, it is allowed to user accesses this and gently applies, and gently applies to this Return logins successfully the page, and provides the user this service gently applied, and in subsequent process, user can access and gently apply clothes The service that business device provides.If locally stored electronic certificate is different from the electronic certificate received, then light application server is true Surely the electronic certificate received is invalid, does not allow user to access this and gently applies, and gently applies the return login failure page to this, with Notify that user can not access this and gently apply.
In one example, if the response message not carrying electronic certificate is sent to gently apply, then by local client Light application can send the logging request not carrying electronic certificate to light application server.Light application server is stepped on receiving this After record request, owing to not carrying electronic certificate, the most do not allow user to access this and gently apply, gently apply to this and return login failure The page, to notify that user can not access this and gently apply.
Wherein, light application server the reason verified electronic certificate is: prevent user from forging electronic certificate, and Sign in light application based on the electronic certificate forged, thus ensure the safety of light application.
In one example, electronic certificate is disposable electronic certificate, i.e. electronic certificate use is the most invalid.Example As, Platform Server, after electronic certificate is sent to local client and light application server, deletes this electronic certificate.This Ground client, after being sent to gently apply by electronic certificate, deletes this electronic certificate.Gently apply and electronic certificate is being sent to gently After application server, delete this electronic certificate.Light application server is utilizing the locally stored electronic certificate electricity to receiving After sub-voucher is made whether effectively to verify, if the electronic certificate received is effective, then locally stored electronic certificate is deleted Remove.
In one example, application interface includes JavaScript interface.All light application can be carried by local client For a JavaScript interface, being realized by JavaScript interface alternately between local client and light application. Local client can also to all light application provide Cordova function, Cordova function provide one group device-dependent API (Application Programming Interface, application programming interface), organizes API by this, and light application is just Primary functions of the equipments can be accessed, such as the photographic head of terminal unit, mike etc., it is possible to obtain dependency number from terminal unit According to, perform correlation function.
Based on technique scheme, in the embodiment of the present invention, for light application, it is possible to achieve following demand: be not Sign in the light application that all users of local client can access in local client, but only specific user's ability Enough access this gently to apply.Therefore potential safety hazard can be avoided, it is ensured that the safety of light application message.And sign in this user After ground client, in this way it is no longer necessary to the participation of user, it is not necessary to user inputs information again, improve user's experience, simplify User processes, and user operation is easier.
Propose in the embodiment of the present invention gently applies log-in control method, it is also possible to apply on Platform Server, platform Server is for providing service for local client, and the light application server that gently application is corresponding for this provides service, such as Fig. 4 institute Showing, the method may comprise steps of:
Step 401, receives the electronic certificate from local client and asks message, carry in this electronic certificate request message User's identification information that logs on local client and the mark of light application.
Step 402, obtains from this electronic certificate request message and logs in identification information and the mark of light application, and presetting Access control list search whether correspondence record;If it is, perform step 403.
Step 403, determines that user has the logon rights of light application, and generates electronic certificate for user.
Wherein, electronic certificate is that light application server determines that user has the foundation logging in light application permission.
Step 404, is sent to local client by the first response message carrying this electronic certificate, and will carry this electronics Second response message of voucher is sent to light application server.
In one example, after default access control list searches whether the record of correspondence, if it is not, then determine This user does not have this logon rights gently applied, and refuses to generate electronic certificate for this user, and will not carry electronic certificate The 3rd response message be sent to local client.
Based on technique scheme, in the embodiment of the present invention, for light application, it is possible to achieve following demand: be not Sign in the light application that all users of local client can access in local client, but only specific user's ability Enough access this gently to apply.Therefore potential safety hazard can be avoided, it is ensured that the safety of light application message.And sign in this user After ground client, in this way it is no longer necessary to the participation of user, it is not necessary to user inputs information again, improve user's experience, simplify User processes, and user operation is easier.
Based on the inventive concept as said method, the embodiment of the present invention additionally provides a kind of light application and logs in control Device, applies on local client.This gently application log in and control device and can be realized by software, it is also possible to by hardware or The mode of person's software and hardware combining realizes.As a example by implemented in software, as the device on a logical meaning, by its place The processor of local client, computer program instructions corresponding in reading non-volatile storage is formed.From hardware view For, as it is shown in figure 5, the light a kind of hardware configuration applying the local client logging in control device place proposed for the present invention Figure, in addition to the processor shown in Fig. 5, nonvolatile memory, local client may also include other hardware, such as responsible process The forwarding chip of message, network interface, internal memory etc.;From the point of view of from hardware configuration, local client it is also possible that distributed apparatus, Potentially include multiple interface card, in order to carry out the extension of Message processing at hardware view.
As shown in Figure 6, for the structure chart of the light application login control device that the present invention proposes, apply at local client On, described local client far-end have for its provide service Platform Server, described Platform Server be also described gently The light application server offer service that application is corresponding, described device specifically includes:
Sending module 11, in the first electronic certificate request message being received described light application by application interface After, sending the second electronic certificate request message to described Platform Server, described second electronic certificate request message carries user Login identification information on described local client and the mark of described light application;
Receiver module 12, for receiving the response message carrying electronic certificate that described Platform Server returns;
Described sending module 11, is additionally operable to, by described application interface, described electronic certificate is sent to described light application, Described electronic certificate is that described light application server determines that described user has the foundation logging in described light application permission.
In one example, described sending module 11, it is additionally operable to sending the second electronic certificate to described Platform Server After request message, if receiving the response message not carrying electronic certificate that described Platform Server returns, then described The login failure page is shown on local client, or, the response message of electronic certificate will not carried by described application interface It is sent to described light application.
Described device also includes (not shown in FIG.): removing module, for being connect by described application at described sending module After described electronic certificate is sent to described light application by mouth, delete described electronic certificate.
Based on the inventive concept as said method, the embodiment of the present invention additionally provides a kind of light application and logs in control Device, applies on Platform Server.This gently application log in and control device and can be realized by software, it is also possible to by hardware or The mode of person's software and hardware combining realizes.As a example by implemented in software, as the device on a logical meaning, by its place The processor of Platform Server, computer program instructions corresponding in reading non-volatile storage is formed.From hardware view For, as it is shown in fig. 7, the light a kind of hardware configuration applying the Platform Server logging in control device place proposed for the present invention Figure, in addition to the processor shown in Fig. 7, nonvolatile memory, Platform Server may also include other hardware, such as responsible process The forwarding chip of message, network interface, internal memory etc.;From the point of view of from hardware configuration, Platform Server it is also possible that distributed apparatus, Potentially include multiple interface card, in order to carry out the extension of Message processing at hardware view.
As shown in Figure 8, for the structure chart of the light application login control device that the present invention proposes, apply at Platform Server On, described Platform Server is for providing service for local client, and described Platform Server is also described light application correspondence Light application server provide service, described device specifically includes:
Receiver module 21, asks message, the request of this electronic certificate to disappear for receiving the electronic certificate from local client Breath carries user's login identification information on described local client and the mark of described light application;
Enquiry module 22, for obtaining described login identification information and described gently should from described electronic certificate request message Mark, and default access control list search whether correspondence record;
Generation module 23, for when there being the record of correspondence, it is determined that described user has institute in described access control list State the logon rights of light application, and generate electronic certificate for described user;
Sending module 24, for the first response message carrying described electronic certificate is sent to described local client, And the second response message carrying described electronic certificate is sent to described light application server;Described electronic certificate be described gently Application server determines that described user has the foundation logging in described light application permission.
Described generation module 23, is additionally operable to when not having the record of correspondence in described access control list, it is determined that described use Family does not have the logon rights of described light application, and refuses to generate electronic certificate for described user;
Described sending module 24, is additionally operable to the 3rd response message not carrying electronic certificate is sent to described native client End.
Described receiver module 21, is additionally operable to receive the registration message from described light application server, described registration message In carry the mark of described light application and there is the login identification information of all users logging in described light application permission;Institute State the corresponding relation logging in identification information of mark and the described all users safeguarding described light application in access control list.
Described device also includes (not shown in FIG.): removing module, for carrying described electronics at described sending module First response message of voucher is sent to described local client, and is sent by the second response message carrying described electronic certificate After described light application server, delete described electronic certificate.
Through the above description of the embodiments, those skilled in the art is it can be understood that can be by the present invention Software adds the mode of required general hardware platform and realizes, naturally it is also possible to by hardware, but a lot of in the case of the former is more Good embodiment.Based on such understanding, prior art is contributed by technical scheme the most in other words Part can embody with the form of software product, and this computer software product is stored in a storage medium, if including Dry instruction is with so that a computer equipment (can be personal computer, server, or the network equipment etc.) performs this Method described in each embodiment bright.It will be appreciated by those skilled in the art that accompanying drawing is the schematic diagram of a preferred embodiment, Module or flow process in accompanying drawing are not necessarily implemented necessary to the present invention.
It will be appreciated by those skilled in the art that the module in the device in embodiment can describe according to embodiment to carry out point It is distributed in the device of embodiment, it is also possible to carry out respective change and be disposed other than in one or more devices of the present embodiment.On The module stating embodiment can merge into a module, it is possible to is further split into multiple submodule.The invention described above embodiment Sequence number, just to describing, does not represent the quality of embodiment.
The several specific embodiments being only the present invention disclosed above, but, the present invention is not limited to this, any ability What the technical staff in territory can think change all should fall into protection scope of the present invention.

Claims (14)

1. a light application log-in control method, applies on local client, it is characterised in that described local client is far End has the Platform Server providing service for it, and described Platform Server is also the light application server that described light application is corresponding Thering is provided service, described method includes:
After received the first electronic certificate request message of described light application by application interface, send out to described Platform Server Send the second electronic certificate request message, described second electronic certificate request message carries user on described local client Log in identification information and the mark of described light application;
Receive the response message carrying electronic certificate that described Platform Server returns;
By described application interface, described electronic certificate being sent to described light application, described electronic certificate is described light application clothes Business device determines that described user has the foundation logging in described light application permission.
Method the most according to claim 1, it is characterised in that described send the second electronic certificate to described Platform Server After request message, described method also includes:
If receiving the response message not carrying electronic certificate that described Platform Server returns, then at described local client The upper display login failure page, or, the response message not carrying electronic certificate is sent to described by described application interface Light application.
Method the most according to claim 1 and 2, it is characterised in that described by described application interface by described electronics with After card is sent to described light application, described method also includes:
Delete described electronic certificate.
4. a light application log-in control method, applies on Platform Server, it is characterised in that described Platform Server is used for There is provided service for local client, and described Platform Server also provides clothes for the light application server that described light application is corresponding Business, described method includes:
Receive the electronic certificate from described local client and ask message, described electronic certificate request message carries user and exists Login identification information on described local client and the mark of described light application;
Described login identification information and the mark of described light application is obtained from described electronic certificate request message, and default Access control list searches whether the record of correspondence;
If it is, determine that described user has the logon rights of described light application, and generate electronic certificate for described user;
The first response message carrying described electronic certificate is sent to described local client, and described electronic certificate will be carried The second response message be sent to described light application server;Wherein, described electronic certificate is that described light application server determines Described user has the foundation logging in described light application permission.
Method the most according to claim 4, it is characterised in that described searched whether correspondence in default access control list Record after, described method also includes:
If it does not, determine that described user does not have a logon rights of described light application, and refuse for described user generate electronics with Card, and the 3rd response message not carrying electronic certificate is sent to described local client.
6. according to the method described in claim 4 or 5, it is characterised in that described method also includes:
Receive from the registration message of described light application server, described registration message carries described light application mark and There is the login identification information of all users logging in described light application permission;Described access control list is safeguarded and described gently should Mark with described all users log in identification information corresponding relation.
7. according to the method described in claim 4 or 5, it is characterised in that described the first of the described electronic certificate that will carry responds Message is sent to described local client, and the second response message carrying described electronic certificate is sent to described light application clothes After business device, described method also includes:
Delete described electronic certificate.
8. light application logs in and controls a device, applies on local client, it is characterised in that described local client is far End has the Platform Server providing service for it, and described Platform Server is also the light application server that described light application is corresponding Thering is provided service, described device specifically includes:
Sending module, for after receiving the first electronic certificate request message of described light application, to institute by application interface State Platform Server and send the second electronic certificate request message, described second electronic certificate request message carries user described Login identification information on local client and the mark of described light application;
Receiver module, for receiving the response message carrying electronic certificate that described Platform Server returns;
Described sending module, is additionally operable to, by described application interface, described electronic certificate is sent to described light application, described electricity Sub-voucher is that described light application server determines that described user has the foundation logging in described light application permission.
Device the most according to claim 8, it is characterised in that
Described sending module, is additionally operable to after sending the second electronic certificate request message to described Platform Server, if connect Receive the response message not carrying electronic certificate that described Platform Server returns, then on described local client, show login Failure page, or, by described application interface, the response message not carrying electronic certificate is sent to described light application.
Device the most according to claim 8 or claim 9, it is characterised in that also include:
Removing module, for being sent to described light application at described sending module by described application interface by described electronic certificate Afterwards, described electronic certificate is deleted.
11. 1 kinds of light application log in and control device, apply on Platform Server, it is characterised in that described Platform Server is used In providing service for local client, and described Platform Server also provides clothes for the light application server that described light application is corresponding Business, described device specifically includes:
Receiver module, asks message, described electronic certificate request message to be taken for receiving the electronic certificate from local client On described local client, identification information and the mark of described light application is logged in user;
Enquiry module, for obtaining described login identification information and the mark of described light application from described electronic certificate request message Know, and search whether the record of correspondence in default access control list;
Generation module, for when there being the record of correspondence in described access control list, it is determined that described user has described gently should Logon rights, and generate electronic certificate for described user;
Sending module, for the first response message carrying described electronic certificate is sent to described local client, and will take The second response message with described electronic certificate is sent to described light application server;Described electronic certificate is described light application clothes Business device determines that described user has the foundation logging in described light application permission.
12. devices according to claim 11, it is characterised in that
Described generation module, is additionally operable to when not having the record of correspondence in described access control list, it is determined that described user does not has There is the logon rights of described light application, and refuse to generate electronic certificate for described user;
Described sending module, is additionally operable to the 3rd response message not carrying electronic certificate is sent to described local client.
13. according to the device described in claim 11 or 12, it is characterised in that
Described receiver module, is additionally operable to receive the registration message from described light application server, carries in described registration message The mark of described light application and there is the login identification information of all users logging in described light application permission;In described access Control table is safeguarded the mark of described light application and the corresponding relation logging in identification information of described all users.
14. according to the device described in claim 11 or 12, it is characterised in that also include:
Removing module, for being sent to described this locality at described sending module by the first response message carrying described electronic certificate Client, and after the second response message carrying described electronic certificate is sent to described light application server, delete described Electronic certificate.
CN201610584288.0A 2016-07-22 2016-07-22 Light application login control method and device Active CN106254319B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610584288.0A CN106254319B (en) 2016-07-22 2016-07-22 Light application login control method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610584288.0A CN106254319B (en) 2016-07-22 2016-07-22 Light application login control method and device

Publications (2)

Publication Number Publication Date
CN106254319A true CN106254319A (en) 2016-12-21
CN106254319B CN106254319B (en) 2020-01-03

Family

ID=57603699

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610584288.0A Active CN106254319B (en) 2016-07-22 2016-07-22 Light application login control method and device

Country Status (1)

Country Link
CN (1) CN106254319B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107483509A (en) * 2017-10-09 2017-12-15 武汉斗鱼网络科技有限公司 A kind of auth method, server and readable storage medium storing program for executing
CN110247938A (en) * 2018-03-08 2019-09-17 中国移动通信集团有限公司 A kind of method of application management, equipment and computer storage medium
CN111526111A (en) * 2019-02-02 2020-08-11 腾讯科技(深圳)有限公司 Control method, device and equipment for logging in light application and computer storage medium
CN113179254A (en) * 2021-04-01 2021-07-27 杭州数跑科技有限公司 System login method and device, electronic equipment and storage medium
CN113722693A (en) * 2021-09-09 2021-11-30 国网福建省电力有限公司漳州供电公司 RPA platform login method, system, device and storage medium based on biological recognition
CN114844671A (en) * 2022-03-21 2022-08-02 云控智行科技有限公司 Data access method, device and equipment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102739708B (en) * 2011-04-07 2015-02-04 腾讯科技(深圳)有限公司 System and method for accessing third party application based on cloud platform
CN104660566A (en) * 2013-11-22 2015-05-27 中国电信股份有限公司 Method and system applied to authentication control
CN105282126A (en) * 2014-07-24 2016-01-27 腾讯科技(北京)有限公司 Login authentication method, terminal and server
CN103051630B (en) * 2012-12-21 2016-01-27 微梦创科网络科技(中国)有限公司 Method, the Apparatus and system of third-party application mandate is realized based on open platform
CN105763547A (en) * 2016-02-04 2016-07-13 中国联合网络通信集团有限公司 Third-party authorization method and third-party authorization system
CN105791249A (en) * 2014-12-26 2016-07-20 深圳云之家网络有限公司 Third-party application processing method, device and system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102739708B (en) * 2011-04-07 2015-02-04 腾讯科技(深圳)有限公司 System and method for accessing third party application based on cloud platform
CN103051630B (en) * 2012-12-21 2016-01-27 微梦创科网络科技(中国)有限公司 Method, the Apparatus and system of third-party application mandate is realized based on open platform
CN104660566A (en) * 2013-11-22 2015-05-27 中国电信股份有限公司 Method and system applied to authentication control
CN105282126A (en) * 2014-07-24 2016-01-27 腾讯科技(北京)有限公司 Login authentication method, terminal and server
CN105791249A (en) * 2014-12-26 2016-07-20 深圳云之家网络有限公司 Third-party application processing method, device and system
CN105763547A (en) * 2016-02-04 2016-07-13 中国联合网络通信集团有限公司 Third-party authorization method and third-party authorization system

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107483509A (en) * 2017-10-09 2017-12-15 武汉斗鱼网络科技有限公司 A kind of auth method, server and readable storage medium storing program for executing
CN107483509B (en) * 2017-10-09 2019-12-03 武汉斗鱼网络科技有限公司 A kind of auth method, server and readable storage medium storing program for executing
CN110247938A (en) * 2018-03-08 2019-09-17 中国移动通信集团有限公司 A kind of method of application management, equipment and computer storage medium
CN111526111A (en) * 2019-02-02 2020-08-11 腾讯科技(深圳)有限公司 Control method, device and equipment for logging in light application and computer storage medium
CN113179254A (en) * 2021-04-01 2021-07-27 杭州数跑科技有限公司 System login method and device, electronic equipment and storage medium
CN113722693A (en) * 2021-09-09 2021-11-30 国网福建省电力有限公司漳州供电公司 RPA platform login method, system, device and storage medium based on biological recognition
CN114844671A (en) * 2022-03-21 2022-08-02 云控智行科技有限公司 Data access method, device and equipment

Also Published As

Publication number Publication date
CN106254319B (en) 2020-01-03

Similar Documents

Publication Publication Date Title
CN106254319A (en) A kind of light application log-in control method and device
CN103249045B (en) A kind of methods, devices and systems of identification
CN108632253B (en) Client data security access method and device based on mobile terminal
CN108293045A (en) Single-sign-on Identity Management between local and remote system
CN113079134B (en) Mobile terminal access method, mobile terminal access device, computer equipment and medium
US20180227296A1 (en) Authentication on thin clients using independent devices
CN110730153A (en) Account configuration method, device and system of cloud equipment and data processing method
US11063942B2 (en) Enhanced authentication method using dynamic geographical location information
CN106470145B (en) Instant messaging method and device
CN103916637A (en) Method and device for safely sharing monitoring front end device
CN104168304A (en) System and method for single-sign-on in virtual desktop infrastructure environment
US9819669B1 (en) Identity migration between organizations
CN105099986A (en) Network game data sharing method and server
CN106301772A (en) Cipher set-up method, device and for arranging the device of password
CN105228149A (en) Access point method of attachment, device and access point
CN103929482A (en) Method and device for safely having access to monitoring front-end device
US10505784B2 (en) Techniques for accessing logical networks via a virtualized gateway
CN108135026A (en) Wi-Fi connection method, computer equipment and storage medium
CN104767621A (en) Single-point security certification method for having access to enterprise data through mobile application
CN113055185A (en) Token-based authentication method and device, storage medium and electronic device
CN106254328A (en) A kind of access control method and device
CN104065674A (en) Terminal device and information processing method
US9886572B2 (en) Lie vault
KR102393500B1 (en) Login system and authentication method
CN102137045A (en) Method and system for implementing group information interaction on community platform

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No.

Applicant after: Xinhua three Technology Co., Ltd.

Address before: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No.

Applicant before: Huasan Communication Technology Co., Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant