CN109639730A - Information system data interface authentication method under HTTP stateless protocol based on token - Google Patents

Information system data interface authentication method under HTTP stateless protocol based on token Download PDF

Info

Publication number
CN109639730A
CN109639730A CN201910055067.8A CN201910055067A CN109639730A CN 109639730 A CN109639730 A CN 109639730A CN 201910055067 A CN201910055067 A CN 201910055067A CN 109639730 A CN109639730 A CN 109639730A
Authority
CN
China
Prior art keywords
token
information
server
client
token information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910055067.8A
Other languages
Chinese (zh)
Inventor
王建华
田光烁
刘志峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Technology
Original Assignee
Beijing University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Technology filed Critical Beijing University of Technology
Priority to CN201910055067.8A priority Critical patent/CN109639730A/en
Publication of CN109639730A publication Critical patent/CN109639730A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/142Managing session states for stateless protocols; Signalling session states; State transitions; Keeping-state mechanisms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

Information system data interface authentication method under the invention discloses a kind of HTTP stateless protocol based on token, belongs to Web application secret communication field.This method is mainly characterized by, when client repeatedly accesses data-interface, only when accessing first time, it is desirable to provide the authentication informations such as account number cipher.Server-side carries out authentication by access database, and sends token information to client.In subsequent access, client only needs to provide the token information obtained in maiden visit, and server-side only needs the verifying for carrying out token information and no longer needs to access database.The access registrar of data-interface is realized based on token, a possibility that reducing the leakage of the identity informations such as account number cipher in access process, improves the safety of system.In addition, when server authenticates same request source, it is no longer necessary to carry out frequent access operation to database, reduce the occupancy of system resource.

Description

Information system data interface authentication method under HTTP stateless protocol based on token
Technical field
Information system data interface authentication method under the present invention relates to a kind of HTTP stateless protocol based on token, belongs to Web application secret communication field.
Background technique
HTTP stateless protocol refers to that http protocol connects no memory capability for issued transaction, access, i.e., each It requests all to be independent, its executive condition and result and the request of front and request later are no direct relations, it is not It can be directly affected by the request-reply situation of front, subsequent request-reply situation will not be directly affected.Under traditional B/S framework The access of Data in Information Management System interface is carried out based on http protocol, by taking when client accesses to server-side Band authentication information completes authentication, such as the information in account number cipher and database is carried out matching and completes certification.Certification is logical Later, the data-interface of server-side granting client access system.After access, connection can be turned off.When client into When the row access of data-interface next time, due to the ill-mannered step response of HTTP, i.e. server-side does not have last visit to client Memory, client and server-side are still to carry out complete authentication.Under such circumstances when accessing very frequent, information system Need to carry out frequent database access to complete the matching certification to authentication information, this causes information system very big Resource occupation reduces the operational efficiency of system to a certain extent.
In view of the above problems, authentication method when we realize that data-interface accesses based on token, avoids system Frequent database access is carried out in authentication, improves operational efficiency to reduce the resource occupation of system.
Summary of the invention
Regarding the issue above, the present invention provides information system under a kind of HTTP stateless protocol based on token Data interface authentication method, it is therefore an objective to improve the authentication efficiency of system, reduce system resources consumption when authentication.This method Be mainly characterized by, when client repeatedly accesses data-interface, only first time access when, it is desirable to provide account number cipher etc. is recognized Demonstrate,prove information.Server-side carries out authentication by access database, and sends token information to client.In subsequent access, Client only needs to provide the token information obtained in maiden visit, and server-side only needs to carry out testing for token information It demonstrate,proves and no longer needs to access database.
What the technical solution adopted by the present invention was realized in the following manner: information system under the HTTP stateless protocol based on token System data interface authentication method:
Client carries out maiden visit, client to the data-interface of server-side under step 1) HTTP stateless protocol environment System data interface is accessed by sending the HTTP request comprising authentication informations such as account number ciphers.
Step 2) server-side receives client side HTTP request, and for authentication information, server-side is carried out by access database Information Authentication.If authenticated successfully, server-side generates token information and is stored in database and system cache.Token information For one section of character string, whether part of character string includes the timestamp of token information expired time, expired to verify token.Clothes Token information is returned to client by business end.
Step 3) client receives token information and saves, when client accesses the data-interface of system again, It only need to be comprising token as authentication information in HTTP request.
When step 4) server-side receives client access request again, check in the token information and caching for including in request Storage token information whether match.If token information is consistent, step 5) is carried out;If not being matched to token letter in the buffer Breath, then server-side access data base querying token information is caching token information preservation if being matched to corresponding information In, and carry out step 5);If not all being matched to corresponding information in caching and database, authentification failure, server-side refusal The access request of the secondary data-interface.
Step 5) extracts the timestamp information of token information expired time, judges whether token information is expired.If expired , then token information is regenerated in server-side, while updating corresponding token information, verification process in caching and database Terminate.After completing corresponding data interface requests, new token information is sent to client together;If token information does not have It is expired, then authenticate the request for successfully normally completing data-interface.
Information system data interface authentication method has following excellent under HTTP stateless protocol based on token of the invention Point:
1, it by the authentication logic based on token, avoids when repeatedly accessing under HTTP stateless protocol data-interface, For the frequent certification of the information such as account number cipher.On the one hand, authentication information only includes token information, reduces account in access process A possibility that leakages of identity informations such as number password, improve the safety of system.On the other hand, in addition to accessing for the first time, service When device authenticates same request source, does not need generally to carry out database access operation, reduce the occupancy of system resource.
2, the token information that server-side of the invention generates is formed using multidigit character, wherein setting according to information system Fixed, after the validity period for determining token information, 10 characters are the timestamp of expired time in token information.In addition, token character There are also the attribute informations such as connection status, associated account number simultaneously for string.
The present invention has the characteristics that design is reasonable, structure is simple, easy to use, thus has and promote the use of valence well Value.
Detailed description of the invention
Fig. 1 is based on token authentication method schematic diagram.
Fig. 2 is server-side authentication process figure.
Specific embodiment
Referring to Figure of description and specific embodiment to information system under the HTTP stateless protocol of the invention based on token System data interface authentication method is described in detail below.
Specific step is as follows for this method:
Client carries out maiden visit, client to the data-interface of server-side under step 1:HTTP stateless protocol environment It is visited by sending the HTTP request (such as POST request, authentication information is added in body) comprising authentication informations such as account number ciphers Ask system data interface.In subsequent access, client send comprising token HTTP request (such as directly in URL add enable Board information) data-interface can be accessed.
Step 2: server-side receives client side HTTP request, for authentication information, if authentication information is token, carries out Step 3;If authentication information is account and password, matched after account number cipher is extracted with the information in database.Such as Fruit successful match, server-side generate token information and are stored in database and system cache (such as thread pool variable).It enables Board information is one section of character string, and part of character string includes the timestamp of token information expired time, whether to verify token It is expired.Token information is returned to client by server-side.If it fails to match, illustrate authentification failure, information system refuses this Secondary HTTP request.
Step 3: server-side receives token information and extracts.Server-side carries out of token information in the system cache Match, step 4 is carried out if successful match.If matched unsuccessful, it is contemplated that system cache is removed and caused under fortuitous event The possibility that token information is lost, server-side connect database, carry out the matching of token in the database.If in the database With success, then by token information preservation into system cache, and step 4 is carried out.If in database and system cache all not Successful match, then the request authentification failure, information system refuse this HTTP request.
Step 4: server-side extracts the timestamp of expired time in token information, judge the current time token whether mistake Phase.If not out of date, step 5 is carried out;If out of date, regenerate token information in server-side, and in system cache and The update and replacement that token information is carried out in database, carry out step 5 later.
Step 5: authenticating successfully, system executes corresponding operating for request.Complete completion pair as the case may be after operating The response of HTTP request needs together to send new token information at this time if having carried out the update of token information before To client, client token information is notified to change.

Claims (4)

1. information system data interface authentication method under the HTTP stateless protocol based on token, it is characterised in that: this method packet Include following steps,
Client carries out maiden visit to the data-interface of server-side under step 1) HTTP stateless protocol environment, and client passes through It sends the HTTP request comprising authentication informations such as account number ciphers and accesses system data interface;
Step 2) server-side receives client side HTTP request, and for authentication information, server-side carries out information by access database Verifying;If authenticated successfully, server-side generates token information and is stored in database and system cache;Token information is one Section character string, whether part of character string includes the timestamp of token information expired time, expired to verify token;Server-side Token information is returned into client;
Step 3) client receives token information and saves, and when client accesses the data-interface of system again, HTTP is asked It only need to be comprising token as authentication information in asking;
When step 4) server-side receives client access request again, depositing in the token information and caching that include in request is checked Whether storage token information matches;If token information is consistent, carry out
Step 5);If not being matched to token information in the buffer, server-side accesses data base querying token information, if matching To corresponding information, then in the buffer by token information preservation, and step 5) is carried out;If all do not matched in caching and database To corresponding information, then authentification failure, server-side refuse the access request of the secondary data-interface;
Step 5) extracts the timestamp information of token information expired time, judges whether token information is expired;If expired, Token information is regenerated in server-side, while updating corresponding token information in caching and database, verification process terminates; After completing corresponding data interface requests, new token information is sent to client together;If token information do not have it is expired, Then authenticate the request for successfully normally completing data-interface.
2. information system data interface authentication method under the HTTP stateless protocol according to claim 1 based on token, It is characterized by: HTTP request is POST request, authentication information is added in body.
3. information system data interface authentication method under the HTTP stateless protocol according to claim 1 based on token, It is characterized by: it is directly to add token information in URL that client, which sends the HTTP request comprising token,.
4. information system data interface authentication method under the HTTP stateless protocol according to claim 1 based on token, It is characterized by: server-side generates token information and is stored in database and system cache as thread pool variable.
CN201910055067.8A 2019-01-21 2019-01-21 Information system data interface authentication method under HTTP stateless protocol based on token Pending CN109639730A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910055067.8A CN109639730A (en) 2019-01-21 2019-01-21 Information system data interface authentication method under HTTP stateless protocol based on token

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910055067.8A CN109639730A (en) 2019-01-21 2019-01-21 Information system data interface authentication method under HTTP stateless protocol based on token

Publications (1)

Publication Number Publication Date
CN109639730A true CN109639730A (en) 2019-04-16

Family

ID=66062308

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910055067.8A Pending CN109639730A (en) 2019-01-21 2019-01-21 Information system data interface authentication method under HTTP stateless protocol based on token

Country Status (1)

Country Link
CN (1) CN109639730A (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110084031A (en) * 2019-04-24 2019-08-02 四川吉赛特科技有限公司 A kind of information system account number safety authentication platform that authentication logic can customize
CN110690972A (en) * 2019-10-11 2020-01-14 迈普通信技术股份有限公司 Token authentication method and device, electronic equipment and storage medium
CN110855672A (en) * 2019-11-15 2020-02-28 无锡家校邦网络科技有限公司 JWT-based authorization method capable of being manually cancelled
CN111030812A (en) * 2019-12-16 2020-04-17 Oppo广东移动通信有限公司 Token verification method, device, storage medium and server
CN111711641A (en) * 2020-07-10 2020-09-25 北京亚鸿世纪科技发展有限公司 State control method and device for browser and server architecture identity authentication token
WO2021135918A1 (en) * 2020-01-03 2021-07-08 平安科技(深圳)有限公司 Request authentication method, apparatus and device, and storage medium
CN113691531A (en) * 2021-08-24 2021-11-23 深圳市思迪信息技术股份有限公司 Data transmission method, system, equipment and storage medium based on WebSocket protocol
CN114025028A (en) * 2021-10-28 2022-02-08 杭州数梦工场科技有限公司 Interface request processing method and RESTful protocol conversion device
CN114978994A (en) * 2021-02-18 2022-08-30 青岛海信宽带多媒体技术有限公司 Router and router token asynchronous management method
CN115828309A (en) * 2023-02-09 2023-03-21 中国证券登记结算有限责任公司 Service calling method and system
CN115913676A (en) * 2022-11-04 2023-04-04 上海申石软件有限公司 Access control method and device for cloud native application, electronic equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997040457A2 (en) * 1996-04-19 1997-10-30 Intergraph Corporation System and method for data access
CN102422278A (en) * 2009-05-14 2012-04-18 微软公司 Interactive authentication challenge
CN105556501A (en) * 2013-05-30 2016-05-04 电子湾有限公司 Systems and methods of token piggybacking
CN106384028A (en) * 2016-09-12 2017-02-08 浪潮软件股份有限公司 Method for supporting unified identity authentication service realization of multiple tenants

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997040457A2 (en) * 1996-04-19 1997-10-30 Intergraph Corporation System and method for data access
CN102422278A (en) * 2009-05-14 2012-04-18 微软公司 Interactive authentication challenge
CN105556501A (en) * 2013-05-30 2016-05-04 电子湾有限公司 Systems and methods of token piggybacking
CN106384028A (en) * 2016-09-12 2017-02-08 浪潮软件股份有限公司 Method for supporting unified identity authentication service realization of multiple tenants

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110084031A (en) * 2019-04-24 2019-08-02 四川吉赛特科技有限公司 A kind of information system account number safety authentication platform that authentication logic can customize
CN110084031B (en) * 2019-04-24 2022-10-14 四川吉赛特科技有限公司 Method for security authentication of information system account with customizable authentication logic
CN110690972B (en) * 2019-10-11 2022-02-22 迈普通信技术股份有限公司 Token authentication method and device, electronic equipment and storage medium
CN110690972A (en) * 2019-10-11 2020-01-14 迈普通信技术股份有限公司 Token authentication method and device, electronic equipment and storage medium
CN110855672A (en) * 2019-11-15 2020-02-28 无锡家校邦网络科技有限公司 JWT-based authorization method capable of being manually cancelled
CN111030812A (en) * 2019-12-16 2020-04-17 Oppo广东移动通信有限公司 Token verification method, device, storage medium and server
WO2021135918A1 (en) * 2020-01-03 2021-07-08 平安科技(深圳)有限公司 Request authentication method, apparatus and device, and storage medium
CN111711641A (en) * 2020-07-10 2020-09-25 北京亚鸿世纪科技发展有限公司 State control method and device for browser and server architecture identity authentication token
CN111711641B (en) * 2020-07-10 2022-03-08 北京亚鸿世纪科技发展有限公司 State control method and device for browser and server architecture identity authentication token
CN114978994A (en) * 2021-02-18 2022-08-30 青岛海信宽带多媒体技术有限公司 Router and router token asynchronous management method
CN114978994B (en) * 2021-02-18 2024-02-02 青岛海信宽带多媒体技术有限公司 Router and router token asynchronous management method
CN113691531A (en) * 2021-08-24 2021-11-23 深圳市思迪信息技术股份有限公司 Data transmission method, system, equipment and storage medium based on WebSocket protocol
CN114025028A (en) * 2021-10-28 2022-02-08 杭州数梦工场科技有限公司 Interface request processing method and RESTful protocol conversion device
CN114025028B (en) * 2021-10-28 2023-05-23 杭州数梦工场科技有限公司 Interface request processing method and RESTful protocol conversion device
CN115913676A (en) * 2022-11-04 2023-04-04 上海申石软件有限公司 Access control method and device for cloud native application, electronic equipment and storage medium
CN115913676B (en) * 2022-11-04 2023-06-02 上海申石软件有限公司 Access control method and device for cloud native application, electronic equipment and storage medium
CN115828309A (en) * 2023-02-09 2023-03-21 中国证券登记结算有限责任公司 Service calling method and system
CN115828309B (en) * 2023-02-09 2023-11-07 中国证券登记结算有限责任公司 Service calling method and system

Similar Documents

Publication Publication Date Title
CN109639730A (en) Information system data interface authentication method under HTTP stateless protocol based on token
CN109309683B (en) Token-based client identity authentication method and system
CN108173850B (en) Identity authentication system and identity authentication method based on block chain intelligent contract
CN113783695B (en) Client information authentication method and system of micro-service architecture
CN104320423B (en) Single-sign-on lightweight implementation method based on Cookie
CN103023918B (en) The mthods, systems and devices logged in are provided for multiple network services are unified
CN105337949B (en) A kind of SSO authentication method, web server, authentication center and token verify center
US8132239B2 (en) System and method for validating requests in an identity metasystem
CN104283885B (en) A kind of implementation method of many SP secure bindings based on intelligent terminal local authentication
CN110401655A (en) Access control right management system based on user and role
CN109413032A (en) A kind of single-point logging method, computer readable storage medium and gateway
CN108600203A (en) Secure Single Sign-on method based on Cookie and its unified certification service system
CN110381031A (en) Single-point logging method, device, equipment and computer readable storage medium
CN110235410A (en) Replace the method for the login of user using the block chain database of the agreement based on UTXO and by the certification based on PKI and utilizes its server
CN110213223A (en) Business management method, device, system, computer equipment and storage medium
CN103139200A (en) Single sign-on method of web service
CN109495486B (en) Single-page Web application integration CAS method based on JWT
CN108632241B (en) Unified login method and device for multiple application systems
CN109639719B (en) Identity verification method and device based on temporary identifier
CN105141580B (en) A kind of resource access control method based on the domain AD
CN106453352A (en) Single-system multi-platform authentication method
CN104702562B (en) Terminal fused business cut-in method, system and terminal
WO2021052034A1 (en) Information authentication method and system thereof, authentication module and user terminal
CN110086813A (en) Access right control method and device
CN109831310A (en) A kind of auth method, system and relevant apparatus

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190416