CN109639730A - Information system data interface authentication method under HTTP stateless protocol based on token - Google Patents
Information system data interface authentication method under HTTP stateless protocol based on token Download PDFInfo
- Publication number
- CN109639730A CN109639730A CN201910055067.8A CN201910055067A CN109639730A CN 109639730 A CN109639730 A CN 109639730A CN 201910055067 A CN201910055067 A CN 201910055067A CN 109639730 A CN109639730 A CN 109639730A
- Authority
- CN
- China
- Prior art keywords
- token
- information
- server
- client
- token information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/142—Managing session states for stateless protocols; Signalling session states; State transitions; Keeping-state mechanisms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
Information system data interface authentication method under the invention discloses a kind of HTTP stateless protocol based on token, belongs to Web application secret communication field.This method is mainly characterized by, when client repeatedly accesses data-interface, only when accessing first time, it is desirable to provide the authentication informations such as account number cipher.Server-side carries out authentication by access database, and sends token information to client.In subsequent access, client only needs to provide the token information obtained in maiden visit, and server-side only needs the verifying for carrying out token information and no longer needs to access database.The access registrar of data-interface is realized based on token, a possibility that reducing the leakage of the identity informations such as account number cipher in access process, improves the safety of system.In addition, when server authenticates same request source, it is no longer necessary to carry out frequent access operation to database, reduce the occupancy of system resource.
Description
Technical field
Information system data interface authentication method under the present invention relates to a kind of HTTP stateless protocol based on token, belongs to
Web application secret communication field.
Background technique
HTTP stateless protocol refers to that http protocol connects no memory capability for issued transaction, access, i.e., each
It requests all to be independent, its executive condition and result and the request of front and request later are no direct relations, it is not
It can be directly affected by the request-reply situation of front, subsequent request-reply situation will not be directly affected.Under traditional B/S framework
The access of Data in Information Management System interface is carried out based on http protocol, by taking when client accesses to server-side
Band authentication information completes authentication, such as the information in account number cipher and database is carried out matching and completes certification.Certification is logical
Later, the data-interface of server-side granting client access system.After access, connection can be turned off.When client into
When the row access of data-interface next time, due to the ill-mannered step response of HTTP, i.e. server-side does not have last visit to client
Memory, client and server-side are still to carry out complete authentication.Under such circumstances when accessing very frequent, information system
Need to carry out frequent database access to complete the matching certification to authentication information, this causes information system very big
Resource occupation reduces the operational efficiency of system to a certain extent.
In view of the above problems, authentication method when we realize that data-interface accesses based on token, avoids system
Frequent database access is carried out in authentication, improves operational efficiency to reduce the resource occupation of system.
Summary of the invention
Regarding the issue above, the present invention provides information system under a kind of HTTP stateless protocol based on token
Data interface authentication method, it is therefore an objective to improve the authentication efficiency of system, reduce system resources consumption when authentication.This method
Be mainly characterized by, when client repeatedly accesses data-interface, only first time access when, it is desirable to provide account number cipher etc. is recognized
Demonstrate,prove information.Server-side carries out authentication by access database, and sends token information to client.In subsequent access,
Client only needs to provide the token information obtained in maiden visit, and server-side only needs to carry out testing for token information
It demonstrate,proves and no longer needs to access database.
What the technical solution adopted by the present invention was realized in the following manner: information system under the HTTP stateless protocol based on token
System data interface authentication method:
Client carries out maiden visit, client to the data-interface of server-side under step 1) HTTP stateless protocol environment
System data interface is accessed by sending the HTTP request comprising authentication informations such as account number ciphers.
Step 2) server-side receives client side HTTP request, and for authentication information, server-side is carried out by access database
Information Authentication.If authenticated successfully, server-side generates token information and is stored in database and system cache.Token information
For one section of character string, whether part of character string includes the timestamp of token information expired time, expired to verify token.Clothes
Token information is returned to client by business end.
Step 3) client receives token information and saves, when client accesses the data-interface of system again,
It only need to be comprising token as authentication information in HTTP request.
When step 4) server-side receives client access request again, check in the token information and caching for including in request
Storage token information whether match.If token information is consistent, step 5) is carried out;If not being matched to token letter in the buffer
Breath, then server-side access data base querying token information is caching token information preservation if being matched to corresponding information
In, and carry out step 5);If not all being matched to corresponding information in caching and database, authentification failure, server-side refusal
The access request of the secondary data-interface.
Step 5) extracts the timestamp information of token information expired time, judges whether token information is expired.If expired
, then token information is regenerated in server-side, while updating corresponding token information, verification process in caching and database
Terminate.After completing corresponding data interface requests, new token information is sent to client together;If token information does not have
It is expired, then authenticate the request for successfully normally completing data-interface.
Information system data interface authentication method has following excellent under HTTP stateless protocol based on token of the invention
Point:
1, it by the authentication logic based on token, avoids when repeatedly accessing under HTTP stateless protocol data-interface,
For the frequent certification of the information such as account number cipher.On the one hand, authentication information only includes token information, reduces account in access process
A possibility that leakages of identity informations such as number password, improve the safety of system.On the other hand, in addition to accessing for the first time, service
When device authenticates same request source, does not need generally to carry out database access operation, reduce the occupancy of system resource.
2, the token information that server-side of the invention generates is formed using multidigit character, wherein setting according to information system
Fixed, after the validity period for determining token information, 10 characters are the timestamp of expired time in token information.In addition, token character
There are also the attribute informations such as connection status, associated account number simultaneously for string.
The present invention has the characteristics that design is reasonable, structure is simple, easy to use, thus has and promote the use of valence well
Value.
Detailed description of the invention
Fig. 1 is based on token authentication method schematic diagram.
Fig. 2 is server-side authentication process figure.
Specific embodiment
Referring to Figure of description and specific embodiment to information system under the HTTP stateless protocol of the invention based on token
System data interface authentication method is described in detail below.
Specific step is as follows for this method:
Client carries out maiden visit, client to the data-interface of server-side under step 1:HTTP stateless protocol environment
It is visited by sending the HTTP request (such as POST request, authentication information is added in body) comprising authentication informations such as account number ciphers
Ask system data interface.In subsequent access, client send comprising token HTTP request (such as directly in URL add enable
Board information) data-interface can be accessed.
Step 2: server-side receives client side HTTP request, for authentication information, if authentication information is token, carries out
Step 3;If authentication information is account and password, matched after account number cipher is extracted with the information in database.Such as
Fruit successful match, server-side generate token information and are stored in database and system cache (such as thread pool variable).It enables
Board information is one section of character string, and part of character string includes the timestamp of token information expired time, whether to verify token
It is expired.Token information is returned to client by server-side.If it fails to match, illustrate authentification failure, information system refuses this
Secondary HTTP request.
Step 3: server-side receives token information and extracts.Server-side carries out of token information in the system cache
Match, step 4 is carried out if successful match.If matched unsuccessful, it is contemplated that system cache is removed and caused under fortuitous event
The possibility that token information is lost, server-side connect database, carry out the matching of token in the database.If in the database
With success, then by token information preservation into system cache, and step 4 is carried out.If in database and system cache all not
Successful match, then the request authentification failure, information system refuse this HTTP request.
Step 4: server-side extracts the timestamp of expired time in token information, judge the current time token whether mistake
Phase.If not out of date, step 5 is carried out;If out of date, regenerate token information in server-side, and in system cache and
The update and replacement that token information is carried out in database, carry out step 5 later.
Step 5: authenticating successfully, system executes corresponding operating for request.Complete completion pair as the case may be after operating
The response of HTTP request needs together to send new token information at this time if having carried out the update of token information before
To client, client token information is notified to change.
Claims (4)
1. information system data interface authentication method under the HTTP stateless protocol based on token, it is characterised in that: this method packet
Include following steps,
Client carries out maiden visit to the data-interface of server-side under step 1) HTTP stateless protocol environment, and client passes through
It sends the HTTP request comprising authentication informations such as account number ciphers and accesses system data interface;
Step 2) server-side receives client side HTTP request, and for authentication information, server-side carries out information by access database
Verifying;If authenticated successfully, server-side generates token information and is stored in database and system cache;Token information is one
Section character string, whether part of character string includes the timestamp of token information expired time, expired to verify token;Server-side
Token information is returned into client;
Step 3) client receives token information and saves, and when client accesses the data-interface of system again, HTTP is asked
It only need to be comprising token as authentication information in asking;
When step 4) server-side receives client access request again, depositing in the token information and caching that include in request is checked
Whether storage token information matches;If token information is consistent, carry out
Step 5);If not being matched to token information in the buffer, server-side accesses data base querying token information, if matching
To corresponding information, then in the buffer by token information preservation, and step 5) is carried out;If all do not matched in caching and database
To corresponding information, then authentification failure, server-side refuse the access request of the secondary data-interface;
Step 5) extracts the timestamp information of token information expired time, judges whether token information is expired;If expired,
Token information is regenerated in server-side, while updating corresponding token information in caching and database, verification process terminates;
After completing corresponding data interface requests, new token information is sent to client together;If token information do not have it is expired,
Then authenticate the request for successfully normally completing data-interface.
2. information system data interface authentication method under the HTTP stateless protocol according to claim 1 based on token,
It is characterized by: HTTP request is POST request, authentication information is added in body.
3. information system data interface authentication method under the HTTP stateless protocol according to claim 1 based on token,
It is characterized by: it is directly to add token information in URL that client, which sends the HTTP request comprising token,.
4. information system data interface authentication method under the HTTP stateless protocol according to claim 1 based on token,
It is characterized by: server-side generates token information and is stored in database and system cache as thread pool variable.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910055067.8A CN109639730A (en) | 2019-01-21 | 2019-01-21 | Information system data interface authentication method under HTTP stateless protocol based on token |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910055067.8A CN109639730A (en) | 2019-01-21 | 2019-01-21 | Information system data interface authentication method under HTTP stateless protocol based on token |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109639730A true CN109639730A (en) | 2019-04-16 |
Family
ID=66062308
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910055067.8A Pending CN109639730A (en) | 2019-01-21 | 2019-01-21 | Information system data interface authentication method under HTTP stateless protocol based on token |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109639730A (en) |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110084031A (en) * | 2019-04-24 | 2019-08-02 | 四川吉赛特科技有限公司 | A kind of information system account number safety authentication platform that authentication logic can customize |
CN110690972A (en) * | 2019-10-11 | 2020-01-14 | 迈普通信技术股份有限公司 | Token authentication method and device, electronic equipment and storage medium |
CN110855672A (en) * | 2019-11-15 | 2020-02-28 | 无锡家校邦网络科技有限公司 | JWT-based authorization method capable of being manually cancelled |
CN111030812A (en) * | 2019-12-16 | 2020-04-17 | Oppo广东移动通信有限公司 | Token verification method, device, storage medium and server |
CN111711641A (en) * | 2020-07-10 | 2020-09-25 | 北京亚鸿世纪科技发展有限公司 | State control method and device for browser and server architecture identity authentication token |
WO2021135918A1 (en) * | 2020-01-03 | 2021-07-08 | 平安科技(深圳)有限公司 | Request authentication method, apparatus and device, and storage medium |
CN113691531A (en) * | 2021-08-24 | 2021-11-23 | 深圳市思迪信息技术股份有限公司 | Data transmission method, system, equipment and storage medium based on WebSocket protocol |
CN114025028A (en) * | 2021-10-28 | 2022-02-08 | 杭州数梦工场科技有限公司 | Interface request processing method and RESTful protocol conversion device |
CN114978994A (en) * | 2021-02-18 | 2022-08-30 | 青岛海信宽带多媒体技术有限公司 | Router and router token asynchronous management method |
CN115828309A (en) * | 2023-02-09 | 2023-03-21 | 中国证券登记结算有限责任公司 | Service calling method and system |
CN115913676A (en) * | 2022-11-04 | 2023-04-04 | 上海申石软件有限公司 | Access control method and device for cloud native application, electronic equipment and storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1997040457A2 (en) * | 1996-04-19 | 1997-10-30 | Intergraph Corporation | System and method for data access |
CN102422278A (en) * | 2009-05-14 | 2012-04-18 | 微软公司 | Interactive authentication challenge |
CN105556501A (en) * | 2013-05-30 | 2016-05-04 | 电子湾有限公司 | Systems and methods of token piggybacking |
CN106384028A (en) * | 2016-09-12 | 2017-02-08 | 浪潮软件股份有限公司 | Method for supporting unified identity authentication service realization of multiple tenants |
-
2019
- 2019-01-21 CN CN201910055067.8A patent/CN109639730A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1997040457A2 (en) * | 1996-04-19 | 1997-10-30 | Intergraph Corporation | System and method for data access |
CN102422278A (en) * | 2009-05-14 | 2012-04-18 | 微软公司 | Interactive authentication challenge |
CN105556501A (en) * | 2013-05-30 | 2016-05-04 | 电子湾有限公司 | Systems and methods of token piggybacking |
CN106384028A (en) * | 2016-09-12 | 2017-02-08 | 浪潮软件股份有限公司 | Method for supporting unified identity authentication service realization of multiple tenants |
Cited By (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110084031A (en) * | 2019-04-24 | 2019-08-02 | 四川吉赛特科技有限公司 | A kind of information system account number safety authentication platform that authentication logic can customize |
CN110084031B (en) * | 2019-04-24 | 2022-10-14 | 四川吉赛特科技有限公司 | Method for security authentication of information system account with customizable authentication logic |
CN110690972B (en) * | 2019-10-11 | 2022-02-22 | 迈普通信技术股份有限公司 | Token authentication method and device, electronic equipment and storage medium |
CN110690972A (en) * | 2019-10-11 | 2020-01-14 | 迈普通信技术股份有限公司 | Token authentication method and device, electronic equipment and storage medium |
CN110855672A (en) * | 2019-11-15 | 2020-02-28 | 无锡家校邦网络科技有限公司 | JWT-based authorization method capable of being manually cancelled |
CN111030812A (en) * | 2019-12-16 | 2020-04-17 | Oppo广东移动通信有限公司 | Token verification method, device, storage medium and server |
WO2021135918A1 (en) * | 2020-01-03 | 2021-07-08 | 平安科技(深圳)有限公司 | Request authentication method, apparatus and device, and storage medium |
CN111711641A (en) * | 2020-07-10 | 2020-09-25 | 北京亚鸿世纪科技发展有限公司 | State control method and device for browser and server architecture identity authentication token |
CN111711641B (en) * | 2020-07-10 | 2022-03-08 | 北京亚鸿世纪科技发展有限公司 | State control method and device for browser and server architecture identity authentication token |
CN114978994A (en) * | 2021-02-18 | 2022-08-30 | 青岛海信宽带多媒体技术有限公司 | Router and router token asynchronous management method |
CN114978994B (en) * | 2021-02-18 | 2024-02-02 | 青岛海信宽带多媒体技术有限公司 | Router and router token asynchronous management method |
CN113691531A (en) * | 2021-08-24 | 2021-11-23 | 深圳市思迪信息技术股份有限公司 | Data transmission method, system, equipment and storage medium based on WebSocket protocol |
CN114025028A (en) * | 2021-10-28 | 2022-02-08 | 杭州数梦工场科技有限公司 | Interface request processing method and RESTful protocol conversion device |
CN114025028B (en) * | 2021-10-28 | 2023-05-23 | 杭州数梦工场科技有限公司 | Interface request processing method and RESTful protocol conversion device |
CN115913676A (en) * | 2022-11-04 | 2023-04-04 | 上海申石软件有限公司 | Access control method and device for cloud native application, electronic equipment and storage medium |
CN115913676B (en) * | 2022-11-04 | 2023-06-02 | 上海申石软件有限公司 | Access control method and device for cloud native application, electronic equipment and storage medium |
CN115828309A (en) * | 2023-02-09 | 2023-03-21 | 中国证券登记结算有限责任公司 | Service calling method and system |
CN115828309B (en) * | 2023-02-09 | 2023-11-07 | 中国证券登记结算有限责任公司 | Service calling method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109639730A (en) | Information system data interface authentication method under HTTP stateless protocol based on token | |
CN109309683B (en) | Token-based client identity authentication method and system | |
CN108173850B (en) | Identity authentication system and identity authentication method based on block chain intelligent contract | |
CN113783695B (en) | Client information authentication method and system of micro-service architecture | |
CN104320423B (en) | Single-sign-on lightweight implementation method based on Cookie | |
CN103023918B (en) | The mthods, systems and devices logged in are provided for multiple network services are unified | |
CN105337949B (en) | A kind of SSO authentication method, web server, authentication center and token verify center | |
US8132239B2 (en) | System and method for validating requests in an identity metasystem | |
CN104283885B (en) | A kind of implementation method of many SP secure bindings based on intelligent terminal local authentication | |
CN110401655A (en) | Access control right management system based on user and role | |
CN109413032A (en) | A kind of single-point logging method, computer readable storage medium and gateway | |
CN108600203A (en) | Secure Single Sign-on method based on Cookie and its unified certification service system | |
CN110381031A (en) | Single-point logging method, device, equipment and computer readable storage medium | |
CN110235410A (en) | Replace the method for the login of user using the block chain database of the agreement based on UTXO and by the certification based on PKI and utilizes its server | |
CN110213223A (en) | Business management method, device, system, computer equipment and storage medium | |
CN103139200A (en) | Single sign-on method of web service | |
CN109495486B (en) | Single-page Web application integration CAS method based on JWT | |
CN108632241B (en) | Unified login method and device for multiple application systems | |
CN109639719B (en) | Identity verification method and device based on temporary identifier | |
CN105141580B (en) | A kind of resource access control method based on the domain AD | |
CN106453352A (en) | Single-system multi-platform authentication method | |
CN104702562B (en) | Terminal fused business cut-in method, system and terminal | |
WO2021052034A1 (en) | Information authentication method and system thereof, authentication module and user terminal | |
CN110086813A (en) | Access right control method and device | |
CN109831310A (en) | A kind of auth method, system and relevant apparatus |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190416 |