CN109802835A - A kind of safety certifying method, system and API gateway - Google Patents

A kind of safety certifying method, system and API gateway Download PDF

Info

Publication number
CN109802835A
CN109802835A CN201910073452.5A CN201910073452A CN109802835A CN 109802835 A CN109802835 A CN 109802835A CN 201910073452 A CN201910073452 A CN 201910073452A CN 109802835 A CN109802835 A CN 109802835A
Authority
CN
China
Prior art keywords
token
client
micro services
call request
api gateway
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910073452.5A
Other languages
Chinese (zh)
Inventor
许传波
宋浒
吴嘉生
刘丹
谭晶
王会羽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Information And Communication Branch Of Jiangsu Electric Power Co Ltd
State Grid Corp of China SGCC
State Grid Information and Telecommunication Co Ltd
State Grid Jiangsu Electric Power Co Ltd
Beijing China Power Information Technology Co Ltd
Original Assignee
Information And Communication Branch Of Jiangsu Electric Power Co Ltd
State Grid Corp of China SGCC
State Grid Information and Telecommunication Co Ltd
State Grid Jiangsu Electric Power Co Ltd
Beijing China Power Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Information And Communication Branch Of Jiangsu Electric Power Co Ltd, State Grid Corp of China SGCC, State Grid Information and Telecommunication Co Ltd, State Grid Jiangsu Electric Power Co Ltd, Beijing China Power Information Technology Co Ltd filed Critical Information And Communication Branch Of Jiangsu Electric Power Co Ltd
Priority to CN201910073452.5A priority Critical patent/CN109802835A/en
Publication of CN109802835A publication Critical patent/CN109802835A/en
Pending legal-status Critical Current

Links

Abstract

The present invention provides a kind of safety certifying method, system and API gateways, client sends the call request for carrying token to API gateway in the safety certifying method, it is whether effective that the token carried in the call request is verified by API gateway, if the token carried in the call request is effective, then illustrate that the client for sending the call request is the client by safety certification, the call request that client Jing Guo safety certification is sent is sent to micro services by API gateway, to call micro services.Due to carrying out safety certification to the client for sending call request using API gateway, the client that only safety certification passes through just is capable of calling micro services, it ensure that the safety of micro services framework, and it only needs to develop API gateway, without being developed to each micro services itself in micro services framework, not only reduces development cost and improve the versatility of safety certifying method.

Description

A kind of safety certifying method, system and API gateway
Technical field
The invention belongs to technical field of security authentication more particularly to a kind of safety certifying methods, system and API gateway.
Background technique
With the fast development of distributed computing technology, micro services framework is paid close attention in enterprise-level application.
The safety certifying method of existing micro services framework is by developing to micro services itself, so that connecing in micro services When receiving call request, safety certification is carried out to the client for sending call request, to guarantee the safety of micro services framework.
But it by developing micro services itself so that micro services have the function of safety certification, is not only due to need Each micro services are individually carried out with exploitation causes development cost big, and not for the safety certifying method of each micro services exploitation Can be general in other micro services, reduce the versatility of safety certifying method.
Summary of the invention
In view of this, the purpose of the present invention is to provide a kind of safety certifying method, system and API gateway, it is existing to solve There is the safety certifying method development cost in technology applied to micro services framework big, the problem of poor universality.
Technical solution is as follows:
The present invention provides a kind of safety certifying method, is applied to API gateway, comprising:
Receive the call request for carrying token that client is sent;Wherein, the token is to complete safety to client The token generated after certification;
Whether effective verify the token;
If it is effective to verify the token, the call request is sent to call the micro services to micro services.
Preferably, the verifying token whether effectively include:
The token is sent to authentication center, it is whether effective to verify the token using authentication center;
Receive the verification result to the token that the authentication center returns.
Preferably, if verifying the token valid, further includes:
To the client send token fail information so that client receive token failure information after again to The authentication center sends token acquisition request, and the authentication center generates token after responding the token acquisition request and sends To the client.
Preferably, the generation token includes:
Obtain code key;
Token is generated after carrying out operation to the code key based on security algorithm.
Preferably, described to micro services to send the call request to call the micro services to include:
According to the token carried in the call request, the client for sending the call request is determined;
Based on the client prestored and the corresponding relationship between permission is called, determines the client for sending the call request Whether there is the permission for calling the micro services;
Determine that the client for sending the call request has the permission for calling the micro services, then calling is described in incognito Business.
The present invention also provides a kind of API gateways, comprising:
Receiving unit, for receiving the call request for carrying token of client transmission;Wherein, the token is to visitor Complete the token generated after safety certification in family end;
Authentication unit, it is whether effective for verifying the token;
It is described to call to send the call request to micro services if effective for verifying the token for call unit Micro services.
The present invention also provides a kind of security certification systems, comprising:
API gateway;
The client and micro services being separately connected with API gateway;
The client is used to send the call request for carrying token to the API gateway;
After the API gateway is used to receive the call request for carrying token that the client is sent, described in verifying Whether token effective, and verify the token it is effective when, Xiang Suoshu micro services send the call request with call it is described in incognito Business.
Preferably, further includes:
The authentication center being connect respectively with the API gateway, the client;
The token of generation is sent to the client, and to the institute received for generating token by the authentication center The token for stating API gateway transmission carries out validation verification, and token verification result is sent to the API gateway.
Preferably, if the verification result is token valid:
The API gateway is also used to send the information that token fails to the client;
After the client is also used to receive the information for the token failure that the API gateway returns, into the certification The heart sends token acquisition request;
The authentication center is also used to respond the token acquisition request to generate token, and the token of generation is sent to The client.
Preferably, the token acquisition request includes client identity information;
Wherein, the response token acquisition request includes: to generate token
Client identity information is obtained from the token acquisition request;
According to the client identity information, authentication is carried out to the client;
If the client identity is verified, token is generated.
Preferably, further includes:
The permission center being connect respectively with the authentication center and the micro services;
The permission center is used to receive and store the corresponding pass between the token that the authentication center sends and client System, after receiving the token that the micro services are sent, based on the corresponding relationship between the token and client of storage is determining and institute The corresponding client of token of micro services transmission is stated, and based on preset client and calls the corresponding relationship between permission, really Whether fixed client corresponding with the token that the micro services are sent has the permission for calling the micro services.
Compared with prior art, above-mentioned technical proposal provided by the invention has the advantages that
From above-mentioned technical proposal it is found that client sends the call request for carrying token to API gateway in the application, lead to Whether crossing API gateway, to verify the token carried in the call request effective, if the token carried in the call request is effective, Illustrate that the client for sending the call request is the client by safety certification, API gateway is by the client Jing Guo safety certification The call request that end is sent is sent to micro services, to call micro services.Due to the client using API gateway to transmission call request End carries out safety certification, and the client that only safety certification passes through just is capable of calling micro services, ensure that the safety of micro services framework Property, and only need to develop API gateway, without being developed to each micro services itself in micro services framework, It not only reduces development cost and improves the versatility of safety certifying method.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is the present invention Some embodiments for those of ordinary skill in the art without creative efforts, can also basis These attached drawings obtain other attached drawings.
Fig. 1 is a kind of flow chart of safety certifying method provided in an embodiment of the present invention;
Fig. 2 is the flow chart of another safety certifying method provided in an embodiment of the present invention;
Fig. 3 is the timing diagram of another safety certifying method provided in an embodiment of the present invention;
Fig. 4 is the structural schematic diagram of API gateway provided in an embodiment of the present invention;
Fig. 5 is a kind of structural schematic diagram of security certification system provided in an embodiment of the present invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art Every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
Present embodiment discloses a kind of safety certifying methods, are applied to API gateway, are recognized with carrying out safety to micro services framework Card, referring to Fig. 1, the embodiment the following steps are included:
S101, the call request for carrying token that client is sent is received;Wherein, the token is to complete to client The token generated after safety certification;
In the present embodiment, token is carried in the call request that API gateway receives.Token is to complete safety to client Token is sent to the client for completing safety certification after generating token by the token generated after certification.So that completing safety certification Client exist call micro services demand when, to API gateway send carry token call request it is corresponding to call Micro services.
Whether S102, the verifying token are effective;
The token carried in the call request sent to client carries out validation verification.Wherein, token has validity period, Token is effective before the deadline;After validity period, token failure.
Verify a kind of whether effective implementation of token are as follows: the time that record token generates, carry order receiving After the call request of board, the generation time of the token carried in the call request is determined, and true according to the generation time of the token Before the deadline whether the fixed token.If it is determined that the token carried in the call request is before the deadline, then it is effective to verify token; If it is determined that the token carried in the call request is more than validity period, then token failure is verified.Whether another kind verifying token is effective Implementation are as follows: after token is more than validity period, delete the token of storage, i.e., only storage is in the token of validity period, is connecing After receiving the call request for carrying token, it is determined whether be stored with token identical with the token carried in the call request. If it is determined that being stored with token identical with the token carried in the call request, then it is effective to verify token;If it is determined that not storing There is token identical with the token carried in the call request, then verifies token failure.
If S103, to verify the token effective, the call request is sent to call the micro services to micro services.
Verifying token is effective, then illustrates that sending the client for carrying the token has been completed safety certification, will complete to pacify The call request that the client authenticated entirely is sent is sent to micro services, so that micro services handle the call request, and processing is tied Fruit is back to corresponding client.
Token valid is verified, then cannot respond the call request for this time calling micro services, sends prompt information to client, Token is reacquired with prompt.
From above-mentioned technical proposal it is found that client sends the call request for carrying token to API gateway in the present embodiment, Verify whether the token carried in the call request is effective by API gateway, if the token carried in the call request is effective, Then illustrate that the client for sending the call request is the client by safety certification, API gateway is by the visitor Jing Guo safety certification The call request that family end is sent is sent to micro services, to call micro services.By using API gateway to adjust transmission in this present embodiment Safety certification is carried out with the client of request, the client that only safety certification passes through just is capable of calling micro services, ensure that in incognito The safety of business framework, and only need to develop API gateway, without to each micro services sheet in micro services framework Body is developed, and is not only reduced development cost and is improved the versatility of safety certifying method.
Another safety certifying method is additionally provided in the present embodiment, shown in Figure 2, which includes following step It is rapid:
S201, the call request for carrying token that client is sent is received;Wherein, the token is to complete to client The token generated after safety certification;
The implementation of step S201 is similar with the implementation of step S101 in a upper embodiment in the present embodiment, herein It repeats no more.
S202, the token is sent to authentication center, it is whether effective to verify the token using authentication center;
In the present embodiment, after authentication center is used to receive the token acquisition request of client transmission, token is generated, and will The token of generation returns to the client for sending token acquisition request.When so that there is the demand for calling micro services in client, to API gateway sends the call request for carrying the token got from authentication center.
Wherein, token acquisition request includes client identity information.
Optionally, client identity information includes AK (Access Key ID), SK (Secret Access in the present embodiment Key), wherein SK is for identifying client.
Authentication center obtains client identity letter after receiving token acquisition request from the token acquisition request Breath;According to the client identity information, authentication is carried out to the client;If the client identity is verified, Then illustrate that client completes safety certification, generate token, the token of generation is sent to the client for completing safety certification, with benefit Authentication state is saved with token.If the client identity verifying is not over execution does not generate the operation of token, in turn Client cannot get token.
Optionally, it after authentication center completes to the verifying of client identity in the present embodiment, stores for identifying client Information, such as client identification, so that establishing the corresponding relationship between token and client after generating token.
It is a kind of generate token implementation are as follows: obtain code key, and based on security algorithm to the code key carry out operation after Generate token.Wherein, security algorithm can be national secret algorithm, and code key can be the random number generated at random, due to using every time Code key it is different, therefore further enhance safety.
Another kind generates the implementation of token are as follows: is believed using public key the client identity for including in token acquisition request Breath is encrypted, using ciphertext as token.
In the present embodiment, authentication center generates token and simultaneously sends out token except the token acquisition request for receiving client transmission It send to outside the function for the client for completing safety certification, also has in the call request to micro services received to API gateway Token carry out validation verification function.
Wherein, token has validity period, and token is effective before the deadline;After validity period, token failure.
Verify a kind of whether effective implementation of token are as follows: after authentication center generates token, record the token and be somebody's turn to do The generation time of token determines the life of the token carried in the call request after receiving and carrying the call request of token At the time, and the token carried in the call request is determined according to the generation time of the token whether before the deadline.If it is determined that The token carried in the call request before the deadline, then it is effective to verify token;If it is determined that the token carried in the call request More than validity period, then token failure is verified.
Another kind verifying the whether effective implementation of token are as follows: authentication center generate token after, record the token and The generation time of the token deletes the token of storage and the generation time of token, i.e., only stores after token is more than validity period Token in validity period, after receiving and carrying the call request of token, it is determined whether be stored with in the call request The identical token of the token of carrying.If it is determined that being stored with token identical with the token carried in the call request, then order is verified Board is effective;If it is determined that not being stored with token identical with the token carried in the call request, then token failure is verified.
S203, the verification result to the token that the authentication center returns is received;
If verifying the token valid, S204 is thened follow the steps;
If it is effective to verify the token, S205 is thened follow the steps;
Verification result include token effectively and token valid, token effectively illustrate client complete safety certification, token without Effect illustrates to need to re-execute the security authentication operation to client.
S204, Xiang Suoshu client send the information of token failure, so that after client receives the information that token fails Again token acquisition request is sent to the authentication center, the authentication center generates token after responding the token acquisition request And it is sent to the client;
Authentication center receives the mode and step of generation token after the token acquisition request that client is sent in this step Authentication center described in S202 receive client transmission token acquisition request after generate token mode it is similar, herein not It repeats again.
It is concurrent to regenerate new token by executing this step after authentication center completes to the safety certification of client It send to the client for completing safety certification, returns to step S201, so that client sends call request to API gateway again When carry new token.
By the verifying to token validity, can determine whether the client for sending call request is safe, still, safety Client might not have the permission for calling each micro services, therefore, complete to the safety certification of client after, it is also necessary to The verifying to client call permission is executed, only there is the client for calling permission, be just capable of calling corresponding micro services.This reality It applies in example, by executing step S205-S206, realizes the verifying to client call permission.
S205, according to the token carried in the call request, determine the client for sending the call request;
After call request is sent to micro services in the present embodiment, micro services not directly in response to the call request, but The permission to the calling micro services for the client for sending the call request is needed to verify.
By establishing the corresponding relationship between token and client after the generation token of authentication center in this present embodiment, because This, after micro services receive call request, can be sent to authentication center for the token got from call request, then recognize Corresponding relationship between token and client of the card center based on foundation determines visitor corresponding with the token carried in call request Family end, the client are to send the client of the call request.
S206, based on the client that prestores and the corresponding relationship between permission is called, determines and sends the call request Whether client has the permission for calling the micro services;
In authentication center other than being stored with the corresponding relationship between token and client, also it is stored with client and calls Corresponding relationship between permission.Corresponding relationship between client based on storage and calling permission, determines and sends the calling Whether the client of request has the permission for calling the micro services.
Step S205-S206 is the calling using authentication center to the client for sending the call request in the present embodiment Permission is verified.
The permission center being separately connected with authentication center, micro services, authentication center can also be set in other embodiments After generating token and establishing the corresponding relationship between token and client, the corresponding relationship between token and client is sent To permission central store.Client is preset in the permission center and calls the corresponding relationship between permission.Micro services are connecing After receiving the call request for carrying token, token is sent to permission center, token and client of the permission center based on storage Corresponding relationship between end determines that client corresponding with the token carried in call request, the client are described in transmission The client of call request, and the corresponding relationship between the client based on storage and calling permission, determine and send the calling Whether the client of request has the permission for calling the micro services.
S207, determine that the client for sending the call request has the permission for calling the micro services, then described in calling Micro services.
Determine that the client for sending the call request has the permission for calling the micro services, then calling is described in incognito Business, micro services handle call request, and processing result is back to the client for sending the call request step by step.
It determines that the client for sending the call request does not have the permission for calling the micro services, then cannot execute calling The operation of micro services returns to prompt information to the client for sending the call request, and it is described in incognito not have calling with prompt The permission of business.
Shown in Figure 3, it illustrates the timing diagrams of interaction between respectively holding in the present embodiment.
From above-mentioned technical proposal it is found that client sends the call request for carrying token to API gateway in the present embodiment, Verify whether the token carried in the call request is effective by API gateway, if the token carried in the call request is effective, Then illustrate that the client for sending the call request is the client by safety certification, API gateway is by the visitor Jing Guo safety certification The call request that family end is sent is sent to micro services, and verifies to the calling permission for the client for sending the call request, Verifying client has calling permission, then calls micro services.By using API gateway to transmission call request in this present embodiment Client carries out safety certification, and the client that only safety certification passes through just is capable of calling micro services, ensure that micro services framework Safety, and only need to develop API gateway, without opening each micro services itself in micro services framework Hair, not only reduces development cost and improves the versatility of safety certifying method.Meanwhile by client call permission Verifying, further ensure the safety of micro services framework.
Safety certifying method disclosed in corresponding above-described embodiment, present embodiment discloses a kind of API gateway, the API gateways Structural schematic diagram please refers to shown in Fig. 4, and API gateway includes: in the present embodiment
Receiving unit 401, authentication unit 402 and call unit 403;
Receiving unit 401, for receiving the call request for carrying token of client transmission;Wherein, the token is The token generated after safety certification is completed to client;
Authentication unit 402, it is whether effective for verifying the token;
Call unit 403 sends the call request to micro services if effective for verifying the token to call State micro services.
From above-mentioned technical proposal it is found that client sends the call request for carrying token to API gateway in the present embodiment, Verify whether the token carried in the call request is effective by API gateway, if the token carried in the call request is effective, Then illustrate that the client for sending the call request is the client by safety certification, API gateway is by the visitor Jing Guo safety certification The call request that family end is sent is sent to micro services, to call micro services.By using API gateway to adjust transmission in this present embodiment Safety certification is carried out with the client of request, the client that only safety certification passes through just is capable of calling micro services, ensure that in incognito The safety of business framework, and only need to develop API gateway, without to each micro services sheet in micro services framework Body is developed, and is not only reduced development cost and is improved the versatility of safety certifying method.
Corresponding safety certifying method disclosed above, the present embodiment additionally provide a kind of security certification system, which recognizes The structural schematic diagram of card system please refers to shown in Fig. 5, and security certification system includes: in the present embodiment
API gateway 501;
The client 502 and micro services 503 being separately connected with API gateway 501;
Client 502 is used to send the call request for carrying token to API gateway 501;
After API gateway 501 is used to receive the call request for carrying token of the transmission of client 502, the order is verified Whether board is effective, and when the verifying token is effective, sends the call request to micro services 503 to call the micro services.
Optionally, security certification system in the present embodiment further include:
The authentication center 504 being connect respectively with API gateway 501, client 502;
The token of generation is sent to client 502, and to the API net received for generating token by authentication center 504 It closes the token that 501 send and carries out validation verification, token verification result is sent to API gateway 501.
If the verification result is token valid:
API gateway 501 is also used to send the information that token fails to client 502;
After client 502 is also used to receive the information of token failure of the return of API gateway 501, sent out to authentication center 504 Send token acquisition request;
Authentication center 504 is also used to respond the token acquisition request to generate token, and the token of generation is sent to Client 502.
It optionally, include client identity information in token acquisition request, authentication center 504 responds the token acquisition and asks It asks, generates a kind of implementation of token are as follows: client identity information is obtained from the token acquisition request, according to the visitor Family end identity information carries out authentication to the client;If the client identity is verified, token is generated;If Client identity verifying is not over generating token then.
On the basis of security certification system shown in Fig. 5, further includes: permission center 505;
The permission center 505 being connect respectively with authentication center 504 and micro services 503;
Permission center 505 is used to receive and store the corresponding relationship between the token and client of the transmission of authentication center 504, After the token for receiving the transmission of micro services 503, based on the corresponding relationship determination and micro services between the token and client of storage 503 corresponding clients of token sent, and based on preset client and call the corresponding relationship between permission, it is determining with it is micro- Whether the corresponding client of token that service 503 is sent has the permission for calling the micro services.
From above-mentioned technical proposal it is found that client sends the call request for carrying token to API gateway in the present embodiment, Verify whether the token carried in the call request is effective by API gateway, if the token carried in the call request is effective, Then illustrate that the client for sending the call request is the client by safety certification, API gateway is by the visitor Jing Guo safety certification The call request that family end is sent is sent to micro services, and verifies to the calling permission for the client for sending the call request, Verifying client has calling permission, then calls micro services.By using API gateway to transmission call request in this present embodiment Client carries out safety certification, and the client that only safety certification passes through just is capable of calling micro services, ensure that micro services framework Safety, and only need to develop API gateway, without opening each micro services itself in micro services framework Hair, not only reduces development cost and improves the versatility of safety certifying method.Meanwhile by client call permission Verifying, further ensure the safety of micro services framework.
Each embodiment in this specification is described in a progressive manner, the highlights of each of the examples are with other The difference of embodiment, the same or similar parts in each embodiment may refer to each other.The device provided for embodiment For, since it is corresponding with the method that embodiment provides, so being described relatively simple, related place is said referring to method part It is bright.
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row His property includes, so that the process, method, article or equipment for including a series of elements not only includes those elements, and And further include other elements that are not explicitly listed, or further include for this process, method, article or equipment institute it is intrinsic Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including institute State in the process, method, article or equipment of element that there is also other identical elements.
The foregoing description of the disclosed embodiments can be realized those skilled in the art or using the present invention.To this A variety of modifications of a little embodiments will be apparent for a person skilled in the art, and the general principles defined herein can Without departing from the spirit or scope of the present invention, to realize in other embodiments.Therefore, the present invention will not be limited It is formed on the embodiments shown herein, and is to fit to consistent with the principles and novel features disclosed in this article widest Range.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also answered It is considered as protection scope of the present invention.

Claims (11)

1. a kind of safety certifying method, which is characterized in that be applied to API gateway, comprising:
Receive the call request for carrying token that client is sent;Wherein, the token is to complete safety certification to client The token generated afterwards;
Whether effective verify the token;
If it is effective to verify the token, the call request is sent to call the micro services to micro services.
2. safety certifying method according to claim 1, which is characterized in that whether the verifying token effectively wraps It includes:
The token is sent to authentication center, it is whether effective to verify the token using authentication center;
Receive the verification result to the token that the authentication center returns.
3. safety certifying method according to claim 1 or 2, which is characterized in that if verifying the token valid, also wrap It includes:
To the client send token fail information so that client receive token failure information after again to described Authentication center sends token acquisition request, and the authentication center generates token after responding the token acquisition request and is sent to institute State client.
4. safety certifying method according to claim 3, which is characterized in that the generation token includes:
Obtain code key;
Token is generated after carrying out operation to the code key based on security algorithm.
5. safety certifying method according to claim 3, which is characterized in that described to send the call request to micro services To call the micro services to include:
According to the token carried in the call request, the client for sending the call request is determined;
Based on the client prestored and the corresponding relationship between permission is called, whether is the determining client for sending the call request With the permission for calling the micro services;
It determines that the client for sending the call request has the permission for calling the micro services, then calls the micro services.
6. a kind of API gateway characterized by comprising
Receiving unit, for receiving the call request for carrying token of client transmission;Wherein, the token is to client Complete the token generated after safety certification;
Authentication unit, it is whether effective for verifying the token;
Call unit, if effective for verifying the token, send the call request to micro services with call it is described in incognito Business.
7. a kind of security certification system characterized by comprising
API gateway;
The client and micro services being separately connected with API gateway;
The client is used to send the call request for carrying token to the API gateway;
After the API gateway is used to receive the call request for carrying token that the client is sent, the token is verified Effectively whether, and when the verifying token is effective, Xiang Suoshu micro services send the call request to call the micro services.
8. security certification system according to claim 7, which is characterized in that further include:
The authentication center being connect respectively with the API gateway, the client;
The token of generation is sent to the client, and to the API received for generating token by the authentication center The token that gateway is sent carries out validation verification, and token verification result is sent to the API gateway.
9. security certification system according to claim 8, which is characterized in that if the verification result is token valid:
The API gateway is also used to send the information that token fails to the client;
After the client is also used to receive the information for the token failure that the API gateway returns, Xiang Suoshu authentication center hair Send token acquisition request;
The authentication center is also used to respond the token acquisition request to generate token, and the token of generation is sent to described Client.
10. security certification system according to claim 9, which is characterized in that the token acquisition request includes client Identity information;
Wherein, the response token acquisition request includes: to generate token
Client identity information is obtained from the token acquisition request;
According to the client identity information, authentication is carried out to the client;
If the client identity is verified, token is generated.
11. according to security certification system described in claim 7-10 any one, which is characterized in that further include:
The permission center being connect respectively with the authentication center and the micro services;
The permission center is used to receive and store the corresponding relationship between the token that the authentication center sends and client, connects After receiving the token that the micro services are sent, based on the corresponding relationship between the token and client of storage it is determining with it is described in incognito The corresponding client of token that business is sent, and based on preset client and the corresponding relationship between permission is called, determining and institute Whether the corresponding client of token for stating micro services transmission has the permission for calling the micro services.
CN201910073452.5A 2019-01-25 2019-01-25 A kind of safety certifying method, system and API gateway Pending CN109802835A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910073452.5A CN109802835A (en) 2019-01-25 2019-01-25 A kind of safety certifying method, system and API gateway

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910073452.5A CN109802835A (en) 2019-01-25 2019-01-25 A kind of safety certifying method, system and API gateway

Publications (1)

Publication Number Publication Date
CN109802835A true CN109802835A (en) 2019-05-24

Family

ID=66560406

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910073452.5A Pending CN109802835A (en) 2019-01-25 2019-01-25 A kind of safety certifying method, system and API gateway

Country Status (1)

Country Link
CN (1) CN109802835A (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110809011A (en) * 2020-01-08 2020-02-18 医渡云(北京)技术有限公司 Access control method and system, and storage medium
CN111010396A (en) * 2019-12-17 2020-04-14 紫光云(南京)数字技术有限公司 Internet identity authentication management method
CN111030828A (en) * 2019-12-19 2020-04-17 中国电建集团华东勘测设计研究院有限公司 Authority control method and system under micro-service architecture and access token
CN111093197A (en) * 2019-12-31 2020-05-01 北大方正集团有限公司 Authority authentication method, authority authentication system and computer readable storage medium
CN111355743A (en) * 2020-03-11 2020-06-30 成都卓杭网络科技股份有限公司 Management method and system based on API gateway
CN111865882A (en) * 2019-04-30 2020-10-30 北京神州泰岳软件股份有限公司 Micro-service authentication method and system
CN112291178A (en) * 2019-07-22 2021-01-29 京东方科技集团股份有限公司 Service providing method and device and electronic equipment
CN112367321A (en) * 2020-11-10 2021-02-12 苏州万店掌网络科技有限公司 Method for quickly constructing service call and middle station API gateway
CN112671841A (en) * 2020-12-10 2021-04-16 清研灵智信息咨询(北京)有限公司 Data security management method and system based on micro-service technology architecture
CN113810197A (en) * 2021-09-17 2021-12-17 上海市信产通信服务有限公司 Service calling method and system based on OpenAPI

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101626369A (en) * 2008-07-11 2010-01-13 中国移动通信集团公司 Method, device and system for single sign-on
CN102546166A (en) * 2010-12-31 2012-07-04 北大方正集团有限公司 Method, system and device for identity authentication
CN103188248A (en) * 2011-12-31 2013-07-03 卓望数码技术(深圳)有限公司 Identity authentication system and method based on single sign-on
CN103634301A (en) * 2013-11-14 2014-03-12 新浪网技术(中国)有限公司 Client side and method for accessing private data stored in server by user
CN105592003A (en) * 2014-10-22 2016-05-18 北京拓尔思信息技术股份有限公司 Cross-domain single sign-on method and system based on notification
CN105610938A (en) * 2015-12-24 2016-05-25 广州爱九游信息技术有限公司 Logging status synchronization method and system
CN107070880A (en) * 2017-02-16 2017-08-18 济南浪潮高新科技投资发展有限公司 A kind of method and system of single-sign-on, a kind of authentication center's server
CN107528853A (en) * 2017-09-12 2017-12-29 上海艾融软件股份有限公司 The implementation method of micro services control of authority
CN108512784A (en) * 2018-06-21 2018-09-07 珠海宏桥高科技有限公司 Authentication method based on gateway routing forwarding
US20180302391A1 (en) * 2017-04-12 2018-10-18 Cisco Technology, Inc. System and method for authenticating clients
CN108881232A (en) * 2018-06-21 2018-11-23 北京海泰方圆科技股份有限公司 Sign-on access method, apparatus, storage medium and the processor of operation system
CN109039880A (en) * 2018-09-05 2018-12-18 四川长虹电器股份有限公司 A method of simple authentication authorization is realized using API gateway

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101626369A (en) * 2008-07-11 2010-01-13 中国移动通信集团公司 Method, device and system for single sign-on
CN102546166A (en) * 2010-12-31 2012-07-04 北大方正集团有限公司 Method, system and device for identity authentication
CN103188248A (en) * 2011-12-31 2013-07-03 卓望数码技术(深圳)有限公司 Identity authentication system and method based on single sign-on
CN103634301A (en) * 2013-11-14 2014-03-12 新浪网技术(中国)有限公司 Client side and method for accessing private data stored in server by user
CN105592003A (en) * 2014-10-22 2016-05-18 北京拓尔思信息技术股份有限公司 Cross-domain single sign-on method and system based on notification
CN105610938A (en) * 2015-12-24 2016-05-25 广州爱九游信息技术有限公司 Logging status synchronization method and system
CN107070880A (en) * 2017-02-16 2017-08-18 济南浪潮高新科技投资发展有限公司 A kind of method and system of single-sign-on, a kind of authentication center's server
US20180302391A1 (en) * 2017-04-12 2018-10-18 Cisco Technology, Inc. System and method for authenticating clients
CN107528853A (en) * 2017-09-12 2017-12-29 上海艾融软件股份有限公司 The implementation method of micro services control of authority
CN108512784A (en) * 2018-06-21 2018-09-07 珠海宏桥高科技有限公司 Authentication method based on gateway routing forwarding
CN108881232A (en) * 2018-06-21 2018-11-23 北京海泰方圆科技股份有限公司 Sign-on access method, apparatus, storage medium and the processor of operation system
CN109039880A (en) * 2018-09-05 2018-12-18 四川长虹电器股份有限公司 A method of simple authentication authorization is realized using API gateway

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111865882B (en) * 2019-04-30 2023-03-31 北京神州泰岳软件股份有限公司 Micro-service authentication method and system
CN111865882A (en) * 2019-04-30 2020-10-30 北京神州泰岳软件股份有限公司 Micro-service authentication method and system
CN112291178A (en) * 2019-07-22 2021-01-29 京东方科技集团股份有限公司 Service providing method and device and electronic equipment
CN112291178B (en) * 2019-07-22 2024-03-22 京东方科技集团股份有限公司 Service providing method and device and electronic equipment
CN111010396A (en) * 2019-12-17 2020-04-14 紫光云(南京)数字技术有限公司 Internet identity authentication management method
CN111030828A (en) * 2019-12-19 2020-04-17 中国电建集团华东勘测设计研究院有限公司 Authority control method and system under micro-service architecture and access token
CN111030828B (en) * 2019-12-19 2022-04-19 中国电建集团华东勘测设计研究院有限公司 Authority control method and system under micro-service architecture
CN111093197A (en) * 2019-12-31 2020-05-01 北大方正集团有限公司 Authority authentication method, authority authentication system and computer readable storage medium
CN110809011B (en) * 2020-01-08 2020-06-19 医渡云(北京)技术有限公司 Access control method and system, and storage medium
CN110809011A (en) * 2020-01-08 2020-02-18 医渡云(北京)技术有限公司 Access control method and system, and storage medium
CN111355743A (en) * 2020-03-11 2020-06-30 成都卓杭网络科技股份有限公司 Management method and system based on API gateway
CN112367321A (en) * 2020-11-10 2021-02-12 苏州万店掌网络科技有限公司 Method for quickly constructing service call and middle station API gateway
CN112367321B (en) * 2020-11-10 2021-11-02 苏州万店掌网络科技有限公司 Method for quickly constructing service call and middle station API gateway
CN112671841A (en) * 2020-12-10 2021-04-16 清研灵智信息咨询(北京)有限公司 Data security management method and system based on micro-service technology architecture
CN113810197A (en) * 2021-09-17 2021-12-17 上海市信产通信服务有限公司 Service calling method and system based on OpenAPI

Similar Documents

Publication Publication Date Title
CN109802835A (en) A kind of safety certifying method, system and API gateway
CN105024819B (en) A kind of multiple-factor authentication method and system based on mobile terminal
US9264232B2 (en) Cryptographic device that binds an additional authentication factor to multiple identities
US9722984B2 (en) Proximity-based authentication
JP6401784B2 (en) Payment authentication system, method and apparatus
WO2017167093A1 (en) Method and device for registering biometric identity and authenticating biometric identity
US9450760B2 (en) System and method for authenticating a client to a device
CN109981561A (en) Monomer architecture system moves to the user authen method of micro services framework
CN109325342A (en) Identity information management method, apparatus, computer equipment and storage medium
CN101257489A (en) Method for protecting account number safety
CN103269270A (en) Real-name authentication safe login method and system based on cell phone number
CN101183932A (en) Security identification system of wireless application service and login and entry method thereof
CN105871864B (en) Mobile terminal authentication method and device
US10425407B2 (en) Secure transaction and access using insecure device
US20200313910A1 (en) System and method for efficient challenge-response authentication
CN105207970B (en) Authentication method, safety certification middleware and cloud computing resource pool based on public cloud
CN110069909A (en) It is a kind of to exempt from the close method and device for logging in third party system
CN109040030A (en) Single-point logging method and system
WO2015169000A1 (en) Identity recognition method and apparatus, and storage medium
CN110034933A (en) Inter-system subscriber mutual trust authentication method and inter-system subscriber mutual trust Verification System
CN105812138B (en) Processing method, device, user terminal and the login system of login
CN104009963B (en) The security authentication mechanism of remote password
WO2016144806A2 (en) Digital voice signature of transactions
CN116391347A (en) Code-based two-factor authentication
CN114553573A (en) Identity authentication method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190524