CN109802835A - A kind of safety certifying method, system and API gateway - Google Patents
A kind of safety certifying method, system and API gateway Download PDFInfo
- Publication number
- CN109802835A CN109802835A CN201910073452.5A CN201910073452A CN109802835A CN 109802835 A CN109802835 A CN 109802835A CN 201910073452 A CN201910073452 A CN 201910073452A CN 109802835 A CN109802835 A CN 109802835A
- Authority
- CN
- China
- Prior art keywords
- token
- client
- micro services
- call request
- api gateway
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 38
- 230000005540 biological transmission Effects 0.000 claims description 18
- 238000012795 verification Methods 0.000 claims description 15
- 238000010200 validation analysis Methods 0.000 claims description 5
- 230000004044 response Effects 0.000 claims description 3
- 238000011161 development Methods 0.000 abstract description 9
- 238000010586 diagram Methods 0.000 description 6
- 230000008901 benefit Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 2
- 235000013399 edible fruits Nutrition 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Abstract
The present invention provides a kind of safety certifying method, system and API gateways, client sends the call request for carrying token to API gateway in the safety certifying method, it is whether effective that the token carried in the call request is verified by API gateway, if the token carried in the call request is effective, then illustrate that the client for sending the call request is the client by safety certification, the call request that client Jing Guo safety certification is sent is sent to micro services by API gateway, to call micro services.Due to carrying out safety certification to the client for sending call request using API gateway, the client that only safety certification passes through just is capable of calling micro services, it ensure that the safety of micro services framework, and it only needs to develop API gateway, without being developed to each micro services itself in micro services framework, not only reduces development cost and improve the versatility of safety certifying method.
Description
Technical field
The invention belongs to technical field of security authentication more particularly to a kind of safety certifying methods, system and API gateway.
Background technique
With the fast development of distributed computing technology, micro services framework is paid close attention in enterprise-level application.
The safety certifying method of existing micro services framework is by developing to micro services itself, so that connecing in micro services
When receiving call request, safety certification is carried out to the client for sending call request, to guarantee the safety of micro services framework.
But it by developing micro services itself so that micro services have the function of safety certification, is not only due to need
Each micro services are individually carried out with exploitation causes development cost big, and not for the safety certifying method of each micro services exploitation
Can be general in other micro services, reduce the versatility of safety certifying method.
Summary of the invention
In view of this, the purpose of the present invention is to provide a kind of safety certifying method, system and API gateway, it is existing to solve
There is the safety certifying method development cost in technology applied to micro services framework big, the problem of poor universality.
Technical solution is as follows:
The present invention provides a kind of safety certifying method, is applied to API gateway, comprising:
Receive the call request for carrying token that client is sent;Wherein, the token is to complete safety to client
The token generated after certification;
Whether effective verify the token;
If it is effective to verify the token, the call request is sent to call the micro services to micro services.
Preferably, the verifying token whether effectively include:
The token is sent to authentication center, it is whether effective to verify the token using authentication center;
Receive the verification result to the token that the authentication center returns.
Preferably, if verifying the token valid, further includes:
To the client send token fail information so that client receive token failure information after again to
The authentication center sends token acquisition request, and the authentication center generates token after responding the token acquisition request and sends
To the client.
Preferably, the generation token includes:
Obtain code key;
Token is generated after carrying out operation to the code key based on security algorithm.
Preferably, described to micro services to send the call request to call the micro services to include:
According to the token carried in the call request, the client for sending the call request is determined;
Based on the client prestored and the corresponding relationship between permission is called, determines the client for sending the call request
Whether there is the permission for calling the micro services;
Determine that the client for sending the call request has the permission for calling the micro services, then calling is described in incognito
Business.
The present invention also provides a kind of API gateways, comprising:
Receiving unit, for receiving the call request for carrying token of client transmission;Wherein, the token is to visitor
Complete the token generated after safety certification in family end;
Authentication unit, it is whether effective for verifying the token;
It is described to call to send the call request to micro services if effective for verifying the token for call unit
Micro services.
The present invention also provides a kind of security certification systems, comprising:
API gateway;
The client and micro services being separately connected with API gateway;
The client is used to send the call request for carrying token to the API gateway;
After the API gateway is used to receive the call request for carrying token that the client is sent, described in verifying
Whether token effective, and verify the token it is effective when, Xiang Suoshu micro services send the call request with call it is described in incognito
Business.
Preferably, further includes:
The authentication center being connect respectively with the API gateway, the client;
The token of generation is sent to the client, and to the institute received for generating token by the authentication center
The token for stating API gateway transmission carries out validation verification, and token verification result is sent to the API gateway.
Preferably, if the verification result is token valid:
The API gateway is also used to send the information that token fails to the client;
After the client is also used to receive the information for the token failure that the API gateway returns, into the certification
The heart sends token acquisition request;
The authentication center is also used to respond the token acquisition request to generate token, and the token of generation is sent to
The client.
Preferably, the token acquisition request includes client identity information;
Wherein, the response token acquisition request includes: to generate token
Client identity information is obtained from the token acquisition request;
According to the client identity information, authentication is carried out to the client;
If the client identity is verified, token is generated.
Preferably, further includes:
The permission center being connect respectively with the authentication center and the micro services;
The permission center is used to receive and store the corresponding pass between the token that the authentication center sends and client
System, after receiving the token that the micro services are sent, based on the corresponding relationship between the token and client of storage is determining and institute
The corresponding client of token of micro services transmission is stated, and based on preset client and calls the corresponding relationship between permission, really
Whether fixed client corresponding with the token that the micro services are sent has the permission for calling the micro services.
Compared with prior art, above-mentioned technical proposal provided by the invention has the advantages that
From above-mentioned technical proposal it is found that client sends the call request for carrying token to API gateway in the application, lead to
Whether crossing API gateway, to verify the token carried in the call request effective, if the token carried in the call request is effective,
Illustrate that the client for sending the call request is the client by safety certification, API gateway is by the client Jing Guo safety certification
The call request that end is sent is sent to micro services, to call micro services.Due to the client using API gateway to transmission call request
End carries out safety certification, and the client that only safety certification passes through just is capable of calling micro services, ensure that the safety of micro services framework
Property, and only need to develop API gateway, without being developed to each micro services itself in micro services framework,
It not only reduces development cost and improves the versatility of safety certifying method.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is the present invention
Some embodiments for those of ordinary skill in the art without creative efforts, can also basis
These attached drawings obtain other attached drawings.
Fig. 1 is a kind of flow chart of safety certifying method provided in an embodiment of the present invention;
Fig. 2 is the flow chart of another safety certifying method provided in an embodiment of the present invention;
Fig. 3 is the timing diagram of another safety certifying method provided in an embodiment of the present invention;
Fig. 4 is the structural schematic diagram of API gateway provided in an embodiment of the present invention;
Fig. 5 is a kind of structural schematic diagram of security certification system provided in an embodiment of the present invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art
Every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
Present embodiment discloses a kind of safety certifying methods, are applied to API gateway, are recognized with carrying out safety to micro services framework
Card, referring to Fig. 1, the embodiment the following steps are included:
S101, the call request for carrying token that client is sent is received;Wherein, the token is to complete to client
The token generated after safety certification;
In the present embodiment, token is carried in the call request that API gateway receives.Token is to complete safety to client
Token is sent to the client for completing safety certification after generating token by the token generated after certification.So that completing safety certification
Client exist call micro services demand when, to API gateway send carry token call request it is corresponding to call
Micro services.
Whether S102, the verifying token are effective;
The token carried in the call request sent to client carries out validation verification.Wherein, token has validity period,
Token is effective before the deadline;After validity period, token failure.
Verify a kind of whether effective implementation of token are as follows: the time that record token generates, carry order receiving
After the call request of board, the generation time of the token carried in the call request is determined, and true according to the generation time of the token
Before the deadline whether the fixed token.If it is determined that the token carried in the call request is before the deadline, then it is effective to verify token;
If it is determined that the token carried in the call request is more than validity period, then token failure is verified.Whether another kind verifying token is effective
Implementation are as follows: after token is more than validity period, delete the token of storage, i.e., only storage is in the token of validity period, is connecing
After receiving the call request for carrying token, it is determined whether be stored with token identical with the token carried in the call request.
If it is determined that being stored with token identical with the token carried in the call request, then it is effective to verify token;If it is determined that not storing
There is token identical with the token carried in the call request, then verifies token failure.
If S103, to verify the token effective, the call request is sent to call the micro services to micro services.
Verifying token is effective, then illustrates that sending the client for carrying the token has been completed safety certification, will complete to pacify
The call request that the client authenticated entirely is sent is sent to micro services, so that micro services handle the call request, and processing is tied
Fruit is back to corresponding client.
Token valid is verified, then cannot respond the call request for this time calling micro services, sends prompt information to client,
Token is reacquired with prompt.
From above-mentioned technical proposal it is found that client sends the call request for carrying token to API gateway in the present embodiment,
Verify whether the token carried in the call request is effective by API gateway, if the token carried in the call request is effective,
Then illustrate that the client for sending the call request is the client by safety certification, API gateway is by the visitor Jing Guo safety certification
The call request that family end is sent is sent to micro services, to call micro services.By using API gateway to adjust transmission in this present embodiment
Safety certification is carried out with the client of request, the client that only safety certification passes through just is capable of calling micro services, ensure that in incognito
The safety of business framework, and only need to develop API gateway, without to each micro services sheet in micro services framework
Body is developed, and is not only reduced development cost and is improved the versatility of safety certifying method.
Another safety certifying method is additionally provided in the present embodiment, shown in Figure 2, which includes following step
It is rapid:
S201, the call request for carrying token that client is sent is received;Wherein, the token is to complete to client
The token generated after safety certification;
The implementation of step S201 is similar with the implementation of step S101 in a upper embodiment in the present embodiment, herein
It repeats no more.
S202, the token is sent to authentication center, it is whether effective to verify the token using authentication center;
In the present embodiment, after authentication center is used to receive the token acquisition request of client transmission, token is generated, and will
The token of generation returns to the client for sending token acquisition request.When so that there is the demand for calling micro services in client, to
API gateway sends the call request for carrying the token got from authentication center.
Wherein, token acquisition request includes client identity information.
Optionally, client identity information includes AK (Access Key ID), SK (Secret Access in the present embodiment
Key), wherein SK is for identifying client.
Authentication center obtains client identity letter after receiving token acquisition request from the token acquisition request
Breath;According to the client identity information, authentication is carried out to the client;If the client identity is verified,
Then illustrate that client completes safety certification, generate token, the token of generation is sent to the client for completing safety certification, with benefit
Authentication state is saved with token.If the client identity verifying is not over execution does not generate the operation of token, in turn
Client cannot get token.
Optionally, it after authentication center completes to the verifying of client identity in the present embodiment, stores for identifying client
Information, such as client identification, so that establishing the corresponding relationship between token and client after generating token.
It is a kind of generate token implementation are as follows: obtain code key, and based on security algorithm to the code key carry out operation after
Generate token.Wherein, security algorithm can be national secret algorithm, and code key can be the random number generated at random, due to using every time
Code key it is different, therefore further enhance safety.
Another kind generates the implementation of token are as follows: is believed using public key the client identity for including in token acquisition request
Breath is encrypted, using ciphertext as token.
In the present embodiment, authentication center generates token and simultaneously sends out token except the token acquisition request for receiving client transmission
It send to outside the function for the client for completing safety certification, also has in the call request to micro services received to API gateway
Token carry out validation verification function.
Wherein, token has validity period, and token is effective before the deadline;After validity period, token failure.
Verify a kind of whether effective implementation of token are as follows: after authentication center generates token, record the token and be somebody's turn to do
The generation time of token determines the life of the token carried in the call request after receiving and carrying the call request of token
At the time, and the token carried in the call request is determined according to the generation time of the token whether before the deadline.If it is determined that
The token carried in the call request before the deadline, then it is effective to verify token;If it is determined that the token carried in the call request
More than validity period, then token failure is verified.
Another kind verifying the whether effective implementation of token are as follows: authentication center generate token after, record the token and
The generation time of the token deletes the token of storage and the generation time of token, i.e., only stores after token is more than validity period
Token in validity period, after receiving and carrying the call request of token, it is determined whether be stored with in the call request
The identical token of the token of carrying.If it is determined that being stored with token identical with the token carried in the call request, then order is verified
Board is effective;If it is determined that not being stored with token identical with the token carried in the call request, then token failure is verified.
S203, the verification result to the token that the authentication center returns is received;
If verifying the token valid, S204 is thened follow the steps;
If it is effective to verify the token, S205 is thened follow the steps;
Verification result include token effectively and token valid, token effectively illustrate client complete safety certification, token without
Effect illustrates to need to re-execute the security authentication operation to client.
S204, Xiang Suoshu client send the information of token failure, so that after client receives the information that token fails
Again token acquisition request is sent to the authentication center, the authentication center generates token after responding the token acquisition request
And it is sent to the client;
Authentication center receives the mode and step of generation token after the token acquisition request that client is sent in this step
Authentication center described in S202 receive client transmission token acquisition request after generate token mode it is similar, herein not
It repeats again.
It is concurrent to regenerate new token by executing this step after authentication center completes to the safety certification of client
It send to the client for completing safety certification, returns to step S201, so that client sends call request to API gateway again
When carry new token.
By the verifying to token validity, can determine whether the client for sending call request is safe, still, safety
Client might not have the permission for calling each micro services, therefore, complete to the safety certification of client after, it is also necessary to
The verifying to client call permission is executed, only there is the client for calling permission, be just capable of calling corresponding micro services.This reality
It applies in example, by executing step S205-S206, realizes the verifying to client call permission.
S205, according to the token carried in the call request, determine the client for sending the call request;
After call request is sent to micro services in the present embodiment, micro services not directly in response to the call request, but
The permission to the calling micro services for the client for sending the call request is needed to verify.
By establishing the corresponding relationship between token and client after the generation token of authentication center in this present embodiment, because
This, after micro services receive call request, can be sent to authentication center for the token got from call request, then recognize
Corresponding relationship between token and client of the card center based on foundation determines visitor corresponding with the token carried in call request
Family end, the client are to send the client of the call request.
S206, based on the client that prestores and the corresponding relationship between permission is called, determines and sends the call request
Whether client has the permission for calling the micro services;
In authentication center other than being stored with the corresponding relationship between token and client, also it is stored with client and calls
Corresponding relationship between permission.Corresponding relationship between client based on storage and calling permission, determines and sends the calling
Whether the client of request has the permission for calling the micro services.
Step S205-S206 is the calling using authentication center to the client for sending the call request in the present embodiment
Permission is verified.
The permission center being separately connected with authentication center, micro services, authentication center can also be set in other embodiments
After generating token and establishing the corresponding relationship between token and client, the corresponding relationship between token and client is sent
To permission central store.Client is preset in the permission center and calls the corresponding relationship between permission.Micro services are connecing
After receiving the call request for carrying token, token is sent to permission center, token and client of the permission center based on storage
Corresponding relationship between end determines that client corresponding with the token carried in call request, the client are described in transmission
The client of call request, and the corresponding relationship between the client based on storage and calling permission, determine and send the calling
Whether the client of request has the permission for calling the micro services.
S207, determine that the client for sending the call request has the permission for calling the micro services, then described in calling
Micro services.
Determine that the client for sending the call request has the permission for calling the micro services, then calling is described in incognito
Business, micro services handle call request, and processing result is back to the client for sending the call request step by step.
It determines that the client for sending the call request does not have the permission for calling the micro services, then cannot execute calling
The operation of micro services returns to prompt information to the client for sending the call request, and it is described in incognito not have calling with prompt
The permission of business.
Shown in Figure 3, it illustrates the timing diagrams of interaction between respectively holding in the present embodiment.
From above-mentioned technical proposal it is found that client sends the call request for carrying token to API gateway in the present embodiment,
Verify whether the token carried in the call request is effective by API gateway, if the token carried in the call request is effective,
Then illustrate that the client for sending the call request is the client by safety certification, API gateway is by the visitor Jing Guo safety certification
The call request that family end is sent is sent to micro services, and verifies to the calling permission for the client for sending the call request,
Verifying client has calling permission, then calls micro services.By using API gateway to transmission call request in this present embodiment
Client carries out safety certification, and the client that only safety certification passes through just is capable of calling micro services, ensure that micro services framework
Safety, and only need to develop API gateway, without opening each micro services itself in micro services framework
Hair, not only reduces development cost and improves the versatility of safety certifying method.Meanwhile by client call permission
Verifying, further ensure the safety of micro services framework.
Safety certifying method disclosed in corresponding above-described embodiment, present embodiment discloses a kind of API gateway, the API gateways
Structural schematic diagram please refers to shown in Fig. 4, and API gateway includes: in the present embodiment
Receiving unit 401, authentication unit 402 and call unit 403;
Receiving unit 401, for receiving the call request for carrying token of client transmission;Wherein, the token is
The token generated after safety certification is completed to client;
Authentication unit 402, it is whether effective for verifying the token;
Call unit 403 sends the call request to micro services if effective for verifying the token to call
State micro services.
From above-mentioned technical proposal it is found that client sends the call request for carrying token to API gateway in the present embodiment,
Verify whether the token carried in the call request is effective by API gateway, if the token carried in the call request is effective,
Then illustrate that the client for sending the call request is the client by safety certification, API gateway is by the visitor Jing Guo safety certification
The call request that family end is sent is sent to micro services, to call micro services.By using API gateway to adjust transmission in this present embodiment
Safety certification is carried out with the client of request, the client that only safety certification passes through just is capable of calling micro services, ensure that in incognito
The safety of business framework, and only need to develop API gateway, without to each micro services sheet in micro services framework
Body is developed, and is not only reduced development cost and is improved the versatility of safety certifying method.
Corresponding safety certifying method disclosed above, the present embodiment additionally provide a kind of security certification system, which recognizes
The structural schematic diagram of card system please refers to shown in Fig. 5, and security certification system includes: in the present embodiment
API gateway 501;
The client 502 and micro services 503 being separately connected with API gateway 501;
Client 502 is used to send the call request for carrying token to API gateway 501;
After API gateway 501 is used to receive the call request for carrying token of the transmission of client 502, the order is verified
Whether board is effective, and when the verifying token is effective, sends the call request to micro services 503 to call the micro services.
Optionally, security certification system in the present embodiment further include:
The authentication center 504 being connect respectively with API gateway 501, client 502;
The token of generation is sent to client 502, and to the API net received for generating token by authentication center 504
It closes the token that 501 send and carries out validation verification, token verification result is sent to API gateway 501.
If the verification result is token valid:
API gateway 501 is also used to send the information that token fails to client 502;
After client 502 is also used to receive the information of token failure of the return of API gateway 501, sent out to authentication center 504
Send token acquisition request;
Authentication center 504 is also used to respond the token acquisition request to generate token, and the token of generation is sent to
Client 502.
It optionally, include client identity information in token acquisition request, authentication center 504 responds the token acquisition and asks
It asks, generates a kind of implementation of token are as follows: client identity information is obtained from the token acquisition request, according to the visitor
Family end identity information carries out authentication to the client;If the client identity is verified, token is generated;If
Client identity verifying is not over generating token then.
On the basis of security certification system shown in Fig. 5, further includes: permission center 505;
The permission center 505 being connect respectively with authentication center 504 and micro services 503;
Permission center 505 is used to receive and store the corresponding relationship between the token and client of the transmission of authentication center 504,
After the token for receiving the transmission of micro services 503, based on the corresponding relationship determination and micro services between the token and client of storage
503 corresponding clients of token sent, and based on preset client and call the corresponding relationship between permission, it is determining with it is micro-
Whether the corresponding client of token that service 503 is sent has the permission for calling the micro services.
From above-mentioned technical proposal it is found that client sends the call request for carrying token to API gateway in the present embodiment,
Verify whether the token carried in the call request is effective by API gateway, if the token carried in the call request is effective,
Then illustrate that the client for sending the call request is the client by safety certification, API gateway is by the visitor Jing Guo safety certification
The call request that family end is sent is sent to micro services, and verifies to the calling permission for the client for sending the call request,
Verifying client has calling permission, then calls micro services.By using API gateway to transmission call request in this present embodiment
Client carries out safety certification, and the client that only safety certification passes through just is capable of calling micro services, ensure that micro services framework
Safety, and only need to develop API gateway, without opening each micro services itself in micro services framework
Hair, not only reduces development cost and improves the versatility of safety certifying method.Meanwhile by client call permission
Verifying, further ensure the safety of micro services framework.
Each embodiment in this specification is described in a progressive manner, the highlights of each of the examples are with other
The difference of embodiment, the same or similar parts in each embodiment may refer to each other.The device provided for embodiment
For, since it is corresponding with the method that embodiment provides, so being described relatively simple, related place is said referring to method part
It is bright.
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row
His property includes, so that the process, method, article or equipment for including a series of elements not only includes those elements, and
And further include other elements that are not explicitly listed, or further include for this process, method, article or equipment institute it is intrinsic
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including institute
State in the process, method, article or equipment of element that there is also other identical elements.
The foregoing description of the disclosed embodiments can be realized those skilled in the art or using the present invention.To this
A variety of modifications of a little embodiments will be apparent for a person skilled in the art, and the general principles defined herein can
Without departing from the spirit or scope of the present invention, to realize in other embodiments.Therefore, the present invention will not be limited
It is formed on the embodiments shown herein, and is to fit to consistent with the principles and novel features disclosed in this article widest
Range.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also answered
It is considered as protection scope of the present invention.
Claims (11)
1. a kind of safety certifying method, which is characterized in that be applied to API gateway, comprising:
Receive the call request for carrying token that client is sent;Wherein, the token is to complete safety certification to client
The token generated afterwards;
Whether effective verify the token;
If it is effective to verify the token, the call request is sent to call the micro services to micro services.
2. safety certifying method according to claim 1, which is characterized in that whether the verifying token effectively wraps
It includes:
The token is sent to authentication center, it is whether effective to verify the token using authentication center;
Receive the verification result to the token that the authentication center returns.
3. safety certifying method according to claim 1 or 2, which is characterized in that if verifying the token valid, also wrap
It includes:
To the client send token fail information so that client receive token failure information after again to described
Authentication center sends token acquisition request, and the authentication center generates token after responding the token acquisition request and is sent to institute
State client.
4. safety certifying method according to claim 3, which is characterized in that the generation token includes:
Obtain code key;
Token is generated after carrying out operation to the code key based on security algorithm.
5. safety certifying method according to claim 3, which is characterized in that described to send the call request to micro services
To call the micro services to include:
According to the token carried in the call request, the client for sending the call request is determined;
Based on the client prestored and the corresponding relationship between permission is called, whether is the determining client for sending the call request
With the permission for calling the micro services;
It determines that the client for sending the call request has the permission for calling the micro services, then calls the micro services.
6. a kind of API gateway characterized by comprising
Receiving unit, for receiving the call request for carrying token of client transmission;Wherein, the token is to client
Complete the token generated after safety certification;
Authentication unit, it is whether effective for verifying the token;
Call unit, if effective for verifying the token, send the call request to micro services with call it is described in incognito
Business.
7. a kind of security certification system characterized by comprising
API gateway;
The client and micro services being separately connected with API gateway;
The client is used to send the call request for carrying token to the API gateway;
After the API gateway is used to receive the call request for carrying token that the client is sent, the token is verified
Effectively whether, and when the verifying token is effective, Xiang Suoshu micro services send the call request to call the micro services.
8. security certification system according to claim 7, which is characterized in that further include:
The authentication center being connect respectively with the API gateway, the client;
The token of generation is sent to the client, and to the API received for generating token by the authentication center
The token that gateway is sent carries out validation verification, and token verification result is sent to the API gateway.
9. security certification system according to claim 8, which is characterized in that if the verification result is token valid:
The API gateway is also used to send the information that token fails to the client;
After the client is also used to receive the information for the token failure that the API gateway returns, Xiang Suoshu authentication center hair
Send token acquisition request;
The authentication center is also used to respond the token acquisition request to generate token, and the token of generation is sent to described
Client.
10. security certification system according to claim 9, which is characterized in that the token acquisition request includes client
Identity information;
Wherein, the response token acquisition request includes: to generate token
Client identity information is obtained from the token acquisition request;
According to the client identity information, authentication is carried out to the client;
If the client identity is verified, token is generated.
11. according to security certification system described in claim 7-10 any one, which is characterized in that further include:
The permission center being connect respectively with the authentication center and the micro services;
The permission center is used to receive and store the corresponding relationship between the token that the authentication center sends and client, connects
After receiving the token that the micro services are sent, based on the corresponding relationship between the token and client of storage it is determining with it is described in incognito
The corresponding client of token that business is sent, and based on preset client and the corresponding relationship between permission is called, determining and institute
Whether the corresponding client of token for stating micro services transmission has the permission for calling the micro services.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910073452.5A CN109802835A (en) | 2019-01-25 | 2019-01-25 | A kind of safety certifying method, system and API gateway |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910073452.5A CN109802835A (en) | 2019-01-25 | 2019-01-25 | A kind of safety certifying method, system and API gateway |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109802835A true CN109802835A (en) | 2019-05-24 |
Family
ID=66560406
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910073452.5A Pending CN109802835A (en) | 2019-01-25 | 2019-01-25 | A kind of safety certifying method, system and API gateway |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109802835A (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110809011A (en) * | 2020-01-08 | 2020-02-18 | 医渡云(北京)技术有限公司 | Access control method and system, and storage medium |
CN111010396A (en) * | 2019-12-17 | 2020-04-14 | 紫光云(南京)数字技术有限公司 | Internet identity authentication management method |
CN111030828A (en) * | 2019-12-19 | 2020-04-17 | 中国电建集团华东勘测设计研究院有限公司 | Authority control method and system under micro-service architecture and access token |
CN111093197A (en) * | 2019-12-31 | 2020-05-01 | 北大方正集团有限公司 | Authority authentication method, authority authentication system and computer readable storage medium |
CN111355743A (en) * | 2020-03-11 | 2020-06-30 | 成都卓杭网络科技股份有限公司 | Management method and system based on API gateway |
CN111865882A (en) * | 2019-04-30 | 2020-10-30 | 北京神州泰岳软件股份有限公司 | Micro-service authentication method and system |
CN112291178A (en) * | 2019-07-22 | 2021-01-29 | 京东方科技集团股份有限公司 | Service providing method and device and electronic equipment |
CN112367321A (en) * | 2020-11-10 | 2021-02-12 | 苏州万店掌网络科技有限公司 | Method for quickly constructing service call and middle station API gateway |
CN112671841A (en) * | 2020-12-10 | 2021-04-16 | 清研灵智信息咨询(北京)有限公司 | Data security management method and system based on micro-service technology architecture |
CN113810197A (en) * | 2021-09-17 | 2021-12-17 | 上海市信产通信服务有限公司 | Service calling method and system based on OpenAPI |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101626369A (en) * | 2008-07-11 | 2010-01-13 | 中国移动通信集团公司 | Method, device and system for single sign-on |
CN102546166A (en) * | 2010-12-31 | 2012-07-04 | 北大方正集团有限公司 | Method, system and device for identity authentication |
CN103188248A (en) * | 2011-12-31 | 2013-07-03 | 卓望数码技术(深圳)有限公司 | Identity authentication system and method based on single sign-on |
CN103634301A (en) * | 2013-11-14 | 2014-03-12 | 新浪网技术(中国)有限公司 | Client side and method for accessing private data stored in server by user |
CN105592003A (en) * | 2014-10-22 | 2016-05-18 | 北京拓尔思信息技术股份有限公司 | Cross-domain single sign-on method and system based on notification |
CN105610938A (en) * | 2015-12-24 | 2016-05-25 | 广州爱九游信息技术有限公司 | Logging status synchronization method and system |
CN107070880A (en) * | 2017-02-16 | 2017-08-18 | 济南浪潮高新科技投资发展有限公司 | A kind of method and system of single-sign-on, a kind of authentication center's server |
CN107528853A (en) * | 2017-09-12 | 2017-12-29 | 上海艾融软件股份有限公司 | The implementation method of micro services control of authority |
CN108512784A (en) * | 2018-06-21 | 2018-09-07 | 珠海宏桥高科技有限公司 | Authentication method based on gateway routing forwarding |
US20180302391A1 (en) * | 2017-04-12 | 2018-10-18 | Cisco Technology, Inc. | System and method for authenticating clients |
CN108881232A (en) * | 2018-06-21 | 2018-11-23 | 北京海泰方圆科技股份有限公司 | Sign-on access method, apparatus, storage medium and the processor of operation system |
CN109039880A (en) * | 2018-09-05 | 2018-12-18 | 四川长虹电器股份有限公司 | A method of simple authentication authorization is realized using API gateway |
-
2019
- 2019-01-25 CN CN201910073452.5A patent/CN109802835A/en active Pending
Patent Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101626369A (en) * | 2008-07-11 | 2010-01-13 | 中国移动通信集团公司 | Method, device and system for single sign-on |
CN102546166A (en) * | 2010-12-31 | 2012-07-04 | 北大方正集团有限公司 | Method, system and device for identity authentication |
CN103188248A (en) * | 2011-12-31 | 2013-07-03 | 卓望数码技术(深圳)有限公司 | Identity authentication system and method based on single sign-on |
CN103634301A (en) * | 2013-11-14 | 2014-03-12 | 新浪网技术(中国)有限公司 | Client side and method for accessing private data stored in server by user |
CN105592003A (en) * | 2014-10-22 | 2016-05-18 | 北京拓尔思信息技术股份有限公司 | Cross-domain single sign-on method and system based on notification |
CN105610938A (en) * | 2015-12-24 | 2016-05-25 | 广州爱九游信息技术有限公司 | Logging status synchronization method and system |
CN107070880A (en) * | 2017-02-16 | 2017-08-18 | 济南浪潮高新科技投资发展有限公司 | A kind of method and system of single-sign-on, a kind of authentication center's server |
US20180302391A1 (en) * | 2017-04-12 | 2018-10-18 | Cisco Technology, Inc. | System and method for authenticating clients |
CN107528853A (en) * | 2017-09-12 | 2017-12-29 | 上海艾融软件股份有限公司 | The implementation method of micro services control of authority |
CN108512784A (en) * | 2018-06-21 | 2018-09-07 | 珠海宏桥高科技有限公司 | Authentication method based on gateway routing forwarding |
CN108881232A (en) * | 2018-06-21 | 2018-11-23 | 北京海泰方圆科技股份有限公司 | Sign-on access method, apparatus, storage medium and the processor of operation system |
CN109039880A (en) * | 2018-09-05 | 2018-12-18 | 四川长虹电器股份有限公司 | A method of simple authentication authorization is realized using API gateway |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111865882B (en) * | 2019-04-30 | 2023-03-31 | 北京神州泰岳软件股份有限公司 | Micro-service authentication method and system |
CN111865882A (en) * | 2019-04-30 | 2020-10-30 | 北京神州泰岳软件股份有限公司 | Micro-service authentication method and system |
CN112291178A (en) * | 2019-07-22 | 2021-01-29 | 京东方科技集团股份有限公司 | Service providing method and device and electronic equipment |
CN112291178B (en) * | 2019-07-22 | 2024-03-22 | 京东方科技集团股份有限公司 | Service providing method and device and electronic equipment |
CN111010396A (en) * | 2019-12-17 | 2020-04-14 | 紫光云(南京)数字技术有限公司 | Internet identity authentication management method |
CN111030828A (en) * | 2019-12-19 | 2020-04-17 | 中国电建集团华东勘测设计研究院有限公司 | Authority control method and system under micro-service architecture and access token |
CN111030828B (en) * | 2019-12-19 | 2022-04-19 | 中国电建集团华东勘测设计研究院有限公司 | Authority control method and system under micro-service architecture |
CN111093197A (en) * | 2019-12-31 | 2020-05-01 | 北大方正集团有限公司 | Authority authentication method, authority authentication system and computer readable storage medium |
CN110809011B (en) * | 2020-01-08 | 2020-06-19 | 医渡云(北京)技术有限公司 | Access control method and system, and storage medium |
CN110809011A (en) * | 2020-01-08 | 2020-02-18 | 医渡云(北京)技术有限公司 | Access control method and system, and storage medium |
CN111355743A (en) * | 2020-03-11 | 2020-06-30 | 成都卓杭网络科技股份有限公司 | Management method and system based on API gateway |
CN112367321A (en) * | 2020-11-10 | 2021-02-12 | 苏州万店掌网络科技有限公司 | Method for quickly constructing service call and middle station API gateway |
CN112367321B (en) * | 2020-11-10 | 2021-11-02 | 苏州万店掌网络科技有限公司 | Method for quickly constructing service call and middle station API gateway |
CN112671841A (en) * | 2020-12-10 | 2021-04-16 | 清研灵智信息咨询(北京)有限公司 | Data security management method and system based on micro-service technology architecture |
CN113810197A (en) * | 2021-09-17 | 2021-12-17 | 上海市信产通信服务有限公司 | Service calling method and system based on OpenAPI |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109802835A (en) | A kind of safety certifying method, system and API gateway | |
CN105024819B (en) | A kind of multiple-factor authentication method and system based on mobile terminal | |
US9264232B2 (en) | Cryptographic device that binds an additional authentication factor to multiple identities | |
US9722984B2 (en) | Proximity-based authentication | |
JP6401784B2 (en) | Payment authentication system, method and apparatus | |
WO2017167093A1 (en) | Method and device for registering biometric identity and authenticating biometric identity | |
US9450760B2 (en) | System and method for authenticating a client to a device | |
CN109981561A (en) | Monomer architecture system moves to the user authen method of micro services framework | |
CN109325342A (en) | Identity information management method, apparatus, computer equipment and storage medium | |
CN101257489A (en) | Method for protecting account number safety | |
CN103269270A (en) | Real-name authentication safe login method and system based on cell phone number | |
CN101183932A (en) | Security identification system of wireless application service and login and entry method thereof | |
CN105871864B (en) | Mobile terminal authentication method and device | |
US10425407B2 (en) | Secure transaction and access using insecure device | |
US20200313910A1 (en) | System and method for efficient challenge-response authentication | |
CN105207970B (en) | Authentication method, safety certification middleware and cloud computing resource pool based on public cloud | |
CN110069909A (en) | It is a kind of to exempt from the close method and device for logging in third party system | |
CN109040030A (en) | Single-point logging method and system | |
WO2015169000A1 (en) | Identity recognition method and apparatus, and storage medium | |
CN110034933A (en) | Inter-system subscriber mutual trust authentication method and inter-system subscriber mutual trust Verification System | |
CN105812138B (en) | Processing method, device, user terminal and the login system of login | |
CN104009963B (en) | The security authentication mechanism of remote password | |
WO2016144806A2 (en) | Digital voice signature of transactions | |
CN116391347A (en) | Code-based two-factor authentication | |
CN114553573A (en) | Identity authentication method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190524 |