CN113901428A - Login method and device of multi-tenant system - Google Patents

Login method and device of multi-tenant system Download PDF

Info

Publication number
CN113901428A
CN113901428A CN202111038630.4A CN202111038630A CN113901428A CN 113901428 A CN113901428 A CN 113901428A CN 202111038630 A CN202111038630 A CN 202111038630A CN 113901428 A CN113901428 A CN 113901428A
Authority
CN
China
Prior art keywords
tenant system
tenant
user
authentication token
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111038630.4A
Other languages
Chinese (zh)
Inventor
范凌
王喆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tezign Shanghai Information Technology Co Ltd
Original Assignee
Tezign Shanghai Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tezign Shanghai Information Technology Co Ltd filed Critical Tezign Shanghai Information Technology Co Ltd
Priority to CN202111038630.4A priority Critical patent/CN113901428A/en
Publication of CN113901428A publication Critical patent/CN113901428A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/41User authentication where a single sign-on provides access to a plurality of computers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the disclosure discloses a login method and a device of a multi-tenant system, wherein the method comprises the following steps: responding to a received request for accessing any tenant system in the multi-tenant system by a user, and analyzing the request to obtain identification information contained in the request; on the basis of identification information pre-configured for any tenant system, consistency check is carried out on the identification information contained in the request, and a check result is obtained; and if the verification result indicates that the verification is consistent, generating an authentication token so as to access the any tenant system and/or other tenant systems in the multi-tenant system through the authentication token. By verifying the identification information in the request, if the verification is successful, an authentication token for cross-tenant login is generated, single-point login of a multi-tenant system can be realized by generating the authentication token, the login safety and the login efficiency are improved, and the technical problems of low login efficiency and poor safety in the related technology are solved.

Description

Login method and device of multi-tenant system
Technical Field
The disclosure relates to the technical field of data processing, in particular to a login method and device of a multi-tenant system.
Background
Multi-tenant technology (english) or multi-tenancy technology is a software architecture technology that explores how to share the same system or program components in a multi-user environment and still ensures data isolation among users.
In the related art, the login of the multi-tenant system is generally performed by respectively logging in each tenant system and performing login verification by each tenant system, and the method is poor in login security, low in login efficiency and high in computing resource consumption of each tenant system.
Disclosure of Invention
The main purpose of the present disclosure is to provide a login method and device for a multi-tenant system.
In order to achieve the above object, according to a first aspect of the present disclosure, a login method and apparatus for a multi-tenant system are provided, including: responding to a received request for accessing any tenant system in a multi-tenant system by a user, and analyzing the request to obtain identification information contained in the request; performing consistency check on the identification information contained in the request based on the identification information preconfigured for any tenant system to obtain a check result; and if the verification result indicates that the verification is consistent, generating an authentication token so as to access any tenant system through the authentication token.
Optionally, the method further comprises: based on the authentication token, judging whether the user currently has the access right to any tenant system; and/or judging whether the user currently has the access right to other tenant systems in the multi-tenant system or not based on the authentication token.
Optionally, based on the authentication token, determining whether the user currently has a right to access to any of the tenant systems includes: in response to receiving a request for re-access of a user to any tenant system, judging whether the any tenant system already creates session control; and determining the current access authority of the target user to any tenant system based on the judgment result.
Optionally, the method further comprises: and checking the authentication token based on the judgment result to determine the current access authority of the target user to any tenant system.
Optionally, based on the authentication token, determining whether the user currently has a right to access another tenant system in the multi-tenant system includes: in response to receiving a request for the user to access other tenant systems of the multi-tenant system, determining whether an authentication token corresponding to the user is stored in a cache; and if the authentication token corresponding to the user is stored, checking the authentication token to determine the access authority of the user to the other tenant system based on the checking result.
Optionally, the method further comprises: if the authentication token corresponding to the user is not stored in the cache, analyzing the request to obtain first identification information contained in the request; verifying the first identification information to obtain a first verification result; and if the first verification result indicates that the verification is successful, generating a first authentication token for accessing the other tenant system.
According to a second aspect of the present disclosure, there is provided a single sign-on apparatus comprising: the response unit is configured to respond to a request of a user for accessing any tenant system in the multi-tenant system, analyze the request and obtain identification information contained in the request; the verification unit is configured to verify the identification information to obtain a verification result; a login unit configured to generate an authentication token for accessing the any tenant system if the verification result indicates a successful verification.
Optionally, the apparatus further comprises: a first judging unit configured to judge whether the user currently has an authority to access any of the tenant systems based on the authentication token; and/or the second judging unit is configured to judge whether the user currently has the authority of accessing other tenant systems in the multi-tenant system or not based on the authentication token.
According to a third aspect of the present disclosure, a computer-readable storage medium is provided, which stores computer instructions for causing the computer to execute the login method of the multi-tenant system in any one of the options of the first aspect.
According to a fourth aspect of the present disclosure, there is provided an electronic device comprising: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores a computer program executable by the at least one processor, the computer program being executable by the at least one processor to cause the at least one processor to perform the method of logging on a multi-tenant system as set forth in any one of the alternatives of the first aspect.
The login method and device of the multi-tenant system in the embodiment of the disclosure comprise the following steps: responding to a received request for accessing any tenant system in the multi-tenant system by a user, and analyzing the request to obtain identification information contained in the request; performing consistency check on the identification information contained in the request based on the identification information preconfigured for any tenant system to obtain a check result; and if the verification result indicates that the verification is consistent, generating an authentication token so as to access the any tenant system and/or other tenant systems in the multi-tenant system through the authentication token. By verifying the identification information in the request, if the verification is successful, an authentication token for cross-tenant login is generated, single-point login of a multi-tenant system can be realized by generating the authentication token, the login safety and the login efficiency are improved, and the technical problems of low login efficiency and poor safety in the related technology are solved.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present disclosure, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 is a flow chart of a method of logging on a multi-tenant system according to an embodiment of the present disclosure;
fig. 2 is a schematic structural diagram of a login device of a multi-tenant system according to an embodiment of the present disclosure;
fig. 3 is a schematic diagram of an electronic device according to an embodiment of the disclosure.
Detailed Description
In order to make the technical solutions of the present disclosure better understood by those skilled in the art, the technical solutions of the embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the described embodiments are only some embodiments of the present disclosure, not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
It should be noted that the terms "first," "second," and the like in the description and claims of the present disclosure and in the above-described drawings are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It should be understood that the data so used may be interchanged under appropriate circumstances such that embodiments of the present disclosure may be described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be noted that, in the present disclosure, the embodiments and features of the embodiments may be combined with each other without conflict. The present disclosure will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
According to an embodiment of the present disclosure, there is provided a login method of a multi-tenant system, as shown in fig. 1, the method includes the following steps 101 to 103:
step 101: responding to a received request of a user for accessing any tenant system in the multi-tenant system, and analyzing the request to obtain identification information contained in the request.
In this embodiment, each tenant system and the identification information of the enterprise to which each tenant system belongs may be associated in advance, that is, the enterprise identification information is configured for each tenant system, and then login information is generated for the user of the enterprise based on the identification information. The method and the device can realize unified management of the login information of the users in the enterprise by taking the enterprise as a unit. After the user can log in through the mailbox or the mobile phone number of the user side to complete login authentication, an access request is sent to the tenant system.
If any tenant system in the multi-tenant system is accessed for the first time, after a request for accessing any tenant system in the multi-tenant system by a user in any enterprise is received, information contained in the request is analyzed to obtain identification information contained in the request, wherein the identification information can be enterprise identification information, and one or more tenant systems can correspond to one enterprise identification information.
Illustratively, before step 101, business entity information may also be preconfigured, and one business entity corresponds to one real business using the tenant system. A business system is configured, and an enterprise often has one to more business systems (the business system can be a tenant system or other types of systems). Configuring an account entity, wherein the authentication identifier of the account can be: mobile phone numbers, mailboxes, etc.; the account number can be created through the following three ways: an administrator of the service system initiates an invitation through a mailbox, and a user clicks an activation link to complete activation after receiving an invitation mail; the administrator of the service system initiates the invitation through the mobile phone number, and the user directly logs in the service system by using the mobile phone number after receiving the invitation short message to complete the activation (the first access to the service system requires the mobile phone number to obtain the short message verification code for verification). The mapping of the corresponding relationship between the tenant system and the enterprise can be realized through the configuration; and mapping the corresponding relation between the user and the user login account.
Step 102: and carrying out consistency check on the identification information contained in the request based on the identification information preconfigured for any tenant system to obtain a check result.
In this embodiment, whether the user requesting login is a legitimate user of the enterprise may be verified through the enterprise identification information, and the enterprise identification information included in the request may be compared with the enterprise identification information pre-configured by the tenant system to be accessed to obtain a result of consistency or inconsistency in verification. If the verification is consistent, the fact that the enterprise to which the access user belongs and the enterprise to which the tenant system to be accessed belongs are the same enterprise is proved, and the user is a legal user; otherwise, the user is an illegal user.
For example, if a user requests to log in a certain tenant system, after acquiring the identification information in the request, judging that the identification information is passed through the inspection if the identification information is consistent with the enterprise identification information of the tenant system requesting access; and if the identification information is inconsistent with the enterprise identification information of the tenant system requesting access, the verification fails, and the user continues to resend the request through the user side.
Step 103: and if the verification result indicates that the verification is consistent, generating an authentication token so as to access the any tenant system and/or other tenant systems in the multi-tenant system through the authentication token.
In the present embodiment, if the verification result in step 102 is check consistency, an authentication token that can be used for accessing the tenant system can be generated at the same time. The authentication token generated by the method can be used for accessing different tenant systems with the same enterprise identification information, and the user can access different tenant systems by verifying the authentication token when one tenant system is requested to be accessed. After the authentication token is generated, the authentication token can be stored in a cache so as to be used for verifying whether the user is a legal user of other tenant systems when the user accesses other tenant systems.
The TOKENs may include a TOKEN U _ TOKEN for authenticating the user (the identity of the user in the enterprise), and a TOKEN C _ TOKEN for authenticating the enterprise. In this embodiment, only the TOKEN U _ TOKEN for authenticating the user or only the TOKEN C _ TOKEN for authenticating the enterprise may be generated as needed. .
According to the embodiment, the legality of the login user can be preliminarily judged through the identification information verification, the login safety is improved, further, the single sign-on of the multi-tenant system can be realized through the login mode of generating the authentication token, the login efficiency of the multi-tenant system is improved, and the login safety is further improved.
As an optional implementation manner of this embodiment, the method further includes: based on the authentication token, judging whether the user currently has the access right to any tenant system; and/or judging whether the user currently has the access right to other tenant systems in the multi-tenant system or not based on the authentication token.
In this optional implementation manner, when the user accesses any tenant system TA and accesses the accessed tenant system TA again (any time after the first access), the execution subject of the method determines whether the user currently has the access right of the accessed tenant system TA.
When a user accesses any tenant system and accesses other tenant systems, the execution subject also judges whether the user currently has access rights to other tenant systems.
As an optional implementation manner of this embodiment, the determining, based on the authentication token, whether the user currently has the right to access the any tenant system includes: in response to receiving a request for re-access of a user to any tenant system, judging whether the any tenant system already creates session control; and determining the current access authority of the target user to any tenant system based on the judgment result.
In this optional implementation manner, the execution subject may receive, in real time, an access request sent by the user through the user side, and if it is determined that the user does not access the multi-tenant system for the first time, an access target of the user may be determined through the request, and if it is determined that the access target is an accessed tenant system, such as a TA, this is the case that the user accesses the accessed tenant system again.
After the user accesses the tenant system TA, the tenant system TA may create a session control session according to the U _ TOKEN to maintain the access state of the user. Therefore, when the user requests access to the accessed tenant system TA again, the execution subject judges whether session control is established by the tenant system, and if so, the tenant system can be directly accessed again.
As an optional implementation manner of this embodiment, the method further includes: and checking the authentication token based on the judgment result to determine the current access authority of the target user to any tenant system.
In this optional implementation manner, after the user accesses the tenant system TA, the tenant system TA may create a session control session according to the U _ TOKEN. Therefore, when the user requests to access the accessed tenant system TA again, whether session control is established by the tenant system is judged, and if the session control is established, the user authentication TOKEN U _ TOKEN is checked to verify whether the user has the right to access the tenant system TA. The verification of the user authentication TOKEN U TOKEN may be to verify its validity, including, but not limited to, verifying whether the accessing user is an enterprise to which the tenant system to be accessed belongs.
After the session control is verified, the user authentication token is verified, so that the security problem that the session control state is forged but the tenant system can be directly accessed can be prevented; on the other hand, access security can be improved even if session forgery does not occur.
As an optional implementation manner of this embodiment, determining, based on the authentication token, whether the user currently has a right to access another tenant system in the multi-tenant system includes: in response to receiving a request of the user for accessing other tenant systems of the multi-tenant system, verifying the authentication token to determine the access authority of the user to the other tenant systems based on the verification result.
In this optional implementation manner, the execution subject may receive, in real time, an access request sent by a user through a user side, and if it is determined that the user does not access the multi-tenant system for the first time, an access destination of the user may be determined through the request, and if it is determined that the access destination and the accessed tenant system belong to an enterprise and the access destination is not accessed by the user, for example, TB, this is the case that the user accesses the tenant system belonging to the same enterprise in the multi-tenant system for the first time. It is understood that the access target may also be a tenant system that is not accessed by the user and does not belong to the same enterprise as the accessed tenant system.
For the above situation, after a user accesses any tenant system, the authentication token (which may include a user authentication token and/or an enterprise authentication token) of the user is stored in the cache. Therefore, when a user accesses other tenant systems TB, it may be determined whether a user authentication TOKEN U _ TOKEN is stored in the cache, and if the user authentication TOKEN U _ TOKEN is stored, the enterprise authentication TOKEN C _ TOKEN is checked to check whether the enterprise authenticated by the C _ TOKEN is the same as the enterprise to which the accessed tenant system TA belongs, and if the enterprise authenticated by the C _ TOKEN is the same, the user has access right to the other tenant systems TB of the current enterprise. If the enterprise authenticated by the C _ TOKEN is different from the enterprise to which the accessed tenant system TA belongs, the user does not have access right.
After other tenant systems are accessed, the other tenant systems can also create a session control session, so that when the other tenant systems are accessed again, the execution subject can determine whether the user has access right through the session control.
In the optional implementation manner, one enterprise can correspond to a plurality of tenant systems, and after a user accesses other tenant systems of the same enterprise, the user can directly log in when accessing other tenant systems of the enterprise without re-verification, so that single sign-on is realized, and the sign-on method of the tenant systems in the related art is simplified. Meanwhile, the login safety is improved through the verification of the authentication token.
As an optional implementation manner of this embodiment, the method further includes: if the authentication token corresponding to the user is not stored in the cache, analyzing the request to obtain first identification information contained in the request; verifying the first identification information to obtain a first verification result; and if the first verification result indicates that the verification is successful, generating a first authentication token for accessing the other tenant system.
In this optional implementation manner, when a user requests to access another tenant system in the multi-tenant system, if the authentication token of the user does not exist in the cache, it may be stated that the user does not access any tenant system in the excess tenant systems, at this time, the user may be processed according to the access of a new user, the request may be analyzed, and identification information included in the request is obtained, where the identification information may be enterprise identification information, and through the enterprise identification information, whether the user requesting login is a valid user of an enterprise is checked. And if the verification is successful, generating an authentication user token and an authentication enterprise token of the user so as to access the tenant system through the tokens.
According to the embodiment, a user unified authentication mechanism of the enterprise across tenants is realized, when one enterprise uses a plurality of tenants simultaneously, the account is allowed to be multiplexed, and after logging in a tenant system, other tenant systems automatically log in without repeated authorization, so that the logging efficiency is improved. And the method for user uniform authentication automatically completes the automatic authorized login of the tenant system through browser skip and encryption authentication fields by establishing a standard user registration and authentication process. The login safety is improved.
It should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer-executable instructions and that, although a logical order is illustrated in the flowcharts, in some cases, the steps illustrated or described may be performed in an order different than presented herein.
According to an embodiment of the present disclosure, there is also provided an apparatus for implementing the login method of the multi-tenant system, as shown in fig. 2, the apparatus includes: a response unit 201, configured to, in response to receiving a request for accessing any tenant system in the multi-tenant system from a user, parse the request to obtain identification information included in the request; a checking unit 202, configured to perform consistency checking on the identification information included in the request based on the identification information preconfigured for any tenant system, so as to obtain a checking result; a login unit 203 configured to generate an authentication token to access the any tenant system and/or other tenant systems in the multi-tenant system through the authentication token if the verification result indicates that the verification is consistent.
As an optional implementation manner of this embodiment, the system further includes a first determining unit, configured to determine, based on the authentication token, whether the user currently has an authority to access the any tenant system; and/or the second judging unit is configured to judge whether the user currently has the authority of accessing other tenant systems in the multi-tenant system or not based on the authentication token.
As an optional implementation manner of this embodiment, the first determining unit is further configured to determine, in response to receiving a request for a user to access the any tenant system again, whether session control has been created by the any tenant system; and determining the current access authority of the target user to any tenant system based on the judgment result.
As an optional implementation manner of this embodiment, the first determining unit is further configured to check the authentication token based on the determination result to determine the current access authority of the target user to any tenant system.
As an optional implementation manner of this embodiment, determining, based on the authentication token, whether the user currently has a right to access another tenant system in the multi-tenant system includes: in response to receiving a request for the user to access other tenant systems of the multi-tenant system, determining whether an authentication token corresponding to the user is stored in a cache; and if the authentication token corresponding to the user is stored, checking the authentication token to determine the access authority of the user to the other tenant system based on the checking result.
As an optional implementation manner of this embodiment, the apparatus further includes: if the authentication token corresponding to the user is not stored in the cache, analyzing the request to obtain first identification information contained in the request; verifying the first identification information to obtain a first verification result; and if the first verification result indicates that the verification is successful, generating a first authentication token for accessing the other tenant system.
According to the embodiment, a user unified authentication mechanism of the enterprise across tenants is realized, when one enterprise uses a plurality of tenants simultaneously, the account is allowed to be multiplexed, and after logging in a tenant system, other tenant systems automatically log in without repeated authorization, so that the logging efficiency is improved. And the method for user uniform authentication automatically completes the automatic authorized login of the tenant system through browser skip and encryption authentication fields by establishing a standard user registration and authentication process. The login safety is improved.
The embodiment of the present disclosure provides an electronic device, as shown in fig. 3, the electronic device includes one or more processors 31 and a memory 32, where one processor 31 is taken as an example in fig. 3.
The controller may further include: an input device 33 and an output device 34.
The processor 31, the memory 32, the input device 33 and the output device 34 may be connected by a bus or other means, and fig. 3 illustrates the connection by a bus as an example.
The processor 31 may be a Central Processing Unit (CPU). The processor 31 may also be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or combinations thereof. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 32, which is a non-transitory computer readable storage medium, may be used to store non-transitory software programs, non-transitory computer executable programs, and modules, such as program instructions/modules corresponding to the control methods in the embodiments of the present disclosure. The processor 31 executes various functional applications of the server and data processing, i.e. the login method of the multi-tenant system implementing the above-described method embodiment, by running the non-transitory software programs, instructions and modules stored in the memory 32.
The memory 32 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to use of a processing device operated by the server, and the like. Further, the memory 32 may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory 32 may optionally include memory located remotely from the processor 31, which may be connected to a network connection device via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input device 33 may receive input numeric or character information and generate key signal inputs related to user settings and function control of the processing device of the server. The output device 34 may include a display device such as a display screen.
One or more modules are stored in the memory 32, which when executed by the one or more processors 31 perform the method as shown in fig. 1.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program to instruct related hardware, and the program can be stored in a computer readable storage medium, and when executed, the program can include the processes of the embodiments of the motor control methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-only memory (ROM), a Random Access Memory (RAM), a flash memory (FlashMemory), a hard disk (hard disk drive, abbreviated as HDD) or a Solid State Drive (SSD), etc.; the storage medium may also comprise a combination of memories of the kind described above.
Although the embodiments of the present disclosure have been described in conjunction with the accompanying drawings, those skilled in the art may make various modifications and variations without departing from the spirit and scope of the present disclosure, and such modifications and variations fall within the scope defined by the appended claims.

Claims (10)

1. A login method of a multi-tenant system is characterized by comprising the following steps:
responding to a received request for accessing any tenant system in a multi-tenant system by a user, and analyzing the request to obtain identification information contained in the request;
performing consistency check on the identification information contained in the request based on the identification information preconfigured for any tenant system to obtain a check result;
and if the verification result indicates that the verification is consistent, generating an authentication token so as to access the any tenant system and/or other tenant systems in the multi-tenant system through the authentication token.
2. The method of logging on a multi-tenant system according to claim 1, further comprising:
based on the authentication token, judging whether the user currently has the access right to any tenant system; and/or the presence of a gas in the gas,
and judging whether the user currently has the access right to other tenant systems in the multi-tenant system or not based on the authentication token.
3. The method of logging on a multi-tenant system according to claim 2, further comprising: the determining whether the user currently has the right to access any of the tenant systems based on the authentication token comprises:
in response to receiving a request for re-access of a user to any tenant system, judging whether the any tenant system already creates session control;
and determining the current access authority of the target user to any tenant system based on the judgment result.
4. The method of logging on a multi-tenant system according to claim 3, further comprising:
and checking the authentication token based on the judgment result to determine the current access authority of the target user to any tenant system.
5. The method of claim 2, wherein the determining whether the user currently has access to other tenant systems in the multi-tenant system based on the authentication token comprises:
in response to receiving a request for the user to access other tenant systems of the multi-tenant system, determining whether an authentication token corresponding to the user is stored in a cache;
and if the authentication token corresponding to the user is stored, checking the authentication token to determine the access authority of the user to the other tenant system based on the checking result.
6. The method of logging on a multi-tenant system according to claim 3, further comprising:
if the authentication token corresponding to the user is not stored in the cache, analyzing the request to obtain first identification information contained in the request;
verifying the first identification information to obtain a first verification result;
and if the first verification result indicates that the verification is successful, generating a first authentication token for accessing the other tenant system.
7. A login apparatus of a multi-tenant system, the apparatus comprising:
the response unit is configured to respond to a request of a user for accessing any tenant system in the multi-tenant system, analyze the request and obtain identification information contained in the request;
the verification unit is configured to perform consistency verification on the identification information contained in the request based on identification information preconfigured for any tenant system to obtain a verification result;
a login unit configured to generate an authentication token to access the any tenant system and/or other tenant systems in the multi-tenant system through the authentication token if the verification result indicates that the verification is consistent.
8. The login apparatus of multi-tenant system according to claim 7, wherein the apparatus further comprises:
a first judging unit configured to judge whether the user currently has an authority to access any of the tenant systems based on the authentication token; and/or the presence of a gas in the gas,
a second determination unit configured to determine whether the user currently has an authority to access other tenant systems in the multi-tenant system based on the authentication token.
9. A computer-readable storage medium storing computer instructions for causing a computer to perform the method of logging on a multi-tenant system according to any one of claims 1 through 6.
10. An electronic device, comprising: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores a computer program executable by the at least one processor, the computer program being executable by the at least one processor to cause the at least one processor to perform the method of logging on a multi-tenant system of any one of claims 1-6.
CN202111038630.4A 2021-09-06 2021-09-06 Login method and device of multi-tenant system Pending CN113901428A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111038630.4A CN113901428A (en) 2021-09-06 2021-09-06 Login method and device of multi-tenant system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111038630.4A CN113901428A (en) 2021-09-06 2021-09-06 Login method and device of multi-tenant system

Publications (1)

Publication Number Publication Date
CN113901428A true CN113901428A (en) 2022-01-07

Family

ID=79188764

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111038630.4A Pending CN113901428A (en) 2021-09-06 2021-09-06 Login method and device of multi-tenant system

Country Status (1)

Country Link
CN (1) CN113901428A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114793179A (en) * 2022-05-09 2022-07-26 北京明略昭辉科技有限公司 Method and system for tenant access, server and storage medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114793179A (en) * 2022-05-09 2022-07-26 北京明略昭辉科技有限公司 Method and system for tenant access, server and storage medium

Similar Documents

Publication Publication Date Title
CN111935094B (en) Database access method, device, system and computer readable storage medium
CN112597472B (en) Single sign-on method, device and storage medium
CN112651011B (en) Login verification method, device and equipment for operation and maintenance system and computer storage medium
CN111490981B (en) Access management method and device, bastion machine and readable storage medium
CN111062023B (en) Method and device for realizing single sign-on of multi-application system
CN105162775A (en) Logging method and device of virtual machine
CN110175448B (en) Trusted device login authentication method and application system with authentication function
US11444936B2 (en) Managing security credentials
CN112039873A (en) Method for accessing business system by single sign-on
CN115022047B (en) Account login method and device based on multi-cloud gateway, computer equipment and medium
CN105162774A (en) Virtual machine login method and device used for terminal
CN111064708A (en) Authorization authentication configuration method, authorization authentication device and electronic equipment
CN111241523B (en) Authentication processing method, device, equipment and storage medium
CN113901429A (en) Access method and device of multi-tenant system
CN116319024A (en) Access control method and device of zero trust system and zero trust system
CN114385995B (en) Method for accessing micro-service to industrial Internet through identification analysis based on Handle and identification service system
CN113901428A (en) Login method and device of multi-tenant system
US10341345B1 (en) Network browser configuration
US20230291726A1 (en) System and method for providing multi factor authorization to rdp services through a zero trust cloud environment
CN112738005A (en) Access processing method, device, system, first authentication server and storage medium
CN107172082B (en) File sharing method and system
CN110968632B (en) Method and system for unified data exchange
CN114500090A (en) Information processing method and device for secret-free login
US8250649B2 (en) Securing system and method using a security device
CN113360868A (en) Application program login method and device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination