CN114357422A - Platform integration login and management based implementation method - Google Patents
Platform integration login and management based implementation method Download PDFInfo
- Publication number
- CN114357422A CN114357422A CN202111483514.3A CN202111483514A CN114357422A CN 114357422 A CN114357422 A CN 114357422A CN 202111483514 A CN202111483514 A CN 202111483514A CN 114357422 A CN114357422 A CN 114357422A
- Authority
- CN
- China
- Prior art keywords
- token
- access
- user
- platform
- login
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/41—User authentication where a single sign-on provides access to a plurality of computers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention relates to the technical field of Internet, and discloses a realization method based on platform integrated login and management.A homepage address, a name and a cover page of an application system registered in an authentication center platform are required to be configured, the authentication center automatically generates app _ id and app _ secret of the system, meanwhile, the access authority of a user of the system can be set in the platform, the user wants to access limited resources of a certain system A (such as an MES system), and the system A finds that the user does not log in, and then the user is redirected to the authentication center platform. The implementation method based on platform integrated login and management can be compatible with a loosely-coupled single-point login integration mechanism of the original system, greatly reduces the modification amount and the implementation difficulty of an access system, quickly realizes a system login integration mode under heterogeneous application, and reduces the pressure of session management; the cross-platform calling is very convenient and easy to use, and the transformation difficulty and the workload of the original system are greatly reduced.
Description
Technical Field
The invention relates to the technical field of Internet, in particular to a platform integration login and management-based implementation method.
Background
With the rapid development of enterprises, internet and mobile terminals, the number of systems used in enterprises is increased, operators need to log in for many times when operating different systems, account numbers of all the systems are different, and management and use are very inconvenient. Enterprises urgently need a unified integrated login platform, and users can access a system authorized by individuals only by logging in the platform once, which is also a problem to be solved by single sign-on.
The Single Sign-On English is called Single Sign On, which is called SSO for short. Its interpretation is: in a plurality of application systems, other mutually trusted application systems can be accessed only by logging in once.
CAS (Central authentication service) is the most widely used solution for Web sso at present.
But the prior art mainly has the problems of no Session sharing, cross-domain Cookie, large workload and high difficulty in system modification, inconsistent communication protocols, non-uniform technical stacks and the like.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides a method for realizing integrated login and management based on a platform, which has the advantages of being compatible with a loosely-coupled single-point login integrated mechanism of the original system, greatly reducing the transformation amount and the realization difficulty of an access system, realizing a system login integrated mode under heterogeneous application quickly and the like, and solves the problems of no sharing of Session, cross-domain Cookie, large workload and difficulty in system transformation, inconsistent communication protocols and non-uniform technical stacks in the prior art.
(II) technical scheme
In order to realize the loose coupling single sign-on integration mechanism compatible with the original system, greatly reduce the modification amount and the realization difficulty of the access system and quickly realize the system sign-on integration mode under heterogeneous application, the invention provides the following technical scheme: a realization method based on platform integrated login and management comprises the following steps:
s1, integrated registration of system
The application system registered in the platform of the certificate authority needs to configure the homepage address, name and cover page of the system, the certificate authority automatically generates the app _ id and app _ secret of the system, and meanwhile, the access right of the system user can be set in the platform.
S2, unified platform login
The user wants to access a limited resource of a certain system A (such as an MES system), the system A finds that the user does not log in, and then redirects the user to an authentication center platform, the user transmits an address URL, an app _ id, an app _ secret and the like of the user as parameters, the authentication center finds that the user does not log in, guides the user to a unified login page, and the user inputs a user name and a password to log in.
S3, obtaining the access token
The authentication center platform uses the authentication of the user name and the password related information to generate access tokens access _ token and refresh _ token, stores the token information in Redis, sets expiration time, then the front end stores the access _ token in a LocalStorage of a browser, and actively transmits the data of the LocalStorage to a server end every time when a request is sent to the back end.
S4, obtaining user information resource
The authorized system can call the API to obtain userInfo through the accesstken, and obtain user information and access resources.
S5, refresh access token
Since the default valid time of the access _ token is one hour, the system needs to be clicked every other hour to refresh the token, and refresh _ token can be used to exchange the authentication center for new access _ token.
S6, logout token
If the user does not intend to access the system resource again, click a system 'logout' button, and request the authentication center through the access _ token, the acquired access _ token is immediately disabled, and the system resource is requested again to be authorized again.
Preferably, in the step S3, all the back-end needs to do is to put the access _ token in the response body to the front-end after the user successfully logs in, and in such a scenario, the single sign-on can be completely implemented at the front-end.
Preferably, in step S1, the generated encrypted app _ secret needs to be used later by verifying the user password to generate tokens access _ token and refresh _ token.
Preferably, in step S3, whether the access _ token has expired or not is determined, and the expiration is replaced with a refresh _ token to determine that the access _ token has been registered.
Preferably, in step S3, the user accessing the system a needs to determine the access _ token information in the LocalStorage, and determines that the user does not log in, and at this time, requests the central login page, and carries the address of the application system a and the app information.
Preferably, in step S3, a cloud storage platform is disposed in the server, and the data is transmitted to the server and then stored by the cloud storage platform.
Preferably, the cloud storage platform can be provided with a modification module, a deletion module and an encryption module.
Preferably, the output end of the modification module is in signal connection with the encryption module, and the output ends of the modification module and the encryption module are both in signal connection with the encryption module.
(III) advantageous effects
Compared with the prior art, the invention provides a platform-based integrated login and management implementation method, which has the following beneficial effects:
1. the implementation method based on platform integrated login and management can be compatible with a loosely-coupled single-point login integrated mechanism of the original system, greatly reduces the modification amount and the implementation difficulty of an access system, and quickly implements a system login integrated mode under heterogeneous application.
2. The realization method based on platform integrated login and management has the advantages that the server is made to be stateless and the session management pressure is reduced based on the token generated by the JWT; because the whole process adopts REST API interactive authentication, cross-platform calling is very convenient and easy to use, and the transformation difficulty and the workload of the original system are greatly reduced.
Drawings
FIG. 1 is a schematic flow diagram of the present invention;
FIG. 2 is a schematic diagram of the steps of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1-2, the present invention provides a technical solution: a realization method based on platform integrated login and management comprises the following steps:
s1, integrated registration of system
The application system registered in the platform of the authentication center needs to configure the homepage address, name and cover page of the system, the authentication center automatically generates app _ id and app _ secret of the system, meanwhile, the platform can set the user access right of the system, the generated encrypted app _ secret needs to generate tokens access _ token and refresh _ token for use by verifying the user password in the later period.
S2, unified platform login
The user wants to access a limited resource of a certain system A (such as an MES system), the system A finds that the user does not log in, and then redirects the user to an authentication center platform, the user transmits an address URL, an app _ id, an app _ secret and the like of the user as parameters, the authentication center finds that the user does not log in, guides the user to a unified login page, and the user inputs a user name and a password to log in.
S3, obtaining the access token
The authentication center platform uses the user name and password related information for authentication, generates access tokens access _ token and refresh _ token, stores the token information in Redis, sets expiration time, then the front end stores the access _ token in the LocalStorage of the browser, actively transmits the data of the LocalStorage to the server every time when sending a request to the back end, the back end only needs to do so that the access _ token is put in a response body and transmitted to the front end after the user successfully logs in, under the scene, single sign-on can be completely realized at the front end, whether the access _ token is expired or not, the expiration uses refresh _ token to replace new access _ token, judges that the access is logged in, the user access system A needs to judge the access _ token information in the LocalStorage, judges that the access token is not logged in, requests a center page, carries application system A address and login information, the cloud service platform is internally provided with the cloud server, and the cloud end transmits the data to the cloud storage platform after the cloud storage platform, the cloud storage platform can be provided with a modification module, a deletion module and an encryption module, the output end of the modification module is in signal connection with the encryption module, the output ends of the modification module and the encryption module are both in signal connection with the encryption module, transmitted data information can be modified and modified through the modification module, meanwhile, the encryption module can be used for timely encrypting important transmitted information, and the deletion module can be used for timely deleting expired and unnecessary data.
S4, obtaining user information resource
The authorized system can call the API to obtain userInfo through the accesstken, and obtain user information and access resources.
S5, refresh access token
Since the default valid time of the access _ token is one hour, the system needs to be clicked every other hour to refresh the token, and refresh _ token can be used to exchange the authentication center for new access _ token.
S6, logout token
If the user does not intend to access the system resource again, click a system 'logout' button, and request the authentication center through the access _ token, the acquired access _ token is immediately disabled, and the system resource is requested again to be authorized again.
The implementation method based on platform integrated login and management can be compatible with a loose coupling single sign-on integration mechanism of the original system, greatly reduces the modification amount and the implementation difficulty of an access system, quickly realizes a system login integration mode under heterogeneous application, and has the advantages that a server is enabled to be stateless and the pressure of session management is reduced based on a token generated by JWT; because the whole process adopts REST API interactive authentication, cross-platform calling is very convenient and easy to use, and the transformation difficulty and the workload of the original system are greatly reduced.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (8)
1. A realization method based on platform integrated login and management is characterized by comprising the following steps:
s1, integrated registration of system
An application system registered in a platform of a certificate authority needs to configure a homepage address, a name and a cover page of the system, the certificate authority automatically generates app _ id and app _ secret of the system, and meanwhile, the access right of a user of the system can be set on the platform;
s2, unified platform login
The user wants to access a limited resource of a certain system A (such as an MES system), the system A finds that the user does not log in, and then redirects the user to an authentication center platform, and transmits the address URL, app _ id, app _ secret and the like of the user as parameters, the authentication center finds that the user does not log in, guides the user to a unified login page, and the user inputs a user name and a password to log in;
s3, obtaining the access token
The authentication center platform uses the authentication of the user name and the password related information to generate access tokens access _ token and refresh _ token, the token information is stored in Redis, the expiration time is set at the same time, then the access _ token is stored in a LocalStorage of a browser by the front end, and the data of the LocalStorage is actively transmitted to the server end when a request is sent to the back end each time;
s4, obtaining user information resource
The authorized system can call the API to obtain userInfo through the accesstken to obtain user information and access resources;
s5, refresh access token
Since the default valid time of the access _ token is one hour, the system needs to be clicked every other hour to refresh the token, and the refresh _ token can be used for replacing a new access _ token in the authentication center;
s6, logout token
If the user does not intend to access the system resource again, click a system 'logout' button, and request the authentication center through the access _ token, the acquired access _ token is immediately disabled, and the system resource is requested again to be authorized again.
2. The method for implementing platform-based integrated login and management according to claim 1, wherein all that the back-end needs to do in step S3 is to put the access _ token in the responder to transmit to the front-end after the user successfully logs in, and in such a scenario, the single-point login can be implemented at the front-end completely.
3. The method for implementing platform-based integrated login and management as claimed in claim 1, wherein in step S1, the generated encrypted app _ secret needs to generate tokens access _ token and refresh _ token for later use by verifying the user password.
4. The method as claimed in claim 1, wherein in step S3, if the access token expires, the refresh token is used to replace a new access token to determine that the platform has been logged in.
5. The method as claimed in claim 1, wherein in step S3, the user accessing system a needs to determine access _ token information in LocalStorage, and determines that the user does not log in, and then requests a central login page carrying the address of application system a and app information.
6. The method for implementing platform-based integrated login and management according to claim 1, wherein in step S3, a cloud storage platform is disposed in the server, and the data is transmitted to the server and then stored by the cloud storage platform.
7. The method for implementing platform-based integrated login and management according to claim 6, wherein the cloud storage platform is provided with a modification module, a deletion module and an encryption module.
8. The method as claimed in claim 7, wherein the output end of the modification module is connected with the encryption module via signals, and the output ends of the modification module and the encryption module are connected with the encryption module via signals.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111483514.3A CN114357422A (en) | 2021-12-07 | 2021-12-07 | Platform integration login and management based implementation method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111483514.3A CN114357422A (en) | 2021-12-07 | 2021-12-07 | Platform integration login and management based implementation method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114357422A true CN114357422A (en) | 2022-04-15 |
Family
ID=81097874
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111483514.3A Pending CN114357422A (en) | 2021-12-07 | 2021-12-07 | Platform integration login and management based implementation method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114357422A (en) |
-
2021
- 2021-12-07 CN CN202111483514.3A patent/CN114357422A/en active Pending
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10182074B2 (en) | Techniques for virtual representational state transfer (REST) interfaces | |
US9438633B1 (en) | System, method and computer program product for providing unified authentication services for online applications | |
CN112913208B (en) | Multi-tenant identity cloud service with in-house deployed authentication integration and bridge high availability | |
US8015301B2 (en) | Policy and attribute based access to a resource | |
US8528058B2 (en) | Native use of web service protocols and claims in server authentication | |
US10484385B2 (en) | Accessing an application through application clients and web browsers | |
EP2643955B1 (en) | Methods for authorizing access to protected content | |
US9391978B2 (en) | Multiple access authentication | |
CN112468481B (en) | Single-page and multi-page web application identity integrated authentication method based on CAS | |
US11936639B2 (en) | Using client certificates to communicate trusted information | |
US20150149530A1 (en) | Redirecting Access Requests to an Authorized Server System for a Cloud Service | |
WO2005036304A2 (en) | Mobility device server | |
CN111444495B (en) | System and method for realizing single sign-on based on container | |
CN112583834B (en) | Method and device for single sign-on through gateway | |
WO2009129753A1 (en) | A method and apparatus for enhancing the security of the network identity authentication | |
CN112685726A (en) | Single-point authentication method based on KEYCLOAK | |
CN113821784A (en) | Multi-system single sign-on method and device and computer readable storage medium | |
EP1519540A2 (en) | Mobility device server | |
CN114357422A (en) | Platform integration login and management based implementation method | |
EP1631032B1 (en) | policy and attribute-based access to a resource | |
WO2023104117A1 (en) | Resource access method and system, electronic device, and computer-readable storage medium | |
WO2012028168A1 (en) | Identity gateway | |
JP2004524591A (en) | Systems, methods, and computer program products for providing integrated authentication services for online applications | |
CA2398584C (en) | System, method and computer program product for enrolling and authenticating communication protocol-enabled clients for access to information | |
CN117278294A (en) | Unified authentication docking method for cloud service |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |