CN114357422A - Platform integration login and management based implementation method - Google Patents

Platform integration login and management based implementation method Download PDF

Info

Publication number
CN114357422A
CN114357422A CN202111483514.3A CN202111483514A CN114357422A CN 114357422 A CN114357422 A CN 114357422A CN 202111483514 A CN202111483514 A CN 202111483514A CN 114357422 A CN114357422 A CN 114357422A
Authority
CN
China
Prior art keywords
token
access
user
platform
login
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111483514.3A
Other languages
Chinese (zh)
Inventor
陈善
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Hanma Intelligent Technology Co ltd
Original Assignee
Suzhou Hanma Intelligent Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Hanma Intelligent Technology Co ltd filed Critical Suzhou Hanma Intelligent Technology Co ltd
Priority to CN202111483514.3A priority Critical patent/CN114357422A/en
Publication of CN114357422A publication Critical patent/CN114357422A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/41User authentication where a single sign-on provides access to a plurality of computers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention relates to the technical field of Internet, and discloses a realization method based on platform integrated login and management.A homepage address, a name and a cover page of an application system registered in an authentication center platform are required to be configured, the authentication center automatically generates app _ id and app _ secret of the system, meanwhile, the access authority of a user of the system can be set in the platform, the user wants to access limited resources of a certain system A (such as an MES system), and the system A finds that the user does not log in, and then the user is redirected to the authentication center platform. The implementation method based on platform integrated login and management can be compatible with a loosely-coupled single-point login integration mechanism of the original system, greatly reduces the modification amount and the implementation difficulty of an access system, quickly realizes a system login integration mode under heterogeneous application, and reduces the pressure of session management; the cross-platform calling is very convenient and easy to use, and the transformation difficulty and the workload of the original system are greatly reduced.

Description

Platform integration login and management based implementation method
Technical Field
The invention relates to the technical field of Internet, in particular to a platform integration login and management-based implementation method.
Background
With the rapid development of enterprises, internet and mobile terminals, the number of systems used in enterprises is increased, operators need to log in for many times when operating different systems, account numbers of all the systems are different, and management and use are very inconvenient. Enterprises urgently need a unified integrated login platform, and users can access a system authorized by individuals only by logging in the platform once, which is also a problem to be solved by single sign-on.
The Single Sign-On English is called Single Sign On, which is called SSO for short. Its interpretation is: in a plurality of application systems, other mutually trusted application systems can be accessed only by logging in once.
CAS (Central authentication service) is the most widely used solution for Web sso at present.
But the prior art mainly has the problems of no Session sharing, cross-domain Cookie, large workload and high difficulty in system modification, inconsistent communication protocols, non-uniform technical stacks and the like.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides a method for realizing integrated login and management based on a platform, which has the advantages of being compatible with a loosely-coupled single-point login integrated mechanism of the original system, greatly reducing the transformation amount and the realization difficulty of an access system, realizing a system login integrated mode under heterogeneous application quickly and the like, and solves the problems of no sharing of Session, cross-domain Cookie, large workload and difficulty in system transformation, inconsistent communication protocols and non-uniform technical stacks in the prior art.
(II) technical scheme
In order to realize the loose coupling single sign-on integration mechanism compatible with the original system, greatly reduce the modification amount and the realization difficulty of the access system and quickly realize the system sign-on integration mode under heterogeneous application, the invention provides the following technical scheme: a realization method based on platform integrated login and management comprises the following steps:
s1, integrated registration of system
The application system registered in the platform of the certificate authority needs to configure the homepage address, name and cover page of the system, the certificate authority automatically generates the app _ id and app _ secret of the system, and meanwhile, the access right of the system user can be set in the platform.
S2, unified platform login
The user wants to access a limited resource of a certain system A (such as an MES system), the system A finds that the user does not log in, and then redirects the user to an authentication center platform, the user transmits an address URL, an app _ id, an app _ secret and the like of the user as parameters, the authentication center finds that the user does not log in, guides the user to a unified login page, and the user inputs a user name and a password to log in.
S3, obtaining the access token
The authentication center platform uses the authentication of the user name and the password related information to generate access tokens access _ token and refresh _ token, stores the token information in Redis, sets expiration time, then the front end stores the access _ token in a LocalStorage of a browser, and actively transmits the data of the LocalStorage to a server end every time when a request is sent to the back end.
S4, obtaining user information resource
The authorized system can call the API to obtain userInfo through the accesstken, and obtain user information and access resources.
S5, refresh access token
Since the default valid time of the access _ token is one hour, the system needs to be clicked every other hour to refresh the token, and refresh _ token can be used to exchange the authentication center for new access _ token.
S6, logout token
If the user does not intend to access the system resource again, click a system 'logout' button, and request the authentication center through the access _ token, the acquired access _ token is immediately disabled, and the system resource is requested again to be authorized again.
Preferably, in the step S3, all the back-end needs to do is to put the access _ token in the response body to the front-end after the user successfully logs in, and in such a scenario, the single sign-on can be completely implemented at the front-end.
Preferably, in step S1, the generated encrypted app _ secret needs to be used later by verifying the user password to generate tokens access _ token and refresh _ token.
Preferably, in step S3, whether the access _ token has expired or not is determined, and the expiration is replaced with a refresh _ token to determine that the access _ token has been registered.
Preferably, in step S3, the user accessing the system a needs to determine the access _ token information in the LocalStorage, and determines that the user does not log in, and at this time, requests the central login page, and carries the address of the application system a and the app information.
Preferably, in step S3, a cloud storage platform is disposed in the server, and the data is transmitted to the server and then stored by the cloud storage platform.
Preferably, the cloud storage platform can be provided with a modification module, a deletion module and an encryption module.
Preferably, the output end of the modification module is in signal connection with the encryption module, and the output ends of the modification module and the encryption module are both in signal connection with the encryption module.
(III) advantageous effects
Compared with the prior art, the invention provides a platform-based integrated login and management implementation method, which has the following beneficial effects:
1. the implementation method based on platform integrated login and management can be compatible with a loosely-coupled single-point login integrated mechanism of the original system, greatly reduces the modification amount and the implementation difficulty of an access system, and quickly implements a system login integrated mode under heterogeneous application.
2. The realization method based on platform integrated login and management has the advantages that the server is made to be stateless and the session management pressure is reduced based on the token generated by the JWT; because the whole process adopts REST API interactive authentication, cross-platform calling is very convenient and easy to use, and the transformation difficulty and the workload of the original system are greatly reduced.
Drawings
FIG. 1 is a schematic flow diagram of the present invention;
FIG. 2 is a schematic diagram of the steps of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1-2, the present invention provides a technical solution: a realization method based on platform integrated login and management comprises the following steps:
s1, integrated registration of system
The application system registered in the platform of the authentication center needs to configure the homepage address, name and cover page of the system, the authentication center automatically generates app _ id and app _ secret of the system, meanwhile, the platform can set the user access right of the system, the generated encrypted app _ secret needs to generate tokens access _ token and refresh _ token for use by verifying the user password in the later period.
S2, unified platform login
The user wants to access a limited resource of a certain system A (such as an MES system), the system A finds that the user does not log in, and then redirects the user to an authentication center platform, the user transmits an address URL, an app _ id, an app _ secret and the like of the user as parameters, the authentication center finds that the user does not log in, guides the user to a unified login page, and the user inputs a user name and a password to log in.
S3, obtaining the access token
The authentication center platform uses the user name and password related information for authentication, generates access tokens access _ token and refresh _ token, stores the token information in Redis, sets expiration time, then the front end stores the access _ token in the LocalStorage of the browser, actively transmits the data of the LocalStorage to the server every time when sending a request to the back end, the back end only needs to do so that the access _ token is put in a response body and transmitted to the front end after the user successfully logs in, under the scene, single sign-on can be completely realized at the front end, whether the access _ token is expired or not, the expiration uses refresh _ token to replace new access _ token, judges that the access is logged in, the user access system A needs to judge the access _ token information in the LocalStorage, judges that the access token is not logged in, requests a center page, carries application system A address and login information, the cloud service platform is internally provided with the cloud server, and the cloud end transmits the data to the cloud storage platform after the cloud storage platform, the cloud storage platform can be provided with a modification module, a deletion module and an encryption module, the output end of the modification module is in signal connection with the encryption module, the output ends of the modification module and the encryption module are both in signal connection with the encryption module, transmitted data information can be modified and modified through the modification module, meanwhile, the encryption module can be used for timely encrypting important transmitted information, and the deletion module can be used for timely deleting expired and unnecessary data.
S4, obtaining user information resource
The authorized system can call the API to obtain userInfo through the accesstken, and obtain user information and access resources.
S5, refresh access token
Since the default valid time of the access _ token is one hour, the system needs to be clicked every other hour to refresh the token, and refresh _ token can be used to exchange the authentication center for new access _ token.
S6, logout token
If the user does not intend to access the system resource again, click a system 'logout' button, and request the authentication center through the access _ token, the acquired access _ token is immediately disabled, and the system resource is requested again to be authorized again.
The implementation method based on platform integrated login and management can be compatible with a loose coupling single sign-on integration mechanism of the original system, greatly reduces the modification amount and the implementation difficulty of an access system, quickly realizes a system login integration mode under heterogeneous application, and has the advantages that a server is enabled to be stateless and the pressure of session management is reduced based on a token generated by JWT; because the whole process adopts REST API interactive authentication, cross-platform calling is very convenient and easy to use, and the transformation difficulty and the workload of the original system are greatly reduced.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (8)

1. A realization method based on platform integrated login and management is characterized by comprising the following steps:
s1, integrated registration of system
An application system registered in a platform of a certificate authority needs to configure a homepage address, a name and a cover page of the system, the certificate authority automatically generates app _ id and app _ secret of the system, and meanwhile, the access right of a user of the system can be set on the platform;
s2, unified platform login
The user wants to access a limited resource of a certain system A (such as an MES system), the system A finds that the user does not log in, and then redirects the user to an authentication center platform, and transmits the address URL, app _ id, app _ secret and the like of the user as parameters, the authentication center finds that the user does not log in, guides the user to a unified login page, and the user inputs a user name and a password to log in;
s3, obtaining the access token
The authentication center platform uses the authentication of the user name and the password related information to generate access tokens access _ token and refresh _ token, the token information is stored in Redis, the expiration time is set at the same time, then the access _ token is stored in a LocalStorage of a browser by the front end, and the data of the LocalStorage is actively transmitted to the server end when a request is sent to the back end each time;
s4, obtaining user information resource
The authorized system can call the API to obtain userInfo through the accesstken to obtain user information and access resources;
s5, refresh access token
Since the default valid time of the access _ token is one hour, the system needs to be clicked every other hour to refresh the token, and the refresh _ token can be used for replacing a new access _ token in the authentication center;
s6, logout token
If the user does not intend to access the system resource again, click a system 'logout' button, and request the authentication center through the access _ token, the acquired access _ token is immediately disabled, and the system resource is requested again to be authorized again.
2. The method for implementing platform-based integrated login and management according to claim 1, wherein all that the back-end needs to do in step S3 is to put the access _ token in the responder to transmit to the front-end after the user successfully logs in, and in such a scenario, the single-point login can be implemented at the front-end completely.
3. The method for implementing platform-based integrated login and management as claimed in claim 1, wherein in step S1, the generated encrypted app _ secret needs to generate tokens access _ token and refresh _ token for later use by verifying the user password.
4. The method as claimed in claim 1, wherein in step S3, if the access token expires, the refresh token is used to replace a new access token to determine that the platform has been logged in.
5. The method as claimed in claim 1, wherein in step S3, the user accessing system a needs to determine access _ token information in LocalStorage, and determines that the user does not log in, and then requests a central login page carrying the address of application system a and app information.
6. The method for implementing platform-based integrated login and management according to claim 1, wherein in step S3, a cloud storage platform is disposed in the server, and the data is transmitted to the server and then stored by the cloud storage platform.
7. The method for implementing platform-based integrated login and management according to claim 6, wherein the cloud storage platform is provided with a modification module, a deletion module and an encryption module.
8. The method as claimed in claim 7, wherein the output end of the modification module is connected with the encryption module via signals, and the output ends of the modification module and the encryption module are connected with the encryption module via signals.
CN202111483514.3A 2021-12-07 2021-12-07 Platform integration login and management based implementation method Pending CN114357422A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111483514.3A CN114357422A (en) 2021-12-07 2021-12-07 Platform integration login and management based implementation method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111483514.3A CN114357422A (en) 2021-12-07 2021-12-07 Platform integration login and management based implementation method

Publications (1)

Publication Number Publication Date
CN114357422A true CN114357422A (en) 2022-04-15

Family

ID=81097874

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111483514.3A Pending CN114357422A (en) 2021-12-07 2021-12-07 Platform integration login and management based implementation method

Country Status (1)

Country Link
CN (1) CN114357422A (en)

Similar Documents

Publication Publication Date Title
US10182074B2 (en) Techniques for virtual representational state transfer (REST) interfaces
US9438633B1 (en) System, method and computer program product for providing unified authentication services for online applications
CN112913208B (en) Multi-tenant identity cloud service with in-house deployed authentication integration and bridge high availability
US8015301B2 (en) Policy and attribute based access to a resource
US8528058B2 (en) Native use of web service protocols and claims in server authentication
US10484385B2 (en) Accessing an application through application clients and web browsers
EP2643955B1 (en) Methods for authorizing access to protected content
US9391978B2 (en) Multiple access authentication
CN112468481B (en) Single-page and multi-page web application identity integrated authentication method based on CAS
US11936639B2 (en) Using client certificates to communicate trusted information
US20150149530A1 (en) Redirecting Access Requests to an Authorized Server System for a Cloud Service
WO2005036304A2 (en) Mobility device server
CN111444495B (en) System and method for realizing single sign-on based on container
CN112583834B (en) Method and device for single sign-on through gateway
WO2009129753A1 (en) A method and apparatus for enhancing the security of the network identity authentication
CN112685726A (en) Single-point authentication method based on KEYCLOAK
CN113821784A (en) Multi-system single sign-on method and device and computer readable storage medium
EP1519540A2 (en) Mobility device server
CN114357422A (en) Platform integration login and management based implementation method
EP1631032B1 (en) policy and attribute-based access to a resource
WO2023104117A1 (en) Resource access method and system, electronic device, and computer-readable storage medium
WO2012028168A1 (en) Identity gateway
JP2004524591A (en) Systems, methods, and computer program products for providing integrated authentication services for online applications
CA2398584C (en) System, method and computer program product for enrolling and authenticating communication protocol-enabled clients for access to information
CN117278294A (en) Unified authentication docking method for cloud service

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination