CN103347020B - A kind of system and method across application authorization access - Google Patents
A kind of system and method across application authorization access Download PDFInfo
- Publication number
- CN103347020B CN103347020B CN201310274824.3A CN201310274824A CN103347020B CN 103347020 B CN103347020 B CN 103347020B CN 201310274824 A CN201310274824 A CN 201310274824A CN 103347020 B CN103347020 B CN 103347020B
- Authority
- CN
- China
- Prior art keywords
- application
- information
- source
- user
- utility cession
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a kind of system and method across application authorization access, wherein, described system comprises Web client, source application server and destination application server; Source application server comprises: source application service device, shake hands confirmation device and source application message storage device; Destination application server comprises: target application service unit, target application access registrar device, target application information-storing device and objective function device; The present invention proposes a kind of system and method across application access certification, achieve the embedded data access between different application, multiple application function can be accessed by unified entrance, be user-friendly to; Achieve the function sharing between application, reduce development cost; Whether user, without the need to offering new user in target application, has permission access destination application function and by source application controls, can decrease system maintenance work amount; By system and method for the present invention, can also apply and target application session by synchronisation source, avoid occurring because long-time linking objective application carries out operating and causing the situation of source utility cession time-out.
Description
Technical field
The present invention relates to a kind of data handling system, espespecially a kind of system and method across application authorization access.
Background technology
Along with the construction of all trades and professions IT system is maked rapid progress, often kind of business has corresponding IT application system substantially.In actual use, often there will be the situation of interleaving access between two or more application.Such as, a kind of situation, needs to enter the data that concern is checked in multiple application for integrated management department.According to the pattern of existing routine, need to offer user in multiple application, each switch application all needs to publish to log in, and repeatedly inputs username and password; Another kind of situation, each specialized department needs access integrated management application, if all users need to offer user in integrated management application, the system maintenance cost of integrated management application can be very high, also there will be application to be separated, repeatedly log in, repeatedly input the situation of username and password.There is following shortcoming in above-mentioned processing mode:
1, repeat to offer user, adding users uses complexity.
2, each switch application all needs to login to publish, and repeatedly inputs username and password, increases system complexity while adding users uses complexity.
3, offer all users in one application, increase system maintenance cost.
And existing across application access technology, as MASHUP, simple http protocol etc., also there is following shortcoming: do not have special session management, control of authority is not strong, cannot meet the access between the higher application of information security rank.
Summary of the invention
For solving the problem, present invention employs session persistence technology, by target program session confirming again at local terminal, realizing the secure access certification between two platforms.
For achieving the above object, the invention provides a kind of system across application authorization access, comprising Web client, source application server and destination application server; Wherein, described source application server comprises: source application service device, shake hands confirmation device and source application message storage device; Described destination application server comprises: target application service unit, target application access registrar device, target application information-storing device and objective function device; Described Web client, inputs user profile and user request information for user, and is sent to described source application service device; Described source application service device, for the source application identities of described user profile, described user request information and described source application server is integrated, generation source utility cession information stored in described source application message storage device, and is sent to described target application service unit; Described target application service unit receives described source utility cession information, by described source utility cession information stored in described target application information-storing device, and is forwarded to described target application access registrar device; Described target application access registrar device, for extracting the source application identities in the utility cession information of described source, certification source application access authority, after authentication success, described target application access registrar device extracts source application identities in the utility cession information of described source and user profile, handshaking information is generated, confirmation device of shaking hands described in being sent to after carrying out encapsulation process; Described confirmation device of shaking hands, receive described handshaking information, and according to the source utility cession information that described source application message storage device stores, the source application identities in described handshaking information and user profile are confirmed, generating shakes hands confirms that object information is sent to described target application access registrar device; Described target application access registrar device, according to described confirmation object information of shaking hands, is sent to described objective function device by described source utility cession information; Described objective function device, extracts the user request information in the utility cession information of described source, carries out processing rear generation user and accesses result, be sent to described Web client.
The invention allows for a kind of method across application authorization access, comprising: user inputs user profile and user request information; The source application identities of described user profile, described user request information and source application server is integrated, generates source utility cession information and preserve; Extract the source application identities in the utility cession information of described source, certification source application access authority, after authentication success, extract the source application identities in the utility cession information of described source and user profile, after carrying out encapsulation process, generate handshaking information; Receive described handshaking information, and according to source utility cession information, the source application identities in described handshaking information and user profile are confirmed, generate confirmation object information of shaking hands; According to described confirmation object information of shaking hands, extract the user request information in the utility cession information of described source, carry out processing rear generation user and access result.
The present invention proposes a kind of system and method across application access certification, achieve the embedded data access between different application, multiple application function can be accessed by unified entrance, be user-friendly to; Achieve the function sharing between application, reduce development cost; Whether user, without the need to offering new user in target application, has permission access destination application function and by source application controls, can decrease system maintenance work amount; By system and method for the present invention, can also apply and target application session by synchronisation source, avoid occurring because long-time linking objective application carries out operating and causing the situation of source utility cession time-out.
Accompanying drawing explanation
Accompanying drawing described herein is used to provide a further understanding of the present invention, forms a application's part, does not form limitation of the invention.In the accompanying drawings:
Fig. 1 is the structural representation of the system across application authorization access of one embodiment of the invention.
Fig. 2 is the structural representation of the system across application authorization access of another embodiment of the present invention.
Fig. 3 is the method flow diagram across application authorization access of one embodiment of the invention.
Fig. 4 is the method flow diagram across application authorization access of another embodiment of the present invention.
Embodiment
For making the object, technical solutions and advantages of the present invention clearly understand, below in conjunction with accompanying drawing, the embodiment of the present invention is described in further details.At this, schematic description and description of the present invention is for explaining the present invention, but not as a limitation of the invention.
Fig. 1 is the structural representation of the system across application authorization access of one embodiment of the invention.As shown in the figure, described system comprises: Web client 1, source application server 2 and destination application server 3.Wherein,
Source application server 2 comprises: source application service device 10, source application message storage device 20 and confirmation device 30 of shaking hands.Destination application server 3 comprises: target application service unit 40, target application access registrar device 50, target application information-storing device 60 and objective function device 70.
In the system of the present embodiment, Web client 1 connects source application service device 10 by internal network, and user by Web client input user profile and user request information, and is sent to source application service device 10.
In the present embodiment, Web client 1 can make the PC being provided with web browser, user has logged in source application by this device input account number cipher, carry out the use of source application, when other application accessed by needs, the solicited message of some function of input request access destination application, initiates the access to target application.
Source application service device 10 connects described session storage device, also be connected to target application service unit 40 by internal network, for the source application identities of corresponding for user user profile, user request information and source application server 2 is integrated, generation source utility cession information stored in source application message storage device 20, and is sent to target application service unit 40.
In the present embodiment, source application service device 10 is by user profile, the mark of the solicited message of some function of user's request access target application and source application is integrated, generation source utility cession information is sent to target application service unit 40, and by these information stored in source application message storage device 20.
Target application service unit 40 linking objective application access authenticate device 50 and target application information-storing device 60, for by source utility cession information stored in target application information-storing device 60, and be forwarded to target application access registrar device 50.
Target application access registrar device 50 linking objective functional device 70, also be connected to shake hands by internal network and confirm device 30, for the source application identities in extraction source utility cession information, certification source application access authority, after authentication success, target application access registrar device 50 extracts source application identities in the utility cession information of described source and user profile, generates handshaking information after carrying out encapsulation process, and being sent to shakes hands confirms device 30.
In the present embodiment, whether target application access registrar device 50 certification source application identities has permission the successful step then proceeded below of access destination application authorization, if authentification failure, accesses termination, returns source application server 2 one access failure information.
Shake hands and confirm that device 30 connects source application message storage device 20, for receiving handshaking information, and according to the source utility cession information that source application message storage device 20 stores, the source application identities in handshaking information and user profile are confirmed, generating shakes hands confirms that object information is sent to target application access registrar device 50.
In the present embodiment, shake hands and confirm that device 30 judges that whether source application identities in the handshaking information that destination server 3 sends and user profile be source application identities and the user profile of preservation in source application message storage device 20, return a confirmation object information of shaking hands to target application access registrar device 50, confirm if shake hands unsuccessfully, then to stop the access of target application.
Target application access registrar device 50, according to the result confirming object information of shaking hands, is sent to objective function device 70 by source utility cession information.
Objective function device 70 is connected to Web client 1 by internal network, and it is for the user request information in extraction source utility cession information, processes rear generation user and accesses result, be sent to Web client 1 to the application request of user.
Fig. 2 is the structural representation of the system across application authorization access of another embodiment of the present invention.As shown in the figure, compared to the structural representation shown in Fig. 1, in the system of the present embodiment, source application server 2 also comprises utility cession synchronizer 80, and destination application server 3 also comprises permission control device 90.
In the present embodiment, permission control device 90 linking objective application access authenticate device 50 and objective function device 70, the source utility cession information sent for receiving target application access authenticate device 50 also extracts user profile and user request information, judge whether user's request meets user's application permission corresponding to user profile, and the judged result information that generates is sent to objective function device 70.Such as: user's first can access destination application in A, B, C function, but it is request access C, D function in user request information, so this does not just meet user's application permission, can comprise in judged result information prompting user request information in C function can apply, D function have no right use information.
Objective function device 70 is according to judged result information, and the user request information in extraction source utility cession information, processes rear generation user to the application request of user and access result and be sent to Web client 1.
In the present embodiment, the user request information in objective function device 70 extraction source utility cession information, the application of synchronized information that also generates after processing the application request of user is sent to utility cession synchronizer 80;
Utility cession synchronizer 80 linking objective functional device 70 and source application message storage device 20, for receiving application of synchronized information, and carry out synchronous with the source utility cession information stored in source application message storage device 20.By the application of utility cession synchronizer 80 synchronisation source and target application session, avoid occurring because long-time linking objective application carries out operating and causing the situation of source utility cession time-out.
Such as: user can complete following data processing operation by said system:
1, user inputs user name password login first system.
2, user completes feature operation in first system.
3, user directly clicks menu in first system, accesses second systemic-function in first system, inputs user name password log in without the need to being switched to second system again.
Because user function realizes respectively in first, second two systems, user needs repeatedly to log in two systems before, and all needs to offer user in two systems, and by the present invention, user can complete all functions in first system, without the need to being switched to second system again.
In system application in the past, user needs repeatedly to log in above-mentioned two systems, and also needs to offer user in above-mentioned two systems.
And utilizing the system across application authorization access of the present invention, user can initial landing Web client 1, first can log in first system by account password, carry out associative operation process.
When user needs to conduct interviews to second, user can send access request, the identification information of source application service device 10 pairs of user profile, user request information and first system is integrated, and generates source utility cession information and preserves and be sent to target application service unit 40.
Source utility cession information is preserved and is forwarded to target application access registrar device 50 by target application service unit 40; Target application access registrar device 50 extracts the identification information of first system, carries out certification to the legitimacy, fail safe etc. of first system, and after authentication success, 50, target application access registrar device can generate handshaking information and be sent to confirmation device 30 of shaking hands; Wherein handshaking information includes identification information and the user profile of first system.
Shake hands and confirm that the information of handshaking information and storage can be compared by device 30, confirm this session, return a confirmation result of shaking hands after confirmation to target application access registrar device 50, then two methods is shaken hands successfully.
Shake hands successfully, source utility cession information is sent to permission control device 90 by target application access registrar device 50; Permission control device 90 extracts user profile and user request information, judges the application permission of user according to user profile, does not have the operating right of second system, generates a judged result.
70, objective function device processes user request information according to judged result, generates user and accesses result, be back to Web client 1.User can to conduct interviews operation to second system.
By the system across application authorization access of the present invention, user can complete the function of multiple target application system in an application system, without the need to switched system again, repeats input account information etc. and is awkward.Achieve the function sharing between application, reduce development cost; Whether user, without the need to offering new user in target application, has permission access destination application function and by source application controls, can decrease system maintenance work amount.
Fig. 3 is the method flow diagram across application authorization access of one embodiment of the invention.As shown in the figure, described method comprises:
Step S301, user inputs user profile and user request information.
Step S302, integrates the source application identities of described user profile, described user request information and source application server, generates source utility cession information and preserves.
Step S303, extracts the source application identities in the utility cession information of described source, certification source application access authority, after authentication success, extracts the source application identities in the utility cession information of described source and user profile, generates handshaking information after carrying out encapsulation process.
Step S304, receives described handshaking information, and confirms the source application identities in described handshaking information and user profile according to source utility cession information, generates confirmation object information of shaking hands.
Step S305, according to described confirmation object information of shaking hands, extracts the user request information in the utility cession information of described source, carries out processing rear generation user and accesses result.
Fig. 4 is the method flow diagram across application authorization access of another embodiment of the present invention.As shown in the figure, described method comprises:
Step S401, user inputs user profile and user request information.
Step S402, integrates the source application identities of described user profile, described user request information and source application server, generates source utility cession information and preserves.
Step S403, extracts the source application identities in the utility cession information of described source, certification source application access authority, after authentication success, extracts the source application identities in the utility cession information of described source and user profile, generates handshaking information after carrying out encapsulation process.
Step S404, receives described handshaking information, and confirms the source application identities in described handshaking information and user profile according to source utility cession information, generates confirmation object information of shaking hands.
Step S405, according to confirmation object information of shaking hands, extracts described user profile and user request information, judges whether user's request meets user's application permission corresponding to user profile, generates a judged result information.
Step S406, according to judged result information, the user request information in extraction source utility cession information, carries out processing rear generation user and accesses result, also generate an application of synchronized information.
Step S407, receives described application of synchronized information, and carries out synchronous with the source utility cession information of preserving in the application message storage device of described source.
The present invention proposes a kind of system and method across application access certification, achieve the embedded data access between different application, multiple application function can be accessed by unified entrance, be user-friendly to; Achieve the function sharing between application, reduce development cost; Whether user, without the need to offering new user in target application, has permission access destination application function and by source application controls, can decrease system maintenance work amount; By system and method for the present invention, can also apply and target application session by synchronisation source, avoid occurring because long-time linking objective application carries out operating and causing the situation of source utility cession time-out.
Above-described specific embodiment; object of the present invention, technical scheme and beneficial effect are further described; be understood that; the foregoing is only specific embodiments of the invention; the protection range be not intended to limit the present invention; within the spirit and principles in the present invention all, any amendment made, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (2)
1., across a system for application authorization access, it is characterized in that, comprise Web client, source application server and destination application server; Wherein, described source application server comprises: source application service device, shake hands confirmation device, source application message storage device and utility cession synchronizer; Described destination application server comprises: target application service unit, target application access registrar device, target application information-storing device, objective function device and permission control device;
Described Web client, inputs user profile and user request information for user, and is sent to described source application service device;
Described source application service device, for the source application identities of described user profile, described user request information and described source application server is integrated, generation source utility cession information stored in described source application message storage device, and is sent to described target application service unit;
Described target application service unit, receives described source utility cession information, by described source utility cession information stored in described target application information-storing device, and is forwarded to described target application access registrar device;
Described target application access registrar device, for extracting the source application identities in the utility cession information of described source, certification source application access authority, after authentication success, described target application access registrar device extracts source application identities in the utility cession information of described source and user profile, handshaking information is generated, confirmation device of shaking hands described in being sent to after carrying out encapsulation process;
Described confirmation device of shaking hands, receive described handshaking information, and according to the source utility cession information that described source application message storage device stores, the source application identities in described handshaking information and user profile are confirmed, generating shakes hands confirms that object information is sent to described target application access registrar device;
Described target application access registrar device, according to described confirmation object information of shaking hands, is sent to described permission control device by described source utility cession information;
Permission control device, receives described source utility cession information and extracts described user profile and user request information, judges whether user's request meets user's application permission corresponding to user profile, and the judged result information that generates is sent to described objective function device;
Described objective function device, extract the user request information in the utility cession information of described source, carry out processing rear generation user and access result and application of synchronized information, user is accessed result and be sent to described Web client, application of synchronized information is sent to described utility cession synchronizer;
Described utility cession synchronizer receives described application of synchronized information, and carries out synchronous with the source utility cession information stored in the application message storage device of described source.
2., across a method for application authorization access, it is characterized in that, comprising:
User inputs user profile and user request information;
The source application identities of described user profile, described user request information and source application server is integrated, generates source utility cession information and preserve;
Extract the source application identities in the utility cession information of described source, certification source application access authority, after authentication success, extract the source application identities in the utility cession information of described source and user profile, after carrying out encapsulation process, generate handshaking information;
Receive described handshaking information, and according to source utility cession information, the source application identities in described handshaking information and user profile are confirmed, generate confirmation object information of shaking hands;
According to described confirmation object information of shaking hands, extract the user request information in the utility cession information of described source, judge whether user's request meets user's application permission corresponding to user profile, generates a judged result information;
According to judged result information, the user request information in extraction source utility cession information, carries out processing rear generation user and accesses result, also generate an application of synchronized information;
Receive described application of synchronized information, and carry out synchronous with the described source utility cession information of preserving.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310274824.3A CN103347020B (en) | 2013-07-02 | 2013-07-02 | A kind of system and method across application authorization access |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310274824.3A CN103347020B (en) | 2013-07-02 | 2013-07-02 | A kind of system and method across application authorization access |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103347020A CN103347020A (en) | 2013-10-09 |
CN103347020B true CN103347020B (en) | 2016-03-30 |
Family
ID=49281794
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310274824.3A Active CN103347020B (en) | 2013-07-02 | 2013-07-02 | A kind of system and method across application authorization access |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103347020B (en) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104836818A (en) * | 2014-02-07 | 2015-08-12 | 倚硕科技股份有限公司 | System of dynamically loading human-computer interface and service setting in portable device, and method thereof |
CN104852962A (en) * | 2015-04-09 | 2015-08-19 | 乐视致新电子科技(天津)有限公司 | Method, terminal device, server and system for processing focused information |
CN106302303A (en) * | 2015-05-11 | 2017-01-04 | 林友哲 | A kind of for across application user profile transmission log in agreement operation method |
CN106357718B (en) * | 2015-07-13 | 2019-12-24 | 阿里巴巴集团控股有限公司 | Information processing method and device, electronic terminal, network terminal equipment and system |
CN106357591A (en) * | 2015-07-16 | 2017-01-25 | 中兴通讯股份有限公司 | Inter-application data access method and device |
US11424931B2 (en) * | 2016-01-27 | 2022-08-23 | Blackberry Limited | Trusted execution environment |
CN107105036B (en) * | 2017-04-24 | 2020-10-23 | 深信服科技股份有限公司 | Activity tracing method and system for server |
US10659464B2 (en) * | 2017-05-10 | 2020-05-19 | Microsoft Technology Licensing, Llc | Securely authenticating a bot user |
CN109347940B (en) * | 2018-10-09 | 2021-03-02 | 创新先进技术有限公司 | Method and device for processing cross-domain service request and request for cross-domain service |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101635707A (en) * | 2008-07-25 | 2010-01-27 | 国际商业机器公司 | Method for providing identity management for user in Web environment and device thereof |
CN103179089A (en) * | 2011-12-21 | 2013-06-26 | 富泰华工业(深圳)有限公司 | System and method for identity authentication for accessing of different software development platforms |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130091557A1 (en) * | 2011-10-11 | 2013-04-11 | Wheel Innovationz, Inc. | System and method for providing cloud-based cross-platform application stores for mobile computing devices |
-
2013
- 2013-07-02 CN CN201310274824.3A patent/CN103347020B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101635707A (en) * | 2008-07-25 | 2010-01-27 | 国际商业机器公司 | Method for providing identity management for user in Web environment and device thereof |
CN103179089A (en) * | 2011-12-21 | 2013-06-26 | 富泰华工业(深圳)有限公司 | System and method for identity authentication for accessing of different software development platforms |
Also Published As
Publication number | Publication date |
---|---|
CN103347020A (en) | 2013-10-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103347020B (en) | A kind of system and method across application authorization access | |
CN108901022B (en) | Micro-service unified authentication method and gateway | |
CN107332808B (en) | Cloud desktop authentication method, server and terminal | |
CN103139200B (en) | A kind of method of Web service single-sign-on | |
CN104348777B (en) | The access control method and system of a kind of mobile terminal to third-party server | |
CN106330816B (en) | A kind of method and system logging in cloud desktop | |
CN102833235B (en) | Identity card management device | |
CN114679293A (en) | Access control method, device and storage medium based on zero trust security | |
CN105554098B (en) | A kind of equipment configuration method, server and system | |
CN109413096B (en) | A kind of login method and device more applied | |
CN104735065B (en) | A kind of data processing method, electronic equipment and server | |
EP2391083A1 (en) | Method for realizing authentication center and authentication system | |
CN110958111A (en) | Electric power mobile terminal identity authentication mechanism based on block chain | |
EP2974208A1 (en) | Actively federated mobile authentication | |
CN109067785A (en) | Cluster authentication method, device | |
CN106357609A (en) | User creation method and system, public network server and private cloud equipment | |
Crossman et al. | Study of authentication with IoT testbed | |
Sahadevan et al. | An offline online strategy for IoT using MQTT | |
Huang et al. | A token-based user authentication mechanism for data exchange in RESTful API | |
CN106415519B (en) | The unified cloud storage of safety | |
CN108712376B (en) | Verification method and device for server login | |
CN105162774A (en) | Virtual machine login method and device used for terminal | |
CN102412969B (en) | Method for carrying out authentication by remotely using certificate and secret key, apparatus and system thereof | |
CN105721274B (en) | The fusion method and device of one kind of multiple instant messagings | |
US10931662B1 (en) | Methods for ephemeral authentication screening and devices thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |