CN104065612B - A kind of user management method, device and Union user management system - Google Patents
A kind of user management method, device and Union user management system Download PDFInfo
- Publication number
- CN104065612B CN104065612B CN201310085024.7A CN201310085024A CN104065612B CN 104065612 B CN104065612 B CN 104065612B CN 201310085024 A CN201310085024 A CN 201310085024A CN 104065612 B CN104065612 B CN 104065612B
- Authority
- CN
- China
- Prior art keywords
- user
- information
- servicetick
- operation system
- management system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The embodiment of the present invention provides a kind of user management method, device and Union user management system, multiple user types corresponding with different operation authority can be configured in operation system, the user type full dose of itself configuration can be synchronized to Subscriber Management System by operation system.Subscriber Management System is fed back in the operation system to operation system, the user type of user so that operation system can determine the operating right of user according to user type, so as to realize the validity judgement of the Operational Visit request to user.
Description
Technical field
The present invention relates to the communications field, more particularly to a kind of user management method, device and Union user management system.
Background technology
At present, in the user management method of operation system, including mobile proxy system(Mobile Agent
System, MAS)Pattern and Application Data Center(Application data Center, ADC)Pattern.
Under MAS patterns, the main implementation that part is inserted using pedestal.Subscriber Management System as pedestal is only realized
To the access-in management of each operation system, the management of the user data to each operation system is not realized.Therefore, it is necessary to system
Keeper adds user data in each operation system as plug-in unit respectively(That is user account information)With configuration user behaviour
Make authority, each operation system is separate, each Self management user.When user needs to use multiple operation systems, it is necessary to
Login authentication is carried out respectively in each operation system.
Under ADC mode, although realizing single-sign-on, Subscriber Management System is needed to each operation system synchronization user
Data, and need that the operating right of user is respectively configured for each operation system.
In existing scheme, when Subscriber Management System is the operating right of each operation system of user configuration, user management system
System needs the user data according to the user, the operating right of the user is inquired about to each operation system respectively, by the operating right
The user is distributed to, and Light Directory Access Protocol can be stored in(Lightweight Directory Access
Protocol, LADP)In.After the certification that user passes through Subscriber Management System, single-sign-on to operation system, grasped every time
When making, operation system is according to the user data of the user, as user name inquires about to Subscriber Management System the operating right of the user,
So as to learn whether the user can carry out this operation.
Therefore, there is problems with prior art:
(1), for each user, each operation system that Subscriber Management System is both needed to use to the user inquires about the user
Operating right;And it is both needed to inquire about the behaviour of the user to Subscriber Management System for each operation of a user, operation system
Make authority.Because the data query operation between operation system and Subscriber Management System is frequent, can cause to take substantial amounts of system
Resource.And during due to carrying out data query every time, it is required to carry user data so that the risk that user data is stolen by hacker
Property is higher.
(2), Subscriber Management System need to each operation system synchronizing user data, thus there may be each operation system with
The problem of user data in Subscriber Management System is inconsistent.
The content of the invention
The embodiment of the present invention provides a kind of user management method, device and Union user management system, for improving user
The security of data.
A kind of user management method, methods described include:
Subscriber Management System receives the authentication business system that operation system is sent and accesses label ServiceTick requests, institute
State in certification ServiceTick requests and carry ServiceTick information corresponding to the operation system;
The Subscriber Management System is authenticated to the ServiceTick information, and is believed to the ServiceTick
Cease certification by when, carried to the operation system return authentication response message, in the authentication response message user's mark with
And user type, the user are identified as user corresponding to the ServiceTick information and identified, the user type is described
In all user types that Subscriber Management System is sent in advance from the operation system, corresponding to the user that determines mark
User type;
Wherein, operation system operating right according to corresponding to the user type, it is determined that identifying table to the user
The response results for the Operational Visit request that the user shown sends.
A kind of user management method, methods described include:
Operation system receives the Operational Visit that user is sent by browser and asked;
The operation system is according to operating right, it is determined that the response results asked the Operational Visit that the user sends,
The operating right is operation system user type according to corresponding to the predetermined user, and that determines is corresponding
Operating right;
Wherein, the user type determines in the following manner:
The operation system sends authentication business system to Subscriber Management System and accesses label ServiceTick requests, institute
State in certification ServiceTick requests and carry ServiceTick information corresponding to the operation system;Receive the user management
The authentication response message that system is sent, the user's mark and user type of the user are carried in the authentication response message,
The user type is in all user types that the Subscriber Management System is sent in advance from the operation system, is determined
User type corresponding to user's mark.
A kind of user management device, described device include:
Receiving module, the authentication business system for receiving operation system transmission access label ServiceTick requests, institute
State in certification ServiceTick requests and carry ServiceTick information corresponding to the operation system;
Authentication module, for being authenticated to the ServiceTick information, and to the ServiceTick information
Certification by when, carried to the operation system return authentication response message, in the authentication response message user's mark and
User type, the user are identified as user corresponding to the ServiceTick information and identified, and the user type is from described
In all user types that operation system is sent in advance, user type corresponding to the user that determines mark;Wherein, it is described
Operation system operating right according to corresponding to the user type, it is determined that identifying the business that the user represented sends to the user
The response results of access request.
A kind of user management device, described device include:
Determining module, label ServiceTick requests, institute are accessed for sending authentication business system to Subscriber Management System
State in certification ServiceTick requests and carry ServiceTick information corresponding to operation system;Receive the Subscriber Management System
The authentication response message of transmission, the user's mark and user type of the user are carried in the authentication response message, it is described
User type is that determines is described in all user types that the Subscriber Management System is sent in advance from the operation system
User type corresponding to user's mark;
Receiving module, asked for receiving the Operational Visit that user is sent by browser;
Respond module, for according to operating right, it is determined that the response results asked the Operational Visit that the user sends,
The operating right is the user type received according to the determining module, the corresponding operating right determined.
A kind of Union user management system, the system include Subscriber Management System and at least one operation system, wherein:
The operation system, label is accessed for sending authentication business system to the Subscriber Management System
ServiceTick is asked, and carrying ServiceTick corresponding to the operation system in the certification ServiceTick requests believes
Breath;The operating right according to corresponding to the user type received, it is determined that identifying what the user represented sent to the user received
The response results of Operational Visit request;
The Subscriber Management System, for being authenticated to the ServiceTick information, and to described
ServiceTick authentification of messages by when, disappear to the operation system return authentication response for sending the ServiceTick information
Cease, user's mark and user type are carried in the authentication response message, the user is identified as the ServiceTick letters
User corresponding to breath identifies, and the user type is industry of the Subscriber Management System from the transmission ServiceTick information
In all user types that business system is sent in advance, user type corresponding to the user that determines mark.
The scheme provided according to embodiments of the present invention, operation system can send itself configuration to Subscriber Management System in advance
All user types, a user type corresponds to a kind of operating right to the operation system.Subscriber Management System exists
To the ServiceTick authentification of messages that operation system is sent by when, it is corresponding to return to the ServiceTick information to operation system
User's mark, and user mark is in user type corresponding to the operation system so that operation system can be according to connecing
The user type received, it is determined that the user received identifies the user represented to the operating right of itself.
Therefore, operation system can be used when receiving the Operational Visit request of user's transmission every time without repeating inquiry
Family management system, you can with the operating right corresponding to the user type according to corresponding to the user, to the Operational Visit of the user
Request carries out validity judgement, reduces inquiry times of the operation system to Subscriber Management System.Further, since operation system is
All user types of itself configuration are transmitted to Subscriber Management System, you can disposably to pass the operating right of all users
Pass Subscriber Management System so that Subscriber Management System inquires about the operating right of the user, also respectively without being directed to each user
Reduce inquiry times of the Subscriber Management System to operation system.Due to inquiry times between Subscriber Management System and operation system
Reduction, the security of user data can be improved, and effectively reduce the occupancy of system resource.And due to operation system according to
Family type can determine that user need not carry out user in operating right corresponding to itself, Subscriber Management System to each operation system
Data syn-chronization, the problem of user data in each operation system and Subscriber Management System can also be avoided inconsistent.
Brief description of the drawings
Fig. 1 is the step flow chart for the user management method that the embodiment of the present invention one provides;
Fig. 2 is the structural representation for the user management device that the embodiment of the present invention two provides;
Fig. 3 is the step flow chart for the user management method that the embodiment of the present invention three provides;
Fig. 4 is the structural representation for the user management device that the embodiment of the present invention four provides;
Fig. 5 is the schematic flow sheet for the user data configuration that the embodiment of the present invention five provides;
Fig. 6 is the step flow chart for the user management method that the embodiment of the present invention five provides;
Fig. 7 is the structural representation for the Subscriber Management System that the embodiment of the present invention six provides;
Fig. 8 is the structural representation for the Subscriber Management System that the embodiment of the present invention six provides.
Embodiment
In the scheme that various embodiments of the present invention provide, it can be configured in operation system corresponding with different operation authority
The user type full dose of itself configuration can be synchronized to Subscriber Management System by multiple user types, operation system.User management
System is fed back in the operation system to operation system, the user type of user so that operation system can be according to user type
The operating right of user is determined, so as to realize the validity judgement of the Operational Visit request to user.
The preferred embodiments of the present invention are illustrated below in conjunction with Figure of description, it will be appreciated that described herein
Preferred embodiment is merely to illustrate and explain the present invention, and is not intended to limit the present invention.And in the case where not conflicting, this Shen
Please in embodiment and embodiment in feature can be mutually combined.
Embodiment one,
The embodiment of the present invention one provides a kind of user management method, from Subscriber Management System side to user provided by the invention
Management method illustrates, the step flow of this method can with as shown in figure 1, including:
Step 101, Subscriber Management System receive authentication business system and access label(ServiceTick)Request.
In the present embodiment, Subscriber Management System can be to the user type of operation system feedback user so that business system
System can determine the operating right of user according to the user type of user.Specifically, Subscriber Management System can be to certification
The user type of user is carried in the authentication response message of ServiceTick requests.
Therefore, in this step, Subscriber Management System can receive the certification ServiceTick that operation system is sent and ask
Ask, ServiceTick information corresponding to the operation system is carried in the certification ServiceTick requests.
Step 102, Subscriber Management System return authentication response message.
Subscriber Management System is authenticated to the ServiceTick information, to the ServiceTick authentification of messages
By when, user's mark and user are carried to the operation system return authentication response message, in the authentication response message
Type, the user are identified as user corresponding to the ServiceTick information and identified, and the user type is user's pipe
In all user types that reason system is sent in advance from the operation system, user class corresponding to the user that determines mark
Type.So that will be in the operation system, user type corresponding to user's mark feeds back to the operation system.
Certainly, in the present embodiment, multiple user class corresponding with operating right can be configured in operation system in advance
The advance full dose of each user type of itself configuration can be synchronized to Subscriber Management System by type, operation system.Therefore, equivalent to
Operating right corresponding to all users can disposably be passed to Subscriber Management System by operation system, greatly reduce user's pipe
Reason system inquires about the number of user's operating right to operation system.
For example, it is assumed that being configured with three user types in operation system in advance, used respectively with the first user type, second
Family type and the 3rd user type represent that the first user type, second user type and the 3rd user type are in the operation system
In corresponding operating right be respectively the first operating right, the second operating right and the 3rd operating right.
The operation system can be synchronous by the first user type, second user type and the advance full dose of the 3rd user type
To Subscriber Management System.
When Subscriber Management System passes through to ServiceTick authentification of messages, it is possible to by the ServiceTick information pair
The user's mark answered, and the user identify the user represented in the operation system, and corresponding user type is sent to institute
State operation system.
Certainly, in Subscriber Management System, user has been pre-configured with it(User identifies)With being used in the operation system
The corresponding relation of family type.
Further, before step 101, Subscriber Management System can also be to temporary text files(Cookie)Information is entered
Before step 101 row checking, i.e., can further include following steps:
Step 101 ', Subscriber Management System receive certification Cookie request.
Subscriber Management System can also be authenticated to cookie information, to realize single-sign-on.In this step, user
Management system can receive the certification Cookie that user is sent by browser and ask, and be carried in the certification Cookie requests
Cookie information.
Step 101 ", Subscriber Management System certification cookie information.
In this step, Subscriber Management System is authenticated to cookie information, so that it is determined that carrying out the use of single-sign-on
Whether family had logged in.
The Subscriber Management System is it is determined that user account information corresponding to the cookie information is not present or described
When user account information is invalid corresponding to cookie information, it is determined that the user for carrying out single-sign-on did not logged in, can be to institute
State browser and return to login page, ask the user to input user account information.
The Subscriber Management System is when it is determined that user account information corresponding to the cookie information is effective, it is determined that carrying out
The user of single-sign-on had logged in, and can be that the operation system distributes ServiceTick information, and to the browser
Return to the ServiceTick information and the cookie information(Now, the ServiceTick information i.e. with it is described
Cookie information establishes corresponding relation, that is, establishes ServiceTick information use corresponding with the cookie information
Family accounts information(In user mark)Corresponding relation), wherein, the browser carries the ServiceTick information weight
It is directed to the operation system.So that operation system can send certification ServiceTick requests to Subscriber Management System.
Same inventive concept is based on the embodiment of the present invention one, there is provided following user management device.
Embodiment two,
The embodiment of the present invention two provides a kind of user management device, and the user management device can be integrated in embodiment one and relate to
And Subscriber Management System in, the structure of the device can with as shown in Fig. 2 including:
The authentication business system that receiving module 11 is used to receive operation system transmission accesses label ServiceTick requests,
ServiceTick information corresponding to the operation system is carried in the certification ServiceTick requests;
Authentication module 12 is used to be authenticated the ServiceTick information, and to the ServiceTick information
Certification by when, carried to the operation system return authentication response message, in the authentication response message user's mark and
User type, the user are identified as user corresponding to the ServiceTick information and identified, and the user type is from described
In all user types that operation system is sent in advance, user type corresponding to the user that determines mark;Wherein, it is described
Operation system operating right according to corresponding to the user type, it is determined that identifying the business that the user represented sends to the user
The response results of access request.
The receiving module 11 is additionally operable to the certification temporary text files Cookie that reception user is sent by browser please
Ask, cookie information is carried in the certification Cookie requests;
The authentication module 12 is additionally operable to it is determined that user account information corresponding to the cookie information is not present or institute
When stating that user account information is invalid corresponding to cookie information, login page is returned to the browser, asks the user defeated
Access customer accounts information;When it is determined that user account information corresponding to the cookie information is effective, for the operation system point
The ServiceTick information and the cookie information are returned with the ServiceTick information, and to the browser,
Wherein, the browser carries the ServiceTick information and is redirected to the operation system.
Embodiment three,
The embodiment of the present invention three provides a kind of user management method, from business system side to user management provided by the invention
Method illustrates, the step flow of this method can with as shown in figure 3, including:
Step 201, operation system receive Operational Visit request.
Operation system, can be according to the user type being previously received, to determine user during to user management
Operational Visit request legitimacy., should to Subscriber Management System inquiry during without receiving Operational Visit request every time
The operating right of user, so as to reduce the inquiry times to Subscriber Management System.
In this step, operation system receives the Operational Visit that user is sent by browser and asked.
Step 202, operation system determine response results.
In this step, operation system can be according to the operating right corresponding to the user type of user, it is determined that to the use
The response results of the Operational Visit request at family.
Specifically, in this step, the operation system is according to operating right, it is determined that visiting the business that the user sends
The response results of request are asked, the operating right is operation system user class according to corresponding to the predetermined user
Type, the corresponding operating right determined.
Wherein, the user type determines in the following manner:
The operation system sends authentication business system to Subscriber Management System and accesses label ServiceTick requests, institute
State in certification ServiceTick requests and carry ServiceTick information corresponding to the operation system;Receive the user management
The authentication response message that system is sent, the user's mark and user type of the user are carried in the authentication response message,
The user type is in all user types that the Subscriber Management System is sent in advance from the operation system, is determined
User type corresponding to user's mark.
Specifically, the operation system sends authentication business system to Subscriber Management System accesses label ServiceTick
Before request, the operation system receives the operation system access request that the user is sent by browser;
Then, the operation system sends authentication business system to Subscriber Management System and accesses label ServiceTick requests,
Specifically include:
The operation system judges whether carry ServiceTick information in the operation system access request:
When it is determined that carrying ServiceTick information in the operation system access request, determine Subscriber Management System
User described in warp-wise has signed and issued the bill of the access operation system, can send certification to Subscriber Management System
ServiceTick is asked;
When it is determined that not carrying ServiceTick information in the operation system access request, user management system is determined
System does not sign and issue the bill for accessing the operation system to the user, can be redirected to the browser;Wherein, it is described clear
Device of looking at sends certification temporary text files Cookie requests to the Subscriber Management System, is carried in the certification Cookie requests
Cookie information;The Subscriber Management System is it is determined that user account information corresponding to the cookie information is not present or described
When user account information is invalid corresponding to cookie information, login page is returned to the browser, asks the user to input
User account information;The Subscriber Management System is when it is determined that user account information corresponding to the cookie information is effective
The operation system distributes the ServiceTick information, and returns to the ServiceTick information and institute to the browser
Cookie information is stated, the browser carries the ServiceTick information and is redirected to the operation system.
Same inventive concept is based on the embodiment of the present invention three, there is provided following user management device.
Example IV,
The embodiment of the present invention four provides a kind of user management device, and the user management device can be integrated in embodiment one and relate to
And operation system in, the structure of the device can with as shown in figure 4, including:
Determining module 21 is used to send the access label ServiceTick requests of authentication business system to Subscriber Management System,
ServiceTick information corresponding to operation system is carried in the certification ServiceTick requests;Receive the user management system
Unite the authentication response message sent, the user's mark and user type of the user, institute are carried in the authentication response message
It is the institute determined in all user types that the Subscriber Management System is sent in advance from the operation system to state user type
State user type corresponding to user's mark;
Receiving module 22 is used to receive the Operational Visit request that user is sent by browser;
Respond module 23 is used for according to operating right, it is determined that the response knot asked the Operational Visit that the user sends
Fruit, the operating right are the user types received according to the determining module, the corresponding operating right determined.
The receiving module 22 is additionally operable to receive the operation system access request that the user is sent by browser;
The determining module 21 is specifically used for judging whether carry ServiceTick letters in the operation system access request
Breath:
When it is determined that carrying ServiceTick information in the operation system access request, sent to Subscriber Management System
Certification ServiceTick is asked;
When it is determined that not carrying ServiceTick information in the operation system access request, it is redirected to described clear
Look at device;Wherein, the browser sends certification temporary text files Cookie requests, the certification to the Subscriber Management System
Cookie information is carried in Cookie requests;The Subscriber Management System is it is determined that user account corresponding to the cookie information
Information be not present or the cookie information corresponding to user account information it is invalid when, to the browser return login page,
The user is asked to input user account information;The Subscriber Management System is it is determined that user's account corresponding to the cookie information
When family information is effective, the ServiceTick information is distributed for the operation system, and to described in browser return
ServiceTick information and the cookie information, the browser carrying ServiceTick information are redirected to described
Operation system.
The scheme of the embodiment of the present invention one~tetra- is illustrated below by a specific example.
Embodiment five,
The embodiment of the present invention five provides a kind of user management method, and in implementation process, the flow of user data configuration can
With as shown in figure 5, including:
The first step, system manager configure user type in operation system.
Each user type corresponds to a kind of operating right.
In Figure 5, illustrated by taking an operation system as an example.Operation for each operation system is identical.
Second step, operation system synchronization user type to Subscriber Management System.
After good user type corresponding with various operating rights is configured in operation system, operation system can match somebody with somebody itself
All user type full doses put are synchronized to Subscriber Management System.
3rd step, Subscriber Management System binding information.
In this step, Subscriber Management System can be by user type corresponding to each operation system, with the operation system
Log-on message is bound, so as to establish the corresponding relation of operation system and user type.If an operation system is not managed in user
Registered in reason system, then Bind Failed.
4th step, Subscriber Management System feedback binding result.
Subscriber Management System is by user type corresponding to an operation system, the log-on message binding with the operation system
Afterwards, binding success information can be fed back to the operation system.Certainly, if Bind Failed, that is, determining that the operation system is not noted
Volume, Bind Failed information can be fed back to the operation system.
5th step, system manager create user.
Each operation system is directed in Subscriber Management System, establishes the operation system, user class corresponding with the operation system
After the corresponding relation of type, you can to create user.
In this step, system manager can create user by Subscriber Management System, be selected for the user available
Operation system, and each available operation system is directed to, distribute the user type of the user.
Certainly, Subscriber Management System can preserve the relevant information of the user of system manager's establishment.
After user data configuration is carried out in advance, you can to realize user management.Specifically, in the present embodiment, use
The step flow of family management method can with as shown in fig. 6, including:
Step 301, user send operation system access request by browser.
Step 302, operation system are judged in operation system access request, if carry ServiceTick information.
If operation system determines to carry ServiceTick information in operation system access request, execution can be redirected
Step 309, otherwise, step 303 can be continued executing with.
Step 303, operation system are redirected to browser.
Step 304, browser are redirected to Subscriber Management System, carry cookie information.
Step 305, Subscriber Management System certification cookie information.
Subscriber Management System is it is determined that user account information corresponding to the cookie information is not present or the Cookie
When user account information is invalid corresponding to information, step 306 is performed;The Subscriber Management System is it is determined that the cookie information
When corresponding user account information is effective, step 307 is performed.
Step 306, Subscriber Management System return to login page to the browser.
In this step, Subscriber Management System returns to login page to the browser, asks the user to input user
Accounts information.
Step 307, Subscriber Management System returns to the ServiceTick information to the browser and the Cookie believes
Breath.
Subscriber Management System is that the operation system distributes the ServiceTick information, and is returned to the browser
The ServiceTick information and the cookie information.
Step 308, the browser are redirected to the operation system.
In this step, the browser carries the ServiceTick information and is redirected to the operation system.
Step 309, operation system send certification ServiceTick requests to Subscriber Management System.
In the certification ServiceTick requests, the ServiceTick information is carried.
Step 310, Subscriber Management System return authentication response message.
If Subscriber Management System is to the ServiceTick authentification of messages by returning and recognizing to the operation system
Response message is demonstrate,proved, user's mark of the user is carried in the authentication response message(Such as, user name)And in the business
In system, user type corresponding to user's mark.
Step 311, operation system batch operation authority.
Operation system can be according to the user type received, the user type and pair of operating right that are configured according to itself
It should be related to, determine the user in operating right corresponding to itself.
Step 312, operation system are redirected to browser.
Operation system be user's batch operation authority after, raw requests address can be redirected to.
Mainly single-sign-on process is illustrated for step 301~step 312.After step 312, operation system can
The Operational Visit sent with receiving user by browser is asked, and the operating right of the user determined according to step 311,
It is determined that to each Operational Visit request response results, without every time receive Operational Visit request when, to user management
System repeats to inquire about the operating right of user.
Further, the embodiment of the present invention six provides a kind of Union user management system.
Embodiment six,
The embodiment of the present invention six provides a kind of Union user management system, the structure of the system can with as shown in fig. 7, comprises
Subscriber Management System 31(The Subscriber Management System being related to equivalent to embodiment one~five)With at least one operation system 32(Quite
In the operation system that embodiment one~five is related to), i.e. it can include multiple operation systems in a Union user management system, its
In:
The operation system 32 is used to send authentication business system access label to the Subscriber Management System
ServiceTick is asked, and carrying ServiceTick corresponding to the operation system in the certification ServiceTick requests believes
Breath;The operating right according to corresponding to the user type received, it is determined that identifying what the user represented sent to the user received
The response results of Operational Visit request;
The Subscriber Management System 31 is used to be authenticated the ServiceTick information, and to described
ServiceTick authentification of messages by when, disappear to the operation system return authentication response for sending the ServiceTick information
Cease, user's mark and user type are carried in the authentication response message, the user is identified as the ServiceTick letters
User corresponding to breath identifies, and the user type is industry of the Subscriber Management System from the transmission ServiceTick information
In all user types that business system is sent in advance, user type corresponding to the user that determines mark.
Certainly, in the present embodiment, further Module Division can be carried out to Subscriber Management System.For example, such as Fig. 8 institutes
Show, Subscriber Management System can be divided into registration management module, user type management module, user management module and single-point and stepped on
Authentication module is recorded, wherein:
Registration management module, it can be understood as realizing registration of each operation system in Subscriber Management System.Receiving
To operation system registration request when, if the log-on message of operation system is legal, can preserve operation system pertinent registration letter
Breath.
User type management module, it can be understood as preserving each operation system, user corresponding with the operation system
The corresponding relation of type, realize the binding of user type and log-on message.
User management module, it can be understood as system manager's login user management system, create user, configuration is used
Operation system workable for family accounts information, user and the user type of user and preservation.
Single sign-on authentication module, it can be understood as when user is by browser access operation system, realizing system
One user authentication.
Similar, further Module Division can also be carried out to operation system.For example, as shown in figure 8, can be by business system
System is divided into authentication registration module, user type configuration module, business function and realizes module and login authentication module, wherein:
Authentication registration module, it can be understood as initiating authentication registration flow to Subscriber Management System.In log-on message
It can include:The unique mark of operation system(Single Identifation, SID), user's access service system entrance system
One URLs(Uniform Resource Locator, URL)Address.
User type configuration module, it can be understood as the user type for system manager's configuration service system.And can
With the various user types synchronously configured to Subscriber Management System.
Business function module, it can be understood as realizing the miscellaneous service function of operation system.
Login authentication module, it can be understood as realizing single-sign-on.
In fig. 8, by taking an operation system as an example, show each module of operation system and each module of Subscriber Management System it
Between annexation.Certainly, when Union user management system includes multiple operation systems, each operation system and user management
Annexation between system is similar, is not repeated.
The scheme provided according to various embodiments of the present invention, realizes user in multiservice system by the transmission of user type
Operating right control.The user type full dose that itself is configured is synchronized to Subscriber Management System, system administration by each operation system
Member Subscriber Management System carry out user establishment, distributing user each operation system user type(That is operating right).Work as industry
For business system to during Subscriber Management System initiation certification ServiceTick requests, operation system can be anti-according to Subscriber Management System
The authentication response message of feedback, the user type of user is determined, and the operating right pipe of user is realized according to the user type of user
Reason.
Compare prior art, and in the present invention program, user type is by operation system only full dose transmission primaries, only business
When the user type configured in system changes, just need to transmit again.Reduce Subscriber Management System to look into operation system
Ask the number of the operating right of each user.During single-sign-on, Subscriber Management System is disposable by the operating right of user
Operation system is transferred to, each operation of user is directed to without operation system, repeats to inquire about Subscriber Management System, you can with basis
The operating right disposably received, the validity judgement of user's operation is carried out, reduces operation system to Subscriber Management System
Inquiry times.Thus, the present invention program reduces the interaction times between operation system and Subscriber Management System, improves use
The security of user data.
Meanwhile in the present invention program, system manager can realize the unification to user data by Subscriber Management System
Management operation, without carrying out the configuration management of user data in operation system, reduces the inconsistent risk of user data.
It should be understood by those skilled in the art that, embodiments herein can be provided as method, system or computer program
Product.Therefore, the application can use the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware
Apply the form of example.Moreover, the application can use the computer for wherein including computer usable program code in one or more
Usable storage medium(Including but not limited to magnetic disk storage, CD-ROM, optical memory etc.)The computer program production of upper implementation
The form of product.
The application is with reference to method, the equipment according to the embodiment of the present application(System)And the flow of computer program product
Figure and/or block diagram describe.It should be understood that can be by every first-class in computer program instructions implementation process figure and/or block diagram
Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided
The processors of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce
A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real
The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which produces, to be included referring to
Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or
The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted
Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, so as in computer or
The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in individual square frame or multiple square frames.
Although having been described for the preferred embodiment of the application, those skilled in the art once know basic creation
Property concept, then can make other change and modification to these embodiments.So appended claims be intended to be construed to include it is excellent
Select embodiment and fall into having altered and changing for the application scope.
Obviously, those skilled in the art can carry out the essence of various changes and modification without departing from the application to the application
God and scope.So, if these modifications and variations of the application belong to the scope of the application claim and its equivalent technologies
Within, then the application is also intended to comprising including these changes and modification.
Claims (9)
1. a kind of user management method, it is characterised in that methods described includes:
Subscriber Management System receives the authentication business system that operation system is sent and accesses label ServiceTick requests, described to recognize
ServiceTick information corresponding to the operation system is carried in card ServiceTick requests;
The Subscriber Management System is authenticated to the ServiceTick information, and is recognized to the ServiceTick information
When card passes through, to the operation system return authentication response message, user's mark is carried in the authentication response message and is used
Family type, the user are identified as user corresponding to the ServiceTick information and identified, and the user type is the user
In all user types that management system is sent in advance from the operation system, user corresponding to the user that determines mark
Type;
Wherein, operation system operating right according to corresponding to the user type, it is determined that identifying what is represented to the user
The response results for the Operational Visit request that user sends.
2. the method as described in claim 1, it is characterised in that Subscriber Management System receives the authentication business that operation system is sent
Before system accesses label ServiceTick request, methods described also includes:
The Subscriber Management System receives the certification temporary text files Cookie that user is sent by browser and asked, described to recognize
Cookie information is carried in card Cookie requests;
The Subscriber Management System is it is determined that user account information corresponding to the cookie information is not present or the Cookie
When user account information is invalid corresponding to information, login page is returned to the browser, asks the user to input user's account
Family information;The Subscriber Management System is the industry when it is determined that user account information corresponding to the cookie information is effective
Business system distributes the ServiceTick information, and returns to the ServiceTick information and described to the browser
Cookie information, wherein, the browser carries the ServiceTick information and is redirected to the operation system.
3. a kind of user management method, it is characterised in that methods described includes:
Operation system receives the Operational Visit that user is sent by browser and asked;
The operation system is according to operating right, it is determined that the response results asked the Operational Visit that the user sends, described
Operating right is operation system user type according to corresponding to the predetermined user, the corresponding operation determined
Authority;
Wherein, the user type determines in the following manner:
The operation system sends authentication business system to Subscriber Management System and accesses label ServiceTick requests, described to recognize
ServiceTick information corresponding to the operation system is carried in card ServiceTick requests;Receive the Subscriber Management System
The authentication response message of transmission, the user's mark and user type of the user are carried in the authentication response message, it is described
User type is that determines is described in all user types that the Subscriber Management System is sent in advance from the operation system
User type corresponding to user's mark.
4. method as claimed in claim 3, it is characterised in that the operation system sends authentication business to Subscriber Management System
Before system accesses label ServiceTick requests, methods described also includes:
The operation system receives the operation system access request that the user is sent by browser;
Then, the operation system sends authentication business system to Subscriber Management System and accesses label ServiceTick requests, specifically
Including:
The operation system judges whether carry ServiceTick information in the operation system access request:
When it is determined that carrying ServiceTick information in the operation system access request, certification is sent to Subscriber Management System
ServiceTick is asked;
When it is determined that not carrying ServiceTick information in the operation system access request, the browser is redirected to;
Wherein, the browser sends certification temporary text files Cookie requests, the certification to the Subscriber Management System
Cookie information is carried in Cookie requests;The Subscriber Management System is it is determined that user account corresponding to the cookie information
Information be not present or the cookie information corresponding to user account information it is invalid when, to the browser return login page,
The user is asked to input user account information;The Subscriber Management System is it is determined that user's account corresponding to the cookie information
When family information is effective, the ServiceTick information is distributed for the operation system, and to described in browser return
ServiceTick information and the cookie information, the browser carrying ServiceTick information are redirected to described
Operation system.
5. a kind of user management device, it is characterised in that described device includes:
Receiving module, the authentication business system for receiving operation system transmission accesses label ServiceTick requests, described to recognize
ServiceTick information corresponding to the operation system is carried in card ServiceTick requests;
Authentication module, for being authenticated to the ServiceTick information, and to the ServiceTick authentification of messages
By when, user's mark and user are carried to the operation system return authentication response message, in the authentication response message
Type, the user are identified as user corresponding to the ServiceTick information and identified, and the user type is from the business
In all user types that system is sent in advance, user type corresponding to the user that determines mark;Wherein, the business
System operating right according to corresponding to the user type, it is determined that identifying the Operational Visit that the user represented sends to the user
The response results of request.
6. device as claimed in claim 5, it is characterised in that the receiving module, be additionally operable to reception user and pass through browser
The certification temporary text files Cookie requests of transmission, cookie information is carried in the certification Cookie requests;
The authentication module, it is additionally operable to it is determined that user account information corresponding to the cookie information is not present or described
When user account information is invalid corresponding to cookie information, login page is returned to the browser, asks the user to input
User account information;When it is determined that user account information corresponding to the cookie information is effective, distributed for the operation system
The ServiceTick information, and the ServiceTick information and the cookie information are returned to the browser, its
In, the browser carries the ServiceTick information and is redirected to the operation system.
7. a kind of user management device, it is characterised in that described device includes:
Determining module, label ServiceTick requests are accessed for sending authentication business system to Subscriber Management System, it is described to recognize
Demonstrate,prove in ServiceTick requests and carry ServiceTick information corresponding to operation system;The Subscriber Management System is received to send
Authentication response message, the user's mark and user type of the user, the user are carried in the authentication response message
Type is the user determined in all user types that the Subscriber Management System is sent in advance from the operation system
User type corresponding to mark;
Receiving module, asked for receiving the Operational Visit that user is sent by browser;
Respond module, for according to operating right, it is determined that the response results asked the Operational Visit that the user sends, described
Operating right is the user type received according to the determining module, the corresponding operating right determined.
8. device as claimed in claim 7, it is characterised in that the receiving module, be additionally operable to receive the user pass through it is clear
The operation system access request that device of looking at is sent;
The determining module, specifically for judging whether carry ServiceTick information in the operation system access request:
When it is determined that carrying ServiceTick information in the operation system access request, certification is sent to Subscriber Management System
ServiceTick is asked;
When it is determined that not carrying ServiceTick information in the operation system access request, the browser is redirected to;
Wherein, the browser sends certification temporary text files Cookie requests, the certification to the Subscriber Management System
Cookie information is carried in Cookie requests;The Subscriber Management System is it is determined that user account corresponding to the cookie information
Information be not present or the cookie information corresponding to user account information it is invalid when, to the browser return login page,
The user is asked to input user account information;The Subscriber Management System is it is determined that user's account corresponding to the cookie information
When family information is effective, the ServiceTick information is distributed for the operation system, and to described in browser return
ServiceTick information and the cookie information, the browser carrying ServiceTick information are redirected to described
Operation system.
9. a kind of Union user management system, it is characterised in that the system includes Subscriber Management System and at least one business
System, wherein:
The operation system, please for sending authentication business system access label ServiceTick to the Subscriber Management System
Ask, ServiceTick information corresponding to the operation system is carried in the certification ServiceTick requests;According to receiving
User type corresponding to operating right, it is determined that identifying what the Operational Visit that the user represented sends was asked to the user that receives
Response results;
The Subscriber Management System, for being authenticated to the ServiceTick information, and to the ServiceTick
Authentification of message by when, to the operation system return authentication response message for sending the ServiceTick information, the certification rings
Carrying user mark and user type, the user in message is answered to be identified as user corresponding to the ServiceTick information
Mark, the user type are that the Subscriber Management System is sent out in advance from the operation system for sending the ServiceTick information
In all user types sent, user type corresponding to the user that determines mark.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310085024.7A CN104065612B (en) | 2013-03-18 | 2013-03-18 | A kind of user management method, device and Union user management system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310085024.7A CN104065612B (en) | 2013-03-18 | 2013-03-18 | A kind of user management method, device and Union user management system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104065612A CN104065612A (en) | 2014-09-24 |
| CN104065612B true CN104065612B (en) | 2017-11-14 |
Family
ID=51553145
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310085024.7A Active CN104065612B (en) | 2013-03-18 | 2013-03-18 | A kind of user management method, device and Union user management system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104065612B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107832592B (en) * | 2017-10-30 | 2020-11-10 | 北京小米移动软件有限公司 | Authority management method, device and storage medium |
| CN111142926B (en) * | 2019-12-26 | 2022-08-26 | 新华三大数据技术有限公司 | Multi-system management method and device |
| CN113225296B (en) * | 2020-01-21 | 2022-11-11 | 华为技术有限公司 | Authority management method and device |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2007310512A (en) * | 2006-05-16 | 2007-11-29 | Mitsubishi Electric Corp | Communication system, service providing server, and user authentication server |
| CN101477596A (en) * | 2009-02-02 | 2009-07-08 | 中国网络通信集团公司 | Medical data center system |
| CN101588241A (en) * | 2008-05-20 | 2009-11-25 | 中兴通讯股份有限公司 | Web network single login system and Web network single login method |
| CN102420836A (en) * | 2012-01-12 | 2012-04-18 | 中国电子科技集团公司第十五研究所 | Sign-on method and sign-on management system for service information system |
| CN102469075A (en) * | 2010-11-09 | 2012-05-23 | 中科正阳信息安全技术有限公司 | Integration authentication method based on WEB single sign on |
| CN102946603A (en) * | 2012-10-31 | 2013-02-27 | 重庆市电力公司 | Uniform identity authentication method based on social characteristics in power cloud system |
-
2013
- 2013-03-18 CN CN201310085024.7A patent/CN104065612B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2007310512A (en) * | 2006-05-16 | 2007-11-29 | Mitsubishi Electric Corp | Communication system, service providing server, and user authentication server |
| CN101588241A (en) * | 2008-05-20 | 2009-11-25 | 中兴通讯股份有限公司 | Web network single login system and Web network single login method |
| CN101477596A (en) * | 2009-02-02 | 2009-07-08 | 中国网络通信集团公司 | Medical data center system |
| CN102469075A (en) * | 2010-11-09 | 2012-05-23 | 中科正阳信息安全技术有限公司 | Integration authentication method based on WEB single sign on |
| CN102420836A (en) * | 2012-01-12 | 2012-04-18 | 中国电子科技集团公司第十五研究所 | Sign-on method and sign-on management system for service information system |
| CN102946603A (en) * | 2012-10-31 | 2013-02-27 | 重庆市电力公司 | Uniform identity authentication method based on social characteristics in power cloud system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104065612A (en) | 2014-09-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9021570B2 (en) | System, control method therefor, service providing apparatus, relay apparatus and computer-readable medium | |
| EP3316544B1 (en) | Token generation and authentication method, and authentication server | |
| CN103428179B (en) | A kind of log in the method for many domain names website, system and device | |
| CN102171984B (en) | Service provider access | |
| CN104580364B (en) | A kind of method and apparatus of resource sharing | |
| US9584615B2 (en) | Redirecting access requests to an authorized server system for a cloud service | |
| CN106713271A (en) | Web system log in constraint method based on single sign-on | |
| US20140041002A1 (en) | Secure Access Method, Apparatus And System For Cloud Computing | |
| CN110740121B (en) | Resource subscription system and method | |
| US11012233B1 (en) | Method for providing authentication service by using decentralized identity and server using the same | |
| CN105554098A (en) | Device configuration method, server and system | |
| CN108200155A (en) | The mirror image synchronization method in Docker mirror images warehouse and mirror image synchronization system | |
| CN108259437A (en) | A kind of http access methods, http-server and system | |
| CN111143814B (en) | Single sign-on method, micro-service access platform and storage medium | |
| CN108022100B (en) | Cross authentication system and method based on block chain technology | |
| KR20140035382A (en) | Method for allowing user access, client, server, and system | |
| CN105430012B (en) | A kind of multi-site synchronizes the method and device of login | |
| JP2014534515A5 (en) | ||
| CN107508822A (en) | Access control method and device | |
| CN108600234A (en) | A kind of auth method, device and mobile terminal | |
| CN113746719B (en) | Task information processing method and device, electronic equipment and storage medium | |
| CN104065612B (en) | A kind of user management method, device and Union user management system | |
| CN109962892A (en) | A kind of authentication method and client, server logging in application | |
| CN106209727A (en) | A kind of session access method and apparatus | |
| CN105959278B (en) | A kind of method, apparatus and system for calling VPN |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |