CN105306423A - Unified login method for distributed web station system - Google Patents

Unified login method for distributed web station system Download PDF

Info

Publication number
CN105306423A
CN105306423A CN 201410316024 CN201410316024A CN105306423A CN 105306423 A CN105306423 A CN 105306423A CN 201410316024 CN201410316024 CN 201410316024 CN 201410316024 A CN201410316024 A CN 201410316024A CN 105306423 A CN105306423 A CN 105306423A
Authority
CN
Grant status
Application
Patent type
Prior art keywords
login
security token
unified
system
web server
Prior art date
Application number
CN 201410316024
Other languages
Chinese (zh)
Inventor
王玉球
夏智
佟志臣
查骏
解楠
Original Assignee
中国银联股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Abstract

The invention provides a unified login method for a distributed web station system. The method comprises the following steps that a login component in a client browser constructs a login request based on login information input by a user and transmits the login request to one of a plurality of web server sub-systems belonging to one website system; the web server sub-system which receives the login request is taken as a master station to generate a seed key value and a security token, and then the seed key value and the security token are sent back to the login component in the client browser; and the login component in the client browser automatically executes login operations of other web server sub-systems except for the master station based on the security token in order to complete the unified login operation. The unified login method for the distributed web station system, which is disclosed by the invention, has the advantages of high login efficiency and good code reusability and maintenance.

Description

用于分布式web网站系统的统一登录方法 Unified login method for distributed web site system

技术领域 FIELD

[0001] 本发明涉及统一登录方法,更具体地,涉及用于分布式web网站系统的统一登录方法。 [0001] The present invention relates to a unified login method, and more particularly, relates to a method for distributed unified login system web site.

背景技术 Background technique

[0002]目前,随着基于网络的应用的日益广泛以及不同领域的业务种类的日益丰富,用于分布式web网站系统(即该网站的各个站点子系统分别位于不同于的物理服务器处)的登录方法变得越来越重要。 [0002] At present, (ie physical server at each site are located in the site's different from the subsystem) With the increasingly widespread and based on the type of business in different areas of the increasingly rich, web site system for distributed network applications Login method is becoming increasingly important.

[0003] 现有的技术方案以如下方式实现针对包含多个站点子系统的网站的登录过程:用户在需要访问位于不同于的物理服务器处的多个站点子系统时针对每个子系统均执行一次常规的登录操作。 [0003] Existing technical solution for the login process site includes a plurality of subsystems sites in the following manner: the user needs to access a physical server is on a different site when a plurality of subsystems are performed once for each subsystem normal login operation.

[0004] 然而,上述现有的技术方案存在下列问题:(1)由于用户需要频繁地登录多个子系统,故整个系统的登录效率较低;(2)由于每个子系统均需要部署和维护相互独立的登录组件以及相关联的加密算法,故导致代码复用性以及维护性较差。 [0004] However, the presence of the above-described prior art solutions the following problems: (1) Since a plurality of subsystems needs to log frequently, so that overall system efficiency is low log; (2) Since each sub-systems need to deploy and maintain mutual Log separate components and associated encryption algorithm, and therefore lead to code reusability is poor maintenance.

[0005] 因此,存在如下需求:提供具有高的登录效率以及良好的代码复用性和维护性的用于分布式web网站系统的统一登录方法。 [0005] Therefore, there is demand: providing a high efficiency and a good sign in the code reusability and maintainability of a unified login method for distributed web site system.

发明内容 SUMMARY

[0006] 为了解决上述现有技术方案所存在的问题,本发明提出了具有高的登录效率以及良好的代码复用性和维护性的用于分布式web网站系统的统一登录方法。 [0006] In order to solve the above-described prior art solutions the problems, the present invention proposes a unified login login process has a high efficiency and good maintainability and reusability of code for a distributed system web site.

[0007] 本发明的目的是通过以下技术方案实现的: [0007] The object of the present invention is achieved by the following technical solution:

一种用于分布式web网站系统的统一登录方法,所述用于分布式web网站系统的统一登录方法包括下列步骤: A distributed method unified login system for web sites, the web site for a distributed system of unified login method comprises the following steps:

(Al)客户端浏览器中的登录组件基于用户输入的登录信息构建登录请求,并将所述登录请求传送到属于同一网站系统的多个web服务器子系统中的一个; (Al) in the client browser constructs assembly login login request based on the login information input by the user, and the login request is transmitted to a site belonging to the same web server system, a plurality of subsystems;

(A2)接收到所述登录请求的web服务器子系统作为主站基于所述登录信息认证所述用户的身份,并且如果身份认证通过,则随之基于预定算法生成种子键值以及基于所述种子键值生成安全令牌,以及随之将所述种子键值以及安全令牌传送回所述客户端浏览器中的登录组件; (A2) receiving a login request to the web server as a master station subsystem based on the login information to authenticate the user's identity, and if the authentication is passed, along with the seed based on a predetermined algorithm to generate the key value, and based on seeds key to generate a security token, and subsequently the seed key and the security token sent back to the client browser to log components;

(A3)所述客户端浏览器中的登录组件将所述种子键值存储在与所述主站相关联的cookie中并基于所述安全令牌自动地执行针对除所述主站外的其它web服务器子系统的登录操作以完成统一登录操作。 (A3) the client browser login automatically perform assembly and the seed key stored in a cookie associated with the master station in the security token based on other than said master station for the outer web server subsystem log in to finish the unified login.

[0008] 在上面所公开的方案中,优选地,所述主站以如下方式生成所述安全令牌:将安全令牌生成时间和所述种子键值作为要素进行MD5形式的加密。 [0008] In the embodiment disclosed above, preferably, said master station in such a manner to generate the security token: security token generation time and the seed of encryption key values ​​as elements in the form of MD5.

[0009] 在上面所公开的方案中,优选地,所述步骤(A2)进一步包括:所述主站将所生成的种子键值以及安全令牌存储在所述网站系统的安全信息数据库中。 [0009] In the above disclosed embodiment, preferably, the step (A2) further comprises: the master station transmits the generated seed key stored in the security token and the security information database of the website system.

[0010] 在上面所公开的方案中,优选地,所述客户端浏览器中的登录组件以如下方式完成所述统一登录操作: [0010] In the above disclosed embodiment, preferably, the client browser login complete the assembly in such a manner unified login operation:

分别针对每个除所述主站外的其它Web服务器子系统执行如下操作: Each subsystem performs the following operations for each of the other Web server in addition to the master station:

(BI)构造联合登录请求,并将所述联合登录请求发送到该web服务器子系统,其中,所述联合登录请求包含所述安全令牌; (BI) configured joint registration request, and transmits the login request to the combined web server subsystems, wherein the login request comprises the combined security token;

(B2)该web服务器子系统解密并分析所述安全令牌以获取安全令牌生成时间和种子键值,并随之进行时间有效性验证,如果时间有效性验证结果是“验证通过”,则进入步骤(B3); (B2) of the web server subsystem to decrypt and analyze the security token to obtain the security token key generation seed and the time, and subsequently perform validation time, if the time validation result is "validated", is proceeds to step (B3);

(B3)将所获得的安全令牌生成时间和种子键值作为要素进行MD5形式的加密以生成验证安全令牌,随之进入步骤(B4),其中,本次MD5形式的加密操作的算法与初始生成所述安全令牌时所采用的算法相同; (B3) The obtained security token generation time, and for seed key MD5 form of encryption as authentication element to generate a security token, followed proceeds to step (B4), wherein the MD5 algorithm of this form of the cryptographic operations the initial produce the same algorithm used by the security token;

(B4)从所述安全信息数据库中获取所述安全令牌,并将所生成的验证安全令牌与所述安全令牌相比较,如果两者一致,则确定所接收到的安全令牌有效,并随之将解析出的种子键值传送回所述客户端浏览器中的登录组件,否则,本次登录操作失败。 (B4) acquiring the security token from the security information database, the generated authentication security token is compared with the security token, if they match, it is determined that the received security token is valid , and subsequently to parse out the key seeds sent back to the client browser to log components, otherwise, the login operation fails.

[0011] 在上面所公开的方案中,优选地,web服务器子系统以如下方式进行时间有效性验证:(I)判断T2-T1的值是否小于30秒,其中T2是当前系统时间,Tl是从安全令牌解析出的安全令牌生成时间;(2)如果T2-T1的值小于30秒,则时间有效性验证的结果是“验证通过”,否则,时间有效性验证的结果是“验证未通过”。 [0011] In the above disclosed embodiment, preferably, web server subsystem validation time in the following manner: (I) determining whether the value of T2-T1 is less than 30 seconds, where T2 is the current system time, Tl is parsing the security token from the security token generation time; (2) If the value of T2-T1 is less than 30 seconds, the time validity verification result is "validated", otherwise, the time of validation result is "verification Did not pass".

[0012] 在上面所公开的方案中,优选地,所述步骤(B4)进一步包括:如果时间有效性验证的结果是“验证通过”并且本次登录操作失败,则重新发起针对该web服务器子系统的统一登录操作。 [0012] In the above disclosed embodiment, preferably, the step (B4) further comprises: if the time validity verification result is "verified" and log this operation fails, then re-initiate the server for the sub-web unified login operating system.

[0013] 在上面所公开的方案中,优选地,在接收到除所述主站外的任何一个web服务器子系统传送回的种子键值后,所述客户端浏览器中的登录组件将该种子键值存储在与该web服务器子系统相关联的cookie中。 [0013] In the above disclosed embodiment, preferably, upon receiving the seed key in addition to any of said master station transmits back to the web server subsystem, the client browser in the log component seed key stored in the web server subsystem and associated cookie.

[0014] 在上面所公开的方案中,优选地,在所述统一登录操作完成后,当所述客户端浏览器基于用户指令向所述多个web服务器子系统中的任一个发送数据交互请求时,所述数据交互请求包含与该web服务器子系统相关联的cookie中所存储的种子键值,并且该web服务器子系统随之基于该种子键值获取相关的用户信息以完成的后续的数据交互过程。 [0014] In the above disclosed embodiment, preferably, after completion of the uniform login operation, when the client browser to transmit data to any of said plurality of interactive web server subsystems based on a user instruction request when the data exchange with the key request includes seed subsystem web server associated with a cookie stored, and the web server sub-key based on the seed followed by subsequent data acquisition related to the user information to complete the interactive process.

[0015] 在上面所公开的方案中,优选地,所述登录组件具有嵌入其中的web服务器子系统的代理,以对上层屏蔽跨域操作。 [0015] In the above disclosed embodiment, preferably, the assembly having a proxy web server log subsystem embedded therein, in order to shield operations on the upper cross-domain.

[0016] 本发明所公开的用于分布式web网站系统的统一登录方法具有如下优点:(1)由于用户无需频繁地登录多个子系统,故整个系统的登录效率较高;(2)由于每个子系统不需要部署和维护相互独立的登录组件,故整个系统的代码复用性以及维护性较高。 [0016] The present invention disclosed a method for distributed unified login web site system has the following advantages: (1) Since a plurality of subsystems without having to log the user frequently, so the higher the efficiency of the system log; (2) since each subsystems need to deploy and maintain independent logon component, so the code reusability and maintainability of the system is high.

附图说明 BRIEF DESCRIPTION

[0017] 结合附图,本发明的技术特征以及优点将会被本领域技术人员更好地理解,其中: [0017] conjunction with the accompanying drawings, technical features and advantages of the present invention will be better understood by those skilled in the art, wherein:

图1是根据本发明的实施例的用于分布式Web网站系统的统一登录方法的流程图。 FIG 1 is a flowchart of a method for unified login distributed Web site system embodiment of the present invention.

具体实施方式 detailed description

[0018] 图1是根据本发明的实施例的用于分布式web网站系统的统一登录方法的流程图。 [0018] FIG. 1 is an embodiment of a distributed embodiment of the present invention is a method flowchart of unified login web site system. 如图1所示,本发明所公开的用于分布式web网站系统的统一登录方法包括下列步骤:(Al)客户端浏览器中的登录组件基于用户输入的登录信息构建登录请求,并将所述登录请求传送到属于同一网站系统的多个web服务器子系统(各个web服务器子系统提供不同的web服务)中的一个;(A2)接收到所述登录请求的web服务器子系统作为主站基于所述登录信息认证所述用户的身份,并且如果身份认证通过,则随之基于预定算法生成种子键值(seed-key)以及基于所述种子键值生成安全令牌,以及随之将所述种子键值以及安全令牌传送回所述客户端浏览器中的登录组件;(A3)所述客户端浏览器中的登录组件将所述种子键值存储在与所述主站相关联的cookie中并基于所述安全令牌自动地执行针对除所述主站外的其它web服务器子系统的登录操作以完成统一登录操作。 As shown, a distributed system web site unified login methods disclosed for the present invention comprises the steps of 1: (Al) a client browser constructs assembly login login request based on the login information input by the user, and the said registration request is transmitted to the site belonging to the same sub-system, a plurality of web servers (web server subsystems each providing different web service) of a; (A2) receiving the login request to a web server based on the master station subsystem the login authentication information to authenticate the user, and if the authentication is passed, along with the seed generating algorithm based on a predetermined key (seed-key) and the security token generated based on a seed key, and the consequent seed key and a security token back to said client browser login assembly; (A3) the client browser cookie log in assembly with the seed value store associated with said master station and based on the security token is performed automatically for the other subsystems in addition to the web server log-in operation to the main station to complete a unified login operation.

[0019] 优选地,在本发明所公开的用于分布式web网站系统的统一登录方法中,所述登录信息包括用户名和密码。 [0019] Preferably, in a unified login methods disclosed for the present invention a distributed system web site, the login information comprises a user name and password.

[0020] 优选地,在本发明所公开的用于分布式web网站系统的统一登录方法中,所述种子键值是具有唯一性的特定的字符串。 [0020] Preferably, in the present invention is disclosed a method of distributed web site unified login system, the seed key is specific to a unique string.

[0021] 优选地,在本发明所公开的用于分布式web网站系统的统一登录方法中,所述主站以如下方式生成所述安全令牌:将安全令牌生成时间(即生成安全令牌时的系统当前时间)和所述种子键值作为要素进行MD5形式的加密。 [0021] Preferably, in the method of uniform distributed web site login the system disclosed in the present invention, said master station in such a manner to generate the security token: security token generation time (i.e., generating a security command when the current time card system) and the seed of encryption key values ​​as elements in the form of MD5.

[0022] 优选地,在本发明所公开的用于分布式web网站系统的统一登录方法中,所述步骤(A2)进一步包括:所述主站将所生成的种子键值以及安全令牌存储在所述网站系统的安全信息数据库中,其中,将所述种子键值的值作为与其相关联的安全令牌的数据库查询主键。 [0022] Preferably, in the method of uniform distributed web site login the system disclosed in the present invention, the step (A2) further comprises: the master station transmits the generated key and the security token seed storage in the site information database security system, wherein the security token as a seed value key database query associated with a primary key.

[0023] 优选地,在本发明所公开的用于分布式web网站系统的统一登录方法中,所述客户端浏览器中的登录组件以如下方式完成所述统一登录操作:分别针对每个除所述主站外的其它web服务器子系统执行如下操作:(BI)构造联合登录请求,并将所述联合登录请求发送到该web服务器子系统,其中,所述联合登录请求包含所述安全令牌;(B2)该web服务器子系统解密并分析所述安全令牌以获取安全令牌生成时间和种子键值,并随之进行时间有效性验证,如果时间有效性验证结果是“验证通过”,则进入步骤(B3); (B3)将所获得的安全令牌生成时间和种子键值作为要素进行MD5形式的加密以生成验证安全令牌,随之进入步骤(B4),其中,本次MD5形式的加密操作的算法与初始生成所述安全令牌时所采用的算法相同;(B4)从所述安全信息数据库中获取所述安全令牌,并将所生成 [0023] Preferably, in the present invention is disclosed a method for distributed unified login web site system, the client browser login complete the assembly in such a manner unified login operation: one for each other the other web server outside the master subsystem performs the following operations: (BI) configured joint registration request, and transmits the login request to the combined web server subsystems, wherein the login request comprises the combined safety order cards; (B2) of the web server subsystem to decrypt and analyze the security token to obtain the security token key generation seed and the time, and subsequently perform validation time, if the time validation result is "verified" , the process proceeds to step (B3); (B3) the obtained security token generation time, and for seed key MD5 form of encryption as authentication element to generate a security token, followed proceeds to step (B4), wherein this the same algorithm to generate the initial algorithm used in the security token in the form of MD5 cryptographic operations; (B4) acquiring the security token from the security information database, and the generated 验证安全令牌与所述安全令牌相比较,如果两者一致(即安全令牌未被篡改),则确定所接收到的安全令牌有效,并随之将解析出的种子键值传送回所述客户端浏览器中的登录组件,否则(即安全令牌被篡改),本次登录操作失败。 Comparing the security token verification with the security token, if they match (i.e., the security token is not tampered), it is determined that the received security token is valid, and subsequently the seed key transmits the parsed back the client browser login assembly, otherwise (i.e., the security token has been tampered with), this login operation fails.

[0024] 优选地,在本发明所公开的用于分布式web网站系统的统一登录方法中,web服务器子系统以如下方式进行时间有效性验证:(I)判断T2-T1的值是否小于30秒,其中T2是当前系统时间,Tl是从安全令牌解析出的安全令牌生成时间;(2)如果T2-T1的值小于30秒,则时间有效性验证的结果是“验证通过”,否则,时间有效性验证的结果是“验证未通过”。 [0024] Preferably, in the method of uniform distributed web site login the system disclosed in the present invention, web server subsystem validation time in the following manner: T1 T2-value (I) is determined is smaller than 30 seconds, where T2 is the current system time, Tl is parsed security token from the security token generation time; (2) if the value of T2-T1 is less than 30 seconds, the time validity verification result is "verified" otherwise, the time of validation result is "not pass the authentication."

[0025] 优选地,在本发明所公开的用于分布式web网站系统的统一登录方法中,所述步骤(B4)进一步包括:如果时间有效性验证的结果是“验证通过”并且本次登录操作失败,则重新发起针对该web服务器子系统的统一登录操作。 [0025] Preferably, in the method of uniform distributed web site login the system disclosed in the present invention, the step (B4) further comprises: if the time validity verification result is "verified" and this sign the operation fails, then re-initiate a unified sign-on operation for the web server subsystem.

[0026] 优选地,在本发明所公开的用于分布式web网站系统的统一登录方法中,在接收到除所述主站外的任何一个web服务器子系统传送回的种子键值后,所述客户端浏览器中的登录组件将该种子键值存储在与该web服务器子系统相关联的cookie中。 [0026] Preferably, in the present invention is disclosed unified login method of distributed web site system, upon receiving the seed key in addition to any of said master station transmits back to the web server subsystem, the said client browser to log key components of the seed storage subsystem in a cookie associated with the web server.

[0027] 优选地,在本发明所公开的用于分布式web网站系统的统一登录方法中,在所述统一登录操作完成后,当所述客户端浏览器基于用户指令向所述多个web服务器子系统中的任一个发送数据交互请求时,所述数据交互请求包含与该web服务器子系统相关联的cookie中所存储的种子键值,并且该web服务器子系统随之基于该种子键值获取相关的用户信息以完成的后续的数据交互过程(即该web服务器子系统基于该种子键值确定此用户已登录而无须再次登录,并基于该种子键值获取相关的用户信息)。 [0027] Preferably, in the present invention is disclosed unified login method of distributed web site system, after completion of the uniform login operation, when the client browser based on a user instruction to the plurality of web when any of the server subsystem transmits a request for data exchange, the data exchange with the key request includes seed subsystem web server associated with a cookie stored, and the web server sub-key based on the seed will access to relevant user information to complete follow-up data interaction processes (that is, the web server subsystem based on the seed key determine if this user is logged without having to log in again, and based on the seed key access to relevant user information).

[0028] 优选地,在本发明所公开的用于分布式web网站系统的统一登录方法中,所述登录组件具有嵌入其中的web服务器子系统的代理,以对上层屏蔽跨域操作。 [0028] Preferably, in the present invention is disclosed a method of distributed web site unified login system, said assembly having a proxy web server logon subsystem embedded therein, in order to shield the upper cross-domain operations.

[0029] 由上可见,本发明所公开的用于分布式web网站系统的统一登录方法具有下列优点:(1)由于用户无需频繁地登录多个子系统,故整个系统的登录效率较高;(2)由于每个子系统不需要部署和维护相互独立的登录组件,故整个系统的代码复用性以及维护性较闻。 [0029] seen from the above, the present invention is disclosed a method for distributed unified login web site system has the following advantages: (1) Since a plurality of subsystems without having to log the user frequently, so the higher the efficiency of the system log; ( 2) Since each subsystem is not required to deploy and maintain independent logon component, so the code reusability and maintainability of the overall system than smell.

[0030] 尽管本发明是通过上述的优选实施方式进行描述的,但是其实现形式并不局限于上述的实施方式。 [0030] Although the present invention has been described by the above-described preferred embodiment, but its implementation is not limited to the form of the above embodiment. 应该认识到:在不脱离本发明主旨和范围的情况下,本领域技术人员可以对本发明做出不同的变化和修改。 It should be appreciated that: made without departing from the spirit and scope of the invention, those skilled in the art can make various changes and modifications of the present invention.

Claims (9)

  1. 1.一种用于分布式web网站系统的统一登录方法,所述用于分布式web网站系统的统一登录方法包括下列步骤: (Al)客户端浏览器中的登录组件基于用户输入的登录信息构建登录请求,并将所述登录请求传送到属于同一网站系统的多个web服务器子系统中的一个; (A2)接收到所述登录请求的web服务器子系统作为主站基于所述登录信息认证所述用户的身份,并且如果身份认证通过,则随之基于预定算法生成种子键值以及基于所述种子键值生成安全令牌,以及随之将所述种子键值以及安全令牌传送回所述客户端浏览器中的登录组件; (A3)所述客户端浏览器中的登录组件将所述种子键值存储在与所述主站相关联的cookie中并基于所述安全令牌自动地执行针对除所述主站外的其它web服务器子系统的登录操作以完成统一登录操作。 A method of distributed web site unified login system, a method for unified login web sites distributed system comprising the steps of: login information input by the user (Al) in the client browser component based login the plurality of web servers subsystems registration request, and the login request is transmitted to the system belonging to the same site in; (A2) receiving a login request to the web server as a master station subsystem based on the login authentication information identity of the user, and if the authentication is passed, along with a seed based on a predetermined key generation algorithm and the seed key to generate a security token, along with the seed and key value, and transmitted back to the security token is based said client browser login assembly; (A3) the client browser login key component of the seed stored in a cookie with the main station associated with the security token based on automatically in addition to performing said master station for other web server subsystems to complete the log-in operation unified login operation.
  2. 2.根据权利要求1所述的用于分布式web网站系统的统一登录方法,其特征在于,所述主站以如下方式生成所述安全令牌:将安全令牌生成时间和所述种子键值作为要素进行MD5形式的加密。 Distributed according to the claim 1 method unified login web site system, wherein said master station generates the secure token in the following manner: the security token generation time and the seed key value is MD5 encrypted form as an element.
  3. 3.根据权利要求2所述的用于分布式web网站系统的统一登录方法,其特征在于,所述步骤(A2)进一步包括:所述主站将所生成的种子键值以及安全令牌存储在所述网站系统的安全信息数据库中。 Distributed according to the claim 2 web site login method unified system, wherein said step (A2) further comprises: the master station transmits the generated key and the security token seed storage in the database of the website security information system.
  4. 4.根据权利要求3所述的用于分布式web网站系统的统一登录方法,其特征在于,所述客户端浏览器中的登录组件以如下方式完成所述统一登录操作: 分别针对每个除所述主站外的其它web服务器子系统执行如下操作: (BI)构造联合登录请求,并将所述联合登录请求发送到该web服务器子系统,其中,所述联合登录请求包含所述安全令牌; (B2)该web服务器子系统解密并分析所述安全令牌以获取安全令牌生成时间和种子键值,并随之进行时间有效性验证,如果时间有效性验证结果是“验证通过”,则进入步骤(B3); (B3)将所获得的安全令牌生成时间和种子键值作为要素进行MD5形式的加密以生成验证安全令牌,随之进入步骤(B4),其中,本次MD5形式的加密操作的算法与初始生成所述安全令牌时所采用的算法相同; (B4)从所述安全信息数据库中获取所述安全令牌,并将所 Distributed according to the claim 3 web site login method unified system, wherein said client browser login complete the assembly in such a manner unified login operation: one for each other the other web server outside the master subsystem performs the following operations: (BI) configured joint registration request, and transmits the login request to the combined web server subsystems, wherein the login request comprises the combined safety order cards; (B2) of the web server subsystem to decrypt and analyze the security token to obtain the security token key generation seed and the time, and subsequently perform validation time, if the time validation result is "verified" , the process proceeds to step (B3); (B3) the obtained security token generation time, and for seed key MD5 form of encryption as authentication element to generate a security token, followed proceeds to step (B4), wherein this the same algorithm to generate the security token initially employed in the form of the same MD5 cryptographic operations; (B4) acquiring the security token from the security information database, and the 生成的验证安全令牌与所述安全令牌相比较,如果两者一致,则确定所接收到的安全令牌有效,并随之将解析出的种子键值传送回所述客户端浏览器中的登录组件,否则,本次登录操作失败。 Generated verification security token is compared with the security token, if they match, it is determined that the received security token is valid, and subsequently the seed key transmits the parsed back to the client browser login component, otherwise, the login operation fails.
  5. 5.根据权利要求4所述的用于分布式web网站系统的统一登录方法,其特征在于,web服务器子系统以如下方式进行时间有效性验证:(I)判断T2-T1的值是否小于30秒,其中T2是当前系统时间,Tl是从安全令牌解析出的安全令牌生成时间;(2)如果T2-T1的值小于30秒,则时间有效性验证的结果是“验证通过”,否则,时间有效性验证的结果是“验证未通过”。 Distributed according to claim 4, wherein the web site unified login system method, wherein, web server subsystem validation time in the following manner: T1 T2-value (I) is determined is smaller than 30 seconds, where T2 is the current system time, Tl is parsed security token from the security token generation time; (2) if the value of T2-T1 is less than 30 seconds, the time validity verification result is "verified" otherwise, the time of validation result is "not pass the authentication."
  6. 6.根据权利要求5所述的用于分布式web网站系统的统一登录方法,其特征在于,所述步骤(B4)进一步包括:如果时间有效性验证的结果是“验证通过”并且本次登录操作失败,则重新发起针对该web服务器子系统的统一登录操作。 If the present time and the sign validation result is "verified": according to claim 5, wherein the distributed web site login method unified system, wherein said step (B4) further comprises the operation fails, then re-initiate a unified sign-on operation for the web server subsystem.
  7. 7.根据权利要求6所述的用于分布式web网站系统的统一登录方法,其特征在于,在接收到除所述主站外的任何一个web服务器子系统传送回的种子键值后,所述客户端浏览器中的登录组件将该种子键值存储在与该web服务器子系统相关联的cookie中。 7. A distributed according to claim 6 unified login web site system method, wherein, after receiving the seed key in addition to any of said master station transmits back to the web server subsystem, the said client browser to log key components of the seed storage subsystem in a cookie associated with the web server.
  8. 8.根据权利要求7所述的用于分布式web网站系统的统一登录方法,其特征在于,在所述统一登录操作完成后,当所述客户端浏览器基于用户指令向所述多个web服务器子系统中的任一个发送数据交互请求时,所述数据交互请求包含与该web服务器子系统相关联的cookie中所存储的种子键值,并且该web服务器子系统随之基于该种子键值获取相关的用户信息以完成的后续的数据交互过程。 According to claim distributed according to the method. 7 unified login web site system, wherein, after said unified login operation is completed, when the client browser based on a user instruction to the plurality of web when any of the server subsystem transmits a request for data exchange, the data exchange with the key request includes seed subsystem web server associated with a cookie stored, and the web server sub-key based on the seed will obtaining user information related to data subsequent to completion of the interaction process.
  9. 9.根据权利要求8所述的用于分布式web网站系统的统一登录方法,其特征在于,所述登录组件具有嵌入其中的web服务器子系统的代理,以对上层屏蔽跨域操作。 According to claim. 8 according to the distributed method of unified login web site system, wherein said assembly has a proxy web server log subsystem embedded therein, in order to shield the upper cross-domain operations.
CN 201410316024 2014-07-04 2014-07-04 Unified login method for distributed web station system CN105306423A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 201410316024 CN105306423A (en) 2014-07-04 2014-07-04 Unified login method for distributed web station system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 201410316024 CN105306423A (en) 2014-07-04 2014-07-04 Unified login method for distributed web station system

Publications (1)

Publication Number Publication Date
CN105306423A true true CN105306423A (en) 2016-02-03

Family

ID=55203181

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 201410316024 CN105306423A (en) 2014-07-04 2014-07-04 Unified login method for distributed web station system

Country Status (1)

Country Link
CN (1) CN105306423A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107656949A (en) * 2016-12-23 2018-02-02 航天星图科技(北京)有限公司 Combined access method for distributed database

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2321738A2 (en) * 2008-07-28 2011-05-18 Sony Corporation Client device, information processing system and associated methodology of accessing networked sevices
CN102254031A (en) * 2011-08-03 2011-11-23 无锡浙潮科技有限公司 Batch processing request-based Microsoft SQL server database cluster
CN102404392A (en) * 2011-11-10 2012-04-04 山东浪潮齐鲁软件产业股份有限公司 Integration type registering method for web application or website
CN102469075A (en) * 2010-11-09 2012-05-23 中科正阳信息安全技术有限公司 Integration authentication method based on WEB single sign on
CN102624737A (en) * 2012-03-27 2012-08-01 北京天威诚信电子商务服务有限公司 Single sign-on integrated method for Form identity authentication in single login system
CN103473489A (en) * 2013-06-09 2013-12-25 洛阳鸿卓电子信息技术有限公司 Permission validation system and permission validation method for safety production comprehensive supervision

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2321738A2 (en) * 2008-07-28 2011-05-18 Sony Corporation Client device, information processing system and associated methodology of accessing networked sevices
CN102469075A (en) * 2010-11-09 2012-05-23 中科正阳信息安全技术有限公司 Integration authentication method based on WEB single sign on
CN102254031A (en) * 2011-08-03 2011-11-23 无锡浙潮科技有限公司 Batch processing request-based Microsoft SQL server database cluster
CN102404392A (en) * 2011-11-10 2012-04-04 山东浪潮齐鲁软件产业股份有限公司 Integration type registering method for web application or website
CN102624737A (en) * 2012-03-27 2012-08-01 北京天威诚信电子商务服务有限公司 Single sign-on integrated method for Form identity authentication in single login system
CN103473489A (en) * 2013-06-09 2013-12-25 洛阳鸿卓电子信息技术有限公司 Permission validation system and permission validation method for safety production comprehensive supervision

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107656949A (en) * 2016-12-23 2018-02-02 航天星图科技(北京)有限公司 Combined access method for distributed database

Similar Documents

Publication Publication Date Title
Neuman et al. Kerberos: An authentication service for computer networks
US6571339B1 (en) Use of a processor identification for authentication
US20130283362A1 (en) Authenticating user through web extension using token based authentication scheme
CN1469583A (en) Method of sharing subscriber confirming information in different application systems of internet
CN1832401A (en) Method for protecting safety of account number cipher
CN101877637A (en) Single sign-on method and single sign-on system
CN101043338A (en) Safety requirement based remote proving method and system thereof
CN101257489A (en) Method for protecting account number safety
CN102420692A (en) Safety authentication method and system of universal serial bus (USB) key of client terminal based on cloud computation
US20140337955A1 (en) Authentication and authorization with a bundled token
US20140082707A1 (en) Systems and methods for network connected authentication
CN102025716A (en) Method for updating seeds of dynamic password token
CN103259663A (en) User unified authentication method in cloud computing environment
CN103685311A (en) Log-in validation method and device
CN101252435A (en) Method for realizing dynamic password generation and judge on smart card
CN1921395A (en) Method and system for improving security of network software
US20140351589A1 (en) Performing client authentication using onetime values recovered from barcode graphics
US8627424B1 (en) Device bound OTP generation
US20060026421A1 (en) System and method for making accessible a set of services to users
US20080250248A1 (en) Identity Management System with an Untrusted Identity Provider
US20130275748A1 (en) Secure password-based authentication for cloud computing services
CN102682009A (en) Method and system for logging in webpage
US20150281225A1 (en) Techniques to operate a service with machine generated authentication tokens
CN103023876A (en) Network terminal, security certification and registration activation methods thereof and server
CN103295046A (en) Method and device for generating and using safe two-dimensional codes

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination