CN106254319B - Light application login control method and device - Google Patents
Light application login control method and device Download PDFInfo
- Publication number
- CN106254319B CN106254319B CN201610584288.0A CN201610584288A CN106254319B CN 106254319 B CN106254319 B CN 106254319B CN 201610584288 A CN201610584288 A CN 201610584288A CN 106254319 B CN106254319 B CN 106254319B
- Authority
- CN
- China
- Prior art keywords
- light application
- electronic certificate
- user
- local client
- login
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
Abstract
The invention provides a light application login control method and a light application login control device, wherein the method comprises the following steps: after receiving a first electronic certificate request message of a light application, sending a second electronic certificate request message to a platform server, wherein the second electronic certificate request message carries login identification information and an identifier of the light application; receiving a response message which carries the electronic certificate and is returned by the platform server; sending the electronic credential to the light application. By the technical scheme, potential safety hazards can be avoided, and the safety of light application information is ensured. And after the user logs in the local client, the user does not need to participate, and the user does not need to input information again, so that the user experience is improved, the user processing is simplified, and the user operation is simpler and more convenient.
Description
Technical Field
The invention relates to the technical field of communication, in particular to a light application login control method and device.
Background
LAPP (Light APP) is a full-function APP which needs no downloading and can be used for searching, has user experience comparable to local clients (also called local APP, Native APP), has the characteristics of being capable of being retrieved and intelligently distributed of webpage APP, and can effectively solve the problem of butt joint of high-quality application, high-quality service and user requirements. If a user needs to use the functions of the local client, such as a wechat client, a hundred-degree client, etc., needs to be downloaded and installed on the terminal device. In contrast, in order to implement the function of the light application, the light application client does not need to be downloaded and installed on the terminal device, and only a shortcut icon of the light application needs to be created on the interface of the local client, so that the user can conveniently access the light application through the shortcut icon. Such as the jingdong, dribble trip, subscription number, public number, etc. light applications within the wechat client.
At present, in order to improve user experience and simplify user processing, based on a single sign-on function, when a user logs in a local client, information such as a user name and a password needs to be input. After logging in to the local client, if the user accesses the light application within the local client, the user name and password do not need to be re-entered, but rather the light application within the local client is directly accessed. This facilitates user operation to a considerable extent, but also introduces the potential for information security runaway, which is even more prominent for enterprise-level application scenarios.
Disclosure of Invention
The invention provides a light application login control method, which is applied to a local client, wherein the local client is provided with a platform server for providing service for the local client at a far end, and the platform server also provides service for a light application server corresponding to the light application, and the method comprises the following steps:
after receiving a first electronic certificate request message of the light application through an application interface, sending a second electronic certificate request message to the platform server, wherein the second electronic certificate request message carries login identification information of a user on the local client and an identifier of the light application;
receiving a response message which carries the electronic certificate and is returned by the platform server;
and sending the electronic certificate to the light application through the application interface, wherein the electronic certificate is a basis for the light application server to determine that the user has the right to log in the light application.
The invention provides a light application login control method which is applied to a platform server, wherein the platform server is used for providing service for a local client, and the platform server also provides service for a light application server corresponding to a light application, and the method comprises the following steps:
receiving an electronic certificate request message from the local client, wherein the electronic certificate request message carries login identification information of a user on the local client and the identifier of the light application;
acquiring the login identification information and the identifier of the light application from the electronic certificate request message, and searching whether a corresponding record exists in a preset access control table;
if so, determining that the user has the login authority of the light application, and generating an electronic certificate for the user;
sending a first response message carrying the electronic certificate to the local client, and sending a second response message carrying the electronic certificate to the light application server; wherein the electronic credential is a basis for the light application server to determine that the user has the right to log in to the light application.
The invention provides a light application login control device, which is applied to a local client, wherein the local client is provided with a platform server for providing service for the local client at a far end, the platform server also provides service for a light application server corresponding to the light application, and the device specifically comprises:
the sending module is used for sending a second electronic certificate request message to the platform server after receiving a first electronic certificate request message of the light application through an application interface, wherein the second electronic certificate request message carries login identification information of a user on the local client and the identifier of the light application;
the receiving module is used for receiving a response message which is returned by the platform server and carries the electronic certificate;
the sending module is further configured to send the electronic credential to the light application through the application interface, where the electronic credential is a basis for the light application server to determine that the user has the right to log in the light application.
The invention provides a light application login control device, which is applied to a platform server, wherein the platform server is used for providing service for a local client, and the platform server also provides service for a light application server corresponding to the light application, and the device specifically comprises:
the receiving module is used for receiving an electronic certificate request message from a local client, wherein the electronic certificate request message carries login identification information of a user on the local client and the identification of the light application;
the query module is used for acquiring the login identification information and the identifier of the light application from the electronic certificate request message and searching whether a corresponding record exists in a preset access control table;
the generating module is used for determining that the user has the login authority of the light application when the access control table has a corresponding record, and generating an electronic certificate for the user;
the sending module is used for sending a first response message carrying the electronic certificate to the local client and sending a second response message carrying the electronic certificate to the light application server; the electronic credential is a basis for the light application server to determine that the user has the right to log in to the light application.
Based on the above technical solution, in the embodiment of the present invention, for light applications, the following requirements can be met: not all users logged into the local client can access the light application within the local client, but only certain users can access the light application. Therefore, potential safety hazards can be avoided, and the safety of light application information is guaranteed. And after the user logs in the local client, the user does not need to participate, and the user does not need to input information again, so that the user experience is improved, the user processing is simplified, and the user operation is simpler and more convenient.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments of the present invention or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present invention, and other drawings can be obtained by those skilled in the art according to the drawings.
FIG. 1 is a schematic diagram of an application scenario in an embodiment of the present invention;
FIG. 2 is a flow chart of a light application login control method in one embodiment of the present invention;
FIG. 3 is a flow chart of a light application login control method in another embodiment of the present invention;
FIG. 4 is a flow chart of a light application login control method in another embodiment of the present invention;
FIG. 5 is a hardware block diagram of a local client in one embodiment of the invention;
fig. 6 is a configuration diagram of a light application registration control apparatus in one embodiment of the present invention;
FIG. 7 is a hardware block diagram of a platform server in one embodiment of the invention;
fig. 8 is a block diagram of a light application registration control apparatus according to an embodiment of the present invention.
Detailed Description
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein is meant to encompass any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present invention. Depending on the context, moreover, the word "if" as used may be interpreted as "at … …" or "when … …" or "in response to a determination".
Aiming at the problems in the prior art, the embodiment of the invention provides a light application login control method which can be applied to a system comprising a local client, a platform server and a light application server, wherein the local client comprises one or more light applications. As shown in fig. 1, which is a schematic view of an application scenario of an embodiment of the present invention, a local client is installed on a terminal device (e.g., a mobile terminal, a PC (personal computer), a tablet computer, etc.), and a shortcut icon is created on an interface of the local client, through which a user can conveniently access a light application. In addition, the local client has a platform server for providing services for the local client at a remote end, and the platform server also provides services for a light application server corresponding to the light application. For example, the local client may be a WeChat client, the light application may be a Jingdong within the WeChat client, the platform server may be a WeChat server serving the WeChat client, and the light application server may be a Jingdong server.
In one example, the platform server and the light application server are logical servers, which may be located on the same physical server, or of course, on different physical servers. For example, company a develops a local client 1 and integrates the light application 1 of the company into the local client 1, so that the platform server and the light application server 1 corresponding to the light application 1 can be located on the same physical server. On this basis, the platform server and the light application server 1 can be regarded as two functional modules on the same physical server, and the interactive process of the platform server and the light application server 1 is the interactive process of the two functional modules. For another example, company a develops a local client 1, and integrates a light application 2 of company B into the local client 1, so that the platform server and the light application server 2 corresponding to the light application 2 are located on different physical servers. On this basis, the interaction process between the platform server and the light application server 2 is an interaction process between different physical servers, and is relatively a remote interaction required across a network.
Fig. 2 is a flowchart of a method for controlling login of a light application in one example.
And step 203, after receiving the login request, the light application server allows the user to access the light application, returns a login success page to the light application, and provides the service of the light application for the user. In subsequent processes, the user may access the services provided by the light application server.
In the above manner, all users logged into the local client can access the light application within the local client. However, as the types of light applications increase, for some light applications, there may be a need for: not all users logged into the local client are able to access the light application within the local client, but only certain users are able to access the light application. Obviously, the above method cannot meet the requirement, thereby causing potential safety hazard. For example, local client 1 contains light application 1 and light application 2, light application 1 contains company dynamic information that all users can access, but light application 2 contains company financial information that only specific users (e.g., accounting and leadership) can access. Obviously, in the above manner, the company staff can access the light application 2 after installing and logging in the local client 1, thereby causing the disclosure of financial information.
For the above discovery, for the light applications that can be accessed by all users, the process shown in fig. 2 is adopted for processing, and the processing process is not described again. For the light application which can be accessed only by a specific user, by adopting the technical scheme of the invention, the light application in the subsequent process refers to the light application which can be accessed only by the specific user.
In one example, for a light application that can be accessed only by a specific user (configured according to requirements) logged in to the local client, login identification information of the specific user can be configured on a light application server corresponding to the light application, and the login identification information includes user names such as user 1, user 2 and the like, which indicate that only user 1 and user 2 logged in to the local client can access the light application. The light application server may send a registration message to the platform server, where the registration message carries an identifier of the light application and login identification information of all users having a right to log in the light application (e.g., user 1, user 2, etc.). The platform server receives the registration message from the light application server and maintains the correspondence between the identification of the light application and the login identification information of all users in an access control table, as shown in table 1, which is an example of an access control table.
TABLE 1
| Identification of light applications | Login identification information |
| Light applications 1 | User 1, user 2 |
| Light applications 2 | User 10, user 11 |
The light application login control method provided in the embodiment of the present invention is applied to a local client, and as shown in fig. 3, on the basis that a user logs in to the local client, the method includes the following steps:
With respect to step 301, in one example, when a user needs to access a light application within a local client, the light application may receive a login request, and upon receiving the login request, instead of sending the login request to a light application server, a first electronic credential request message is sent to the local client through an application interface.
After receiving the first electronic certificate request message, the local client acquires the identifier of the light application and the login identification information of the user on the local client, generates a second electronic certificate request message containing the identifier of the light application and the login identification information, and sends the second electronic certificate request message to the platform server.
After receiving a second electronic certificate request message from the local client, the platform server obtains the login identification information of the user and the identifier of the light application from the second electronic certificate request message, and searches whether a corresponding record exists in an access control table (as shown in table 1). If yes, the platform server determines that the user has the login authority of the light application, generates an electronic certificate for the user, sends a first response message carrying the electronic certificate to the local client, and sends a second response message carrying the electronic certificate to the light application server. If not, the platform server determines that the user does not have the login authority of the light application, refuses to generate the electronic certificate for the user, and sends a third response message which does not carry the electronic certificate to the local client.
As described in the above process, the platform server maintains the access control table shown in table 1, based on which, the platform server can query the access control table by using the login identification information and the identifier of the light application, if there is a corresponding record, it indicates that the user has the login authority of the light application, and if there is no corresponding record, it indicates that the user does not have the login authority of the light application.
In the process of generating the electronic certificate for the user by the platform server, the specific form of the electronic certificate is not limited, and may be a character string composed of random numbers, characters, passwords, and the like.
For step 302, the local client may receive a response message returned by the platform server and carrying the electronic credential, or a response message not carrying the electronic credential. If a response message carrying the electronic voucher is received, step 303 is performed, i.e. the electronic voucher is sent to the light application via the application interface. And if the response message carrying no electronic certificate is received, displaying a login failure page on the local client, or sending the response message carrying no electronic certificate to the light application through the application interface.
In one example, after receiving the response message not carrying the electronic credential, the local client determines that the user is not allowed to access the light application, and displays a login failure page on the local client to inform the user that the user cannot access the light application. Based on the mode, the light application does not need to perform subsequent processing, so that the interaction between the local client and the light application can be reduced, and the interaction between the light application and the light application server can also be reduced.
In one example, if the local client sends the electronic credential to the light application, the light application may send a login request carrying the electronic credential to the light application server. And after receiving the login request, the light application server uses the locally stored electronic certificate (namely the electronic certificate sent by the platform server through the second response message) to verify whether the received electronic certificate is valid. In the verification process, if the locally stored electronic certificate is the same as the received electronic certificate, the light application server determines that the received electronic certificate is valid, allows the user to access the light application, returns a login success page to the light application, provides the service of the light application for the user, and in the subsequent process, the user can access the service provided by the light application server. If the locally stored electronic credentials are different from the received electronic credentials, the light application server determines that the received electronic credentials are invalid, does not allow the user to access the light application, and returns a login failure page to the light application to notify the user that the light application cannot be accessed.
In one example, if the local client sends a response message to the light application that does not carry the electronic credential, the light application may send a login request to the light application server that does not carry the electronic credential. After receiving the login request, the light application server does not allow the user to access the light application because the light application server does not carry the electronic certificate, and returns a login failure page to the light application to inform the user that the user cannot access the light application.
The reason why the electronic certificate is verified by the light application server is as follows: the user is prevented from forging the electronic certificate and logs in to the light application based on the forged electronic certificate, thereby ensuring the security of the light application.
In one example, the electronic voucher is a one-time electronic voucher, i.e., the electronic voucher is invalid after being used once. For example, the platform server deletes the electronic voucher after sending the electronic voucher to the local client and the light application server. And after the local client sends the electronic certificate to the light application, deleting the electronic certificate. The light application deletes the electronic voucher after sending the electronic voucher to the light application server. And after the light application server verifies whether the received electronic certificate is valid by using the locally stored electronic certificate, if the received electronic certificate is valid, deleting the locally stored electronic certificate.
In one example, the application interface includes a JavaScript interface. The local client can provide a JavaScript interface for all the light applications, and the interaction between the local client and the light applications is realized through the JavaScript interface. The local client may also provide a cordiva function for all the light applications, where the cordiva function provides a set of API (Application Programming Interface) related to the device, and through the set of API, the light Application may access native device functions, such as a camera and a microphone of the terminal device, and may obtain related data from the terminal device to execute the related functions.
Based on the above technical solution, in the embodiment of the present invention, for light applications, the following requirements can be met: not all users logged into the local client can access the light application within the local client, but only specific users can access the light application. Therefore, potential safety hazards can be avoided, and the safety of light application information is guaranteed. And after the user logs in the local client, the user does not need to participate, and the user does not need to input information again, so that the user experience is improved, the user processing is simplified, and the user operation is simpler and more convenient.
The light application login control method provided in the embodiment of the present invention may also be applied to a platform server, where the platform server is configured to provide a service for a local client and provide a service for a light application server corresponding to the light application, as shown in fig. 4, the method may include the following steps:
step 401, receiving an electronic credential request message from a local client, where the electronic credential request message carries login identification information of a user on the local client and an identifier of a light application.
Step 402, obtaining login identification information and a light application identifier from the electronic certificate request message, and searching whether a corresponding record exists in a preset access control table; if so, step 403 is performed.
Step 403, determining that the user has login authority of the light application, and generating an electronic certificate for the user.
The electronic certificate is the basis for the light application server to determine that the user has the authority of logging in the light application.
Step 404, sending the first response message carrying the electronic certificate to the local client, and sending the second response message carrying the electronic certificate to the light application server.
In one example, after the preset access control table is searched for whether a corresponding record exists, if not, it is determined that the user does not have the login authority of the light application, the generation of the electronic certificate for the user is rejected, and a third response message which does not carry the electronic certificate is sent to the local client.
Based on the above technical solution, in the embodiment of the present invention, for light applications, the following requirements can be met: not all users logged into the local client can access the light application within the local client, but only specific users can access the light application. Therefore, potential safety hazards can be avoided, and the safety of light application information is guaranteed. And after the user logs in the local client, the user does not need to participate, and the user does not need to input information again, so that the user experience is improved, the user processing is simplified, and the user operation is simpler and more convenient.
Based on the same inventive concept as the method, the embodiment of the invention also provides a light application login control device which is applied to the local client. The light application login control device can be realized by software, or can be realized by hardware or a combination of hardware and software. A logical device, implemented in software for example, is formed by a processor of a local client that reads corresponding computer program instructions from a non-volatile memory. From a hardware aspect, as shown in fig. 5, a hardware structure diagram of a local client where the light application login control device provided by the present invention is located is shown, except for the processor and the nonvolatile memory shown in fig. 5, the local client may further include other hardware, such as a forwarding chip, a network interface, and a memory, which are responsible for processing a packet; in terms of hardware structure, the local client may also be a distributed device, and may include multiple interface cards, so as to perform an extension of message processing at a hardware level.
As shown in fig. 6, a structure diagram of a light application login control device provided by the present invention is applied to a local client, where the local client has a platform server providing services for the local client at a remote end, and the platform server further provides services for a light application server corresponding to the light application, and the device specifically includes:
a sending module 11, configured to send a second electronic credential request message to the platform server after receiving a first electronic credential request message of the light application through an application interface, where the second electronic credential request message carries login identification information of a user on the local client and an identifier of the light application;
a receiving module 12, configured to receive a response message carrying an electronic certificate and returned by the platform server;
the sending module 11 is further configured to send the electronic credential to the light application through the application interface, where the electronic credential is a basis for the light application server to determine that the user has the right to log in the light application.
In an example, the sending module 11 is further configured to, after sending the second electronic credential request message to the platform server, if a response message returned by the platform server and not carrying an electronic credential is received, display a login failure page on the local client, or send the response message not carrying the electronic credential to the light application through the application interface.
The device further comprises (not shown in the figures): and the deleting module is used for deleting the electronic certificate after the sending module sends the electronic certificate to the light application through the application interface.
Based on the same inventive concept as the method, the embodiment of the invention also provides a light application login control device which is applied to the platform server. The light application login control device can be realized by software, or can be realized by hardware or a combination of hardware and software. Taking a software implementation as an example, as a logical device, the device is formed by reading a corresponding computer program instruction in a nonvolatile memory through a processor of a platform server where the device is located. From a hardware aspect, as shown in fig. 7, for a hardware structure diagram of a platform server where the light application login control device provided by the present invention is located, in addition to the processor and the nonvolatile memory shown in fig. 7, the platform server may further include other hardware, such as a forwarding chip, a network interface, and a memory, which are responsible for processing a packet; in terms of hardware structure, the platform server may also be a distributed device, and may include a plurality of interface cards, so as to perform an extension of message processing at a hardware level.
As shown in fig. 8, a structure diagram of a light application login control device provided by the present invention is applied to a platform server, where the platform server is configured to provide a service for a local client, and the platform server further provides a service for a light application server corresponding to the light application, and the device specifically includes:
a receiving module 21, configured to receive an electronic credential request message from a local client, where the electronic credential request message carries login identification information of a user on the local client and an identifier of the light application;
the query module 22 is configured to obtain the login identification information and the identifier of the light application from the electronic credential request message, and search a preset access control table for whether a corresponding record exists;
a generating module 23, configured to determine that the user has the login authority of the light application when there is a corresponding record in the access control table, and generate an electronic credential for the user;
a sending module 24, configured to send a first response message carrying the electronic credential to the local client, and send a second response message carrying the electronic credential to the light application server; the electronic credential is a basis for the light application server to determine that the user has the right to log in to the light application.
The generating module 23 is further configured to determine that the user does not have the login authority of the light application when there is no corresponding record in the access control table, and refuse to generate an electronic credential for the user;
the sending module 24 is further configured to send a third response message that does not carry the electronic credential to the local client.
The receiving module 21 is further configured to receive a registration message from the light application server, where the registration message carries an identifier of the light application and login identification information of all users having a right to log in the light application; and maintaining the corresponding relation between the identification of the light application and the login identification information of all the users in the access control table.
The device further comprises (not shown in the figures): and the deleting module is used for deleting the electronic certificate after the sending module sends the first response message carrying the electronic certificate to the local client and sends the second response message carrying the electronic certificate to the light application server.
Through the above description of the embodiments, those skilled in the art will clearly understand that the present invention may be implemented by software plus a necessary general hardware platform, and certainly may also be implemented by hardware, but in many cases, the former is a better embodiment. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute the methods according to the embodiments of the present invention. Those skilled in the art will appreciate that the drawings are merely schematic representations of one preferred embodiment and that the blocks or flow diagrams in the drawings are not necessarily required to practice the present invention.
Those skilled in the art will appreciate that the modules in the devices in the embodiments may be distributed in the devices in the embodiments according to the description of the embodiments, and may be correspondingly changed in one or more devices different from the embodiments. The modules of the above embodiments may be combined into one module, or further split into multiple sub-modules. The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
The above disclosure is only for a few specific embodiments of the present invention, but the present invention is not limited thereto, and any variations that can be made by those skilled in the art are intended to fall within the scope of the present invention.
Claims (14)
1. A light application login control method is applied to a local client, and is characterized in that the local client is provided with a platform server for providing services for the local client at a far end, and the platform server also provides services for a light application server corresponding to the light application, and the method comprises the following steps:
after receiving a first electronic certificate request message of the light application through an application interface, sending a second electronic certificate request message to the platform server, wherein the second electronic certificate request message carries login identification information of a user on the local client and an identifier of the light application; so that the platform server searches whether a record corresponding to the login identification information and the light application identifier exists in a preset access control table; if so, determining that the user has the login authority of the light application, and generating an electronic certificate for the user;
receiving a response message which carries the electronic certificate and is returned by the platform server;
and sending the electronic certificate to the light application through the application interface, wherein the electronic certificate is a basis for the light application server to determine that the user has the right to log in the light application.
2. The method of claim 1, wherein after sending the second electronic credential request message to the platform server, the method further comprises:
and if a response message which is returned by the platform server and does not carry the electronic certificate is received, displaying a login failure page on the local client, or sending the response message which does not carry the electronic certificate to the light application through the application interface.
3. The method of claim 1 or 2, wherein after sending the electronic credential to the light application through the application interface, the method further comprises:
and deleting the electronic certificate.
4. A light application login control method is applied to a platform server, and is characterized in that the platform server is used for providing service for a local client and also providing service for a light application server corresponding to the light application, and the method comprises the following steps:
receiving an electronic certificate request message from the local client, wherein the electronic certificate request message carries login identification information of a user on the local client and the identifier of the light application;
acquiring the login identification information and the identifier of the light application from the electronic certificate request message, and searching whether a corresponding record exists in a preset access control table;
if so, determining that the user has the login authority of the light application, and generating an electronic certificate for the user;
sending a first response message carrying the electronic certificate to the local client, and sending a second response message carrying the electronic certificate to the light application server; wherein the electronic credential is a basis for the light application server to determine that the user has the right to log in to the light application.
5. The method of claim 4, wherein after the pre-configured access control table lookup is performed to determine whether there is a corresponding record, the method further comprises:
if not, determining that the user does not have the login authority of the light application, refusing to generate the electronic certificate for the user, and sending a third response message which does not carry the electronic certificate to the local client.
6. The method according to claim 4 or 5, characterized in that the method further comprises:
receiving a registration message from the light application server, wherein the registration message carries the identification of the light application and login identification information of all users having the authority of logging in the light application; and maintaining the corresponding relation between the identification of the light application and the login identification information of all the users in the access control table.
7. The method according to claim 4 or 5, wherein after sending the first response message carrying the electronic credentials to the local client and sending the second response message carrying the electronic credentials to the light application server, the method further comprises:
and deleting the electronic certificate.
8. A light application login control device applied to a local client, wherein the local client has a platform server providing services for the local client at a remote end, and the platform server further provides services for a light application server corresponding to the light application, and the device specifically includes:
the sending module is used for sending a second electronic certificate request message to the platform server after receiving a first electronic certificate request message of the light application through an application interface, wherein the second electronic certificate request message carries login identification information of a user on the local client and the identifier of the light application; so that the platform server searches whether a record corresponding to the login identification information and the light application identifier exists in a preset access control table; if so, determining that the user has the login authority of the light application, and generating an electronic certificate for the user;
the receiving module is used for receiving a response message which is returned by the platform server and carries the electronic certificate;
the sending module is further configured to send the electronic credential to the light application through the application interface, where the electronic credential is a basis for the light application server to determine that the user has the right to log in the light application.
9. The apparatus of claim 8,
the sending module is further configured to, after sending the second electronic certificate request message to the platform server, if a response message returned by the platform server and not carrying the electronic certificate is received, display a login failure page on the local client, or send the response message not carrying the electronic certificate to the light application through the application interface.
10. The apparatus of claim 8 or 9, further comprising:
and the deleting module is used for deleting the electronic certificate after the sending module sends the electronic certificate to the light application through the application interface.
11. A light application login control device is applied to a platform server, and is characterized in that the platform server is used for providing service for a local client, and the platform server also provides service for a light application server corresponding to the light application, and the device specifically comprises:
the receiving module is used for receiving an electronic certificate request message from a local client, wherein the electronic certificate request message carries login identification information of a user on the local client and the identification of the light application;
the query module is used for acquiring the login identification information and the identifier of the light application from the electronic certificate request message and searching whether a corresponding record exists in a preset access control table;
the generating module is used for determining that the user has the login authority of the light application when the access control table has a corresponding record, and generating an electronic certificate for the user;
the sending module is used for sending a first response message carrying the electronic certificate to the local client and sending a second response message carrying the electronic certificate to the light application server; the electronic credential is a basis for the light application server to determine that the user has the right to log in to the light application.
12. The apparatus of claim 11,
the generation module is further configured to determine that the user does not have the login authority of the light application when there is no corresponding record in the access control table, and refuse to generate an electronic certificate for the user;
the sending module is further configured to send a third response message that does not carry the electronic credential to the local client.
13. The apparatus of claim 11 or 12,
the receiving module is further configured to receive a registration message from the light application server, where the registration message carries an identifier of the light application and login identification information of all users having a login right to the light application; and maintaining the corresponding relation between the identification of the light application and the login identification information of all the users in the access control table.
14. The apparatus of claim 11 or 12, further comprising:
and the deleting module is used for deleting the electronic certificate after the sending module sends the first response message carrying the electronic certificate to the local client and sends the second response message carrying the electronic certificate to the light application server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610584288.0A CN106254319B (en) | 2016-07-22 | 2016-07-22 | Light application login control method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610584288.0A CN106254319B (en) | 2016-07-22 | 2016-07-22 | Light application login control method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106254319A CN106254319A (en) | 2016-12-21 |
| CN106254319B true CN106254319B (en) | 2020-01-03 |
Family
ID=57603699
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610584288.0A Active CN106254319B (en) | 2016-07-22 | 2016-07-22 | Light application login control method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106254319B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107483509B (en) * | 2017-10-09 | 2019-12-03 | 武汉斗鱼网络科技有限公司 | A kind of auth method, server and readable storage medium storing program for executing |
| CN110247938A (en) * | 2018-03-08 | 2019-09-17 | 中国移动通信集团有限公司 | A kind of method of application management, equipment and computer storage medium |
| CN111526111B (en) * | 2019-02-02 | 2021-10-22 | 腾讯科技(深圳)有限公司 | Control method, device and equipment for logging in light application and computer storage medium |
| CN113179254B (en) * | 2021-04-01 | 2023-03-24 | 杭州数跑科技有限公司 | System login method and device, electronic equipment and storage medium |
| CN113722693A (en) * | 2021-09-09 | 2021-11-30 | 国网福建省电力有限公司漳州供电公司 | RPA platform login method, system, device and storage medium based on biological recognition |
| CN114844671A (en) * | 2022-03-21 | 2022-08-02 | 云控智行科技有限公司 | Data access method, device and equipment |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102739708B (en) * | 2011-04-07 | 2015-02-04 | 腾讯科技(深圳)有限公司 | System and method for accessing third party application based on cloud platform |
| CN104660566A (en) * | 2013-11-22 | 2015-05-27 | 中国电信股份有限公司 | Method and system applied to authentication control |
| CN103051630B (en) * | 2012-12-21 | 2016-01-27 | 微梦创科网络科技(中国)有限公司 | Method, the Apparatus and system of third-party application mandate is realized based on open platform |
| CN105282126A (en) * | 2014-07-24 | 2016-01-27 | 腾讯科技(北京)有限公司 | Login authentication method, terminal and server |
| CN105763547A (en) * | 2016-02-04 | 2016-07-13 | 中国联合网络通信集团有限公司 | Third-party authorization method and third-party authorization system |
| CN105791249A (en) * | 2014-12-26 | 2016-07-20 | 深圳云之家网络有限公司 | Third-party application processing method, device and system |
-
2016
- 2016-07-22 CN CN201610584288.0A patent/CN106254319B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102739708B (en) * | 2011-04-07 | 2015-02-04 | 腾讯科技(深圳)有限公司 | System and method for accessing third party application based on cloud platform |
| CN103051630B (en) * | 2012-12-21 | 2016-01-27 | 微梦创科网络科技(中国)有限公司 | Method, the Apparatus and system of third-party application mandate is realized based on open platform |
| CN104660566A (en) * | 2013-11-22 | 2015-05-27 | 中国电信股份有限公司 | Method and system applied to authentication control |
| CN105282126A (en) * | 2014-07-24 | 2016-01-27 | 腾讯科技(北京)有限公司 | Login authentication method, terminal and server |
| CN105791249A (en) * | 2014-12-26 | 2016-07-20 | 深圳云之家网络有限公司 | Third-party application processing method, device and system |
| CN105763547A (en) * | 2016-02-04 | 2016-07-13 | 中国联合网络通信集团有限公司 | Third-party authorization method and third-party authorization system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106254319A (en) | 2016-12-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11539687B2 (en) | Message right management method, device and storage medium | |
| US10554655B2 (en) | Method and system for verifying an account operation | |
| US10515232B2 (en) | Techniques for facilitating secure, credential-free user access to resources | |
| US10057251B2 (en) | Provisioning account credentials via a trusted channel | |
| CN106254319B (en) | Light application login control method and device | |
| US10063547B2 (en) | Authorization authentication method and apparatus | |
| US20190253428A1 (en) | Invisible password reset protocol | |
| US10171449B2 (en) | Account login method and device | |
| EP3203709B1 (en) | Cloud service server and method for managing cloud service server | |
| CN103036902B (en) | Log-in control method and system based on Quick Response Code | |
| WO2019218747A1 (en) | Third party authorized login method and system | |
| US20210099431A1 (en) | Synthetic identity and network egress for user privacy | |
| CN106470145B (en) | Instant messaging method and device | |
| US9059987B1 (en) | Methods and systems of using single sign-on for identification for a web server not integrated with an enterprise network | |
| US10757092B2 (en) | Controlling access to personal data | |
| CN109088884B (en) | Website access method, device, server and storage medium based on identity authentication | |
| US20150324595A1 (en) | Providing access to application data | |
| CN104158818A (en) | Single sign-on method and system | |
| CN117251837A (en) | System access method and device, electronic equipment and storage medium | |
| US20200036749A1 (en) | Web browser incorporating social and community features | |
| JP2016200869A (en) | Authentication server, authentication system, and authentication method | |
| US9124615B2 (en) | Authentication of content provider web sites and applications via a mobile device identifier | |
| US20170163490A1 (en) | Method and device for detecting hotlinking |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant after: Xinhua three Technology Co., Ltd. Address before: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant before: Huasan Communication Technology Co., Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |