CN106330971A - Authentication method, server and system based on stateless service - Google Patents
Authentication method, server and system based on stateless service Download PDFInfo
- Publication number
- CN106330971A CN106330971A CN201610949625.1A CN201610949625A CN106330971A CN 106330971 A CN106330971 A CN 106330971A CN 201610949625 A CN201610949625 A CN 201610949625A CN 106330971 A CN106330971 A CN 106330971A
- Authority
- CN
- China
- Prior art keywords
- subscriber identity
- identity information
- information
- label information
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/146—Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses an authentication method based on stateless service, comprising receiving the request of carrying sign information sent by a client, wherein the sign information corresponds to users' identification information, analyzing the sign information, generating the users' identification information corresponding to the sign information, responding the request according to the users 'identification information, thus, the sign information corresponding to the users' identification information is stored in the client in the embodiment, the conversation information can be saved without a server, light loading of the server can be realized and expanded easily, and the sign information has simple structure and easy transmission. The invention further discloses an authentication server and a system based on stateless service, which can realize above technical effects.
Description
Technical field
The present invention relates to stateless service authentication techniques field, more particularly, it relates to a kind of based on stateless service
Authentication method, server and system.
Background technology
Http agreement is a kind of stateless agreement, and this means that if user need to provide user name and close to application
Code carries out user authentication, and upper once ask time, user carries out user authentication again, because of according to http agreement,
We can not know the request which user sends, so being the request that sends of which user in order to application can be identified,
The information that we can only log in a user of server storage, this part of log-on message can pass to browser when response, accuse
Tell it and save as cookie, in order to be sent to our application, so our application during request next time and just can identify that request comes
From which user, here it is traditional based on session certification.But this certification based on session makes application itself
Hardly resulting in extension, along with the increase of different clients user, independent server cannot carry more user, and at this moment
Wait problem based on session authentication application will come out.Therefore, how to realize the certification of stateless service, be ability
The problem that field technique personnel need to solve.
Summary of the invention
It is an object of the invention to provide a kind of authentication method based on stateless service, server and system, to realize
The certification of stateless service.
For achieving the above object, following technical scheme is embodiments provided:
A kind of authentication method based on stateless service, including:
Receive the request carrying label information that client sends;Wherein, described label information and subscriber identity information phase
Corresponding;
Resolve described label information, generate the subscriber identity information corresponding with described label information;
Described request is responded according to described subscriber identity information.
Wherein, the generation method of described label information includes:
Receive the subscriber identity information that client sends, and described subscriber identity information is verified;
If being proved to be successful, then utilize JWT technology to generate the label information corresponding with described subscriber identity information, and send extremely
Client, so that described label information is stored in cookie by client.
Wherein, the subscriber identity information that described reception client sends, and described subscriber identity information is verified, bag
Include:
Receive the user name of client transmission and log in password;
Search whether to there is described user name from subscriber identity information storehouse;
If existing, then log in password described in judgement the most correct;If not existing, then return described user to described client
The information that identity information is invalid;
Log in password described in if correct, then judge that described subscriber identity information is proved to be successful.
Wherein, the described label information utilizing the generation of JWT technology corresponding with described subscriber identity information, including:
Utilize JWT technology, described subscriber identity information is loaded to Claims object, to described Claims object configuration mark
Time effect duration of note and AES, and generate described label information by compact method.
A kind of certificate server based on stateless service, including:
First receiver module, for receiving the request carrying label information that client sends;Wherein, described label information
Corresponding with subscriber identity information;
Parsing module, is used for resolving described label information, generates the subscriber identity information corresponding with described label information;
Respond module, for responding described request according to described subscriber identity information.
Wherein, described certificate server also includes:
Second receiver module, for receiving the subscriber identity information that client sends;
Authentication module, for verifying described subscriber identity information;
Label information generation module, for after described subscriber identity information is proved to be successful, utilizes JWT technology to generate and institute
State the label information that subscriber identity information is corresponding, and send to client, so that described label information is stored in by client
In cookie.
Wherein, the subscriber identity information that described second receiver module receives includes user name and logs in password;
Described authentication module includes:
Search unit, for searching whether to there is described user name from subscriber identity information storehouse;
Transmitting element, in time there is not described user name in described subscriber identity information storehouse, returns to described client
Return the information that described subscriber identity information is invalid;
Judging unit, in described subscriber identity information storehouse, there is described user name time, it is judged that described in log in password
The most correct;Log in password described in if correct, then judge that described subscriber identity information is proved to be successful.
Wherein, described label information generation module utilizes JWT technology, loads described subscriber identity information to Claims pair
As, time effect duration and the AES to described Claims object configuration flag, and generate described mark by compact method
Note information.
A kind of Verification System based on stateless service, including the certificate server described in above-mentioned any one, also includes:
Client, for sending the request carrying label information to described certificate server.
Wherein, described client includes:
Sending module, for sending subscriber identity information to described certificate server;
Memory module, for receiving the labelling letter corresponding with described subscriber identity information that described certificate server sends
Breath, and described label information is stored to cookie.
By above scheme, a kind of based on stateless service the authentication method that the embodiment of the present invention provides, including:
Receive the request carrying label information that client sends;Wherein, described label information is corresponding with subscriber identity information;Resolve
Described label information, generates the subscriber identity information corresponding with described label information;Institute is responded according to described subscriber identity information
State request;Visible, in the present embodiment, the label information corresponding with subscriber identity information is stored to client, be not required to service
Device preserves session information, can realize the light load of server, easily extend, and label information simple in construction is easily transmitted;The present invention is also
Disclose a kind of certificate server based on stateless service and system, above-mentioned technique effect can be realized equally.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
In having technology to describe, the required accompanying drawing used is briefly described, it should be apparent that, the accompanying drawing in describing below is only this
Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to
Other accompanying drawing is obtained according to these accompanying drawings.
Fig. 1 is a kind of authentication method schematic flow sheet based on stateless service disclosed in the embodiment of the present invention;
Fig. 2 is identifying procedure schematic diagram disclosed in the embodiment of the present invention;
Fig. 3 is a kind of Verification System structural representation based on stateless service disclosed in the embodiment of the present invention.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Describe, it is clear that described embodiment is only a part of embodiment of the present invention rather than whole embodiments wholely.Based on
Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under not making creative work premise
Embodiment, broadly falls into the scope of protection of the invention.
The embodiment of the invention discloses a kind of authentication method based on stateless service, server and system, to realize nothing
The certification of status service.
See Fig. 1, a kind of based on stateless service the authentication method that the embodiment of the present invention provides, including:
The request carrying label information that S101, reception client send;Wherein, described label information is believed with user identity
Manner of breathing is corresponding;
It should be noted that the generation method of described label information includes:
The subscriber identity information that step one, reception client send, and described subscriber identity information is verified;
Concrete, the step one in this programme includes:
1) receive the user name of client transmission and log in password;
2) search whether to there is described user name from subscriber identity information storehouse;If existing, then log in password described in judgement
The most correct;If not existing, then return, to described client, the information that described subscriber identity information is invalid;
3) if described in log in password correct, then judge that described subscriber identity information is proved to be successful.
It should be noted that see Fig. 2, the subscriber identity information in this programme includes user name and login password, user
Need when logging in first to send to server subscriber identity information, by server, subscriber identity information verified,
If by checking, then can represent to client transmission one and have verified that the label information passed through, this label information comprises
The log-on message of this user, and this label information stored to client, so that client sends request to server every time
Time enclose this labelling, user identity can be represented, this user identity can be characterized again and be verified.
If step 2 is proved to be successful, then JWT technology is utilized to generate the label information corresponding with described subscriber identity information,
And send to client, so that described label information is stored in cookie by client.
Wherein, the described label information utilizing the generation of JWT technology corresponding with described subscriber identity information, including: utilize JWT
Technology, loads described subscriber identity information to Claims object, time effect duration to described Claims object configuration flag
And AES, and generate described label information by compact method.
It should be noted that the label information in this programme can use JWT (json Format network token) technology to realize,
Concrete implementation method is: by createTokenForUser method, the user login information received is loaded into Claims
Object, Jwts, to time effect duration of object configuration flag and AES, generates with user finally by compact method
The label information of log-on message is back to client, and is stored in cookie.
S102, resolve described label information, generate the subscriber identity information corresponding with described label information;
S103, according to described subscriber identity information respond described request.
Concrete, then represent the subscriber identity information checking corresponding with label information owing to server receives label information
Success, therefore without the most separately depositing the log-on message of all users, thus alleviates the load of server, and passes through
Label information is resolved by parseUserFromToken method, i.e. parses user by identical AES and logs in letter
Breath, and return response message according to the log-on message parsed to client.
The certificate server provided the embodiment of the present invention below is introduced, and certificate server described below is with above
The authentication method described can be cross-referenced.
See Fig. 3, a kind of based on stateless service the certificate server that the embodiment of the present invention provides, including:
First receiver module 100, for receiving the request carrying label information that client sends;Wherein, described labelling
Information is corresponding with subscriber identity information;
Parsing module 200, is used for resolving described label information, generates the user identity letter corresponding with described label information
Breath;
Respond module 300, for responding described request according to described subscriber identity information.
Based on technique scheme, this programme includes:
Second receiver module, for receiving the subscriber identity information that client sends;
Authentication module, for verifying described subscriber identity information;
Label information generation module, for after described subscriber identity information is proved to be successful, utilizes JWT technology to generate and institute
State the label information that subscriber identity information is corresponding, and send to client, so that described label information is stored in by client
In cookie.
Based on technique scheme, the subscriber identity information that described second receiver module receives includes user name and logs in close
Code;
Described authentication module includes:
Search unit, for searching whether to there is described user name from subscriber identity information storehouse;
Transmitting element, in time there is not described user name in described subscriber identity information storehouse, returns to described client
Return the information that described subscriber identity information is invalid;
Judging unit, in described subscriber identity information storehouse, there is described user name time, it is judged that described in log in password
The most correct;Log in password described in if correct, then judge that described subscriber identity information is proved to be successful.
Based on technique scheme, described label information generation module utilizes JWT technology, is filled by described subscriber identity information
It is loaded onto Claims object, time effect duration and the AES to described Claims object configuration flag, and by compact side
Method generates described label information.
The embodiment of the present invention provides a kind of Verification System based on stateless service, including the certification described in above-described embodiment
Server, also includes:
Client, for sending the request carrying label information to described certificate server.
Wherein, described client includes:
Sending module, for sending subscriber identity information to described certificate server;
Memory module, for receiving the labelling letter corresponding with described subscriber identity information that described certificate server sends
Breath, and described label information is stored to cookie.
A kind of based on stateless service the authentication method that the embodiment of the present invention provides, including: receive what client sent
Carry the request of label information;Wherein, described label information is corresponding with subscriber identity information;Resolve described label information, raw
Become the subscriber identity information corresponding with described label information;Described request is responded according to described subscriber identity information;Visible, at this
In embodiment, the label information corresponding with subscriber identity information is stored to client, be not required to server and preserve session information, energy
Realize the light load of server, easily extend, and label information simple in construction is easily transmitted;The invention also discloses a kind of based on ill-mannered
The certificate server of state service and system, can realize above-mentioned technique effect equally.
In this specification, each embodiment uses the mode gone forward one by one to describe, and what each embodiment stressed is and other
The difference of embodiment, between each embodiment, identical similar portion sees mutually.
Described above to the disclosed embodiments, makes professional and technical personnel in the field be capable of or uses the present invention.
Multiple amendment to these embodiments will be apparent from for those skilled in the art, as defined herein
General Principle can realize without departing from the spirit or scope of the present invention in other embodiments.Therefore, the present invention
It is not intended to be limited to the embodiments shown herein, and is to fit to and principles disclosed herein and features of novelty phase one
The widest scope caused.
Claims (10)
1. an authentication method based on stateless service, it is characterised in that including:
Receive the request carrying label information that client sends;Wherein, described label information is corresponding with subscriber identity information;
Resolve described label information, generate the subscriber identity information corresponding with described label information;
Described request is responded according to described subscriber identity information.
Authentication method the most according to claim 1, it is characterised in that the generation method of described label information includes:
Receive the subscriber identity information that client sends, and described subscriber identity information is verified;
If being proved to be successful, then utilize JWT technology to generate the label information corresponding with described subscriber identity information, and send to client
End, so that described label information is stored in cookie by client.
Authentication method the most according to claim 2, it is characterised in that the user identity letter that described reception client sends
Breath, and described subscriber identity information is verified, including:
Receive the user name of client transmission and log in password;
Search whether to there is described user name from subscriber identity information storehouse;
If existing, then log in password described in judgement the most correct;If not existing, then return described user identity to described client
The information that information is invalid;
Log in password described in if correct, then judge that described subscriber identity information is proved to be successful.
4. according to the authentication method described in Claims 2 or 3, it is characterised in that described utilize JWT technology generate with described user
The label information that identity information is corresponding, including:
Utilize JWT technology, described subscriber identity information is loaded to Claims object, to described Claims object configuration flag
Time effect duration and AES, and generate described label information by compact method.
5. a certificate server based on stateless service, it is characterised in that including:
First receiver module, for receiving the request carrying label information that client sends;Wherein, described label information and use
Family identity information is corresponding;
Parsing module, is used for resolving described label information, generates the subscriber identity information corresponding with described label information;
Respond module, for responding described request according to described subscriber identity information.
Certificate server the most according to claim 5, it is characterised in that described certificate server also includes:
Second receiver module, for receiving the subscriber identity information that client sends;
Authentication module, for verifying described subscriber identity information;
Label information generation module, for after described subscriber identity information is proved to be successful, utilizes JWT technology to generate and described use
The label information that family identity information is corresponding, and send to client, so that described label information is stored in cookie by client
In.
Certificate server the most according to claim 6, it is characterised in that
The subscriber identity information that described second receiver module receives includes user name and logs in password;
Described authentication module includes:
Search unit, for searching whether to there is described user name from subscriber identity information storehouse;
Transmitting element, in time there is not described user name in described subscriber identity information storehouse, returns institute to described client
State the information that subscriber identity information is invalid;
Judging unit, in described subscriber identity information storehouse, there is described user name time, it is judged that described in whether log in password
Correctly;Log in password described in if correct, then judge that described subscriber identity information is proved to be successful.
8. according to the certificate server described in claim 6 or 7, it is characterised in that
Described label information generation module utilizes JWT technology, loads described subscriber identity information to Claims object, to described
Time effect duration of Claims object configuration flag and AES, and generate described label information by compact method.
9. a Verification System based on stateless service, it is characterised in that include as described in any one in claim 5-8
Certificate server, also include:
Client, for sending the request carrying label information to described certificate server.
Verification System the most according to claim 9, it is characterised in that described client includes:
Sending module, for sending subscriber identity information to described certificate server;
Memory module, for receiving the label information corresponding with described subscriber identity information that described certificate server sends, and
Described label information is stored to cookie.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610949625.1A CN106330971A (en) | 2016-11-02 | 2016-11-02 | Authentication method, server and system based on stateless service |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610949625.1A CN106330971A (en) | 2016-11-02 | 2016-11-02 | Authentication method, server and system based on stateless service |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106330971A true CN106330971A (en) | 2017-01-11 |
Family
ID=57818714
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610949625.1A Pending CN106330971A (en) | 2016-11-02 | 2016-11-02 | Authentication method, server and system based on stateless service |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106330971A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107528853A (en) * | 2017-09-12 | 2017-12-29 | 上海艾融软件股份有限公司 | The implementation method of micro services control of authority |
| CN110278176A (en) * | 2018-03-14 | 2019-09-24 | 腾讯科技(深圳)有限公司 | Login validation method and login service device |
| CN110383788A (en) * | 2017-03-07 | 2019-10-25 | 西门子股份公司 | For executing one or more application program so as to the method and safe unit of the data exchange with the one or more servers progress safety for providing Web service, particularly for the safe unit of IoT equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030005308A1 (en) * | 2001-05-30 | 2003-01-02 | Rathbun Paul L. | Method and system for globally restricting client access to a secured web site |
| CN101426009A (en) * | 2007-10-31 | 2009-05-06 | 中国移动通信集团公司 | Identity management platform, service server, uniform login system and method |
| CN104580074A (en) * | 2013-10-14 | 2015-04-29 | 阿里巴巴集团控股有限公司 | Logging method of client end application and corresponding server of logging method |
| US9210145B2 (en) * | 2012-10-02 | 2015-12-08 | Blackberry Limited | Method and system for hypertext transfer protocol digest authentication |
| CN105915537A (en) * | 2016-05-27 | 2016-08-31 | 努比亚技术有限公司 | Token generation method, token calibration method and token authentication server |
-
2016
- 2016-11-02 CN CN201610949625.1A patent/CN106330971A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030005308A1 (en) * | 2001-05-30 | 2003-01-02 | Rathbun Paul L. | Method and system for globally restricting client access to a secured web site |
| CN101426009A (en) * | 2007-10-31 | 2009-05-06 | 中国移动通信集团公司 | Identity management platform, service server, uniform login system and method |
| US9210145B2 (en) * | 2012-10-02 | 2015-12-08 | Blackberry Limited | Method and system for hypertext transfer protocol digest authentication |
| CN104580074A (en) * | 2013-10-14 | 2015-04-29 | 阿里巴巴集团控股有限公司 | Logging method of client end application and corresponding server of logging method |
| CN105915537A (en) * | 2016-05-27 | 2016-08-31 | 努比亚技术有限公司 | Token generation method, token calibration method and token authentication server |
Non-Patent Citations (1)
| Title |
|---|
| M. JONES,等: "《draft-ietf-oauth-json-web-token-09》", 11 July 2013 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110383788A (en) * | 2017-03-07 | 2019-10-25 | 西门子股份公司 | For executing one or more application program so as to the method and safe unit of the data exchange with the one or more servers progress safety for providing Web service, particularly for the safe unit of IoT equipment |
| US11432156B2 (en) | 2017-03-07 | 2022-08-30 | Siemens Aktiengesellschaft | Security unit for an IoT device and method for running one or more applications for the secured exchange of data with one or more servers which provide web services |
| CN107528853A (en) * | 2017-09-12 | 2017-12-29 | 上海艾融软件股份有限公司 | The implementation method of micro services control of authority |
| CN110278176A (en) * | 2018-03-14 | 2019-09-24 | 腾讯科技(深圳)有限公司 | Login validation method and login service device |
| CN110278176B (en) * | 2018-03-14 | 2021-09-14 | 腾讯科技(深圳)有限公司 | Login verification method and login server |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104158808B (en) | Portal authentication method and its device based on APP applications | |
| CN103188207B (en) | A kind of cross-domain single sign-on realization method and system | |
| CN103139200B (en) | A kind of method of Web service single-sign-on | |
| CN102811228B (en) | Network login method, equipment and system | |
| CN105519028B (en) | A kind of wireless system connection control method and device | |
| CN102546914A (en) | Automatic login system based on smart phone and control method | |
| CN105025041A (en) | File upload method, file upload apparatus and system | |
| CN104660409B (en) | The method of system login and certificate server cluster under cluster environment | |
| CN105357110B (en) | E-mail sending method, apparatus and system | |
| CN106850225B (en) | Identifying code transfer approach and system | |
| CN107508822A (en) | Access control method and device | |
| CN101656609A (en) | Single sign-on method, system and device thereof | |
| CN110032895A (en) | Request processing method, processing unit and requests verification method, verifying device | |
| CN102624687A (en) | Networking program user authentication method based on mobile terminal | |
| WO2017181801A1 (en) | Hypertext transfer protocol request identification system and method | |
| CN106330971A (en) | Authentication method, server and system based on stateless service | |
| CN105991518B (en) | Network access verifying method and device | |
| CN103095666B (en) | Third-party application processing method and device | |
| CN104837134B (en) | A kind of web authentication user login method, equipment and system | |
| WO2018145593A1 (en) | Method for integrating authentication device and website, system and apparatus | |
| CN104936177B (en) | A kind of access authentication method and access authentication system | |
| CN109359446B (en) | A kind of cross-domain login validation method in internet | |
| CN107370746A (en) | Authentication method and system based on application-specific authentication service set identifier | |
| CN105306577A (en) | Data sharing system and method between handheld devices based on APP | |
| CN114157693A (en) | Power-on authentication method of communication equipment, communication module and server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170111 |
|
| RJ01 | Rejection of invention patent application after publication |