Summary of the invention
The embodiment of the present invention provides a kind of authentication method and device based on single-sign-on, and can solve terminal can not visit
The problem of asking WEB server.
In order to achieve the above objectives, the embodiment of the present invention adopts the following technical scheme that
A kind of authentication method based on single-sign-on, comprising:
The certification request that terminal is sent is received, carries IP address to be visited in certification request;
The certification request type of certification request is determined according to IP address to be visited;
Judge whether there is the corresponding filter logic chain manager of the certification request type;
If it exists, then the corresponding filter logic chain manager processes certification request of the certification request type is called;
If it does not exist, then it creates the corresponding filter logic chain manager of the certification request type and the certification is asked
Seek the corresponding three-party library filter group of type;
Call the corresponding filter logic chain manager processes certification request of the certification request type.
A kind of authentication device based on single-sign-on, comprising:
Receiving unit carries IP address to be visited in certification request for receiving the certification request of terminal transmission;
Determination unit, for determining that certification is asked according to the IP address to be visited in the received certification request of the receiving unit
The certification request type asked;
Judging unit, the corresponding filtering of the certification request type determined for judging whether there is the determination unit
Device logic chain manager;
Processing unit calls the certification request type pair in the presence of being for the judging result when the judging unit
The filter logic chain manager processes certification request answered;
Creating unit creates the certification request type in the absence of being for the judging result when the judging unit
Corresponding filter logic chain manager and the corresponding three-party library filter group of the certification request type;
The processing unit is also used to call the corresponding filter of the certification request type of the creating unit creation
Logic chain manager processes certification request.
The certification that authentication method and device provided in an embodiment of the present invention based on single-sign-on, first reception terminal are sent
Request, then determines the certification request type of certification request, and then judge whether according to the IP address to be visited in certification request
There are the corresponding filter logic chain managers of the certification request type, if it is present calling directly certification request type pair
The filter logic chain manager processes certification request answered, if it does not exist, then creating the corresponding filtering of certification request type
Device logic chain manager and three-party library filter group, and then the filter logic chain manager processes certification of creation is called to ask
Ask, in the prior art due to can not carry out single sign-on authentication and lead to not access WEB server the problem of compared with, this hair
In bright embodiment, when filter logic chain manager corresponding if there is no certification request type, it just will create the certification and ask
Ask the corresponding filter logic chain manager of type and three-party library filter group, and then can be by the filter logic chain that creates
Manager handles certification request, is equivalent to even if carrying private IP address in certification request, if do not used in WEB container
In the filter logic chain manager for handling the private IP address, the corresponding filter logic of the private IP address can also be created
Chain manager is not in the case where can not handling certification request, so the embodiment of the present invention can handle with carrying private ip
The certification request of location is not in due to the case where can not handling certification request and causing terminal that can not access WEB server.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
Single sign-on authentication can not be carried out under the scene of NAT in order to solve terminal, and then causes terminal that can not access WEB
The problem of server, the embodiment of the present invention provide a kind of authentication method based on single-sign-on, as shown in Figure 1, this method comprises:
101, the certification request that terminal is sent is received, carries IP address to be visited in certification request.
Firstly, it is necessary to which it can be to be integrated in WEB container with processing that is illustrated, which is the executing subject of the embodiment of the present invention,
The filter proxy container of function, or different steps can be executed by the different functional modules in WEB container.
It should be noted that the address to be visited carried in certification request is private IP address, when terminal is privately owned using this
When IP address accesses network, which can be converted to public ip address by router.
102, the certification request type of certification request is determined according to IP address to be visited.
Wherein, a public ip address corresponds to multiple private IP address, and each private IP address corresponds to a kind of certification request
Type, for example, private IP address 1, private IP address 2, private IP address 3 can be converted to the same public ip address, and private
There are IP address 1, private IP address 2, private IP address 3 to respectively correspond a kind of certification request type, each type of certification request
By the corresponding filter logic link manager processing of respective type.
103, the corresponding filter logic chain manager of certification request type is judged whether there is.
If it exists, 104 are thened follow the steps, if it does not exist, thens follow the steps 105.
104, the corresponding filter logic chain manager processes certification request of certification request type is called.
105, the corresponding filter logic chain manager of creation certification request type and certification request type corresponding three
Square library filter group.
It should be noted that if there is no the corresponding filter logic chain manager of certification request type, then WEB container
In there is currently no the filter that can handle the certification request, in order to avoid there is the case where can not authenticating, need to create and recognize
The three-party library filtering that the card corresponding filter logic chain manager of request type and the filter logic chain manager are managed
Device group.
In an implementation of the embodiment of the present invention, three-party library filter group may include end check filter,
Stub checks that filter, certification user obtain filter.
Detection filter is exited, for realizing single-sign-on exit function, realizes exit function for system;
Authentication check filter, for checking whether active user logs in after user's input address, if not logged in
It needs to jump CAS certificate server and carries out the certification of user name Password Input;
Stub checks filter, is used for after system is by a upper authentication check filter, if authenticated successfully, CAS
Certificate server can carry stub and jump back to the system, which is to check that current stub whether there is, if effectively, in vain
It can prompt mistake.
User's acquisition filter is authenticated, for after the completion of certification, reading the user information that user logs in, CAS is by being somebody's turn to do
Filter is completed.
106, the corresponding filter logic chain manager processes certification request of certification request type is called.
It is understood that filter logic chain manager can call each filter in three-party library filter group
Function handles certification request.
The method for calling the corresponding filter logic chain manager processes certification request of certification request type is carried out below
Illustrate, filter logic chain manager need to call tripartite's filter group, jump to Verification System according to Verification System address, then
User can be prompted to input log-on message, such as username and password in the display interface of Verification System, then Verification System pair
The log-on message received is verified, if be proved to be successful, by authentication information storage into Verification System, and regeneration certification
The corresponding ticket of information and the cookie for establishing session, Verification System jumps again understands WEB application system, in jump address
The parameter of ticket is carried, at this time terminal access WEB server, filter logic chain manager reads authentication information to complete
Certification.
The certification request that authentication method provided in an embodiment of the present invention based on single-sign-on, first reception terminal are sent,
Then the certification request type of certification request is determined according to the IP address to be visited in certification request, and then judges whether there is this
The corresponding filter logic chain manager of certification request type, if it is present calling directly the corresponding mistake of certification request type
Filter logic chain manager processes certification request, if it does not exist, then creating the corresponding filter logic of certification request type
Chain manager and three-party library filter group, and then the filter logic chain manager processes certification request of creation is called, with
Lead to not the problem of accessing WEB server since single sign-on authentication can not be carried out in the prior art and compare, the present invention is real
It applies in example, when filter logic chain manager corresponding if there is no certification request type, just will create the certification request class
The corresponding filter logic chain manager of type and three-party library filter group, and then can be by the filter logic chain management that creates
Device handles certification request, is equivalent to even if carrying private IP address in certification request, if not for locating in WEB container
The filter logic chain manager for managing the private IP address can also create the corresponding filter logic chain pipe of the private IP address
Device is managed, is not in the case where can not handling certification request, so the embodiment of the present invention, which can handle, carries private IP address
Certification request is not in due to the case where can not handling certification request and causing terminal that can not access WEB server.
In another implementation provided in an embodiment of the present invention, to creation filter logic chain manager and three-party library
The method of filter is illustrated, as shown in Fig. 2, above-mentioned steps 105, the corresponding filter logic of creation certification request type
Chain manager and the corresponding three-party library filter group of the certification request type, specifically can be implemented as step 1051 to step
1053。
1051, the corresponding filter logic chain manager of creation certification request type.
It should be noted that each filter logic chain manager is used to handle a type of certification request, and each
One group of three-party library filter of filter logic chain manager administration.
1052, the configuration parameter of the corresponding three-party library filter group of certification request type is generated according to IP address to be visited.
Wherein, configuration parameter includes: Verification System address, WEB application address, authentication information storage address.
Wherein, Verification System address is the address of the Verification System for being authenticated to the certification request.
WEB application address is the address of WEB application system corresponding to IP address to be visited.
Authentication information storage address is for the storage region of authentication storage information or the address of system.
1053, the corresponding three-party library filter group of certification request type is created according to configuration parameter.
It is understood that being and the certification request type since configuration parameter is generated according to IP address to be visited
The matched configuration parameter of institute, so can be used for handling the certification of the type according to tripartite's filter group that the configuration parameter generates
Request.
It should be noted that in order to subsequently received same type certification request when, the filter can be called directly
Logic chain manager handles certification request, after creating the corresponding filter logic chain manager of the certification request, also needs
Corresponding relationship between authentication storage request type and filter logic chain manager.
For the embodiment of the present invention, when filter logic chain manager corresponding with certification request type is not present, just
The corresponding filter logic chain manager of the certification request type and three-party library filter are created, avoiding certification request can not
Processed situation occurs, and creation filter logic link manager every time, can all store newly-built filter logic chain pipe
The corresponding relationship for managing device and certification request type, when receiving the certification request of same type next time, so that it may it calls directly,
Without re-creating filter logic chain manager, the treatment effeciency of certification request is improved.
Corresponding to above method embodiment, the embodiment of the present invention also provides a kind of authentication device based on single-sign-on, such as
Shown in Fig. 3, which includes: receiving unit 301, determination unit 302, judging unit 303, processing unit 304, creating unit
305。
Receiving unit 301 carries IP address to be visited in certification request for receiving the certification request of terminal transmission;
Determination unit 302, for determining certification according to the IP address to be visited in the received certification request of receiving unit 301
The certification request type of request;
Judging unit 303, the corresponding filter of certification request type determined for judging whether there is determination unit 302
Logic chain manager;
Processing unit 304 in the presence of being for the judging result when judging unit 303, calls certification request type corresponding
Filter logic chain manager processes certification request;
Creating unit 305 in the absence of being for the judging result when judging unit 303, creates certification request type pair
The corresponding three-party library filter group of filter logic chain manager and certification request type answered;
Processing unit 304, the corresponding filter logic chain of certification request type for being also used to that creating unit 305 is called to create
Manager processes certification request.
In another implementation provided in an embodiment of the present invention, creating unit 305 is also used to create certification request class
The corresponding filter logic chain manager of type;The corresponding three-party library filter of certification request type is generated according to IP address to be visited
The configuration parameter of group;The corresponding three-party library filter group of certification request type is created according to configuration parameter.
Wherein, configuration parameter includes at least: Verification System address, WEB application address, authentication information storage address.
In another implementation provided in an embodiment of the present invention, as shown in figure 4, the device further include: storage unit
306。
Storage unit 306, for the corresponding relationship between authentication storage request type and filter logic chain manager.
In another implementation provided in an embodiment of the present invention, processing unit 304 is also used to through request type pair
The filter logic chain manager answered calls three-party library filter group to jump to the corresponding Verification System in Verification System address;?
The log-on message of user's input is received in Verification System;The log-on message of user's input is verified;It, will if being proved to be successful
Authentication information is stored into authentication information storage address;The corresponding WEB application system in WEB application address is jumped to, and is answered to WEB
Authentication information is sent with system;Authentication information is read from authentication information storage address, is verified by the authentication information read
The validity of the authentication information received from Verification System;If being proved to be successful, certification request success response is sent to terminal.
Authentication device provided in an embodiment of the present invention based on single-sign-on, first receiving unit receive recognizing for terminal transmission
Card request, then determination unit determines the certification request type of certification request according to the IP address to be visited in certification request, into
And judging unit judges whether there is the corresponding filter logic chain manager of the certification request type, if it does, processing is single
It is first then call directly the corresponding filter logic chain manager processes certification request of certification request type, if it does not exist, then wound
It builds unit and creates the corresponding filter logic chain manager of the certification request type and three-party library filter group, and then handle single
Filter logic chain manager processes certification request of metacall creation, and in the prior art since single-sign-on can not be carried out
It authenticates and leads to not compare the problem of accessing WEB server, in the embodiment of the present invention, if there is no certification request type pair
When the filter logic chain manager answered, it just will create the corresponding filter logic chain manager of the certification request type and three
Square library filter group, and then certification request can be handled by the filter logic chain manager created, it is equivalent to even if certification
Private IP address is carried in request, if not for handling the filter logic chain pipe of the private IP address in WEB container
Device is managed, the corresponding filter logic chain manager of the private IP address can also be created, be not in that can not handle certification request
The case where, so the embodiment of the present invention can handle the certification request for carrying private IP address, it is not in due to that can not handle
Certification request and the case where cause terminal that can not access WEB server.
Through the above description of the embodiments, it is apparent to those skilled in the art that the present invention can borrow
Help software that the mode of required common hardware is added to realize, naturally it is also possible to which the former is more preferably by hardware, but in many cases
Embodiment.Based on this understanding, the portion that technical solution of the present invention substantially in other words contributes to the prior art
Dividing can be embodied in the form of software products, which stores in a readable storage medium, such as count
The floppy disk of calculation machine, hard disk or CD etc., including some instructions are used so that computer equipment (it can be personal computer,
Server or the network equipment etc.) execute method described in each embodiment of the present invention.
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any
Those familiar with the art in the technical scope disclosed by the present invention, can easily think of the change or the replacement, and should all contain
Lid is within protection scope of the present invention.Therefore, protection scope of the present invention should be based on the protection scope of the described claims.