CN107920063A - A kind of method of online updating tokenID - Google Patents
A kind of method of online updating tokenID Download PDFInfo
- Publication number
- CN107920063A CN107920063A CN201711084831.1A CN201711084831A CN107920063A CN 107920063 A CN107920063 A CN 107920063A CN 201711084831 A CN201711084831 A CN 201711084831A CN 107920063 A CN107920063 A CN 107920063A
- Authority
- CN
- China
- Prior art keywords
- tokenid
- cloud platform
- user
- time
- safe
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Debugging And Monitoring (AREA)
Abstract
The present invention relates to a kind of method of online updating tokenID, user logs on to safe cloud platform from business cloud platform, safe cloud platform obtains initial tokenID and caches, persistently presence then refreshes tokenID and replaces the tokenID of caching HTTP request in the tokenID expired times that business cloud platform defines, otherwise tokenID is set to failure by T time later, is stopped the renewal to tokenID and is operated and terminate;If there are single API to perform overlong time, by default recovery API, authenticated using user information, regain tokenID and cache.The present invention ensures the safety of third party's data and resource, user's current operation need not be terminated to be logged in again, the tokenID Problem of Failure of API Calls is solved, re-authentication and login caused by failing due to tokenID is avoided, improves user experience under the premise that security is guaranteed.
Description
Technical field
The present invention relates to the technical field of the transmission of digital information, such as telegraph communication, more particularly to one kind ensures safety
The method for the online updating tokenID that API operation requests are initiated to business cloud that cloud can continue.
Background technology
Cloud platform is one of important step that cloud computing is implemented, and it is inner that it allows developers that the program finished writing is placed on " cloud "
Operation, or " cloud " inner service provided is provided, or the two is all.
Cloud platform generally comprises safe cloud platform and business cloud platform, wherein, safe cloud platform, that is, client, business cloud is put down
Platform, that is, third party's access platform, is server-side.When safe cloud platform and business cloud platform are docked, often business cloud is put down
Platform provides api interface and supplies safe cloud platform application virtualization resource, and running environment is provided for safety service, the API of these docking
Generally comprise the establishment of virtual machine(The VPC network lists containing acquisition, virtual machine template list, image listing, network card configuration, disk
Configuration), delete, the interface such as restart, shut down.
In cloud platform docking operation, in order to obtain the resource of virtualization, the API that secure cloud calls business cloud is constantly present
Scene, it is ensured that correct user is highly important in the execution API Calls of safety, in order to ensure business cloud is not invaded,
Generally require and authentication is done to the user of above-mentioned API.
Ensure that token technologies are usually used in the method for API safety at present, generate and manage in business cloud platform
TokenID, and business cloud platform takes the guarantor periodically to cease to be in force automatically to ensure not to be broken into for the tokenID of granting
Shield measure, tokenID is once fail, then safe cloud platform further can not carry out API friendships using the tokenID and business cloud
Mutually, that is to say, that if cannot solve the problems, such as that tokenID fails, secure cloud will be unable to application virtual resource, and then can not add
The problem of added rent family, initiation secure cloud can not work.
In the prior art, the scene of tokenID failures generally comprises tokenID time-out caused by long-time does not operate and loses
Effect and single API perform tokenID time-out failures caused by overlong time, traditional solution method be by user voluntarily again
Log in and verify identity again, re-request is carried out when identity is verified again and is distributed newly by business cloud platform
TokenID, that used in follow-up interaction is then new tokenID.Traditional solution can solve not operate for a long time
Caused by tokenID time-out failure the problem of, but for single API perform overlong time caused by tokenID time-out
The problem of failure, then can only rely on user and log in again by hand, it is impossible to accomplishes to automate, it is less efficient.
The content of the invention
In order to solve the problems in the existing technology, the present invention provides a kind of side of the online updating tokenID of optimization
Method, effectively solves the tokenID Problem of Failure of the API Calls between business cloud platform and safe cloud platform, avoid due to
Re-authentication and login caused by tokenID failures.
The technical solution adopted in the present invention is that a kind of method of online updating tokenID, the described method includes following step
Suddenly:
Step 1:User logs on to safe cloud platform from business cloud platform, and safe cloud platform obtains the initial tokenID of user, just
Beginning tokenID is buffered to browser;
Step 2:Start to monitor safe cloud platform, if HTTP request exists, carry out step 3, otherwise, carry out step 4;
Step 3:The tokenID expired time T defined according to business cloud platform, refresh tokenID in T time, obtain new
TokenID, and browser is buffered in the new tokenID tokenID replaced after last refreshing;Return to step 2;
Step 4:The tokenID expired time T defined according to business cloud platform, after the T time by it is upper once refresh after
TokenID is set to failure state, stops the renewal operation to tokenID in safe cloud platform;Terminate.
Preferably, in the step 1, initial tokenID is buffered in the Session of browser.
Preferably, in the step 3, when single API request overlong time causes current tokenID to fail, pass through
Business cloud platform provides default recovery API, is authenticated using the information of user, regains tokenID and be buffered in
In browser.
Preferably, in the step 4, user is prompted while the tokenID after last refresh is set to failure state
Do not operate, it is necessary to log in again for a long time.
The present invention provides the method for the online updating tokenID of optimization a kind of, cloud platform login of being engaged in of being obtained employment by user
To safe cloud platform, safe cloud platform obtains the initial tokenID of user and caches, if the HTTP request of safe cloud platform continues
In the presence of then refreshing tokenID in the tokenID expired times T that business cloud platform defines, replace the tokenID of caching, otherwise
The tokenID after upper once refreshing is set to failure state after T time, is stopped in safe cloud platform to tokenID's
Renewal is operated and terminated.The present invention by this method, may further determine whether there are single API perform overlong time and
The possibility of caused tokenID time-out failure, can provide default recovery API by business cloud platform, utilize user
Information authenticated, regain tokenID and cache in a browser.The present invention can both ensure third party's data and money
The security in source, and user's current operation need not be terminated and logged in again, effectively solve business cloud platform and safe cloud platform
Between API Calls tokenID Problem of Failure, avoid due to tokenID fail caused by re-authentication and login, ensure pacify
User experience is improved on the premise of complete.
Brief description of the drawings
Fig. 1 is the flow chart of the present invention.
Embodiment
The present invention is described in further detail with reference to embodiment, but protection scope of the present invention is not limited to
This.
The present invention relates to a kind of method of online updating tokenID, the described method comprises the following steps.
Step 1:User logs on to safe cloud platform from business cloud platform, and safe cloud platform obtains the initial of user
TokenID, initial tokenID are buffered to browser.
In the step 1, initial tokenID is buffered in the Session of browser.
It in the present invention, under normal circumstances, can increase by a Token management modules in safe cloud platform, be mainly used for pair
TokenID is cached, read and is updated replacement.
Step 2:Start to monitor safe cloud platform, if HTTP request exists, carry out step 3, otherwise, carry out step 4.
Step 3:The tokenID expired time T defined according to business cloud platform, refresh tokenID in T time, obtain
New tokenID, and browser is buffered in the new tokenID tokenID replaced after last refreshing;Return to step 2.
In the step 3, when single API request overlong time causes current tokenID to fail, put down by business cloud
Platform provides default recovery API, is authenticated using the information of user, regains tokenID and caches in a browser.
In the present invention, request that can be to user in safe cloud platform is monitored, if can detect, the HTTP of user please
Ask, illustrate that user is also operated accordingly in safe cloud platform, then the tokenID's defined according to third party's business cloud platform
The tokenId that expired time is timed refreshes and applies again, under normal circumstances, such as sets and updates a tokenID per hour, so
New tokenID is cached so that subsequent request uses afterwards.
In the present invention, when single API request overlong time, tokenID can be caused to have no chance to be refreshed, and then occurred
During the situation of tokenID failures, the specific API that can be provided by business cloud platform is authenticated using user information, obtained again
Obtain tokenID and cache in a browser, and then complete subsequent operation.
In the present invention, an embodiment recovered by the use of API as specific API is provided, " RecoverAPI (TokenID,
Expandtime) ", wherein, first parameter is to wait to prolong prolonged tokenID, and second parameter is the duration of application verification.
In the present invention, the two operations are all shieldings in user level, and user can not perceive, so not interfering with use
Family is experienced, while ensure that the effective time of tokenID.
Step 4:The tokenID expired time T defined according to business cloud platform, after the T time by it is upper once refresh after
TokenID be set to failure state, in safe cloud platform stop to tokenID renewal operation;Terminate.
In the step 4, user's long-time is prompted while the tokenID after last refresh is set to failure state not
Operation, it is necessary to log in again.
In the present invention, when security platform does not receive the HTTP request of user for a long time, illustrate that user is no longer grasped
Make, under this kind of scene, user will not reuse the demand that tokenID initiates request in a period of time, so tokenID meetings at this time
It is set to failure.
In the present invention, while tokenID is set to failure, user can be prompted not operate for a long time, it is necessary to log in again,
It can stop the renewal operation to tokenID in safe cloud platform at the same time.
The present invention logs on to safe cloud platform by user's working business cloud platform, and safe cloud platform obtains the initial of user
TokenID is simultaneously cached, expired in the tokenID that business cloud platform defines if the HTTP request of safe cloud platform persistently exists
Refresh tokenID in time T, replace the tokenID of caching, otherwise put the tokenID after upper once refreshing after T time
For failure state, stop the renewal to tokenID in safe cloud platform and operate and terminate.The present invention by this method, can
To further determine whether there is a possibility that tokenID time-out failures caused by single API execution overlong time, Ke Yitong
Cross business cloud platform and default recovery API is provided, authenticated using the information of user, regain tokenID and cache
In a browser.The present invention can not only ensure the security of third party's data and resource, but also need not terminate user's current operation into
Row logs in again, effectively solves the tokenID Problem of Failure of API Calls between business cloud platform and safe cloud platform, avoid by
Re-authentication and login caused by tokenID failures, improve user experience under the premise that security is guaranteed.
Claims (4)
- A kind of 1. method of online updating tokenID, it is characterised in that:It the described method comprises the following steps:Step 1:User logs on to safe cloud platform from business cloud platform, and safe cloud platform obtains the initial tokenID of user, just Beginning tokenID is buffered to browser;Step 2:Start to monitor safe cloud platform, if HTTP request exists, carry out step 3, otherwise, carry out step 4;Step 3:The tokenID expired time T defined according to business cloud platform, refresh tokenID in T time, obtain new TokenID, and browser is buffered in the new tokenID tokenID replaced after last refreshing;Return to step 2;Step 4:The tokenID expired time T defined according to business cloud platform, after the T time by it is upper once refresh after TokenID is set to failure state, stops the renewal operation to tokenID in safe cloud platform;Terminate.
- A kind of 2. method of online updating tokenID according to claim 1, it is characterised in that:It is characterized in that:It is described In step 1, initial tokenID is buffered in the Session of browser.
- A kind of 3. method of online updating tokenID according to claim 1, it is characterised in that:In the step 3, when Single API request overlong time and cause current tokenID to fail, provide default recovery API by business cloud platform, Authenticated using the information of user, regain tokenID and cache in a browser.
- A kind of 4. method of online updating tokenID according to claim 1, it is characterised in that:, will in the step 4 TokenID after last time refreshing prompts user not operate, it is necessary to log in again for a long time while being set to failure state.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711084831.1A CN107920063A (en) | 2017-11-07 | 2017-11-07 | A kind of method of online updating tokenID |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711084831.1A CN107920063A (en) | 2017-11-07 | 2017-11-07 | A kind of method of online updating tokenID |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107920063A true CN107920063A (en) | 2018-04-17 |
Family
ID=61895981
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711084831.1A Pending CN107920063A (en) | 2017-11-07 | 2017-11-07 | A kind of method of online updating tokenID |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107920063A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108924149A (en) * | 2018-07-19 | 2018-11-30 | 郑州云海信息技术有限公司 | A kind of identity legitimacy verification method and system based on Tocken token |
CN109587249A (en) * | 2018-12-07 | 2019-04-05 | 北京金山云网络技术有限公司 | Information sending, receiving method, device, server, client and storage medium |
CN109802941A (en) * | 2018-12-14 | 2019-05-24 | 平安科技(深圳)有限公司 | A kind of login validation method, device, storage medium and server |
CN113051541A (en) * | 2021-03-31 | 2021-06-29 | 广州锦行网络科技有限公司 | Logoff method and device of target account, electronic equipment and computer readable medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103581140A (en) * | 2012-08-03 | 2014-02-12 | 腾讯科技(深圳)有限公司 | Authorization control method, device and system and authorization request method and device |
CN104734849A (en) * | 2013-12-19 | 2015-06-24 | 阿里巴巴集团控股有限公司 | Method and system for conducting authentication on third-party application |
CN106411825A (en) * | 2015-08-03 | 2017-02-15 | 天脉聚源(北京)科技有限公司 | WeChat access token acquisition method and system thereof |
CN106453303A (en) * | 2016-10-09 | 2017-02-22 | 武汉斗鱼网络科技有限公司 | Method and system for storing user login status for IOS client |
CN106789930A (en) * | 2016-11-28 | 2017-05-31 | 北京铭铭鑫软件有限公司 | A kind of single-point logging method of (SuSE) Linux OS |
-
2017
- 2017-11-07 CN CN201711084831.1A patent/CN107920063A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103581140A (en) * | 2012-08-03 | 2014-02-12 | 腾讯科技(深圳)有限公司 | Authorization control method, device and system and authorization request method and device |
CN104734849A (en) * | 2013-12-19 | 2015-06-24 | 阿里巴巴集团控股有限公司 | Method and system for conducting authentication on third-party application |
CN106411825A (en) * | 2015-08-03 | 2017-02-15 | 天脉聚源(北京)科技有限公司 | WeChat access token acquisition method and system thereof |
CN106453303A (en) * | 2016-10-09 | 2017-02-22 | 武汉斗鱼网络科技有限公司 | Method and system for storing user login status for IOS client |
CN106789930A (en) * | 2016-11-28 | 2017-05-31 | 北京铭铭鑫软件有限公司 | A kind of single-point logging method of (SuSE) Linux OS |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108924149A (en) * | 2018-07-19 | 2018-11-30 | 郑州云海信息技术有限公司 | A kind of identity legitimacy verification method and system based on Tocken token |
CN108924149B (en) * | 2018-07-19 | 2021-06-18 | 郑州云海信息技术有限公司 | Token-based identity validity verification method and system |
CN109587249A (en) * | 2018-12-07 | 2019-04-05 | 北京金山云网络技术有限公司 | Information sending, receiving method, device, server, client and storage medium |
CN109802941A (en) * | 2018-12-14 | 2019-05-24 | 平安科技(深圳)有限公司 | A kind of login validation method, device, storage medium and server |
CN113051541A (en) * | 2021-03-31 | 2021-06-29 | 广州锦行网络科技有限公司 | Logoff method and device of target account, electronic equipment and computer readable medium |
CN113051541B (en) * | 2021-03-31 | 2022-02-01 | 广州锦行网络科技有限公司 | Logoff method and device of target account, electronic equipment and computer readable medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6754475B2 (en) | Rolling security platform | |
CN110086822B (en) | Method and system for implementing micro-service architecture-oriented unified identity authentication strategy | |
CN107920063A (en) | A kind of method of online updating tokenID | |
US8099768B2 (en) | Method and system for multi-protocol single logout | |
US20130111586A1 (en) | Computing security mechanism | |
CN104410674B (en) | A kind of WEB session synchronization methods of single-node login system | |
US8694993B1 (en) | Virtualization platform for secured communications between a user device and an application server | |
CN110764871A (en) | Cloud platform-based mimicry application packaging and control system and method | |
CN111581631B (en) | Single sign-on method based on redis | |
CN109547422A (en) | A kind of method and terminal that logging state is renewed a contract automatically | |
CN107276967B (en) | Distributed system and login verification method thereof | |
US10986089B2 (en) | Virtual mobile device system and method thereof | |
CN105282145A (en) | Multi-data center user access control method and system | |
CN113221083B (en) | Block chain user session caching method capable of improving server performance | |
CN111092864B (en) | Session protection method, device, equipment and readable storage medium | |
CN111367573B (en) | Equipment login method, device, storage medium and computer equipment | |
US11132188B2 (en) | Management platform recovery for a user device | |
US11182141B2 (en) | Management platform recovery for a user device | |
CN109639649B (en) | Single sign-on method | |
CN111049845A (en) | Method and system for realizing secure login of VNC console of Openstack virtual machine | |
CN109639674A (en) | A kind of access safety control method | |
US11126419B2 (en) | Management platform recovery for a user device | |
CN113312571B (en) | Page management method and device, computer equipment and storage medium | |
CN115168839A (en) | Safety control method, device, equipment and storage medium for application program APP | |
CN115776402A (en) | System login and logout method and device, electronic equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180417 |
|
RJ01 | Rejection of invention patent application after publication |