CN108512784A - Authentication method based on gateway routing forwarding - Google Patents
Authentication method based on gateway routing forwarding Download PDFInfo
- Publication number
- CN108512784A CN108512784A CN201810644346.3A CN201810644346A CN108512784A CN 108512784 A CN108512784 A CN 108512784A CN 201810644346 A CN201810644346 A CN 201810644346A CN 108512784 A CN108512784 A CN 108512784A
- Authority
- CN
- China
- Prior art keywords
- client
- token
- request
- api gateway
- gateway
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/25—Routing or path finding in a switch fabric
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of authentication methods based on gateway routing forwarding, include the following steps:API gateway obtains the login system request from client;API gateway sends checking request to single logging-on server;Single-point server verifies necessary information, and when verification result is legal, single-point server generates token and the token is handed down to client by the token-caching in Redis storage systems, while by API gateway;API gateway obtains the access resource request from client, and the access resource request carries token;API gateway is authenticated the token, when authentication result be by when, authorized client access internal resource;The present invention carries out authentication by issuing token to client, by API gateway to client request, reaches authentication purpose;Since the certification to token is in API gateway itself, which is difficult to be cracked or intercept, and improves the safety of system.
Description
Technical field
The invention belongs to API gateway technical fields, and in particular to a kind of authentication method based on gateway routing forwarding.
Background technology
API gateway is as the external entrance for providing service, just as the gate of enterprises service.On the one hand, there are enough energy
Power copes with a large amount of Outside Access, on the other hand, also internal service to be given to provide certain safety guarantee.Existing API nets
The effective access being unable to outside automatic identification is closed, following situations is easy to happen:First, probably exceeding when concurrency is larger
Gateway ability to bear gently then causes service to abandon a part of request, heavy then server resource is caused to exhaust, unavailable;Second is that disliking
Meaning request is easy invasion server, and security risk is caused to internal services.
Invention content
In order to solve the above problem of the existing technology, present invention aims at provide one kind gateway security can be improved
With the novel authentication method based on gateway routing forwarding of availability.
The technical solution adopted in the present invention is:
Based on the authentication method of gateway routing forwarding, include the following steps:
API gateway obtains the login system request from client, and the login system request carries client necessity letter
Breath.
API gateway sends checking request to single logging-on server, and the checking request carries client necessary information.
Single logging-on server is verified according to the necessary information that checking request carries client, when verification result is
When legal, single logging-on server generates token and by the token-caching in Redis storage systems, while will by API gateway
The token is handed down to client.
API gateway obtains the access resource request from client, and the access resource request carries token.
API gateway is authenticated the token, when authentication result be by when, authorized client access internal resource.
Further, the API gateway further includes to client before sending checking request to single logging-on server
The step of login system request is verified, the checking procedure is:
A, API gateway verifies the IP whether in white list according to client ip information, when the IP is in white list
When in list, client is returned;Otherwise, further verification is executed.
B, API gateway verifies whether the request header carries the client necessary information according to client request header, when
When the request header carries the client necessary information, login system request is transmitted to single logging-on server, asks single-point
Login service device verifies client identity;Otherwise, error message and reason are returned to client.
Further, the necessary information includes client id, client Key, username and password.
Further, the token includes three head, load and visa parts.
Further, carrier of head two parts information, respectively data type and Encryption Algorithm;The load is deposited
It puts by encrypted effective information;The visa by behind head and payload encryption information and one section of key information form.
Further, the effective information is one or more of client id, client Key, user name or password.
Further, the effective information is encrypted using base64 Encryption Algorithm.
Further, the API gateway is authenticated the token, the certification include judge the token whether be sky,
Judge whether the token content is consistent with server end token content, judge whether the token is effective.
Beneficial effects of the present invention are:
By issuing token to client, client is required to carry the token present invention when accessing resource every time, and
Authentication is carried out to client request by API gateway, reaches authentication purpose;Since the certification to token is in API gateway itself,
The token is difficult to be cracked or intercept, and improves the safety of system;Meanwhile partial invalidity access is intercepted and is returned by API gateway
It returns, mitigates the load of server end.
Description of the drawings
Fig. 1 is flow chart of the present invention;
Fig. 2 is block diagram of the present invention;
Fig. 3 is exemplary embodiment of the present flow chart.
Specific implementation mode
Below in conjunction with the accompanying drawings and specific embodiment does further explaination to the present invention.
Based on the authentication method of gateway routing forwarding, referring to Fig. 1 and Fig. 2, this method comprises the following steps:
S101, API gateway obtain the login system request from client, and it is necessary that login system request carries client
Information.Necessary information includes client id, client Key, username and password.
Necessary information is what client and server was appointed in advance, and in the present embodiment, server end is stepped on for single-point
Server (SSO Server) is recorded, necessary information includes client id, client Key, username and password.Client request is stepped on
When recording system, it is necessary to carry the necessary informations such as client id, client Key, username and password in request header.
S102, API gateway send checking request to single logging-on server, which carries client necessity letter
Breath.Necessary information includes client id, client Key, username and password.
API gateway is transmitted to single-point after obtaining the login system request from client, by login system request and steps on
Server is recorded, sends checking request to single logging-on server, request single logging-on server verifies client identity.
When API gateway sends checking request to single logging-on server, request header need to carry client necessary information, the necessary information packet
Include client id, client Key, username and password.
In one embodiment, API gateway further includes to client before sending checking request to single logging-on server
The step of login system request at end is verified.The verification step includes:
A, API gateway verifies the IP whether in white list according to client ip information, when check results are the IP
When in white list, client is returned;Otherwise, then step B is executed.
White list is stored in when configuring gateway in gateway, and the IP in white list directly can be logged in and be accessed
Server resource need not authenticate, therefore need not issue token.
B, API gateway verifies whether the request header carries the client necessary information according to client request header, such as
Fruit request header carries the client necessary information, then login system request is transmitted to single logging-on server, asks single-point
Login service device verifies client identity;If request header does not carry the client necessary information, returned to client
Return error message and reason.Necessary information includes client id, client Key, username and password.
S103, single-point server are verified according to the necessary information that checking request carries client, work as verification result
When being legal, single-point server generates token and by the token-caching in Redis storage systems, while should by API gateway
Token is handed down to client.
Single-point server is verified according to the necessary information that checking request carries client, if verification result is to close
Method then generates token.After token generates, by the token-caching in Redis storage systems, and returned simultaneously by API gateway simultaneously
It is stored in client.Token is the unique identities that client subsequent request obtains gateway mandate.If verification result is illegal,
Miscue and reason are returned to client by API gateway.
The token that API gateway generates includes three head, load and visa parts.Carrier of head two parts information, point
Not Wei data type and Encryption Algorithm, head directly use HMAC SHA256 Encryption Algorithm generate, then pass through base64 encrypt
It gets.Encrypted effective information is passed through in load storage, which is encrypted using base64 Encryption Algorithm.Effectively letter
Breath can be set according to actual conditions, and can be one or more of client id, client Key, username and password, also may be used
To be the other information except client id, client Key, username and password.Visa is by the letter behind head and payload encryption
Breath and one section of key information composition, key can preserve a verification for carrying out token in server end.
Gateway is responsible for routing forwarding, the unified token authentication to all requests as external first sect.Server end packet
It containing relevant processing is logged in, preserves token and needs after logining successfully, so needing token preserving portion in server end.
S104, API gateway obtain the access resource request from client, which carries token.
After API gateway obtains the access resource request from client, detect whether it carries token, if do not taken
Band token, then return to miscue and reason.If carrying token, next step is executed.
S105, API gateway are authenticated the token, when authentication result be by when, authorized client accesses internal money
Source.
After API gateway obtains the access resource request from client, detect whether it carries token first, if carried
Token is then authenticated the token, when authentication result be by when, authorized client access internal resource, i.e., according to client
The request at end authorizes it to access the resource on corresponding resource server.When authentication result be it is obstructed out-of-date, then return to miscue
And reason.
API gateway to the certification of token include judge whether the token is sky, judge the token content whether with server
End token content is consistent, judges whether the token is effective.When three is true value, authentication result is to pass through, otherwise
Not pass through.It is that token assigns a term of validity, when effective more than the token when single logging-on server generates token
Phase then needs to log in again and obtains token.In the present embodiment, token expiration is 30 minutes.
By issuing token to client, client is required to carry the token present invention when accessing resource every time, and
Authentication is carried out to client request by API gateway, reaches authentication purpose;Since the certification to token is in API gateway itself,
The token is difficult to be cracked or intercept, and improves the safety of system;Meanwhile partial invalidity access is intercepted and is returned by API gateway
It returns, mitigates the load of server end.
Client generates token after each success login system, by single logging-on server, and client is accessing money
Source must carry the token when asking.Can be that a term of validity is arranged in token when generating token, in token effectively its,
Client can carry token request and access resource;More than token expiration, client needs login system again, and by single-point
Login service thinks highly of newly-generated token.In the present embodiment, the term of validity of token is 30 minutes.
3 pairs of specific embodiment of the invention are further elaborated below in conjunction with the accompanying drawings:
1, client (Client) is initiated to access server request.
2, API gateway intercepts the access request, according to the client ip information, verifies whether the client arranges in white list
In table;If the client ip returns in white list;If the client ip is held not in white list
Row step 3.
If client ip, in white list, which need not be authenticated, directly it can log in and access
Server.
3, API gateway verifies whether the client asks login service device, if so, 4 are thened follow the steps, if it is not, then
Execute step 7.
4, API gateway verifies whether the client request head carries necessary information, and necessary information includes client id
(Client ID), client Key (Client Key), username and password;It, will if request header carries the necessary information
The client request is transmitted to single logging-on server (SSO Server);If request header does not carry the necessary information, return
Return miscue and reason.
5, the necessary information that single logging-on server carries client verifies, if the necessary information carried is closed
Method thens follow the steps in next step, if the necessary information carried is illegal, returns to error message and reason.
6, single logging-on server generates token and is buffered in Redis storage systems, while issuing the token to client
And return, terminate the secondary access.
7, API gateway detects whether the request header carries token, if it is, next step is executed, if it is not, then returning wrong
False information and reason terminate this visit.
8, the token that API gateway carries request header is authenticated, if authentication result is legal, returns to client,
Allow client to access server resource, if authentication result is illegal, return to error message and reason, terminates this time to visit
It asks.
The present invention is not limited to above-mentioned optional embodiment, anyone can show that other are each under the inspiration of the present invention
The product of kind form.Above-mentioned specific implementation mode should not be understood the limitation of pairs of protection scope of the present invention, protection of the invention
Range should be subject to be defined in claims, and specification can be used for interpreting the claims.
Claims (8)
1. the authentication method based on gateway routing forwarding, it is characterised in that:Include the following steps:
API gateway obtains the login system request from client, and the login system request carries client necessary information;
API gateway sends checking request to single logging-on server, and the checking request carries client necessary information;
Single logging-on server is verified according to the necessary information that checking request carries client, when verification result is legal
When, single logging-on server generates token and by the token-caching in Redis storage systems, while will be described by API gateway
Token is handed down to client;
API gateway obtains the access resource request from client, and the access resource request carries token;
API gateway is authenticated the token, when authentication result be by when, authorized client access internal resource.
2. the authentication method according to claim 1 based on gateway routing forwarding, it is characterised in that:The API nets
It closes before sending checking request to single logging-on server, further includes the step for asking to be verified to the login system of client
Suddenly, the checking procedure is:
A, API gateway verifies the IP whether in white list according to client ip information, when the IP is in white list
When, return to client;Otherwise, further verification is executed;
B, API gateway verifies whether the request header carries the client necessary information according to client request header, when this is asked
When head being asked to carry the client necessary information, login system request is transmitted to single logging-on server, asks single-sign-on
Server verifies client identity;Otherwise, error message and reason are returned to client.
3. the authentication method according to claim 1 based on gateway routing forwarding, it is characterised in that:The necessary letter
Breath includes client id, client Key, username and password.
4. the authentication method according to claim 1 based on gateway routing forwarding, it is characterised in that:The token packet
Include three head, load and visa parts.
5. the authentication method according to claim 4 based on gateway routing forwarding, it is characterised in that:It holds on the head
Two parts information, respectively data type and Encryption Algorithm are carried;Encrypted effective information is passed through in the load storage;The label
Card by behind head and payload encryption information and one section of key information form.
6. the authentication method according to claim 5 based on gateway routing forwarding, it is characterised in that:Effective letter
Breath is one or more of client id, client Key, user name or password.
7. the authentication method according to claim 6 based on gateway routing forwarding, it is characterised in that:Effective letter
Breath is encrypted using base64 Encryption Algorithm.
8. the authentication method according to claim 1 based on gateway routing forwarding, it is characterised in that:The API nets
Pass the token is authenticated, the certification include judge the token whether be sky, judge the token content whether with server
End token content is consistent, judges whether the token is effective.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810644346.3A CN108512784A (en) | 2018-06-21 | 2018-06-21 | Authentication method based on gateway routing forwarding |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810644346.3A CN108512784A (en) | 2018-06-21 | 2018-06-21 | Authentication method based on gateway routing forwarding |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108512784A true CN108512784A (en) | 2018-09-07 |
Family
ID=63403598
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810644346.3A Pending CN108512784A (en) | 2018-06-21 | 2018-06-21 | Authentication method based on gateway routing forwarding |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108512784A (en) |
Cited By (49)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109347888A (en) * | 2018-12-21 | 2019-02-15 | 北京博明信德科技有限公司 | Method for authenticating, gateway and authentication device based on RESTful |
CN109495367A (en) * | 2018-12-06 | 2019-03-19 | 安徽云探索网络科技有限公司 | Based on VPN route management system and method |
CN109617907A (en) * | 2019-01-04 | 2019-04-12 | 平安科技(深圳)有限公司 | Authentication method, electronic device and computer readable storage medium |
CN109726025A (en) * | 2018-12-29 | 2019-05-07 | 北京神舟航天软件技术有限公司 | A kind of api interface access method based on API gateway |
CN109802835A (en) * | 2019-01-25 | 2019-05-24 | 北京中电普华信息技术有限公司 | A kind of safety certifying method, system and API gateway |
CN109995754A (en) * | 2019-02-20 | 2019-07-09 | 石化盈科信息技术有限责任公司 | The method and computer readable storage medium of application access server end API |
CN110224974A (en) * | 2019-04-26 | 2019-09-10 | 平安科技(深圳)有限公司 | Interface method for authenticating and relevant device based on third party's access |
CN110232557A (en) * | 2019-04-29 | 2019-09-13 | 北京水滴互保科技有限公司 | Public good project management method, device, system and electronic equipment, storage medium |
CN110276197A (en) * | 2019-06-25 | 2019-09-24 | 四川长虹电器股份有限公司 | The method to be come into force in real time based on shared blacklist revocation JWT token |
CN110324328A (en) * | 2019-06-26 | 2019-10-11 | 阿里巴巴集团控股有限公司 | A kind of safety certifying method, system and equipment |
CN110502315A (en) * | 2019-08-26 | 2019-11-26 | 浪潮云信息技术有限公司 | A kind of method, apparatus and system remotely accessing physical machine |
CN110536152A (en) * | 2019-08-05 | 2019-12-03 | 广州珠江数码集团股份有限公司 | A kind of set-top box users authentication caching method, device, medium and terminal device |
CN110717170A (en) * | 2019-10-09 | 2020-01-21 | 重庆市筑智建信息技术有限公司 | BIM system fingerprint login system, method and device |
CN110837652A (en) * | 2019-11-07 | 2020-02-25 | 山东爱城市网信息技术有限公司 | Data resource authorization method and system based on block chain |
CN110866243A (en) * | 2019-10-25 | 2020-03-06 | 北京达佳互联信息技术有限公司 | Login authority verification method, device, server and storage medium |
CN110958237A (en) * | 2019-11-26 | 2020-04-03 | 苏州思必驰信息科技有限公司 | Authority verification method and device |
CN110971575A (en) * | 2018-09-29 | 2020-04-07 | 北京金山云网络技术有限公司 | Malicious request identification method and device, electronic equipment and computer storage medium |
CN110995672A (en) * | 2019-11-20 | 2020-04-10 | 天津大学 | Network security authentication method for software development |
CN111147525A (en) * | 2020-02-27 | 2020-05-12 | 深圳市伊欧乐科技有限公司 | Authentication method, system, server and storage medium based on API gateway |
CN111147453A (en) * | 2019-12-11 | 2020-05-12 | 东软集团股份有限公司 | System login method and integrated login system |
CN111163105A (en) * | 2020-01-02 | 2020-05-15 | 中国联合网络通信集团有限公司 | Method and device for accessing IPTV service of network protocol television |
CN111212086A (en) * | 2020-01-16 | 2020-05-29 | 郑州轻工业大学 | Computer network protection method and system |
CN111343636A (en) * | 2020-02-14 | 2020-06-26 | 卓望数码技术(深圳)有限公司 | Unified authentication method, authentication system, terminal and storage medium |
CN111371881A (en) * | 2020-02-28 | 2020-07-03 | 北京字节跳动网络技术有限公司 | Service calling method and device |
CN111431838A (en) * | 2019-01-09 | 2020-07-17 | 北京神州泰岳软件股份有限公司 | Method and device for single-point login and single-point logout in cluster and API gateway |
CN111478923A (en) * | 2020-04-28 | 2020-07-31 | 华为技术有限公司 | Access request response method and device and electronic equipment |
CN111818035A (en) * | 2020-07-01 | 2020-10-23 | 上海悦易网络信息技术有限公司 | Permission verification method and device based on API gateway |
CN111865920A (en) * | 2020-06-18 | 2020-10-30 | 多加网络科技(北京)有限公司 | Gateway authentication and identity authentication platform and method thereof |
CN112188493A (en) * | 2020-10-22 | 2021-01-05 | 深圳云之家网络有限公司 | Authentication method, system and related equipment |
CN112261022A (en) * | 2020-10-15 | 2021-01-22 | 四川长虹电器股份有限公司 | Security authentication method based on API gateway |
CN112367299A (en) * | 2020-10-16 | 2021-02-12 | 深圳市科漫达智能管理科技有限公司 | Application program interface API management method and related device |
CN112422533A (en) * | 2020-11-05 | 2021-02-26 | 杭州米络星科技(集团)有限公司 | Verification method and device for user to access network and electronic equipment |
CN112464207A (en) * | 2020-11-23 | 2021-03-09 | 杭州朗澈科技有限公司 | Method and system for Token compression resistance treatment |
CN112491931A (en) * | 2020-12-17 | 2021-03-12 | 武汉卓尔信息科技有限公司 | JWT (just noticeable WT) -based current limiting method and device for user authentication |
CN112583607A (en) * | 2020-12-22 | 2021-03-30 | 珠海格力电器股份有限公司 | Equipment access management method, device, system and storage medium |
CN112579996A (en) * | 2019-09-29 | 2021-03-30 | 杭州海康威视数字技术股份有限公司 | Temporary authorization method and device |
CN112637192A (en) * | 2020-12-17 | 2021-04-09 | 航天精一(广东)信息科技有限公司 | Authorization method and system for accessing micro-service |
CN112887284A (en) * | 2021-01-14 | 2021-06-01 | 北京电解智科技有限公司 | Access authentication method and device |
CN112883357A (en) * | 2021-03-11 | 2021-06-01 | 中科三清科技有限公司 | Stateless login authentication method and device |
CN113328971A (en) * | 2020-02-28 | 2021-08-31 | 中国移动通信集团福建有限公司 | Access resource authentication method and device and electronic equipment |
CN113765876A (en) * | 2020-11-30 | 2021-12-07 | 北京沃东天骏信息技术有限公司 | Report processing software access method and device |
CN114024763A (en) * | 2021-11-12 | 2022-02-08 | 杭州雷数科技有限公司 | Multi-system single-point authentication method based on kong |
CN114079573A (en) * | 2020-08-13 | 2022-02-22 | 广东海信宽带科技有限公司 | Router access method and router |
CN114980115A (en) * | 2021-08-10 | 2022-08-30 | 中移互联网有限公司 | Method and system for message link security control |
CN115277207A (en) * | 2022-07-28 | 2022-11-01 | 联想(北京)有限公司 | Access control method and electronic equipment |
CN116743702A (en) * | 2023-08-16 | 2023-09-12 | 湖南映客互娱网络信息有限公司 | Uniform domain name access method, device and equipment of SaaS system |
CN116865982A (en) * | 2022-03-22 | 2023-10-10 | 西安即刻易用网络科技有限公司 | Application management platform and login authentication method |
CN118174874A (en) * | 2024-03-19 | 2024-06-11 | 北京力控元通科技有限公司 | Token generation method and device for unified authentication |
CN118413403A (en) * | 2024-07-02 | 2024-07-30 | 宁波港信息通信有限公司 | Dual identity verification device and method |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170118226A1 (en) * | 2010-08-04 | 2017-04-27 | At&T Mobility Ii Llc | Methods, Systems, Devices and Products for Error Correction in Computer Programs |
US9667651B2 (en) * | 2013-07-02 | 2017-05-30 | Imperva, Inc. | Compromised insider honey pots using reverse honey tokens |
CN107239688A (en) * | 2017-06-30 | 2017-10-10 | 平安科技(深圳)有限公司 | The purview certification method and system in Docker mirror images warehouse |
CN107370759A (en) * | 2017-08-30 | 2017-11-21 | 安徽天达网络科技有限公司 | A kind of network access control system based on IP lockings |
CN107528853A (en) * | 2017-09-12 | 2017-12-29 | 上海艾融软件股份有限公司 | The implementation method of micro services control of authority |
CN108183907A (en) * | 2017-12-29 | 2018-06-19 | 浪潮通用软件有限公司 | A kind of authentication method, server and Verification System |
-
2018
- 2018-06-21 CN CN201810644346.3A patent/CN108512784A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170118226A1 (en) * | 2010-08-04 | 2017-04-27 | At&T Mobility Ii Llc | Methods, Systems, Devices and Products for Error Correction in Computer Programs |
US9667651B2 (en) * | 2013-07-02 | 2017-05-30 | Imperva, Inc. | Compromised insider honey pots using reverse honey tokens |
CN107239688A (en) * | 2017-06-30 | 2017-10-10 | 平安科技(深圳)有限公司 | The purview certification method and system in Docker mirror images warehouse |
CN107370759A (en) * | 2017-08-30 | 2017-11-21 | 安徽天达网络科技有限公司 | A kind of network access control system based on IP lockings |
CN107528853A (en) * | 2017-09-12 | 2017-12-29 | 上海艾融软件股份有限公司 | The implementation method of micro services control of authority |
CN108183907A (en) * | 2017-12-29 | 2018-06-19 | 浪潮通用软件有限公司 | A kind of authentication method, server and Verification System |
Cited By (67)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110971575A (en) * | 2018-09-29 | 2020-04-07 | 北京金山云网络技术有限公司 | Malicious request identification method and device, electronic equipment and computer storage medium |
CN110971575B (en) * | 2018-09-29 | 2023-04-18 | 北京金山云网络技术有限公司 | Malicious request identification method and device, electronic equipment and computer storage medium |
CN109495367A (en) * | 2018-12-06 | 2019-03-19 | 安徽云探索网络科技有限公司 | Based on VPN route management system and method |
CN109347888A (en) * | 2018-12-21 | 2019-02-15 | 北京博明信德科技有限公司 | Method for authenticating, gateway and authentication device based on RESTful |
CN109726025A (en) * | 2018-12-29 | 2019-05-07 | 北京神舟航天软件技术有限公司 | A kind of api interface access method based on API gateway |
CN109617907A (en) * | 2019-01-04 | 2019-04-12 | 平安科技(深圳)有限公司 | Authentication method, electronic device and computer readable storage medium |
CN109617907B (en) * | 2019-01-04 | 2022-04-08 | 平安科技(深圳)有限公司 | Authentication method, electronic device, and computer-readable storage medium |
CN111431838A (en) * | 2019-01-09 | 2020-07-17 | 北京神州泰岳软件股份有限公司 | Method and device for single-point login and single-point logout in cluster and API gateway |
CN109802835A (en) * | 2019-01-25 | 2019-05-24 | 北京中电普华信息技术有限公司 | A kind of safety certifying method, system and API gateway |
CN109995754A (en) * | 2019-02-20 | 2019-07-09 | 石化盈科信息技术有限责任公司 | The method and computer readable storage medium of application access server end API |
CN109995754B (en) * | 2019-02-20 | 2021-06-22 | 石化盈科信息技术有限责任公司 | Method for application to access server side API and computer readable storage medium |
CN110224974A (en) * | 2019-04-26 | 2019-09-10 | 平安科技(深圳)有限公司 | Interface method for authenticating and relevant device based on third party's access |
CN110224974B (en) * | 2019-04-26 | 2022-08-30 | 平安科技(深圳)有限公司 | Interface authentication method based on third party access and related equipment |
CN110232557A (en) * | 2019-04-29 | 2019-09-13 | 北京水滴互保科技有限公司 | Public good project management method, device, system and electronic equipment, storage medium |
CN110276197A (en) * | 2019-06-25 | 2019-09-24 | 四川长虹电器股份有限公司 | The method to be come into force in real time based on shared blacklist revocation JWT token |
CN110324328A (en) * | 2019-06-26 | 2019-10-11 | 阿里巴巴集团控股有限公司 | A kind of safety certifying method, system and equipment |
CN110536152A (en) * | 2019-08-05 | 2019-12-03 | 广州珠江数码集团股份有限公司 | A kind of set-top box users authentication caching method, device, medium and terminal device |
CN110502315A (en) * | 2019-08-26 | 2019-11-26 | 浪潮云信息技术有限公司 | A kind of method, apparatus and system remotely accessing physical machine |
CN112579996B (en) * | 2019-09-29 | 2023-11-03 | 杭州海康威视数字技术股份有限公司 | Temporary authorization method and device |
CN112579996A (en) * | 2019-09-29 | 2021-03-30 | 杭州海康威视数字技术股份有限公司 | Temporary authorization method and device |
CN110717170B (en) * | 2019-10-09 | 2023-08-11 | 江苏重华数字科技有限公司 | Fingerprint login system, method and device of BIM system |
CN110717170A (en) * | 2019-10-09 | 2020-01-21 | 重庆市筑智建信息技术有限公司 | BIM system fingerprint login system, method and device |
CN110866243A (en) * | 2019-10-25 | 2020-03-06 | 北京达佳互联信息技术有限公司 | Login authority verification method, device, server and storage medium |
CN110866243B (en) * | 2019-10-25 | 2022-11-22 | 北京达佳互联信息技术有限公司 | Login authority verification method, device, server and storage medium |
CN110837652A (en) * | 2019-11-07 | 2020-02-25 | 山东爱城市网信息技术有限公司 | Data resource authorization method and system based on block chain |
CN110995672A (en) * | 2019-11-20 | 2020-04-10 | 天津大学 | Network security authentication method for software development |
CN110995672B (en) * | 2019-11-20 | 2023-09-01 | 天津大学 | Network security authentication method for software development |
CN110958237A (en) * | 2019-11-26 | 2020-04-03 | 苏州思必驰信息科技有限公司 | Authority verification method and device |
CN111147453A (en) * | 2019-12-11 | 2020-05-12 | 东软集团股份有限公司 | System login method and integrated login system |
CN111163105A (en) * | 2020-01-02 | 2020-05-15 | 中国联合网络通信集团有限公司 | Method and device for accessing IPTV service of network protocol television |
CN111212086A (en) * | 2020-01-16 | 2020-05-29 | 郑州轻工业大学 | Computer network protection method and system |
CN111343636A (en) * | 2020-02-14 | 2020-06-26 | 卓望数码技术(深圳)有限公司 | Unified authentication method, authentication system, terminal and storage medium |
CN111343636B (en) * | 2020-02-14 | 2023-06-27 | 卓望数码技术(深圳)有限公司 | Unified authentication method, authentication system, terminal and storage medium |
CN111147525A (en) * | 2020-02-27 | 2020-05-12 | 深圳市伊欧乐科技有限公司 | Authentication method, system, server and storage medium based on API gateway |
CN111371881A (en) * | 2020-02-28 | 2020-07-03 | 北京字节跳动网络技术有限公司 | Service calling method and device |
CN113328971A (en) * | 2020-02-28 | 2021-08-31 | 中国移动通信集团福建有限公司 | Access resource authentication method and device and electronic equipment |
CN111478923A (en) * | 2020-04-28 | 2020-07-31 | 华为技术有限公司 | Access request response method and device and electronic equipment |
CN111865920A (en) * | 2020-06-18 | 2020-10-30 | 多加网络科技(北京)有限公司 | Gateway authentication and identity authentication platform and method thereof |
CN111865920B (en) * | 2020-06-18 | 2022-06-10 | 庞茂林 | Gateway authentication and identity authentication platform and method thereof |
CN111818035B (en) * | 2020-07-01 | 2022-09-30 | 上海万物新生环保科技集团有限公司 | Permission verification method and device based on API gateway |
CN111818035A (en) * | 2020-07-01 | 2020-10-23 | 上海悦易网络信息技术有限公司 | Permission verification method and device based on API gateway |
CN114079573B (en) * | 2020-08-13 | 2024-03-29 | 广东海信宽带科技有限公司 | Router access method and router |
CN114079573A (en) * | 2020-08-13 | 2022-02-22 | 广东海信宽带科技有限公司 | Router access method and router |
CN112261022A (en) * | 2020-10-15 | 2021-01-22 | 四川长虹电器股份有限公司 | Security authentication method based on API gateway |
CN112367299A (en) * | 2020-10-16 | 2021-02-12 | 深圳市科漫达智能管理科技有限公司 | Application program interface API management method and related device |
CN112188493A (en) * | 2020-10-22 | 2021-01-05 | 深圳云之家网络有限公司 | Authentication method, system and related equipment |
CN112188493B (en) * | 2020-10-22 | 2023-08-15 | 深圳云之家网络有限公司 | Authentication method, system and related equipment |
CN112422533A (en) * | 2020-11-05 | 2021-02-26 | 杭州米络星科技(集团)有限公司 | Verification method and device for user to access network and electronic equipment |
CN112464207A (en) * | 2020-11-23 | 2021-03-09 | 杭州朗澈科技有限公司 | Method and system for Token compression resistance treatment |
CN113765876A (en) * | 2020-11-30 | 2021-12-07 | 北京沃东天骏信息技术有限公司 | Report processing software access method and device |
CN112491931A (en) * | 2020-12-17 | 2021-03-12 | 武汉卓尔信息科技有限公司 | JWT (just noticeable WT) -based current limiting method and device for user authentication |
CN112491931B (en) * | 2020-12-17 | 2023-04-07 | 武汉卓尔信息科技有限公司 | JWT (just noticeable WT) -based current limiting method and device for user authentication |
CN112637192B (en) * | 2020-12-17 | 2023-10-03 | 广东精一信息技术有限公司 | Authorization method and system for accessing micro-service |
CN112637192A (en) * | 2020-12-17 | 2021-04-09 | 航天精一(广东)信息科技有限公司 | Authorization method and system for accessing micro-service |
CN112583607A (en) * | 2020-12-22 | 2021-03-30 | 珠海格力电器股份有限公司 | Equipment access management method, device, system and storage medium |
CN112887284A (en) * | 2021-01-14 | 2021-06-01 | 北京电解智科技有限公司 | Access authentication method and device |
CN112883357A (en) * | 2021-03-11 | 2021-06-01 | 中科三清科技有限公司 | Stateless login authentication method and device |
CN114980115A (en) * | 2021-08-10 | 2022-08-30 | 中移互联网有限公司 | Method and system for message link security control |
CN114980115B (en) * | 2021-08-10 | 2023-09-01 | 中移互联网有限公司 | Message link safety control method and system |
CN114024763A (en) * | 2021-11-12 | 2022-02-08 | 杭州雷数科技有限公司 | Multi-system single-point authentication method based on kong |
CN116865982A (en) * | 2022-03-22 | 2023-10-10 | 西安即刻易用网络科技有限公司 | Application management platform and login authentication method |
CN115277207A (en) * | 2022-07-28 | 2022-11-01 | 联想(北京)有限公司 | Access control method and electronic equipment |
CN116743702A (en) * | 2023-08-16 | 2023-09-12 | 湖南映客互娱网络信息有限公司 | Uniform domain name access method, device and equipment of SaaS system |
CN116743702B (en) * | 2023-08-16 | 2024-02-27 | 湖南映客互娱网络信息有限公司 | Uniform domain name access method, device and equipment of SaaS system |
CN118174874A (en) * | 2024-03-19 | 2024-06-11 | 北京力控元通科技有限公司 | Token generation method and device for unified authentication |
CN118413403A (en) * | 2024-07-02 | 2024-07-30 | 宁波港信息通信有限公司 | Dual identity verification device and method |
CN118413403B (en) * | 2024-07-02 | 2024-09-13 | 宁波港信息通信有限公司 | Dual identity verification device and method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108512784A (en) | Authentication method based on gateway routing forwarding | |
US11962590B2 (en) | Confirming authenticity of a user to a third-party system | |
CN104320423B (en) | Single-sign-on lightweight implementation method based on Cookie | |
CN109257209A (en) | A kind of data center server centralized management system and method | |
US8832857B2 (en) | Unsecured asset detection via correlated authentication anomalies | |
Navas et al. | Understanding and mitigating OpenID Connect threats | |
CN111931144B (en) | Unified safe login authentication method and device for operating system and service application | |
US11792008B2 (en) | Actively monitoring encrypted traffic by inspecting logs | |
CN101714918A (en) | Safety system for logging in VPN and safety method for logging in VPN | |
CN106789059B (en) | A kind of long-range two-way access control system and method based on trust computing | |
CN109672675A (en) | A kind of WEB authentication method of the cryptographic service middleware based on OAuth2.0 | |
CN107370765A (en) | A kind of ftp server identity identifying method and system | |
CN106411948A (en) | Json verification code-based security authentication interception method | |
CN110311926A (en) | Application access control method, system and medium | |
CN116319024B (en) | Access control method and device of zero trust system and zero trust system | |
CN104994102A (en) | Enterprise information system authentication and access control method based on reverse proxy | |
CN107862198A (en) | One kind accesses verification method, system and client | |
Ye et al. | Formal analysis of a single sign-on protocol implementation for android | |
CN105592026A (en) | Multi-network-segment multi-system single sign on method | |
CN116668190A (en) | Cross-domain single sign-on method and system based on browser fingerprint | |
CN111814186B (en) | Menu authority access control method of intelligent equipment operation platform | |
US8250649B2 (en) | Securing system and method using a security device | |
CN113901428A (en) | Login method and device of multi-tenant system | |
CN112822217A (en) | Server access method, device, equipment and storage medium | |
Namitha et al. | A survey on session management vulnerabilities in web application |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180907 |
|
RJ01 | Rejection of invention patent application after publication |