CN109274662A - Prevent CAS Server from passively destroying method, apparatus, server and the terminal of session - Google Patents

Prevent CAS Server from passively destroying method, apparatus, server and the terminal of session Download PDF

Info

Publication number
CN109274662A
CN109274662A CN201811038069.8A CN201811038069A CN109274662A CN 109274662 A CN109274662 A CN 109274662A CN 201811038069 A CN201811038069 A CN 201811038069A CN 109274662 A CN109274662 A CN 109274662A
Authority
CN
China
Prior art keywords
user terminal
request
application
sniff
request response
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811038069.8A
Other languages
Chinese (zh)
Other versions
CN109274662B (en
Inventor
杨杰
郭龙领
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Tianyuan Creative Technology Ltd
Original Assignee
Beijing Tianyuan Creative Technology Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Tianyuan Creative Technology Ltd filed Critical Beijing Tianyuan Creative Technology Ltd
Priority to CN201811038069.8A priority Critical patent/CN109274662B/en
Publication of CN109274662A publication Critical patent/CN109274662A/en
Application granted granted Critical
Publication of CN109274662B publication Critical patent/CN109274662B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present invention provides method, apparatus, server and the terminal for preventing CAS Server from passively destroying session, the method of the invention includes: when certification authority will be destroyed because of time-out, and each application of the single-sign-on frame CAS Server on user terminal sends sniff request;So that each application on user terminal makes request response to sniff request;CAS Server receives the request response that user terminal is sent, if request response indicates that there are at least one applications to be active on the user terminal, does not destroy the certification authority.The present invention is able to solve the logging state problem of management between the more close application system of certain business couplings.

Description

Prevent CAS Server from passively destroying method, apparatus, server and the terminal of session
Technical field
The present invention relates to computers to log in administrative skill field, more particularly, to preventing the CAS Server passively meeting of destruction The method and device of words.
Background technique
Single-sign-on: Single Sign On, abbreviation SSO, SSO make in multiple application systems, and user only needs to step on Record can once access the application system of all mutual trusts.CAS frame: CAS (Central Authentication It Service) is the frame for realizing SSO single-sign-on.
Multiple applications can be carried out unified authentication management by single-sign-on frame CAS, be a kind of using very extensive Log in management framework.But the design of CAS has such a feature, certification authority is Yi Dan obtained, if within the set time It does not use, will actively be destroyed by cas system, when causing to attempt to be authenticated again after, can not obtain and enable by expectation Board.For some business coupling more closely application, this design is unable to satisfy requirement, such as user is using As long as one of them is in application, user's being contemplated to be using being in active state to CAS, CAS logging on authentication should also live always Dynamic.
Summary of the invention
To solve the above-mentioned problems, present invention offer overcomes the above problem or at least is partially solved the side of the above problem Method and device.
According to a first aspect of the embodiments of the present invention, the method for preventing CAS Server from passively destroying session is provided, is wrapped It includes:
When authenticate authority will be destroyed because of time-out when, each on user terminal of single-sign-on frame CAS Server answers It is requested with sniff is sent;So that each application on user terminal makes request response to sniff request;
CAS Server receives the request response that user terminal is sent, if request response indicates the user terminal Upper there are at least one applications to be active, then does not destroy the certification authority.
Further, when certification authority will be destroyed because of time-out, before further include:
User is carried out by login authentication voucher using login in user terminal:
The each application logged in user carries out record storage with Service Ticket, while knowing for user terminal distribution verifying Other token.
Further, each application of the single-sign-on frame CAS Server on user terminal sends sniff request, comprising:
Single-sign-on frame CAS Server traverses each registered application, sends to user terminal belonging to each application Whether sniff request is inquired in each application one by one comprising movable dialogue.
Further, Java Servlet container is provided on the user terminal, for being handled simultaneously sniff request Make request response.
Further, the method also includes:
CAS Server receives the request response that user terminal is sent, if request response indicates to be not present any one A application is active, then destroys the certification authority.
According to a second aspect of the embodiments of the present invention, the method for preventing CAS Server from passively destroying session is provided, comprising:
User terminal receives the sniff request that single-sign-on frame CAS Server is sent to each application;Single-sign-on frame The request of sniff that frame CAS Server is sent to each application, for when authenticate authority will because time-out is destroyed when issue;
User terminal makes request response to sniff request and request response is sent to CAS Server, with If indicating that there are at least one applications to be active on the user terminal for request response for CAS Server, The certification authority is not destroyed then.
Further, Java Servlet container is provided on the user terminal, for being handled simultaneously sniff request Make request response.
According to a third aspect of the embodiments of the present invention, a kind of single-sign-on frame CAS Server is provided, the server is used In:
When certification authority will be destroyed because of time-out, each application on user terminal sends sniff request;For with Each application in the terminal of family makes request response to sniff request;
The request response that user terminal is sent is received, if request response indicates exist at least on the user terminal One application is active, then does not destroy the certification authority.
According to a fourth aspect of the embodiments of the present invention, a kind of user terminal is provided, the user terminal is used for:
Receive the sniff request that single-sign-on frame CAS Server is sent to each application;Single-sign-on frame CAS service The request of sniff that device is sent to each application, for when authenticate authority will because time-out is destroyed when issue;
User terminal makes request response to sniff request and request response is sent to CAS Server, with If indicating that there are at least one applications to be active on the user terminal for request response for CAS Server, The certification authority is not destroyed then.
Further, Java Servlet container is provided on the user terminal, for being handled simultaneously sniff request Make request response.
The present invention provides method, apparatus, server and the terminal for preventing CAS Server from passively destroying session, institute of the present invention The method of stating includes: when certification authority will be destroyed because of time-out, and single-sign-on frame CAS Server is each on user terminal It is requested using sniff is sent;So that each application on user terminal makes request response to sniff request;CAS Server receives The request response that user terminal is sent, if request response indicates that there are at least one applications to be on the user terminal State of activation does not destroy the certification authority then.The present invention is able to solve certain business and couples between more close application system Logging state problem of management.
Detailed description of the invention
Fig. 1 be the embodiment of the present invention prevent CAS Server passively destroy session method overall flow schematic diagram;
Fig. 2 be the embodiment of the present invention prevent CAS Server passively destroy session method overall flow schematic diagram;
Fig. 3 is that the whole of electronic equipment of the method for preventing CAS Server from passively destroying session of the embodiment of the present invention is tied Structure schematic diagram.
Specific embodiment
With reference to the accompanying drawings and examples, specific embodiments of the present invention will be described in further detail.Implement below Example is not intended to limit the scope of the invention for illustrating the present invention.
Such as Fig. 1, a kind of overall flow for the method for preventing CAS Server from passively destroying session of the embodiment of the present invention is shown and is shown It is intended to, comprising the following steps:
S1, when certification authority will be destroyed because of time-out, single-sign-on frame CAS Server is each on user terminal It is requested using sniff is sent;So that each application on user terminal makes request response to sniff request;
S2, CAS Server receives the request response that user terminal is sent, if request response indicates that the user is whole There are at least one applications to be active on end, then does not destroy the certification authority.
On the basis of any of the above-described specific embodiment of the invention, providing one kind prevents CAS Server from passively destroying session Method, when authenticate authority will because time-out it is destroyed when, before further include:
User is carried out by login authentication voucher using login in user terminal:
The each application logged in user carries out record storage with Service Ticket, while knowing for user terminal distribution verifying Other token.
On the basis of any of the above-described specific embodiment of the invention, providing one kind prevents CAS Server from passively destroying session Method, each application of the single-sign-on frame CAS Server on user terminal send sniff request, comprising:
Single-sign-on frame CAS Server traverses each registered application, sends to user terminal belonging to each application Whether sniff request is inquired in each application one by one comprising movable dialogue.
On the basis of any of the above-described specific embodiment of the invention, providing one kind prevents CAS Server from passively destroying session Method, Java Servlet container is provided on the user terminal, for being handled sniff request and making request Response.
On the basis of any of the above-described specific embodiment of the invention, providing one kind prevents CAS Server from passively destroying session Method, the method also includes:
CAS Server receives the request response that user terminal is sent, if request response indicates to be not present any one A application is active, then destroys the certification authority.
Such as Fig. 2, a kind of overall flow for the method for preventing CAS Server from passively destroying session of the embodiment of the present invention is shown and is shown It is intended to, comprising the following steps:
S1 ', user terminal receive the sniff request that single-sign-on frame CAS Server is sent to each application;Single-point is stepped on The sniff request that record frame CAS Server is sent to each application, for when authenticate authority will because it is overtime destroyed when issue;
S2 ', user terminal make request response to sniff request and request response are sent to CAS service Device, if so that CAS Server indicates that there are at least one applications in activation on the user terminal for request response State does not destroy the certification authority then.
On the basis of any of the above-described specific embodiment of the invention, providing one kind prevents CAS Server from passively destroying session Method, Java Servlet container is provided on the user terminal, for being handled sniff request and making request Response.
In another specific embodiment of the invention, a kind of single-sign-on frame CAS Server is provided, the server is used In:
When certification authority will be destroyed because of time-out, each application on user terminal sends sniff request;For with Each application in the terminal of family makes request response to sniff request;
The request response that user terminal is sent is received, if request response indicates exist at least on the user terminal One application is active, then does not destroy the certification authority.
On the basis of any of the above-described specific embodiment of the invention, a kind of single-sign-on frame CAS Server is provided, is also wrapped Login module is included, is used for:
User is carried out by login authentication voucher using login in user terminal:
The each application logged in user carries out record storage with Service Ticket, while knowing for user terminal distribution verifying Other token.
On the basis of any of the above-described specific embodiment of the invention, a kind of single-sign-on frame CAS Server is provided, it is described Server is further used for:
Single-sign-on frame CAS Server traverses each registered application, sends to user terminal belonging to each application Whether sniff request is inquired in each application one by one comprising movable dialogue.
On the basis of any of the above-described specific embodiment of the invention, a kind of single-sign-on frame CAS Server is provided, with institute It states and is provided with Java Servlet container on the user terminal of server cooperating, for sniff request to be handled and made Request response out.
On the basis of any of the above-described specific embodiment of the invention, a kind of single-sign-on frame CAS Server is provided, it is described Server is further used for:
CAS Server receives the request response that user terminal is sent, if request response indicates to be not present any one A application is active, then destroys the certification authority.
In another specific embodiment of the invention, a kind of user terminal is provided, the user terminal is used for:
Receive the sniff request that single-sign-on frame CAS Server is sent to each application;Single-sign-on frame CAS service The request of sniff that device is sent to each application, for when authenticate authority will because time-out is destroyed when issue;
User terminal makes request response to sniff request and request response is sent to CAS Server, with If indicating that there are at least one applications to be active on the user terminal for request response for CAS Server, The certification authority is not destroyed then.
On the basis of any of the above-described specific embodiment of the invention, a kind of user terminal is provided, is set on the user terminal It is equipped with Java Servlet container, for being handled sniff request and making request response.
On the basis of any of the above-described specific embodiment of the invention, providing one kind prevents CAS Server from passively destroying session Method electronic equipment, comprising: at least one processor;And at least one processor being connect with processor communication, Middle Fig. 3 is the structural block diagram of electronic equipment provided in an embodiment of the present invention, comprising: processor (processor) 310, memory (memory) 320 and bus 330, wherein processor 310, memory 320 complete mutual communication by bus 330.Processing Device 310 can call the logical order in memory 320, to execute following method: when certification authority will be destroyed because of time-out, Each application of the single-sign-on frame CAS Server on user terminal sends sniff request;For each on user terminal Request response is made using to sniff request;CAS Server receives the request response that user terminal is sent, if the request is rung It should indicate that there are at least one applications to be active on the user terminal, then does not destroy the certification authority.
The embodiment of the present invention discloses a kind of computer program product, and computer program product includes being stored in non-transient calculating Computer program on machine readable storage medium storing program for executing, computer program include program instruction, when program instruction is computer-executed, Computer is able to carry out method provided by above-mentioned each method embodiment, for example, when certification authority will be destroyed because of time-out When, each application of the single-sign-on frame CAS Server on user terminal sends sniff request;For each on user terminal A application makes request response to sniff request;CAS Server receives the request response that user terminal is sent, if the request Response indicates that there are at least one applications to be active on the user terminal, then does not destroy the certification authority.
The embodiment of the present invention provides a kind of non-transient computer readable storage medium, non-transient computer readable storage medium Computer instruction is stored, computer instruction makes computer execute method provided by above-mentioned each method embodiment, for example, when When certification authority will be destroyed because of time-out, each application of the single-sign-on frame CAS Server on user terminal sends sniff Request;So that each application on user terminal makes request response to sniff request;CAS Server receives user terminal and sends The request response come, if request response indicates that there are at least one applications to be active on the user terminal, The certification authority is not destroyed.
Those of ordinary skill in the art will appreciate that: realize that all or part of the steps of above method embodiment can pass through The relevant hardware of program instruction is completed, and program above-mentioned can be stored in a computer readable storage medium, the program When being executed, step including the steps of the foregoing method embodiments is executed;And storage medium above-mentioned includes: ROM, RAM, magnetic disk or light The various media that can store program code such as disk.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can It realizes by means of software and necessary general hardware platform, naturally it is also possible to pass through hardware.Based on this understanding, on Stating technical solution, substantially the part that contributes to existing technology can be embodied in the form of software products in other words, should Computer software product may be stored in a computer readable storage medium, such as ROM/RAM, magnetic disk, CD, including several fingers It enables and using so that a computer equipment (can be personal computer, server or the network equipment etc.) executes each implementation The method of certain parts of example or embodiment.
The present invention can allow by CAS manage each client application between realize rough synchronization, work as any client When using being in active state, the logging on authentication of CAS server-side all can be used never overtime at any time.
Finally, the method and apparatus being described in detail in present specification are only preferable embodiment, it is not intended to limit this The protection scope of inventive embodiments.All spirit in the embodiment of the present invention within principle, equally replace by made any modification It changes, improve, should be included within the protection scope of the embodiment of the present invention.

Claims (10)

1. a kind of method for preventing CAS Server from passively destroying session characterized by comprising
When certification authority will be destroyed because of time-out, each application hair of the single-sign-on frame CAS Server on user terminal Sniff is sent to request;So that each application on user terminal makes request response to sniff request;
CAS Server receives the request response that user terminal is sent, if request response indicates to deposit on the user terminal It is active at least one application, does not then destroy the certification authority.
2. the method according to claim 1, wherein also wrapped when certification authority will be destroyed because of time-out before It includes:
User is carried out by login authentication voucher using login in user terminal:
The each application logged in user carries out record storage with Service Ticket, while enabling for user terminal distribution verifying identification Board.
3. the method according to claim 1, wherein single-sign-on frame CAS Server is on user terminal Each application sends sniff request, comprising:
Single-sign-on frame CAS Server traverses each registered application, sends sniff to user terminal belonging to each application Whether request is inquired in each application one by one comprising movable dialogue.
4. method according to claim 1 or 3, which is characterized in that be provided with Java Servlet on the user terminal Container, for being handled sniff request and making request response.
5. the method according to claim 1, wherein the method also includes:
CAS Server receives the request response that user terminal is sent, if request response indicates to answer there is no any one With being active, then the certification authority is destroyed.
6. a kind of method for preventing CAS Server from passively destroying session characterized by comprising
User terminal receives the sniff request that single-sign-on frame CAS Server is sent to each application;Single-sign-on frame CAS The request of sniff that server is sent to each application, for when authenticate authority will because time-out is destroyed when issue;
User terminal makes request response to sniff request and request response is sent to CAS Server, for CAS If server indicates that there are at least one applications to be active on the user terminal, does not sell for request response Ruin the certification authority.
7. according to the method described in claim 6, it is characterized in that, being provided with Java Servlet appearance on the user terminal Device, for being handled sniff request and making request response.
8. a kind of single-sign-on frame CAS Server, which is characterized in that the server is used for:
When certification authority will be destroyed because of time-out, each application on user terminal sends sniff request;For user's end Each application on end makes request response to sniff request;
The request response that user terminal is sent is received, if request response indicates that there are at least one on the user terminal Using being active, then the certification authority is not destroyed.
9. a kind of user terminal, which is characterized in that the user terminal is used for:
Receive the sniff request that single-sign-on frame CAS Server is sent to each application;Single-sign-on frame CAS Server to The sniff request that each application is sent, for when authenticate authority will because time-out is destroyed when issue;
User terminal makes request response to sniff request and request response is sent to CAS Server, for CAS If server indicates that there are at least one applications to be active on the user terminal, does not sell for request response Ruin the certification authority.
10. user terminal according to claim 9, which is characterized in that be provided with Java on the user terminal Servlet container, for being handled sniff request and making request response.
CN201811038069.8A 2018-09-06 2018-09-06 Method, device, server and terminal for preventing CAS server from passively destroying session Active CN109274662B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811038069.8A CN109274662B (en) 2018-09-06 2018-09-06 Method, device, server and terminal for preventing CAS server from passively destroying session

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811038069.8A CN109274662B (en) 2018-09-06 2018-09-06 Method, device, server and terminal for preventing CAS server from passively destroying session

Publications (2)

Publication Number Publication Date
CN109274662A true CN109274662A (en) 2019-01-25
CN109274662B CN109274662B (en) 2021-06-04

Family

ID=65187790

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811038069.8A Active CN109274662B (en) 2018-09-06 2018-09-06 Method, device, server and terminal for preventing CAS server from passively destroying session

Country Status (1)

Country Link
CN (1) CN109274662B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101588393A (en) * 2009-07-02 2009-11-25 杭州华三通信技术有限公司 Method of state management based on real-time session
CN101860556A (en) * 2009-04-08 2010-10-13 北京闻言科技有限公司 Heartbeat technology for keeping safe and stable online
CN104410674A (en) * 2014-11-12 2015-03-11 国云科技股份有限公司 A WEB session synchronization method of a single sign on system
US20160099931A1 (en) * 2014-10-06 2016-04-07 Cisco Technology, Inc. Single Sign Off Handling by Network Device in Federated Identity Deployment
CN107257346A (en) * 2017-07-07 2017-10-17 东软集团股份有限公司 The Operational Visit processing method and its equipment of single-sign-on
CN107360054A (en) * 2017-06-23 2017-11-17 武汉票据交易中心有限公司 A kind of maintaining method and system of client session object
CN108134806A (en) * 2018-03-13 2018-06-08 北京信安世纪科技股份有限公司 A kind of method and system of Single Sign Out
CN108234483A (en) * 2017-12-29 2018-06-29 五八有限公司 User logs in renewed treaty method, apparatus, terminal and storage medium

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101860556A (en) * 2009-04-08 2010-10-13 北京闻言科技有限公司 Heartbeat technology for keeping safe and stable online
CN101588393A (en) * 2009-07-02 2009-11-25 杭州华三通信技术有限公司 Method of state management based on real-time session
US20160099931A1 (en) * 2014-10-06 2016-04-07 Cisco Technology, Inc. Single Sign Off Handling by Network Device in Federated Identity Deployment
CN104410674A (en) * 2014-11-12 2015-03-11 国云科技股份有限公司 A WEB session synchronization method of a single sign on system
CN107360054A (en) * 2017-06-23 2017-11-17 武汉票据交易中心有限公司 A kind of maintaining method and system of client session object
CN107257346A (en) * 2017-07-07 2017-10-17 东软集团股份有限公司 The Operational Visit processing method and its equipment of single-sign-on
CN108234483A (en) * 2017-12-29 2018-06-29 五八有限公司 User logs in renewed treaty method, apparatus, terminal and storage medium
CN108134806A (en) * 2018-03-13 2018-06-08 北京信安世纪科技股份有限公司 A kind of method and system of Single Sign Out

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
DONG ZHOU: "Towards Trustworthy and Secure Kiosk Computing for Mobile Users", 《2008 IEEE/IFIP INTERNATIONAL CONFERENCE ON EMBEDDED AND UBIQUITOUS COMPUTING》 *
张广梁: "基于CAS协议的安全单点登录技术的研究与应用", 《中国优秀硕士学位论文全文数据库信息科技辑》 *

Also Published As

Publication number Publication date
CN109274662B (en) 2021-06-04

Similar Documents

Publication Publication Date Title
CN108881232B (en) Sign-on access method, apparatus, storage medium and the processor of operation system
CN104378342B (en) Many accounts verification method, Apparatus and system
CN107018119B (en) Identity verification system, method and platform
US8782769B2 (en) System and method for providing a rest-based management service in a traffic director environment
CN107948201A (en) The purview certification method and system in Docker mirror images warehouse
CN103297410B (en) Account intercommunication system and its application method
CN1852094B (en) Method and system for protecting account of network business user
CN105229987B (en) Actively united mobile authentication
CN109714350A (en) The authority control method and device of application program, storage medium, computer equipment
CN106713271A (en) Web system log in constraint method based on single sign-on
CN105119966A (en) Official account management method and device
JP2008538428A5 (en)
CN106330813A (en) Method, device and system for processing authorization
CN109495486B (en) Single-page Web application integration CAS method based on JWT
CN108241797A (en) Mirror image warehouse user right management method, device, system and readable storage medium storing program for executing
CN104754009A (en) Service acquisition and invocation method, device, client-side and server
CN108600234A (en) A kind of auth method, device and mobile terminal
CN105337967A (en) Method and system for achieving target server logging by user and central server
CN106209727A (en) A kind of session access method and apparatus
CN107566329A (en) A kind of access control method and device
CN102739405A (en) Authentication method for service-orientated architecture service costumer
CN108390886A (en) Educate big data secure access control system
CN105704154B (en) A kind of service processing method based on RESTful, apparatus and system
CN111698196A (en) Authentication method and micro-service system
CN103179089A (en) System and method for identity authentication for accessing of different software development platforms

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant