CN109274662A - Prevent CAS Server from passively destroying method, apparatus, server and the terminal of session - Google Patents
Prevent CAS Server from passively destroying method, apparatus, server and the terminal of session Download PDFInfo
- Publication number
- CN109274662A CN109274662A CN201811038069.8A CN201811038069A CN109274662A CN 109274662 A CN109274662 A CN 109274662A CN 201811038069 A CN201811038069 A CN 201811038069A CN 109274662 A CN109274662 A CN 109274662A
- Authority
- CN
- China
- Prior art keywords
- user terminal
- request
- application
- sniff
- request response
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The present invention provides method, apparatus, server and the terminal for preventing CAS Server from passively destroying session, the method of the invention includes: when certification authority will be destroyed because of time-out, and each application of the single-sign-on frame CAS Server on user terminal sends sniff request;So that each application on user terminal makes request response to sniff request;CAS Server receives the request response that user terminal is sent, if request response indicates that there are at least one applications to be active on the user terminal, does not destroy the certification authority.The present invention is able to solve the logging state problem of management between the more close application system of certain business couplings.
Description
Technical field
The present invention relates to computers to log in administrative skill field, more particularly, to preventing the CAS Server passively meeting of destruction
The method and device of words.
Background technique
Single-sign-on: Single Sign On, abbreviation SSO, SSO make in multiple application systems, and user only needs to step on
Record can once access the application system of all mutual trusts.CAS frame: CAS (Central Authentication
It Service) is the frame for realizing SSO single-sign-on.
Multiple applications can be carried out unified authentication management by single-sign-on frame CAS, be a kind of using very extensive
Log in management framework.But the design of CAS has such a feature, certification authority is Yi Dan obtained, if within the set time
It does not use, will actively be destroyed by cas system, when causing to attempt to be authenticated again after, can not obtain and enable by expectation
Board.For some business coupling more closely application, this design is unable to satisfy requirement, such as user is using
As long as one of them is in application, user's being contemplated to be using being in active state to CAS, CAS logging on authentication should also live always
Dynamic.
Summary of the invention
To solve the above-mentioned problems, present invention offer overcomes the above problem or at least is partially solved the side of the above problem
Method and device.
According to a first aspect of the embodiments of the present invention, the method for preventing CAS Server from passively destroying session is provided, is wrapped
It includes:
When authenticate authority will be destroyed because of time-out when, each on user terminal of single-sign-on frame CAS Server answers
It is requested with sniff is sent;So that each application on user terminal makes request response to sniff request;
CAS Server receives the request response that user terminal is sent, if request response indicates the user terminal
Upper there are at least one applications to be active, then does not destroy the certification authority.
Further, when certification authority will be destroyed because of time-out, before further include:
User is carried out by login authentication voucher using login in user terminal:
The each application logged in user carries out record storage with Service Ticket, while knowing for user terminal distribution verifying
Other token.
Further, each application of the single-sign-on frame CAS Server on user terminal sends sniff request, comprising:
Single-sign-on frame CAS Server traverses each registered application, sends to user terminal belonging to each application
Whether sniff request is inquired in each application one by one comprising movable dialogue.
Further, Java Servlet container is provided on the user terminal, for being handled simultaneously sniff request
Make request response.
Further, the method also includes:
CAS Server receives the request response that user terminal is sent, if request response indicates to be not present any one
A application is active, then destroys the certification authority.
According to a second aspect of the embodiments of the present invention, the method for preventing CAS Server from passively destroying session is provided, comprising:
User terminal receives the sniff request that single-sign-on frame CAS Server is sent to each application;Single-sign-on frame
The request of sniff that frame CAS Server is sent to each application, for when authenticate authority will because time-out is destroyed when issue;
User terminal makes request response to sniff request and request response is sent to CAS Server, with
If indicating that there are at least one applications to be active on the user terminal for request response for CAS Server,
The certification authority is not destroyed then.
Further, Java Servlet container is provided on the user terminal, for being handled simultaneously sniff request
Make request response.
According to a third aspect of the embodiments of the present invention, a kind of single-sign-on frame CAS Server is provided, the server is used
In:
When certification authority will be destroyed because of time-out, each application on user terminal sends sniff request;For with
Each application in the terminal of family makes request response to sniff request;
The request response that user terminal is sent is received, if request response indicates exist at least on the user terminal
One application is active, then does not destroy the certification authority.
According to a fourth aspect of the embodiments of the present invention, a kind of user terminal is provided, the user terminal is used for:
Receive the sniff request that single-sign-on frame CAS Server is sent to each application;Single-sign-on frame CAS service
The request of sniff that device is sent to each application, for when authenticate authority will because time-out is destroyed when issue;
User terminal makes request response to sniff request and request response is sent to CAS Server, with
If indicating that there are at least one applications to be active on the user terminal for request response for CAS Server,
The certification authority is not destroyed then.
Further, Java Servlet container is provided on the user terminal, for being handled simultaneously sniff request
Make request response.
The present invention provides method, apparatus, server and the terminal for preventing CAS Server from passively destroying session, institute of the present invention
The method of stating includes: when certification authority will be destroyed because of time-out, and single-sign-on frame CAS Server is each on user terminal
It is requested using sniff is sent;So that each application on user terminal makes request response to sniff request;CAS Server receives
The request response that user terminal is sent, if request response indicates that there are at least one applications to be on the user terminal
State of activation does not destroy the certification authority then.The present invention is able to solve certain business and couples between more close application system
Logging state problem of management.
Detailed description of the invention
Fig. 1 be the embodiment of the present invention prevent CAS Server passively destroy session method overall flow schematic diagram;
Fig. 2 be the embodiment of the present invention prevent CAS Server passively destroy session method overall flow schematic diagram;
Fig. 3 is that the whole of electronic equipment of the method for preventing CAS Server from passively destroying session of the embodiment of the present invention is tied
Structure schematic diagram.
Specific embodiment
With reference to the accompanying drawings and examples, specific embodiments of the present invention will be described in further detail.Implement below
Example is not intended to limit the scope of the invention for illustrating the present invention.
Such as Fig. 1, a kind of overall flow for the method for preventing CAS Server from passively destroying session of the embodiment of the present invention is shown and is shown
It is intended to, comprising the following steps:
S1, when certification authority will be destroyed because of time-out, single-sign-on frame CAS Server is each on user terminal
It is requested using sniff is sent;So that each application on user terminal makes request response to sniff request;
S2, CAS Server receives the request response that user terminal is sent, if request response indicates that the user is whole
There are at least one applications to be active on end, then does not destroy the certification authority.
On the basis of any of the above-described specific embodiment of the invention, providing one kind prevents CAS Server from passively destroying session
Method, when authenticate authority will because time-out it is destroyed when, before further include:
User is carried out by login authentication voucher using login in user terminal:
The each application logged in user carries out record storage with Service Ticket, while knowing for user terminal distribution verifying
Other token.
On the basis of any of the above-described specific embodiment of the invention, providing one kind prevents CAS Server from passively destroying session
Method, each application of the single-sign-on frame CAS Server on user terminal send sniff request, comprising:
Single-sign-on frame CAS Server traverses each registered application, sends to user terminal belonging to each application
Whether sniff request is inquired in each application one by one comprising movable dialogue.
On the basis of any of the above-described specific embodiment of the invention, providing one kind prevents CAS Server from passively destroying session
Method, Java Servlet container is provided on the user terminal, for being handled sniff request and making request
Response.
On the basis of any of the above-described specific embodiment of the invention, providing one kind prevents CAS Server from passively destroying session
Method, the method also includes:
CAS Server receives the request response that user terminal is sent, if request response indicates to be not present any one
A application is active, then destroys the certification authority.
Such as Fig. 2, a kind of overall flow for the method for preventing CAS Server from passively destroying session of the embodiment of the present invention is shown and is shown
It is intended to, comprising the following steps:
S1 ', user terminal receive the sniff request that single-sign-on frame CAS Server is sent to each application;Single-point is stepped on
The sniff request that record frame CAS Server is sent to each application, for when authenticate authority will because it is overtime destroyed when issue;
S2 ', user terminal make request response to sniff request and request response are sent to CAS service
Device, if so that CAS Server indicates that there are at least one applications in activation on the user terminal for request response
State does not destroy the certification authority then.
On the basis of any of the above-described specific embodiment of the invention, providing one kind prevents CAS Server from passively destroying session
Method, Java Servlet container is provided on the user terminal, for being handled sniff request and making request
Response.
In another specific embodiment of the invention, a kind of single-sign-on frame CAS Server is provided, the server is used
In:
When certification authority will be destroyed because of time-out, each application on user terminal sends sniff request;For with
Each application in the terminal of family makes request response to sniff request;
The request response that user terminal is sent is received, if request response indicates exist at least on the user terminal
One application is active, then does not destroy the certification authority.
On the basis of any of the above-described specific embodiment of the invention, a kind of single-sign-on frame CAS Server is provided, is also wrapped
Login module is included, is used for:
User is carried out by login authentication voucher using login in user terminal:
The each application logged in user carries out record storage with Service Ticket, while knowing for user terminal distribution verifying
Other token.
On the basis of any of the above-described specific embodiment of the invention, a kind of single-sign-on frame CAS Server is provided, it is described
Server is further used for:
Single-sign-on frame CAS Server traverses each registered application, sends to user terminal belonging to each application
Whether sniff request is inquired in each application one by one comprising movable dialogue.
On the basis of any of the above-described specific embodiment of the invention, a kind of single-sign-on frame CAS Server is provided, with institute
It states and is provided with Java Servlet container on the user terminal of server cooperating, for sniff request to be handled and made
Request response out.
On the basis of any of the above-described specific embodiment of the invention, a kind of single-sign-on frame CAS Server is provided, it is described
Server is further used for:
CAS Server receives the request response that user terminal is sent, if request response indicates to be not present any one
A application is active, then destroys the certification authority.
In another specific embodiment of the invention, a kind of user terminal is provided, the user terminal is used for:
Receive the sniff request that single-sign-on frame CAS Server is sent to each application;Single-sign-on frame CAS service
The request of sniff that device is sent to each application, for when authenticate authority will because time-out is destroyed when issue;
User terminal makes request response to sniff request and request response is sent to CAS Server, with
If indicating that there are at least one applications to be active on the user terminal for request response for CAS Server,
The certification authority is not destroyed then.
On the basis of any of the above-described specific embodiment of the invention, a kind of user terminal is provided, is set on the user terminal
It is equipped with Java Servlet container, for being handled sniff request and making request response.
On the basis of any of the above-described specific embodiment of the invention, providing one kind prevents CAS Server from passively destroying session
Method electronic equipment, comprising: at least one processor;And at least one processor being connect with processor communication,
Middle Fig. 3 is the structural block diagram of electronic equipment provided in an embodiment of the present invention, comprising: processor (processor) 310, memory
(memory) 320 and bus 330, wherein processor 310, memory 320 complete mutual communication by bus 330.Processing
Device 310 can call the logical order in memory 320, to execute following method: when certification authority will be destroyed because of time-out,
Each application of the single-sign-on frame CAS Server on user terminal sends sniff request;For each on user terminal
Request response is made using to sniff request;CAS Server receives the request response that user terminal is sent, if the request is rung
It should indicate that there are at least one applications to be active on the user terminal, then does not destroy the certification authority.
The embodiment of the present invention discloses a kind of computer program product, and computer program product includes being stored in non-transient calculating
Computer program on machine readable storage medium storing program for executing, computer program include program instruction, when program instruction is computer-executed,
Computer is able to carry out method provided by above-mentioned each method embodiment, for example, when certification authority will be destroyed because of time-out
When, each application of the single-sign-on frame CAS Server on user terminal sends sniff request;For each on user terminal
A application makes request response to sniff request;CAS Server receives the request response that user terminal is sent, if the request
Response indicates that there are at least one applications to be active on the user terminal, then does not destroy the certification authority.
The embodiment of the present invention provides a kind of non-transient computer readable storage medium, non-transient computer readable storage medium
Computer instruction is stored, computer instruction makes computer execute method provided by above-mentioned each method embodiment, for example, when
When certification authority will be destroyed because of time-out, each application of the single-sign-on frame CAS Server on user terminal sends sniff
Request;So that each application on user terminal makes request response to sniff request;CAS Server receives user terminal and sends
The request response come, if request response indicates that there are at least one applications to be active on the user terminal,
The certification authority is not destroyed.
Those of ordinary skill in the art will appreciate that: realize that all or part of the steps of above method embodiment can pass through
The relevant hardware of program instruction is completed, and program above-mentioned can be stored in a computer readable storage medium, the program
When being executed, step including the steps of the foregoing method embodiments is executed;And storage medium above-mentioned includes: ROM, RAM, magnetic disk or light
The various media that can store program code such as disk.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can
It realizes by means of software and necessary general hardware platform, naturally it is also possible to pass through hardware.Based on this understanding, on
Stating technical solution, substantially the part that contributes to existing technology can be embodied in the form of software products in other words, should
Computer software product may be stored in a computer readable storage medium, such as ROM/RAM, magnetic disk, CD, including several fingers
It enables and using so that a computer equipment (can be personal computer, server or the network equipment etc.) executes each implementation
The method of certain parts of example or embodiment.
The present invention can allow by CAS manage each client application between realize rough synchronization, work as any client
When using being in active state, the logging on authentication of CAS server-side all can be used never overtime at any time.
Finally, the method and apparatus being described in detail in present specification are only preferable embodiment, it is not intended to limit this
The protection scope of inventive embodiments.All spirit in the embodiment of the present invention within principle, equally replace by made any modification
It changes, improve, should be included within the protection scope of the embodiment of the present invention.
Claims (10)
1. a kind of method for preventing CAS Server from passively destroying session characterized by comprising
When certification authority will be destroyed because of time-out, each application hair of the single-sign-on frame CAS Server on user terminal
Sniff is sent to request;So that each application on user terminal makes request response to sniff request;
CAS Server receives the request response that user terminal is sent, if request response indicates to deposit on the user terminal
It is active at least one application, does not then destroy the certification authority.
2. the method according to claim 1, wherein also wrapped when certification authority will be destroyed because of time-out before
It includes:
User is carried out by login authentication voucher using login in user terminal:
The each application logged in user carries out record storage with Service Ticket, while enabling for user terminal distribution verifying identification
Board.
3. the method according to claim 1, wherein single-sign-on frame CAS Server is on user terminal
Each application sends sniff request, comprising:
Single-sign-on frame CAS Server traverses each registered application, sends sniff to user terminal belonging to each application
Whether request is inquired in each application one by one comprising movable dialogue.
4. method according to claim 1 or 3, which is characterized in that be provided with Java Servlet on the user terminal
Container, for being handled sniff request and making request response.
5. the method according to claim 1, wherein the method also includes:
CAS Server receives the request response that user terminal is sent, if request response indicates to answer there is no any one
With being active, then the certification authority is destroyed.
6. a kind of method for preventing CAS Server from passively destroying session characterized by comprising
User terminal receives the sniff request that single-sign-on frame CAS Server is sent to each application;Single-sign-on frame CAS
The request of sniff that server is sent to each application, for when authenticate authority will because time-out is destroyed when issue;
User terminal makes request response to sniff request and request response is sent to CAS Server, for CAS
If server indicates that there are at least one applications to be active on the user terminal, does not sell for request response
Ruin the certification authority.
7. according to the method described in claim 6, it is characterized in that, being provided with Java Servlet appearance on the user terminal
Device, for being handled sniff request and making request response.
8. a kind of single-sign-on frame CAS Server, which is characterized in that the server is used for:
When certification authority will be destroyed because of time-out, each application on user terminal sends sniff request;For user's end
Each application on end makes request response to sniff request;
The request response that user terminal is sent is received, if request response indicates that there are at least one on the user terminal
Using being active, then the certification authority is not destroyed.
9. a kind of user terminal, which is characterized in that the user terminal is used for:
Receive the sniff request that single-sign-on frame CAS Server is sent to each application;Single-sign-on frame CAS Server to
The sniff request that each application is sent, for when authenticate authority will because time-out is destroyed when issue;
User terminal makes request response to sniff request and request response is sent to CAS Server, for CAS
If server indicates that there are at least one applications to be active on the user terminal, does not sell for request response
Ruin the certification authority.
10. user terminal according to claim 9, which is characterized in that be provided with Java on the user terminal
Servlet container, for being handled sniff request and making request response.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811038069.8A CN109274662B (en) | 2018-09-06 | 2018-09-06 | Method, device, server and terminal for preventing CAS server from passively destroying session |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811038069.8A CN109274662B (en) | 2018-09-06 | 2018-09-06 | Method, device, server and terminal for preventing CAS server from passively destroying session |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109274662A true CN109274662A (en) | 2019-01-25 |
CN109274662B CN109274662B (en) | 2021-06-04 |
Family
ID=65187790
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811038069.8A Active CN109274662B (en) | 2018-09-06 | 2018-09-06 | Method, device, server and terminal for preventing CAS server from passively destroying session |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109274662B (en) |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101588393A (en) * | 2009-07-02 | 2009-11-25 | 杭州华三通信技术有限公司 | Method of state management based on real-time session |
CN101860556A (en) * | 2009-04-08 | 2010-10-13 | 北京闻言科技有限公司 | Heartbeat technology for keeping safe and stable online |
CN104410674A (en) * | 2014-11-12 | 2015-03-11 | 国云科技股份有限公司 | A WEB session synchronization method of a single sign on system |
US20160099931A1 (en) * | 2014-10-06 | 2016-04-07 | Cisco Technology, Inc. | Single Sign Off Handling by Network Device in Federated Identity Deployment |
CN107257346A (en) * | 2017-07-07 | 2017-10-17 | 东软集团股份有限公司 | The Operational Visit processing method and its equipment of single-sign-on |
CN107360054A (en) * | 2017-06-23 | 2017-11-17 | 武汉票据交易中心有限公司 | A kind of maintaining method and system of client session object |
CN108134806A (en) * | 2018-03-13 | 2018-06-08 | 北京信安世纪科技股份有限公司 | A kind of method and system of Single Sign Out |
CN108234483A (en) * | 2017-12-29 | 2018-06-29 | 五八有限公司 | User logs in renewed treaty method, apparatus, terminal and storage medium |
-
2018
- 2018-09-06 CN CN201811038069.8A patent/CN109274662B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101860556A (en) * | 2009-04-08 | 2010-10-13 | 北京闻言科技有限公司 | Heartbeat technology for keeping safe and stable online |
CN101588393A (en) * | 2009-07-02 | 2009-11-25 | 杭州华三通信技术有限公司 | Method of state management based on real-time session |
US20160099931A1 (en) * | 2014-10-06 | 2016-04-07 | Cisco Technology, Inc. | Single Sign Off Handling by Network Device in Federated Identity Deployment |
CN104410674A (en) * | 2014-11-12 | 2015-03-11 | 国云科技股份有限公司 | A WEB session synchronization method of a single sign on system |
CN107360054A (en) * | 2017-06-23 | 2017-11-17 | 武汉票据交易中心有限公司 | A kind of maintaining method and system of client session object |
CN107257346A (en) * | 2017-07-07 | 2017-10-17 | 东软集团股份有限公司 | The Operational Visit processing method and its equipment of single-sign-on |
CN108234483A (en) * | 2017-12-29 | 2018-06-29 | 五八有限公司 | User logs in renewed treaty method, apparatus, terminal and storage medium |
CN108134806A (en) * | 2018-03-13 | 2018-06-08 | 北京信安世纪科技股份有限公司 | A kind of method and system of Single Sign Out |
Non-Patent Citations (2)
Title |
---|
DONG ZHOU: "Towards Trustworthy and Secure Kiosk Computing for Mobile Users", 《2008 IEEE/IFIP INTERNATIONAL CONFERENCE ON EMBEDDED AND UBIQUITOUS COMPUTING》 * |
张广梁: "基于CAS协议的安全单点登录技术的研究与应用", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Also Published As
Publication number | Publication date |
---|---|
CN109274662B (en) | 2021-06-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108881232B (en) | Sign-on access method, apparatus, storage medium and the processor of operation system | |
CN104378342B (en) | Many accounts verification method, Apparatus and system | |
CN107018119B (en) | Identity verification system, method and platform | |
US8782769B2 (en) | System and method for providing a rest-based management service in a traffic director environment | |
CN107948201A (en) | The purview certification method and system in Docker mirror images warehouse | |
CN103297410B (en) | Account intercommunication system and its application method | |
CN1852094B (en) | Method and system for protecting account of network business user | |
CN105229987B (en) | Actively united mobile authentication | |
CN109714350A (en) | The authority control method and device of application program, storage medium, computer equipment | |
CN106713271A (en) | Web system log in constraint method based on single sign-on | |
CN105119966A (en) | Official account management method and device | |
JP2008538428A5 (en) | ||
CN106330813A (en) | Method, device and system for processing authorization | |
CN109495486B (en) | Single-page Web application integration CAS method based on JWT | |
CN108241797A (en) | Mirror image warehouse user right management method, device, system and readable storage medium storing program for executing | |
CN104754009A (en) | Service acquisition and invocation method, device, client-side and server | |
CN108600234A (en) | A kind of auth method, device and mobile terminal | |
CN105337967A (en) | Method and system for achieving target server logging by user and central server | |
CN106209727A (en) | A kind of session access method and apparatus | |
CN107566329A (en) | A kind of access control method and device | |
CN102739405A (en) | Authentication method for service-orientated architecture service costumer | |
CN108390886A (en) | Educate big data secure access control system | |
CN105704154B (en) | A kind of service processing method based on RESTful, apparatus and system | |
CN111698196A (en) | Authentication method and micro-service system | |
CN103179089A (en) | System and method for identity authentication for accessing of different software development platforms |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |