CN109274662B - Method, device, server and terminal for preventing CAS server from passively destroying session - Google Patents
Method, device, server and terminal for preventing CAS server from passively destroying session Download PDFInfo
- Publication number
- CN109274662B CN109274662B CN201811038069.8A CN201811038069A CN109274662B CN 109274662 B CN109274662 B CN 109274662B CN 201811038069 A CN201811038069 A CN 201811038069A CN 109274662 B CN109274662 B CN 109274662B
- Authority
- CN
- China
- Prior art keywords
- user terminal
- application
- request
- sniffing
- cas server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides a method, a device, a server and a terminal for preventing a CAS server from passively destroying a session, wherein the method comprises the following steps: when the authentication credential is destroyed due to overtime, the single sign-on framework CAS server sends a sniffing request to each application on the user terminal; each application on the user terminal makes a request response to the sniffing request; and the CAS server receives a request response sent by the user terminal, and if the request response shows that at least one application exists on the user terminal and is in an activated state, the authentication credential is not destroyed. The invention can solve the problem of login state management between certain application systems with tighter service coupling.
Description
Technical Field
The present invention relates to the field of computer login management technology, and more particularly, to a method and apparatus for preventing a CAS server from passively destroying a session.
Background
Single sign-on: single Sign On, abbreviated as SSO, SSO enables users to access all mutually trusted application systems in a plurality of application systems by logging in only once. CAS framework: cas (central Authentication service) is a framework for implementing SSO single sign-on.
The single sign-on framework CAS can perform unified authentication management on a plurality of applications, and is a very wide-application sign-on management framework. However, the CAS is designed with such a feature that once the authentication credential is acquired, if the authentication credential is not used within a fixed time, the authentication credential is actively destroyed by the CAS system, so that the token cannot be acquired as expected when trying to perform authentication after the application. For some applications with tighter business coupling, this design cannot meet the usage requirement, for example, when a user uses one of the applications, the user's expectation on the CAS is that the CAS login credentials should be active as long as the application is in an active state.
Disclosure of Invention
In order to solve the above problems, the present invention provides a method and apparatus that overcomes, or at least partially solves, the above problems.
According to a first aspect of embodiments of the present invention, there is provided a method for preventing a CAS server from passively destroying a session, including:
when the authentication credential is destroyed due to overtime, the single sign-on framework CAS server sends a sniffing request to each application on the user terminal; each application on the user terminal makes a request response to the sniffing request;
and the CAS server receives a request response sent by the user terminal, and if the request response shows that at least one application exists on the user terminal and is in an activated state, the authentication credential is not destroyed.
Further, when the authentication credential is to be destroyed due to timeout, the method also includes:
the user logs in the application through the login authentication certificate at the user terminal:
and recording and storing each application and authentication certificate logged by the user, and distributing a verification identification token for the user terminal.
Further, the sending of the sniffing request to each application on the user terminal by the single sign-on framework CAS server includes:
the CAS server traverses each registered application, sends a sniffing request to the user terminal to which each application belongs, and inquires whether each application contains active conversations one by one.
Further, a Java Servlet container is arranged on the user terminal and used for processing the sniffing request and making a request response.
Further, the method further comprises:
and the CAS server receives a request response sent by the user terminal, and destroys the authentication credential if the request response indicates that no application is in an activated state.
According to a second aspect of embodiments of the present invention, there is provided a method for preventing a CAS server from passively destroying a session, comprising:
a user terminal receives a sniffing request sent to each application by a single sign-on framework CAS server; the method comprises the following steps that a sniffing request sent by a single sign-on framework CAS server to each application is sent out when an authentication credential is destroyed due to overtime;
the user terminal makes a request response to the sniffing request and sends the request response to the CAS server, so that the CAS server is used for not destroying the authentication credential if the request response indicates that at least one application is in an activated state on the user terminal.
Further, a Java Servlet container is arranged on the user terminal and used for processing the sniffing request and making a request response.
According to a third aspect of the embodiments of the present invention, there is provided a single sign-on framework CAS server, the server being configured to:
when the authentication credential is to be destroyed due to overtime, sending a sniffing request to each application on the user terminal; each application on the user terminal makes a request response to the sniffing request;
and receiving a request response sent by the user terminal, and if the request response indicates that at least one application is in an activated state on the user terminal, not destroying the authentication credential.
According to a fourth aspect of the embodiments of the present invention, there is provided a user terminal, configured to:
receiving a sniffing request sent by a single sign-on framework CAS server to each application; the method comprises the following steps that a sniffing request sent by a single sign-on framework CAS server to each application is sent out when an authentication credential is destroyed due to overtime;
the user terminal makes a request response to the sniffing request and sends the request response to the CAS server, so that the CAS server is used for not destroying the authentication credential if the request response indicates that at least one application is in an activated state on the user terminal.
Further, a Java Servlet container is arranged on the user terminal and used for processing the sniffing request and making a request response.
The invention provides a method, a device, a server and a terminal for preventing a CAS server from passively destroying a session, wherein the method comprises the following steps: when the authentication credential is destroyed due to overtime, the single sign-on framework CAS server sends a sniffing request to each application on the user terminal; each application on the user terminal makes a request response to the sniffing request; and the CAS server receives a request response sent by the user terminal, and if the request response shows that at least one application exists on the user terminal and is in an activated state, the authentication credential is not destroyed. The invention can solve the problem of login state management between certain application systems with tighter service coupling.
Drawings
FIG. 1 is a schematic overall flowchart of a method for preventing a CAS server from passively destroying a session according to an embodiment of the present invention;
FIG. 2 is a schematic overall flowchart of a method for preventing a CAS server from passively destroying a session according to an embodiment of the present invention;
fig. 3 is a schematic overall structure diagram of an electronic device of the method for preventing a CAS server from passively destroying a session according to the embodiment of the present invention.
Detailed Description
The following detailed description of embodiments of the present invention is provided in connection with the accompanying drawings and examples. The following examples are intended to illustrate the invention but are not intended to limit the scope of the invention.
Referring to fig. 1, an overall flowchart of a method for preventing a CAS server from passively destroying a session according to an embodiment of the present invention is shown, which includes the following steps:
s1, when the certification evidence will be destroyed due to overtime, the CAS server sends a sniffing request to each application on the user terminal; each application on the user terminal makes a request response to the sniffing request;
s2, the CAS server receives the request response sent by the user terminal, if the request response shows that at least one application is in the activation state on the user terminal, the authentication evidence is not destroyed.
On the basis of any of the foregoing embodiments of the present invention, there is provided a method for preventing a CAS server from passively destroying a session, where when an authentication credential is to be destroyed due to a timeout, the method further includes:
the user logs in the application through the login authentication certificate at the user terminal:
and recording and storing each application and authentication certificate logged by the user, and distributing a verification identification token for the user terminal.
On the basis of any of the foregoing embodiments of the present invention, a method for preventing a CAS server from passively destroying a session is provided, where a CAS server of a single sign-on framework sends a sniff request to each application on a user terminal, and the method includes:
the CAS server traverses each registered application, sends a sniffing request to the user terminal to which each application belongs, and inquires whether each application contains active conversations one by one.
On the basis of any of the above embodiments of the present invention, a method for preventing a CAS server from passively destroying a session is provided, where a Java Servlet container is disposed on the user terminal, and is used to process a sniff request and make a request response.
Based on any of the foregoing embodiments of the present invention, a method for preventing a CAS server from passively destroying a session is provided, where the method further includes:
and the CAS server receives a request response sent by the user terminal, and destroys the authentication credential if the request response indicates that no application is in an activated state.
Referring to fig. 2, an overall flowchart of a method for preventing a CAS server from passively destroying a session according to an embodiment of the present invention is shown, which includes the following steps:
s1', the user terminal receives the sniffing request sent by the CAS server to each application; the method comprises the following steps that a sniffing request sent by a single sign-on framework CAS server to each application is sent out when an authentication credential is destroyed due to overtime;
s2', the user terminal makes a request response to the sniff request and sends the request response to the CAS server, so that the CAS server is configured not to destroy the authentication credential if the request response indicates that at least one application exists on the user terminal and is in an activated state.
On the basis of any of the above embodiments of the present invention, a method for preventing a CAS server from passively destroying a session is provided, where a Java Servlet container is disposed on the user terminal, and is used to process a sniff request and make a request response.
In another embodiment of the present invention, a single sign-on framework CAS server is provided, the server being configured to:
when the authentication credential is to be destroyed due to overtime, sending a sniffing request to each application on the user terminal; each application on the user terminal makes a request response to the sniffing request;
and receiving a request response sent by the user terminal, and if the request response indicates that at least one application is in an activated state on the user terminal, not destroying the authentication credential.
On the basis of any of the foregoing embodiments of the present invention, there is provided a CAS server of a single sign-on framework, further including a sign-on module, configured to:
the user logs in the application through the login authentication certificate at the user terminal:
and recording and storing each application and authentication certificate logged by the user, and distributing a verification identification token for the user terminal.
Based on any of the foregoing embodiments of the present invention, there is provided a single sign-on framework CAS server, the CAS server is further configured to:
the CAS server traverses each registered application, sends a sniffing request to the user terminal to which each application belongs, and inquires whether each application contains active conversations one by one.
On the basis of any of the above embodiments of the present invention, a CAS server of a single sign-on framework is provided, where a Java Servlet container is disposed on a user terminal cooperating with the CAS server, and is used to process a sniff request and respond to the request.
Based on any of the foregoing embodiments of the present invention, there is provided a single sign-on framework CAS server, the CAS server is further configured to:
and the CAS server receives a request response sent by the user terminal, and destroys the authentication credential if the request response indicates that no application is in an activated state.
In another embodiment of the present invention, a user equipment is provided, where the user equipment is configured to:
receiving a sniffing request sent by a single sign-on framework CAS server to each application; the method comprises the following steps that a sniffing request sent by a single sign-on framework CAS server to each application is sent out when an authentication credential is destroyed due to overtime;
the user terminal makes a request response to the sniffing request and sends the request response to the CAS server, so that the CAS server is used for not destroying the authentication credential if the request response indicates that at least one application is in an activated state on the user terminal.
On the basis of any of the above embodiments of the present invention, a user terminal is provided, where a Java Servlet container is disposed on the user terminal, and is used to process a sniff request and make a request response.
On the basis of any embodiment of the invention, an electronic device for providing a method for preventing a CAS server from passively destroying a session is provided, which includes: at least one processor; and at least one memory communicatively coupled to the processor, wherein fig. 3 is a block diagram of an electronic device provided by an embodiment of the present invention, including: a processor (processor)310, a memory (memory)320, and a bus 330, wherein the processor 310 and the memory 320 communicate with each other via the bus 330. The processor 310 may call logic instructions in the memory 320 to perform the following method: when the authentication credential is destroyed due to overtime, the single sign-on framework CAS server sends a sniffing request to each application on the user terminal; each application on the user terminal makes a request response to the sniffing request; and the CAS server receives a request response sent by the user terminal, and if the request response shows that at least one application exists on the user terminal and is in an activated state, the authentication credential is not destroyed.
An embodiment of the present invention discloses a computer program product, which includes a computer program stored on a non-transitory computer readable storage medium, where the computer program includes program instructions, and when the program instructions are executed by a computer, the computer can execute the method provided by the above method embodiments, for example, the method includes: when the authentication credential is destroyed due to overtime, the single sign-on framework CAS server sends a sniffing request to each application on the user terminal; each application on the user terminal makes a request response to the sniffing request; and the CAS server receives a request response sent by the user terminal, and if the request response shows that at least one application exists on the user terminal and is in an activated state, the authentication credential is not destroyed.
An embodiment of the present invention provides a non-transitory computer-readable storage medium, where the non-transitory computer-readable storage medium stores computer instructions, and the computer instructions cause a computer to execute the method provided by the foregoing method embodiments, for example, the method includes: when the authentication credential is destroyed due to overtime, the single sign-on framework CAS server sends a sniffing request to each application on the user terminal; each application on the user terminal makes a request response to the sniffing request; and the CAS server receives a request response sent by the user terminal, and if the request response shows that at least one application exists on the user terminal and is in an activated state, the authentication credential is not destroyed.
Those of ordinary skill in the art will understand that: all or part of the steps for implementing the method embodiments may be implemented by hardware related to program instructions, and the program may be stored in a computer readable storage medium, and when executed, the program performs the steps including the method embodiments; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods of the various embodiments or some parts of the embodiments.
The invention can realize rough synchronization among all client applications managed by the CAS, and when any client application is in an active state, the login certificate of the CAS server can be used at any time and never overtime.
Finally, the methods and apparatus detailed in the present application are only preferred embodiments and are not intended to limit the scope of the embodiments of the present invention. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the embodiments of the present invention should be included in the protection scope of the embodiments of the present invention.
Claims (9)
1. A method for preventing a CAS server from passively destroying a session, comprising:
when the authentication credential is destroyed due to overtime, the single sign-on framework CAS server sends a sniffing request to each application on the user terminal; each application on the user terminal makes a request response to the sniffing request;
the CAS server receives a request response sent by a user terminal, and if the request response shows that at least one application is in an activated state on the user terminal, the authentication credential is not destroyed;
the method for sending the sniffing request to each application on the user terminal by the CAS server of the single sign-on framework comprises the following steps:
the CAS server traverses each registered application, sends a sniffing request to the user terminal to which each application belongs, and inquires whether each application contains active conversations one by one.
2. The method of claim 1, wherein when the authentication credential is to be destroyed due to a timeout, further comprising:
the user logs in the application through the login authentication certificate at the user terminal:
and recording and storing each application and authentication certificate logged by the user, and distributing a verification identification token for the user terminal.
3. The method according to claim 1, wherein a Java Servlet container is provided on the user terminal for processing the sniff request and responding to the request.
4. The method of claim 1, further comprising:
and the CAS server receives a request response sent by the user terminal, and destroys the authentication credential if the request response indicates that no application is in an activated state.
5. A method for preventing a CAS server from passively destroying a session, comprising:
a user terminal receives a sniffing request sent to each application by a single sign-on framework CAS server; the method comprises the following steps that a sniffing request sent by a single sign-on framework CAS server to each application is sent out when an authentication credential is destroyed due to overtime;
the user terminal makes a request response to the sniffing request and sends the request response to the CAS server, so that the CAS server is used for not destroying the authentication credential if the request response indicates that at least one application is in an activated state on the user terminal;
the CAS server sends sniffing requests to each application, and the sniffing requests comprise:
the CAS server traverses each registered application, sends a sniffing request to the user terminal to which each application belongs, and inquires whether each application contains active conversations one by one.
6. A method according to claim 5, wherein a Java Servlet container is provided on the user terminal for processing sniff requests and responding to requests.
7. A single sign-on framework CAS server, the server configured to:
when the authentication credential is to be destroyed due to overtime, sending a sniffing request to each application on the user terminal; each application on the user terminal makes a request response to the sniffing request;
receiving a request response sent by a user terminal, and if the request response indicates that at least one application is in an activated state on the user terminal, not destroying the authentication credential;
the sending of the sniff request to each application on the user terminal includes:
and traversing each registered application, sending a sniffing request to the user terminal to which each application belongs, and inquiring whether each application contains active conversations one by one.
8. A user terminal, wherein the user terminal is configured to:
receiving a sniffing request sent by a single sign-on framework CAS server to each application; the method comprises the following steps that a sniffing request sent by a single sign-on framework CAS server to each application is sent out when an authentication credential is destroyed due to overtime;
the user terminal makes a request response to the sniffing request and sends the request response to the CAS server, so that the CAS server is used for not destroying the authentication credential if the request response indicates that at least one application is in an activated state on the user terminal;
the sniffing request sent by the CAS server to each application comprises the following steps:
the CAS server traverses each registered application, sends a sniffing request to the user terminal to which each application belongs, and inquires whether each application contains active conversations one by one.
9. The user terminal according to claim 8, wherein the user terminal is provided with a Java Servlet container for processing the sniff request and responding to the request.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811038069.8A CN109274662B (en) | 2018-09-06 | 2018-09-06 | Method, device, server and terminal for preventing CAS server from passively destroying session |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811038069.8A CN109274662B (en) | 2018-09-06 | 2018-09-06 | Method, device, server and terminal for preventing CAS server from passively destroying session |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109274662A CN109274662A (en) | 2019-01-25 |
| CN109274662B true CN109274662B (en) | 2021-06-04 |
Family
ID=65187790
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811038069.8A Active CN109274662B (en) | 2018-09-06 | 2018-09-06 | Method, device, server and terminal for preventing CAS server from passively destroying session |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109274662B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101860556A (en) * | 2009-04-08 | 2010-10-13 | 北京闻言科技有限公司 | Heartbeat technology for keeping safe and stable online |
| CN104410674A (en) * | 2014-11-12 | 2015-03-11 | 国云科技股份有限公司 | A WEB session synchronization method of a single sign on system |
| CN107257346A (en) * | 2017-07-07 | 2017-10-17 | 东软集团股份有限公司 | The Operational Visit processing method and its equipment of single-sign-on |
| CN107360054A (en) * | 2017-06-23 | 2017-11-17 | 武汉票据交易中心有限公司 | A kind of maintaining method and system of client session object |
| CN108134806A (en) * | 2018-03-13 | 2018-06-08 | 北京信安世纪科技股份有限公司 | A kind of method and system of Single Sign Out |
| CN108234483A (en) * | 2017-12-29 | 2018-06-29 | 五八有限公司 | User logs in renewed treaty method, apparatus, terminal and storage medium |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101588393B (en) * | 2009-07-02 | 2013-06-05 | 杭州华三通信技术有限公司 | Method, device and system for state management based on real-time session |
| US9774588B2 (en) * | 2014-10-06 | 2017-09-26 | Cisco Technology, Inc. | Single sign off handling by network device in federated identity deployment |
-
2018
- 2018-09-06 CN CN201811038069.8A patent/CN109274662B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101860556A (en) * | 2009-04-08 | 2010-10-13 | 北京闻言科技有限公司 | Heartbeat technology for keeping safe and stable online |
| CN104410674A (en) * | 2014-11-12 | 2015-03-11 | 国云科技股份有限公司 | A WEB session synchronization method of a single sign on system |
| CN107360054A (en) * | 2017-06-23 | 2017-11-17 | 武汉票据交易中心有限公司 | A kind of maintaining method and system of client session object |
| CN107257346A (en) * | 2017-07-07 | 2017-10-17 | 东软集团股份有限公司 | The Operational Visit processing method and its equipment of single-sign-on |
| CN108234483A (en) * | 2017-12-29 | 2018-06-29 | 五八有限公司 | User logs in renewed treaty method, apparatus, terminal and storage medium |
| CN108134806A (en) * | 2018-03-13 | 2018-06-08 | 北京信安世纪科技股份有限公司 | A kind of method and system of Single Sign Out |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109274662A (en) | 2019-01-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20200067903A1 (en) | Integration of Publish-Subscribe Messaging with Authentication Tokens | |
| CN109067728B (en) | Access control method and device for application program interface, server and storage medium | |
| US8782769B2 (en) | System and method for providing a rest-based management service in a traffic director environment | |
| US11201778B2 (en) | Authorization processing method, device, and system | |
| CN110278187B (en) | Multi-terminal single sign-on method, system, synchronous server and medium | |
| CN109743163A (en) | Purview certification method, apparatus and system in micro services framework | |
| US9544288B2 (en) | Messaging gateway | |
| US20130227661A1 (en) | Systems and methods for generating and authenticating one time dynamic password based on context information | |
| CN105592035A (en) | Single sign on method used for multiple application systems | |
| CN110069911B (en) | Access control method, device, system, electronic equipment and readable storage medium | |
| CN109150800A (en) | Login access method, system and storage medium | |
| US10505784B2 (en) | Techniques for accessing logical networks via a virtualized gateway | |
| CN108696831B (en) | Short message sending method and device | |
| CN114338063B (en) | Message queue system, service processing method and computer readable storage medium | |
| CN111464534A (en) | Session keeping method and device in distributed system | |
| CN112073366B (en) | Data processing method for railway financial system and data center | |
| CN110247905A (en) | The data backup memory method and system of secure authentication mode based on Token | |
| CN109274662B (en) | Method, device, server and terminal for preventing CAS server from passively destroying session | |
| KR101069323B1 (en) | Method and system for delayed allocation of resources | |
| WO2019201111A1 (en) | Information processing method, apparatus and device, and computer-readable storage medium | |
| CN115225354A (en) | Multi-application single sign-on method, device, computer equipment and medium | |
| CN112583777B (en) | Method and device for realizing user login | |
| CN113055186A (en) | Cross-system service processing method, device and system | |
| CN103763144A (en) | Method and device of user for carrying out renewal to go online | |
| CN111581613A (en) | Account login verification method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |