CN109327477A - Authentication method, device and storage medium - Google Patents
Authentication method, device and storage medium Download PDFInfo
- Publication number
- CN109327477A CN109327477A CN201811487674.3A CN201811487674A CN109327477A CN 109327477 A CN109327477 A CN 109327477A CN 201811487674 A CN201811487674 A CN 201811487674A CN 109327477 A CN109327477 A CN 109327477A
- Authority
- CN
- China
- Prior art keywords
- micro services
- authentication
- token
- service request
- gateway
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
Abstract
The present invention provides a kind of authentication method, device and storage medium, service request is sent to gateway micro services by client, the token and business datum prestored including client, and service request is sent to authentication micro services by gateway micro services, authentication micro services are verified according to token, and gateway micro services are transmitted verification result to, service request is sent to corresponding business micro services when being verified and carries out operation flow by gateway micro services.By certification and the independent micro services basic as one of authentication in the present invention, other micro services under micro services framework can call authentication micro services to be authenticated and authenticated, with good decoupling, certification and authentication management under micro services framework are solved the problems, such as;Client is only needed to prestore token, each micro services end does not need storage Session information, realizes statelessly and expansible;Subscriber identity information does not depend on Cookie transmitting, avoids CSRF risk.
Description
Technical field
The present invention relates to field of communication technology more particularly to a kind of authentication methods, device and storage medium.
Background technique
More and more enterprises when based on the mode of overall applicability framework to realize core business, with business send out
Exhibition, data volume and system are more and more too fat to move, and complexity improves, it is difficult to adapt to flexible and changeable business demand.In this context, micro-
Service architecture (Microservices Architecture) comes into being, it abandons traditional large-scale integrated form design reason
Read, be changed to fine granularity, loose coupling, can flexible combination autonomous unit, this system design philosophies are increasingly becoming current mainstream
Service system structure mode.
After system micro services, original monomer applications are the certification mode based on session mostly, it may be assumed that user is first
Session is established after secondary access application server, creates Session (time domain) object in server-side, while creating in client
One Cookie object;Cookie object is brought up come the session object matching with server end by client come real
Existing authentication state management.And system can be split into several micro services/micro- application, each micro- application under micro services framework
It needs to authenticate access, each micro- application requires clear current accessed user and its permission, existing authentication
Method is not easy to authentication and the authentication management of micro services framework.
Summary of the invention
The present invention provides a kind of authentication method, device and storage medium, in order to which the identity under micro services framework is recognized
Card and authentication management.
The first aspect of the present invention is to provide a kind of authentication method, comprising:
Authentication micro services receive the service request for the client that gateway micro services are sent, and include in the service request
The token and business datum that the client prestores;
The authentication micro services are verified according to the token;
The authentication micro services transmit verification result to gateway micro services, so that the gateway micro services are described
Verification result is that the service request is sent to corresponding business micro services when being verified.
Further, the method also includes:
The authentication micro services receive the logging request for the client that the gateway micro services are sent, described to step on
Record request includes subscriber identity information;
The authentication micro services authenticate the logging request;
If the authentication micro services pass through logging request certification, the authentication micro services generate institute
Token is stated, and is sent to the client by the gateway micro services, so that the client stores the token.
Further, the authentication micro services authenticate the logging request, comprising:
The logging request is sent to Light Directory Access Protocol LDAP module by the authentication micro services, so that institute
It states LDAP module and the subscriber identity information is authenticated according to prestored user information;
The authentication micro services receive the authentication result that the LDAP module returns.
Further, the authentication micro services authenticate the logging request, comprising:
The authentication micro services obtain authority information according to the logging request;
The authentication micro services generate the token, comprising:
The authentication micro services generate the token according to the subscriber identity information and the authority information.
Further, the authentication micro services are verified according to the token, comprising:
Can the authentication micro services judgement obtain the subscriber identity information and the power according to the token
Limit information, if the subscriber identity information and the authority information can be obtained according to the token, it is determined that authentication is logical
It crosses;
The authentication micro services judge whether the service request meets the authority information, if the service request
Meet the authority information, it is determined that the authentication is passed.
Further, it if the subscriber identity information and the authority information cannot be obtained according to the token, determines
Authentication does not pass through or the service request is not able to satisfy the authority information, determines that authentication does not pass through, then the certification mirror
It weighs micro services and sends service request failed message to the gateway micro services.
The second aspect of the present invention is to provide a kind of authentication method, comprising:
Gateway micro services receive the service request that client is sent, and include the token prestored and industry in the service request
Business data;
The service request is sent to authentication micro services by the gateway micro services, so that the authentication is in incognito
Business is verified according to the token, and returns to verification result;
If the verification result is to be verified, the service request is sent to corresponding industry by the gateway micro services
Business micro services.
Further, the method also includes:
The gateway micro services receive the logging request that the client is sent, and the logging request includes user identity letter
Breath;
The logging request is sent to the authentication micro services by the gateway micro services;
The gateway micro services receive what the authentication micro services returned after passing through to logging request certification
Token, and the token is sent to the client, so that the client stores the token.
Further, the method also includes:
If the verification result is that verifying does not pass through, the gateway micro services send service request failure to the client
Message.
The third aspect of the present invention is to provide a kind of authentication device, comprising:
Receiving module, the service request of the client for receiving the transmission of gateway micro services include in the service request
The token and business datum that the client prestores;
Processing module, for being verified according to the token;
Sending module, for transmitting verification result to gateway micro services, so that the gateway micro services are in the verifying
It as a result is that the service request is sent to corresponding business micro services when being verified.
Further, the receiving module is also used to, and receives the login for the client that the gateway micro services are sent
Request, the logging request includes subscriber identity information;
The processing module is also used to, and is authenticated to the logging request;If passing through to logging request certification,
The authentication micro services generate the token;
The token is sent to the gateway micro services by the sending module, to be sent to by the gateway micro services
The client stores the client to the token.
Further, the processing module is used for, and the logging request is sent to Light Directory Access Protocol LDAP mould
Block, so that the LDAP module authenticates the subscriber identity information according to prestored user information;Receive the LDAP mould
The authentication result that block returns.
Further, the processing module is used for:
Authority information is obtained according to the logging request;
The token is generated according to the subscriber identity information and the authority information.
Further, the processing module is used for:
Can judgement obtain the subscriber identity information and the authority information according to the token, if can be according to
Token obtains the subscriber identity information and the authority information, it is determined that authentication passes through;
Judge whether the service request meets the authority information, if the service request meets the authority information,
Then determine that the authentication is passed.
Further, it if the subscriber identity information and the authority information cannot be obtained according to the token, determines
Authentication does not pass through or the service request is not able to satisfy the authority information, determines that authentication does not pass through, then to the gateway
Micro services send service request failed message.
The fourth aspect of the present invention is to provide a kind of authentication device, comprising:
Receiving module includes the token that prestores for receiving the service request of client transmission, in the service request with
And business datum;
Sending module, for the service request to be sent to authentication micro services, so that the authentication is in incognito
Business is verified according to the token;
The receiving module is also used to, and receives the verification result that the authentication micro services return;
The sending module is also used to, if the verification result is to be verified, the service request is sent to pair
The business micro services answered.
Further, the receiving module is also used to, and receives the logging request that the client is sent, the logging request
Including subscriber identity information;
The sending module is also used to, and the logging request is sent to the authentication micro services;
The receiving module is also used to, and is received the authentication micro services and is returned after passing through to logging request certification
The token returned;
The sending module is also used to, and the token is sent to the client, so that the client is to the order
Board is stored.
Further, the sending module is also used to, if the verification result is that verifying does not pass through, the gateway micro services
Service request failed message is sent to the client.
The fifth aspect of the present invention is to provide a kind of computer readable storage medium, is stored thereon with computer program;
Method as described in relation to the first aspect is realized when the computer program is executed by processor.
The sixth aspect of the present invention is to provide a kind of computer readable storage medium, is stored thereon with computer program;
The method as described in second aspect is realized when the computer program is executed by processor.
The seventh aspect of the present invention is to provide a kind of electronic equipment, comprising: processor;And memory, for storing
State the executable instruction of processor;Wherein, the processor is configured to execute such as first via the executable instruction is executed
Method described in aspect or second aspect.
Authentication method, device and storage medium provided by the invention send industry to gateway micro services by client
Business is requested, and includes token and business datum that client prestores in service request, after gateway micro services receive service request
Service request is sent to authentication micro services, is verified by authentication micro services according to token, and by verification result
Gateway micro services are sent to, it is micro- that service request is sent to corresponding business when verification result is to be verified by gateway micro services
Service carries out operation flow.By certification and the independent micro services basic as one of authentication, micro services framework in the present invention
Under other micro services can call the authentication micro services to be authenticated and authenticated, have good decoupling, solve it is micro-
Certification and authentication management problem under service architecture;Token token mechanism is based in the present invention, it is only necessary to which client prestores token i.e.
Can, each micro services end does not need storage Session information, to realize statelessly and expansible;Additionally due to user identity is believed
Breath is not need to rely on Cookie transmitting, avoids CSRF (Cross-site request forgery is forged across station request)
Risk.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention without any creative labor, may be used also for those of ordinary skill in the art
To obtain other drawings based on these drawings.
Fig. 1 is system architecture diagram provided in an embodiment of the present invention;
Fig. 2 is authentication method flow chart provided in an embodiment of the present invention;
Fig. 3 be another embodiment of the present invention provides authentication method flow chart;
Fig. 4 be another embodiment of the present invention provides authentication method flow chart;
Fig. 5 be another embodiment of the present invention provides authentication method flow chart;
Fig. 6 is the signaling diagram of authentication method provided in an embodiment of the present invention;
Fig. 7 provides the structure chart of authentication device for the embodiment of the present invention;
Fig. 8 is the structure chart of authentication device provided in an embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
Authentication method provided by the invention can be adapted for system shown in FIG. 1.As shown in Figure 1, the system packet
Include client 11, gateway micro services 12, authentication micro services 13 and business micro services 15,16, wherein log in user
Stage, client 11 send logging request to gateway micro services 12, include subscriber identity information, gateway micro services in logging request
12 receive logging request are sent to authentication micro services 13 after logging request, are asked by the 13 pairs of logins of authentication micro services
It asks and is authenticated, if authentication micro services 13 pass through logging request certification, authentication micro services 13 generate token
(Token), it and by gateway micro services 12 is sent to client 11, client 11 stores token.Further, it authenticates
It authenticates micro services 13 and logging request is sent to Light Directory Access Protocol LDAP (Lightweight Directory Access
Protocol) module, LDAP module authenticates subscriber identity information according to prestored user information, and authentication result is returned
To authentication micro services 13.In Service Period, client 11 sends service request to gateway micro services 12, wraps in service request
The token and business datum that client 11 prestores are included, service request is sent to by gateway micro services 12 after receiving service request
Authentication micro services 13 are verified by authentication micro services 13 according to token, and it is micro- to transmit verification result to gateway
Service request is sent to corresponding business micro services when verification result is to be verified and carried out by service 12, gateway micro services 12
Operation flow.Authentication process is described in detail below with reference to specific embodiment.
Fig. 2 is authentication method flow chart provided in an embodiment of the present invention.Present embodiments provide a kind of authentication
Method, executing subject are authentication micro services, and specific step is as follows for this method:
S101, authentication micro services receive the service request for the client that gateway micro services are sent, the service request
In include the token that prestores of the client and business datum.
In the present embodiment, in Service Period, client sends service request to gateway micro services, can wrap in service request
The token (Token) and business datum that client prestores are included, wherein token is authentication micro services in advance to client
User generates after carrying out authentication and authentication, may include in token subscriber identity information (such as username and password or
User ID and password) and authority information (such as user be able to access which business micro services or access business micro services which
Data), client saves token after receiving the token that authentication micro services are sent by gateway micro services, in turn
Service request can be generated according to the token and business datum prestored in Service Period, and be sent to gateway micro services, and by gateway
Service request is sent to authentication micro services by micro services.
S102, the authentication micro services are verified according to the token.
In the present embodiment, authentication micro services are verified according to token, can be specifically decoded first to token,
If can decode, and the information for including in token is got, such as subscriber identity information and authority information, then proves that token is by recognizing
Card authentication micro services publication, namely hold the user of the token and carried out authentication and authentication.More specifically, certification mirror
Power micro services can be used predetermined cipher mode when generating token and encrypt to token, if can use corresponding solution when verifying
Close mode is decrypted, then can be realized the verifying to token.In addition, authentication micro services are tested according to the token
Card, further includes judging whether service request meets authority information, if satisfied, corresponding business micro services can be accessed.
S103, the authentication micro services transmit verification result to gateway micro services, so that the gateway micro services
The service request is sent to corresponding business micro services when the verification result is to be verified.
In the present embodiment, authentication micro services are verified as a result, and tying verifying after being verified according to token
Fruit is sent to gateway micro services, if verification result is to be verified, service request is sent to corresponding industry by gateway micro services
Business micro services, and then business micro services can respond service request and carry out corresponding operation flow.
Authentication method provided in this embodiment sends service request to gateway micro services by client, and business is asked
It include that the token that prestores of client and business datum, gateway micro services send service request after receiving service request in asking
Authentication micro services are given, are verified by authentication micro services according to token, and transmit verification result to gateway in incognito
Service request is sent to corresponding business micro services when verification result is to be verified and carries out Business Stream by business, gateway micro services
Journey.In the present embodiment will certification with authenticate independent micro services basic as one, under micro services framework other in incognito
Business can call the authentication micro services to be authenticated and authenticated, and have good decoupling, solve to recognize under micro services framework
Card and authentication management problem;Token token mechanism is based in the present embodiment, it is only necessary to which client prestores token, each micro services
End does not need storage Session information, to realize statelessly and expansible;Additionally due to subscriber identity information needs not rely on
It is transmitted in Cookie, avoids the risk of CSRF.
On the basis of the above embodiments, as shown in figure 3, the method also includes:
S201, the authentication micro services receive the logging request for the client that the gateway micro services are sent,
The logging request includes subscriber identity information.
In the present embodiment, in user's entry stage, client sends logging request to gateway micro services, in logging request
Including subscriber identity information, such as username and password or User ID and password, after gateway micro services receive logging request
Logging request is sent to authentication micro services.
S202, the authentication micro services authenticate the logging request.
In the present embodiment, authentication micro services authenticate logging request, including authentication and authentication process,
Wherein authentication micro services can obtain prestored user information and corresponding default access information in advance, be believed according to user identity
Breath and prestored user information and corresponding default access information are authenticated.Others can also be used in certain the present embodiment
Authentication means.
Optionally, the authentication micro services authenticate the logging request, may also comprise:
The logging request is sent to Light Directory Access Protocol LDAP module by the authentication micro services, so that institute
It states LDAP module and the subscriber identity information is authenticated according to prestored user information;
The authentication micro services receive the authentication result that the LDAP module returns.
In the present embodiment, logging request is sent to LDAP module by authentication micro services, is recognized by LDAP module
Card process, wherein the hierarchical structure that LDAP module can be tree-shaped stores the prestored user information, may be implemented it is more efficient,
More flexible authentication.Wherein LDAP module can provide Basic Authentication and SASL (Simple Authentication and
Secure Layer) certification.Basic Authentication is to carry out identification by username and password, and be divided into simple password and abstract
Cipher authentication;SASL certification is LDAP offer in SSL (Secure Sockets Layer, Secure Socket Layer) and TLS
The authentication carried out on the basis of (Transport Layer Security, secure transport layer protocol) exit passageway, including number
The certification of word certificate.After LDAP module completes certification, authentication result is returned into authentication micro services.
More specifically, the authentication micro services authenticate the logging request, it may include:
The authentication micro services obtain authority information according to the logging request.
In the present embodiment, authentication micro services determine that logging request obtains authority information, specifically, can basis first
Subscriber identity information judges whether user is administrator, if administrator, then assigns highest permission, accessible any business
Micro services;If judging, user is not administrator, and the authority information of the user is obtained according to preset user right information, namely
The user be able to access which business micro services perhaps the user be able to access that a certain business micro services which data or
User forbids which business micro services etc. accessed.
If S203, the authentication micro services pass through logging request certification, the authentication micro services
Generate the token, and be sent to the client by the gateway micro services so that the client to the token into
Row storage.
In the present embodiment, authentication micro services generate token after certification passes through, and may include wherein user in token
Token is sent to gateway micro services after generating token by identity information and/or authority information, is sent out token by gateway micro services
Client is given, is stored by client, it, then can be in business to carry the token when client sends service request every time
Verifying rapidly and efficiently is realized in the process.
Specifically, the authentication micro services generate the token, comprising:
The authentication micro services generate the token according to the subscriber identity information and the authority information.
In the present embodiment, standardized JWT (JSON Web Token) specification can be used and write token data, wherein JWT
Standard is a kind of specification that can allow for transmitting safe and reliable information between user and server, it can use symmetric cryptography
With the mode of asymmetric encryption, the data to be transmitted are encrypted, prevent the leakage of data.
Further, based on the above embodiment, authentication micro services described in S102 are verified according to the token,
Specifically can include:
Can the authentication micro services judgement obtain the subscriber identity information and the power according to the token
Limit information, if the subscriber identity information and the authority information can be obtained according to the token, it is determined that authentication is logical
It crosses;
The authentication micro services judge whether the service request meets the authority information, if the service request
Meet the authority information, it is determined that the authentication is passed.
In the present embodiment, authentication micro services get user identity by being decoded to token, if can decode
Information and authority information then prove that token is issued by authentication micro services, it is determined that authentication passes through, namely holds
The user of the token had carried out authentication and authentication.More specifically, authentication micro services can be adopted when generating token
Token is encrypted with predetermined cipher mode, it, can be real if can be decrypted using corresponding manner of decryption when verifying
Now to the verifying of token.It after authentication passes through, can determine whether service request meets the authority information, namely judge the industry
Whether business requests related business micro services within the scope of user right, if, it is determined that the authentication is passed.
Further, if the subscriber identity information and the authority information cannot be obtained according to the token, body is determined
Part certification does not pass through or the service request is not able to satisfy the authority information, determines that authentication does not pass through, then the authentication
Micro services send service request failed message to the gateway micro services.
In the present embodiment, if there is any one not pass through in authentication or authentication process, authentication micro services
Service request failed message is sent to gateway micro services, business datum is truncated, it further can also be from gateway micro services to client
Service request failed message, such as preset status of fail code are sent, to inform that client side user service request fails.
The authentication method provided in the present embodiment sends service request, business to gateway micro services by client
It include that the token that prestores of client and business datum, gateway micro services send out service request after receiving service request in request
Authentication micro services are given, are verified by authentication micro services according to token, and it is micro- to transmit verification result to gateway
Service request is sent to corresponding business micro services when verification result is to be verified and carries out business by service, gateway micro services
Process.It will be authenticated in the present embodiment and authenticate the independent micro services basic as one, other under micro services framework are micro-
Service can call the authentication micro services to be authenticated and authenticated, and have good decoupling, solve under micro services framework
Certification and authentication management problem;Token token mechanism is based in the present embodiment, it is only necessary to which client prestores token, respectively in incognito
Business end does not need storage Session information, to realize statelessly and expansible;Additionally due to subscriber identity information do not need according to
Rely and transmitted in Cookie, avoids the risk of CSRF.
Fig. 4 is authentication method flow chart provided in an embodiment of the present invention.Present embodiments provide a kind of authentication
Method, executing subject are gateway micro services, and specific step is as follows for this method:
S301, gateway micro services receive the service request that client is sent, and include the token prestored in the service request
And business datum.
In the present embodiment, in Service Period, client sends service request to gateway micro services, can wrap in service request
Include the token and business datum that client prestores, may include in token subscriber identity information (such as username and password or
User ID and password) and authority information.
The service request is sent to authentication micro services by S302, the gateway micro services, so that the certification is reflected
Power micro services are verified according to the token, and return to verification result.
In the present embodiment, after gateway micro services receive service request, service request is sent to authentication in incognito
Business, is verified by authentication micro services according to token, wherein verification process can be found in above-described embodiment.It is micro- in authentication
Service is completed to return to verification result to gateway micro services after verifying.
If S303, the verification result are to be verified, the service request is sent to pair by the gateway micro services
The business micro services answered.
In the present embodiment, gateway micro services receive the verification result of gateway micro services return, if verification result is to test
Card passes through, and service request is sent to corresponding business micro services by gateway micro services, and then business micro services can respond business
Request carries out corresponding operation flow.
Further, if the verification result is that verifying does not pass through, the gateway micro services send industry to the client
Business request failure message.
Authentication method provided in this embodiment is the stream of gateway micro services side in above-mentioned authentication method embodiment
Journey, details are not described herein again for concrete function.
Authentication method provided in this embodiment sends service request to gateway micro services by client, and business is asked
It include that the token that prestores of client and business datum, gateway micro services send service request after receiving service request in asking
Authentication micro services are given, are verified by authentication micro services according to token, and transmit verification result to gateway in incognito
Service request is sent to corresponding business micro services when verification result is to be verified and carries out Business Stream by business, gateway micro services
Journey.In the present embodiment will certification with authenticate independent micro services basic as one, under micro services framework other in incognito
Business can call the authentication micro services to be authenticated and authenticated, and have good decoupling, solve to recognize under micro services framework
Card and authentication management problem;Token token mechanism is based in the present embodiment, it is only necessary to which client prestores token, each micro services
End does not need storage Session information, to realize statelessly and expansible;Additionally due to subscriber identity information needs not rely on
It is transmitted in Cookie, avoids the risk of CSRF.
On the basis of the above embodiments, as shown in figure 5, the method also includes:
S401, the gateway micro services receive the logging request that the client is sent, and the logging request includes user
Identity information.
In the present embodiment, in user's entry stage, client sends logging request to gateway micro services, in logging request
Including subscriber identity information, such as username and password or User ID and password.
The logging request is sent to the authentication micro services by S402, the gateway micro services.
In the present embodiment, gateway micro services receive and logging request are sent to authentication in incognito after logging request
Business, authenticates logging request by authentication micro services, wherein verification process can be found in above-described embodiment.If certification is logical
It crosses, authentication micro services generate token, and token is sent to gateway micro services.
S403, the gateway micro services receive the authentication micro services and return after passing through to logging request certification
The token returned, and the token is sent to the client, so that the client stores the token.
In the present embodiment, after gateway micro services receive the token that authentication micro services return, token is sent to
Client, so that client stores the token, to carry the token when client sends service request every time, then
Verifying rapidly and efficiently can be realized in business procedure.
Fig. 6 is the signaling diagram of authentication method provided in an embodiment of the present invention, wherein executable in user's entry stage
S511~S516 can be performed in Service Period in S501~S510.Specific step is as follows:
S501, client send logging request to gateway micro services, include subscriber identity information in logging request;
Logging request is sent to authentication micro services by S502, gateway micro services;
Logging request is sent to LDAP module by S503, authentication micro services;
S504, LDAP module authenticate subscriber identity information according to prestored user information;
The authentication result that S505, LDAP module return;
After S506, certification pass through, authentication micro services obtain authority information according to the logging request;
S507, authentication micro services generate token according to subscriber identity information and authority information;
Token is sent to gateway micro services by S508, authentication micro services;
Token is sent to client by S509, gateway micro services;
S510, client store token;
S511, client send service request to gateway micro services, include the token that prestores of client in service request with
And business datum;
S512, gateway micro services receive and service request are sent to authentication micro services after service request;
S513, authentication micro services are verified according to token;
S514, authentication micro services transmit verification result to gateway micro services;
S515, verification result be verified when, service request is sent to corresponding business in incognito by gateway micro services
Business;
S516, verification result be not by when, gateway micro services to client send service request failed message.
Authentication method provided in this embodiment sends service request to gateway micro services by client, and business is asked
It include that the token that prestores of client and business datum, gateway micro services send service request after receiving service request in asking
Authentication micro services are given, are verified by authentication micro services according to token, and transmit verification result to gateway in incognito
Service request is sent to corresponding business micro services when verification result is to be verified and carries out Business Stream by business, gateway micro services
Journey.In the present embodiment will certification with authenticate independent micro services basic as one, under micro services framework other in incognito
Business can call the authentication micro services to be authenticated and authenticated, and have good decoupling, solve to recognize under micro services framework
Card and authentication management problem;Token token mechanism is based in the present embodiment, it is only necessary to which client prestores token, each micro services
End does not need storage Session information, to realize statelessly and expansible;Additionally due to subscriber identity information needs not rely on
It is transmitted in Cookie, avoids the risk of CSRF.
Fig. 7 is the structure chart of authentication device provided in an embodiment of the present invention.Authentication dress provided in this embodiment
The process flow that the authentication micro services embodiment of the method for authentication micro services side provides can be executed by setting, as shown in fig. 6,
The authentication device 60 includes receiving module 61, processing module 62 and sending module 63.
Receiving module 61 wraps in the service request for receiving the service request for the client that gateway micro services are sent
Include the token and business datum that the client prestores;
Processing module 62, for being verified according to the token;
Sending module 63, for transmitting verification result to gateway micro services, so that the gateway micro services are tested described
Card result is that the service request is sent to corresponding business micro services when being verified.
Further, the receiving module 61 is also used to, and receives stepping on for the client that the gateway micro services are sent
Record request, the logging request includes subscriber identity information;
The processing module 62 is also used to, and is authenticated to the logging request;If passing through to logging request certification,
Then the authentication micro services generate the token;
The token is sent to the gateway micro services by the sending module 63, to be sent by the gateway micro services
To the client, store the client to the token.
Further, the processing module 62 is used for, and the logging request is sent to Light Directory Access Protocol LDAP
Module, so that the LDAP module authenticates the subscriber identity information according to prestored user information;Receive the LDAP
The authentication result that module returns.
Further, the processing module 62 is used for:
Authority information is obtained according to the logging request;
The token is generated according to the subscriber identity information and the authority information.
Further, the processing module 62 is used for:
Can judgement obtain the subscriber identity information and the authority information according to the token, if can be according to
Token obtains the subscriber identity information and the authority information, it is determined that authentication passes through;
Judge whether the service request meets the authority information, if the service request meets the authority information,
Then determine that the authentication is passed.
Further, it if the subscriber identity information and the authority information cannot be obtained according to the token, determines
Authentication does not pass through or the service request is not able to satisfy the authority information, determines that authentication does not pass through, then to the gateway
Micro services send service request failed message.
Authentication device provided in an embodiment of the present invention can be specifically used for executing side provided by above-mentioned Fig. 2 and Fig. 3
Method embodiment, details are not described herein again for concrete function.
Authentication device provided in an embodiment of the present invention sends service request, industry to gateway micro services by client
It include the token that prestores of client and business datum in business request, gateway micro services receive service request after service request
Authentication micro services are sent to, are verified by authentication micro services according to token, and transmit verification result to gateway
Service request is sent to corresponding business micro services when verification result is to be verified and carries out industry by micro services, gateway micro services
Business process.In the present embodiment will certification with authenticate independent micro services basic as one, other under micro services framework
Micro services can call the authentication micro services to be authenticated and authenticated, and have good decoupling, solve micro services framework
Lower certification and authentication management problem;Token token mechanism is based in the present embodiment, it is only necessary to which client prestores token, each micro-
Server-side does not need storage Session information, to realize statelessly and expansible;Additionally due to subscriber identity information does not need
It is transmitted dependent on Cookie, avoids the risk of CSRF.
Fig. 8 is the structure chart of authentication device provided in an embodiment of the present invention.Authentication dress provided in this embodiment
The process flow that the authentication micro services embodiment of the method for gateway micro services side provides can be executed by setting, as shown in fig. 7, described
Authentication device 70 includes receiving module 71 and sending module 72.
Receiving module 71 includes the token prestored in the service request for receiving the service request of client transmission
And business datum;
Sending module 72, for the service request to be sent to authentication micro services, so that the authentication is micro-
Service is verified according to the token;
The receiving module 71 is also used to, and receives the verification result that the authentication micro services return;
The sending module 72 is also used to, if the verification result is to be verified, the service request is sent to
Corresponding business micro services.
Further, the receiving module 71 is also used to, and receives the logging request that the client is sent, and the login is asked
It asks including subscriber identity information;
The sending module 72 is also used to, and the logging request is sent to the authentication micro services;
The receiving module 71 is also used to, and receives the authentication micro services after passing through to logging request certification
The token of return;
The sending module 72 is also used to, and the token is sent to the client, so that the client is to described
Token is stored.
Further, the sending module 72 is also used to, if the verification result is that verifying does not pass through, the gateway is in incognito
It is engaged in sending service request failed message to the client.
Authentication device provided in an embodiment of the present invention can be specifically used for executing side provided by above-mentioned Fig. 4 and Fig. 5
Method embodiment, details are not described herein again for concrete function.
Authentication device provided in an embodiment of the present invention sends service request, industry to gateway micro services by client
It include the token that prestores of client and business datum in business request, gateway micro services receive service request after service request
Authentication micro services are sent to, are verified by authentication micro services according to token, and transmit verification result to gateway
Service request is sent to corresponding business micro services when verification result is to be verified and carries out industry by micro services, gateway micro services
Business process.In the present embodiment will certification with authenticate independent micro services basic as one, other under micro services framework
Micro services can call the authentication micro services to be authenticated and authenticated, and have good decoupling, solve micro services framework
Lower certification and authentication management problem;Token token mechanism is based in the present embodiment, it is only necessary to which client prestores token, each micro-
Server-side does not need storage Session information, to realize statelessly and expansible;Additionally due to subscriber identity information does not need
It is transmitted dependent on Cookie, avoids the risk of CSRF.
In addition, the present embodiment also provides a kind of computer readable storage medium, it is stored thereon with computer program, the meter
Calculation machine program is executed by processor the authentication method to realize authentication micro services side described in above-described embodiment.
In addition, the present embodiment also provides a kind of computer readable storage medium, it is stored thereon with computer program, the meter
Calculation machine program is executed by processor the authentication method to realize gateway micro services side described in above-described embodiment.
In several embodiments provided by the present invention, it should be understood that disclosed device and method can pass through it
Its mode is realized.For example, the apparatus embodiments described above are merely exemplary, for example, the division of the unit, only
Only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components can be tied
Another system is closed or is desirably integrated into, or some features can be ignored or not executed.Another point, it is shown or discussed
Mutual coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING or logical of device or unit
Letter connection can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of hardware adds SFU software functional unit.
The above-mentioned integrated unit being realized in the form of SFU software functional unit can store and computer-readable deposit at one
In storage media.Above-mentioned SFU software functional unit is stored in a storage medium, including some instructions are used so that a computer
It is each that equipment (can be personal computer, server or the network equipment etc.) or processor (processor) execute the present invention
The part steps of embodiment the method.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (Read-
Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic or disk etc. it is various
It can store the medium of program code.
Those skilled in the art can be understood that, for convenience and simplicity of description, only with above-mentioned each functional module
Division progress for example, in practical application, can according to need and above-mentioned function distribution is complete by different functional modules
At the internal structure of device being divided into different functional modules, to complete all or part of the functions described above.On
The specific work process for stating the device of description, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present invention., rather than its limitations;To the greatest extent
Pipe present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: its according to
So be possible to modify the technical solutions described in the foregoing embodiments, or to some or all of the technical features into
Row equivalent replacement;And these are modified or replaceed, various embodiments of the present invention technology that it does not separate the essence of the corresponding technical solution
The range of scheme.
Claims (10)
1. a kind of authentication method characterized by comprising
Authentication micro services receive the service request for the client that gateway micro services are sent, and include described in the service request
The token and business datum that client prestores;
The authentication micro services are verified according to the token;
The authentication micro services transmit verification result to gateway micro services, so that the gateway micro services are in the verifying
It as a result is that the service request is sent to corresponding business micro services when being verified.
2. the method according to claim 1, wherein the method also includes:
The authentication micro services receive the logging request for the client that the gateway micro services are sent, and the login is asked
It asks including subscriber identity information;
The authentication micro services authenticate the logging request;
If the authentication micro services pass through logging request certification, the authentication micro services generate the order
Board, and it is sent to the client by the gateway micro services, so that the client stores the token.
3. according to the method described in claim 2, it is characterized in that, the authentication micro services carry out the logging request
Certification, comprising:
The logging request is sent to Light Directory Access Protocol LDAP module by the authentication micro services, so that described
LDAP module authenticates the subscriber identity information according to prestored user information;
The authentication micro services receive the authentication result that the LDAP module returns.
4. according to the method in claim 2 or 3, which is characterized in that the authentication micro services are to the logging request
It is authenticated, comprising:
The authentication micro services obtain authority information according to the logging request;
The authentication micro services generate the token, comprising:
The authentication micro services generate the token according to the subscriber identity information and the authority information.
5. according to the method described in claim 4, it is characterized in that, the authentication micro services are tested according to the token
Card, comprising:
Can the authentication micro services judgement subscriber identity information is obtained according to the token and the permission is believed
Breath, if the subscriber identity information and the authority information can be obtained according to the token, it is determined that authentication passes through;
The authentication micro services judge whether the service request meets the authority information, if the service request meets
The authority information, it is determined that the authentication is passed.
6. according to the method described in claim 5, it is characterized in that,
If the subscriber identity information and the authority information cannot be obtained according to the token, determine that authentication is not led to
It crosses or the service request is not able to satisfy the authority information, determine that authentication does not pass through, then the authentication micro services are to institute
It states gateway micro services and sends service request failed message.
7. a kind of authentication method characterized by comprising
Gateway micro services receive the service request that client is sent, and include the token and business number prestored in the service request
According to;
The service request is sent to authentication micro services by the gateway micro services, so that the authentication micro services root
It is verified according to the token, and returns to verification result;
If the verification result is to be verified, it is micro- that the service request is sent to corresponding business by the gateway micro services
Service.
8. a kind of authentication device characterized by comprising
Receiving module includes described in the service request for receiving the service request for the client that gateway micro services are sent
The token and business datum that client prestores;
Processing module, for being verified according to the token;
Sending module, for transmitting verification result to gateway micro services, so that the gateway micro services are in the verification result
The service request is sent to corresponding business micro services when to be verified.
9. a kind of authentication device characterized by comprising
Receiving module includes the token prestored and industry in the service request for receiving the service request of client transmission
Business data;
Sending module, for the service request to be sent to authentication micro services, so that the authentication micro services root
It is verified according to the token;
The receiving module is also used to, and receives the verification result that the authentication micro services return;
The sending module is also used to, if the verification result is to be verified, the service request is sent to corresponding
Business micro services.
10. a kind of computer readable storage medium, which is characterized in that be stored thereon with computer program;
Such as method of any of claims 1-7 is realized when the computer program is executed by processor.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811487674.3A CN109327477A (en) | 2018-12-06 | 2018-12-06 | Authentication method, device and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811487674.3A CN109327477A (en) | 2018-12-06 | 2018-12-06 | Authentication method, device and storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109327477A true CN109327477A (en) | 2019-02-12 |
Family
ID=65256470
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811487674.3A Pending CN109327477A (en) | 2018-12-06 | 2018-12-06 | Authentication method, device and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109327477A (en) |
Cited By (62)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109862036A (en) * | 2019-03-20 | 2019-06-07 | 上海博泰悦臻网络技术服务有限公司 | A kind of collaboration authentication method and terminal |
CN110049048A (en) * | 2019-04-22 | 2019-07-23 | 易联众民生(厦门)科技有限公司 | A kind of data access method, equipment and the readable medium of government affairs public service |
CN110086813A (en) * | 2019-04-30 | 2019-08-02 | 新华三大数据技术有限公司 | Access right control method and device |
CN110086822A (en) * | 2019-05-07 | 2019-08-02 | 北京智芯微电子科技有限公司 | The realization method and system of unified identity authentication strategy towards micro services framework |
CN110198301A (en) * | 2019-03-26 | 2019-09-03 | 腾讯科技(深圳)有限公司 | A kind of service data acquisition methods, device and equipment |
CN110324328A (en) * | 2019-06-26 | 2019-10-11 | 阿里巴巴集团控股有限公司 | A kind of safety certifying method, system and equipment |
CN110460595A (en) * | 2019-08-02 | 2019-11-15 | 阿里巴巴集团控股有限公司 | It is a kind of to authenticate and business service method, apparatus and equipment |
CN110730077A (en) * | 2019-10-09 | 2020-01-24 | 北京华宇信息技术有限公司 | Method and system for micro-service identity authentication and interface authentication |
CN110784551A (en) * | 2019-11-05 | 2020-02-11 | 中国建设银行股份有限公司 | Data processing method, device, equipment and medium based on multiple tenants |
CN111010396A (en) * | 2019-12-17 | 2020-04-14 | 紫光云(南京)数字技术有限公司 | Internet identity authentication management method |
CN111030818A (en) * | 2020-01-09 | 2020-04-17 | 上海金仕达软件科技有限公司 | Uniform session management method and system based on micro-service gateway |
CN111093197A (en) * | 2019-12-31 | 2020-05-01 | 北大方正集团有限公司 | Authority authentication method, authority authentication system and computer readable storage medium |
CN111131488A (en) * | 2019-12-30 | 2020-05-08 | 武汉佰钧成技术有限责任公司 | Remote management method and system for local area network identity recognition unit |
CN111130892A (en) * | 2019-12-27 | 2020-05-08 | 上海浦东发展银行股份有限公司 | Enterprise-level microservice management system and method |
CN111158786A (en) * | 2019-12-30 | 2020-05-15 | 武汉佰钧成技术有限责任公司 | Micro-service project access method and platform |
CN111209578A (en) * | 2019-12-31 | 2020-05-29 | 网联清算有限公司 | Application service access method and device |
CN111310141A (en) * | 2020-02-13 | 2020-06-19 | 上海复深蓝软件股份有限公司 | Authentication management method, device, computer equipment and storage medium |
CN111355713A (en) * | 2020-02-20 | 2020-06-30 | 深信服科技股份有限公司 | Proxy access method, device, proxy gateway and readable storage medium |
CN111405036A (en) * | 2020-03-13 | 2020-07-10 | 北京奇艺世纪科技有限公司 | Service access method, device, related equipment and computer readable storage medium |
US10728247B1 (en) | 2019-08-02 | 2020-07-28 | Alibaba Group Holding Limited | Selecting an authentication system for handling an authentication request |
CN111538966A (en) * | 2020-04-17 | 2020-08-14 | 中移(杭州)信息技术有限公司 | Access method, access device, server and storage medium |
CN111585973A (en) * | 2020-04-16 | 2020-08-25 | 北京明略软件系统有限公司 | Method and device for managing access |
CN111682941A (en) * | 2020-05-18 | 2020-09-18 | 上海瑾琛网络科技有限公司 | Centralized identity management, distributed authentication and authorization method based on cryptography |
CN111698312A (en) * | 2020-06-08 | 2020-09-22 | 中国建设银行股份有限公司 | Service processing method, device, equipment and storage medium based on open platform |
CN111756733A (en) * | 2020-06-23 | 2020-10-09 | 恒生电子股份有限公司 | Identity authentication method and related device |
CN111756737A (en) * | 2020-06-24 | 2020-10-09 | 中国平安财产保险股份有限公司 | Data transmission method, device, system, computer equipment and readable storage medium |
CN111786998A (en) * | 2020-06-30 | 2020-10-16 | 成都新潮传媒集团有限公司 | Authority management method and device based on micro-service calling and storage medium |
CN111935125A (en) * | 2020-08-05 | 2020-11-13 | 嘉联支付有限公司 | Authentication method and device based on distributed architecture and micro-service system |
CN111970282A (en) * | 2020-08-19 | 2020-11-20 | 工银科技有限公司 | Authentication method and device for heterogeneous module in system |
CN112039909A (en) * | 2020-09-03 | 2020-12-04 | 平安科技(深圳)有限公司 | Authentication method, device, equipment and storage medium based on unified gateway |
CN112036888A (en) * | 2020-08-05 | 2020-12-04 | 北京文思海辉金信软件有限公司 | Business operation execution method and device, computer equipment and storage medium |
CN112055024A (en) * | 2020-09-09 | 2020-12-08 | 深圳市欢太科技有限公司 | Authority verification method and device, storage medium and electronic equipment |
CN112149079A (en) * | 2020-10-22 | 2020-12-29 | 国网冀北电力有限公司经济技术研究院 | Planning review management platform based on micro-service architecture and user access authorization method |
CN112153012A (en) * | 2020-09-01 | 2020-12-29 | 珠海市卓轩科技有限公司 | Multi-terminal contact access method, device and storage medium |
CN112188493A (en) * | 2020-10-22 | 2021-01-05 | 深圳云之家网络有限公司 | Authentication method, system and related equipment |
CN112291178A (en) * | 2019-07-22 | 2021-01-29 | 京东方科技集团股份有限公司 | Service providing method and device and electronic equipment |
CN112333201A (en) * | 2020-11-20 | 2021-02-05 | 广州欢网科技有限责任公司 | Upper-layer application requests micro-service authentication optimization system through gateway |
CN112350978A (en) * | 2019-08-08 | 2021-02-09 | 中移(苏州)软件技术有限公司 | Service processing method, system, device and storage medium |
CN112422533A (en) * | 2020-11-05 | 2021-02-26 | 杭州米络星科技(集团)有限公司 | Verification method and device for user to access network and electronic equipment |
CN112468340A (en) * | 2020-11-24 | 2021-03-09 | 上海浦东发展银行股份有限公司 | Pre-audit business data configuration system for multiple tenants |
CN112491895A (en) * | 2020-11-30 | 2021-03-12 | 武汉海昌信息技术有限公司 | Identity authentication method, storage medium and system based on micro-service |
CN112511505A (en) * | 2020-11-16 | 2021-03-16 | 北京中关村银行股份有限公司 | Authentication system, method, device, equipment and medium |
CN112559010A (en) * | 2020-12-22 | 2021-03-26 | 福州数据技术研究院有限公司 | Multi-application system data isolation implementation method and system based on micro-service |
CN112671841A (en) * | 2020-12-10 | 2021-04-16 | 清研灵智信息咨询(北京)有限公司 | Data security management method and system based on micro-service technology architecture |
CN112671751A (en) * | 2020-12-18 | 2021-04-16 | 福建新大陆软件工程有限公司 | Authentication method, device, equipment and medium based on micro-service architecture |
CN112738069A (en) * | 2020-12-25 | 2021-04-30 | 神思旭辉医疗信息技术有限责任公司 | Fusion method, system and server based on stateful authentication mechanism and stateless authentication mechanism |
CN112766972A (en) * | 2020-12-31 | 2021-05-07 | 未鲲(上海)科技服务有限公司 | User identity authentication method and system |
CN112866265A (en) * | 2021-01-27 | 2021-05-28 | 湖南快乐阳光互动娱乐传媒有限公司 | CSRF attack protection method and device |
CN112884574A (en) * | 2021-01-29 | 2021-06-01 | 上海分布信息科技有限公司 | Safety processing method and system for block chain service |
CN112883357A (en) * | 2021-03-11 | 2021-06-01 | 中科三清科技有限公司 | Stateless login authentication method and device |
CN113014565A (en) * | 2021-02-19 | 2021-06-22 | 北京天维信通科技有限公司 | Zero trust architecture for realizing port scanning prevention and service port access method and equipment |
CN113098695A (en) * | 2021-04-21 | 2021-07-09 | 金陵科技学院 | Micro-service unified authority control method and system based on user attributes |
CN113297589A (en) * | 2021-03-31 | 2021-08-24 | 阿里巴巴新加坡控股有限公司 | Method, device and system for setting cluster permission |
CN113472794A (en) * | 2021-07-05 | 2021-10-01 | 福州数据技术研究院有限公司 | Multi-application system authority unified management method based on micro-service and computer readable storage medium |
CN113923020A (en) * | 2021-10-09 | 2022-01-11 | 天翼物联科技有限公司 | Micro-service authentication method, device and equipment of SaaS multi-tenant architecture |
CN114221782A (en) * | 2021-11-09 | 2022-03-22 | 中央广播电视总台 | Authentication method, equipment, chip and storage medium |
CN114338212A (en) * | 2021-12-31 | 2022-04-12 | 航天信息股份有限公司 | Identity authentication token management method and device, electronic equipment and readable storage medium |
CN114385995A (en) * | 2022-01-06 | 2022-04-22 | 徐工汉云技术股份有限公司 | Handle-based method for accessing identifier analysis micro-service to industrial Internet and identifier service system |
CN114448703A (en) * | 2022-01-29 | 2022-05-06 | 北京百度网讯科技有限公司 | Request processing method and device, electronic equipment and storage medium |
CN114745431A (en) * | 2022-03-18 | 2022-07-12 | 上海道客网络科技有限公司 | Side car technology-based non-invasive authority authentication method, system, medium and equipment |
CN115277207A (en) * | 2022-07-28 | 2022-11-01 | 联想(北京)有限公司 | Access control method and electronic equipment |
CN115865379A (en) * | 2023-02-27 | 2023-03-28 | 广东省信息工程有限公司 | Stateless distributed authentication method, client, authentication server and medium |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102111410A (en) * | 2011-01-13 | 2011-06-29 | 中国科学院软件研究所 | Agent-based single sign on (SSO) method and system |
CN102630074A (en) * | 2011-07-30 | 2012-08-08 | 上海安吉星信息服务有限公司 | Methods for obtaining location information of vehicle from different place and carrying out navigation by mobile terminal and system |
CN107425983A (en) * | 2017-08-08 | 2017-12-01 | 北京明朝万达科技股份有限公司 | A kind of unified identity authentication method and system platform based on WEB service |
CN107528853A (en) * | 2017-09-12 | 2017-12-29 | 上海艾融软件股份有限公司 | The implementation method of micro services control of authority |
US20180026984A1 (en) * | 2016-07-22 | 2018-01-25 | Box, Inc. | Access authentication for cloud-based shared content |
WO2018053122A1 (en) * | 2016-09-14 | 2018-03-22 | Oracle International Corporation | Single sign-on and single logout functionality for a multi-tenant identity and data security management cloud service |
CN108306877A (en) * | 2018-01-30 | 2018-07-20 | 泰康保险集团股份有限公司 | Verification method, device and the storage medium of subscriber identity information based on NODE JS |
CN108810029A (en) * | 2018-07-23 | 2018-11-13 | 珠海宏桥高科技有限公司 | Right discriminating system and optimization method between a kind of micro services infrastructure services |
CN108901022A (en) * | 2018-06-28 | 2018-11-27 | 深圳云之家网络有限公司 | A kind of micro services universal retrieval method and gateway |
-
2018
- 2018-12-06 CN CN201811487674.3A patent/CN109327477A/en active Pending
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102111410A (en) * | 2011-01-13 | 2011-06-29 | 中国科学院软件研究所 | Agent-based single sign on (SSO) method and system |
CN102630074A (en) * | 2011-07-30 | 2012-08-08 | 上海安吉星信息服务有限公司 | Methods for obtaining location information of vehicle from different place and carrying out navigation by mobile terminal and system |
US20180026984A1 (en) * | 2016-07-22 | 2018-01-25 | Box, Inc. | Access authentication for cloud-based shared content |
WO2018053122A1 (en) * | 2016-09-14 | 2018-03-22 | Oracle International Corporation | Single sign-on and single logout functionality for a multi-tenant identity and data security management cloud service |
CN107425983A (en) * | 2017-08-08 | 2017-12-01 | 北京明朝万达科技股份有限公司 | A kind of unified identity authentication method and system platform based on WEB service |
CN107528853A (en) * | 2017-09-12 | 2017-12-29 | 上海艾融软件股份有限公司 | The implementation method of micro services control of authority |
CN108306877A (en) * | 2018-01-30 | 2018-07-20 | 泰康保险集团股份有限公司 | Verification method, device and the storage medium of subscriber identity information based on NODE JS |
CN108901022A (en) * | 2018-06-28 | 2018-11-27 | 深圳云之家网络有限公司 | A kind of micro services universal retrieval method and gateway |
CN108810029A (en) * | 2018-07-23 | 2018-11-13 | 珠海宏桥高科技有限公司 | Right discriminating system and optimization method between a kind of micro services infrastructure services |
Cited By (84)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109862036A (en) * | 2019-03-20 | 2019-06-07 | 上海博泰悦臻网络技术服务有限公司 | A kind of collaboration authentication method and terminal |
CN110198301A (en) * | 2019-03-26 | 2019-09-03 | 腾讯科技(深圳)有限公司 | A kind of service data acquisition methods, device and equipment |
CN110198301B (en) * | 2019-03-26 | 2021-12-14 | 腾讯科技(深圳)有限公司 | Service data acquisition method, device and equipment |
CN110049048A (en) * | 2019-04-22 | 2019-07-23 | 易联众民生(厦门)科技有限公司 | A kind of data access method, equipment and the readable medium of government affairs public service |
CN110086813A (en) * | 2019-04-30 | 2019-08-02 | 新华三大数据技术有限公司 | Access right control method and device |
CN110086822A (en) * | 2019-05-07 | 2019-08-02 | 北京智芯微电子科技有限公司 | The realization method and system of unified identity authentication strategy towards micro services framework |
CN110324328A (en) * | 2019-06-26 | 2019-10-11 | 阿里巴巴集团控股有限公司 | A kind of safety certifying method, system and equipment |
CN112291178A (en) * | 2019-07-22 | 2021-01-29 | 京东方科技集团股份有限公司 | Service providing method and device and electronic equipment |
CN112291178B (en) * | 2019-07-22 | 2024-03-22 | 京东方科技集团股份有限公司 | Service providing method and device and electronic equipment |
WO2021022792A1 (en) * | 2019-08-02 | 2021-02-11 | 创新先进技术有限公司 | Authentication and service serving methods and apparatuses, and device |
TWI729718B (en) * | 2019-08-02 | 2021-06-01 | 開曼群島商創新先進技術有限公司 | Verification and business service method, device, electronic equipment and verification system |
CN110460595B (en) * | 2019-08-02 | 2021-03-30 | 创新先进技术有限公司 | Authentication and service method, device and equipment |
CN110460595A (en) * | 2019-08-02 | 2019-11-15 | 阿里巴巴集团控股有限公司 | It is a kind of to authenticate and business service method, apparatus and equipment |
US10728247B1 (en) | 2019-08-02 | 2020-07-28 | Alibaba Group Holding Limited | Selecting an authentication system for handling an authentication request |
CN112350978A (en) * | 2019-08-08 | 2021-02-09 | 中移(苏州)软件技术有限公司 | Service processing method, system, device and storage medium |
CN110730077A (en) * | 2019-10-09 | 2020-01-24 | 北京华宇信息技术有限公司 | Method and system for micro-service identity authentication and interface authentication |
CN110784551A (en) * | 2019-11-05 | 2020-02-11 | 中国建设银行股份有限公司 | Data processing method, device, equipment and medium based on multiple tenants |
CN111010396A (en) * | 2019-12-17 | 2020-04-14 | 紫光云(南京)数字技术有限公司 | Internet identity authentication management method |
CN111130892A (en) * | 2019-12-27 | 2020-05-08 | 上海浦东发展银行股份有限公司 | Enterprise-level microservice management system and method |
CN111158786A (en) * | 2019-12-30 | 2020-05-15 | 武汉佰钧成技术有限责任公司 | Micro-service project access method and platform |
CN111131488A (en) * | 2019-12-30 | 2020-05-08 | 武汉佰钧成技术有限责任公司 | Remote management method and system for local area network identity recognition unit |
CN111209578A (en) * | 2019-12-31 | 2020-05-29 | 网联清算有限公司 | Application service access method and device |
CN111093197A (en) * | 2019-12-31 | 2020-05-01 | 北大方正集团有限公司 | Authority authentication method, authority authentication system and computer readable storage medium |
CN111030818A (en) * | 2020-01-09 | 2020-04-17 | 上海金仕达软件科技有限公司 | Uniform session management method and system based on micro-service gateway |
CN111310141A (en) * | 2020-02-13 | 2020-06-19 | 上海复深蓝软件股份有限公司 | Authentication management method, device, computer equipment and storage medium |
CN111355713A (en) * | 2020-02-20 | 2020-06-30 | 深信服科技股份有限公司 | Proxy access method, device, proxy gateway and readable storage medium |
CN111405036A (en) * | 2020-03-13 | 2020-07-10 | 北京奇艺世纪科技有限公司 | Service access method, device, related equipment and computer readable storage medium |
CN111585973A (en) * | 2020-04-16 | 2020-08-25 | 北京明略软件系统有限公司 | Method and device for managing access |
CN111538966B (en) * | 2020-04-17 | 2024-02-23 | 中移(杭州)信息技术有限公司 | Access method, access device, server and storage medium |
CN111538966A (en) * | 2020-04-17 | 2020-08-14 | 中移(杭州)信息技术有限公司 | Access method, access device, server and storage medium |
CN111682941A (en) * | 2020-05-18 | 2020-09-18 | 上海瑾琛网络科技有限公司 | Centralized identity management, distributed authentication and authorization method based on cryptography |
CN111698312A (en) * | 2020-06-08 | 2020-09-22 | 中国建设银行股份有限公司 | Service processing method, device, equipment and storage medium based on open platform |
CN111756733A (en) * | 2020-06-23 | 2020-10-09 | 恒生电子股份有限公司 | Identity authentication method and related device |
CN111756737A (en) * | 2020-06-24 | 2020-10-09 | 中国平安财产保险股份有限公司 | Data transmission method, device, system, computer equipment and readable storage medium |
CN111756737B (en) * | 2020-06-24 | 2023-10-13 | 中国平安财产保险股份有限公司 | Data transmission method, device, system, computer equipment and readable storage medium |
CN111786998A (en) * | 2020-06-30 | 2020-10-16 | 成都新潮传媒集团有限公司 | Authority management method and device based on micro-service calling and storage medium |
CN111935125A (en) * | 2020-08-05 | 2020-11-13 | 嘉联支付有限公司 | Authentication method and device based on distributed architecture and micro-service system |
CN111935125B (en) * | 2020-08-05 | 2022-10-21 | 嘉联支付有限公司 | Authentication method and device based on distributed architecture and micro-service system |
CN112036888A (en) * | 2020-08-05 | 2020-12-04 | 北京文思海辉金信软件有限公司 | Business operation execution method and device, computer equipment and storage medium |
CN111970282A (en) * | 2020-08-19 | 2020-11-20 | 工银科技有限公司 | Authentication method and device for heterogeneous module in system |
CN111970282B (en) * | 2020-08-19 | 2022-09-30 | 中国工商银行股份有限公司 | Authentication method and device for heterogeneous module in system |
CN112153012A (en) * | 2020-09-01 | 2020-12-29 | 珠海市卓轩科技有限公司 | Multi-terminal contact access method, device and storage medium |
CN112039909B (en) * | 2020-09-03 | 2022-07-12 | 平安科技(深圳)有限公司 | Authentication method, device, equipment and storage medium based on unified gateway |
CN112039909A (en) * | 2020-09-03 | 2020-12-04 | 平安科技(深圳)有限公司 | Authentication method, device, equipment and storage medium based on unified gateway |
CN112055024B (en) * | 2020-09-09 | 2023-08-22 | 深圳市欢太科技有限公司 | Authority verification method and device, storage medium and electronic equipment |
CN112055024A (en) * | 2020-09-09 | 2020-12-08 | 深圳市欢太科技有限公司 | Authority verification method and device, storage medium and electronic equipment |
CN112188493B (en) * | 2020-10-22 | 2023-08-15 | 深圳云之家网络有限公司 | Authentication method, system and related equipment |
CN112149079A (en) * | 2020-10-22 | 2020-12-29 | 国网冀北电力有限公司经济技术研究院 | Planning review management platform based on micro-service architecture and user access authorization method |
CN112188493A (en) * | 2020-10-22 | 2021-01-05 | 深圳云之家网络有限公司 | Authentication method, system and related equipment |
CN112422533A (en) * | 2020-11-05 | 2021-02-26 | 杭州米络星科技(集团)有限公司 | Verification method and device for user to access network and electronic equipment |
CN112511505A (en) * | 2020-11-16 | 2021-03-16 | 北京中关村银行股份有限公司 | Authentication system, method, device, equipment and medium |
CN112333201A (en) * | 2020-11-20 | 2021-02-05 | 广州欢网科技有限责任公司 | Upper-layer application requests micro-service authentication optimization system through gateway |
CN112468340A (en) * | 2020-11-24 | 2021-03-09 | 上海浦东发展银行股份有限公司 | Pre-audit business data configuration system for multiple tenants |
CN112491895A (en) * | 2020-11-30 | 2021-03-12 | 武汉海昌信息技术有限公司 | Identity authentication method, storage medium and system based on micro-service |
CN112671841A (en) * | 2020-12-10 | 2021-04-16 | 清研灵智信息咨询(北京)有限公司 | Data security management method and system based on micro-service technology architecture |
CN112671751A (en) * | 2020-12-18 | 2021-04-16 | 福建新大陆软件工程有限公司 | Authentication method, device, equipment and medium based on micro-service architecture |
CN112671751B (en) * | 2020-12-18 | 2023-05-02 | 福建新大陆软件工程有限公司 | Authentication method, system, equipment and medium based on micro-service architecture |
CN112559010B (en) * | 2020-12-22 | 2022-06-21 | 福州数据技术研究院有限公司 | Multi-application system data isolation implementation method and system based on micro-service |
CN112559010A (en) * | 2020-12-22 | 2021-03-26 | 福州数据技术研究院有限公司 | Multi-application system data isolation implementation method and system based on micro-service |
CN112738069A (en) * | 2020-12-25 | 2021-04-30 | 神思旭辉医疗信息技术有限责任公司 | Fusion method, system and server based on stateful authentication mechanism and stateless authentication mechanism |
CN112738069B (en) * | 2020-12-25 | 2022-11-04 | 神思旭辉医疗信息技术有限责任公司 | Fusion method, system and server based on stateful authentication mechanism and stateless authentication mechanism |
CN112766972A (en) * | 2020-12-31 | 2021-05-07 | 未鲲(上海)科技服务有限公司 | User identity authentication method and system |
CN112866265A (en) * | 2021-01-27 | 2021-05-28 | 湖南快乐阳光互动娱乐传媒有限公司 | CSRF attack protection method and device |
CN112884574B (en) * | 2021-01-29 | 2023-01-10 | 上海分布信息科技有限公司 | Safety processing method and system for block chain service |
CN112884574A (en) * | 2021-01-29 | 2021-06-01 | 上海分布信息科技有限公司 | Safety processing method and system for block chain service |
CN113014565A (en) * | 2021-02-19 | 2021-06-22 | 北京天维信通科技有限公司 | Zero trust architecture for realizing port scanning prevention and service port access method and equipment |
CN112883357A (en) * | 2021-03-11 | 2021-06-01 | 中科三清科技有限公司 | Stateless login authentication method and device |
CN113297589B (en) * | 2021-03-31 | 2024-04-16 | 阿里巴巴创新公司 | Method, device and system for setting cluster permission |
CN113297589A (en) * | 2021-03-31 | 2021-08-24 | 阿里巴巴新加坡控股有限公司 | Method, device and system for setting cluster permission |
CN113098695A (en) * | 2021-04-21 | 2021-07-09 | 金陵科技学院 | Micro-service unified authority control method and system based on user attributes |
CN113098695B (en) * | 2021-04-21 | 2022-05-03 | 金陵科技学院 | Micro-service unified authority control method and system based on user attributes |
CN113472794A (en) * | 2021-07-05 | 2021-10-01 | 福州数据技术研究院有限公司 | Multi-application system authority unified management method based on micro-service and computer readable storage medium |
CN113472794B (en) * | 2021-07-05 | 2023-08-15 | 福州数据技术研究院有限公司 | Multi-application system authority unified management method based on micro-service and storage medium |
CN113923020A (en) * | 2021-10-09 | 2022-01-11 | 天翼物联科技有限公司 | Micro-service authentication method, device and equipment of SaaS multi-tenant architecture |
CN114221782B (en) * | 2021-11-09 | 2023-11-24 | 中央广播电视总台 | Authentication method, device, chip and storage medium |
CN114221782A (en) * | 2021-11-09 | 2022-03-22 | 中央广播电视总台 | Authentication method, equipment, chip and storage medium |
CN114338212A (en) * | 2021-12-31 | 2022-04-12 | 航天信息股份有限公司 | Identity authentication token management method and device, electronic equipment and readable storage medium |
CN114385995A (en) * | 2022-01-06 | 2022-04-22 | 徐工汉云技术股份有限公司 | Handle-based method for accessing identifier analysis micro-service to industrial Internet and identifier service system |
CN114448703A (en) * | 2022-01-29 | 2022-05-06 | 北京百度网讯科技有限公司 | Request processing method and device, electronic equipment and storage medium |
CN114448703B (en) * | 2022-01-29 | 2023-11-17 | 北京百度网讯科技有限公司 | Request processing method, request processing device, electronic equipment and storage medium |
CN114745431B (en) * | 2022-03-18 | 2023-09-29 | 上海道客网络科技有限公司 | Non-invasive authority authentication method, system, medium and equipment based on side car technology |
CN114745431A (en) * | 2022-03-18 | 2022-07-12 | 上海道客网络科技有限公司 | Side car technology-based non-invasive authority authentication method, system, medium and equipment |
CN115277207A (en) * | 2022-07-28 | 2022-11-01 | 联想(北京)有限公司 | Access control method and electronic equipment |
CN115865379A (en) * | 2023-02-27 | 2023-03-28 | 广东省信息工程有限公司 | Stateless distributed authentication method, client, authentication server and medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109327477A (en) | Authentication method, device and storage medium | |
CN106453271B (en) | Identity registration method and system, identity identifying method and system | |
CN108965230A (en) | A kind of safety communicating method, system and terminal device | |
CN105592003B (en) | A kind of cross-domain single login method and system based on notice | |
CN105007279B (en) | Authentication method and Verification System | |
CN109309565A (en) | A kind of method and device of safety certification | |
KR101708587B1 (en) | Bidirectional authorization system, client and method | |
US8356179B2 (en) | Entity bi-directional identificator method and system based on trustable third party | |
CN105493453B (en) | It is a kind of to realize the method, apparatus and system remotely accessed | |
EP2984782B1 (en) | Method and system for accessing device by a user | |
CN107294916B (en) | Single-point logging method, single-sign-on terminal and single-node login system | |
CN105933315B (en) | A kind of network service safe communication means, device and system | |
CN107425983A (en) | A kind of unified identity authentication method and system platform based on WEB service | |
CN106452782A (en) | Method and system for producing a secure communication channel for terminals | |
CN104883367B (en) | A kind of method, system and applications client that auxiliary verification logs in | |
CN110569638B (en) | API authentication method and device, storage medium and computing equipment | |
CN110493237A (en) | Identity management method, device, computer equipment and storage medium | |
US9398024B2 (en) | System and method for reliably authenticating an appliance | |
CN106060078A (en) | User information encryption method, user registration method and user validation method applied to cloud platform | |
CN106302422A (en) | Business encryption and decryption method and device | |
CN108632042A (en) | A kind of class AKA identity authorization systems and method based on pool of symmetric keys | |
CN109587100A (en) | A kind of cloud computing platform user authentication process method and system | |
CN107786515A (en) | A kind of method and apparatus of certificate verification | |
CN113726524A (en) | Secure communication method and communication system | |
CN110087241A (en) | Business authorization method, equipment and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190212 |