CN109344603A - A kind of unified entry system - Google Patents
A kind of unified entry system Download PDFInfo
- Publication number
- CN109344603A CN109344603A CN201811239799.4A CN201811239799A CN109344603A CN 109344603 A CN109344603 A CN 109344603A CN 201811239799 A CN201811239799 A CN 201811239799A CN 109344603 A CN109344603 A CN 109344603A
- Authority
- CN
- China
- Prior art keywords
- employee
- project
- role
- information
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012795 verification Methods 0.000 claims abstract description 43
- 238000013475 authorization Methods 0.000 claims abstract description 17
- 238000013507 mapping Methods 0.000 claims description 59
- 238000012423 maintenance Methods 0.000 claims description 18
- 238000012986 modification Methods 0.000 claims description 8
- 230000004048 modification Effects 0.000 claims description 8
- 108700010070 Codon Usage Proteins 0.000 claims description 3
- 238000011161 development Methods 0.000 abstract description 11
- 230000008901 benefit Effects 0.000 abstract description 2
- 230000000694 effects Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 238000000034 method Methods 0.000 description 3
- 230000003993 interaction Effects 0.000 description 2
- VYPSYNLAJGMNEJ-UHFFFAOYSA-N Silicium dioxide Chemical compound O=[Si]=O VYPSYNLAJGMNEJ-UHFFFAOYSA-N 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 150000001875 compounds Chemical class 0.000 description 1
- 239000012141 concentrate Substances 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 235000013399 edible fruits Nutrition 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000010079 rubber tapping Methods 0.000 description 1
- 238000003466 welding Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2113—Multi-level security, e.g. mandatory access control
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a kind of unified entry systems, are related to Internet technical field, it is intended to solve the problems, such as existing Rights Management System apply when in project management with project development low efficiency and safety it is bad.Its key points of the technical solution are that background module configures multiple Role Informations, and access authorization for resource is configured for each role;Authority Verification module calls external interface module and provides corresponding employee No. id to external interface module, and employee No. id is associated with corresponding Role Information;External interface module corresponding permissions data and returns to the permissions data and gives Authority Verification module in role's reading database according to associated by employee No. id;Authority Verification module judges the permission of the employee according to the permissions data of return, and calls external interface module to the corresponding resource of the employee setup.After project is accessed unified entry system, employee is distributed the operating right of project by unified entry system, has the advantages that project development is high-efficient and safety is good.
Description
Technical field
The present invention relates to Internet technical fields, more particularly, to a kind of unified entry system.
Background technique
Currently, can all there be many projects in company during development, multiple projects have led to needing it is multiple therewith
The project management backstage of collocation, based on project management backstage, each project must write permission judgement and maintenance correlative code, weight
Complexor is big, cumbersome, affects the development efficiency of company's project.
Based on the above issues, some Internet enterprises and internet platform are also proposed different project rights management sides
Case, such as:
D1: Beijing Bright Oceans Inter-telecom Technology Co., Ltd. is application No. is " 201110460106 " filed on December 31st, 2011
Chinese patent, it discloses a kind of concentration Rights Management System, including authorization unit, authenticating unit and human-computer interaction interface,
Middle authorization unit specifically includes domain controller and resource manager, and domain controller further comprises Authorization Manager and movable mesh
Record, has role, operation and authority information on Authorization Manager, saves user information on Active Directory, on resource manager
Storage resource information matches the authority relation of user, role, resource three by human-computer interaction interface, reaches and concentrates authorization
Purpose realizes authentication by the authorization interface that authenticating unit provides.It is set based on Authorization Manager in domain controller and Active Directory
The concentration Rights Management System of meter realizes the concentration authentication of each system, solves uniformly log in, be classified fraction access and password management
Problem.
D2: China Aeronautical Radio Electronics Research Institute filed on November 15th, 2013 application No. is
The Chinese patent of " 201310573907 ", it discloses a kind of uniform permission administration deployment systems, including operation following procedure mould
The general module of block: unified identity authentication component, user management component, Role Management component, authority distribution component, unified rights
Component registration, unified resource interface module, user can integrate the role of the existing subsystems of enterprises, permission money
Source, including soft project activity, organization assets library, enterprise portal and other outer welding system integration tools, synchronize shared system
One user resources, quickly switch among subsystems, shorten access time, to make soft projectization or more chain
It is connected simpler and more direct effective, reduces entire group and be woven in the cost paid in soft project activity.
From above-mentioned document it is found that quickly having accessed related resource by user's associated different role in subsystems
Have more perfect technical solution, still, on the project management level of enterprises, new project can be continuously increased, and
The project of employee involvement may have it is multiple, so, prior art among the above has the following deficiencies: the management in project
In, if what is presented after employee's login system is more, many and diverse project resource, it will affect operation of the employee to project, into
And influence the development efficiency of company's project;(one is matched to each project for employee according to traditional project management mode
Corresponding password), it will cause the problem of employee needs to safeguard more set passwords, and password is easy leakage, safety is bad.For this purpose,
Present applicant proposes a kind of new schemes.
Summary of the invention
The object of the present invention is to provide a kind of unified entry system, effects high-efficient with project development and good safety
Fruit.
Foregoing invention purpose of the invention has the technical scheme that
A kind of unified entry system, comprising: background module, Authority Verification module, external interface module and database;
The background module is for configuring multiple Role Informations, configuring access authorization for resource for each role and by the Role Information of configuration
It is stored in database profession with permissions data;
The Authority Verification module is used to call external interface module after employee logs in unified entry system and to external interface
Module provides corresponding employee No. id, and the employee No. id is associated with Role Information;
The external interface module is for corresponding permissions data in role's reading database according to associated by employee and returns
The permissions data gives Authority Verification module;
Wherein, the Authority Verification module is also used to judge according to the permissions data of return the permission of the employee, and calls external
Interface module is to the corresponding resource of the employee setup.
By using above-mentioned technical proposal, unified entry system reduces duplicated code amount, and company's sundry item need to only connect
Enter unified entry system, Authority Verification module, which is done, to be judged, that is, can determine whether the permission of corresponding employee, thus to the employee setup pair
The resource answered.After employee logs in, corresponding project option can be presented to employee according to the permission of employee in system.Work as employee access
When subpage frame in certain project or certain project, system to the employee can be matched according to the permission of employee and by external interface module
Setting corresponding resource or refusal employee access, employee will not read to other pages unrelated with oneself, have project development effect
The high advantage of rate.Role can connect the relationship of employee and resource as an intermediate connection product, greatly decoupled employee with
The relationship of resource, project limit without each self-configuring development rights, have withdrawn all permissions and be managed collectively, employee's Maintenance free
The case where covering passwords more, avoiding password loss or password forgetting, greatly strengthens safety.
The present invention is further arranged to: the database includes authority management module, storage in the authority management module
Have:
Employee's table, it includes employee No. id, affiliated department information and name informations;
Project table, it includes project id, project account, project leader's information and project encrypted messages;
Resource table passes through project id and the item association in project table;
Role's table passes through project id and the item association in project table;
Resource and role's mapping table are used for the resource in resource table and the role association in role's table;
Employee and role's mapping table are used for employee No. id and the role association in role's table.
By using above-mentioned technical proposal, facilitates and establish the corresponding of resource and the corresponding relationship of role and employee and role
Relationship facilitates system to call data.
The present invention is further arranged to: the background module includes logging in unit, project resource authority configuration unit, project
Information maintenance unit and Password Management unit, the employee include administrator and common employee;
The login unit is used to use project account number and project password login unified entry system for administrator, is also used to for general
Logical employee corresponds to project with codon usage using employee No. id and logs in unified entry system;
The project resource authority configuration unit safeguards resource table, Jiao Sebiao, resource and role couple after being used to log in for administrator
Answer relation table and employee and role's mapping table;
The project information maintenance unit safeguards respective items purpose information after being used to log in for administrator;
The Password Management unit is used to directly modify password corresponding to respective item account number after logging in for administrator, is also used to
It is logged in for common employee and modifies or reset password corresponding to corresponding employee No. id after specify information is provided.
It is convenient corresponding with role to resource table, Jiao Sebiao, resource after administrator logs in by using above-mentioned technical proposal
Relation table and employee safeguard with role's mapping table, and carry out information modification to respective item, are convenient for renewal item
Information also facilitates the access authorization for resource of more new employee.After new projects' access system, administrator newly create corresponding role and
Update corresponding table.
The present invention is further arranged to: a group table, employee and group mapping table are also stored in the authority management module
With role and group mapping table;Described group of table by project id and the item association in project table, the employee with organize pair
Answer relation table for employee No. id to be associated with the group in group table, the role is used for group mapping table will be in role's table
Role is associated with the group in group table;
The project resource authority configuration unit is also used to safeguard that a group table, employee are corresponding with group mapping table and role and group and closes
It is table.
By using above-mentioned technical proposal, group upgrades product as role, has decoupled the corresponding relationship of role and employee, made
Authority distribution is more flexible.If permission is complicated, Jiao Seduo, group medium connected as resource with employee can be used;If permission phase
To simple, role can be used directly, alleviate system burden, the system of ensure that smooth can be run.
The present invention is further arranged to: the database further includes for the system power for employee setup background system permission
Module is limited, is stored in the system permission module:
System angle color table passes through project id and the item association in project table;
System actor and resource mapping table are used to close the resource in the system actor and resource table in system angle color table
Connection;
Employee and system actor mapping table, are used to for employee No. id being associated with the system actor in system angle color table;
The project resource authority configuration unit is also used to maintenance system role table, system actor and resource mapping table and member
Work and system actor mapping table.
By using above-mentioned technical proposal, the account and password of project general data return corresponding Project Manager to be managed,
If other people want to log in backstage configuration permission, administrator need to only be looked for configure associated rights by system permission module for it
Authority configuration work is shunted, alleviates the administrative burden of administrator, so that project management is more efficient, project development is more efficient.
The present invention is further arranged to: the background module further includes service management unit, and the service management unit is used
Include temporary workers id temporary workers information table in creation and is stored in database profession temporary workers information table;The number
It is also stored with according to Ku Nei:
Temporary workers and role's mapping table are used for temporary workers id and the role association in role's table;
Temporary workers and group mapping table, are used to for temporary workers id being associated with the group in group table.
By using above-mentioned technical proposal, it can satisfy part-time staff and other related unofficial employees use company
Mesh increases the flexibility of system, so that the applicable scene of system is wider.
The present invention is further arranged to: the background module further includes log management unit, and the log management unit is used
Project permission modification record is checked after logging in for employee.
By using above-mentioned technical proposal, administrator and employee are conveniently checked to the historical operation of system, after facilitating project
Phase is compound.
The present invention is further arranged to: the external interface module is also used to extract a kind of characteristic information and two classes of project
Characteristic information, the external interface module include SOA interface and DSF interface;The SOA interface is used for corresponding to employee setup
The respective resources of project with a kind of characteristic information, the DSF interface are used to have two category features to employee setup is corresponding
The respective resources of the project of information.
By using above-mentioned technical proposal, SOA interface is transmitted in a manner of XML, is currently in half down status, because of project
It is more, therefore retain it and be used to use for the old project that finished.New access project is all connect using the high DSF of more stable, scalability
Mouthful.DSF interface uses JSON format, and it is convenient to read, and enhances the stability of system, further improves project development efficiency.
The present invention is further arranged to: the SOA interface and DSF interface share service layers and repository layers.
By using above-mentioned technical proposal, system resource can be saved, reduces system loading.
The present invention is further arranged to: it is also stored in the authority management module:
Department table passes through the item association in project id and project table and includes that department name information and department head believe
Breath;
Employee and department's mapping table, are used to for employee No. id being associated with the department in department table;
The unified entry system further includes personnel system module, and the DSF interface includes:
First interface is used for for the information in personnel system module calling and more new employee's table;
Second interface is used to call for the personnel system module and update the information in department table;
Third interface is used to call for the Authority Verification module and be returned according to the project account of request and employee No. id
Return the data of corresponding resource;
4th interface is used to call for the Authority Verification module and be returned according to the project account of request and employee No. id
Return the information of corresponding employee;
5th interface is used to call for the Authority Verification module and be returned according to the project account of request corresponding all
The information of department;
6th interface is used to call for the Authority Verification module and be returned according to the project account of request corresponding all
The information of role;
7th interface is used to call for the Authority Verification module and be returned according to the project account and Role Information of request
Return the information of corresponding employee;
8th interface is used to call for the Authority Verification module and be returned according to the project account of request and employee No. id
Return the information of corresponding role;
9th interface is used to call for the Authority Verification module and be returned according to the project account of request corresponding all
The information of employee.
By using above-mentioned technical proposal, DSF interface is the distributed micro services that unified entry system is new projects' setting
Interface, stability, scalability, safety are all better than SOA interface.
In conclusion advantageous effects of the invention are as follows:
1. passing through the setting of background module, Authority Verification module and external interface module, have project development high-efficient and safe
The good effect of property;
2. passing through the setting of authority management module and system permission module, having conveniently is employee setup access authorization for resource and backstage is
The effect for permission of uniting;
3. passing through the setting of SOA interface and DSF interface, there is the work that can increase data reading speed, enhance system stability
With.
Detailed description of the invention
Fig. 1 is the overall structure diagram of the unified entry system shown in the embodiment of the present invention;
Fig. 2 is the structural schematic diagram of the database shown in the embodiment of the present invention;
Fig. 3 is the structural schematic diagram of the background module shown in the embodiment of the present invention;
Fig. 4 is the structural schematic diagram of the external interface module shown in the embodiment of the present invention;
Fig. 5 is the structural schematic diagram of the DSF interface shown in the embodiment of the present invention.
In figure, 10, background module;11, unit is logged in;12, project resource authority configuration unit;13, project information is safeguarded
Unit;14, Password Management unit;15, service management unit;16, log management unit;20, Authority Verification module;30, externally
Interface module;40, database;41, authority management module;42, system permission module;50, SOA interface;60, DSF interface;61,
First interface;62, second interface;63, third interface;64, the 4th interface;65, the 5th interface;66, the 6th interface;67, the 7th
Interface;68, the 8th interface;69, the 9th interface;70, personnel system module.
Specific embodiment
Below in conjunction with attached drawing, invention is further described in detail.
Embodiment
It referring to Fig.1, is a kind of unified entry system disclosed by the invention comprising background module 10, Authority Verification module
20, external interface module 30, database 40 and personnel system module 70.Background module 10 is for configuring multiple Role Informations and being
Each role configures access authorization for resource (permissions data that i.e. each role is corresponding with access resource), the angle that background module 10 configures
Color information and permissions data are stored in database 40, it is noted that database 40 is also used to store and corresponding project
The resource information of binding.
Referring to Fig.1, Authority Verification module 20 is used for after employee logs in unified entry system, calls external interface module 30
And corresponding employee No. id is provided to external interface module 30, it should be noted that employee No. id associated with Role Information.It is right
External tapping module 30 returns to the permission for corresponding permissions data in role's reading database 40 according to associated by employee
Data are to Authority Verification module 20.Authority Verification module 20 judges corresponding employee's after receiving corresponding permissions data
Permission, and be that corresponding project option is presented in the employee according to the permission of the employee, project option is used to go forward side by side for employee's selection
Enter corresponding project.When the subpage frame in employee access project or certain project, if the employee has corresponding access authority, power
Limit authentication module 20 then calls external interface module 30 to the corresponding resource of the employee setup;If the employee does not have access right
Limit, then refuse employee access.
Specifically, in the present embodiment, resource is presented using tree-shaped diagram form, and resource information mainly includes resource id, English
Literary fame claims, Chinese, display order, address, type, parent resource node id, remarks etc., each resource in database 40
Having id and parent resource id, the parent id of Root Resource node is 0.When resource is presented, Root Resource node is first looked for, then provide with root
Source node i d is according to lookup junior's resource, and recurrence is until find all leaf resource nodes, and formation is complete by this method
Dendrogram.Wherein, the address in resource information is for judging this whether accessible resource of user, if user access certain page and
Contain this address in the permission that user is possessed, that is, may have access to;If not containing this address in the permission that user is possessed, refuse
Access.
Referring to Fig. 2, database 40 includes authority management module 41, is stored with employee's table, project in authority management module 41
Table, resource table, Jiao Sebiao, resource and role's mapping table, employee and role's mapping table, group table, employee are corresponding with group
Relation table and role and group mapping table.Wherein, employee's table includes employee No. id, affiliated department information, name information, identity
Demonstrate,prove information etc.;Project table includes project id, project account, project leader's information, project encrypted message etc.;Resource table
(i.e. permission point) passes through project id and the item association in project table;Role's table passes through project id and the project in project table
Association;Resource and role's mapping table are used for the resource in resource table and the role association in role's table;Employee and role
Mapping table is used for employee No. id and the role association in role's table;Group table passes through project id and the project in project table
Association, employee are used to for employee No. id being associated with the group in group table with group mapping table;Role is used for group mapping table
Role in role's table is associated with the group in group table.
Specifically, role can connect the relationship of employee and resource, greatly decouple member as an intermediate connection product
Its resource with permission can be quickly accessed when employee selects certain item access in the relationship of work and resource.In addition, group
As the upgrading product of role, the corresponding relationship of role and employee have been decoupled, has kept authority distribution more flexible, if permission is complicated,
Role is more, and role can be used directly if permission is relatively easy in the medium that group can be used to connect as resource with employee.
Referring to Fig. 2, database 40 further includes system permission module 42, and system permission module 42 is used for as employee setup backstage
System permission (i.e. operating right), and have the function of the background system permission for increasing, deleting, searching and modify employee.System
System actor table, system actor and resource mapping table, employee and system actor corresponding relationship are stored in authority module 42
Table.System angle color table passes through project id and the item association in project table;System actor and resource mapping table are used for will
The resource associations in system actor and resource table in system angle color table;Employee and system actor mapping table are used for employee
No. id is associated with the system actor in system angle color table.Specifically, it by taking employee A and employee B as an example, can configure for employee A in item
There is the permission of modification respective resources in mesh S1, there is the permission of the permission of modification project S2 employee in project S2;It can exist for employee B
It is configured to have the permission for modifying whole access authorization for resource data in project S2 without any operating right in project S1.It should be noted that this
Field technical staff is appreciated that the same page, and different employees may also be had with different operating rights, such as modifies, looks into
It sees and deletes, so can be that operating right is separately provided in employee by system permission module 42, to match for different employees
Different operating rights is set, for the operating right of each employee, the application is not especially limited.
Referring to Fig. 3, background module 10 includes logging in unit 11, project resource authority configuration unit 12, project information maintenance
Unit 13 and Password Management unit 14, employee include administrator and common employee.Unit 11 is logged in be used to use item for administrator
Mesh account number and project password login unified entry system can modify all access authorization for resource of respective items purpose after administrator logs in
Data.It should be noted that it will be understood by those skilled in the art that administrator's login may be set to be using corresponding with administrator
Employee No. id and password log in.Login unit 11 is also used to corresponding with codon usage using employee No. id for common employee
Project logs in unified entry system, and after employee logs in, operating right is by system permission module 42(referring to Fig. 2) behaviour that configures
Make permission.
Referring to Fig. 2 and Fig. 3, project resource authority configuration unit 12 safeguards resource table, role after being used to log in for administrator
It is responsible for relevant information corresponding to project with it in table, resource and role's mapping table and employee and role's mapping table,
Maintenance is that administrator can increase, delete, search or modify corresponding information, it is noted that if system permission module
42 be employee setup operating right, then the employee can also increase, delete, search or modify corresponding information.Project resource
Authority configuration unit 12 is also used to safeguard a group table, employee and group mapping table and role and group mapping table, and is used for
Maintenance system role table, system actor and resource mapping table and employee and system actor mapping table, maintenance here
Also it for administrator or is configured for the employee of operating right the corresponding information in respective table is increased, delete, search or is repaired
Change operation.
Referring to Fig. 3, project information maintenance unit 13 safeguards respective items purpose information after being used to log in for administrator, specifically
Ground, the information of project include project name, project leader, department manager and address information etc., it is noted that here
Maintenance is administrator or is configured for the employee of operating right and increases the information of respective item, delete, search or modify
Operation.It should be noted that above-mentioned administrator is Project Manager, unified entry system is also configured with super keepe, surpasses
Grade administrator can safeguard all system informations after logging in, and both can increase, delete, search or modify all system informations,
In also include Maintenance Significant Items table in information.Password Management unit 14 is direct after being used to log in for administrator (i.e. Project Manager)
Password corresponding to respective item account number is modified, and for logging in for common employee and can modify after providing specify information or again
Set password corresponding to corresponding employee No. id.Specifically, it when common employee's Modify password, to be offered need to designate the information as working as
Preceding password and work number information;When common employee resets, locks or unlocks password, needing specify information to be offered is identity card
Information and work number information.
Referring to Fig. 3, background module 10 further includes service management unit 15, and service management unit 15 is for creating comprising interim
Temporary workers information table is simultaneously stored in database 40 by employee No. id temporary workers information table, to meet part-time staff and
Other related unofficial employees use company's project.It is also stored with temporary workers and role's mapping table in database 40 and faces
When employee and group mapping table.Temporary workers and role's mapping table are used for temporary workers id and the angle in role's table
Color association;Temporary workers are used to for temporary workers id being associated with the group in group table with group mapping table.
Referring to Fig. 3, background module 10 further includes log management unit 16, after log management unit 16 is used to log in for employee
Check project permission modification record.Specifically, log includes operation log (it includes project permission modification record), unusual fluctuation log
Log is called with interface.It should be noted that in the present embodiment, log is only checked, it is not possible to increase, delete, searching or
Modification.
Referring to Fig. 4, external interface module 30 is also used to extract a kind of characteristic information and two category feature information of project, externally
Interface module 30 includes SOA interface 50 and DSF interface 60.SOA interface 50 is used to have a category feature to employee setup is corresponding
The respective resources of the project of information, DSF interface 60 are used for the phase to the corresponding project with two category feature information of employee setup
Answer resource.Specifically, the project with a kind of characteristic information is the completed project of company, the project with two category feature information
The project not completed for company.Specifically, SOA interface 50 is transmitted in a manner of XML, and DSF interface 60 is transmitted in a manner of JSON, SOA
Interface 50 and DSF interface 60 share service layers and repository layers, wherein due to SOA interface 50 because part class with
Service layers of conflict, so having added proxy layers a (i.e. Agent layer) among SOA interface 50 with Service layers, for decoupling.
Referring to Fig. 2 and Fig. 5, department table and employee and department's mapping table, portion are also stored in authority management module 41
Door table is by the item association in project id and project table and includes department name information, higher level department information and department head
Information etc., employee are used to for employee No. id being associated with the department in department table with department's mapping table.DSF interface 60 includes the
One interface 61, second interface 62, third interface 63, the 4th interface 64, the 5th interface 65, the 6th interface 66, the 7th interface 67,
Eight interfaces 68 and the 9th interface 69.
Wherein, referring to Fig.1 and Fig. 5, first interface 61 is Updateuser interface, is used to adjust for personnel system module 70
With and more new employee's table in information, the information in employee's table includes but is not limited to employee No. id, affiliated department information, name letter
Breath, ID card information.Specifically, personnel system module 70 calls Updateuser interface to send required parameter to database 40:
Personnel system account information and modified employee information, and return parameters: being updated successfully or failure.
Referring to Fig.1 and Fig. 5, second interface 62 are Updatedept interface, are used to call simultaneously for personnel system module 70
The information in department table is updated, the information in department table includes but is not limited to department name information, higher level department information and department
Responsible person's information.Specifically, personnel system module 70 calls Updatedept interface to send required parameter: occurrences in human life to database 40
System account information, department's information, and return parameters: being updated successfully or failure.
Referring to Fig.1 and Fig. 5, third interface 63 are Getmenulist interface, are used to call simultaneously for Authority Verification module 20
Send required parameter to database 40: project account information and employee No. Id, return parameters: the access authorization for resource that employee is possessed is simultaneously
Return to the data of corresponding resource.Specifically, employee Id is obtained by employee and role's mapping table, employee and group mapping table
The corresponding role of employee and group are taken, group passes through resource and angle by role role corresponding with group mapping table acquisition, role
Color mapping table obtains corresponding resource, and returned data.
Referring to Fig.1 and Fig. 5, the 4th interface 64 are SearchUserInfo interface, are used to adjust for Authority Verification module 20
Required parameter: project account and employee No. id, return parameters: the information of employee is sent with and to database 40.Specifically,
Employee Id obtains the information of corresponding employee, and returned data by employee's table.
Referring to Fig.1 and Fig. 5, the 5th interface 65 are Getdeptlist interface, are used to call simultaneously for Authority Verification module 20
Required parameter: project account, return parameters: the information of all departments is sent to database 40.Specifically, project account number is believed
Breath obtains corresponding whole departments information, and returned data by department table.
Referring to Fig.1 and Fig. 5, the 6th interface 66 are Getrolelist interface, are used to call simultaneously for Authority Verification module 20
Required parameter: project account is sent to database 40, return parameters: the information of corresponding all roles.Specifically, project account
Number information obtains the information of corresponding all roles of project, and returned data by role's table.
Referring to Fig.1 and Fig. 5, the 7th interface 67 are Getuserlistbyrole interface, are used for for Authority Verification module 20
It calls and sends required parameter: project account and Role Information to database 40, return parameters: the information of corresponding employee.
Specifically, project account obtains the corresponding role of project by role's table, passes through again in conjunction with the Role Information of input parameter
Employee's employee information corresponding with role's mapping table acquisition role, and returned data.
Referring to Fig.1 and Fig. 5, the 8th interface 68 are Getrolesbyuserid interface, are used for for Authority Verification module 20
It calls and sends required parameter: project account and employee No. id to database 40, return parameters: the information of corresponding role.
Specifically, project account obtains the corresponding role of project by role's table, and employee No. id in conjunction with input parameter passes through again
Employee's Role Information corresponding with role's mapping table acquisition employee, and returned data.
Referring to Fig.1 and Fig. 5, the 9th interface 69 are Getuserlist interface, are used to call simultaneously for Authority Verification module 20
Required parameter: project account, return parameters: the information of corresponding all employees is sent to database 40.Specifically, project
Account obtains the corresponding Role Information of project by role's table, closes by the way that the Role Information of acquisition and employee are corresponding with role
It is the information that table obtains the corresponding all employees of role, and returned data.
The implementation principle of above-described embodiment are as follows:
Information in super keepe Maintenance Significant Items table, including project id, project account, project leader's information, item
Mesh encrypted message etc., and it is stored in database 40.After Project Manager's login system, can safeguard respective items purpose resource information and
Role Information is simultaneously stored in the access authorization for resource that database 40(configures employee), such employee can by role or group with it is corresponding
The resource of project generates corresponding relationship, while the degree of coupling is little.Resource information mainly includes resource id, English name, Chinese name
Title, display order, address, type, parent resource node id, remarks, Role Information mainly include role's title, role and employee
Corresponding relationship, the corresponding relationship of role and resource, group name, group and the corresponding relationship of employee, role and group corresponding relationship.
When employee logs in unified entry system, Authority Verification module 20 calls external interface module 30 and to external interface mould
Block 30 provides corresponding employee No. id, the Role Information reading database 40 according to associated by employee No. id of external interface module 30
In corresponding permissions data and return to the permissions data to Authority Verification module 20, Authority Verification module 20 is according to the permission of return
Data judge the permission of the employee, and are that corresponding project option is presented in employee according to the permission of employee.When employee access is a certain
When subpage frame in mesh or certain project, if the employee has corresponding access authority, Authority Verification module 20 is called to external
Mouth mold block 30 is to the corresponding resource of the employee setup;If the employee does not have access authority, refuse employee access.
Project Manager or super keepe can pass through 12 maintenance system role of project resource authority configuration unit, system angle
The corresponding relationship and employee of color and resource and the corresponding relationship of system actor, to be other employee setup background system permissions
(i.e. operating right).After the completion of configuration, corresponding employee can also Maintenance Significant Items associated rights data.
The embodiment of present embodiment is presently preferred embodiments of the present invention, not limits protection of the invention according to this
Range, therefore: the equivalence changes that all structures under this invention, shape, principle are done, should all be covered by protection scope of the present invention it
It is interior.
Claims (10)
1. a kind of unified entry system characterized by comprising background module (10), Authority Verification module (20), external interface
Module (30) and database (40);
The background module (10) is for configuring multiple Role Informations, configuring access authorization for resource for each role and by the role of configuration
Information and permissions data are stored in database (40);
The Authority Verification module (20) be used for employee log in unified entry system after call external interface module (30) and to
External interface module (30) provides corresponding employee No. id, and the employee No. id is associated with Role Information;
The external interface module (30) is for corresponding permission number in role's reading database (40) according to associated by employee
According to and return to the permissions data and give Authority Verification module (20);
Wherein, the Authority Verification module (20) is also used to judge according to the permissions data of return the permission of the employee, and calls
External interface module (30) is to the corresponding resource of the employee setup.
2. unified entry system according to claim 1, which is characterized in that the database (40) includes rights management mould
Block (41), the authority management module (41) is interior to be stored with:
Employee's table, it includes employee No. id, affiliated department information and name informations;
Project table, it includes project id, project account, project leader's information and project encrypted messages;
Resource table passes through project id and the item association in project table;
Role's table passes through project id and the item association in project table;
Resource and role's mapping table are used for the resource in resource table and the role association in role's table;
Employee and role's mapping table are used for employee No. id and the role association in role's table.
3. unified entry system according to claim 2, which is characterized in that the background module (10) includes logging in unit
(11), project resource authority configuration unit (12), project information maintenance unit (13) and Password Management unit (14), the employee
Including administrator and common employee;
The login unit (11) is used to use project account number and project password login unified entry system for administrator, is also used to
Project, which is corresponded to, with codon usage using employee No. id for common employee logs in unified entry system;
The project resource authority configuration unit (12) safeguards resource table, Jiao Sebiao, resource and angle after being used to log in for administrator
Color mapping table and employee and role's mapping table;
The project information maintenance unit (13) safeguards respective items purpose information after being used to log in for administrator;
The Password Management unit (14) is used to directly modify password corresponding to respective item account number after logging in for administrator, also
For being logged in for common employee and modifying or reset password corresponding to corresponding employee No. id after providing specify information.
4. unified entry system according to claim 3, which is characterized in that also stored in the authority management module (41)
There are a group table, employee and group mapping table and role and group mapping table;Described group of table passes through in project id and project table
Item association, the employee is used to for employee No. id being associated with the group organized in table with group mapping table, the role and group
Mapping table is used to for the role in role's table being associated with the group in group table;
The project resource authority configuration unit (12) is also used to safeguard a group table, employee and group mapping table and role and group pair
Answer relation table.
5. unified entry system according to claim 4, which is characterized in that the database (40) further includes for being member
Work configures the system permission module (42) of background system permission, is stored in the system permission module (42):
System angle color table passes through project id and the item association in project table;
System actor and resource mapping table are used to close the resource in the system actor and resource table in system angle color table
Connection;
Employee and system actor mapping table, are used to for employee No. id being associated with the system actor in system angle color table;
The project resource authority configuration unit (12) is also used to maintenance system role table, system actor and resource mapping table
With employee and system actor mapping table.
6. according to unified entry system described in claim 3 or 4 or 5, which is characterized in that the background module (10) further includes
Service management unit (15), the service management unit (15) is for creating the temporary workers information table comprising temporary workers id
And temporary workers information table is stored in database (40);It is also stored in the database (40):
Temporary workers and role's mapping table are used for temporary workers id and the role association in role's table;
Temporary workers and group mapping table, are used to for temporary workers id being associated with the group in group table.
7. according to unified entry system described in claim 3 or 4 or 5, which is characterized in that the background module (10) further includes
Log management unit (16), the log management unit (16) are used to check project permission modification record after logging in for employee.
8. unified entry system according to claim 4, which is characterized in that the external interface module (30) is also used to mention
A kind of characteristic information and two category feature information of project are taken, the external interface module (30) includes that SOA interface (50) and DSF connect
Mouth (60);The SOA interface (50) is used for the respective resources to the corresponding project with a kind of characteristic information of employee setup, institute
DSF interface (60) are stated for the respective resources to the corresponding project with two category feature information of employee setup.
9. unified entry system according to claim 8, which is characterized in that the SOA interface (50) and DSF interface (60)
Share service layers and repository layers.
10. unified entry system according to claim 8, which is characterized in that also deposited in the authority management module (41)
It contains:
Department table passes through the item association in project id and project table and includes that department name information and department head believe
Breath;
Employee and department's mapping table, are used to for employee No. id being associated with the department in department table;
The unified entry system further includes personnel system module (70), and the DSF interface (60) includes:
First interface (61) is used for for the information in the personnel system module (70) calling and more new employee's table;
Second interface (62) is used to call for the personnel system module (70) and updates the information in department table;
Third interface (63) is used to call for the Authority Verification module (20) and according to the project account of request and member
The data of work id return corresponding resource;
4th interface (64) is used to call for the Authority Verification module (20) and according to the project account of request and member
Work id information for returning to corresponding employee;
5th interface (65) is used to call for the Authority Verification module (20) and be returned according to the project account of request
The information of corresponding all departments;
6th interface (66) is used to call for the Authority Verification module (20) and be returned according to the project account of request
The information of corresponding all roles;
7th interface (67) is used to call for the Authority Verification module (20) and according to the project account of request and angle
Color information returns to the information of corresponding employee;
8th interface (68) is used to call for the Authority Verification module (20) and according to the project account of request and member
Work id information for returning to corresponding role;
9th interface (69) is used to call for the Authority Verification module (20) and be returned according to the project account of request
The information of corresponding all employees.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811239799.4A CN109344603B (en) | 2018-10-23 | 2018-10-23 | Unified login system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811239799.4A CN109344603B (en) | 2018-10-23 | 2018-10-23 | Unified login system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109344603A true CN109344603A (en) | 2019-02-15 |
| CN109344603B CN109344603B (en) | 2023-02-07 |
Family
ID=65311621
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811239799.4A Active CN109344603B (en) | 2018-10-23 | 2018-10-23 | Unified login system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109344603B (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109951473A (en) * | 2019-03-12 | 2019-06-28 | 北京三快在线科技有限公司 | Function triggering method, system, electronic equipment and computer readable storage medium |
| CN110032886A (en) * | 2019-02-25 | 2019-07-19 | 上德(珠海)数据科技有限公司 | The method and apparatus of access authorization for resource management |
| CN110198235A (en) * | 2019-05-16 | 2019-09-03 | 成都品果科技有限公司 | A kind of transferring system and method applied to multisystem service end interface calling |
| CN110472388A (en) * | 2019-07-22 | 2019-11-19 | 吉林大学 | A kind of apparatus management/control system and its user authority control method |
| CN110597780A (en) * | 2019-08-09 | 2019-12-20 | 甘肃万华金慧科技股份有限公司 | Foundation setting management system |
| CN110717160A (en) * | 2019-09-23 | 2020-01-21 | 广州海颐信息安全技术有限公司 | Method and device for periodically checking and correcting privileged account |
| CN112541640A (en) * | 2020-12-22 | 2021-03-23 | 平安银行股份有限公司 | Resource authority management method and device, electronic equipment and computer storage medium |
| CN112784235A (en) * | 2021-01-30 | 2021-05-11 | 上海浦东发展银行股份有限公司 | Method for automatically distributing link tracking system authority based on CMDB project related information |
| CN112818361A (en) * | 2021-01-21 | 2021-05-18 | 广州汇通国信科技有限公司 | Platform authority resource and project authority resource independent double-authority method and device |
| CN113297554A (en) * | 2021-05-21 | 2021-08-24 | 陕西合友网络科技有限公司 | User authority management system based on intelligent terminal and management method thereof |
| CN115964687A (en) * | 2022-12-14 | 2023-04-14 | 武汉卓讯互动信息科技有限公司 | Block chain-based enterprise unified account authentication method and platform |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1787456A (en) * | 2005-10-24 | 2006-06-14 | 南京邮电大学 | Method for controlling five layer resource access based on extending role |
| CN103188249A (en) * | 2011-12-31 | 2013-07-03 | 北京亿阳信通科技有限公司 | Concentration permission management system, authorization method and authentication method thereof |
| CN106845923A (en) * | 2016-12-20 | 2017-06-13 | 柳州顺联科技有限公司 | A kind of project management system |
-
2018
- 2018-10-23 CN CN201811239799.4A patent/CN109344603B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1787456A (en) * | 2005-10-24 | 2006-06-14 | 南京邮电大学 | Method for controlling five layer resource access based on extending role |
| CN103188249A (en) * | 2011-12-31 | 2013-07-03 | 北京亿阳信通科技有限公司 | Concentration permission management system, authorization method and authentication method thereof |
| CN106845923A (en) * | 2016-12-20 | 2017-06-13 | 柳州顺联科技有限公司 | A kind of project management system |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110032886A (en) * | 2019-02-25 | 2019-07-19 | 上德(珠海)数据科技有限公司 | The method and apparatus of access authorization for resource management |
| CN109951473B (en) * | 2019-03-12 | 2021-06-04 | 北京三快在线科技有限公司 | Function triggering method, system, electronic device and computer readable storage medium |
| CN109951473A (en) * | 2019-03-12 | 2019-06-28 | 北京三快在线科技有限公司 | Function triggering method, system, electronic equipment and computer readable storage medium |
| CN110198235A (en) * | 2019-05-16 | 2019-09-03 | 成都品果科技有限公司 | A kind of transferring system and method applied to multisystem service end interface calling |
| CN110472388A (en) * | 2019-07-22 | 2019-11-19 | 吉林大学 | A kind of apparatus management/control system and its user authority control method |
| CN110597780A (en) * | 2019-08-09 | 2019-12-20 | 甘肃万华金慧科技股份有限公司 | Foundation setting management system |
| CN110717160A (en) * | 2019-09-23 | 2020-01-21 | 广州海颐信息安全技术有限公司 | Method and device for periodically checking and correcting privileged account |
| CN112541640A (en) * | 2020-12-22 | 2021-03-23 | 平安银行股份有限公司 | Resource authority management method and device, electronic equipment and computer storage medium |
| CN112818361A (en) * | 2021-01-21 | 2021-05-18 | 广州汇通国信科技有限公司 | Platform authority resource and project authority resource independent double-authority method and device |
| CN112784235A (en) * | 2021-01-30 | 2021-05-11 | 上海浦东发展银行股份有限公司 | Method for automatically distributing link tracking system authority based on CMDB project related information |
| CN112784235B (en) * | 2021-01-30 | 2023-08-08 | 上海浦东发展银行股份有限公司 | Method for automatically distributing link tracking system permission based on CMDB project related information |
| CN113297554A (en) * | 2021-05-21 | 2021-08-24 | 陕西合友网络科技有限公司 | User authority management system based on intelligent terminal and management method thereof |
| CN115964687A (en) * | 2022-12-14 | 2023-04-14 | 武汉卓讯互动信息科技有限公司 | Block chain-based enterprise unified account authentication method and platform |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109344603B (en) | 2023-02-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109344603A (en) | A kind of unified entry system | |
| CN102761551B (en) | System and method for multilevel cross-domain access control | |
| US6141778A (en) | Method and apparatus for automating security functions in a computer system | |
| CN100495422C (en) | Controlling method of business operations authority | |
| CN102611705B (en) | A kind of general calculation account management system and its implementation | |
| EP2405607B1 (en) | Privilege management system and method based on object | |
| CN105844142A (en) | Safe centralized management and control method of database account | |
| SG181621A1 (en) | Unified user login for co-location facilities | |
| CN110162960A (en) | A kind of method for verifying authority based on user management | |
| CN101951377A (en) | Hierarchical authorization management method and device | |
| CN112182622A (en) | Authority management system design method based on resource control | |
| CN108959902A (en) | A kind of mutli-system integration platform and method, computer readable storage medium | |
| CN103107899A (en) | Separation-of-three-powers hierarchical authorization management system and method thereof | |
| CN103023921A (en) | Authentication and access method and authentication system | |
| CN111988173B (en) | Tenant management platform and tenant management method based on multi-layer father-son structure tenant | |
| CN107968763A (en) | Group's archive management system and method | |
| CN107426134A (en) | A kind of access control method based on relation | |
| CN114398603A (en) | Product data document management system and authority control method thereof | |
| CN109617929A (en) | Node and user's interactive authentication method and system under block chain network mode | |
| CN103220172B (en) | A kind of apparatus and method based on LDAP user authority managements | |
| CN108683672A (en) | A kind of method and device of rights management | |
| CN113094428B (en) | Regional data management method, device and system | |
| CN114092065A (en) | Data governance platform organizational structure and system management | |
| CN111818090B (en) | Authority management method and system on SaaS platform | |
| WO2002067173A9 (en) | A hierarchy model |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |