CN109344603B - Unified login system - Google Patents

Unified login system Download PDF

Info

Publication number
CN109344603B
CN109344603B CN201811239799.4A CN201811239799A CN109344603B CN 109344603 B CN109344603 B CN 109344603B CN 201811239799 A CN201811239799 A CN 201811239799A CN 109344603 B CN109344603 B CN 109344603B
Authority
CN
China
Prior art keywords
employee
role
information
project
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811239799.4A
Other languages
Chinese (zh)
Other versions
CN109344603A (en
Inventor
王皓
臧志高
施升鑫
戴海峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tongcheng Network Technology Co Ltd
Original Assignee
Tongcheng Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tongcheng Network Technology Co Ltd filed Critical Tongcheng Network Technology Co Ltd
Priority to CN201811239799.4A priority Critical patent/CN109344603B/en
Publication of CN109344603A publication Critical patent/CN109344603A/en
Application granted granted Critical
Publication of CN109344603B publication Critical patent/CN109344603B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2113Multi-level security, e.g. mandatory access control

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a unified login system, relates to the technical field of internet, and aims to solve the problems that when the conventional authority management system is applied to project management, the project development efficiency is low and the safety is poor. The technical scheme is that a background module configures a plurality of role information and configures resource permissions for each role; the authority verification module calls the external interface module and provides a corresponding employee id number for the external interface module, and the employee id number is associated with corresponding role information; the external interface module reads corresponding authority data in the database according to the role associated with the employee id number and returns the authority data to the authority verification module; and the authority verification module judges the authority of the employee according to the returned authority data and calls an external interface module to configure corresponding resources for the employee. After the project is accessed to the unified login system, the operation authority of the employee on the project is distributed by the unified login system, and the method has the advantages of high project development efficiency and good safety.

Description

Unified login system
Technical Field
The invention relates to the technical field of internet, in particular to a unified login system.
Background
At present, companies have a plurality of projects in the development process, the projects need to be matched with a plurality of project management backgrounds, each project needs to compile authority judgment and maintain related codes based on the project management backgrounds, the repetition amount is large, the operation is complex, and the development efficiency of company projects is influenced.
Based on the above problems, some internet enterprises and internet platforms have also introduced different project authority management schemes, such as:
d1: the patent with the application number of '201110460106', applied by beijing billions yang telecommunications and technology limited company at 31/12/2011, discloses a centralized authority management system, which comprises an authorization unit, an authentication unit and a human-computer interaction interface, wherein the authorization unit specifically comprises a domain controller and a resource manager, the domain controller further comprises an authorization manager and an active directory, role, operation and authority information is stored on the authorization manager, user information is stored on the active directory, resource information is stored on the resource manager, the authority relationship among a user, the role and the resource is matched through the human-computer interaction interface, so that the purpose of centralized authorization is achieved, and authentication is realized through the authentication interface provided by the authentication unit. A centralized authority management system designed based on an authorization manager and an active directory in a domain controller realizes centralized authentication of all systems and solves the problems of unified login, hierarchical and decentralized access and password management.
D2: a chinese patent application No. 201310573907, applied on 11/15/2013 of the research site of chinese avionics, which discloses a unified rights management deployment system, comprising general modules running the following program modules: the system comprises a unified identity authentication component, a user management component, a role management component, a permission distribution component, a unified permission registration component and a unified resource interface component, wherein a user can integrate the roles and permission resources of all subsystems in an enterprise, which comprise software engineering activities, an organization asset library, an enterprise portal and other external system integration tools, synchronously share the unified user resources, quickly switch among the subsystems, and shorten the access time, so that the connection of the software engineering uplink and downlink is more convenient and effective, and the cost of the whole organization in the software engineering activities is reduced.
As can be known from the above documents, fast access to relevant resources through different roles associated by a user in each subsystem has been a relatively perfect technical solution, but in the project management level inside an enterprise, new projects are continuously increased, and there may be a plurality of projects in which employees participate, so the above prior art solutions have the following defects: in the management of projects, if more and complicated project resources are presented after the employees log in the system, the operation of the employees on the projects can be influenced, and further the development efficiency of company projects is influenced; if a traditional project management mode is adopted (corresponding passwords are matched for the staff for all projects), the problem that the staff need to maintain multiple sets of passwords is caused, the passwords are easy to leak, and the safety is poor. To this end, the present application proposes a new solution.
Disclosure of Invention
The invention aims to provide a unified login system which has the effects of high project development efficiency and good safety.
The above object of the present invention is achieved by the following technical solutions:
a unified login system, comprising: the system comprises a background module, an authority verification module, an external interface module and a database;
the background module is used for configuring a plurality of role information, configuring resource authority for each role and storing the configured role information and authority data in a database;
the authority verification module is used for calling the external interface module and providing a corresponding employee id number for the external interface module after the employee logs in the unified login system, wherein the employee id number is associated with the role information;
the external interface module is used for reading corresponding authority data in the database according to the role associated with the employee and returning the authority data to the authority verification module;
the authority verification module is also used for judging the authority of the employee according to the returned authority data and calling the external interface module to configure corresponding resources for the employee.
By adopting the technical scheme, the unified login system reduces the repeated code amount, and other projects of a company only need to access the unified login system, and the authority verification module judges the authority of the corresponding employee, so that the corresponding resource is configured for the employee. And when the employee logs in, the system presents the corresponding project options to the employee according to the authority of the employee. When the staff accesses a certain project or sub-pages in a certain project, the system can configure corresponding resources for the staff or refuse the staff to access through the external interface module according to the authority of the staff, the staff cannot read other pages irrelevant to the staff, and the system has the advantage of high project development efficiency. The role is used as an intermediate connection product, the relation between the staff and the resource can be connected, the relation between the staff and the resource is decoupled greatly, the development authorities are not required to be configured for the project, all the authorities are recovered and managed in a unified mode, the staff do not need to maintain multiple sets of passwords, the situation that the passwords are lost or forgotten is avoided, and the safety is enhanced greatly.
The invention is further configured to: the database includes a rights management module having stored therein:
an employee table containing an employee id number, affiliated department information, and name information;
the project table comprises a project id number, project account information, project responsible person information and project password information;
a resource table, which is associated with items in the item table through item id numbers;
a role table associated with items in the item table by item id numbers;
the resource and role corresponding relation table is used for associating the resources in the resource table with the roles in the role table;
and the staff and role corresponding relation table is used for associating the staff id numbers with the roles in the role table.
By adopting the technical scheme, the corresponding relation between the resources and the roles and the corresponding relation between the employees and the roles are conveniently established, and the data can be conveniently called by the system.
The invention is further configured to: the background module comprises a login unit, a project resource authority configuration unit, a project information maintenance unit and a password management unit, and the staff comprises a manager and common staff;
the login unit is used for allowing an administrator to use the project account number and the project password to login the unified login system, and is also used for allowing a common employee to use the employee id number and the password to select a corresponding project to login the unified login system;
the project resource authority configuration unit is used for maintaining a resource table, a role table, a resource and role corresponding relation table and an employee and role corresponding relation table after a manager logs in;
the project information maintenance unit is used for maintaining information of a corresponding project after a manager logs in;
the password management unit is used for directly modifying the password corresponding to the corresponding project account after the administrator logs in, and is also used for modifying or resetting the password corresponding to the corresponding employee id number after the common employee logs in and provides the designated information.
By adopting the technical scheme, the resource table, the role table, the resource and role corresponding relation table and the employee and role corresponding relation table can be maintained conveniently after the administrator logs in, information modification can be carried out on corresponding projects, project information can be updated conveniently, and resource authority of employees can be updated conveniently. And when a new project accesses the system, the administrator newly creates a corresponding role and updates a corresponding table.
The invention is further configured to: the authority management module is also internally stored with a group table, an employee and group corresponding relation table and a role and group corresponding relation table; the group table is associated with items in the item table through item id numbers, the employee and group corresponding relation table is used for associating the employee id numbers with the groups in the group table, and the role and group corresponding relation table is used for associating roles in the role table with the groups in the group table;
and the project resource authority configuration unit is also used for maintaining a group table, an employee and group corresponding relation table and a role and group corresponding relation table.
By adopting the technical scheme, the group is used as a role upgrading product, the corresponding relation between roles and employees is decoupled, and the authority distribution is more flexible. If the authority is complex and the roles are multiple, the group can be used as a medium for connecting resources with the employees; if the authority is relatively simple, the role can be directly used, the burden of the system is reduced, and the smooth operation of the system is ensured.
The invention is further configured to: the database also comprises a system authority module used for configuring background system authority for the employee, wherein the system authority module is internally stored with:
a system role table, which is associated with items in the item table through item id numbers;
the system role and resource corresponding relation table is used for associating the system roles in the system role table with the resources in the resource table;
the staff and system role corresponding relation table is used for associating the staff id number with the system role in the system role table;
and the project resource authority configuration unit is also used for maintaining a system role table, a system role and resource corresponding relation table and an employee and system role corresponding relation table.
By adopting the technical scheme, the account and the password of the general project of the project are managed by the corresponding project manager, and if other people want to log in the background configuration permission, the permission configuration work can be shunted only by finding out the relevant permission configured for the general project by the system permission module, so that the management burden of the manager is reduced, the project management is more efficient, and the project development efficiency is higher.
The invention is further configured to: the background module also comprises a user management unit, wherein the user management unit is used for creating a temporary employee information table containing a temporary employee id number and storing the temporary employee information table in a database; the database also stores:
the temporary employee and role corresponding relation table is used for associating the temporary employee id number with the role in the role table;
a temporary employee to group correspondence table for associating a temporary employee id number with a group in the group table.
By adopting the technical scheme, the use of company projects by part-time staff and other related informal staff can be met, the flexibility of the system is improved, and the applicable scene of the system is wider.
The invention is further configured to: the background module also comprises a log management unit, and the log management unit is used for allowing the staff to check the project authority modification record after logging in.
By adopting the technical scheme, the historical operation of the administrator and the staff on the system can be conveniently checked, and the later-stage composition of the project is facilitated.
The invention is further configured to: the external interface module is also used for extracting first-class characteristic information and second-class characteristic information of the project, and comprises an SOA interface and a DSF interface; the SOA interface is used for configuring corresponding resources of the project with the first-class characteristic information for the staff, and the DSF interface is used for configuring corresponding resources of the project with the second-class characteristic information for the staff.
By adopting the technical scheme, the SOA interface is transmitted in an XML mode and is in a half offline state at present, and because more items are available, the SOA interface is reserved for being used as an old finished item. The new access project uses a DSF interface which is more stable and has high expansibility. The DSF interface adopts JSON format, the reading is convenient, the stability of the system is enhanced, and the project development efficiency is further improved.
The invention is further configured to: the SOA interface and the DSF interface share a service layer and a reconfiguration layer.
By adopting the technical scheme, system resources can be saved, and system load can be reduced.
The invention is further configured to: the right management module is also internally stored with:
a department table associated with items in the item table by item ids and containing department name information and department leader information;
the staff-department corresponding relation table is used for associating the staff id numbers with the departments in the department table;
the unified login system further comprises a personnel system module, and the DSF interface comprises:
a first interface for the personnel system module to call and update information in an employee table;
the second interface is used for the personnel system module to call and update the information in the department list;
the third interface is used for the permission verification module to call and return data of corresponding resources according to the requested project account information and employee id number;
the fourth interface is used for being called by the authority verification module and returning the information of the corresponding staff according to the requested project account information and the staff id number;
the fifth interface is used for being called by the authority verification module and returning information corresponding to all departments according to the requested project account information;
the sixth interface is used for the permission verification module to call and return information corresponding to all roles according to the requested project account information;
the seventh interface is used for the permission verification module to call and return information of corresponding employees according to the requested project account information and role information;
the eighth interface is used for the permission verification module to call and return information of a corresponding role according to the requested project account information and employee id number;
and the ninth interface is used for being called by the authority verification module and returning information corresponding to all the employees according to the requested project account information.
By adopting the technical scheme, the DSF interface is a distributed microservice interface which is set for a new project by a unified login system, and the stability, expansibility and safety of the DSF interface are better than those of an SOA interface.
In summary, the beneficial technical effects of the invention are as follows:
1. through the arrangement of the background module, the authority verification module and the external interface module, the effects of high project development efficiency and good safety are achieved;
2. through the arrangement of the authority management module and the system authority module, the effect of conveniently configuring resource authority and background system authority for the staff is achieved;
3. through the arrangement of the SOA interface and the DSF interface, the data reading speed can be increased, and the system stability can be enhanced.
Drawings
Fig. 1 is a schematic overall structure diagram of a unified login system according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a database structure according to an embodiment of the present invention;
FIG. 3 is a schematic structural diagram of a backend module according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an external interface module according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a DSF interface according to an embodiment of the present invention.
In the figure, 10, a background module; 11. a login unit; 12. a project resource authority configuration unit; 13. a project information maintenance unit; 14. a password management unit; 15. a user management unit; 16. a log management unit; 20. a permission verification module; 30. an external interface module; 40. a database; 41. a rights management module; 42. a system permission module; 50. an SOA interface; 60. a DSF interface; 61. a first interface; 62. a second interface; 63. a third interface; 64. a fourth interface; 65. a fifth interface; 66. a sixth interface; 67. a seventh interface; 68. an eighth interface; 69. a ninth interface; 70. and (5) a personnel system module.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings.
Examples
Referring to fig. 1, the unified login system disclosed in the present invention includes a background module 10, an authority verification module 20, an external interface module 30, a database 40, and a personnel system module 70. The background module 10 is configured to configure a plurality of role information and resource permissions for each role (that is, each role corresponds to permission data for accessing resources), and the role information and the permission data configured by the background module 10 are both stored in the database 40, and it should be noted that the database 40 is also configured to store resource information bound to corresponding items.
Referring to fig. 1, the authority verification module 20 is configured to, after the employee logs in the unified login system, invoke the external interface module 30 and provide a corresponding employee id number to the external interface module 30, where it is to be noted that the employee id number is associated with the role information. The external interface module 30 is configured to read corresponding authority data in the database 40 according to a role associated with the employee, and return the authority data to the authority verification module 20. After receiving the corresponding authority data, the authority verification module 20 determines the authority of the corresponding employee, and presents corresponding project options for the employee according to the authority of the employee, where the project options are used for the employee to select and enter the corresponding project. When an employee accesses a certain project or a sub-page in a certain project, if the employee has a corresponding access right, the right verification module 20 calls the external interface module 30 to configure a corresponding resource for the employee; and if the employee does not have the access right, the employee is denied access.
Specifically, in this embodiment, the resources are presented in the form of a tree graph, the resource information mainly includes a resource id, an english name, a chinese name, a display sequence, an address, a type, a parent resource node id, a remark, and the like, each resource in the database 40 has an id and a parent resource id, and the parent id of the root resource node is 0. When the resources are presented, the root resource node is found first, then the subordinate resources are found according to the root resource node id, and recursion is carried out until all the leaf resource nodes are found, so that a complete tree-like graph is formed. The address in the resource information is used for judging whether the user can access the resource, and if the user accesses a certain page and the authority owned by the user contains the address, the user can access the resource; if the authority owned by the user does not contain the address, the access is refused.
Referring to fig. 2, the database 40 includes an authority management module 41, and an employee table, an item table, a resource table, a role table, a resource and role correspondence table, an employee and role correspondence table, a group table, an employee and group correspondence table, and a role and group correspondence table are stored in the authority management module 41. The employee table comprises an employee id number, information of a department to which the employee belongs, name information, identity card information and the like; the project table comprises a project id number, project account information, project responsible person information, project password information and the like; the resource table (i.e. the authority point) is associated with the items in the item table by item id numbers; the role table is associated with the items in the item table through item id numbers; the resource and role corresponding relation table is used for associating the resources in the resource table with the roles in the role table; the staff and role corresponding relation table is used for associating the staff id number with the role in the role table; the group table is associated with items in the item table through item id numbers, and the employee and group corresponding relation table is used for associating the employee id numbers with the groups in the group table; the role-to-group correspondence table is used to associate roles in the role table with groups in the group table.
Specifically, the role is used as an intermediate connection product, the relation between the staff and the resource can be connected, the relation between the staff and the resource is greatly decoupled, and when the staff selects a certain project to access, the staff can quickly access the resource with the authority. In addition, the group is used as an upgrading product of the role, the corresponding relation between the role and the staff is decoupled, the authority distribution is more flexible, if the authority is complex, the role is more, the group can be used as a medium for connecting resources with the staff, and if the authority is relatively simple, the role can be directly used.
Referring to fig. 2, the database 40 further includes a system authority module 42, where the system authority module 42 is configured to configure background system authority (i.e., operation authority) for the employee, and has a function of adding, deleting, searching and modifying the background system authority of the employee. The system authority module 42 stores a system role table, a system role and resource correspondence table, and an employee and system role correspondence table. The system role table is associated with the items in the item table through item id numbers; the system role and resource corresponding relation table is used for associating the system roles in the system role table with the resources in the resource table; and the staff and system role corresponding relation table is used for associating the staff id number with the system role in the system role table. Specifically, taking employee a and employee B as an example, employee a may be configured with an authority to modify corresponding resources in item S1, and an authority to modify the authority of employees in item S2; the employee B may be configured without any operation authority in the project S1, and have authority to modify all resource authority data in the project S2. It should be noted that, as those skilled in the art can understand, different operation authorities, such as modification, viewing and deletion, may also be provided for different employees on the same page, so that the operation authority can be set separately for the employees through the system authority module 42, so that different operation authorities are configured for different employees, and the application is not particularly limited to the operation authority of each employee.
Referring to fig. 3, the background module 10 includes a login unit 11, a project resource authority configuration unit 12, a project information maintenance unit 13, and a password management unit 14, and employees include administrators and general employees. The login unit 11 is used for an administrator to login the unified login system by using the project account and the project password, and after the administrator logs in, all resource authority data of the corresponding project can be modified. It should be noted that, as will be understood by those skilled in the art, the administrator login may also be configured to login using an employee id number and password corresponding to the administrator. The login unit 11 is further configured to enable a general employee to use the employee id number and the password to select a corresponding item to log in the unified login system, and after the employee logs in, the operation authority of the employee is the operation authority configured by the system authority module 42 (see fig. 2).
Referring to fig. 2 and 3, the project resource authority configuration unit 12 is configured to maintain the resource table, the role table, the resource-role correspondence table, and the employee-role correspondence table after the administrator logs in, where the maintenance is that the administrator may add, delete, search, or modify corresponding information, and it should be noted that if the system authority module 42 configures the operation authority for the employee, the employee may also add, delete, search, or modify corresponding information. The project resource authority configuration unit 12 is further configured to maintain a group table, an employee-group correspondence table, a role-group correspondence table, and a system role table, a system role-resource correspondence table, and an employee-system role correspondence table, where the maintenance also performs operations of adding, deleting, searching, or modifying corresponding information in the corresponding table for an administrator or an employee configured with an operation authority.
Referring to fig. 3, the project information maintenance unit 13 is configured to be used by an administrator to maintain information of a corresponding project after logging in, specifically, the information of the project includes a project name, a project principal, a department administrator, address information, and the like, and it should be noted that the administrator or an employee configured with operation authority performs addition, deletion, search, or modification operations on the information of the corresponding project. It should be noted that the administrator is a project administrator, the unified login system is further configured with a super administrator, and the super administrator can maintain all system information after logging in, and can add, delete, search or modify all system information, including maintaining information in the project table. The password management unit 14 is used for directly modifying the password corresponding to the corresponding project account after an administrator (i.e., a project administrator) logs in, and is used for allowing a common employee to log in and provide the designated information, and then modifying or resetting the password corresponding to the corresponding employee id number. Specifically, when a common employee modifies a password, the specified information required to be provided by the common employee is the current password and job number information; when the common staff resets, locks or unlocks the password, the designated information required to be provided by the common staff is the identity card information and the job number information.
Referring to fig. 3, the back-office module 10 further includes a user management unit 15, and the user management unit 15 is configured to create a temporary employee information table including a temporary employee id number and store the temporary employee information table in the database 40, so as to satisfy the company project used by the part-time staff and other related informal employees. The database 40 also stores a temporary employee-role correspondence table and a temporary employee-group correspondence table. The temporary employee and role corresponding relation table is used for associating the temporary employee id number with the role in the role table; the temporary employee to group correspondence table is used to associate the temporary employee id number with the group in the group table.
Referring to fig. 3, the background module 10 further includes a log management unit 16, and the log management unit 16 is configured to allow the employee to check the item permission modification record after logging in. Specifically, the logs include an operation log (which includes an item authority modification record), a transaction log, and an interface call log. It should be noted that in this embodiment, the log is only viewable and may not be added, deleted, looked up, or modified.
Referring to fig. 4, the external interface module 30 is further configured to extract a first-class feature information and a second-class feature information of the project, and the external interface module 30 includes an SOA interface 50 and a DSF interface 60. The SOA interface 50 is used to configure corresponding resources of the project with the first type of feature information to the employee, and the DSF interface 60 is used to configure corresponding resources of the project with the second type of feature information to the employee. Specifically, the items having the first type of feature information are items that the company has completed, and the items having the second type of feature information are items that the company has not completed. Specifically, the SOA interface 50 transmits in an XML manner, the DSF interface 60 transmits in a JSON manner, and the SOA interface 50 and the DSF interface 60 share a Service layer and a relocation layer, wherein a proxy layer (i.e., a proxy layer) is added between the SOA interface 50 and the Service layer for decoupling because the SOA interface 50 conflicts with the Service layer due to partial classification.
Referring to fig. 2 and 5, the authority management module 41 further stores a department table and an employee-department correspondence table, the department table is associated with the items in the item table through the item id and includes the department name information, the upper-level department information, the department responsible person information, and the like, and the employee-department correspondence table is used for associating the employee id number with the department in the department table. The DSF interface 60 includes a first interface 61, a second interface 62, a third interface 63, a fourth interface 64, a fifth interface 65, a sixth interface 66, a seventh interface 67, an eighth interface 68, and a ninth interface 69.
Referring to fig. 1 and 5, the first interface 61 is an updateer interface, and is configured to be called by the personnel system module 70 and update information in the employee table, where the information in the employee table includes, but is not limited to, an employee id number, information of a department to which the employee belongs, name information, and identification card information. Specifically, the personnel system module 70 calls the Updateuser interface to send request parameters to the database 40: and the personal system account information and the modified employee information return parameters: the update is successful or failed.
Referring to fig. 1 and 5, the second interface 62 is an Updatedept interface for the personnel system module 70 to call and update information in the department table, including but not limited to department name information, superior department information, and department leader information. Specifically, the personnel system module 70 calls the Updatedept interface to send the request parameter to the database 40: the personal system account information and the department information, and the parameters are returned: the update is successful or failed.
Referring to fig. 1 and 5, the third interface 63 is a getenulist interface, which is used for the right verification module 20 to call and send request parameters to the database 40: project account information and employee Id numbers, and return parameters: the resource authority owned by the employee and the data of the corresponding resource are returned. Specifically, the employee Id obtains roles and groups corresponding to the employee through an employee-role correspondence table and an employee-group correspondence table, the groups obtain corresponding roles through a role-group correspondence table, and the roles obtain corresponding resources through a resource-role correspondence table and return data.
Referring to fig. 1 and 5, the fourth interface 64 is a searchbuserinfo interface, which is used for the right verification module 20 to call and send request parameters to the database 40: project account information and employee id number, return parameters: information of the staff. Specifically, the employee Id obtains information of the corresponding employee through an employee table, and returns data.
Referring to fig. 1 and 5, the fifth interface 65 is a Getdeptlist interface, which is used for the right verification module 20 to call and send request parameters to the database 40: item account information, return parameters: information of all departments. Specifically, the project account information acquires all corresponding department information through a department table, and returns data.
Referring to fig. 1 and 5, sixth interface 66 is a getrelest interface for rights verification module 20 to call and send request parameters to database 40: item account information, return parameters: information corresponding to all roles. Specifically, the project account information acquires information of all roles corresponding to the project through the role table, and returns data.
Referring to fig. 1 and 5, seventh interface 67 is a getuserstbyrole interface, which is used for right verification module 20 to call and send request parameters to database 40: project account information and role information, return parameters: information corresponding to the employee. Specifically, the project account information acquires the role corresponding to the project through the role table, acquires the employee information corresponding to the role through the employee-role correspondence table in combination with the role information of the input parameters, and returns data.
Referring to fig. 1 and 5, the eighth interface 68 is a Getrolesbyuserid interface for the rights verification module 20 to call and send request parameters to the database 40: project account information and employee id number, return parameters: information of the corresponding character. Specifically, the project account information acquires the roles corresponding to the projects through the role table, and acquires the role information corresponding to the employees through the employee-role correspondence table by combining the employee id numbers of the input parameters, and returns data.
Referring to fig. 1 and 5, ninth interface 69 is a Getuserlist interface for rights verification module 20 to call and send request parameters to database 40: item account information, return parameters: information of all corresponding employees. Specifically, the project account information acquires role information corresponding to the project through a role table, acquires information of all employees corresponding to the roles through the acquired role information and the corresponding relationship table of the employees and the roles, and returns data.
The implementation principle of the above embodiment is as follows:
the hypervisor maintains information in the project table, including project id number, project account information, project principal information, project password information, etc., and stores it in the database 40. After the project manager logs in the system, the resource information and role information of the corresponding project can be maintained and stored in the database 40 (that is, the resource authority of the employee is configured), so that the employee can generate a corresponding relationship with the resource of the corresponding project through the role or group, and the coupling degree is not large. The resource information mainly comprises a resource id, an English name, a Chinese name, a display sequence, an address, a type, a parent resource node id and remarks, and the role information mainly comprises a role name, a corresponding relation between a role and an employee, a corresponding relation between a role and a resource, a group name, a corresponding relation between a group and an employee, and a corresponding relation between a role and a group.
When the employee logs in the unified login system, the authority verification module 20 calls the external interface module 30 and provides the corresponding employee id number for the external interface module 30, the external interface module 30 reads corresponding authority data in the database 40 according to role information associated with the employee id number and returns the authority data to the authority verification module 20, and the authority verification module 20 judges the authority of the employee according to the returned authority data and presents corresponding project options for the employee according to the authority of the employee. When an employee accesses a certain project or a sub-page in a certain project, if the employee has a corresponding access right, the right verification module 20 calls the external interface module 30 to configure a corresponding resource for the employee; and if the employee does not have the access right, the employee is denied access.
The project administrator or super administrator can maintain the system role, the corresponding relationship between the system role and the resource and the corresponding relationship between the employee and the system role through the project resource authority configuration unit 12, thereby configuring the background system authority (i.e. the operation authority) for other employees. After configuration is completed, corresponding employees can also maintain the project-related permission data.
The embodiments of the present invention are preferred embodiments of the present invention, and the scope of the present invention is not limited by these embodiments, so: all equivalent changes made according to the structure, shape and principle of the invention are covered by the protection scope of the invention.

Claims (7)

1. A unified entry system, comprising: the system comprises a background module (10), an authority verification module (20), an external interface module (30) and a database (40);
the background module (10) is used for configuring a plurality of role information, configuring resource authority for each role and storing the configured role information and authority data in a database (40);
the authority verification module (20) is used for calling the external interface module (30) after the employee logs in the unified login system and providing a corresponding employee id number for the external interface module (30), wherein the employee id number is associated with the role information;
the external interface module (30) is used for reading corresponding authority data in the database (40) according to roles associated with the employees and returning the authority data to the authority verification module (20);
the authority verification module (20) is also used for judging the authority of the employee according to the returned authority data and calling the external interface module (30) to configure corresponding resources for the employee;
the resources are presented in a tree diagram form, and the resource information comprises a resource id, a name, a display sequence, an address, a type, a parent resource node id and remarks;
when the resources are presented, firstly finding a root resource node, then finding lower-level resources by taking the root resource node id as a basis, and recursing until all leaf resource nodes are found, so as to form a complete tree-like graph;
the address in the resource information is used for judging whether the user can access the resource, and if the user accesses a certain page and the authority owned by the user contains the address, the user can access the resource; if the address is not contained in the owned permission, access is refused;
the external interface module (30) is further used for extracting first-class characteristic information and second-class characteristic information of the project, and the external interface module (30) comprises an SOA interface (50) and a DSF interface (60); the SOA interface (50) is used for configuring corresponding resources of the project with the first class characteristic information for the staff, and the DSF interface (60) is used for configuring corresponding resources of the project with the second class characteristic information for the staff;
the items with the first class characteristic information are finished items, and the items with the second class characteristic information are unfinished items of a company;
the SOA interface (50) is transmitted in an XML mode, and the DSF interface (60) is transmitted in a JSON mode;
the SOA interface (50) and the DSF interface (60) share a service layer and a reconfiguration layer; the SOA interface (50) and the service layer also comprise a proxy layer for decoupling;
the database (40) comprises a permission management module (41), and a group table, an employee and group corresponding relation table and a role and group corresponding relation table are also stored in the permission management module (41); the group table is associated with items in the item table through item id numbers, the employee and group corresponding relation table is used for associating the employee id numbers with the groups in the group table, and the role and group corresponding relation table is used for associating roles in the role table with the groups in the group table;
the background module (10) comprises a project resource authority configuration unit (12), wherein the project resource authority configuration unit (12) is used for maintaining a resource table, a role table, a resource and role corresponding relation table and an employee and role corresponding relation table after a manager logs in; the project resource authority configuration unit (12) is also used for maintaining a group table, an employee and group corresponding relation table and a role and group corresponding relation table.
2. Unified login system according to claim 1, wherein said rights management module (41) has stored therein:
an employee table containing an employee id number, affiliated department information, and name information;
the project table comprises a project id number, project account information, project principal information and project password information;
a resource table, which is associated with items in the item table through item id numbers;
a role table associated with items in the item table by item id numbers;
the resource and role corresponding relation table is used for associating the resources in the resource table with the roles in the role table;
and the employee and role corresponding relation table is used for associating the employee id number with the role in the role table.
3. The unified login system according to claim 2, wherein the backend module (10) further comprises a login unit (11), a project information maintenance unit (13) and a password management unit (14), and the employees comprise administrators and general employees;
the login unit (11) is used for allowing an administrator to login the unified login system by using a project account and a project password, and is also used for allowing common staff to select a corresponding project to login the unified login system by using an employee id number and a password;
the project information maintenance unit (13) is used for maintaining information of a corresponding project after a manager logs in;
the password management unit (14) is used for directly modifying the password corresponding to the corresponding project account after the administrator logs in, and is also used for modifying or resetting the password corresponding to the corresponding employee id number after the common employee logs in and provides the designated information.
4. The unified login system according to claim 3, wherein the database (40) further comprises a system permissions module (42) for configuring background system permissions for employees, wherein the system permissions module (42) has stored therein:
a system role table, which is associated with items in the item table through item id numbers;
the system role and resource corresponding relation table is used for associating the system role in the system role table with the resource in the resource table;
the system role corresponding relation table is used for associating the employee id number with the system role in the system role table;
the project resource authority configuration unit (12) is also used for maintaining a system role table, a system role and resource corresponding relation table and an employee and system role corresponding relation table.
5. The unified login system according to claim 2, 3 or 4, wherein the back-office module (10) further comprises a user management unit (15), the user management unit (15) is configured to create a temporary employee information table containing a temporary employee id number and store the temporary employee information table in the database (40); the database (40) further stores therein:
the temporary employee and role corresponding relation table is used for associating the temporary employee id number with the role in the role table;
a temporary employee to group correspondence table for associating a temporary employee id number with a group in the group table.
6. The unified login system according to claim 2, 3 or 4, wherein the backend module (10) further comprises a log management unit (16), and the log management unit (16) is used for the employee to check the project authority modification record after logging in.
7. The unified login system according to claim 6, wherein the rights management module (41) further stores therein:
a department table associated with items in the item table by item ids and containing department name information and department responsible person information;
the staff-department corresponding relation table is used for associating the staff id numbers with the departments in the department table;
the unified login system further comprises a personnel system module (70), the DSF interface (60) comprising:
a first interface (61) for the personnel system module (70) to invoke and update information in an employee table;
a second interface (62) for the personnel system module (70) to invoke and update information in department tables;
the third interface (63) is used for being called by the authority verification module (20) and returning data of corresponding resources according to the requested project account information and employee id number;
the fourth interface (64) is used for being called by the authority verification module (20) and returning the information of the corresponding staff according to the requested project account information and the staff id number;
a fifth interface (65) for the permission verification module (20) to call and return information corresponding to all departments according to the requested project account information;
a sixth interface (66) for the permission verification module (20) to call and return information corresponding to all roles according to the requested project account information;
a seventh interface (67) for the permission verification module (20) to call and return information of corresponding employees according to the requested project account information and role information;
an eighth interface (68) for the authority verification module (20) to call and return information of corresponding roles according to the requested project account information and employee id number;
and the ninth interface (69) is used for being called by the authority verification module (20) and returning information corresponding to all the employees according to the requested project account information.
CN201811239799.4A 2018-10-23 2018-10-23 Unified login system Active CN109344603B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811239799.4A CN109344603B (en) 2018-10-23 2018-10-23 Unified login system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811239799.4A CN109344603B (en) 2018-10-23 2018-10-23 Unified login system

Publications (2)

Publication Number Publication Date
CN109344603A CN109344603A (en) 2019-02-15
CN109344603B true CN109344603B (en) 2023-02-07

Family

ID=65311621

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811239799.4A Active CN109344603B (en) 2018-10-23 2018-10-23 Unified login system

Country Status (1)

Country Link
CN (1) CN109344603B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110032886A (en) * 2019-02-25 2019-07-19 上德(珠海)数据科技有限公司 The method and apparatus of access authorization for resource management
CN109951473B (en) * 2019-03-12 2021-06-04 北京三快在线科技有限公司 Function triggering method, system, electronic device and computer readable storage medium
CN110198235B (en) * 2019-05-16 2022-11-11 成都品果科技有限公司 Transfer system and method applied to multi-system server-side interface calling
CN110472388B (en) * 2019-07-22 2023-07-04 吉林大学 Equipment management and control system and user permission control method thereof
CN110597780A (en) * 2019-08-09 2019-12-20 甘肃万华金慧科技股份有限公司 Foundation setting management system
CN110717160A (en) * 2019-09-23 2020-01-21 广州海颐信息安全技术有限公司 Method and device for periodically checking and correcting privileged account
CN112541640A (en) * 2020-12-22 2021-03-23 平安银行股份有限公司 Resource authority management method and device, electronic equipment and computer storage medium
CN112818361A (en) * 2021-01-21 2021-05-18 广州汇通国信科技有限公司 Platform authority resource and project authority resource independent double-authority method and device
CN112784235B (en) * 2021-01-30 2023-08-08 上海浦东发展银行股份有限公司 Method for automatically distributing link tracking system permission based on CMDB project related information
CN113297554A (en) * 2021-05-21 2021-08-24 陕西合友网络科技有限公司 User authority management system based on intelligent terminal and management method thereof
CN115964687A (en) * 2022-12-14 2023-04-14 武汉卓讯互动信息科技有限公司 Block chain-based enterprise unified account authentication method and platform

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100364278C (en) * 2005-10-24 2008-01-23 南京邮电大学 Method for controlling five layer resource access based on extending role
CN103188249A (en) * 2011-12-31 2013-07-03 北京亿阳信通科技有限公司 Concentration permission management system, authorization method and authentication method thereof
CN106845923A (en) * 2016-12-20 2017-06-13 柳州顺联科技有限公司 A kind of project management system

Also Published As

Publication number Publication date
CN109344603A (en) 2019-02-15

Similar Documents

Publication Publication Date Title
CN109344603B (en) Unified login system
CN109688120B (en) Dynamic authority management system based on improved RBAC model and Spring Security framework
CN109643242B (en) Security design and architecture for multi-tenant HADOOP clusters
US8381306B2 (en) Translating role-based access control policy to resource authorization policy
EP2510466B1 (en) Delegated and restricted asset-based permissions management for co-location facilities
US9047462B2 (en) Computer account management system and realizing method thereof
RU2598324C2 (en) Means of controlling access to online service using conventional catalogue features
US7103784B1 (en) Group types for administration of networks
CN101478398B (en) Authorization management system oriented to resource management and establishing method
US20080034438A1 (en) Multiple hierarchy access control method
CN103095720B (en) A kind of method for managing security of cloud storage system of dialogue-based management server
CN111709046A (en) User permission data configuration method, device, equipment and storage medium
CN103023921A (en) Authentication and access method and authentication system
CN111898149A (en) User management system and method for multiple organizations
CN111783050A (en) Role and authority control system of website user
US8549289B2 (en) Scope model for role-based access control administration
CN117014175A (en) Permission processing method and device of cloud system, electronic equipment and storage medium
CN110852634A (en) Data storage method, storage device, server, readable storage medium and equipment
KR20070076342A (en) User Group Role / Permission Management System and Access Control Methods in a Grid Environment
CN110300158A (en) Method and system based on AD domain mapping access NAS
CN112866386A (en) Data storage data construction method based on cloud computing
CN115422526B (en) Role authority management method, device and storage medium
CN113642032B (en) Resource authorization method and resource authorization system based on set operation
CN116522316B (en) Service management system based on distributed network
CN114969833B (en) Resource control method and system of portal system and computer equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant