CN109462600A - Access method, user equipment, login service device and the storage medium of application - Google Patents
Access method, user equipment, login service device and the storage medium of application Download PDFInfo
- Publication number
- CN109462600A CN109462600A CN201811526519.8A CN201811526519A CN109462600A CN 109462600 A CN109462600 A CN 109462600A CN 201811526519 A CN201811526519 A CN 201811526519A CN 109462600 A CN109462600 A CN 109462600A
- Authority
- CN
- China
- Prior art keywords
- user
- information
- target application
- application
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
Abstract
Purpose of this disclosure is to provide method, user equipment, login service device and the storage mediums of a kind of access application, to solve the problems, such as that single-sign-on is realized ineffective in the related technology.The method is applied to user equipment, the described method includes: in response to the operation of user's access target application, the calling and obtaining user billing information from the memory of the user equipment, user's billing information is that login service device returns to the user equipment when through the certification of the identity information for login inputted to user, is called for the user equipment when accessing any application;The access path information of user's billing information and the target application is sent to the login service device, to request the login service device to return to the service ticket information of the corresponding target application when through certification to user's billing information and the access path information of the target application;According to target application described in the service ticket information and the access path message reference.
Description
Technical field
This disclosure relates to Internet technical field, and in particular, to a kind of to access the method applied, user equipment, login
Server and storage medium.
Background technique
Increase with user to the frequency of use of working application proposes higher want to the degree easy to use of application
It asks.In the related technology, the scheme of single-sign-on is proposed, the program can realize that user logs in one based on the cookie of browser
The secondary effect that can access multiple trusted applications systems.When specific operation, user accesses accredited operation system for the first time, if should
System server discovery user not yet logs in (sessionless), then jumps to the request of single-sign-on services end and log in.Further, it uses
Family inputs username and password and is submitted in the log in page of server-side.It can be in the memory at single-sign-on services end after logining successfully
One unique scrip value of middle generation, and write the values into the cookie in server-side place domain, then jump back to operation system.When
When user accesses another operation system, single-sign-on services end can be jumped to and authenticated, read from browser
Then scrip value in cookie is compared with the scrip value in single-sign-on services end memory, can be direct if verifying successfully
Operation system is jumped back to, log in page is otherwise popped up, is repeated the above process.
Summary of the invention
Purpose of this disclosure is to provide it is a kind of access application method, user equipment, login service device and storage medium, with
Solve the problems, such as that single-sign-on is realized ineffective in the related technology.
To achieve the goals above, in a first aspect, the disclosure provides a kind of method of access application, the method is applied to
User equipment, which comprises
In response to the operation of user's access target application, the calling and obtaining user billing information from the memory of the user equipment,
User's billing information is the return in the certification of the identity information for login by inputting to user of login service device
To the user equipment, called for the user equipment when accessing any application;
The access path information of user's billing information and the target application is sent to the login service device,
To request the login service device in recognizing by the access path information to user's billing information and the target application
The service ticket information of the corresponding target application is returned when card;
According to target application described in the service ticket information and the access path message reference.
Optionally, the method also includes:
When receiving user's billing information, according to the identity information and identity information and application may have access to
Between default corresponding relationship, show the list of application of the corresponding identity information, the target application is the list of application
In any application.
Optionally, the target application is browser login service device framework, and the access path information is the target
The address of service of application;
The target application according to the service ticket information and the access path message reference, comprising:
Access parameter is generated according to the service ticket information;
The access parameter and the address of service are spliced, new address of service is generated;
The target application is accessed by browser according to the new address of service.
Optionally, the target application is accessing server by customer end framework, and the access path information is the target
The executable file path of the client of application;
The target application according to the service ticket information and the access path message reference, comprising:
Access parameter is generated according to the service ticket information;
According to the executable file path by the access parameter be written the target application client it is executable
File;
The executable file of the client is executed, to carry the access to the transmission of the server of the target application
The request message of parameter, the request message is for requesting access to the target application.
Optionally, login client is installed on the user equipment, for showing log in page on embedded browser
Face;
Before the operation applied in response to user's access target, the method also includes:
In response to the register of user, the identity information that user inputs the login page is sent to login service
Device;
Receive user's billing information that the login service device is sent, and in user's billing information is stored in
In depositing.
Second aspect, the disclosure provide a kind of method of access application, and the method target application is in login service device, institute
The method of stating includes:
When receiving the access path information of user's billing information that the user equipment is sent and target application, to institute
It states user's billing information and the access path information authenticates, user's billing information is the login service device logical
The user equipment is returned to when crossing the certification to the identity information for login of user's input;
If being returned by the certification to user's billing information and the access path information to the user equipment
Service ticket information, the service ticket information is for target application described in the user equipment access.
The third aspect, the disclosure provide a kind of user equipment, and the user equipment includes:
Module is obtained, the operation for applying in response to user's access target is transferred from the memory of the user equipment
User's billing information, user's billing information are login service devices in the identity information for login by inputting to user
Certification when return to the user equipment, called for the user equipment when accessing any application;
Sending module, for the access path information of user's billing information and the target application to be sent to institute
Login service device is stated, to request the login service device by the access to user's billing information and the target application
The service ticket information of the corresponding target application is returned when the certification of routing information;
Access modules are used for the target application according to the service ticket information and the access path message reference.
Optionally, the user equipment further include:
Display module, for when receiving user's billing information, according to the identity information and identity information
With the default corresponding relationship of addressable application, the list of application of the corresponding identity information is shown, the target application is described
Any application in list of application.
Optionally, the target application is browser login service device framework, and the access path information is the target
The address of service of application;
The access modules, are used for:
Access parameter is generated according to the service ticket information;
The access parameter and the address of service are spliced, new address of service is generated;
The target application is accessed by browser according to the new address of service.
Optionally, the target application is accessing server by customer end framework, and the access path information is the target
The executable file path of the client of application;
The access modules, are used for:
Access parameter is generated according to the service ticket information;
According to the executable file path by the access parameter be written the target application client it is executable
File;
The executable file of the client is executed, to carry the access to the transmission of the server of the target application
The request message of parameter, the request message is for requesting access to the target application.
Optionally, login client is installed on the user equipment, for showing log in page on embedded browser
Face;
The user equipment further include:
Login module, for it is described in response to user's access target application operation before, in response to the login of user
Operation, is sent to login service device for the identity information that user inputs the login page, receives the login service device and sends
User's billing information, and user's billing information is stored in memory.
Fourth aspect, the disclosure provide a kind of login service device, and the login service device includes:
Subscriber authentication module, in the visit for receiving user's billing information that the user equipment is sent and target application
When asking routing information, user's billing information and the access path information are authenticated, user's billing information is
The login service device returns to the user equipment when through the certification of the identity information for login inputted to user
's;
Sending module, for when through certification to user's billing information and the access path information, to institute
It states user equipment and returns to service ticket information, the service ticket information is for target application described in the user equipment access.
5th aspect, the disclosure provide a kind of computer readable storage medium, are stored thereon with computer program, the program
The step of method of any one for the being applied to user equipment access application is realized when being executed by processor.
6th aspect, the disclosure provide a kind of user equipment, comprising:
Memory is stored thereon with computer program;
Processor is applied to appointing for user equipment for executing the computer program in the memory to realize
The step of method of one access application.
7th aspect, the disclosure provide a kind of computer readable storage medium, are stored thereon with computer program, the program
The step of method of any one for the being applied to login service device access application is realized when being executed by processor.
Eighth aspect, the disclosure provide a kind of login service device, comprising:
Memory is stored thereon with computer program;
Processor is applied to login service device for executing the computer program in the memory to realize
The step of method of any one access application.
Above-mentioned technical proposal can at least reach following technical effect:
In the above-mentioned technical solutions, user's billing information is that login service device is used to log in by input user
The user equipment is returned to when the certification of identity information, the subsequent target application no matter accessed is browser login service device
Framework or accessing server by customer end framework, can be with stored user's billing information in calling and obtaining user number equipment.Into one
Step, the legitimacy of target application is tested based on the completion of the access path information of user's billing information and target application itself
Card, obtains service ticket information, then can be based on the obtained service ticket message reference target application.
First register user's bill obtained is stored in the memory of user equipment, to being capable of calling and obtaining user bill
There is no restriction for the application architecture type of information.If first application execution of the register on browser login service device framework,
Obtained user's billing information is stored in the memory of user equipment.Subsequent access accessing server by customer end framework or browsing
Device login service device framework in application, equal can transfer user's billing information from memory, in the access path based on application
After information and user's billing information are completed to the legitimate verification of application, the application is accessed.
Similar, if formerly logging in as the application execution of accessing server by customer end framework, obtained user's bill letter
Breath is stored in the memory of user equipment, and no matter the application of which kind of type of architecture can transfer user's bill letter from memory
Breath.
It can be seen that above-mentioned technical proposal is not limited the verification process of access application by type of architecture, answered in verifying
In the case where for trusted applications, single-sign-on may be implemented.In addition, in the application of access client login service device framework
Shi Wei uses browser plug-in, thus is not also influenced by client and browser suitability, and single-sign-on realizes that effect is preferable.
Other feature and advantage of the disclosure will the following detailed description will be given in the detailed implementation section.
Detailed description of the invention
Attached drawing is and to constitute part of specification for providing further understanding of the disclosure, with following tool
Body embodiment is used to explain the disclosure together, but does not constitute the limitation to the disclosure.In the accompanying drawings:
Fig. 1 is a kind of method flow diagram of access application shown according to an exemplary embodiment.
Fig. 2 is the method flow diagram of another access application shown according to an exemplary embodiment.
Fig. 3 is the method flow diagram of another access application shown according to an exemplary embodiment.
Fig. 4 is a kind of structural block diagram of user equipment shown according to an exemplary embodiment.
Fig. 5 is a kind of structural block diagram of login service device shown according to an exemplary embodiment.
Fig. 6 is the structural block diagram of another user equipment shown according to an exemplary embodiment.
Fig. 7 is the structural block diagram of another login service device shown according to an exemplary embodiment.
Specific embodiment
It is described in detail below in conjunction with specific embodiment of the attached drawing to the disclosure.It should be understood that this place is retouched
The specific embodiment stated is only used for describing and explaining the disclosure, is not limited to the disclosure.
Using can be B/S framework namely browser/server framework, the application of this framework by browser come
Orientation application program.Be also possible to C/S framework namely user terminal/server framework, the reference of this framework pass through client
Software carrys out access application.
Realized by browser cookie single-sign-on frame can be more stable support B/S framework application.Root
According to the call-by mechanism of cookie, cookie bill can only be obtained by the identical application of top-level domain.Top-level domain is identical, Neng Goubiao
The legitimacy of the bright application in rear access is verified.Therefore, this also indicates that cookie cannot be transferred by any application,
Cookie mechanism can not directly support the application of C/S framework.
In the related technology, it proposes to call browser cookie based on the mode of browser plug-in to assist answering for C/S framework
Single-sign-on is realized with by browser.This requires the application of C/S framework and has higher compatibility, Cai Nengbao between browser
Demonstrate,prove the normal work of browser plug-in.
User may use the browser of a variety of different editions in online, if browser is called in the application of C/S framework
Cookie realizes single-sign-on, then needs the browser plug-in for the browser setting adaptation of different editions to call browser
Cookie, this larger workload for developer.
In addition, the upgrading of browser or the application upgrade of C/S framework, there is a possibility that the application of C/S framework with it is clear
Look at device adaptation plug-in unit failure, then can not by browser plug-in call browser cookie, cause single-sign-on to fail.
Single-sign-on is brought to realize ineffective problem as a result,.
The embodiment of the present disclosure provides a kind of method of access application, realizes effect not to solve single-sign-on in the related technology
Good problem.The method is applied to user equipment, for example, PC, smart phone, Intelligent flat equipment etc..Such as Fig. 1 institute
Show, which comprises
S11, in response to the operation of user's access target application, calling and obtaining user bill is believed from the memory of the user equipment
Breath, user's billing information are that login service device returns when through the certification of the identity information for login inputted to user
Back to the user equipment, called for the user equipment when accessing any application.
It is worth noting that the embodiment of the present disclosure realizes the scheme of single-sign-on not with based on browser Cookie bill
Together.In the present embodiment, unlimited to the application type of calling and obtaining user billing information, and the specific access address type of application
System.That is, no matter being directed to the application of which kind of framework, stored user's billing information can be transferred.
Such as W is applied and Y application is inter-related application, but the two top-level domain is different.In the relevant technologies
In, Y application can not transfer the cookie of W application, also cannot be in W using automated log in listed situation.And in this Shen
Please in, Y application can transfer user's billing information for storing when W application logs in.
It says for another example, the application that S applies as B/S framework, the application that T applies as C/S framework, in the related art, T application
Need to transfer the cookie stored when S application logs in by the browser plug-in of adaptation, if browser plug-in adaptation failure, T
Using cannot then transfer the cookie.And in this application, after S is applied and is stored user's bill when logging in, response
In the operation that user accesses T application calling and obtaining user bill, the process browser plug-in can be not affected by from the memory of user equipment
The limitation of suitability.
It is exemplary, login client is installed, which can be designed as dedicated for stepping on user equipment
The C/S framework lightweight client of record.It is embedded with browser in the client, for drawing login page.Detect user
The identity information of login page is inputted, for example, the identity information, can be submitted to login visitor by user account name and encrypted message
The backstage at family end, from backstage to login service device send rest ((Representational State Transfer, it is declarative
State transfer) request with to log in the corresponding login service device application user's bill of client.
If login service device returns to user's bill by the verifying to identity information.The login client can will be returned
The user's bill returned is stored in the memory of user equipment.
In addition, user's bill can be stored encrypted in the memory of user equipment, to promote the safety of user's bill.
Further, the method also includes: when receiving user's billing information, according to the identity information,
And the default corresponding relationship between identity information and addressable application, show the list of application of the corresponding identity information, institute
Stating target application is any application in the list of application.
For example, can show list of application to user after login client determines and receives user's bill of return.This
A list of application can show that the link of multiple applications, multiple applications may include browser login service device framework to user
The application of (B/S framework) or accessing server by customer end framework (C/S framework).The operation of above-mentioned access target application, can be with
It is in response to click the link of target application on list of application in user.
Since the application of framework any in the application can transfer user's billing information in memory, further, also
It needs to be verified using the legitimacy of itself.
The access path information of user's billing information and the target application is sent to the login and taken by S12
Business device, to request the login service device by the access path information to user's billing information and the target application
Certification when return to the service ticket information of the corresponding target application.
Wherein, if the target application is B/S framework, the access path information can be the service of the target application
Address.If the target application is C/S framework, the access path information can be holding for the client of the target application
Row file path.
When it is implemented, user's billing information can be read from the memory of user equipment before access target application,
And rest request is sent to login service device according to the access path information of user's billing information and target application, it is taken so as to log in
Business device returns to service ticket information after through the verifying to target application.For different target applications, login service device is returned
The service ticket returned is different.
The service ticket information for receiving return shows to complete the legitimate verification of the target application.
S13, according to target application described in the service ticket information and the access path message reference.
In a kind of optional embodiment, the target application of user's access is browser login service device framework,
The access path information is the address of service of the target application;It is described according to the service ticket information and the access road
Target application described in diameter message reference, comprising: access parameter is generated according to the service ticket information;By the access parameter with
The address of service splicing, generates new address of service;The target is accessed by browser according to the new address of service
Using.
Wherein, the address of service of the target application is that (Uniform Resource Locator, unified resource are fixed by URL
Position symbol) address, the access parameter of generation can be URL parameter.
Specifically, the new address of service is opened by browser, the server of the target application by pair
The target application information of the corresponding user is returned when the verification of the new address of service.
For example, splicing the service according to the corresponding target application behind the target application address of the B/S framework target application
The access parameter that billing information generates, obtains new access address.The server of the target application is by the new clothes
The target application information of the corresponding user is returned when the verification of business address.
In another optional embodiment, the target application of user's access is accessing server by customer end frame
Structure, the access path information are the executable file path of the client of the target application;It is described according to the service ticket
It is believed that target application described in breath and the access path message reference, comprising: generate access ginseng according to the service ticket information
Number;The access parameter is written to the executable file of the client of the target application according to the executable file path;
The executable file of the client is executed, carries asking for the access parameter to send to the server of the target application
Message is sought, the request message is for requesting access to the target application.
Accessing parameter is generated according to service ticket information, in access C/S framework in application, carrying access ginseng
Just verifying of the characterization to user identity and the verifying to application identity are completed number.
For example, basis is written in the executable file of the C/S framework target application according to above-mentioned executable file path
The access parameter that the service ticket information generates.When accessing the target application, is sent and used by the client of the target application
In SOAP (Simple Object Access Protocol, the Simple Object Access Protocol) request of verification service ticket information.
After the server of target application passes through verification, the target application information of the corresponding user is returned.
It is worth noting that the server of the target application and above-mentioned login service device may be same server, it can also
Server can be different.The server of target application mentioned herein, main users offer have with user's access target application
The data information of pass, such as, there is the target application of multiple and different classifications under a certain internet platform.Above-mentioned login service
Device, can be used for verifying user in the identity information of the internet platform, in access target in application, each by other correspondence
The server of target application provides the target application information for being directed to user.
Above-mentioned technical proposal can at least reach following technical effect:
In the above-mentioned technical solutions, user's billing information is that login service device is used to log in by input user
The user equipment is returned to when the certification of identity information, the subsequent target application no matter accessed is browser login service device
Framework or accessing server by customer end framework, can be with stored user's billing information in calling and obtaining user number equipment.Into one
Step, the legitimacy of target application is tested based on the completion of the access path information of user's billing information and target application itself
Card, obtains service ticket information, then can be based on the obtained service ticket message reference target application.
First register user's bill obtained is stored in the memory of user equipment, to being capable of calling and obtaining user bill
There is no restriction for the application architecture type of information.If first application execution of the register on browser login service device framework,
Obtained user's billing information is stored in the memory of user equipment.Subsequent access accessing server by customer end framework or browsing
Device login service device framework in application, equal can transfer user's billing information from memory, in the access path based on application
After information and user's billing information are completed to the legitimate verification of application, the application is accessed.
Similar, if formerly logging in as the application execution of accessing server by customer end framework, obtained user's bill letter
Breath is stored in the memory of user equipment, and no matter the application of which kind of type of architecture can transfer user's bill letter from memory
Breath.
It can be seen that above-mentioned technical proposal is not limited the verification process of access application by type of architecture, answered in verifying
In the case where for trusted applications, single-sign-on may be implemented.In addition, in the application of access client login service device framework
Shi Wei uses browser plug-in, thus is not also influenced by client and browser suitability, and single-sign-on realizes that effect is preferable.
Fig. 2 is the method flow diagram of another access application shown according to an exemplary embodiment.The method can be with
Applied to login service device.The described method includes:
S21, when receiving the access path information of user's billing information that the user equipment is sent and target application,
User's billing information and the access path information are authenticated, user's billing information is the login service device
The user equipment is returned to when through the certification of the identity information for login inputted to user.
S22, if by the certification to user's billing information and the access path information, to the user equipment
Service ticket information is returned to, the service ticket information is for target application described in the user equipment access.
In the specific implementation, above-mentioned login service device can execute following steps: the identity letter that verifying user equipment is sent
Breath;If Xiang Suoshu user equipment returns to user's billing information, so that the user equipment by the certification to the identity information
User's billing information is stored in local, and is sent out in response to the operation of user's access target application to the login service device
Send the access path information of user's billing information and the target application.
Further, if receiving user's billing information of user equipment transmission and the access path information of target application,
Verify the access path information of user's billing information and target application;If by user's billing information and the mesh
The certification of the access path information of application is marked, Xiang Suoshu user equipment returns to service ticket information, so that the user equipment root
According to target application described in the service ticket information and the access path message reference.
Such as there is the target application of multiple and different classifications under a certain internet platform.Above-mentioned login service device, can
With for verifying user in the identity information of the internet platform, and the verifying to user's target application to be accessed.
In a kind of optional embodiment, the target application of user's access is browser login service device framework,
The access path information is the address of service of the target application.For example, in the target application of the B/S framework target application
Splice the access parameter generated according to the service ticket information of the corresponding target application behind location, obtains new access address.The mesh
The server for marking application returns to the target application information of the corresponding user when through verification to the new address of service.
In another optional embodiment, the target application of user's access is accessing server by customer end frame
Structure, the access path information are the executable file path of the client of the target application.For example, according to executable file
Path, write-in generates access parameter according to the service ticket information in the executable file of the C/S framework target application.It visits
When asking the target application, the SOAP (Simple for verifying service ticket information is sent by the client of the target application
Object Access Protocol, Simple Object Access Protocol) request.After the server of target application passes through verification,
Return to the target application information of the corresponding user.
Fig. 3 is the method flow diagram of another access application shown according to an exemplary embodiment.The described method includes:
The identity information that user inputs login page is sent to and steps in the register of user by S31, user device responsive
Record server.
It is exemplary, login client is installed, which can be the C/S dedicated for login on user equipment
Framework lightweight client.It is embedded with browser in the client, for drawing login page.It detects that user inputs to log in
The identity information of the page, for example, user account name and encrypted message, which can be submitted to after logging in client
Platform sends rest request from backstage to login service device with to login service device application user's bill.
S32, the identity information that login service device verifying user equipment is sent.
S33, for login service device by the certification to the identity information, Xiang Suoshu user equipment returns to user's bill letter
Breath.
The user's billing information received is stored in local by S34, user equipment.
It is exemplary, login client is installed, which can be the C/S dedicated for login on user equipment
Framework lightweight client.It is embedded with browser in the client, for drawing login page.It detects that user inputs to log in
The identity information of the page, for example, user account name and encrypted message, which can be submitted to after logging in client
Platform sends rest request from backstage to login service device with to login service device application user's bill.
If login service device returns to user's bill by the verifying to identity information.The login client can will be returned
The user's bill returned is stored in the memory of user equipment.
In addition, user's bill can be stored encrypted in the memory of user equipment, to promote the safety of user's bill.
S35, user equipment is according to the identity information and identity information and may have access to the corresponding relationship applied, and shows
The list of application of the corresponding identity information.
S36, the operation that user device responsive is applied in user's access target, the calling and obtaining user billing information from memory.
After login client determines and receives user's bill of return, list of application can be shown to user.This is answered
It can show that the link of multiple applications, multiple applications may include browser login service device framework (B/S frame to user with list
Structure) or accessing server by customer end framework (C/S framework) target application.The operation of above-mentioned access target application, can be
The link of target application is clicked on list of application in response to user.
The access path information of user's billing information and the target application is sent to institute by S37, user equipment
State login service device.
S38, the access path information of user's billing information and target application that login service device verifying user equipment is sent.
S39, login service device are passing through the access path information to user's billing information and the target application
When certification, Xiang Suoshu user equipment returns to service ticket information.
Wherein, if the target application is B/S framework, the access path information can be the service of the target application
Address.If the target application is C/S framework, the access path information can be holding for the client of the target application
Row file path.
When it is implemented, user's billing information can be read from the memory of user equipment before access target application,
And rest request is sent to login service device according to the access path information of user's billing information and target application, it is taken so as to log in
Business device returns to the service ticket information of the corresponding target application after through the verifying to target application.For different targets
Using the service ticket that login service device returns is different.
If the target application of user's access is browser login service device framework (B/S framework), then follow the steps
S40-S42。
S40, user equipment generate access parameter according to the service ticket information.
S41, user equipment splice the address of service of the access parameter and the target application, with generating new service
Location.
S42, user equipment accesses the new address of service by browser, so that the server of the target application exists
By the target application information for returning to the corresponding user when verification to the new address of service.
For example, splicing the service according to the corresponding target application behind the target application address of the B/S framework target application
The access parameter that billing information generates, obtains new access address.The server of the target application is by the new clothes
The target application information of the corresponding user is returned when the verification of business address.
If the target application of user's access is accessing server by customer end framework (C/S framework), then follow the steps
S43-S45。
S43, user equipment generate access parameter according to the service ticket information.
The visitor of the target application is written according to the executable file path by S44, user equipment for the access parameter
The executable file at family end.
S45, user equipment are carried by the client of the target application to the transmission of the server of the target application
The request message of the access parameter, so that the server of the target application returns after through the verification to the request message
Return the target application information of the corresponding user.
For example, basis is written in the executable file of the C/S framework target application according to above-mentioned executable file path
The service ticket information generates access parameter.When accessing the target application, it is used for by the client transmission of the target application
Verify SOAP (Simple Object Access Protocol, the Simple Object Access Protocol) request of service ticket information.?
After the server of target application is by verification, the target application information of the corresponding user is returned.
It is worth noting that the server of the target application and above-mentioned login service device may be same server, it can also
Server can be different.The server of target application mentioned herein, main users offer have with user's access target application
The data information of pass, such as, there is the target application of multiple and different classifications under a certain internet platform.Above-mentioned login service
Device, can be used for verifying user in the identity information of the internet platform, in access target in application, each by other correspondence
The server of target application provides the target application information for being directed to user.
Above-mentioned technical proposal can at least reach following technical effect:
In the above-mentioned technical solutions, user's billing information is that login service device is used to log in by input user
The user equipment is returned to when the certification of identity information, the subsequent target application no matter accessed is browser login service device
Framework or accessing server by customer end framework, can be with stored user's billing information in calling and obtaining user number equipment.Into one
Step, the legitimacy of target application is tested based on the completion of the access path information of user's billing information and target application itself
Card, obtains service ticket information, then can be based on the obtained service ticket message reference target application.
First register user's bill obtained is stored in the memory of user equipment, to being capable of calling and obtaining user bill
There is no restriction for the application architecture type of information.If first application execution of the register on browser login service device framework,
Obtained user's billing information is stored in the memory of user equipment.Subsequent access accessing server by customer end framework or browsing
Device login service device framework in application, equal can transfer user's billing information from memory, in the access path based on application
After information and user's billing information are completed to the legitimate verification of application, the application is accessed.
Similar, if formerly logging in as the application execution of accessing server by customer end framework, obtained user's bill letter
Breath is stored in the memory of user equipment, and no matter the application of which kind of type of architecture can transfer user's bill letter from memory
Breath.
It can be seen that above-mentioned technical proposal is not limited the verification process of access application by type of architecture, answered in verifying
In the case where for trusted applications, single-sign-on may be implemented.In addition, in the application of access client login service device framework
Shi Wei uses browser plug-in, thus is not also influenced by client and browser suitability, and single-sign-on realizes that effect is preferable.
Fig. 4 is a kind of structural block diagram of user equipment 400 shown according to an exemplary embodiment.The user equipment packet
It includes:
Module 410 is obtained, the operation for applying in response to user's access target is adjusted from the memory of the user equipment
Family billing information is taken, user's billing information is login service device by believing the identity for login that user inputs
The user equipment is returned to when the certification of breath, is called for the user equipment when accessing any application;
Sending module 420, for sending the access path information of user's billing information and the target application
To the login service device, to request the login service device by user's billing information and the target application
The service ticket information of the corresponding target application is returned when the certification of access path information;
Access modules 430 are answered for the target according to the service ticket information and the access path message reference
With.
Above-mentioned technical proposal can at least reach following technical effect:
In the above-mentioned technical solutions, user's billing information is that login service device is used to log in by input user
The user equipment is returned to when the certification of identity information, the subsequent target application no matter accessed is browser login service device
Framework or accessing server by customer end framework, can be with stored user's billing information in calling and obtaining user number equipment.Into one
Step, the legitimacy of target application is tested based on the completion of the access path information of user's billing information and target application itself
Card, obtains service ticket information, then can be based on the obtained service ticket message reference target application.
First register user's bill obtained is stored in the memory of user equipment, to being capable of calling and obtaining user bill
There is no restriction for the application architecture type of information.If first application execution of the register on browser login service device framework,
Obtained user's billing information is stored in the memory of user equipment.Subsequent access accessing server by customer end framework or browsing
Device login service device framework in application, equal can transfer user's billing information from memory, in the access path based on application
After information and user's billing information are completed to the legitimate verification of application, the application is accessed.
Similar, if formerly logging in as the application execution of accessing server by customer end framework, obtained user's bill letter
Breath is stored in the memory of user equipment, and no matter the application of which kind of type of architecture can transfer user's bill letter from memory
Breath.
It can be seen that above-mentioned technical proposal is not limited the verification process of access application by type of architecture, answered in verifying
In the case where for trusted applications, single-sign-on may be implemented.In addition, in the application of access client login service device framework
Shi Wei uses browser plug-in, thus is not also influenced by client and browser suitability, and single-sign-on realizes that effect is preferable.
Optionally, the user equipment further include:
Display module, for when receiving user's billing information, according to the identity information and identity information
With the default corresponding relationship of addressable application, the list of application of the corresponding identity information is shown, the target application is described
Any application in list of application.
Optionally, the target application is browser login service device framework, and the access path information is the target
The address of service of application;
The access modules, are used for:
Access parameter is generated according to the service ticket information;
The access parameter and the address of service are spliced, new address of service is generated;
The target application is accessed by browser according to the new address of service.
Optionally, the target application is accessing server by customer end framework, and the access path information is the target
The executable file path of the client of application;
The access modules, are used for:
Access parameter is generated according to the service ticket information;
According to the executable file path by the access parameter be written the target application client it is executable
File;
The executable file of the client is executed, to carry the access to the transmission of the server of the target application
The request message of parameter, the request message is for requesting access to the target application.
Optionally, login client is installed on the user equipment, for showing log in page on embedded browser
Face;
The user equipment further include:
Login module, for it is described in response to user's access target application operation before, in response to the login of user
Operation, is sent to login service device for the identity information that user inputs the login page, receives the login service device and sends
User's billing information, and user's billing information is stored in memory.
Fig. 5 is a kind of structural block diagram of login service device 500 shown according to an exemplary embodiment.The login service
Device includes:
Subscriber authentication module 510, for receiving the user's billing information and target application that the user equipment is sent
Access path information when, user's billing information and the access path information are authenticated, user's bill letter
Breath is that the login service device returns to the user when through the certification of the identity information for login inputted to user
Equipment;
Sending module 520, for when through certification to user's billing information and the access path information, to
The user equipment returns to service ticket information, and the service ticket information is answered for target described in the user equipment access
With.
About the device in above-described embodiment, wherein modules execute the concrete mode of operation in related this method
Embodiment in be described in detail, no detailed explanation will be given here.
The embodiment of the present disclosure provides a kind of computer readable storage medium, is stored thereon with computer program, the program quilt
The step of method of any one for the being applied to user equipment access application is realized when processor executes.
The embodiment of the present disclosure provides a kind of user equipment, comprising:
Memory is stored thereon with computer program;
Processor is applied to appointing for user equipment for executing the computer program in the memory to realize
The step of method of one access application.
The embodiment of the present disclosure provides a kind of computer readable storage medium, is stored thereon with computer program, the program quilt
The step of method of any one for the being applied to login service device access application is realized when processor executes.
The embodiment of the present disclosure provides a kind of login service device, comprising:
Memory is stored thereon with computer program;
Processor is applied to login service device for executing the computer program in the memory to realize
The step of method of any one access application.
Fig. 6 is a kind of block diagram of user equipment 600 shown according to an exemplary embodiment.As shown in fig. 6, the user sets
Standby 600 may include: processor 601, memory 602.The user equipment 600 can also include multimedia component 603, input/
Export one or more of (I/O) interface 604 and communication component 605.
Wherein, processor 601 is used to control the integrated operation of the user equipment 600, to complete above-mentioned to be applied to user
All or part of the steps in the method for the access application of equipment.Memory 602 for store various types of data with
Support the operation in the user equipment 600, these data for example may include any for operating on the user equipment 600
The instruction of application program or method and the relevant data of application program, for example, user's billing information, service ticket information is arrived
Access parameter conversion program, list of application data etc., further, it is also possible to be contact data, the message of transmitting-receiving, picture,
Audio, video etc..The memory 602 can be by any kind of volatibility or non-volatile memory device or their group
It closes and realizes, such as static random access memory (Static Random Access Memory, abbreviation SRAM), electric erasable
Programmable read only memory (Electrically Erasable Programmable Read-Only Memory, referred to as
EEPROM), Erasable Programmable Read Only Memory EPROM (Erasable Programmable Read-Only Memory, abbreviation
EPROM), programmable read only memory (Programmable Read-Only Memory, abbreviation PROM), read-only memory
(Read-Only Memory, abbreviation ROM), magnetic memory, flash memory, disk or CD.Multimedia component 603 can wrap
Include screen and audio component.Wherein screen for example can be touch screen, and audio component is used for output and/or input audio signal.
For example, audio component may include a microphone, microphone is for receiving external audio signal.The received audio signal can
To be further stored in memory 602 or be sent by communication component 605.Audio component further includes at least one loudspeaker,
For output audio signal.I/O interface 604 provides interface, other above-mentioned interfaces between processor 601 and other interface modules
Module can be keyboard, mouse, button etc..These buttons can be virtual push button or entity button.Communication component 605 is used for
Wired or wireless communication is carried out between the user equipment 600 and other equipment.Wireless communication, such as Wi-Fi, bluetooth, near field are logical
Believe (Near Field Communication, abbreviation NFC), 2G, 3G or 4G or they one or more of combination, because
This corresponding communication component 605 may include: Wi-Fi module, bluetooth module, NFC module.
In one exemplary embodiment, user equipment 600 can be by one or more application specific integrated circuit
(Application Specific Integrated Circuit, abbreviation ASIC), digital signal processor (Digital
Signal Processor, abbreviation DSP), digital signal processing appts (Digital Signal Processing Device,
Abbreviation DSPD), programmable logic device (Programmable Logic Device, abbreviation PLD), field programmable gate array
(Field Programmable Gate Array, abbreviation FPGA), controller, microcontroller, microprocessor or other electronics member
Part realization, the method applied for executing the above-mentioned access applied to user equipment.
In a further exemplary embodiment, a kind of computer readable storage medium including program instruction is additionally provided, it should
The step of method that the above-mentioned access applied to user equipment is applied is realized when program instruction is executed by processor.Example
Such as, which can be the above-mentioned memory 602 including program instruction, and above procedure instruction can be by user
The processor 601 of equipment 600 is executed to complete the method that the above-mentioned access applied to user equipment is applied.
Fig. 7 is a kind of block diagram of login service device 700 shown according to an exemplary embodiment.For example, login service device
700 may be provided as a login service device.Referring to Fig. 7, login service device 700 includes processor 722, and quantity can be one
A or multiple and memory 732, for storing the computer program that can be executed by processor 722.It is stored in memory 732
Computer program may include it is one or more each correspond to one group of instruction module.In addition, processor 722
It can be configured as and execute the computer program, the method to execute the above-mentioned access application for being applied to login service device.
In addition, login service device 700 can also include power supply module 726 and communication component 750, which can
To be configured as executing the power management of login service device 700, which, which can be configured as, realizes login service device
700 communication, for example, wired or wireless communication.In addition, the login service device 700 can also include that input/output (I/O) connects
Mouth 758.Login service device 700 can be operated based on the operating system for being stored in memory 732, such as Windows
ServerTM, Mac OS XTM, UnixTM, LinuxTM etc..
In a further exemplary embodiment, a kind of computer readable storage medium including program instruction is additionally provided, it should
The step of method of the above-mentioned access application for being applied to login service device is realized when program instruction is executed by processor.For example,
The computer readable storage medium can be the above-mentioned memory 732 including program instruction, and above procedure instruction can be taken by logging in
The method that the processor 722 of business device 700 is executed to complete the above-mentioned access application for being applied to login service device.
The preferred embodiment of the disclosure is described in detail in conjunction with attached drawing above, still, the disclosure is not limited to above-mentioned reality
The detail in mode is applied, in the range of the technology design of the disclosure, a variety of letters can be carried out to the technical solution of the disclosure
Monotropic type, these simple variants belong to the protection scope of the disclosure.
It is further to note that specific technical features described in the above specific embodiments, in not lance
In the case where shield, can be combined in any appropriate way, in order to avoid unnecessary repetition, the disclosure to it is various can
No further explanation will be given for the combination of energy.
In addition, any combination can also be carried out between a variety of different embodiments of the disclosure, as long as it is without prejudice to originally
Disclosed thought equally should be considered as disclosure disclosure of that.
Claims (10)
1. a kind of method of access application, which is characterized in that the method is applied to user equipment, which comprises
In response to the operation of user's access target application, calling and obtaining user billing information, described from the memory of the user equipment
User's billing information is that login service device returns to institute when through the certification of the identity information for login inputted to user
User equipment is stated, is called for the user equipment when accessing any application;
The access path information of user's billing information and the target application is sent to the login service device, to ask
Ask the login service device when through certification to user's billing information and the access path information of the target application
Return to the service ticket information of the corresponding target application;
According to target application described in the service ticket information and the access path message reference.
2. the method according to claim 1, wherein the method also includes:
When receiving user's billing information, according to the identity information and identity information and may have access between application
Default corresponding relationship, show the list of application of the corresponding identity information, the target application is in the list of application
Any application.
3. the method according to claim 1, wherein the target application be browser login service device framework,
The access path information is the address of service of the target application;
The target application according to the service ticket information and the access path message reference, comprising:
Access parameter is generated according to the service ticket information;
The access parameter and the address of service are spliced, new address of service is generated;
The target application is accessed by browser according to the new address of service.
4. a kind of method of access application, which is characterized in that the method is applied to login service device, which comprises
When receiving the access path information of user's billing information that the user equipment is sent and target application, to the use
Family billing information and the access path information are authenticated, user's billing information be the login service device by pair
The user equipment is returned to when the certification of the identity information for login of user's input;
If returning and servicing to the user equipment by the certification to user's billing information and the access path information
Billing information, the service ticket information is for target application described in the user equipment access.
5. a kind of user equipment, which is characterized in that the user equipment includes:
Obtain module, the operation for applying in response to user's access target, the calling and obtaining user from the memory of the user equipment
Billing information, user's billing information are login service device recognizing in the identity information for login by inputting to user
The user equipment is returned to when card, is called for the user equipment when accessing any application;
Sending module, for the access path information of user's billing information and the target application to be sent to described step on
Server is recorded, to request the login service device by the access path to user's billing information and the target application
The service ticket information of the corresponding target application is returned when the certification of information;
Access modules are used for the target application according to the service ticket information and the access path message reference.
6. a kind of login service device, which is characterized in that the login service device includes:
Subscriber authentication module, on the access road for receiving user's billing information that the user equipment is sent and target application
When diameter information, user's billing information and the access path information are authenticated, user's billing information is described
Login service device returns to the user equipment when through the certification of the identity information for login inputted to user;
Sending module, for when through certification to user's billing information and the access path information, to the use
Family equipment returns to service ticket information, and the service ticket information is for target application described in the user equipment access.
7. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the program is held by processor
The step of any one of claim 1-3 the method is realized when row.
8. a kind of user equipment characterized by comprising
Memory is stored thereon with computer program;
Processor, for executing the computer program in the memory, to realize described in any one of claim 1-3
The step of method.
9. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the program is held by processor
The step of claim 4 the method is realized when row.
10. a kind of login service device characterized by comprising
Memory is stored thereon with computer program;
Processor, for executing the computer program in the memory, to realize the step of claim 4 the method
Suddenly.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811526519.8A CN109462600A (en) | 2018-12-13 | 2018-12-13 | Access method, user equipment, login service device and the storage medium of application |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811526519.8A CN109462600A (en) | 2018-12-13 | 2018-12-13 | Access method, user equipment, login service device and the storage medium of application |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109462600A true CN109462600A (en) | 2019-03-12 |
Family
ID=65613236
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811526519.8A Pending CN109462600A (en) | 2018-12-13 | 2018-12-13 | Access method, user equipment, login service device and the storage medium of application |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109462600A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110572417A (en) * | 2019-10-22 | 2019-12-13 | 腾讯科技(深圳)有限公司 | Method, apparatus, server and storage medium for providing login ticket |
CN111200596A (en) * | 2019-12-25 | 2020-05-26 | 曙光信息产业(北京)有限公司 | File service system based on Web technology and design method thereof |
CN112929391A (en) * | 2021-03-15 | 2021-06-08 | 浪潮云信息技术股份公司 | Method for realizing cross-platform identity authentication based on single sign-on |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102571822A (en) * | 2012-02-27 | 2012-07-11 | 杭州闪亮科技有限公司 | Single sign-on system and implementation method thereof |
CN107277015A (en) * | 2017-06-21 | 2017-10-20 | 北京易教阳光教育科技有限公司 | Unifying user authentication management method, system, storage medium and server |
CN107872455A (en) * | 2017-11-09 | 2018-04-03 | 武汉虹旭信息技术有限责任公司 | A kind of cross-domain single login system and its method |
CN108600203A (en) * | 2018-04-11 | 2018-09-28 | 四川长虹电器股份有限公司 | Secure Single Sign-on method based on Cookie and its unified certification service system |
-
2018
- 2018-12-13 CN CN201811526519.8A patent/CN109462600A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102571822A (en) * | 2012-02-27 | 2012-07-11 | 杭州闪亮科技有限公司 | Single sign-on system and implementation method thereof |
CN107277015A (en) * | 2017-06-21 | 2017-10-20 | 北京易教阳光教育科技有限公司 | Unifying user authentication management method, system, storage medium and server |
CN107872455A (en) * | 2017-11-09 | 2018-04-03 | 武汉虹旭信息技术有限责任公司 | A kind of cross-domain single login system and its method |
CN108600203A (en) * | 2018-04-11 | 2018-09-28 | 四川长虹电器股份有限公司 | Secure Single Sign-on method based on Cookie and its unified certification service system |
Non-Patent Citations (2)
Title |
---|
张琪: "互信应用系统间身份认证方法", 《中国优秀硕士学位论文全文数据库社会科学II辑》 * |
龚力柱: "基于GSS_API的单点登录系统的研究与实现", 《中国优秀博硕士学位论文全文数据库(硕士)信息科技辑》 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110572417A (en) * | 2019-10-22 | 2019-12-13 | 腾讯科技(深圳)有限公司 | Method, apparatus, server and storage medium for providing login ticket |
CN111200596A (en) * | 2019-12-25 | 2020-05-26 | 曙光信息产业(北京)有限公司 | File service system based on Web technology and design method thereof |
CN111200596B (en) * | 2019-12-25 | 2022-09-02 | 曙光信息产业(北京)有限公司 | File service system based on Web technology and design method thereof |
CN112929391A (en) * | 2021-03-15 | 2021-06-08 | 浪潮云信息技术股份公司 | Method for realizing cross-platform identity authentication based on single sign-on |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11106476B2 (en) | Helper software developer kit for native device hybrid applications | |
CN108733991B (en) | Webpage application access method and device and storage medium | |
US9864852B2 (en) | Approaches for providing multi-factor authentication credentials | |
CN110351269B (en) | Method for logging in open platform through third-party server | |
US10362026B2 (en) | Providing multi-factor authentication credentials via device notifications | |
RU2524868C2 (en) | Controlling user authentication | |
US10944743B2 (en) | Rich communication services security authentication system | |
JP2015528168A (en) | Method and apparatus for pre-provisioning an authentication token for a mobile application | |
CN105991287A (en) | Signature data generation and fingerprint authentication request method and device | |
US10757089B1 (en) | Mobile phone client application authentication through media access gateway (MAG) | |
US9342667B2 (en) | Extended OAuth architecture | |
TW201203140A (en) | Online service providing system, method, server and mobile device thereof, and computer program product | |
US10841297B2 (en) | Providing multi-factor authentication credentials via device notifications | |
US11887109B1 (en) | Service composition in a mobile communication device application framework | |
JP2009510570A (en) | How to control the browser window | |
CN109462600A (en) | Access method, user equipment, login service device and the storage medium of application | |
US20190319843A1 (en) | Trusted Platform Module-Based Prepaid Access Token for Commercial IoT Online Services | |
CN109218389A (en) | The method, apparatus and storage medium and electronic equipment of processing business request | |
CN110692073A (en) | Configuration of card accounts based on notifications | |
CN111881441B (en) | Method for online activation of device, electronic device and storage medium | |
US20190124072A1 (en) | End to end secure identification and verification of users for organizations on multitenant platform | |
CN107948210A (en) | A kind of login method, device, client, server and medium | |
US9455972B1 (en) | Provisioning a mobile device with a security application on the fly | |
CN114745156A (en) | Distributed single sign-on realization method and device, electronic equipment and storage medium | |
CN109327468A (en) | A kind of offline reminding method, device, equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190312 |