CN109768965B - Login method, equipment and storage medium of server - Google Patents
Login method, equipment and storage medium of server Download PDFInfo
- Publication number
- CN109768965B CN109768965B CN201811535586.6A CN201811535586A CN109768965B CN 109768965 B CN109768965 B CN 109768965B CN 201811535586 A CN201811535586 A CN 201811535586A CN 109768965 B CN109768965 B CN 109768965B
- Authority
- CN
- China
- Prior art keywords
- server
- information
- user identity
- identity information
- browser
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The application discloses a login method, equipment and a storage medium of a server, wherein the method comprises the steps that a browser loads a terminal script and sends a first connection request based on a full-duplex communication protocol to a first server; the first server receives the first connection request and verifies the user identity information; the first server verifies the access authority of the user by using the user identity information and the second server information; after the verification is passed, the first server sends a second connection request based on the full-duplex communication protocol to the second server; and the second server receives the connection request, starts the shell process, establishes the pseudo terminal and further establishes connection with the first server. By means of the mode, the login server can be more convenient and safer.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a login method, a login device, and a login storage medium for a server.
Background
With the development of Information Technology (IT), a server of some company enterprises runs one or more IT systems, some of which are service support platforms, some of which are backend support systems, or database software systems, and the like, and IT is essential for any company to ensure the normal operation of these IT systems. Such as updating and upgrading of a service system or a database system, system capacity expansion, capacity reduction, fault and problem location, etc., which often require programmers or operation and maintenance personnel to log in the servers and run various instructions to implement.
The inventor of the application finds that the current server login mode has certain defects in a long-term research and development process, the user identity needs to be verified when the server is logged in every time, the account and the password of the server need to be verified, namely, the server login mode needs to be verified twice, the login process is complicated, the account and the password information of the server are easily revealed, and unnecessary loss is caused. There is a need to develop a new method of logging into a server.
Disclosure of Invention
The technical problem mainly solved by the application is to provide a server login method, equipment and a storage medium, so that the server can be more conveniently and safely logged in.
In order to solve the technical problem, the application adopts a technical scheme that: the method comprises the steps that a browser loads a terminal script and sends a first connection request based on a full-duplex communication protocol to a first server, wherein the first server is a website server for providing the terminal script; the first server receives the first connection request, verifies the user identity information, and sends the user identity information to the first server through the browser; after the verification is passed, establishing connection with the browser; the first server verifies the access authority of the user by using the user identity information and second server information, the second server information is sent to the first server by the browser, and the second server is a server to be accessed; after the verification is passed, the first server sends a second connection request based on the full-duplex communication protocol to the second server; and the second server receives the connection request, starts the shell process, establishes the pseudo terminal, further establishes the connection with the first server, and successfully logs in the second server by the browser.
In order to solve the above technical problem, another technical solution adopted by the present application is: the method comprises the steps that a first server receives a first connection request based on a full-duplex communication protocol, user identity information is verified, and the user identity information is sent to the first server by a browser; after the verification is passed, the first server establishes connection with the browser; the first server verifies the access authority of the user by using the user identity information and second server information, the second server information is sent to the first server by the browser, and the second server is a server to be accessed; and after the verification is passed, the first server sends a second connection request based on the full-duplex communication protocol to the second server.
In order to solve the above technical problem, another technical solution adopted by the present application is: the method comprises the steps that a terminal script is loaded, a first connection request based on a full-duplex communication protocol and user identity information are sent to a first server, and the first server is a website server providing the terminal script; sending second server information to the first server, wherein the second server is a server to be accessed; and receiving the output data of the second server forwarded by the first server.
In order to solve the above technical problem, another technical solution adopted by the present application is: providing a server, wherein the server comprises a processor, and the processor is used for receiving a first connection request based on a full-duplex communication protocol, verifying user identity information, and sending the user identity information to the processor by a browser; after the verification is passed, establishing connection with the browser; verifying the access authority of the user by using the user identity information and second server information, wherein the second server information is sent to the processor by the browser, and the second server is a server to be accessed; after the verification is passed, the processor sends a second connection request based on the full-duplex communication protocol to the second server.
In order to solve the above technical problem, another technical solution adopted by the present application is: a server is provided, which includes a first receiving module, a verifying module, and a first sending module. The first receiving module is used for receiving a first connection request based on a full-duplex communication protocol, verifying user identity information, and sending the user identity information to the first server by the browser; and after the verification is passed, establishing connection with the browser. The verification module is used for verifying the access authority of the user by using the user identity information and the second server information, the second server information is sent to the first server by the browser, and the second server is a server to be accessed. The first sending module is used for sending a second connection request based on the full-duplex communication protocol to the second server after the authentication is passed.
In order to solve the above technical problem, another technical solution adopted by the present application is: the login equipment of the server is provided, and comprises a processor, a first server and a second server, wherein the processor is used for loading a terminal script and sending a first connection request and user identity information based on a full-duplex communication protocol to the first server, and the first server is a website server for providing the terminal script; sending second server information to the first server, wherein the second server is a server to be accessed; and receiving the output data of the second server forwarded by the first server.
In order to solve the above technical problem, another technical solution adopted by the present application is: the login device of the server comprises a loading module, a second sending module and a second receiving module. The loading module is used for loading a terminal script and sending a first connection request and user identity information based on a full-duplex communication protocol to a first server, and the first server is a website server for providing the terminal script. The second sending module is used for sending second server information to the first server, and the second server is a server to be accessed. The second receiving module is used for receiving the output data of the second server forwarded by the first server.
In order to solve the above technical problem, another technical solution adopted by the present application is: there is provided a storage medium having a storage function, the storage medium storing a program, the program realizing the method of registering a server when executed by a processor.
The beneficial effect of this application is: the method is different from the prior art, only one-time user identity authentication is needed when the server is logged in, a login account and a password of the server do not need to be secondarily authenticated, the login process is simplified, in addition, the authority control is carried out on the user to access the server, and therefore necessary authority isolation is carried out, different authorities can be granted to different users according to different services, and the safety of the server is improved.
Drawings
FIG. 1 is a flowchart illustrating a first embodiment of a login method of a server according to the present application;
FIG. 2 is a schematic diagram of a second embodiment of a login method of a server according to the present application;
FIG. 3 is a flowchart illustrating a second embodiment of a login method of a server according to the present application;
FIG. 4 is a schematic flow chart of https mutual authentication of the present application;
FIG. 5 is a schematic flow chart illustrating the process of issuing certificates according to the present application;
FIG. 6 is a schematic diagram of the architecture of WebShell _ agent _ d service of the present application;
FIG. 7 is a flowchart illustrating a third embodiment of a login method of a server according to the present application;
FIG. 8 is a flowchart illustrating a fourth embodiment of a login method of a server according to the present application;
FIG. 9 is a schematic structural diagram of a first embodiment of a server according to the present application;
FIG. 10 is a schematic structural diagram of a second embodiment of the server of the present application;
FIG. 11 is a schematic structural diagram of a first embodiment of a login device of a server according to the present application;
FIG. 12 is a schematic structural diagram of a second embodiment of a login device of the server of the present application;
fig. 13 is a schematic structural diagram of a first embodiment of the apparatus with a storage function according to the present application.
Detailed Description
In order to make the purpose, technical solution and effect of the present application clearer and clearer, the present application is further described in detail below with reference to the accompanying drawings and examples.
The application provides a server login method which is at least applied to a server for logging in a Linux operating system, wherein the Linux operating system has the characteristics of safety, reliability, powerful function, quick updating and upgrading and the like, and is currently common server software. But of course can also be used to log in servers of other operating systems. The method is based on a Linux Shell login platform with safety and authorization functions of Web (webpage), and can log in a server by using a browser to further operate the server.
Referring to fig. 1, fig. 1 is a flowchart illustrating a first embodiment of a login method of a server according to the present application. In this embodiment, the login method of the server includes the steps of:
s101: the browser loads the terminal script and sends a first connection request based on a full-duplex communication protocol to a first server, and the first server is a website server providing the terminal script.
Full Duplex (Full Duplex) communication is also called bidirectional simultaneous communication, that is, an information interaction mode in which two communication parties can simultaneously transmit and receive information.
S102: the first server receives the first connection request, verifies the user identity information, and sends the user identity information to the first server through the browser; and after the verification is passed, establishing connection with the browser.
When the browser is connected and interacted with the first server, the browser sends a connection request based on a full-duplex communication protocol to the first server, and simultaneously sends user identity information, wherein the user identity information can be sent along with the connection request, namely the first connection request carries the user identity information, and the user identity information can also be sent independently. After receiving the first connection request, the first server firstly verifies the user identity information, and the successful connection can be realized only after the verification is passed; if the verification fails, the connection cannot be normally performed.
S103: the first server verifies the access authority of the user by using the user identity information and the second server information, the second server information is sent to the first server by the browser, and the second server is a server to be accessed.
The second server information is IP address information of the second server, and the like. For different users, the server is provided with different access rights, such as read-only or ROOT rights. Therefore, when connecting to access the second server, the access right of the user should be verified.
S104: and after the verification is passed, the first server sends a second connection request based on the full-duplex communication protocol to the second server.
The first server is used as an intermediate server to connect the browser and the second server, and interaction between the browser and the second server can be achieved by establishing connection between the browser and the first server and connection between the first server and the second server.
S105: and the second server receives the second connection request, starts the shell process, establishes the pseudo terminal, further establishes connection with the first server, and successfully logs in the second server by the browser.
The Shell process is also called Shell process, which is colloquially called Shell (to distinguish from core), and refers to software (command parser) for providing an operation interface for users, and receives user commands and then calls corresponding application programs. After receiving the connection request, the second server starts the shell process by using the corresponding account according to the requested authority, establishes the pseudo terminal, sends the output data of the shell process to the first server, forwards the output data to the terminal script on the browser by the first server, and the browser loads the terminal script updating interface again to successfully log in the second server.
In the embodiment, the identity of the user only needs to be verified once when the user logs in the server, the login account and the password of the server do not need to be verified twice, the login process is simplified, in addition, the authority control is also carried out on the user to access the server, so that the necessary authority isolation is carried out, different authorities can be granted to different users according to different services, and the safety of the server is improved.
In one embodiment, the first server is a website server providing terminal scripts, and is called a WebShell service; the second server runs the Agent of the first server, called WebShell Agent. The WebShell service can communicate with the agent program by the server running the agent process, so that the host is provided with the Web service externally. I.e. only the server running the proxy process can communicate with the WebShell service.
Referring to fig. 2 and fig. 3, fig. 2 is a schematic diagram illustrating a second embodiment of a login method of a server according to the present application; fig. 3 is a flowchart illustrating a second embodiment of a login method of a server according to the present application. In the embodiment, the scheme of the application adopts services with a three-layer architecture, namely a browser, a WebShell service and a WebShell Agent. The login method of the server comprises the following steps:
step 1: and inputting the domain name address of the WebShell service on the browser to request a webpage.
Step 2: the WebShell service returns a webpage, and a terminal script is returned from the webpage.
And step 3: and the browser loads the terminal script.
The terminal Script can provide a command line interface, and the command line interface can be opened by running the Script (Script) in the browser. A Command-line Interface (CLI) is a Character User Interface (CUI) that, unlike a Graphical User Interface (GUI), does not typically support a mouse, where a user enters commands through a keyboard and the computer executes the commands upon receiving the commands. Js, etc. may be, for example, a terminal script. In other embodiments, other scripts capable of providing an interactive interface are also possible.
And 4, step 4: the browser sends a first connection request based on a full-duplex communication protocol to the first server.
The browser and the WebShell service are communicated by adopting an HTTP Protocol (Hyper Text Transfer Protocol, HTTP and hypertext Transfer Protocol). Specifically, the terminal script may initiate a first connection request based on a full duplex communication protocol to the WebShell service. The first connection request based on the full-duplex communication protocol may be a WebSocket request, and in other embodiments, the first connection request may also be other full-duplex communication protocols.
The WebSocket Protocol is a new network Protocol based on TCP (Transmission Control Protocol). The Full-Duplex communication between the browser and the server is realized, and the server is allowed to actively send information to the client. WebSocket is one of communication modes of a browser and a Web server, and is different from http in the greatest way that the WebSocket is a long connection, so that a new connection is not needed, redundant symbols such as an http header are retransmitted, and the response is more timely. WebSocket is actually divided into two parts, one is a script (Javascript) program on a browser, and the other is a transport protocol standard of a Web server. In all respects, it is a mature technology, for example, the WebSocket transport protocol became a formal standard of IETF in 2012: RFC 6455, browsers like IE, Safari, Chrome, Firefox, Opera, etc. have also supported formal standards.
The use of WebSocket on a browser is very simple, since he has only two actions: receiving and transmitting. Data can be sent out only by using send (); receiving data can use the onmessage of WebSocket to specify a callback function when receiving information from the server) event, and the data can be obtained in the following example program; calling close () can end the connection. In addition to the onmessage event, the WebSocket API (Application Programming Interface) also supports an onopen/onclose/onerror event. Several other attributes can be used, like readyState of XMLHttpRequest, and four states of connection/OPEN/close can query WebSocket's current state. The bufferdAmount (number of bytes not sent to the server) attribute can acquire how many bytes (bytes) of data are not sent out at present. If the amount of data transmitted is large or the network speed is slow, it can be used to confirm that the last data sent is completely sent. Simple applications generally do not require worry because the transmission speed is generally fast. The constructor of WebSocket actually has an omissible parameter: protocol (network data exchange rules) may specify what subprotocol is to be used by the Web service. For example:
var ws = new WebSocket (’ws://127.0.0.1:8443/wamp’, ’wamp’)。
in addition, based on the protocol attribute, the currently used protocol can also be known. The use of the subprotocol can pack specific application data into a standard use method, and the application can be focused on regardless of the operation mode of the WebSocket through the corresponding support library. A popular subprotocol Application at present is WAMP (the WebSocket Application Messaging protocol). But it is generally less desirable to use it if not already established.
Before using the WebSocket, a WebSocket object needs to be established, and a WebSocket network address to be accessed is transmitted to the WebSocket object, for example:
var ws = new WebSocket (’ws://127.0.0.1:8443/chat’);
ws.onmessage = function(message) {alert(message.data);ws.close()};
ws.send(‘Hello WebSocket.’);
WebSocket can select ws which is equivalent to general http or wss which is equivalent to https, or select wss which is equivalent to https, and the selection of which protocol can be determined according to which protocol is supported by a Web server. The other parts are used just like a general URL (Uniform Resource Locator). In addition, because the WebSocket is a long connection, the URL is not changed while the connection is in progress, so that only one URL can be selected each time, and a new WebSocket connection needs to be established when a user wants to access a different URL.
The use of websockets at the server layer is relatively complex because the entire WebSocket protocol is required to be completed, although this is generally not required and can be done using various libraries that support websockets. The following introduces the content defined by the WebSocket protocol:
the first is the handshake protocol (handshake), which is actually a header (header) compatible with the http format, and the header field defined by the WebSocket is contained in the header, and the Web server must process the information and then respond to the processed result in the corresponding standard header. After the browser checks the header returned by the server, the two parties can establish connection and transmit data until close is called.
Secondly, the unit of data transmission in WebSocket is called Frame, and currently, a centralized Frame is defined in RFC 6455: text data, binary data, ping/pong, close, etc., so that text and binary data can be transmitted, a heartbeat mechanism can be implemented through ping/pong, etc., close is a notification to close a connection. In addition, to support the transmission of data of unknown length, the frame can also be divided for batch transmission.
WebSocket is the basis for realizing WebShell, the long connection technology of the WebSocket can enable the browser to be connected with the process of the back end for a long time, and the data transmission capability of the WebSocket ensures that the input and the output of the browser and the pseudo terminal are connected with each other in a butt joint mode, so that the effect of executing Linux commands in the browser is achieved.
And 5: and the first server receives the first connection request and verifies the user identity information.
The method comprises the steps that user identity information is sent to a first server by a browser; the user identity information can be sent together with the connection request, namely the connection request carries the user identity information; the user identity information may also be sent separately. The user identity information comprises a user account name, a login password and the like.
Specifically, the first server sends the user identity information to the third server, so that the third server verifies the identity information. The third server may be a unified login service platform, such as an oa (office automation) system platform of a company, and the third server has a strict user identity authentication system, and identity information authenticated by the third server can be directly authenticated in other systems without secondary authentication and login. Such as accessing the server, there may be no need to authenticate the account and password of the server system. By establishing the unified login service platform, all systems of a company can share a login system, the system of the login server is communicated with other business systems of the company, unnecessary login of a user is omitted, the login server can be as simple and quick as accessing one webpage, and direct jumping login to the server from the business systems can be supported, so that operation and maintenance of the server and the business systems can be bound together. The programmer and the operation and maintenance personnel can quickly log in the server, deploy the system and process problems, and a plurality of accounts and passwords do not need to be recorded any more.
And after the verification is passed, connecting to the WebShell service, and completing the connection establishment of the browser and the first server.
Step 6: and the first server verifies the access right of the user by utilizing the user identity information and the second server information.
And the second server information is sent to the first server by the browser, and the second server is a server to be accessed. The second server information includes IP address information of the second server, and the like, and the IP address information of the second server may be taken when the domain name address of the WebShell service is initially input, and the information may be sent to the first server when a web page is requested, or the second server information may be sent separately after the connection is established.
Specifically, the first server sends the user identity information and the second server information to the fourth server, so that the fourth server verifies the identity information. The fourth server is a server unified management platform, which stores information of the server to be accessed and access authority thereof, for example, whether the access authority is a read-only or ROOT authority, and if the access authority is the ROOT authority, users of the shell process started when accessing the server finally are different according to different authorities. By establishing a uniform server authority control system, login verification and authority control are carried out on a user access server, so that necessary authority isolation is carried out, different authorities can be granted to different users according to different services, and the system is safer and more controllable.
And 7: the first server sends a second connection request based on the full-duplex communication protocol to the second server.
After the WebShell service is verified, wss request (WebSocket based on https) can be initiated to the second server. The WebShell service and the second server communicate based on the bi-directional authenticated https service, so that the security of the system is better guaranteed. https mutual authentication requires that a client program has a CA certificate, a client certificate and a client Key; meanwhile, the server program is required to have a CA certificate, a server side certificate and a server Key.
The principle of bidirectional authentication and unidirectional authentication is basically similar, except that the client needs to authenticate the server, the authentication of the server to the client is added, and the specific process refers to fig. 4, where fig. 4 is a schematic flow diagram of https bidirectional authentication in the present application. The bidirectional authentication process comprises the following steps:
s401: the client sends information such as SSL protocol version number, encryption algorithm type, random number and the like to the server.
S402: the server side returns information such as SSL protocol version number, encryption algorithm type, random number and the like to the client side, and also returns a certificate of the server side, namely a public key certificate.
S403: the client side uses the information returned by the server side to verify the validity of the server, and the method comprises the following steps:
verifying whether the certificate is expired; whether the CA (Certificate Authority) that issued the server Certificate is authentic; whether the returned public key can correctly unlock the digital signature in the returned certificate or not; whether the domain name on the server certificate matches the actual domain name of the server. And after the verification is passed, continuing to perform communication, otherwise, terminating the communication.
S404: the server requires the client to send the certificate of the client, and the client can send the certificate of the client to the server.
S405: and verifying the certificate of the client, and obtaining the public key of the client after verification.
S406: the client sends the symmetric encryption scheme which can be supported by the client to the server for the server to select.
S407: and the server side selects the encryption mode with the highest encryption degree from the encryption schemes provided by the client side.
S408: and the encryption scheme is encrypted by using the previously acquired public key and returned to the client.
S409: after receiving the encryption scheme ciphertext returned by the server, the client decrypts the ciphertext by using a private key of the client to obtain a specific encryption mode, then generates a random code of the encryption mode to be used as a secret key in the encryption process, encrypts the random code by using a public key obtained from a certificate of the server before, and sends the random code to the server.
S410: after receiving the message sent by the client, the server decrypts the message by using the private key of the server to obtain the symmetric encryption key, and in the next session, the server and the client use the password to perform symmetric encryption, so that the information security in the communication process is ensured. So far, the authentication passes.
In this embodiment, since the public CA certificate authority can only authenticate domain names, only the certificate of the private self-signed system can be used for the https service provided by a large number of servers.
Because the certificates provided by the users are self-signed certificates, the CA certification center is not responsible for authenticating the legality of the certificates, websites and servers, and has the main functions of issuing the certificates, wherein the certificates comprise: the server-side certificate and the client-side certificate are both used, so that the CA certificate issuing center is responsible for issuing the two certificates.
The server-side certificate provides authentication service for WebShell _ agent _ d running on the server, so that the server-side certificate is sent more loosely, and the current issuing principle is to issue the server certificate as long as the server belongs to a server inside a company (the IP address passes verification).
The client certificate is used for communicating with the WebShell _ agent _ d, and can access each server if the client certificate exists, so that the certificate of the client is issued strictly at present, the client certificate can be applied only by a specific IP, and the client certificate can be issued only after the security verification is passed; in this embodiment, the client is a WebShell server.
The CA certificate issuing center has no other additional functions, only has the service of issuing the certificate, and because the increase and decrease of the servers and the change of the servers are always carried out in one enterprise, the CA certificate issuing center automatically applies for the certificate of the server side as long as the newly added servers are provided or the IP of the servers is changed.
Please refer to fig. 5, wherein fig. 5 is a schematic diagram illustrating a process of issuing a certificate according to the present application. In this embodiment, the process of issuing the certificate includes the following steps:
s501: and the client/server sends an http request for applying for a certificate to the CA certificate issuing center.
S502: the CA certification center verifies the validity of the access IP.
Specifically, the CA certification authority may verify the validity of the access to the IP against a Configuration Management Database (CMDB) that stores and manages various Configuration information of the devices in the enterprise IT architecture.
S503: and after the verification is passed, the CA certificate issuing center issues and generates a corresponding certificate.
S504: and returning the corresponding certificate and Key to the client/server.
And 8: and the second server receives the second connection request, starts the shell process, establishes the pseudo terminal and further establishes connection with the first server.
The WebShell _ agent _ d service is deployed on each server and is responsible for realizing the function of a command-based pseudo terminal and binding the pseudo terminal with the https service provided by the pseudo terminal. Architecture of WebShell _ agent _ d service referring to fig. 6, fig. 6 is an architecture diagram of the WebShell _ agent _ d service of the present application.
Specifically, after the WebShell service checks pass, an wss request (WebSocket based on https) may be initiated to WebShell _ agent _ d on the second server. And the WebShell service and the WebShell _ agent _ d communicate based on the service of the bi-directional authenticated https.
When WebShell _ agent _ d is started for the first time, the WebShell _ agent _ d does not have a server-side certificate, and can automatically go to a CA certification center to apply for the server-side certificate and Key, and only can the WebShell _ agent _ d start https service if the server-side certificate and Key exist, and safe WebSocket service is provided for WebShell services (wss).
WebShell _ agent _ d can detect the change of the IP of the server regularly, and a new server-side certificate needs to be applied again as long as the IP is changed. Because the system uses a self-signed certificate which is signed aiming at the IP address, when WebShell _ agent _ d receives a client connection request, the IP address appointed by client connection must correspond to the IP signed by the server certificate, otherwise, WebShell _ agent _ d can be considered illegal, so as long as the IP is changed, WebShell _ agent _ d needs to apply for a new server certificate and restart https service.
After receiving the wss request, WebShell _ agent _ d starts a shell process by using a corresponding account according to the requested authority, and establishes a pseudo terminal.
A Pseudo Terminal device (PTY) is a special Terminal driver device that does not drive a physical device, but is used to direct the output of the Terminal to an application for processing. Pseudo terminal devices exist to provide a way to simulate the behavior of a serial terminal under program control. It appears in the system as a pair of character devices, a pseudo terminal master (master) and a pseudo terminal slave (slave, terminal device file). The/dev/ptmx is a file for creating a pair of master, slave. When a process opens it, a file descriptor (file descriptor) for a master is obtained, while a slave device file is created under/dev/pts. Wherein pts (pseudo-tertiary slave) is an implementation method of pty, and is used together with ptmx (pseudo-tertiary master) to implement pty.
The pseudo terminal may be used to build a wide variety of servers, such as may be used to build a server that provides network login, or to build a command-based server.
The typical examples are Telnetd and SSHD services (SSHD service is the most commonly used at present), which are run on a remote host, and are used for running a Shell process on the remote host by using a Secure rt or push tool based on TCP/IP (Transmission Control Protocol/Internet Protocol, Transmission Control Protocol/Internet interconnection Protocol), wherein SSH is an abbreviation of Secure Shell and is a security Protocol established on an application layer basis; telnet is a standard protocol for Internet Telnet services.
Specifically, the SSHD service receives an external TCP/IP connection, and after the authentication is passed through login (login), starts (fork/exec) a shell process, and at the same time, the SSHD process opens a pseudo terminal device, and the SSHD process is responsible for reading and writing standard input and output from the PTY master device, and the standard input and output of the shell process is mapped to the PTY slave device. Because the PTY master-slave device has the function similar to a bidirectional pipeline, remote instruction data can be converted into standard input of a shell process through a TCP/IP network, and standard output and error output after the shell process is executed are converted into output of TCP to a remote place, so that the Linux system is operated.
In the embodiment, WebShell _ agent _ d adopts a command-based pseudo terminal mode, and when receiving a WebShell service request, the WebShell _ agent _ d creates a PTY device and a Fork shell process; binding the PTY slave device to the standard input, the standard output and the standard error output of the shell process; meanwhile, the WebShell _ agent _ d process takes over the input and the output of the PTY main equipment, and finally the protocol conversion between the WebSocket protocol and the input and the output of the PTY main equipment is realized, so that the safe pseudo terminal service capability of the WebSocket based on https is realized. Compared with an SSH network pseudo terminal mode, the pseudo terminal mode based on the process is adopted, so that the system has high expandability, and the login capability of a Docker container, various commands starting and the like can be realized. If the Shell process command can be replaced as required, for example, a command for logging in a Docker container can log in the Web to the Shell of the container; or alternatively to a top command, the most loaded business process in the system can be looked at directly. The process-based mode creates the pseudo terminal, so that the system framework is very possible, and the system framework is expanded into different fields.
After the shell process is started, WebShell _ agent _ d sends output data of the shell process to the first server, the first server forwards the output data to the terminal script on the browser, and the browser loads the terminal script updating interface again and successfully logs in the second server.
So far, the establishment of the whole WebShell channel is completed, instructions can be executed through a Shell interface on a browser, and a transmission flow diagram of the corresponding instructions is as follows: the instruction is the WebShell service, WebShell agent, shell process.
Specifically, the browser receives an operation instruction and sends the operation instruction to the WebShell service; and the WebShell service sends the operation instruction to the WebShell _ agent _ d, and the WebShell _ agent _ d sends the operation instruction to the shell process, executes the operation instruction and outputs data.
After the shell process executes the instruction, its output will be sent to standard output and then forwarded to the browser, the flow chart is as follows:
the shell process instruction output is WebShell agent d WebShell service browser.
Specifically, the shell process sends the output data to the WebShell _ agent _ d, the WebShell _ agent _ d sends the output data to the WebShell service, and the WebShell service forwards the received output data to the browser.
When the instructions flow through the WebShell service, the WebShell service system can automatically audit, classify and the like the operation instructions, and because the system knows the logged-in user and the executed instructions, the system can easily perform tracing processing on the executed instructions, so that safety accidents caused by artificial intentional behaviors can be effectively avoided.
Based on the above scheme, the present application further provides a server login method, please refer to fig. 7, and fig. 7 is a flowchart illustrating a third embodiment of the server login method according to the present application. In this embodiment, the login method of the server includes the steps of:
s701: the method comprises the steps that a first server receives a first connection request based on a full-duplex communication protocol, user identity information is verified, and the user identity information is sent to the first server through a browser; and after the verification is passed, the first server establishes connection with the browser.
When the browser is connected and interacted with the first server, the browser sends a connection request based on a full-duplex communication protocol to the first server, and simultaneously sends user identity information, wherein the user identity information can be sent along with the connection request, namely the first connection request carries the user identity information, and can also be sent independently.
S702: the first server verifies the access authority of the user by using the user identity information and the second server information, the second server information is sent to the first server by the browser, and the second server is a server to be accessed.
The second server information is IP address information of the second server, and the like. For different users, the server is provided with different access rights, such as read-only or ROOT rights.
S703: and after the verification is passed, the first server sends a second connection request based on the full-duplex communication protocol to the second server.
The first server is used as an intermediate server to connect the browser and the second server, and interaction between the browser and the second server can be achieved by establishing connection between the browser and the first server and connection between the first server and the second server.
In this embodiment, the step of executing the server login method at the first server end is described, and for a specific implementation process, reference is made to the description of the above embodiment, which is not described herein again.
Based on the above scheme, the present application further provides a server login method, please refer to fig. 8, and fig. 8 is a schematic flowchart of a fourth embodiment of the server login method according to the present application. In this embodiment, the login method of the server includes the steps of:
s801: and loading the terminal script to send a first connection request and user identity information based on a full-duplex communication protocol to a first server, wherein the first server is a website server for providing the terminal script.
The browser and the first server communicate with each other by using an HTTP Protocol (Hyper Text Transfer Protocol, HTTP, hypertext Transfer Protocol).
S802: and sending second server information to the first server, wherein the second server is a server to be accessed.
The second server information includes IP address information of the second server, and the like, and the IP address information of the second server may be taken when the domain name address is initially input, and the information is sent to the first server when the web page is requested, or the second server information may be sent separately after the connection is established.
S803: and receiving the output data of the second server forwarded by the first server.
And the second server sends the output data of the shell process to the first server, the first server forwards the output data to the terminal script on the browser, and the browser loads the terminal script updating interface again and successfully logs in the second server.
In this embodiment, a step of executing the server login method by a browser is included, and for a specific implementation process, please refer to the description of the above embodiment, which is not described herein again.
According to the scheme, the login method of the server can log in the server through the browser, a login tool is not needed, and the login mode is simplified. Meanwhile, the identity of the user only needs to be verified once during login, a login account and a password of the server do not need to be verified for the second time, the login process is simplified, in addition, the authority control is carried out on the user to access the server, so that the necessary authority isolation is carried out, different authorities can be granted to different users according to different services, and the safety of the server is improved.
Based on the login method of the server, the application also provides the server which can provide website services and is used for realizing the login method of the server. Referring to fig. 9, fig. 9 is a schematic structural diagram of a server according to a first embodiment of the present application. In this embodiment, the server 90 includes: a processor 901, where the processor 901 is configured to receive a first connection request based on a full duplex communication protocol, verify user identity information, and send the user identity information to the processor 901 by the browser; after the verification is passed, establishing connection with the browser; verifying the access right of the user by using the user identity information and second server information, wherein the second server information is sent to the processor 901 by a browser, and the second server is a server to be accessed; after the verification is passed, the processor 901 sends a second connection request based on the full duplex communication protocol to the second server. The server may be configured to execute the login method of the server, and has corresponding beneficial effects, for which reference is specifically made to the description of the foregoing embodiment, which is not described herein again.
Referring to fig. 10, fig. 10 is a schematic structural diagram of a server according to a second embodiment of the present application. In this embodiment, the server may be a module in the processor when executing the method, and specifically includes that the server 100 includes a first receiving module 1001, a verifying module 1002, and a first sending module 1003.
The first receiving module 1001 is configured to receive a first connection request based on a full-duplex communication protocol, verify user identity information, and send the user identity information to a first server through a browser; and after the verification is passed, establishing connection with the browser.
The verification module 1002 is configured to verify the access right of the user by using the user identity information and second server information, where the second server information is sent to the first server by the browser, and the second server is a server to be accessed.
The first sending module 1003 is configured to send a second connection request based on the full duplex communication protocol to the second server after the authentication is passed.
The server may be configured to execute the login method of the server, and has corresponding beneficial effects, for which reference is specifically made to the description of the foregoing embodiment, which is not described herein again.
Based on the login method of the server, the application also provides login equipment of the server, and the equipment can be used for realizing the login method of the server. Referring to fig. 11, fig. 11 is a schematic structural diagram of a login device of a server according to a first embodiment of the present application. In this embodiment, the login device 110 includes a processor 1101, where the processor 1101 is configured to load a terminal script and send a first connection request based on a full-duplex communication protocol and user identity information to a first server, where the first server is a website server providing the terminal script; sending second server information to the first server, wherein the second server is a server to be accessed; and receiving the output data of the second server forwarded by the first server. The login device may be configured to execute the login method of the server, and has corresponding beneficial effects, for which reference is specifically made to the description of the foregoing embodiment, which is not described herein again. The login device of the server can be an electronic device capable of loading a browser, such as a portable computer, a desktop computer and a tablet computer.
Referring to fig. 12, fig. 12 is a schematic structural diagram of a login device of a server according to a second embodiment of the present application. In this embodiment, the login device may be a module in the processor when executing the method, and the specific login device 120 includes a loading module 1201, a second sending module 1202, and a second receiving module 1203.
The loading module 1201 is configured to load a terminal script and send a first connection request and user identity information based on a full-duplex communication protocol to a first server, where the first server is a web server providing the terminal script.
The second sending module 1202 is configured to send second server information to the first server, where the second server is a server to be accessed.
The second receiving module 1203 is configured to receive output data of the second server forwarded by the first server. The login device may be configured to execute the login method of the server, and has corresponding beneficial effects, for which reference is specifically made to the description of the foregoing embodiment, which is not described herein again.
Based on the login method of the server, the present application further provides a device with a storage function, please refer to fig. 13, and fig. 13 is a schematic structural diagram of a first embodiment of the device with a storage function according to the present application. In this embodiment, the storage device 130 stores a program 1301, and the program 1301 realizes the server registration method when executed. The specific working process is the same as the above method embodiment, and therefore, detailed description is not repeated here, and please refer to the description of the corresponding method steps above in detail. The device with the storage function may be a portable storage medium such as a usb disk, an optical disk, a portable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk and other various media capable of storing program codes, and may also be a terminal, a server and other media.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules or units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, a network device, or the like) or a processor (processor) to execute all or part of the steps of the method according to the embodiments of the present application.
The above description is only for the purpose of illustrating embodiments of the present application and is not intended to limit the scope of the present application, and all modifications of equivalent structures and equivalent processes, which are made by the contents of the specification and the drawings of the present application or are directly or indirectly applied to other related technical fields, are also included in the scope of the present application.
Claims (10)
1. A login method for a server, the method comprising:
the method comprises the steps that a browser loads a terminal script to send a first connection request based on a full-duplex communication protocol to a first server, wherein the terminal script is obtained from the first server and loaded by the browser;
the first server receives the first connection request and sends user identity information to a third server so that the third server can verify the user identity information, the third server has a uniform login service platform, and the user identity information is sent to the first server by the browser; after the verification is passed, establishing connection with the browser;
the first server sends the user identity information and the second server information to a fourth server so that the fourth server verifies the access authority of the user by using the user identity information and the second server information, and the fourth server is provided with a server unified login management platform which stores the information of the server to be accessed and the access authority of the server to be accessed; the second server information is sent to the first server by the browser, and the second server is a server to be accessed; the second server communicates with the first server by running an agent of the first server;
after the verification is passed, the first server sends a second connection request based on a full-duplex communication protocol to the second server;
and the second server receives the second connection request, starts a shell process by adopting a corresponding account according to the requested authority, establishes a pseudo terminal, further establishes connection with the first server, and successfully logs in the second server by the browser.
2. The login method of the server according to claim 1, wherein the second server runs the agent of the first server, receives the second connection request, starts a shell process, establishes a pseudo terminal, and further establishes a connection with the first server, and the method comprises:
the agent program establishes a pseudo terminal based on the command of the second connection request, and binds the pseudo terminal to the standard input, the standard output and the standard error output of the shell process from equipment; and meanwhile, the agent program takes over the input and the output of the pseudo terminal main equipment so as to realize the protocol conversion between the full duplex communication protocol and the input and the output of the pseudo terminal main equipment.
3. A login method for a server, the method comprising:
the method comprises the steps that a first server receives a first connection request based on a full-duplex communication protocol and sends user identity information to a third server so that the third server can verify the user identity information, the third server has a uniform login service platform, and the user identity information is sent to the first server by a browser; after the verification is passed, the first server establishes connection with the browser;
the first server sends the user identity information and the second server information to a fourth server so that the fourth server verifies the access authority of the user by using the user identity information and the second server information, and the fourth server is provided with a server unified login management platform which stores the information of the server to be accessed and the access authority of the server to be accessed; the second server information is sent to the first server by the browser, and the second server is a server to be accessed; the second server communicates with the first server by running an agent of the first server; after the verification is passed, the first server sends a second connection request based on a full-duplex communication protocol to the second server, so that the second server receives the second connection request, a shell process is started by adopting a corresponding account according to the requested authority, a pseudo terminal is established, the connection with the first server is further established, and the browser successfully logs in the second server.
4. The login method of the server according to claim 3, wherein the first server is configured to forward the operation instruction issued by the browser to the second server, and forward the output data issued by the second server to the browser, the method further comprising:
the first server audits the operation instructions flowing through the first server to track and record the operation instructions.
5. A login method for a server, the method comprising:
loading a terminal script to send a first connection request and user identity information based on a full-duplex communication protocol to a first server so that the first server receives the first connection request and sends the user identity information to a third server so that the third server verifies the user identity information, wherein the third server has a uniform login service platform, and the terminal script is obtained from the first server and loaded;
sending second server information to the first server, wherein the second server is a server to be accessed, so that the first server sends the user identity information and the second server information to a fourth server, the fourth server verifies the access authority of the user by using the user identity information and the second server information, and the fourth server is provided with a server unified login management platform which stores the information of the server to be accessed and the access authority of the server to be accessed; after the verification is passed, the first server sends a second connection request based on a full-duplex communication protocol to the second server; the second server communicates with the first server by running the agent program of the first server, so that the second server receives the second connection request, starts a shell process by adopting a corresponding account according to the requested authority, establishes a pseudo terminal, further establishes connection with the first server, and successfully logs in the second server by the browser;
and receiving the output data of the second server forwarded by the first server.
6. A server, comprising a processor configured to:
receiving a first connection request based on a full-duplex communication protocol, and sending user identity information to a third server so that the third server can verify the user identity information, wherein the third server is provided with a uniform login service platform, and the user identity information is sent to the processor by a browser; after the verification is passed, establishing connection with the browser;
sending the user identity information and the second server information to a fourth server so that the fourth server verifies the access authority of the user by using the user identity information and the second server information, wherein the fourth server is provided with a server unified login management platform which stores information of the server to be accessed and the access authority of the server to be accessed; the information of the second server is sent to the processor by the browser, and the second server is a server to be accessed; the second server communicates with the server by running an agent program of the server, so that the second server receives a second connection request, a corresponding account is adopted to start a shell process according to the requested authority, a pseudo terminal is established, connection with the server is further established, and the browser successfully logs in the second server;
after the verification is passed, the processor sends the second connection request based on the full-duplex communication protocol to the second server.
7. A server, characterized in that the server comprises:
the system comprises a first receiving module, a second receiving module and a third server, wherein the first receiving module is used for receiving a first connection request based on a full-duplex communication protocol and sending user identity information to the third server so that the third server can verify the user identity information, the third server is provided with a uniform login service platform, and the user identity information is sent to the first server by a browser; after the verification is passed, establishing connection with the browser;
the verification module is used for sending the user identity information and the second server information to a fourth server so that the fourth server verifies the access authority of the user by using the user identity information and the second server information, and the fourth server is provided with a server unified login management platform which stores the information of the server to be accessed and the access authority of the server to be accessed; the second server information is sent to the server by the browser, and the second server is a server to be accessed; the second server communicates with the server by running an agent program of the server, so that the second server receives a second connection request, a shell process is started by adopting a corresponding account according to the requested authority, a pseudo terminal is established, the connection with the first server is further established, and the browser successfully logs in the second server;
a first sending module, configured to send the second connection request based on a full-duplex communication protocol to the second server after the authentication is passed.
8. A login device for a server, the login device comprising a processor configured to:
loading a terminal script to send a first connection request and user identity information based on a full-duplex communication protocol to a first server so that the first server receives the first connection request and sends the user identity information to a third server so that the third server verifies the user identity information, wherein the third server has a uniform login service platform, and the terminal script is obtained from the first server and loaded;
sending second server information to the first server, wherein the second server is a server to be accessed, so that the first server sends the user identity information and the second server information to a fourth server, the fourth server verifies the access authority of the user by using the user identity information and the second server information, and the fourth server is provided with a server unified login management platform which stores the information of the server to be accessed and the access authority of the server to be accessed; after the verification is passed, the first server sends a second connection request based on a full-duplex communication protocol to the second server; the second server communicates with the first server by running the agent program of the first server, so that the second server receives the second connection request, starts a shell process by adopting a corresponding account according to the requested authority, establishes a pseudo terminal, further establishes connection with the first server, and successfully logs in the second server by the browser;
and receiving the output data of the second server forwarded by the first server.
9. A login device of a server, the login device comprising:
the system comprises a loading module, a first server and a second server, wherein the loading module is used for loading a terminal script and sending a first connection request and user identity information based on a full-duplex communication protocol to the first server so that the first server receives the first connection request and sends the user identity information to the third server so that the third server verifies the user identity information, the third server is provided with a uniform login service platform, and the terminal script is obtained from the first server and loaded;
the second sending module is used for sending second server information to the first server, the second server is a server to be accessed, so that the first server sends the user identity information and the second server information to a fourth server, the fourth server verifies the access authority of the user by using the user identity information and the second server information, and the fourth server is provided with a server unified login management platform which stores the information of the server to be accessed and the access authority of the server to be accessed; after the verification is passed, the first server sends a second connection request based on a full-duplex communication protocol to the second server; the second server communicates with the first server by running the agent program of the first server, so that the second server receives the second connection request, starts a shell process by adopting a corresponding account according to the requested authority, establishes a pseudo terminal, further establishes connection with the first server, and successfully logs in the second server by the browser;
and the second receiving module is used for receiving the output data of the second server forwarded by the first server.
10. A storage medium having a storage function, which is readable by a computer, and which stores a program that, when executed by a processor, implements a login method for a server according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811535586.6A CN109768965B (en) | 2018-12-14 | 2018-12-14 | Login method, equipment and storage medium of server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811535586.6A CN109768965B (en) | 2018-12-14 | 2018-12-14 | Login method, equipment and storage medium of server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109768965A CN109768965A (en) | 2019-05-17 |
| CN109768965B true CN109768965B (en) | 2022-04-19 |
Family
ID=66451910
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811535586.6A Active CN109768965B (en) | 2018-12-14 | 2018-12-14 | Login method, equipment and storage medium of server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109768965B (en) |
Families Citing this family (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110460618B (en) * | 2019-08-26 | 2022-06-07 | 南京国电南自轨道交通工程有限公司 | Safe communication method in integrated monitoring system based on EN50159 standard |
| CN110569473A (en) * | 2019-09-12 | 2019-12-13 | 浪潮软件股份有限公司 | Method for remotely operating linux server based on SSH protocol |
| CN112532568B (en) * | 2019-09-19 | 2022-09-27 | 马上消费金融股份有限公司 | Interaction method, device, equipment and computer readable storage medium |
| CN111092904B (en) * | 2019-12-27 | 2022-04-26 | 杭州迪普科技股份有限公司 | Network connection method and device |
| CN111294386A (en) * | 2020-01-13 | 2020-06-16 | 北京淳中科技股份有限公司 | Server communication method and device and electronic equipment |
| CN111880953A (en) * | 2020-07-31 | 2020-11-03 | 北京致远互联软件股份有限公司 | Application program communication method and device, electronic equipment and storage medium |
| CN111935276B (en) * | 2020-08-07 | 2022-04-26 | 中国联合网络通信集团有限公司 | Remote host access method, device and equipment |
| CN112511484B (en) * | 2020-08-20 | 2023-06-30 | 成都悍力鼎科技有限公司 | U shield safety control management system |
| CN112104668B (en) * | 2020-11-10 | 2021-02-05 | 成都掌控者网络科技有限公司 | Distributed authority process separation control method and device |
| CN113381855B (en) * | 2021-06-11 | 2022-12-27 | 上海哔哩哔哩科技有限公司 | Communication method and system |
| CN114050911B (en) * | 2021-09-27 | 2023-05-16 | 度小满科技(北京)有限公司 | Remote login method and system for container |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103023861A (en) * | 2011-09-26 | 2013-04-03 | 腾讯科技(深圳)有限公司 | Network login method and login system, as well as authentication server |
| CN104426890A (en) * | 2013-09-06 | 2015-03-18 | 北京神州泰岳软件股份有限公司 | Network element accessing method and system based on B/S framework |
| CN104579682A (en) * | 2014-12-30 | 2015-04-29 | 华夏银行股份有限公司 | Access method and system for multi-service server |
| US9288208B1 (en) * | 2013-09-06 | 2016-03-15 | Amazon Technologies, Inc. | Cryptographic key escrow |
| US9641534B2 (en) * | 2015-09-03 | 2017-05-02 | Dell Software, Inc. | Providing controlled access to admin credentials during a migration |
| CN106775950A (en) * | 2016-12-29 | 2017-05-31 | 郑州云海信息技术有限公司 | A kind of virtual machine remote access method and device |
| US9813449B1 (en) * | 2012-08-10 | 2017-11-07 | Lookwise S.L. | Systems and methods for providing a security information and event management system in a distributed architecture |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060218629A1 (en) * | 2005-03-22 | 2006-09-28 | Sbc Knowledge Ventures, Lp | System and method of tracking single sign-on sessions |
| US20090126007A1 (en) * | 2007-11-08 | 2009-05-14 | Avantia, Inc. | Identity management suite |
-
2018
- 2018-12-14 CN CN201811535586.6A patent/CN109768965B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103023861A (en) * | 2011-09-26 | 2013-04-03 | 腾讯科技(深圳)有限公司 | Network login method and login system, as well as authentication server |
| US9813449B1 (en) * | 2012-08-10 | 2017-11-07 | Lookwise S.L. | Systems and methods for providing a security information and event management system in a distributed architecture |
| CN104426890A (en) * | 2013-09-06 | 2015-03-18 | 北京神州泰岳软件股份有限公司 | Network element accessing method and system based on B/S framework |
| US9288208B1 (en) * | 2013-09-06 | 2016-03-15 | Amazon Technologies, Inc. | Cryptographic key escrow |
| CN104579682A (en) * | 2014-12-30 | 2015-04-29 | 华夏银行股份有限公司 | Access method and system for multi-service server |
| US9641534B2 (en) * | 2015-09-03 | 2017-05-02 | Dell Software, Inc. | Providing controlled access to admin credentials during a migration |
| CN106775950A (en) * | 2016-12-29 | 2017-05-31 | 郑州云海信息技术有限公司 | A kind of virtual machine remote access method and device |
Non-Patent Citations (1)
| Title |
|---|
| 实现Webconsole功能;何约什;《简书》;20180717;第1页第2段至第2页最后一段 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109768965A (en) | 2019-05-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109768965B (en) | Login method, equipment and storage medium of server | |
| CN108901022B (en) | Micro-service unified authentication method and gateway | |
| JP6987931B2 (en) | Secure single sign-on and conditional access for client applications | |
| US11323441B2 (en) | System and method for proxying federated authentication protocols | |
| US10277409B2 (en) | Authenticating mobile applications using policy files | |
| CN108475312B (en) | Single sign-on method for device security shell | |
| EP3162103B1 (en) | Enterprise authentication via third party authentication support | |
| JP7023377B2 (en) | Immediate launch of virtual application | |
| US11799841B2 (en) | Providing intercommunication within a system that uses disparate authentication technologies | |
| US8909705B2 (en) | Method and system for use in providing network services interchange | |
| WO2015102872A1 (en) | Split-application infrastructure | |
| US20120246226A1 (en) | System and method for sharing data from a local network to a remote device | |
| US11729334B2 (en) | Communication system, device, and recording medium for remote access to electronic device through relaying device and converter | |
| TW201606564A (en) | Secure unified cloud storage | |
| CN113761509A (en) | iframe verification login method and device | |
| WO2016155266A1 (en) | Data sharing method and device for virtual desktop | |
| CN111193776B (en) | Method, device, equipment and medium for automatically logging in client under cloud desktop environment | |
| CN115190483B (en) | Method and device for accessing network | |
| Li | X. 509 Certificate-Based Authentication for NETCONF and RESTCONF: Design Evaluation between Native and External Implementation | |
| Benjamin | Adapting Kerberos for a browser-based environment | |
| Schwartz et al. | OpenID connect | |
| Tran | Communication Between iOS Mobile App and Backend | |
| JP6100376B2 (en) | Relay processing device, relay processing method, and program | |
| CN117436050A (en) | Big data component management method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20190517 Assignee: GUANGZHOU CUBESILI INFORMATION TECHNOLOGY Co.,Ltd. Assignor: GUANGZHOU HUADUO NETWORK TECHNOLOGY Co.,Ltd. Contract record no.: X2021440000031 Denomination of invention: The invention relates to a server login method, a device and a storage device License type: Common License Record date: 20210125 |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |