CN109962892A - A kind of authentication method and client, server logging in application - Google Patents
A kind of authentication method and client, server logging in application Download PDFInfo
- Publication number
- CN109962892A CN109962892A CN201711424457.5A CN201711424457A CN109962892A CN 109962892 A CN109962892 A CN 109962892A CN 201711424457 A CN201711424457 A CN 201711424457A CN 109962892 A CN109962892 A CN 109962892A
- Authority
- CN
- China
- Prior art keywords
- web application
- token
- server
- application access
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a kind of authentication methods and client, server for logging in application to improve the performance of system interaction for reducing the expense of system resource.The authentication method therein for logging in application includes: that client is requested to network server the first Web application access of transmission;Wherein, the request of the first Web application access logs in the first Web application for requesting, and carries the subscriber identity information for logging in the first Web application;Client receives the token Token that server is generated for the request of the first Web application access;User end to server sends the request of the 2nd Web application access, wherein, the request of 2nd Web application access applies the business for including for requesting access to the first Web, the request of 2nd Web application access carries Token, so that whether server is legal according to Token certification the 2nd Web application access request in the request of the 2nd Web application access.
Description
Technical field
The present invention relates to field of computer technology, in particular to a kind of authentication method and client, service for logging in application
Device.
Background technique
Single-sign-on (Single Sign On, SSO) refers to that in multiple application systems, user only needs to log in once just
The application system of accessible all mutual trusts.It is that the main login of single can be mapped in other application and used by one kind
In the mechanism of the login of the same user.
At present through frequently with SSO scheme be dialogue-based session SSO scheme, basic implementation method is: with
Family logs in some in application, username and password is sent to login service device by client verifies, after being proved to be successful, just
A session is established between client and login service device, just will in this login of this session maintenance period, user
It is effective.When client needs to connect other WEB application servers, server can confirm this session, if
Session exists, then allows subsequent operation, session failed is then refused to operate.
It is this to realize that single-sign-on is replicated generally by session using session, in cluster environment, respectively answer
Session Timing Synchronization guarantees the consistency of each node session.But in this method, each node will be protected
All session are deposited, so that system resource overhead is larger, reduce system performance.
Summary of the invention
The embodiment of the present invention provides a kind of authentication method and client, server for logging in application, for reducing system
Expense improves the performance of system interaction.
In a first aspect, providing a kind of authentication method for logging in application, which includes:
Client sends the request of the first Web application access to network server;Wherein, the first Web application access is asked
It asks for requesting to log in the first Web application, and carries the subscriber identity information for logging in the first Web application;
The client receives the token Token that the server is generated for the first Web application access request;
The client sends the request of the 2nd Web application access to the server, wherein the 2nd Web application is visited
Ask that request applies the business for including for requesting access to the first Web, the 2nd Web application access is requested described in carrying
Token is visited so that the server authenticates the 2nd Web application according to the Token in the 2nd Web application access request
Ask whether request is legal.
Optionally, the client sends the request of the 2nd Web application access to the server, comprising:
The client is packaged the received Token, obtains Token information;
The Token information persistence is stored in the preset data table of the client by the client;
When the client sends the 2nd Web application access request to the server, from the preset data table
It is middle to obtain the Token information;
The client sends the 2nd Web application access request for carrying the Token information.
Optionally, the client sends the 2nd Web application access request for carrying the Token information, comprising:
The client adds the Token information in the Header that the 2nd Web application access is requested;
The client is asked to the 2nd Web application access that server transmission carries the Token information
It asks.
Optionally, the Token information includes Token creation time, Token expired time and the associated use of Token
Family identity information.
Second aspect, provides a kind of authentication method for logging in application, which includes:
Network server receives the first Web application access request that client is sent;Wherein, the first Web application is visited
It asks that request logs in the first Web application for requesting, carries the subscriber identity information for logging in the first Web application;
The server requests to generate token Token and is sent to the client according to the first Web application access;
The server receives the 2nd Web application access request for carrying Token information that the client is sent, and
Whether requested according to the 2nd Web application access described in the Token Information Authentication legal;Wherein, the 2nd Web application access
It requests to apply the business for including for requesting access to the first Web;
If legal, then client described in the server authorization accesses the business that the first Web is applied.
Optionally, the 2nd Web application access for carrying Token that the client is sent is received in the server to ask
Ask, and according to the Token verify the 2nd Web application access request it is whether legal before, further includes:
The server intercepts all Web application access requests by the filter of setting;
All Web application access request that the server parsing is intercepted, and judge whether to carry Token information;
If carrying the Token information, the validity of Token information described in the server authentication.
Optionally, whether the request of the 2nd Web application access according to the Token Information Authentication is legal, comprising:
If the Token information is effective, the server obtains the subscriber identity information in the Token information;
The server is according to the subscriber identity information and user's body for prestoring of the server in the Token information
Whether legal part information verifies the 2nd Web application access request.
The third aspect provides a kind of client, which includes:
At least one processor, and
The memory being connect at least one described processor;
Wherein, the memory is stored with the instruction that can be executed by least one described processor, described at least one
It manages device and realizes such as the described in any item methods of first aspect by executing the instruction of the memory storage.
Fourth aspect provides a kind of server, which includes:
At least one processor, and
The memory being connect at least one described processor;
Wherein, the memory is stored with the instruction that can be executed by least one described processor, described at least one
It manages device and realizes such as the described in any item methods of second aspect by executing the instruction of the memory storage.
5th aspect, provides a kind of computer storage medium, is stored thereon with computer program, the computer program quilt
Such as first aspect and second aspect described in any item methods are realized when processor executes.
In the authentication method provided in an embodiment of the present invention for logging in application, server realizes verifying client by Token
Whether the application access request of transmission is legal.Since Token itself contains the information of all login users, so not needing
Server stores session, and also there is no need to the synchronous consistency for guaranteeing each node session of server, overhead is smaller,
Improve system performance.
Detailed description of the invention
Fig. 1 is a kind of flow chart of the authentication method provided in an embodiment of the present invention for logging in application;
Fig. 2 is a kind of flow chart of the authentication method provided in an embodiment of the present invention for logging in application;
Fig. 3 is a kind of structural schematic diagram of client provided in an embodiment of the present invention;
Fig. 4 is a kind of structural schematic diagram of client provided in an embodiment of the present invention;
Fig. 5 is a kind of structural schematic diagram of server provided in an embodiment of the present invention;
Fig. 6 is a kind of structural schematic diagram of server provided in an embodiment of the present invention.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction in the embodiment of the present invention
Attached drawing, technical scheme in the embodiment of the invention is clearly and completely described.
In general, user is accessed by client in application, each user end to server is sent when accessing application request, all
The username information and encrypted message of user can be carried, such server can just be believed by the user name in access application request
Breath and encrypted message verify the identity of client, avoid unauthorized users to access application.
Existing Web application, mostly maintains the interaction of client and server to recognize using primary session session
After the success of card, i.e. login authentication, message will be authenticated, if username information and encrypted message are put into session session, for subsequent
Request, that is, access the specific service request of application, and directly inspection session session whether there is authentication information.Such mode,
So that user only needs to log in primary application and can access the business for applying all mutual trusts.
And login authentication is realized by the way of session, it is necessary to which each node respectively applied will save all
Session, the session Timing Synchronization respectively applied guarantee the consistency of the session of each node.So that overhead compared with
Greatly, system performance is reduced.
Session can be uniformly put into long-range dictionary in the prior art in order to not need each node duplication session
It is shared in server (REmote DIctionary Server, redis).But hang once breaking down as redis, that is
Session in system is by whole destructions.I.e. this mode can not guarantee the reliability of system.
In consideration of it, server is logical in the authentication method the embodiment of the invention provides a kind of authentication method for logging in application
Whether legal cross the application access request that Token realizes that verifying client is sent.In the embodiment of the present invention, due to Token itself
The information of all login users is contained, so not needing to store session in server, also guarantees service there is no need to synchronous
The consistency of each node session of device, overhead is smaller, improves system performance.
Technical solution provided in an embodiment of the present invention is introduced with reference to the accompanying drawings of the specification.
Referring to Figure 1, the embodiment of the present invention provides a kind of authentication method for logging in application, and this method can be held by client
Row, the process of this method are described as follows:
S101: client sends the request of the first Web application access to network server;Wherein, the first Web application access is asked
It asks for requesting to log in the first Web application, and carries the subscriber identity information for logging in the first Web application;
S102: client receives the token Token that server is generated for the request of the first Web application access;
S103: user end to server sends the request of the 2nd Web application access, wherein the request of the 2nd Web application access is used
The business for including is applied in requesting access to the first Web, the request of the 2nd Web application access carries Token, so that server is according to the
Whether the Token in the request of two Web application access authenticates the request of the 2nd Web application access legal.
Authentication method due to logging in application is related to the interaction of client and server, Fig. 2 is referred to, below
Another authentication method for logging in application is provided, this method can be executed by server, and the process of this method is described as follows:
S201: network server receives the first Web application access request that client is sent;Wherein, the first Web application is visited
It asks that request logs in the first Web application for requesting, carries the subscriber identity information for logging in the first Web application;
S202: server requests to generate token Token and is sent to client according to the first Web application access;
S203: server receives the 2nd Web application access request for carrying Token information that client is sent, and root
Whether request according to the 2nd Web application access of Token Information Authentication legal;Wherein, the request of the 2nd Web application access is visited for requesting
Ask that the first Web applies the business for including;
S204: if legal, then server authorized client accesses the business of the first Web application.
In the embodiment of the present invention, client will access the first Web in application, can send to network server for requesting
Log in the first Web application access request of the first Web application.First Web application can be any Web application.First Web application
Access request carries the subscriber identity information for logging in the first Web application, such as username information and encrypted message.Network service
Device receives the first Web application access request of client transmission, can be requested to generate token according to the first Web application access
Token is simultaneously sent to client.
Specifically, after server receives the request of the first Web application access, the request of the first Web application access can be verified
Legitimacy.If the legitimate user prestored on the subscriber identity information and server that are carried in the request of the first Web application access
Identity information it is identical, then the first Web application access request it is legal.At this point, server can by preset Encryption Algorithm and
The subscriber identity information carried in the request of first Web application access is converted into Token character string by key, generates Token, and will
The Token of generation is sent to client.
Client receives the Token that server is sent and can be stored in local storage unit.When client will access
When the specific business of one application, the 2nd Web application for requesting access to business in the first Web application can be sent to server
Access request.Wherein, the 2nd Web application access request carries Token.Since Token includes subscriber identity information, so that it may
So that whether server is legal according to Token certification the 2nd Web application access request in the request of the 2nd Web application access.
In the embodiment of the present invention, client, can be from local storage unit before sending the request of the 2nd Web application access
Middle acquisition Token, and the Token of acquisition is packaged, obtain Token information.Wherein, Token information may include Token
Creation time, Token expired time and the associated subscriber identity information of Token etc., naturally it is also possible to including other information,
Such as Token ID, unique identification Token information, each Token information can correspond to a Token ID.
Packaged Token information can be passed through the side of introducing literal translation formula scripting language Javascript file by client
Formula is placed in the exploitation code of front end, i.e., just in the development process of front end some step or the stage handled, without shadow
Ring other each code sections.This mode can be realized by tangent plane programming, it is only necessary to front end exploitation code be modified, without repairing
Change backend services exploitation code.It is realized in such a way that section is without intrusion integrated with backend services exploitation code, opens front end
Hair personnel only need to pay close attention to the realization of backend services, reduce development difficulty.
And in the prior art, client and server are realized by Token and log in application authorization, and movement is normally mounted at
The application (Application, APP) of terminal, rather than Web is applied.Token without encapsulation, is directly transmitted and is taken by client
Access application request with Token gives APP server, this results in the developer of each APP to require to remodify front end
Exploitation code and backend services exploitation code, and integrate, increase the development difficulty of developer.And currently, APP is mostly
It is realized and is authenticated by third-party platform, and the mechanism of different APP may be different, prevent third-party platform is various from being compatible with
APP is of limited application.
And in the embodiment of the present invention, client and server are realized by Token and log in application authorization, are more suitable for passing through
The mode of browser accesses Web application.Either which kind of Web application in this way, can be by packaged Token information by drawing
The mode for entering Javascript file is placed in the exploitation code of front end, it is not necessary to modify to backend services exploitation code, passes through section
The mode of no intrusion is realized integrated with backend services exploitation code.Development difficulty is reduced incessantly, more compatible any Web is answered
With application range is wider.
After the Token that client will acquire is packaged into Token information, Token information persistence can be stored in visitor
In the preset data table at family end, which can be a tables of data under store path specified in advance, or should
The content of preset data table storage may include store path.In possible embodiment, it can store in preset data table
The mapping relations of Token ID, Token ID and Token information.When user end to server sends the 2nd Web application request,
Token information can be obtained from preset data table, client can find corresponding Token information by Token ID.Visitor
The Token information found can be added in the Header of the 2nd Web application access request by family end, sent and carried to server
The 2nd Web application access request of Token information.
Server receives the 2nd Web application access request for carrying Token information that client is sent, can be by the
Whether the 2nd Web application access of the Token Information Authentication request in the request of two Web application access is legal.If the server determine that
The request of 2nd Web application access is legal, then the business of the first Web application can be accessed with authorized client.
Due to server be likely to be received client transmission various access application requests, the request of verifying in need,
There is the request for not needing verifying.Currently, no matter needing not needing to verify after server receives access application request, all directly will
Access application request is sent to relevant backend services interface, passes through the legal of backend services interface authentication-access application request
Property, if legal, the direct authorisation process related service of backend services interface.And since current server is that the process that will be verified is handed over
It is verified to each backend services interface oneself, Validation Code must be thus added in each backend services exploitation code.I.e.
It needs to remodify each backend services exploitation code, increases the development cost of developer.
Therefore, in the embodiment of the present invention, filter is can be set in server, is intercepted all Web by the filter and is answered
Use access request.It specifically, can be by server web.xml the configurating filtered device.Server can be all to what is intercepted
The request of Web application access is parsed, to judge whether there is the Web for carrying Token information in all Web application access requests
Application access request.If there is carrying the Web application access request of Token information, then it is considered that the Web application access is asked
What Seeking Truth needed to verify.
At this point, server can request to verify to the Web application access, asked if verifying the Web application access
It asks legal, then Web application access request is sent to corresponding backend services interface.Server just needs to verify one in this way
It is secondary, the request of Web application access is sent to backend services interface after verifying, related industry is directly handled by backend services interface
Business.So there is no need to each backend services interfaces to separately verify the request of Web application access, and naturally also there is no need to after each
It holds and adds Validation Code in business development code.Without invading each backend services exploitation code, can be compatible with each
Backend services exploitation code.It is equivalent to and is added to a verifying between front end exploitation code and each backend services exploitation code
Interface, more conducively front end exploitation code and each backend services exploitation code is integrated, reduces development difficulty.
It, can be first if server discovery carries the Web application access request of Token information in the embodiment of the present invention
First verify the validity of Token information.User if the Token information is effective, in the available Token information of server
Identity information.Specifically, server can by decipherment algorithm corresponding with predetermined encryption algorithm and key pair Token information into
Row decoding, obtains subscriber identity information, creation time, the expired time etc. that it includes.According to subscriber identity information and server
The subscriber identity information prestored compares, if unanimously, it may be considered that the user is legal.Meanwhile server can be tied
The Token expired time closed in Token information determines whether the user has access authority, if Token expired time indicates
Token do not have it is expired, then the user have access authority.At this point, server can authorize the Web application access to request, i.e., will
Web application access request is sent to backend services interface, so that backend services interface handles Web application access request instruction
Business.
In conclusion the authentication method provided in an embodiment of the present invention for logging in application, server are realized by Token and are verified
Whether the application access request that client is sent is legal.Since Token itself contains the information of all login users, so not
It needs to store session in server, overhead is smaller, improves system performance.Since without session, also there is no need to same
Step guarantees that the consistency of each node session of server reduces maintenance cost so that server becomes statelessly to change.
In addition, the Token that client generates server is packaged, then it is added in the 2nd We application request
The separation exploitation of front end exploitation code and backend services exploitation code may be implemented in Header, to backend services exploitation code without
Intrusion, reduces development difficulty.Furthermore in server web.xml the configurating filtered device, all Web are intercepted by the filter
Application access request has verified that the Web application access request for carrying Token information, just asks Web application access after being verified
It asks and is sent to backend services interface, it is not necessary to modify backend services exploitation code, accomplish not invade backend services exploitation code, reduce
Development difficulty.And be easier to realize the integrated of front end exploitation code and backend services exploitation code, reduce system complexity.
Equipment provided in an embodiment of the present invention is introduced with reference to the accompanying drawings of the specification.
Fig. 3 is referred to, based on the same inventive concept, one embodiment of the invention provides a kind of client, which can be with
Including the first transmission unit 301, receiving unit 302 and the second transmission unit 303.Wherein, the first transmission unit 301 is used for net
Network server sends the request of the first Web application access;Wherein, the request of the first Web application access is for requesting the first Web of login to answer
With, and carry the subscriber identity information for logging in the first Web application.Receiving unit 302 is for receiving server for the first Web
The token Token that application access request generates.Second transmission unit 303 is used to send the 2nd Web application access to server and ask
It asks, wherein the request of the 2nd Web application access applies the business for including, the 2nd Web application access for requesting access to the first Web
Request carries Token, asks so that server authenticates the 2nd Web application access according to the Token in the request of the 2nd Web application access
Seeking Truth is no legal.
Optionally, the second transmission unit 303 is specifically used for:
Received Token is packaged, Token information is obtained;
Token information persistence is stored in the preset data table of client;
When sending the request of the 2nd Web application access to server, Token information is obtained from preset data table;
Send the 2nd Web application access request for carrying Token information.
Optionally, the second transmission unit 303 is specifically used for:
Token information is added in the Header of the 2nd Web application access request;
The 2nd Web application access request for carrying Token information is sent to server.
Optionally, Token information includes Token creation time, Token expired time and the associated user's body of Token
Part information.
Fig. 4 is referred to, based on the same inventive concept, one embodiment of the invention provides a kind of client, which can be with
Include: at least one processor 401, the present invention is realized when processor 401 is for executing the computer program stored in memory
The step of authentication method for the login application as shown in Figure 1 that embodiment provides.
Optionally, processor 401 specifically can be central processing unit, application-specific integrated circuit (English:
Application Specific Integrated Circuit, referred to as: ASIC), it can be one or more for controlling journey
The integrated circuit that sequence executes.
Optionally, which further includes the memory 402 connecting at least one processor, and memory 402 can wrap
Include read-only memory (English: Read Only Memory, abbreviation: ROM), random access memory (English: Random
Access Memory, referred to as: RAM) and magnetic disk storage.The number required when being run for storage processor 401 of memory 402
According to being stored with the instruction that can be executed by least one processor 401, at least one processor 401 is by executing memory 402
The instruction of storage executes method as shown in Figure 1.Wherein, the quantity of memory 402 is one or more.Wherein, memory
402 show together in Fig. 4, but it is understood that memory 402 is not essential functional module, therefore with void in Fig. 4
Line is shown.
Wherein, entity device corresponding to the first transmission unit 301, receiving unit 302 and the second transmission unit 303
To be processor 401 above-mentioned.The client can be used for executing method provided by embodiment shown in FIG. 1.Therefore about
The function that each functional module can be realized in the equipment can refer to the corresponding description in embodiment shown in FIG. 1, few superfluous
It states.
Fig. 5 is referred to, based on the same inventive concept, one embodiment of the invention provides a kind of server, which can be with
Including the first receiving unit 501, generation unit 502, the second receiving unit 503 and authorization unit 504.Wherein, first list is received
Member 501 is for receiving the first Web application access request of client transmission;Wherein, the request of the first Web application access is for requesting
The first Web application is logged in, the subscriber identity information for logging in the first Web application is carried.Generation unit 502 is used for according to first
The request of Web application access generates token Token and is sent to client.Second receiving unit 503 is for receiving client transmission
Carry Token information the 2nd Web application access request, and according to the 2nd Web application access of Token Information Authentication request
It is whether legal;Wherein, the request of the 2nd Web application access applies the business for including for requesting access to the first Web.Authorization unit
504 for if legal, then authorized client to access the business of the first Web application.
Optionally, server further includes interception unit, resolution unit and authentication unit, wherein interception unit is for connecing
The 2nd Web application access request for carrying Token that client is sent is received, and the 2nd Web application access is verified according to Token
Before whether request is legal, all Web application access are intercepted by the filter of setting and are requested.Resolution unit is blocked for parsing
All Web application access request cut, and judge whether to carry Token information.If authentication unit is for carrying Token letter
Breath, then verify the validity of Token information.
Optionally, authentication unit is specifically used for:
If Token information is effective, the subscriber identity information in Token information is obtained;
According to the subscriber identity information and the subscriber identity information that prestores of server in Token information, the 2nd Web is verified
Whether application access request is legal.
Fig. 6 is referred to, based on the same inventive concept, one embodiment of the invention provides a kind of server, which can be with
Include: at least one processor 601, the present invention is realized when processor 601 is for executing the computer program stored in memory
The step of authentication method for the login application as shown in Figure 2 that embodiment provides.
Optionally, processor 601 specifically can be central processing unit, application-specific integrated circuit (English:
Application Specific Integrated Circuit, referred to as: ASIC), it can be one or more for controlling journey
The integrated circuit that sequence executes.
Optionally, which further includes the memory 602 connecting at least one processor, and memory 602 can wrap
Include read-only memory (English: Read Only Memory, abbreviation: ROM), random access memory (English: Random
Access Memory, referred to as: RAM) and magnetic disk storage.The number required when being run for storage processor 601 of memory 602
According to being stored with the instruction that can be executed by least one processor 601, at least one processor 601 is by executing memory 602
The instruction of storage executes method as shown in Figure 2.Wherein, the quantity of memory 602 is one or more.Wherein, memory
602 show together in Fig. 6, but it is understood that memory 602 is not essential functional module, therefore with void in Fig. 6
Line is shown.
Wherein, corresponding to the first receiving unit 501, generation unit 502, the second receiving unit 503 and authorization unit 504
Entity device may each be processor 601 above-mentioned.The server can be used for executing side provided by embodiment shown in Fig. 2
Method.Therefore the function of can be realized about each functional module in the equipment can refer to accordingly retouching in embodiment shown in Fig. 2
It states, seldom repeats.
The embodiment of the present invention also provides a kind of computer storage medium, wherein computer storage medium is stored with computer
Instruction, when computer instruction is run on computers, so that computer executes the method as described in Fig. 1 or Fig. 2.
It is apparent to those skilled in the art that for convenience and simplicity of description, only with above-mentioned each function
The division progress of module can according to need and for example, in practical application by above-mentioned function distribution by different function moulds
Block is completed, i.e., the internal structure of device is divided into different functional modules, to complete all or part of function described above
Energy.The specific work process of the system, apparatus, and unit of foregoing description, can be with reference to corresponding in preceding method embodiment
Journey, details are not described herein.
In several embodiments provided by the present invention, it should be understood that disclosed device and method can pass through it
Its mode is realized.For example, the apparatus embodiments described above are merely exemplary, for example, the module or unit
It divides, only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components
It can be combined or can be integrated into another system, or some features can be ignored or not executed.Another point, it is shown or
The mutual coupling, direct-coupling or communication connection discussed can be through some interfaces, the indirect coupling of device or unit
It closes or communicates to connect, can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, each functional unit in each embodiment of the application can integrate in one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product
When, it can store in a computer readable storage medium.Based on this understanding, the technical solution of the application is substantially
The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words
It embodies, which is stored in a storage medium, including some instructions are used so that a computer
It is each that equipment (can be personal computer, server or the network equipment etc.) or processor (processor) execute the application
The all or part of the steps of embodiment the method.And storage medium above-mentioned includes: general serial bus USB
(Universal Serial Bus flash disk), mobile hard disk, read-only memory (Read-Only Memory, ROM),
Random access memory (Random Access Memory, RAM), magnetic or disk etc. be various to can store program code
Medium.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art
Mind and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technologies
Within, then the present invention is also intended to include these modifications and variations.
Claims (10)
1. a kind of authentication method for logging in application characterized by comprising
Client sends the request of the first Web application access to network server;Wherein, the first Web application access request is used
The first Web application is logged in request, and carries the subscriber identity information for logging in the first Web application;
The client receives the token Token that the server is generated for the first Web application access request;
The client sends the request of the 2nd Web application access to the server, wherein the 2nd Web application access is asked
It asks and applies the business for including for requesting access to the first Web, the 2nd Web application access request carries the Token,
It is requested so that the server authenticates the 2nd Web application access according to the Token in the 2nd Web application access request
It is whether legal.
2. the method as described in claim 1, which is characterized in that the client sends the 2nd Web application to the server
Access request, comprising:
The client is packaged the received Token, obtains Token information;
The Token information persistence is stored in the preset data table of the client by the client;
When the client sends the 2nd Web application access request to the server, obtained from the preset data table
Take the Token information;
The client sends the 2nd Web application access request for carrying the Token information.
3. method according to claim 2, which is characterized in that the client, which is sent, carries the described of the Token information
The request of 2nd Web application access, comprising:
The client adds the Token information in the Header that the 2nd Web application access is requested;
The client sends the 2nd Web application access request for carrying the Token information to the server.
4. method as claimed in claim 2 or claim 3, which is characterized in that the Token information include Token creation time,
Token expired time and the associated subscriber identity information of Token.
5. a kind of authentication method for logging in application characterized by comprising
Network server receives the first Web application access request that client is sent;Wherein, the first Web application access is asked
It asks for requesting to log in the first Web application, carries the subscriber identity information for logging in the first Web application;
The server requests to generate token Token and is sent to the client according to the first Web application access;
The server receives the 2nd Web application access for carrying Token information that the client is sent and requests, and according to
Whether the request of the 2nd Web application access described in the Token Information Authentication is legal;Wherein, the 2nd Web application access request
The business for including is applied for requesting access to the first Web;
If legal, then client described in the server authorization accesses the business that the first Web is applied.
6. method as claimed in claim 5, which is characterized in that receive carrying for the client transmission in the server
Whether the 2nd Web application access of Token is requested, and legal according to Token verifying the 2nd Web application access request
Before, further includes:
The server intercepts all Web application access requests by the filter of setting;
All Web application access request that the server parsing is intercepted, and judge whether to carry Token information;
If carrying the Token information, the validity of Token information described in the server authentication.
7. method as claimed in claim 5, which is characterized in that visited according to the application of the 2nd Web described in the Token Information Authentication
Ask whether request is legal, comprising:
If the Token information is effective, the server obtains the subscriber identity information in the Token information;
The server according in the Token information subscriber identity information and the user identity that prestores of the server believe
Whether legal breath verifies the 2nd Web application access request.
8. a kind of client characterized by comprising
At least one processor, and
The memory being connect at least one described processor;
Wherein, the memory is stored with the instruction that can be executed by least one described processor, at least one described processor
Method according to any of claims 1-4 is realized in instruction by executing the memory storage.
9. a kind of server characterized by comprising
At least one processor, and
The memory being connect at least one described processor;
Wherein, the memory is stored with the instruction that can be executed by least one described processor, at least one described processor
Such as the described in any item methods of claim 5-7 are realized in instruction by executing the memory storage.
10. a kind of computer storage medium, is stored thereon with computer program, which is characterized in that the computer program is located
Reason device realizes the method according to claim 1 to 7 when executing.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711424457.5A CN109962892A (en) | 2017-12-25 | 2017-12-25 | A kind of authentication method and client, server logging in application |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711424457.5A CN109962892A (en) | 2017-12-25 | 2017-12-25 | A kind of authentication method and client, server logging in application |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109962892A true CN109962892A (en) | 2019-07-02 |
Family
ID=67021233
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711424457.5A Pending CN109962892A (en) | 2017-12-25 | 2017-12-25 | A kind of authentication method and client, server logging in application |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109962892A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111200742A (en) * | 2019-12-26 | 2020-05-26 | 视联动力信息技术股份有限公司 | Authority management system |
| CN111355713A (en) * | 2020-02-20 | 2020-06-30 | 深信服科技股份有限公司 | Proxy access method, device, proxy gateway and readable storage medium |
| CN111447178A (en) * | 2020-03-03 | 2020-07-24 | 北京皮尔布莱尼软件有限公司 | Access control method, system and computing device |
| CN111935159A (en) * | 2020-08-13 | 2020-11-13 | 工银科技有限公司 | Method, device and system for authenticating mutual trust between multiple systems |
| CN115473754A (en) * | 2022-07-27 | 2022-12-13 | 青岛海尔科技有限公司 | Multi-system access management method and device and multi-system management platform |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102480490A (en) * | 2010-11-30 | 2012-05-30 | 国际商业机器公司 | Method for preventing CSRF attack and equipment thereof |
| CN104378376A (en) * | 2014-11-18 | 2015-02-25 | 深圳中兴网信科技有限公司 | SOA-based single-point login method, authentication server and browser |
| CN106161462A (en) * | 2016-08-29 | 2016-11-23 | 无锡华云数据技术服务有限公司 | A kind of network security certification method |
| CN106302490A (en) * | 2016-08-23 | 2017-01-04 | 浪潮电子信息产业股份有限公司 | A kind of Web session structure based on Token and service calling method |
| US20170230354A1 (en) * | 2015-05-13 | 2017-08-10 | Spotify Ab | Automatic login on a website by means of an app |
-
2017
- 2017-12-25 CN CN201711424457.5A patent/CN109962892A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102480490A (en) * | 2010-11-30 | 2012-05-30 | 国际商业机器公司 | Method for preventing CSRF attack and equipment thereof |
| CN104378376A (en) * | 2014-11-18 | 2015-02-25 | 深圳中兴网信科技有限公司 | SOA-based single-point login method, authentication server and browser |
| US20170230354A1 (en) * | 2015-05-13 | 2017-08-10 | Spotify Ab | Automatic login on a website by means of an app |
| CN106302490A (en) * | 2016-08-23 | 2017-01-04 | 浪潮电子信息产业股份有限公司 | A kind of Web session structure based on Token and service calling method |
| CN106161462A (en) * | 2016-08-29 | 2016-11-23 | 无锡华云数据技术服务有限公司 | A kind of network security certification method |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111200742A (en) * | 2019-12-26 | 2020-05-26 | 视联动力信息技术股份有限公司 | Authority management system |
| CN111200742B (en) * | 2019-12-26 | 2022-07-08 | 视联动力信息技术股份有限公司 | Authority management system |
| CN111355713A (en) * | 2020-02-20 | 2020-06-30 | 深信服科技股份有限公司 | Proxy access method, device, proxy gateway and readable storage medium |
| CN111447178A (en) * | 2020-03-03 | 2020-07-24 | 北京皮尔布莱尼软件有限公司 | Access control method, system and computing device |
| CN111447178B (en) * | 2020-03-03 | 2021-12-21 | 北京皮尔布莱尼软件有限公司 | Access control method, system and computing device |
| CN111935159A (en) * | 2020-08-13 | 2020-11-13 | 工银科技有限公司 | Method, device and system for authenticating mutual trust between multiple systems |
| CN115473754A (en) * | 2022-07-27 | 2022-12-13 | 青岛海尔科技有限公司 | Multi-system access management method and device and multi-system management platform |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106936853B (en) | Cross-domain single sign-on method based on system integration-oriented cross-domain single sign-on system | |
| CN106209749B (en) | Single sign-on method and device, and related equipment and application processing method and device | |
| CN107172054B (en) | Authority authentication method, device and system based on CAS | |
| CN109962892A (en) | A kind of authentication method and client, server logging in application | |
| CN107534557A (en) | The Identity Proxy of access control and single-sign-on is provided | |
| CN112468481B (en) | Single-page and multi-page web application identity integrated authentication method based on CAS | |
| CN113923020B (en) | Micro-service authentication method, device and equipment of SaaS multi-tenant architecture | |
| CN112131021B (en) | Access request processing method and device | |
| CN103139181B (en) | A kind of authorization method of open authentication, device and system | |
| CN111062023B (en) | Method and device for realizing single sign-on of multi-application system | |
| CN112632164B (en) | Universal cross-chain programming interface method for realizing trusted authority access | |
| EP4120109A1 (en) | Cluster access method and apparatus, electronic device, and medium | |
| CN110519285A (en) | User authen method, device, computer equipment and storage medium | |
| CN103685204A (en) | Resource authentication method based on internet of things resource sharing platform | |
| CN108616540B (en) | Platform authentication method and system based on cross-platform encryption algorithm and declarative filtering authentication | |
| CN111818088A (en) | Authorization mode management method and device, computer equipment and readable storage medium | |
| CN109040069A (en) | A kind of dissemination method, delivery system and the access method of cloud application program | |
| CN112685726A (en) | Single-point authentication method based on KEYCLOAK | |
| CN112583834A (en) | Method and device for single sign-on through gateway | |
| CN107645474B (en) | Method and device for logging in open platform | |
| CN113761509B (en) | iframe verification login method and device | |
| CN111010375A (en) | Distributed authentication and authorization method for allowing third-party application to access resources | |
| CN107682321B (en) | A kind of method and device of SDN controller cluster single-sign-on | |
| CN113992446B (en) | Cross-domain browser user authentication method, system and computer storage medium | |
| CN113055186B (en) | Cross-system service processing method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190702 |