CN110120941A - A kind of single-point logging method based on cloud service - Google Patents
A kind of single-point logging method based on cloud service Download PDFInfo
- Publication number
- CN110120941A CN110120941A CN201910302368.6A CN201910302368A CN110120941A CN 110120941 A CN110120941 A CN 110120941A CN 201910302368 A CN201910302368 A CN 201910302368A CN 110120941 A CN110120941 A CN 110120941A
- Authority
- CN
- China
- Prior art keywords
- resource
- request
- service
- preset value
- cloud service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The present invention provides a kind of single-point logging method based on cloud service, including S1: receiving the resource that client is sent and uses request;S2: according to the resource using request and for the preset condition of requested resource, judge whether to accept the resource using request, the preset condition includes: access times preset value, requests preset time period and/or resource frequency of use preset value;S3: if having accepted the resource using request, judge the resource using whether carrying legal login bill in request;S4: if carrying legal login bill, the resource is sent to the service system of requested resource using request.Invention introduces the methods that big data is analyzed in real time, it can be in real time by the difference of request resource, real-time statistics request the resource of each resource to use the request time requested using request number of times and each resource, request for different domain names may determine that, whether request number of times exceeds SC service ceiling number, and whether request time is before using deadline etc..
Description
Technical field
The present invention relates to Single Sign-On Technology Used cloud platform application more particularly to a kind of single-sign-on based on cloud service
Method.
Background technique
Currently, the simple identity authentication mode used is the user name and password of the system by verification user's input, it is seen
It is whether consistent with the user name and password of the user stored in system, to judge whether user identity is correct.More complex
Identification authentication mode uses some more complex Encryption Algorithm and agreement, needs user to show more information, demonstrate,proves such as private key
Oneself bright identity.
Single-sign-on (Single Sign On), referred to as SSO are the solutions of business event integration popular at present
One of scheme.The definition of SSO is in multiple application systems, and user, which only needs to log in, can once access all mutual trusts
Application system.
Currently, being capable of providing central authentication service (the CAS-Central Authentication of single-sign-on
Service) system includes two parts: CAS server-side (CAS Server) and CAS client (CAS Client).CAS
Server needs independent deployment, is mainly responsible for the certification work to user;It is protected to client that CAS Client is responsible for processing
The access request of resource.CAS Client and shielded client application are disposed together, and the shielded money of client is protected
Source.For accessing each Web request of locked resource, whether CAS Client can be analyzed in the request comprising service ticket
(Service Ticket) is then redirected requests to and has been specified if it is not, illustrate that active user not yet logs in
CAS Server entry address, and the purpose resource address to be accessed is transmitted, purpose money is gone back to after logining successfully so as to user
Source address.User log in when input authentication information, if logined successfully, CAS Server be randomly generated an equivalent length,
Uniquely, the Service Ticket that can not be forged, and caching with to verify in the future, system is automatically redirected to be accessed later
Purpose resource address.CAS Client obtain the purpose resource address to be accessed and newly generated Service Ticket it
Afterwards, identity verification is carried out with CAS Server, to ensure the legitimacy of Service Ticket.If Service Ticket is closed
Method then allows to access shielded resource.
And there are following shortcomings by existing CAS:
1) it is not based on cloud platform design;
2) the integrated of each service system needs secondary development, and integrated cost is high;
3) the system-down maintenance for needing to be integrated;
4) integrate restricted, java language only supports tomcat application container, and the version that .net is supported is also limited;
5) CAS is only the other software project of laboratory level of an open source of Yale University, industrialization aspect and commercialization
Application demand there are also very big difference.
6) it only supports sole user center, does not support the access at multi-user center.
From cloud platform service in terms of for, the well-known internet cloud platform technology provider such as A Liyun, Amazon cloud,
E-commerce field application cloud platform technology has wide experience, but for industrial circle, the use of cloud platform technology is zero.Only
Some single-sign-on solutions also only recommend the cas system of integrated open source.
In traditional cloud platform, single-sign-on is achieved in that with a kind of shape of tool assembly for needing secondary development
Formula exists, and traditional single-node login system is C-S structure, when some specific operation system needs to realize single-sign-on function
When, it is integrated that clear and which single-sign-on services needed for it first, and the single-sign-on services can provide an integration tool
It wraps to the system for having demand.Operation system side can put into technological development personnel and kit installation is embedded into it according to integrated requirement
Internal system.The shortcomings that traditional approach has: 1. need to put into research staff again;2. destroying the integrality of original system;3.
The development language held, technological frame may be incompatible;4. if so come for the system integrated integration tool will upgrade
It says, also to carry out once the process of integrated upgrading.5. the means of commercialization are single, initial stage puts into big threshold height, leads to technology or money
It cannot achieve for the insufficient project system of gold integrated.
And from single sign-on it is integrated from the perspective of, the characteristics of industrial cloud platform, has:
1) traffic border is clear and type of business is various, therefore each professional system quantity is various, in simple terms only at present
There are about the corresponding operation systems in 50 kinds of each professional subdivision fields;
2) the professional degree in each business subdivision field is relatively high, and technological frame has in specific area with language is realized
It is specific to require, so technical difficulty is high when integrated, not only have in simple terms using java language, there are also C#, C++, C,
The operation system that all kinds of middle-and-high-ranking language such as python, R are realized.
Comparative analysis conventional internet electric business field, if using integrated single-sign-on services, due to each system service
Client it is more, charge can guarantee, share and integrate required cost in each system and still receive.And in industrial circle
In, since professional degree is high, software application field divide it is thin, although system is more, each system it is function-specific, for hilllock
Position/user is few, if single-sign-on uses CAS tradition integrated technology, cost even can be more than software online between some one's early years
System.
Therefore, under the premise of satisfaction ensures that application is safe, a kind of simple, convenient, authentication of reasonable cost is needed
Integrated technology.
Summary of the invention
To solve the above-mentioned problems, the present invention provides a kind of single-point logging method based on cloud service, the method includes
Following steps:
S1: it receives the resource that client is sent and uses request;
S2: according to the resource using request and for the preset condition of requested resource, judge whether to accept described
Resource uses request;
S3: if having accepted the resource using request, judge that the resource is legal using whether carrying in request
Login bill;
S4: if carrying legal login bill, the resource is sent to requested resource using request
Service system.
Further, the step S1 is specifically included:
It receives the resource that client is sent and issues PUSH message using request using request, and according to the resource, it is described
PUSH message includes current request time and requested target resource address.
Further, the preset condition includes access times preset value, and the step S2 is specifically included:
S211: according to the resource using request and the access times preset value, judge that the resource is using request
The no access times preset value for having exceeded requested resource;
S212: it if without departing from the access times preset value, accepts the resource and uses request.
Further, the preset condition includes request preset time period, and the step S2 is specifically included:
S221: according to the resource using request and the request preset time period, judge that the resource uses request
Whether request time is in the request preset time period;
S222: it if in the preset time period, accepts the resource and uses request.
Further, the preset condition includes resource frequency of use preset value, and the step S2 is specifically included:
S231: according to the resource frequency of use preset value, judge the currently used frequency of the resource whether described
In resource frequency of use preset value;
S232: it if in the resource frequency of use preset value, accepts the resource and uses request.
Further, the step S3 is specifically included:
S301: if having accepted the resource using request, judge that the resource is stepped on using whether carrying in request
Record bill;
S302: if carrying login bill, judge whether the login bill is legal.
Further, the step S4 further comprises:
If not carrying legal login bill, sends information notice client and do further user's login body
Part verifying is to obtain legal login bill.
Further, the step S2 uses big data mpdal/analysis, and real-time statistics request the resource of each resource to make
The request time requested is used with request number of times and each resource.
The present invention also provides a kind of single-node login system based on cloud service, the system is set to industrial cloud platform, with
Realize the above method.
The present invention also provides a kind of computer-readable storage mediums, are stored with the computer for realizing the above method
Program.
Compared with prior art, the invention has the advantages that or the utility model has the advantages that
1. invention introduces the technology that big data is analyzed in real time, energy real-time grading statistics passes through the request number of times of gateway,
The request time of each request, this is not available for traditional single-node login system.Transformation based on this technology, but done into
The control of one step, the request for different domain names can accomplish whether request number of times exceeds ceiling restriction, request time range
Limitation.The present invention can be by access times, according to the time period, by Admission eontrol systems such as frequencies for the use of service, for super
That crosses limitation can cut off routing immediately.And the realization of this functionality, support more commercialized hands of single-sign-on services
Section, for example charge by access times demand, it charges according to the time period.
2. being significantly reduced the cost of the system integration in terms of the system integration, having ensured the stabilization of original system and continuing
The ability of service is provided.
3. the benefit using cloud platform has, according to the continually changing organizational structure of enterprise, pipe diameter design and business demand, it is
Enterprise's cloud application service quickly provides dynamic, flexible, elastic, virtual, shared and efficient computing resource service.It realizes to calculating
Resource, storage resource, Internet resources, cloud application service carry out 7*24 hours Full-time zones, more regions, comprehensive, three-dimensional, intelligent
The IT O&M of change monitors, and ensures that IT system is safe and stable, reliability service.
The problem of most commonly used cas system of industry at present, which solve " either with or without ", and what the design solved is " real
It is impracticable, can be commercialized " the problem of.By the things of an Academic, it is changed into a kind of commercialized product.Real-time auditing with
The characteristic of dynamic integrity ensure that the feasibility of business model, by traditional molding charging mode of Item Sets, be changed into offer
Continuous service is on-demand, by usage amount charging mode.
Detailed description of the invention
The detailed description for reading hereafter exemplary embodiment in conjunction with the accompanying drawings is better understood the scope of the present disclosure,
In included attached drawing be:
Fig. 1 is the flow chart for the single-point logging method based on cloud service that the embodiment of the present invention one provides;
Fig. 2 is that access times preset value according to the present invention judges whether that accepting resource uses the flow chart of request;
Fig. 3 is that request preset time period according to the present invention judges whether that accepting resource uses the flow chart of request;
Fig. 4 is that resource frequency of use preset value according to the present invention judges whether that accepting resource uses the flow chart of request;
Fig. 5 is the step flow chart that verifying logs in bill in method of the invention;
Fig. 6 is the schematic diagram of the invention based on the single-node login system of cloud service present position in entire cloud platform.
Specific embodiment
To make the object, technical solutions and advantages of the present invention clearer, with reference to the accompanying drawing and embodiment come it is detailed
Illustrate embodiment of the present invention, whereby to how the invention applies technical means to solve technical problems, and reaches technology effect
The realization process of fruit can be fully understood and implemented.
Firstly, Basic Design theory of the invention is that the technology component integration mode of traditional single-sign-on is promoted to clothes
Businessization integration mode.By traditional molding charging mode of Item Sets, it is changed into on-demand charging mode.
Embodiment one
Fig. 1 is the flow chart for the single-point logging method based on cloud service that the embodiment of the present invention one provides, below in conjunction with Fig. 1
Each step is described in detail.As shown in Figure 1, this method mainly comprises the steps that
S1: it receives the resource that client is sent and uses request;
In this step, the scene of setting can have been completed that register, register can exist for user for user
Login interface submits identity information, and identity information includes but is not limited to the information such as account, password and the dynamic password of user.It
Afterwards, by according to the identity information of user, authentication is carried out, if the body of the user of the identity information of user's typing and storage
Part information matches, then the user is legitimate user.If the identity information of the user of the identity information of user's typing and storage
It mismatches, then the user is prompted to re-start login.After user is verified as legitimate user, the issuance of a note is to the user and protects
Deposit the bill.
It, should according to the resource using request push PUSH message after receiving the resource of client transmission using request
The content of PUSH message may include request source IP, the current request time, requested target resource address.Wherein, it realizes asynchronous
Push the PUSH message.
S2: according to the resource using request and for the preset condition of requested resource, judge whether to accept described
Resource uses request;The preset condition includes but is not limited to: access times preset value, requests preset time period and/or resource
Frequency of use preset value;
Wherein, the online value that access times preset value can be used for preset requested resource, can be for for institute
There is the number of client request online, or online for the number of a certain single client/user.S2 introduces big number
The method analyzed when factually, can be in real time by the difference of request resource, and real-time statistics request the resource of each resource to use request time
For several and each resource using the request time requested, the request for different domain names may determine that whether request number of times surpasses
SC service ceiling number out, whether request time is before using deadline.
Fig. 2 is that access times preset value according to the present invention judges whether that accepting resource uses the flow chart of request, such as Fig. 2
Shown, S2 may particularly include following steps:
S211: according to the resource using request and the access times preset value, judge that the resource is using request
The no access times for having exceeded requested resource are online, i.e., the described access times preset value;
S212: it if without departing from the access times preset value, accepts the resource and uses request.
In the present embodiment, access times preset value, request preset time period and/or resource frequency of use preset value etc. are pre-
If condition can be used alone, it can also be used cooperatively, play the role of filtering.Request preset time period restriction is requested
Resource energy specific time interval used by the user.For example, the signing time of certain user is upper one year, then use in the current year
Family will not accept the use request of the resource.Above-mentioned example is the explanation to the present embodiment, is not used to limit
Other operable embodiments are also not precluded in protection scope of the present invention processed.Fig. 3 is request preset time according to the present invention
Section judges whether to accept resource using the flow chart of request, as shown in figure 3, specifically, S2 can also further comprise:
S221: according to the resource using request and the request preset time period, judge that the resource uses request
Whether request time is in the request preset time period;
S222: it if in the preset time period, accepts the resource and uses request.
The request time can be obtained from above-mentioned PUSH message.
In addition, the present embodiment additionally provides the limitation of request of another filtering client for resource, i.e. resource uses
Predetermined frequency value.Resource frequency of use preset value refers to the maximum value for the number that a certain resource is used at some time point.
Resource frequency of use will be by real-time statistics, as the foundation compared.Fig. 4 is that resource frequency of use preset value according to the present invention is sentenced
The disconnected resource that whether accepts is using the flow chart of request, as shown in figure 4, specifically, S2 can also further comprise:
S231: according to the resource frequency of use preset value, judge the currently used frequency of the resource whether described
In resource frequency of use preset value;
S232: it if in the resource frequency of use preset value, accepts the resource and uses request.
It when the use request frequency of a certain resource is excessively high, can be caused stress to server, control the money accepted in real time
The quantity of source request, very has practice significance, avoids because calculating the error of transmission of pressure bring.It should be noted that with
Access times preset value requests the similarity of preset time period to be, resource frequency of use preset value is can in this step
One of restrictive condition of choosing, and the present invention is not limited to the above-mentioned several restrictive conditions enumerated.
It after the deterministic process of S2, may be implemented by access times, control client pair according to the time period and/or by frequency
The use of resources/services, above-mentioned each preset value can be preset as the case may be.
S3: if having accepted the resource using request, judge that the resource is legal using whether carrying in request
Login bill;
Wherein, as described above, which refers to that user when logging in, after being verified as legitimate user, signs and issues
To the bill of the user.It hereinbefore mentioned, bill storage has also been carried out while the issuance of a note.Fig. 5 is of the invention
Verifying logs in the step flow chart of bill in method, as described in Figure 5, specifically, S3 includes:
S301: if having accepted the resource using request, judge that the resource is stepped on using whether carrying in request
Record bill;
S302: if carrying login bill, judge whether the login bill is legal.
In some cases, although resource is using carrying bill in request, its bill carried and user before
Be signed and issued to user when login and the bill stored be inconsistent, this bill it is inconsistent, the latter is then identified as illegal
Bill.
S4: if carrying legal login bill, the resource is sent to requested resource using request
Service system.
Embodiment two
The present invention also provides a kind of single-node login systems based on cloud service.Fig. 6 is of the invention based on cloud service
The schematic diagram of single-node login system present position in entire cloud platform, as shown in fig. 6, by taking industrial cloud as an example, single-sign-on system
System belongs to the safe scope of application in entire industrial cloud platform, which specifically includes:
Login service (1) is sent to user identity for providing user's login interface, and by the identity information that user submits
It services (2).In practical applications, CAS Service can be used to realize for login service (1);
User identity service (2), for providing the identification verification function to user.In practical applications, it can be used
Springboot encapsulates user ID data library, externally with REST (Representational State Transfer- statement
The transmitting of character state) interface offer subscriber authentication interface;
Bill management service (3), for handling the identity information of user's submission, the issuance of a note, storing bill and verifying ticket
According to.In practical applications, CAS Service can be used to realize for bill management service (3);
Buffer service (4), for providing the shared caching of session (session control), bill caching;In practice, may be used
It is realized using Redis (one kind of database) cluster, provides shared storage for the service of (1)-(8).
Gateway service (5) extracts bill, initiates note validating, and according to verification result for intercepting resource using request
Route resource uses request.In practice, Zuul gateway can be used to realize, gateway service (5) integrates CAS Client, to all
The request of client intercept, extract the header (HEADER) in request, to do authentication etc., and form PUSH message.
Messaging service (6), for receiving resource using triggered PUSH message is requested, to extract in PUSH message
Content services (7) etc. for subsequent real-time calculating and supports.In practice, it can be used ActiveMQ (java applet) cluster real
It is existing.Such as: the resource that gateway service (1) receives client initiation uses request http://xxx.xxx.promace.com/
Xxx, gateway service (1) can be by the request source IP in request message, current request time, requested target resource addresses
(http://xxx.xxx.promace.com/xxx) is pushed as message object 1, passes to messaging service (6).Message
After service (6) receives, above-mentioned message object 1 is saved into message queue, waits other subsequent processings to consume in the queue
Message object 1.
Service (7) is calculated in real time, and the resource for extracting user in messaging service (6) is disappeared using the triggered push of request
Request, can be done classification metering, statistic frequency etc. by breath.In practice, calculating service (7) in real time Storm can be used to calculate collection in real time
Group realizes, runs in an asynchronous manner, pulls the message object 1 in messaging service (6) in real time, in asynchronous consumption messaging service (6)
Message object 1, in real time calculate service (7) can real-time statistics resource access times, request source IP frequency statistics, handle it is super secondary
The resource routing etc. of time-out.For example, there being object 1 in message queue 6.1, object 2, object 3 ... calculates service in real time
(7) several objects are taken out per the period at regular intervals, carries out subsequent logical process;
7.1 real-time metering logical process, the target resource address information in each object is read out, is carried out tired
Meter, for example, have object 1 [http://xxx.xxx.promace.com/aaa] in current period, object 2 [http: //
Xxx.xxx.promace.com/bbb], object 3 [http://xxx.xxx.promace.com/aaa], then http: //
Xxx.xxx.promace.com/aaa=2, http://xxx.xxx.promace.com/bbb=1, and by the result in the period
It updates in configuration admin service (8), the statistical result which accesses is added to aggregate-value by configuration admin service (8)
In.
Target resource address information in each object is read out, is carried out tired by 7.2 real-time frequency logical process
Meter, for example, have object 1 [http://xxx.xxx.promace.com/aaa] in current period, object 2 [http: //
Xxx.xxx.promace.com/bbb], object 3 [http://xxx.xxx.promace.com/aaa], then http: //
Xxx.xxx.promace.com/aaa=2, http://xxx.xxx.promace.com/bbb=1, when by number divided by the period
Between obtain frequency values, then the frequency values are updated in configuration admin service (8).
Configuration admin service (8), for managing whole operating parameter, service parameter, the configuration management of routing iinformation.?
In practical operation, using the configuration information of Springboot encapsulation Unified Identity verifying cloud service, externally with the offer of REST interface
Configuration item query interface, configuration item modify interface, and configuration item increases interface newly, configure entry deletion interface.Configuration admin service 8 can be with
Each [target resource address] is major key, and record [SC service ceiling number], [currently add up access times], [use by when
Between], [the frequency of use upper limit], [current frequency] etc., and charge system can be cooperated to use, charge system can transfer use [target
Resource address], [currently add up access times], the data such as [use is by the time] be further processed, charge system can basis
Actual conditions transfer above-mentioned arbitrary data and do further logical process.In addition, gateway service (1) passes through configuration admin service
(8) routing iinformation configured in does route processing, and the routing for being dynamically switched on/off a certain resource may be implemented.If a certain
The access times of resource are more than the limitation of [SC service ceiling number], then can remind user on the prompt page.Here [in use
Limit number] it can be understood as access times preset value described above.
The following detailed description of the lower process flow according to above-mentioned each service:
Client initiates HTTP/HTTPS resource using request to gateway service (5), and gateway service (5) is extracted resource and used
Header in request forms PUSH message, and PUSH message is sent to messaging service (6).The content of PUSH message includes asking
Ask source IP, target resource address, the information such as current request time.After messaging service 6 receives, above-mentioned PUSH message is saved to disappearing
It ceases in queue, waits other subsequent processings to consume the message data in the queue.Service (7) is calculated in real time pulls message in real time
Service the message data in (6).It is [current using three kinds of real values of request that Current resource is calculated in calculating service (7) in real time
Request time], [current request cumulative number], [current request frequency], according to it is each in configuration admin service (8) [target provide
Source address] be major key, and with [the SC service ceiling number] of record, [use is by the time], [the frequency of use upper limit] for judge according to
According to.Carry out following logic judgment:
1. judging whether [target resource address] is more than SC service ceiling, when [current request cumulative number] is greater than [in use
Limit number] when, calculating service (7) in real time can be with [target resource address] each in configuration admin service (8) for major key, record
It [exceeding maximum number of times=true], otherwise records and [exceeds maximum number of times=false].
2. judge [target resource address] whether be more than use the time, when [current request time] not [use by when
Between] in, calculating service (7) in real time can be with [target resource address] each in configuration admin service (8) for major key, and record [exceeds
Pot life=true], it otherwise records and [exceeds pot life=false].
3. judging whether [target resource address] is more than frequency of use, when [current request frequency] is greater than [in frequency of use
Limit] when, calculating service (7) in real time can be with [target resource address] each in configuration admin service (8) for major key, and record [exceeds
Frequency of use=true], it otherwise records and [exceeds frequency of use=false].
Gateway service (5) can read each [mesh in configuration admin service (8) when receiving resource using request first
Mark resource address] be major key corresponding [exceed maximum number of times] [exceeding the pot life] [exceeding frequency of use] value, if with
Upper three entry value has 1 to be not processed for true so routing function, and return forbids access to prompt.
Invention introduces the method analyzed in real time, energy real-time grading statistics uses the secondary of request by the resource of gateway
Number, the request time etc. of each request, the request for different domain names may determine that whether request number of times exceeds using upper
Limit number, request time whether in use before the time.The present invention can be controlled by access times, according to the time period by frequency etc.
Access system processed for service use, for be more than limitation can cut off routing immediately.And the realization of this functionality, support
More commercialized means of single-sign-on services, for example charge by access times demand, it charges according to the time period.
Later, gateway service (5) continues to verify resource using billing information whether is carried in the header of request, does not have such as
Billing information allows client to be redirected to login service (1) to obtain eligible bill;If any billing information, then scrip value is extracted,
It is sent to bill management service (3) and verifies its eligible bill whether signed and issued by bill management service (3), such as non-rule allows visitor
Family end is redirected to login service (1) to obtain eligible bill.After client jumps to login service (1), user fills in account
Number, the information such as password, dynamic password, be committed to bill management service (3), user is submitted information to send out by bill management service (3)
It send to user identity service (2);User identity service (2) receives user and submits information, verifies whether it legal, such as illegal
Illegal user's status code is then returned, as legal, returns to legitimate user's status code to bill management service (3), and it is detailed to return to user
Thin information;Bill management service (3) acquires the verification result of user identity service (2), if it is illegal user's status code,
It is then back to login service (1) prompt login failed for user, if it is legitimate user's status code, bill management service (3) is then signed
Invoice evidence simultaneously saves bill.If bill management service (3) judges that gateway service (5) uses extracted ticket in request from resource
According to the eligible bill signed and issued by bill management service (3), then the resource is sent to by gateway service (5) using request is requested
Resource service system.
The present invention is disposed in the form of cluster, and gray scale publication, upgrading can seamlessly transit.A/B survey can be carried out on it
Examination allows a part of user to continue to use product characteristic A, a part of user starts to use product characteristic B, if user is not assorted to B
Opposing views, then gradually expanded scope, all moves to all users to come above B.Gray scale publication can guarantee whole system
The stabilization of system can be found, adjustment problem when initial gray, to guarantee its disturbance degree.
In addition, the present invention also provides a kind of computer readable storage mediums, stepped on wherein being stored with the single-point based on cloud service
The system program of record, the system program realize single-sign-on of the aforementioned present invention based on cloud service when being executed by processor
Method.In specific application: it can use the resource that above system initiates client and screened using request, judged, it is right
In the request for the condition that meets, its requested resource is provided.
Above embodiments are only specific embodiments of the present invention.It is clear that the invention is not restricted to which above embodiments, can also deposit
In many deformations.The institute that all those skilled in the art directly can be exported or be associated with present disclosure
There is deformation to be considered as protection scope of the present invention.
Claims (10)
1. a kind of single-point logging method based on cloud service, which comprises the following steps:
S1: it receives the resource that client is sent and uses request;
S2: according to the resource using request and for the preset condition of requested resource, judge whether to accept the resource
Use request;
S3: if having accepted the resource using request, judge the resource using whether carrying legal step in request
Record bill;
S4: if carrying legal login bill, the resource is sent to the service of requested resource using request
System.
2. the single-point logging method according to claim 1 based on cloud service, which is characterized in that the step S1 is specifically wrapped
It includes:
It receives the resource that client is sent and issues PUSH message, the push using request using request, and according to the resource
Message includes current request time and requested target resource address.
3. the single-point logging method according to claim 1 based on cloud service, which is characterized in that the preset condition includes
Access times preset value, the step S2 are specifically included:
S211: according to the resource using request and the access times preset value, judge whether the resource is surpassed using request
The access times preset value of requested resource is gone out;
S212: it if without departing from the access times preset value, accepts the resource and uses request.
4. the single-point logging method according to claim 1 based on cloud service, which is characterized in that the preset condition includes
Preset time period is requested, the step S2 is specifically included:
S221: according to the resource using request and the request preset time period, judge that the resource uses the request of request
Whether the time is in the request preset time period;
S222: it if in the preset time period, accepts the resource and uses request.
5. the single-point logging method according to claim 1 based on cloud service, which is characterized in that the preset condition includes
Resource frequency of use preset value, the step S2 are specifically included:
S231: according to the resource frequency of use preset value, judge the currently used frequency of the resource whether in the resource
In frequency of use preset value;
S232: it if in the resource frequency of use preset value, accepts the resource and uses request.
6. the single-point logging method according to claim 1 based on cloud service, which is characterized in that the step S3 is specifically wrapped
It includes:
S301: if having accepted the resource using request, judge the resource using whether carrying login ticket in request
According to;
S302: if carrying login bill, judge whether the login bill is legal.
7. the single-point logging method according to claim 1 based on cloud service, which is characterized in that the step S4 is further
Include:
If not carrying legal login bill, sends information and client is notified to do further user's login identity and test
Card is to obtain legal login bill.
8. the single-point logging method according to claims 1 to 8 based on cloud service, which is characterized in that the step S2 is adopted
With big data mpdal/analysis, real-time statistics request the resource of each resource to use request using request number of times and each resource
Request time.
9. a kind of single-node login system based on cloud service, which is characterized in that the system is set to industrial cloud platform, realizes such as
Method according to any one of claims 1 to 8.
10. a kind of computer-readable storage medium, which is characterized in that be stored with for realizing any in such as claim 1~8
The computer program of item the method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910302368.6A CN110120941A (en) | 2019-04-16 | 2019-04-16 | A kind of single-point logging method based on cloud service |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910302368.6A CN110120941A (en) | 2019-04-16 | 2019-04-16 | A kind of single-point logging method based on cloud service |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110120941A true CN110120941A (en) | 2019-08-13 |
Family
ID=67520994
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910302368.6A Pending CN110120941A (en) | 2019-04-16 | 2019-04-16 | A kind of single-point logging method based on cloud service |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110120941A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110826048A (en) * | 2019-09-26 | 2020-02-21 | 北京健康之家科技有限公司 | Resource request processing method, device and equipment |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030188193A1 (en) * | 2002-03-28 | 2003-10-02 | International Business Machines Corporation | Single sign on for kerberos authentication |
| CN105915510A (en) * | 2016-04-12 | 2016-08-31 | 北京小米移动软件有限公司 | Method and device for controlling service traffic |
| CN106598723A (en) * | 2015-10-19 | 2017-04-26 | 北京国双科技有限公司 | Configuration method and device for resources in distributed system |
| CN109067785A (en) * | 2018-09-19 | 2018-12-21 | 新华三大数据技术有限公司 | Cluster authentication method, device |
| CN109413044A (en) * | 2018-09-26 | 2019-03-01 | 中国平安人寿保险股份有限公司 | A kind of request recognition methods of abnormal access and terminal device |
| CN109587147A (en) * | 2018-12-11 | 2019-04-05 | 咪咕文化科技有限公司 | A kind of single-node login system, method, server and storage medium |
-
2019
- 2019-04-16 CN CN201910302368.6A patent/CN110120941A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030188193A1 (en) * | 2002-03-28 | 2003-10-02 | International Business Machines Corporation | Single sign on for kerberos authentication |
| CN106598723A (en) * | 2015-10-19 | 2017-04-26 | 北京国双科技有限公司 | Configuration method and device for resources in distributed system |
| CN105915510A (en) * | 2016-04-12 | 2016-08-31 | 北京小米移动软件有限公司 | Method and device for controlling service traffic |
| CN109067785A (en) * | 2018-09-19 | 2018-12-21 | 新华三大数据技术有限公司 | Cluster authentication method, device |
| CN109413044A (en) * | 2018-09-26 | 2019-03-01 | 中国平安人寿保险股份有限公司 | A kind of request recognition methods of abnormal access and terminal device |
| CN109587147A (en) * | 2018-12-11 | 2019-04-05 | 咪咕文化科技有限公司 | A kind of single-node login system, method, server and storage medium |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110826048A (en) * | 2019-09-26 | 2020-02-21 | 北京健康之家科技有限公司 | Resource request processing method, device and equipment |
| CN110826048B (en) * | 2019-09-26 | 2022-04-05 | 北京健康之家科技有限公司 | Resource request processing method, device and equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108322471B (en) | Multi-tenant identity and data security management cloud service | |
| US10055561B2 (en) | Identity risk score generation and implementation | |
| US10484385B2 (en) | Accessing an application through application clients and web browsers | |
| US20170289134A1 (en) | Methods and apparatus for assessing authentication risk and implementing single sign on (sso) using a distributed consensus database | |
| US20170155686A1 (en) | Fine-grained structured data store access using federated identity management | |
| US10095993B1 (en) | Methods and apparatus for configuring granularity of key performance indicators provided by a monitored component | |
| US8141140B2 (en) | Methods and systems for single sign on with dynamic authentication levels | |
| CN109413032A (en) | A kind of single-point logging method, computer readable storage medium and gateway | |
| US8745088B2 (en) | System and method of performing risk analysis using a portal | |
| US20130215126A1 (en) | Managing Font Distribution | |
| CN112788031B (en) | Micro-service interface authentication system, method and device based on Envoy architecture | |
| WO2013147891A1 (en) | Client security scoring | |
| JP2015528168A (en) | Method and apparatus for pre-provisioning an authentication token for a mobile application | |
| CN111177246B (en) | Service data processing method and device | |
| CN103795690A (en) | Cloud access control method, proxy server, and cloud access control system | |
| CN113497723B (en) | Log processing method, log gateway and log processing system | |
| US20190044979A1 (en) | Virtual communication endpoint services | |
| US11922513B2 (en) | Life insurance clearinghouse | |
| JP2023542681A (en) | Integrating device identity into blockchain permission frameworks | |
| CN113011883A (en) | Data processing method, device, equipment and storage medium | |
| CN110417888A (en) | Flow control methods, volume control device and electronic equipment | |
| US20020116646A1 (en) | Digital credential exchange | |
| CN105812189B (en) | A kind of information processing method and server | |
| CN110660466A (en) | Personal health data chaining method and system of Internet of things by combining block chains | |
| US11449352B2 (en) | Systems and methods for converting record formats |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190813 |
|
| RJ01 | Rejection of invention patent application after publication |