CN110430205A - Single-point logging method, device, equipment and computer readable storage medium - Google Patents

Single-point logging method, device, equipment and computer readable storage medium Download PDF

Info

Publication number
CN110430205A
CN110430205A CN201910742748.1A CN201910742748A CN110430205A CN 110430205 A CN110430205 A CN 110430205A CN 201910742748 A CN201910742748 A CN 201910742748A CN 110430205 A CN110430205 A CN 110430205A
Authority
CN
China
Prior art keywords
user information
redis
information
operation requests
session identification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910742748.1A
Other languages
Chinese (zh)
Other versions
CN110430205B (en
Inventor
罗鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
WeBank Co Ltd
Original Assignee
WeBank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by WeBank Co Ltd filed Critical WeBank Co Ltd
Priority to CN201910742748.1A priority Critical patent/CN110430205B/en
Publication of CN110430205A publication Critical patent/CN110430205A/en
Priority to PCT/CN2020/106349 priority patent/WO2021027600A1/en
Application granted granted Critical
Publication of CN110430205B publication Critical patent/CN110430205B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a kind of single-point logging methods, this method comprises: obtaining Redis address information from preset configuration center when detecting the service starting of access side;When receiving operation requests, according to the network address of the operation requests, judge whether the operation requests are logging request;If the operation requests are logging requests, the corresponding user information of the logging request is obtained, and logs in the corresponding account of the user information;In Account Logon success, session identification is generated, Cookie is written into the session identification, and the corresponding Redis server of the Redis address information is written into the user information.The invention also discloses a kind of single-sign-on device, equipment and a kind of computer readable storage mediums.The present invention improves single-sign-on stability and safety.

Description

Single-point logging method, device, equipment and computer readable storage medium
Technical field
The present invention relates to the big data technical field of financial technology (Fintech) more particularly to single-point logging methods, dress It sets, equipment and computer readable storage medium.
Background technique
In recent years, with Internet technology, the especially rapid development of internet financial technology (Fintech), increasingly More technologies (big data, distribution, block chain Blockchain, artificial intelligence etc.) are applied in financial field, with financial company For, usually they possess multiple business platforms and correspond to multiple servers, and user is when accessing these business platforms, each business Platform will carry out registration login, exit one by one again when exiting, and user's operation is more troublesome, in this case, enterprise Industry forms single-node login system by the way that each business platform is deferred to single-sign-on agreement, and user only needs to log in one of industry Business platform, so that it may access all business platforms trusted each other.
The corresponding business platform (access side) of existing single-node login system needs to call Redis phase by modification code The storage of pass method and acquisition user information, during calling the storage of Redis correlation technique and obtaining user information, Redis Interface can be exposed to access side, and Redis interface has a risk being tampered, the stability of single-node login system and safety compared with It is low.
Summary of the invention
It is a primary object of the present invention to propose a kind of single-point logging method, device, equipment and computer-readable storage medium Matter, it is intended to the stability of current single-node login system and the lower technical problem of safety.
To achieve the above object, the present invention provides a kind of single-point logging method, and the single-point logging method includes following step It is rapid:
When detecting the service starting of access side, Redis address information is obtained from preset configuration center;
When receiving operation requests, according to the network address of the operation requests, judge the operation requests whether be Logging request;
If the operation requests are logging requests, the corresponding user information of the logging request is obtained, and described in login The corresponding account of user information;
In Account Logon success, session identification is generated, Cookie is written into the session identification, and by the use The corresponding Redis server of the Redis address information is written in family information.
Optionally, described in Account Logon success, session identification is generated, the session identification is written Cookie, and the step of Redis server that the user information write-in Redis address information is corresponding, comprising:
In Account Logon success, session identification is generated by default blocker, and the session identification is written Cookie;
The set method in default network interface is called, it is corresponding that the Redis address information is written in the user information Redis server.
Optionally, described when receiving operation requests, according to the network address of the operation requests, judge the operation After the step of whether request is logging request, comprising:
If the operation requests are not logging requests, the operation is obtained from Cookie by default loading interface and is asked Seek corresponding session identification;
The corresponding Redis server of the Redis address information is inquired by the default loading interface, described in judgement It whether there is the corresponding user information of the session identification in Redis server;
If there are the corresponding user informations of the session identification in the Redis server, accesses the access side and connect Mouth executes the operation requests.
Optionally, described in Account Logon success, session identification is generated, the session identification is written Cookie, and after the step of Redis server that the user information write-in Redis address information is corresponding, comprising:
The time-out time of user information described in the Redis server is set;
When the holding time for detecting the user information reaching the time-out time, the Redis server is deleted In the user information;
It is described that the corresponding Redis server of the Redis address information is inquired by the default loading interface, judge institute After the step of stating user information corresponding with the presence or absence of the session identification in Redis server, further includes:
If the corresponding user information of the session identification is not present in the Redis server, prompt information is exported, with Prompt user logs in again.
Optionally, if the operation requests are logging requests, the corresponding user information of the logging request is obtained, And the step of logging in the user information corresponding account, comprising:
If the operation requests are logging requests, the corresponding user information of the logging request is obtained, and described in verifying User information;
If the user information verifying does not pass through, prompt information is exported, to prompt user to input new user information;
If the user information is verified, the corresponding account of the user information is logged in.
In addition, to achieve the above object, the present invention also provides a kind of single-sign-on device, the single-sign-on device packet It includes:
Address acquisition module, for obtaining the address Redis from preset configuration center when detecting the service starting of access side Information;
Judgment module is requested, for according to the network address of the operation requests, judging institute when receiving operation requests State whether operation requests are logging request;
Account Logon module obtains the corresponding use of the logging request if being logging request for the operation requests Family information, and log in the corresponding account of the user information;
Information writing module, for generating session identification, the session identification being written in Account Logon success Cookie, and the corresponding Redis server of the Redis address information is written into the user information.
Optionally, the information writing module, comprising:
First writing unit, for generating session identification by default blocker, and will in Account Logon success Cookie is written in the session identification;
Second writing unit will be described in user information write-in for calling the set method in default network interface The corresponding Redis server of Redis address information.
Optionally, the single-sign-on device, comprising:
Identifier acquisition module, if not being logging request for the operation requests, by default loading interface from The corresponding session identification of the operation requests is obtained in Cookie;
Information inquiry module, for inquiring the corresponding Redis of the Redis address information by the default loading interface Server judges in the Redis server with the presence or absence of the corresponding user information of the session identification;
Access execution module, if in the Redis server there are the corresponding user information of the session identification, It accesses access side's interface and executes the operation requests.
Optionally, the single-sign-on device, further includes:
Time setup module, for the time-out time of user information described in the Redis server to be arranged;
Information deletion module, for deleting when the holding time for detecting the user information reaching the time-out time Except the user information in the Redis server;
Login prompt module, if for the corresponding user information of the session identification to be not present in the Redis server, Prompt information is exported, then to prompt user to log in again.
Optionally, the Account Logon module, comprising:
Information Authentication unit obtains the corresponding use of the logging request if being logging request for the operation requests Family information, and verify the user information;
Output unit is prompted, if not passing through for user information verifying, prompt information is exported, to prompt user defeated Enter new user information;
Account Logon unit logs in the corresponding account of the user information if being verified for the user information.
In addition, to achieve the above object, the present invention also provides a kind of single sign-on equipment, the single sign-on equipment packet It includes: memory, processor and the corresponding meter of single-sign-on that is stored on the memory and can run on the processor Calculation machine program, the single-sign-on corresponding computer program realize such as above-mentioned single-point logging method when being executed by the processor The step of.
In addition, to achieve the above object, it is described computer-readable the present invention also provides a kind of computer readable storage medium It is stored with the corresponding computer program of single-sign-on on storage medium, the corresponding computer program of the single-sign-on is by processor It realizes when execution such as the step of above-mentioned single-point logging method.
It is single in the present invention the invention discloses a kind of single-point logging method, device, equipment and computer readable storage medium Point login method includes: to obtain Redis address information from preset configuration center when detecting the service starting of access side;It is connecing When receiving operation requests, according to the network address of the operation requests, judge whether the operation requests are logging request;If institute Stating operation requests is logging request, then obtains the corresponding user information of the logging request, and it is corresponding to log in the user information Account;In Account Logon success, session identification is generated, Cookie is written into the session identification, and by the use The corresponding Redis server of the Redis address information is written in family information.Configuration center is preset in the embodiment of the present invention, And Redis address information is saved to configuration center, when single sign-on equipment receives operation requests, single sign-on equipment judgement Whether operation requests are logging request, and when operation requests are logging requests, single sign-on equipment obtains Redis from configuration center User information in logging request is stored in the corresponding Redis of Redis address information and serviced by address information, single sign-on equipment In device, so that access side does not need directly to dock Redis interface, single-sign-on stability and safety are improved.
Detailed description of the invention
Fig. 1 is the device structure schematic diagram for the hardware running environment that the embodiment of the present invention is related to;
Fig. 2 is the flow diagram of single-point logging method first embodiment of the present invention;
Fig. 3 is the concrete scene schematic diagram of single-point logging method first embodiment of the present invention;
Fig. 4 is the flow diagram of single-point logging method second embodiment of the present invention;
Fig. 5 is the functional block diagram of one embodiment of single-sign-on device of the present invention.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
As shown in Figure 1, Fig. 1 is the device structure schematic diagram for the hardware running environment that the embodiment of the present invention is related to.
Single sign-on equipment of the embodiment of the present invention can be PC machine or server apparatus.
As shown in Figure 1, the single sign-on equipment may include: processor 1001, such as CPU, network interface 1004, user Interface 1003, memory 1005, communication bus 1002.Wherein, communication bus 1002 is for realizing the connection between these components Communication.User interface 1003 may include display screen (Display), input unit such as keyboard (Keyboard), optional user Interface 1003 can also include standard wireline interface and wireless interface.Network interface 1004 optionally may include having for standard Line interface, wireless interface (such as WI-FI interface).Memory 1005 can be high speed RAM memory, be also possible to stable storage Device (non-volatile memory), such as magnetic disk storage.Memory 1005 optionally can also be independently of aforementioned processing The storage device of device 1001.
It will be understood by those skilled in the art that single sign-on equipment structure shown in Fig. 1 is not constituted to single-sign-on The restriction of equipment, single sign-on equipment may include perhaps combining certain components or not than illustrating more or fewer components Same component layout.
As shown in Figure 1, as may include that operating system, network are logical in a kind of memory 1005 of computer storage medium Believe module, Subscriber Interface Module SIM and the corresponding computer program of single-sign-on.
In single sign-on equipment shown in Fig. 1, network interface 1004 is mainly used for connecting background server, takes with backstage Business device carries out data communication;User interface 1003 is mainly used for connecting client (user terminal), carries out data communication with client; And processor 1001 can be used for calling the corresponding computer program of the single-sign-on stored in memory 1005, the processor The corresponding computer program of the single-sign-on of upper operation is performed, and the method realized can refer to single-point logging method of the present invention Each embodiment.
Based on above-mentioned hardware configuration, single-point logging method embodiment of the present invention is proposed.
It is the flow diagram of single-point logging method first embodiment of the present invention, the single-sign-on side referring to Fig. 2, Fig. 2 Method includes:
Step S10 obtains Redis address information from preset configuration center when detecting the service starting of access side.
In the present embodiment, single-point logging method is applied to single sign-on equipment, and single sign-on equipment is set to single-sign-on The front end of system, single sign-on equipment is for handling the operation requests received on single-node login system;Specifically, the present embodiment In, single sign-on equipment and user client, access side's business platform and single-node login system communicate to connect, for example, the first industry Platform, the second business platform and third business platform be engaged in as access side's business platform that is interrelated and trusting, exploitation or First business platform, the second business platform and third business platform and single-node login system are carried out communication link in advance by operation maintenance personnel It connects, after such user logs in the first business platform, the second business platform can be accessed simultaneously by single-node login system user With third business platform, specifically:
Preset configuration center in single sign-on equipment in the present embodiment includes Redis address information in configuration center, single Point logging device detects access side, and in access side when corresponding business platform starting, access side sends enabled instruction to single-point and steps on Recording apparatus, single sign-on equipment receive the enabled instruction that access side is sent, and single sign-on equipment detects the service starting of access side, Single sign-on equipment obtains Redis address information from preset configuration center, to call Redis related side in Redis address information Method storage obtains user information.
By preset configuration center in the present embodiment, Redis relevant configuration is deposited in into configuration center, it is hidden in the present embodiment It hides and is realized inside single-sign-on, avoid the risk for exposing Single-point system brought by Redis.
Step S20, according to the network address of the operation requests, judges that the operation is asked when receiving operation requests No Seeking Truth is logging request.
Single sign-on equipment receives operation requests, wherein the type of operation requests is not especially limited, that is, operation requests It can be logging request, access request or edit requests etc., in addition, the triggering mode of operation requests is not especially limited, behaviour Request either user actively triggering, for example, user inputs on the subscriber terminal: xxx mailbox click " entrances " trigger Operation requests are sent to single sign-on equipment by operation requests, terminal;Operation requests can also be automatic trigger, for example, with Daily morning automated log on xxx system queries business datum is preset in the terminal of family, then the daily morning automatic trigger behaviour of terminal It requests, operation requests are sent to single sign-on equipment by terminal.
When single sign-on equipment receives operation requests, single sign-on equipment obtains the corresponding network address of operation requests, Single sign-on equipment judges whether operation requests are logging request according to network address, specifically, in single sign-on equipment in advance Setting log in network address set, single sign-on equipment by the corresponding network address of operation requests with login network address set in it is each pre- If entry address is compared, judge the corresponding network address of operation requests whether be it is default log in network address set default step on Address is recorded, if network address is the default default entry address logged in network address set, single sign-on equipment decision is asked Seeking Truth logging request;If network address is not the default default entry address logged in network address set, single sign-on equipment is sentenced Determining operation requests is not logging request.
Single sign-on equipment judges whether operation requests are logging requests in the present embodiment, to determine subsequent processing steps, That is,
Step S30 obtains the corresponding user information of the logging request if the operation requests are logging requests, and Log in the corresponding account of the user information.
If operation requests are logging requests, single sign-on equipment obtains the corresponding user information of logging request, wherein user Information includes that (account identification refers to the identification information of unique identification logon account to account identification, for example, name on account, user's surname Name, user identity demonstrate,prove number) and other account-related informations such as login password, single sign-on equipment is by user information input correspondence Network address, execute log-in instruction, with the corresponding account of login user information;Specifically, comprising:
Step a1 obtains the corresponding user information of the logging request, and test if the operation requests are logging requests Demonstrate,prove the user information;
Step a2 exports prompt information, if user information verifying does not pass through to prompt user to input new user Information;
Step a3 logs in the corresponding account of the user information if the user information is verified.
In conjunction with Fig. 3, in the present embodiment, filter (filter) is preset in single sign-on equipment, wherein preset Filter refers to that pre-set filtering code, preset filter can pass through SDK (Software Development Kit, Software Development Kit are that some software engineers are specific software package, software frame, hardware platform, operating system etc. The set of developing instrument when establishing application software) it realizes.
If operation requests are logging requests, preset filter does not intercept the logging request, single-point in single sign-on equipment Logging device obtains the corresponding user information of logging request, and verifies user information;That is, pre-saving mark in single sign-on equipment Quasi- log-on message set, each user's registration for including in standard log-on message set or actively the standard of setting logs in letter Breath, single sign-on equipment carry out the standard log-on message in the corresponding user information of logging request and standard log-on message set It compares, to be verified to user information, that is, if there is target criteria identical with user information in standard log-on message set Information, then user information is verified;If there is no target criterias identical with user information to believe in standard log-on message set Breath, then user information verifying do not pass through;If user information verifying does not pass through, single sign-on equipment exports prompt information, to mention Show that user inputs new user information;If user information is verified, the corresponding account of single sign-on equipment login user information Family.
Step S40 generates session identification in Account Logon success, and Cookie is written in the session identification, and The corresponding Redis server of the Redis address information is written into the user information.
Specifically, comprising:
Step b1 generates session identification by default blocker in Account Logon success, and by the session mark Know write-in Cookie;
Step b2 calls the set method in default network interface, and the address Redis is written in the user information and is believed Cease corresponding Redis server.
That is, presetting blocker in single sign-on equipment, default blocker refers to pre-set in Account Logon success For generating the code of session identification, default blocker can (Software Development Kit, software be opened by SDK Hair kit is that some software engineers are the foundation such as specific software package, software frame, hardware platform, operating system using soft The set of developing instrument when part) it realizes, single sign-on equipment generates session identification by default blocker, and by session identification Cookie is written.
In conjunction with Fig. 3, single sign-on equipment calls default network interface, and (default network interface refers to be rewritten in advance Http Session interface code, for realizing user information deposit operation) in set method, preset network interface according to set The corresponding Redis server of Redis address information is written in user information by method.
It is understood that single sign-on equipment is corresponding by user information write-in Redis address information in the present embodiment Redis server, in the interrelated of user's access preset foundation and the access side trusted, single sign-on equipment calls default add Carry interface (default loading interface refers to the Http Servlet Reques interface adapted in advance, preset loading interface be used for from Obtain user information in Redis, and user information returned and is operated) in get User Principle method, from Cookie The corresponding session identification of middle acquisition operation requests;Single sign-on equipment inquires Redis address information pair by default loading interface The Redis server answered obtains the corresponding user information of session identification in Redis server, then realizes single-sign-on, that is, single Point logging device inquires in Redis server there are the corresponding user information of session identification, then the side of access response user's operation Request;Single sign-on equipment, which inquires, is not present the corresponding user information of session identification, single sign-on equipment in Redis server Prompt user logs in again, wherein and there are many reason of there is no session identification corresponding user informations in Redis server, For example, the too long deleted or user of user information storage time triggers logon account and exits operation in Redis server.
Configuration center is preset in the embodiment of the present invention, and Redis address information is saved to configuration center, and single-point is stepped on When recording apparatus receives operation requests, single sign-on equipment judges whether operation requests are logging request, is to step in operation requests When record request, single sign-on equipment obtains Redis address information from configuration center, and single sign-on equipment is by the use in logging request Family information is stored in the corresponding Redis server of Redis address information, so that access side does not need directly to dock Redis and connect Mouthful, improve single-sign-on stability and safety.
Further, referring to Fig. 4, on the basis of single-point logging method first embodiment of the present invention, this invention is proposed Method second embodiment.
The present embodiment be in first embodiment after step S20 the step of, the difference of the present embodiment and first embodiment exists In:
Step S50 obtains institute by default loading interface if the operation requests are not logging requests from Cookie State the corresponding session identification of operation requests.
If operation requests are not logging requests, single sign-on equipment calls default loading interface, and (default loading interface refers to The Http Servlet Reques interface adapted in advance, default loading interface are used to obtain user information from Redis, and User information is returned and is operated) in get User Principle method that the operation requests are obtained from Cookie is corresponding Session identification.
That is, single sign-on equipment can generate session identification, and session identification is written to when user carries out single-sign-on In Cookie, when user executes operation requests, single sign-on equipment can obtain session identification from Cookie, by session identification As key value, the corresponding user information of session identification is obtained from Redis server, specifically:
Step S60 inquires the corresponding Redis server of the Redis address information by the default loading interface, sentences Break in the Redis server with the presence or absence of the corresponding user information of the session identification.
Single sign-on equipment inquires the corresponding Redis server of Redis address information by default loading interface, and single-point is stepped on Recording apparatus judges in Redis server with the presence or absence of the corresponding user information of session identification.
Step S70, if there are the corresponding user information of the session identification in the Redis server, described in access Access side's interface executes the operation requests.
If single sign-on equipment determines that user is in and steps on there are session identification corresponding user information in Redis server Record state, single sign-on equipment access access side's interface and execute operation requests, that is, single sign-on equipment passes through access side's interface tune With the setting of set get method and acquisition session attribute value of Http Session request, set and get method can be according to session It identifies to the setting of Redis server or querying attributes value and realizes operation requests.
Step S80, if the corresponding user information of the session identification is not present in the Redis server, output is mentioned Show information, to prompt user to log in again.
Redis server can remove cache information, and single sign-on equipment, which is inquired, determines that there is no sessions in Redis server Corresponding user information is identified, single sign-on equipment exports prompt information, to prompt user to log in again, in the present embodiment, benefit The characteristic updated with Redis server buffer avoids business platform from logging in for a long time and occupies resource unmanned the case where using.
In the present embodiment, single sign-on equipment when operation requests are not logging requests, call by single sign-on equipment Get User Principle method obtains user information in Http Servlet Request, in Http Servlet When the user information that Request is returned, does not need user and carry out duplicate register, single sign-on equipment access access side connects Mouth executes operation requests, so that user's operation is more convenient.
To original Http Session interface code and Http Servlet Reqeust interface code in the present embodiment It is adapted, primary Http Session and Http Servlet Request is substituted for the realization of single-node login system, So that access side's operation maintenance personnel does not need modification code, realizes and system zero is invaded, facilitate the operation of access side, realize use Family unaware.
Further, on the basis of single-point logging method above-described embodiment of the present invention, propose that the method for the present invention third is real Apply example.
The step of the present embodiment is after first embodiment step S20, the difference of the present embodiment and above-described embodiment is:
The time-out time of user information described in the Redis server is set, in the guarantor for detecting the user information When depositing the time arrival time-out time, the user information in the Redis server is deleted.
The time-out time of user information in Redis server is arranged in single sign-on equipment, so that Redis server is according to setting The time-out time set removes cache information automatically, and the time-out time that user information in Redis server is arranged in the present embodiment can With by different modes realize, specifically: implementation one: single sign-on equipment according to the user gradation in user information, if The time-out time of user information is set, for example, user gradation is level-one in user information, then the time-out time of user information is 10 points Kind, user gradation is second level in user information, then the time-out time of user information is 20 points of kinds;Implementation two: single-sign-on Remaining space in equipment Redis server is arranged, when the remaining space in Redis server is greater than 50%, time-out time It is 20 points of kinds, when the remaining space in Redis server is less than or equal to 50%, time-out time is 10 points of kinds.
Single sign-on equipment when detecting that holding time of the user information in Redis server reaches time-out time, Single sign-on equipment deletes the user information in Redis server, step S60 in second embodiment is at this moment executed, by described Default loading interface inquires the corresponding Redis server of the Redis address information, judge in the Redis server whether There are the corresponding user informations of the session identification, and obtained result is exactly: it is corresponding that there is no session identifications in Redis server User information, then at this time single sign-on equipment export prompt information so that user logs in again.
In the present embodiment single sign-on equipment by the corresponding Redis server of user information write-in Redis address information it Afterwards, single sign-on equipment can also set the holding time of user information, to reduce Redis server resource occupancy, and further Improve safety in ground.
Referring to Fig. 5, the embodiment of the present invention also provides a kind of single-sign-on device, and the single-sign-on device includes:
Address acquisition module 10, for obtaining Redis from preset configuration center when detecting the service starting of access side Location information;
Judgment module 20 is requested, for according to the network address of the operation requests, judging when receiving operation requests Whether the operation requests are logging request;
It is corresponding to obtain the logging request if being logging request for the operation requests for Account Logon module 30 User information, and log in the corresponding account of the user information;
Information writing module 40, for generating session identification, the session identification being write in Account Logon success Enter Cookie, and the corresponding Redis server of the Redis address information is written into the user information.
In one embodiment, the information writing module, comprising:
First writing unit, for generating session identification by default blocker, and will in Account Logon success Cookie is written in the session identification;
Second writing unit will be described in user information write-in for calling the set method in default network interface The corresponding Redis server of Redis address information.
In one embodiment, the single-sign-on device, comprising:
Identifier acquisition module, if not being logging request for the operation requests, by default loading interface from The corresponding session identification of the operation requests is obtained in Cookie;
Information inquiry module, for inquiring the corresponding Redis of the Redis address information by the default loading interface Server judges in the Redis server with the presence or absence of the corresponding user information of the session identification;
Access execution module, if in the Redis server there are the corresponding user information of the session identification, It accesses access side's interface and executes the operation requests.
In one embodiment, the single-sign-on device, further includes:
Time setup module, for the time-out time of user information described in the Redis server to be arranged;
Information deletion module, for deleting when the holding time for detecting the user information reaching the time-out time Except the user information in the Redis server;
Login prompt module, if for the corresponding user information of the session identification to be not present in the Redis server, Prompt information is exported, then to prompt user to log in again.
In one embodiment, the Account Logon module, comprising:
Information Authentication unit obtains the corresponding use of the logging request if being logging request for the operation requests Family information, and verify the user information;
Output unit is prompted, if not passing through for user information verifying, prompt information is exported, to prompt user defeated Enter new user information;
Account Logon unit logs in the corresponding account of the user information if being verified for the user information.
When each functional module executes in single-sign-on device of the present invention, realize such as the step of above-mentioned single-point logging method, It is not repeated in the present embodiment.
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row His property includes, so that the process, method, article or the system that include a series of elements not only include those elements, and And further include other elements that are not explicitly listed, or further include for this process, method, article or system institute it is intrinsic Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including being somebody's turn to do There is also other identical elements in the process, method of element, article or system.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases The former is more preferably embodiment.Based on this understanding, technical solution of the present invention substantially in other words does the prior art The part contributed out can be embodied in the form of software products, which is stored in one as described above In storage medium (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that terminal device (it can be mobile phone, Computer, server, air conditioner or network equipment etc.) execute method described in each embodiment of the present invention.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills Art field, is included within the scope of the present invention.

Claims (12)

1. a kind of single-point logging method, which is characterized in that the single-point logging method includes the following steps:
When detecting the service starting of access side, Redis address information is obtained from preset configuration center;
When receiving operation requests, according to the network address of the operation requests, judge whether the operation requests are login Request;
If the operation requests are logging requests, the corresponding user information of the logging request is obtained, and log in the user The corresponding account of information;
In Account Logon success, session identification is generated, Cookie is written into the session identification, and the user is believed The corresponding Redis server of the Redis address information is written in breath.
2. single-point logging method as described in claim 1, which is characterized in that it is described in Account Logon success, generate meeting Cookie is written in the session identification by words mark, and the user information write-in Redis address information is corresponding The step of Redis server, comprising:
In Account Logon success, session identification is generated by default blocker, and the session identification is written Cookie;
The set method in default network interface is called, it is corresponding that the Redis address information is written in the user information Redis server.
3. single-point logging method as described in claim 1, which is characterized in that it is described when receiving operation requests, according to described The network address of operation requests, after judging the step of whether operation requests are logging request, comprising:
If the operation requests are not logging requests, the operation requests pair are obtained from Cookie by default loading interface The session identification answered;
The corresponding Redis server of the Redis address information is inquired by the default loading interface, judges the Redis It whether there is the corresponding user information of the session identification in server;
If there are the corresponding user informations of the session identification in the Redis server, accesses access side's interface and hold The row operation requests.
4. single-point logging method as claimed in claim 3, which is characterized in that it is described in Account Logon success, generate meeting Cookie is written in the session identification by words mark, and the user information write-in Redis address information is corresponding After the step of Redis server, further includes:
The time-out time of user information described in the Redis server is set;
When the holding time for detecting the user information reaching the time-out time, delete in the Redis server The user information;
It is described that the corresponding Redis server of the Redis address information is inquired by the default loading interface, described in judgement After the step of in Redis server with the presence or absence of the session identification corresponding user information, further includes:
If the corresponding user information of the session identification is not present in the Redis server, prompt information is exported, with prompt User logs in again.
5. the single-point logging method as described in Claims 1-4 any one, which is characterized in that if the operation requests are Logging request then obtains the corresponding user information of the logging request, and the step of logging in the user information corresponding account, Include:
If the operation requests are logging requests, the corresponding user information of the logging request is obtained, and verify the user Information;
If the user information verifying does not pass through, prompt information is exported, to prompt user to input new user information;
If the user information is verified, the corresponding account of the user information is logged in.
6. a kind of single-sign-on device, which is characterized in that the single-sign-on device includes:
Address acquisition module, for obtaining the address Redis from preset configuration center and believing when detecting the service starting of access side Breath;
Judgment module is requested, for according to the network address of the operation requests, judging the behaviour when receiving operation requests Request whether to be logging request;
Account Logon module obtains the corresponding user's letter of the logging request if being logging request for the operation requests Breath, and log in the corresponding account of the user information;
Information writing module, for generating session identification, the session identification being written in Account Logon success Cookie, and the corresponding Redis server of the Redis address information is written into the user information.
7. single-sign-on device as claimed in claim 6, which is characterized in that the information writing module, comprising:
First writing unit, for generating session identification by default blocker, and will be described in Account Logon success Cookie is written in session identification;
For calling the set method in default network interface the Redis is written in the user information by the second writing unit The corresponding Redis server of address information.
8. single-sign-on device as claimed in claim 6, which is characterized in that the single-sign-on device, comprising:
Identifier acquisition module, if not being logging request for the operation requests, through default loading interface from Cookie Obtain the corresponding session identification of the operation requests;
Information inquiry module is serviced for inquiring the corresponding Redis of the Redis address information by the default loading interface Device judges in the Redis server with the presence or absence of the corresponding user information of the session identification;
Execution module is accessed, if for, there are the corresponding user information of the session identification, accessing in the Redis server Access side's interface executes the operation requests.
9. single-sign-on device as claimed in claim 8, which is characterized in that the single-sign-on device, further includes:
Time setup module, for the time-out time of user information described in the Redis server to be arranged;
Information deletion module, for deleting institute when the holding time for detecting the user information reaching the time-out time State the user information in Redis server;
Login prompt module, if for the corresponding user information of the session identification to be not present in the Redis server, it is defeated Prompt information out, to prompt user to log in again.
10. the single-sign-on device as described in claim 6 to 9 any one, which is characterized in that the Account Logon module, packet It includes:
Information Authentication unit obtains the corresponding user's letter of the logging request if being logging request for the operation requests Breath, and verify the user information;
Output unit is prompted, if not passing through for user information verifying, exports prompt information, to prompt user's input new User information;
Account Logon unit logs in the corresponding account of the user information if being verified for the user information.
11. a kind of single sign-on equipment, which is characterized in that the single sign-on equipment includes: memory, processor and is stored in On the memory and the corresponding computer program of single-sign-on that can run on the processor, the single-sign-on are corresponding Computer program the step of the single-point logging method as described in any one of claims 1 to 5 is realized when being executed by the processor Suddenly.
12. a kind of computer readable storage medium, which is characterized in that be stored with single-point on the computer readable storage medium and step on Record corresponding computer program, the single-sign-on corresponding computer program realizes such as claim 1 when being executed by processor The step of to single-point logging method described in any one of 5.
CN201910742748.1A 2019-08-09 2019-08-09 Single sign-on method, device, equipment and computer readable storage medium Active CN110430205B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201910742748.1A CN110430205B (en) 2019-08-09 2019-08-09 Single sign-on method, device, equipment and computer readable storage medium
PCT/CN2020/106349 WO2021027600A1 (en) 2019-08-09 2020-07-31 Single log-in method, apparatus and device, and computer-readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910742748.1A CN110430205B (en) 2019-08-09 2019-08-09 Single sign-on method, device, equipment and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN110430205A true CN110430205A (en) 2019-11-08
CN110430205B CN110430205B (en) 2023-04-18

Family

ID=68415762

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910742748.1A Active CN110430205B (en) 2019-08-09 2019-08-09 Single sign-on method, device, equipment and computer readable storage medium

Country Status (2)

Country Link
CN (1) CN110430205B (en)
WO (1) WO2021027600A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111581631A (en) * 2020-05-12 2020-08-25 西安腾营信息科技有限公司 Single sign-on method based on redis
CN111859068A (en) * 2020-07-02 2020-10-30 中移(杭州)信息技术有限公司 Message tracking method, device, server and storage medium
CN111949308A (en) * 2020-08-07 2020-11-17 北京字节跳动网络技术有限公司 Software package publishing method and device
CN111970333A (en) * 2020-07-29 2020-11-20 深圳市钱海网络技术有限公司 Method and device for realizing coexistence of two sessions based on same client
WO2021027600A1 (en) * 2019-08-09 2021-02-18 深圳前海微众银行股份有限公司 Single log-in method, apparatus and device, and computer-readable storage medium
CN113194079A (en) * 2021-04-23 2021-07-30 平安科技(深圳)有限公司 Login verification method, device, equipment and storage medium

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115866016B (en) * 2022-11-16 2023-10-17 浪潮智慧科技有限公司 Global exit method, equipment and medium
CN116150037B (en) * 2023-04-19 2023-07-21 云账户技术(天津)有限公司 Method and device for managing user login state in use case

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016169410A1 (en) * 2015-04-21 2016-10-27 腾讯科技(深圳)有限公司 Login method and device, server and login system
CN107070880A (en) * 2017-02-16 2017-08-18 济南浪潮高新科技投资发展有限公司 A kind of method and system of single-sign-on, a kind of authentication center's server
CN107483418A (en) * 2017-07-27 2017-12-15 阿里巴巴集团控股有限公司 Login process method, method for processing business, device and server
WO2018036314A1 (en) * 2016-08-22 2018-03-01 中兴通讯股份有限公司 Single-sign-on authentication method and apparatus, and storage medium
CN108600203A (en) * 2018-04-11 2018-09-28 四川长虹电器股份有限公司 Secure Single Sign-on method based on Cookie and its unified certification service system
CN108683651A (en) * 2018-05-04 2018-10-19 山东汇贸电子口岸有限公司 A kind of single-point logging method, server-side and system
CN109246076A (en) * 2018-08-01 2019-01-18 北京奇虎科技有限公司 A kind of method and apparatus of single-sign-on multisystem
CN109936579A (en) * 2019-03-21 2019-06-25 广东瑞恩科技有限公司 Single-point logging method, device, equipment and computer readable storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10645173B2 (en) * 2017-10-30 2020-05-05 International Business Machines Corporation Session handling for multi-user multi-tenant web applications
CN108737541A (en) * 2018-05-18 2018-11-02 成都九洲迪飞科技有限责任公司 A kind of WEB conversation management systems and management method
CN110430205B (en) * 2019-08-09 2023-04-18 深圳前海微众银行股份有限公司 Single sign-on method, device, equipment and computer readable storage medium

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016169410A1 (en) * 2015-04-21 2016-10-27 腾讯科技(深圳)有限公司 Login method and device, server and login system
US20170195311A1 (en) * 2015-04-21 2017-07-06 Tencent Technology (Shenzhen) Company Limited Login method, server, and login system
WO2018036314A1 (en) * 2016-08-22 2018-03-01 中兴通讯股份有限公司 Single-sign-on authentication method and apparatus, and storage medium
CN107070880A (en) * 2017-02-16 2017-08-18 济南浪潮高新科技投资发展有限公司 A kind of method and system of single-sign-on, a kind of authentication center's server
CN107483418A (en) * 2017-07-27 2017-12-15 阿里巴巴集团控股有限公司 Login process method, method for processing business, device and server
CN108600203A (en) * 2018-04-11 2018-09-28 四川长虹电器股份有限公司 Secure Single Sign-on method based on Cookie and its unified certification service system
CN108683651A (en) * 2018-05-04 2018-10-19 山东汇贸电子口岸有限公司 A kind of single-point logging method, server-side and system
CN109246076A (en) * 2018-08-01 2019-01-18 北京奇虎科技有限公司 A kind of method and apparatus of single-sign-on multisystem
CN109936579A (en) * 2019-03-21 2019-06-25 广东瑞恩科技有限公司 Single-point logging method, device, equipment and computer readable storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
杨义先 等编著: "《应用密码学 第2版》", 30 June 2013, 北京邮电大学出版社 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021027600A1 (en) * 2019-08-09 2021-02-18 深圳前海微众银行股份有限公司 Single log-in method, apparatus and device, and computer-readable storage medium
CN111581631A (en) * 2020-05-12 2020-08-25 西安腾营信息科技有限公司 Single sign-on method based on redis
CN111581631B (en) * 2020-05-12 2023-03-10 西安腾营信息科技有限公司 Single sign-on method based on redis
CN111859068A (en) * 2020-07-02 2020-10-30 中移(杭州)信息技术有限公司 Message tracking method, device, server and storage medium
CN111970333A (en) * 2020-07-29 2020-11-20 深圳市钱海网络技术有限公司 Method and device for realizing coexistence of two sessions based on same client
CN111949308A (en) * 2020-08-07 2020-11-17 北京字节跳动网络技术有限公司 Software package publishing method and device
CN113194079A (en) * 2021-04-23 2021-07-30 平安科技(深圳)有限公司 Login verification method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN110430205B (en) 2023-04-18
WO2021027600A1 (en) 2021-02-18

Similar Documents

Publication Publication Date Title
CN110430205A (en) Single-point logging method, device, equipment and computer readable storage medium
US10515638B1 (en) System, method, and computer-readable medium that facilitate voice biometrics user authentication
US7555552B2 (en) Method and apparatus for policy management in a network device
US8738741B2 (en) Brokering network resources
CN108108973A (en) Business risk control method and device
US20170041432A1 (en) Router-host logging
CN110287660A (en) Access right control method, device, equipment and storage medium
CN110401655A (en) Access control right management system based on user and role
CN110213223A (en) Business management method, device, system, computer equipment and storage medium
US10803154B2 (en) Multicomputer system for user data authentication and processing
CN109246076A (en) A kind of method and apparatus of single-sign-on multisystem
US8612541B2 (en) Method and apparatus for multi-tenant policy management in a network device
US9363663B2 (en) Method and apparatus for providing cellphone service from any device
CN105022939B (en) Information Authentication method and device
CN106254528A (en) A kind of resource downloading method and buffer memory device
US8239921B2 (en) System and method of retrieving a service contact identifier
CN109688096A (en) Recognition methods, device, equipment and the computer readable storage medium of IP address
US20040220996A1 (en) Multi-platform computer network and method of simplifying access to the multi-platform computer network
CN113194099A (en) Data proxy method and proxy server
CN110309635A (en) Management method, device, equipment and the computer storage medium of data quality model
CN106603567A (en) WEB administrator login management method and device
CN113727288B (en) Silence customer service robot based on 5G message
CN109861982A (en) A kind of implementation method and device of authentication
CN109995889A (en) Update method, device, gateway and the storage medium of mapping table
CN110336840A (en) Third party's account register method and system for voice dialogue platform

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant