CN110990828A - Aggregation management system and method for multi-information system - Google Patents
Aggregation management system and method for multi-information system Download PDFInfo
- Publication number
- CN110990828A CN110990828A CN201911176185.0A CN201911176185A CN110990828A CN 110990828 A CN110990828 A CN 110990828A CN 201911176185 A CN201911176185 A CN 201911176185A CN 110990828 A CN110990828 A CN 110990828A
- Authority
- CN
- China
- Prior art keywords
- subsystem
- information
- configuration module
- authority
- administrator
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2145—Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Automation & Control Theory (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a system and a method for aggregation management of a multi-information system, wherein the system comprises: the system comprises an administrator configuration module, a role configuration module, a permission configuration module, a subsystem configuration module and a supplier management module, wherein the administrator configuration module is used for managing administrator information of the system; the role configuration module is used for configuring the roles of the subsystems; the authority configuration module is used for configuring administrator authority in the subsystem; the subsystem is configured to configure a subsystem. According to the invention, the subsystems are integrated by using the SDK, and the account number and the system authority of the subsystems are authorized to the aggregation management system, so that the lightweight management of the multi-information system is realized.
Description
Technical Field
The present invention relates to the field of computer information systems, and more particularly, to an aggregation management system and method for multiple information systems.
Background
A large business information system often includes several business subsystems to cooperate together, and the conventional way of the existing unified management background is to integrate the management backgrounds of the subsystems into one large management background, such a processing method has the following disadvantages:
the large management background can be too bulky and system performance can be degraded as functions are increased.
Because all the functions are packed into one system, whether the function modification of one subsystem affects other systems or not needs to be considered, and the development difficulty and risk are greatly increased.
There is a need for a lightweight aggregation management system and method for multiple information systems.
Disclosure of Invention
The invention provides an aggregation management system and method for multiple information systems, aiming at overcoming the defect that the management of the multiple information systems in the prior art cannot realize light weight.
The primary objective of the present invention is to solve the above technical problems, and the technical solution of the present invention is as follows:
the first aspect of the present invention provides an aggregation management system for multiple information systems, including: an administrator configuration module, a role configuration module, a permission configuration module, a subsystem configuration module and a supplier management module,
the administrator configuration module is used for managing administrator information of the system;
the role configuration module is used for configuring the roles of the subsystems;
the authority configuration module is used for configuring administrator authority in the subsystem;
the subsystem is configured to configure a subsystem.
Further, the administrator configuration module includes: an administrator list subunit and an add administrator subunit;
the role configuration unit includes: a role list subunit and an add role subunit;
the permission configuration module comprises: a permission list subunit and an add permission subunit;
the subsystem configuration module comprises a subsystem list subunit and an add subsystem subunit.
The second aspect of the present invention provides an aggregation management method for a multiple information system, the method is applied to an aggregation management system for a multiple information system, and the method comprises the following steps:
s1: deploying an aggregation management system background;
s2: the subsystem to be aggregated authorizes the account number and the system authority of the subsystem to the aggregation management system through SDK integration;
s3: adding subsystem configuration information to be aggregated, a subsystem operator account, and authority and roles required by the subsystem on an aggregation management background respectively;
s4: the aggregation management background allocates subsystem roles to operators, and the same operator has the roles of a plurality of same subsystems or different subsystems;
s5: an operator selects to log in any subsystem, jumps to a login interface of an aggregation management background, inputs a preset account and a preset password for logging in, and the unified management background adds an encrypted character string generated by the input account, the password and the authority information to jump to a URL (uniform resource locator) of the subsystem;
s6: and after receiving the encrypted character string, the subsystem decrypts the encrypted character string to obtain the account number and the authority information.
Further, the SDK includes a method of: verifying the correctness of the encrypted token;
acquiring the user name, role and authority information of an operator from the token;
and the operator authority and the subsystem method execute authority matching judgment.
Further, the encryption token comprises: head, payload, signature;
the header represents the header information and lists the encryption algorithm of the signature verification information;
payload represents effective information, contains information to be transmitted and adopts a reversible encryption algorithm;
signature represents signature verification information; and the signature verification information is obtained by splicing the head information and the existing information after encryption, splicing a preset secret key, and finally encrypting by using an irreversible algorithm of the head information.
Further, the reversible encryption algorithm is a base64 encryption algorithm, and the irreversible algorithm is an SHA256 algorithm.
Compared with the prior art, the technical scheme of the invention has the beneficial effects that:
according to the invention, the subsystems are integrated by using the SDK, and the account number and the system authority of the subsystems are authorized to the aggregation management system, so that the lightweight management of the multi-information system is realized.
Drawings
FIG. 1 is a flow chart of the method of the present invention.
Detailed Description
In order that the above objects, features and advantages of the present invention can be more clearly understood, a more particular description of the invention will be rendered by reference to the appended drawings. It should be noted that the embodiments and features of the embodiments of the present application may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, however, the present invention may be practiced in other ways than those specifically described herein, and therefore the scope of the present invention is not limited by the specific embodiments disclosed below.
Example 1
The first aspect of the present invention provides an aggregation management system for multiple information systems, including: an administrator configuration module, a role configuration module, a permission configuration module, a subsystem configuration module and a supplier management module,
the administrator configuration module is used for managing administrator information of the system;
the role configuration module is used for configuring the roles of the subsystems;
the authority configuration module is used for configuring administrator authority in the subsystem;
the subsystem is configured to configure a subsystem.
Further, the administrator configuration module includes: an administrator list subunit and an add administrator subunit;
the role configuration unit includes: a role list subunit and an add role subunit;
the permission configuration module comprises: a permission list subunit and an add permission subunit;
the subsystem configuration module comprises a subsystem list subunit and an add subsystem subunit.
As shown in fig. 1, a second aspect of the present invention provides an aggregation management method for a multiple information system, the method being applied to an aggregation management system for a multiple information system, and including the steps of:
s1: deploying an aggregation management system background;
s2: the subsystem to be aggregated authorizes the account number and the system authority of the subsystem to the aggregation management system through SDK integration;
more specifically, the SDK includes methods of: verifying the correctness of the encrypted token;
acquiring the user name, role and authority information of an operator from the token;
and the operator authority and the subsystem method execute authority matching judgment.
It should be noted that the subsystem integrates the SDK into its own program code, and calls the methods provided in the SDK when necessary.
S3: adding subsystem configuration information to be aggregated, a subsystem operator account, and authority and roles required by the subsystem on an aggregation management background respectively;
s4: the aggregation management background allocates subsystem roles to operators, and the same operator has the roles of a plurality of same subsystems or different subsystems;
s5: an operator selects to log in any subsystem, jumps to a login interface of an aggregation management background, inputs a preset account and a preset password for logging in, and the unified management background adds an encrypted character string generated by the input account, the password and the authority information to jump to a URL (uniform resource locator) of the subsystem;
s6: and after receiving the encrypted character string, the subsystem decrypts the encrypted character string to obtain the account number and the authority information.
Further, the encryption token comprises: head, payload, signature;
the header represents the header information and lists the encryption algorithm of the signature verification information;
in the invention, a base64 encryption algorithm is adopted as a reversible encryption algorithm, and an SHA256 algorithm is adopted as an irreversible algorithm.
payload represents effective information, contains information to be transmitted and adopts a reversible encryption algorithm;
signature represents signature verification information; and the signature verification information is obtained by splicing the head information and the existing information after encryption, splicing a preset secret key, and finally encrypting by using an irreversible algorithm of the head information.
It should be understood that the above-described embodiments of the present invention are merely examples for clearly illustrating the present invention, and are not intended to limit the embodiments of the present invention. Other variations and modifications will be apparent to persons skilled in the art in light of the above description. And are neither required nor exhaustive of all embodiments. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the claims of the present invention.
Claims (6)
1. An aggregation management system of a multiple information system, comprising: an administrator configuration module, a role configuration module, a permission configuration module, a subsystem configuration module and a supplier management module,
the administrator configuration module is used for managing administrator information of the system;
the role configuration module is used for configuring the roles of the subsystems;
the authority configuration module is used for configuring administrator authority in the subsystem;
the subsystem is configured to configure a subsystem.
2. The system of claim 1, wherein the administrator configuration module comprises: an administrator list subunit and an add administrator subunit;
the role configuration unit includes: a role list subunit and an add role subunit;
the permission configuration module comprises: a permission list subunit and an add permission subunit;
the subsystem configuration module comprises a subsystem list subunit and an add subsystem subunit.
3. An aggregation management method for a multi-information system, the method being applied to an aggregation management system for a multi-information system, comprising the steps of:
s1: deploying an aggregation management system background;
s2: the subsystem to be aggregated authorizes the account number and the system authority of the subsystem to the aggregation management system through SDK integration;
s3: adding subsystem configuration information to be aggregated, a subsystem operator account, and authority and roles required by the subsystem on an aggregation management background respectively;
s4: the aggregation management background allocates subsystem roles to operators, and the same operator has the roles of a plurality of same subsystems or different subsystems;
s5: an operator selects to log in any subsystem, jumps to a login interface of an aggregation management background, inputs a preset account and a preset password for logging in, and the unified management background adds an encrypted character string generated by the input account, the password and the authority information to jump to a URL (uniform resource locator) of the subsystem;
s6: and after receiving the encrypted character string, the subsystem decrypts the encrypted character string to obtain the account number and the authority information.
4. The method of claim 1, wherein the SDK comprises a method of: verifying the correctness of the encrypted token; acquiring the user name, role and authority information of an operator from the token; and the operator authority and the subsystem method execute authority matching judgment.
5. The aggregation management method for multiple information systems according to claim 1,
the encryption token comprises: head, payload, signature;
the header represents the header information and lists the encryption algorithm of the signature verification information;
payload represents effective information, contains information to be transmitted and adopts a reversible encryption algorithm;
signature represents signature verification information; and the signature verification information is obtained by splicing the head information and the existing information after encryption, splicing a preset secret key, and finally encrypting by using an irreversible algorithm of the head information.
6. The aggregation management method for multiple information systems according to claim 5, wherein the reversible encryption algorithm is a base64 encryption algorithm, and the irreversible algorithm is a SHA256 algorithm.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911176185.0A CN110990828A (en) | 2019-11-26 | 2019-11-26 | Aggregation management system and method for multi-information system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911176185.0A CN110990828A (en) | 2019-11-26 | 2019-11-26 | Aggregation management system and method for multi-information system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110990828A true CN110990828A (en) | 2020-04-10 |
Family
ID=70087322
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911176185.0A Pending CN110990828A (en) | 2019-11-26 | 2019-11-26 | Aggregation management system and method for multi-information system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110990828A (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102045171A (en) * | 2010-12-30 | 2011-05-04 | 北京世纪互联工程技术服务有限公司 | Unified authentication system and login method based on same |
CN103617485A (en) * | 2013-11-15 | 2014-03-05 | 中国航空无线电电子研究所 | Uniform authority management and deployment system |
CN106682487A (en) * | 2016-11-04 | 2017-05-17 | 浙江蘑菇加电子商务有限公司 | User authority management method and system |
CN107483437A (en) * | 2017-08-14 | 2017-12-15 | 深圳市华傲数据技术有限公司 | A kind of user's unified login management method and device |
CN109740333A (en) * | 2018-12-28 | 2019-05-10 | 上汽通用五菱汽车股份有限公司 | The right management method of integrated system and subsystem, server and storage medium |
CN110197058A (en) * | 2019-04-15 | 2019-09-03 | 杭州恩牛网络技术有限公司 | Unified internal control method for managing security, system, medium and electronic equipment |
-
2019
- 2019-11-26 CN CN201911176185.0A patent/CN110990828A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102045171A (en) * | 2010-12-30 | 2011-05-04 | 北京世纪互联工程技术服务有限公司 | Unified authentication system and login method based on same |
CN103617485A (en) * | 2013-11-15 | 2014-03-05 | 中国航空无线电电子研究所 | Uniform authority management and deployment system |
CN106682487A (en) * | 2016-11-04 | 2017-05-17 | 浙江蘑菇加电子商务有限公司 | User authority management method and system |
CN107483437A (en) * | 2017-08-14 | 2017-12-15 | 深圳市华傲数据技术有限公司 | A kind of user's unified login management method and device |
CN109740333A (en) * | 2018-12-28 | 2019-05-10 | 上汽通用五菱汽车股份有限公司 | The right management method of integrated system and subsystem, server and storage medium |
CN110197058A (en) * | 2019-04-15 | 2019-09-03 | 杭州恩牛网络技术有限公司 | Unified internal control method for managing security, system, medium and electronic equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10834075B2 (en) | Declarative techniques for transaction-specific authentication | |
US10277591B2 (en) | Protection and verification of user authentication credentials against server compromise | |
CN109643285B (en) | Encrypted user data transmission and storage | |
CN110326252B (en) | Secure provisioning and management of devices | |
KR101590076B1 (en) | Method for managing personal information | |
CN112422532B (en) | Service communication method, system and device and electronic equipment | |
US20200007531A1 (en) | Seamless transition between web and api resource access | |
US8839354B2 (en) | Mobile enterprise server and client device interaction | |
CN111737366B (en) | Private data processing method, device, equipment and storage medium of block chain | |
CN109194673A (en) | Authentication method, system, equipment and storage medium based on authorized user message | |
CN111683071A (en) | Private data processing method, device, equipment and storage medium of block chain | |
US20230139222A1 (en) | Non-custodial tool for building decentralized computer applications | |
EP2755162A2 (en) | Identity controlled data center | |
CN104320389A (en) | Fusion identify protection system and fusion identify protection method based on cloud computing | |
US20110271274A1 (en) | System, method, and computer program product for collaboratively installing a computer application | |
US20120131641A1 (en) | Optimizing interactions between co-located processes | |
US8832779B2 (en) | Generalized identity mediation and propagation | |
KR20210127125A (en) | Systems and methods for secure access to properties or information using blockchain | |
US11979411B2 (en) | Control of access to computing resources implemented in isolated environments | |
US20100030805A1 (en) | Propagating information from a trust chain processing | |
CN108347411B (en) | Unified security guarantee method, firewall system, equipment and storage medium | |
EP3902225A1 (en) | Systems and methods for secure over-the-air updates for cyber-physical systems | |
CN110990828A (en) | Aggregation management system and method for multi-information system | |
CN116601916A (en) | Attribute-based encryption key as keying material for key hash message authentication code user authentication and authorization | |
CN113987475A (en) | Distributed resource management system, distributed resource management method, credential information management system, and medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |