CN111143814A - Single sign-on method, micro-service access platform and storage medium - Google Patents
Single sign-on method, micro-service access platform and storage medium Download PDFInfo
- Publication number
- CN111143814A CN111143814A CN201911397761.4A CN201911397761A CN111143814A CN 111143814 A CN111143814 A CN 111143814A CN 201911397761 A CN201911397761 A CN 201911397761A CN 111143814 A CN111143814 A CN 111143814A
- Authority
- CN
- China
- Prior art keywords
- information
- service
- user
- single sign
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/41—User authentication where a single sign-on provides access to a plurality of computers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention provides a single sign-on method, a micro-service access platform and a storage medium, wherein the method comprises the following steps: when a service end receives a service request initiated by a target user aiming at a target service, token information for representing the identity of the target user is obtained, and the token information is sent to a single sign-on end; the single sign-on terminal determines identity information and authority information of a target and a user based on the token information and feeds back the identity information and the authority information to the server terminal; and when the identity information is the logged-in user, the server generates a response result of the service request based on the authority information. According to the scheme, when the user requests for the service, the server side verifies the user identity to the single sign-on side, when the user identity is the logged-on user, communication with the user can be established, the user does not need to log in for the service, namely, various services on the micro service platform can be called only by logging in once, the login operation of the user is greatly simplified, and the user experience is improved.
Description
Technical Field
The invention relates to the technical field of welding, in particular to a single sign-on method, a micro-service access platform and a storage medium.
Background
With the continuous progress of scientific technology, functions of a large-scale system or a platform are more and more perfect, services capable of being provided are more and more, for the large-scale system, each service in the system corresponds to respective login information such as a user name and a password, when a user uses the service, the user needs to input login information corresponding to the service, and the service can be normally used after the login is successful. When the user switches the service, the user needs to log in again and needs to record a large amount of login information, so that the service using process is complex, and the user experience is poor.
Disclosure of Invention
The embodiment of the specification provides a single sign-on method, a micro-service access platform and a storage medium.
In a first aspect, the present invention provides a single sign-on method, applied to a micro service access platform, where the micro service access platform includes a server and a single sign-on terminal, and the server is deployed with multiple services, and the method includes:
when the server receives a service request initiated by a target user for a target service, token information used for representing the identity of the target user is obtained, and the token information is sent to the single sign-on terminal;
the single sign-on end determines the identity information of the target user and the authority information of the target user aiming at the target service based on the token information and sends the identity information and the authority information to the server end;
and when the identity information is the logged-in user, the server generates a response result of the service request based on the authority information.
Optionally, the determining, by the single sign-on end, the identity information of the target user and the authority information of the target user for the target service based on the token information includes:
the single sign-on terminal determines the identity information of the target user based on the token information and sends the identity information to the server terminal;
when the identity information is the logged-in user, the server side determines the identification information of the target service based on the service request and sends the identification information to the single sign-on side;
and the single sign-on terminal determines the authority information of the target user for the target service based on the identification information and the token information.
Optionally, after the single sign-on end determines the identity information of the target user based on the token information, the method further includes:
when the identity information is a user who does not log in, the single sign-on terminal sends a single sign-on interface used for user login to the target user, so that the target user executes login operation based on the single sign-on interface;
and when the target user successfully logs in, the single sign-on terminal generates the token information corresponding to the target user and sends the token information to the target user.
Optionally, the micro service access platform further comprises a service front end, and the method further comprises:
when the service front end receives a static resource acquisition request initiated by a target user, sending a target static resource to the target user, wherein the target static resource comprises a resource corresponding to the target service, and the target user initiates the service request by operating the resource corresponding to the target service.
Optionally, the server generates a response result of the service request based on the authority information, including:
and the server determines service data corresponding to the service request and a target display mode of the service data based on the authority information, and takes the service data and the target display mode as the response result so as to display the service data on the terminal equipment of the target user in the target display mode.
In a second aspect, embodiments of the present specification provide a micro service access platform, including:
the system comprises a server and a single sign-on end, wherein the server is provided with a plurality of services;
the server is used for acquiring token information for representing the identity of a target user when receiving a service request initiated by the target user aiming at a target service, and sending the token information to the single sign-on terminal;
the single sign-on terminal is used for determining the identity information of the target user and the authority information of the target user for the target service based on the token information and sending the identity information and the authority information to the server terminal;
and the server is further used for generating a response result of the service request based on the authority information when the identity information is the logged-in user.
Optionally, the single sign-on terminal is configured to determine, based on the token information, identity information of the target user, and send the identity information to the server terminal;
the server is used for determining the identification information of the target service based on the service request when the identity information is the logged-in user and sending the identification information to the single sign-on terminal;
and the single sign-on terminal is used for determining the authority information of the target user for the target service based on the identification information and the token information.
Optionally, the single sign-on terminal is configured to send a single sign-on interface for user login to the target user when the identity information is an unregistered user, so that the target user performs a login operation based on the single sign-on interface;
and the single sign-on end is further used for generating the token information corresponding to the target user when the target user successfully logs in, and sending the token information to the target user.
Optionally, the micro service access platform further comprises a service front end, and the service front end is configured to:
when a static resource acquisition request initiated by a target user is received, sending a target static resource to the target user, wherein the target static resource comprises a resource corresponding to the target service, and the target user initiates the service request by operating the resource corresponding to the target service.
Optionally, the server is configured to:
and determining service data corresponding to the service request and a target display mode of the service data based on the authority information, and using the service data and the target display mode as the response result so as to display the service data on the terminal equipment of the target user in the target display mode.
In a third aspect, embodiments of the present specification provide a microservice access platform, comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor performs the steps of any one of the methods described above.
In a fourth aspect, the present specification provides a computer readable storage medium, on which a computer program is stored, which when executed by a processor implements the steps of any of the above methods.
The beneficial effects of the embodiment of the specification are as follows:
the technical scheme of the embodiment of the invention is applied to a micro-service access platform, the micro-service access platform comprises a server and a single sign-on terminal, the server is provided with a plurality of services, when the server receives a service request initiated by a target user aiming at the target service, token information for representing the identity of the target user is obtained, and the token information is sent to the single sign-on terminal; the single sign-on terminal determines identity information and authority information of a target and a user based on the token information and feeds back the identity information and the authority information to the server terminal; and when the identity information is the logged-in user, the server generates a response result of the service request based on the authority information. According to the scheme, when the user requests for the service, the server side verifies the user identity to the single sign-on side, when the user identity is the logged-on user, communication with the user can be established, the user does not need to log in for the service, namely, various services on the micro service platform can be called only by logging in once, the login operation of the user is greatly simplified, and the user experience is improved.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the specification. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 is a flowchart of a single sign-on method provided in a first aspect of an embodiment of the present disclosure;
fig. 2 is a schematic diagram of a microservice access platform provided in an embodiment of the present specification;
fig. 3 is a schematic processing flow diagram of a single sign-on according to an embodiment of the present disclosure;
fig. 4 is a schematic diagram of a microservice access platform provided in a second aspect of an embodiment of the present specification.
Detailed Description
The embodiment of the invention provides a single sign-on method, a micro-service access platform and a storage medium, which can call various services on the micro-service platform only by logging in once and simplify the login operation of a user. The micro-service access platform comprises a server and a single sign-on end, wherein the server is deployed with a plurality of services, and the method comprises the following steps: when the server receives a service request initiated by a target user for a target service, token information used for representing the identity of the target user is obtained, and the token information is sent to the single sign-on terminal; the single sign-on end determines the identity information of the target user and the authority information of the target user aiming at the target service based on the token information and sends the identity information and the authority information to the server end; and when the identity information is the logged-in user, the server generates a response result of the service request based on the authority information.
The technical solutions of the present invention are described in detail below with reference to the drawings and specific embodiments, and it should be understood that the specific features in the embodiments and examples of the present invention are described in detail in the technical solutions of the present application, and are not limited to the technical solutions of the present application, and the technical features in the embodiments and examples of the present application may be combined with each other without conflict.
The term "and/or" herein is merely an association describing an associated object, meaning that three relationships may exist, e.g., a and/or B, may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
In a first aspect, the present invention provides a single sign-on method, as shown in fig. 1, which is a flowchart of a single sign-on method provided in an embodiment of this specification, where the single sign-on method is applied to a micro service access platform, the micro service access platform includes a service end and a single sign-on end, the service end is deployed with multiple services, and the method includes the following steps:
step S11: when the server receives a service request initiated by a target user for a target service, token information used for representing the identity of the target user is obtained, and the token information is sent to the single sign-on terminal;
step S12: the single sign-on end determines the identity information of the target user and the authority information of the target user aiming at the target service based on the token information and sends the identity information and the authority information to the server end;
step S13: and when the identity information is the logged-in user, the server generates a response result of the service request based on the authority information.
In the embodiment of the present specification, the platform may be a platform established based on a microservice architecture, as shown in fig. 2, and includes a server and a single sign-on terminal. The service end is provided with a plurality of services, and the services can be services provided by a platform official or third-party micro services accessed to the platform.
In order to facilitate uniform management of multiple services, the micro-service access platform in the embodiment of the present description may provide a standardized interface and a standardized message format, so that third-party micro-services of each access platform have the same interface standard and the same message format on the platform side. Through the platform, the third-party micro service can use related data and functions of the platform within the authority range, and meanwhile, data exchange and functions can be performed between the third-party micro service and the third-party micro service, so that information service interaction between the third-party micro service and information service interaction between the third-party micro service and the platform are realized.
The single sign-on end user manages the sign-on information and the authority information of the user and authenticates the identity and the authority of the user. Specifically, the single sign-on end may store a login information list of all users of the micro service access platform, and store an authority information list of each user for each service. It should be understood that the services of the micro-service access platform share a single sign-on terminal, that is, the sign-on information and the authority information of each service are uniformly managed by the single sign-on terminal.
In step S11, the target user may be any user using the micro service access platform, the target service may be any service provided by the micro service access platform, and taking the micro service access platform as a transaction processing platform as an example, the target service may be a personnel information query service, a financial information query service, or the like. When a target user initiates a service request for a target service, a server may obtain token information of the target user, where the token information may be carried in the service request, and the server may extract the token information from the service request, or the token information may be sent to the server together with the service request, which is not limited herein. In order to confirm whether the target user is a login user, the server needs to send token information to the single sign-on end, so that the single sign-on end verifies the token information.
In the embodiment of the description, the token information of the target user is shared by all the services in the micro-service access platform, and whether the target user logs in is determined by checking the token information by the single sign-on terminal, so that the single sign-on of the target user can be realized without logging in once for each service.
In the specific implementation process, the token information is distributed by the single sign-on terminal, that is, the target user logs in through a unified login interface provided by the single sign-on terminal. For example, a target user inputs a user name and a password through a unified login interface displayed by the terminal device, and the single sign-on terminal performs authentication according to the stored user login information list. If the user login information list contains the user name and the password input by the target user, login is successful, token information is generated, the token information is stored and sent to the target user, and the token information is carried in the request initiated by the target user later.
Further, in step S12, after receiving the token information sent by the server, the single sign-on terminal verifies the validity of the token information, and if the token information is valid, it indicates that the identity information of the target user is the logged-in user. Specifically, the single sign-on terminal may store the generated token information, and may further set a validity period for the token information, and if the single sign-on terminal determines that the token information of the target user is included in the stored token information and is within the validity period, it determines that the token information is valid, otherwise, it determines that the token information is invalid. And when the token information is invalid, indicating that the identity information of the target user is the unregistered user. And then, the single sign-on end sends the determined identity information to the server end.
In addition, in this embodiment of the present specification, a service in the micro service access platform sets a user right for a user, and for the staff information query service, the grades of each user are different, and the staff information that can be queried by the user is also different, for example, a user with a high grade may query all the staff information, and a user with a low grade may query only part of the staff information. Thus, for a target service, if the service request initiated by the target user is for data that exceeds its own rights, this is not allowed. In order to avoid the situation that the data requested by the user is not matched with the user authority, in the embodiment of the present specification, the single sign-on terminal may also query the authority information of the target user.
In a specific implementation process, the single sign-on terminal may store an authority information base of each user for each service, and may determine, through the received token information, a target user corresponding to the token information, and determine, through searching in the authority information base, authority information of each service corresponding to the target user. The single sign-on terminal can send all the queried authority information related to the target user to the server terminal, and can also determine the authority information of the target service in all the authority information related to the target user and send the authority information to the server terminal.
In this embodiment, step S12 may be implemented as follows: the single sign-on terminal determines the identity information of the target user based on the token information and sends the identity information to the server terminal; when the identity information is the logged-in user, the server side determines the identification information of the target service based on the service request and sends the identification information to the single sign-on side; and the single sign-on terminal determines the authority information of the target user for the target service based on the identification information and the token information.
In the above manner, the identity authentication and the authority authentication of the target user are realized by two steps, firstly, the server side sends the token information of the target user to the single sign-on side, and the single sign-on side verifies the identity of the target user and feeds back the identity information. When the identity information of the logged-in user is received by the server, the server does not immediately respond to the service request, but further sends the identification information of the target service to the single sign-on terminal. The single sign-on terminal can firstly determine the authority information of each service corresponding to the target user according to the token information, search the authority information of the target service in the determined authority information according to the identification information, and feed the authority information back to the service terminal.
Further, in step S13, when the identity information received by the server is the logged-in user, the server responds to the service request according to the authority information of the target user. Specifically, when the data requested by the service request is within the authority range of the target user, the data of the service request is fed back to the target user as a response result. When the data requested by the service request exceeds the authority range of the target user, prompt information for prompting the target user to request the exceeding of the authority can be generated as a response result, and partial data meeting the authority of the target user in the request data can be fed back to the target user as the response result. For example, the target user requests to query the financial data of the company in 2019, but the authority information of the target user is only the financial data in the first quarter of the year 2019, the financial data in the first quarter is fed back to the target user, and the target user can be reminded that the rest data is not authorized to be viewed.
In addition, when the identity information is an unregistered user, the method provided by the embodiment of the present specification further includes: when the identity information is a user who does not log in, the single sign-on terminal sends a single sign-on interface used for user login to the target user, so that the target user executes login operation based on the single sign-on interface; and when the target user successfully logs in, the single sign-on terminal generates the token information corresponding to the target user and sends the token information to the target user.
When the single sign-on fails to verify the token information of the target user, the target user is indicated to be an unregistered user or a user overtime to log in, and at the moment, the target user needs to re-log in because the target user calls the target service. Specifically, the single sign-on terminal can send a single sign-on interface, that is, a unified sign-on interface of the platform, to a target user, the single sign-on interface can be displayed on a terminal device of the target user, the target user can log in again by filling in a user name and a password and clicking to log in, the terminal device of the user can send the user name and the password of the target user to the single sign-on terminal, the single sign-on terminal determines whether the user name and the password of the target user are correct or not through stored user sign-on information, if so, the target user sign-on is successful, token information is regenerated and distributed to the target user, and meanwhile, the display interface of the user terminal jumps to an interface of a target service.
In addition, when the server receives a service request of a target user, if the token information of the target user is not extracted, it indicates that the single sign-on terminal does not distribute the token information to the target user, that is, the target user is not logged in, at this time, the single sign-on terminal may send a single sign-on interface to the terminal device of the target user, so that the target user performs a login operation.
In an embodiment of this specification, in order to keep an interface style of each service in a micro service access platform uniform, the server generates a response result of the service request based on the authority information, including: and the server determines service data corresponding to the service request and a target display mode of the service data based on the authority information, and takes the service data and the target display mode as the response result so as to display the service data on the terminal equipment of the target user in the target display mode.
In a specific implementation process, the request types corresponding to different service requests are also different, for example, when the service request is a query staff information request, the request type is a web page viewing type, at this time, the queried service data needs to be displayed on a web page, when the service request is a download staff information request, the request type is a download type, and the service data may be a packed compressed file. The display modes of the service data are different according to different request types, and taking the data presented by the webpage as an example, the corresponding display mode can be a preset webpage display mode, wherein color matching, functional area division, character formats and the like of the webpage are preset, and the service data only need to be correspondingly filled; for another example, when the service request is a request for downloading data, the corresponding display mode may be a preset downloading interface, and the text position, the progress bar setting, and the like in the downloading interface are also preset. Therefore, the service data of each service is displayed through a uniform preset display mode, the unification of interfaces can be ensured, and the user experience is improved.
As shown in fig. 2, the micro service access platform in this embodiment of the present disclosure further includes a service front end, and the method further includes: when the service front end receives a static resource acquisition request initiated by a target user, sending a target static resource to the target user, wherein the target static resource comprises a resource corresponding to the target service, and the target user initiates the service request by operating the resource corresponding to the target service.
Specifically, the service front-end is a system accessing single sign-on, for example, the service front-end may be a financial system, a personnel system, or the like, and the user may access a website page provided by the service front-end through the terminal device, for example, through a browser on the terminal device. That is, the target user may request the static resource from the service front end through the terminal device, for example, request to acquire the platform service navigation interface, and the service front end responds to the request of the terminal device and sends the corresponding data of the corresponding platform service navigation interface to the terminal device. The user may initiate a service request by clicking on a service option in the service navigation interface.
For better understanding of the single sign-on method provided in the embodiment of the present specification, please refer to fig. 3, which is a schematic processing flow diagram of the single sign-on method provided in the embodiment of the present specification, and in fig. 3, a terminal browser, a service front end, a service end, and a single sign-on end of a user are involved. In the processing flow, a user wants to serve a front end to request static resources through a terminal browser, the front end responds to the request, and the terminal downloads the requested static resources; a user terminal requests service from a server side in a cross-domain mode, the server side obtains token information of a user and obtains user identity and user authority from a single sign-on side; the single sign-on terminal generates identity information of the user and authority information of the user based on the token information and sends the identity information and the authority information to the server terminal; the server side responds to cross-domain calling when the identity information is the logged-in user and the service request meets the authority information of the user; when the identity information is the unregistered user, jumping to the single sign-on interface to enable the user to execute the sign-on operation; after the single sign-on is finished, a webpage jump instruction (302 instruction) is sent to instruct a browser to jump to a service interface requested by a user; the terminal browser executes 302 the instructions.
To sum up, according to the scheme in the embodiment of the present specification, when a user makes a service request, the server verifies the user identity from the single sign-on terminal, and when the user identity is a logged-on user, communication with the user can be established, and the user does not need to log in for the service, that is, various services on the micro service platform can be invoked only by logging in once, so that the login operation of the user is greatly simplified, and the user experience is improved.
In a second aspect, embodiments of the present specification provide a microservice access platform, as shown in fig. 4, including:
a server 41 and a single sign-on terminal 42, wherein the server 41 is deployed with a plurality of services;
the server 41 is configured to, when receiving a service request initiated by a target user for a target service, obtain token information for representing an identity of the target user, and send the token information to the single sign-on terminal 42;
the single sign-on terminal 42 is configured to determine, based on the token information, identity information of the target user and authority information of the target user for the target service, and send the identity information and the authority information to the server 41;
the server 41 is further configured to generate a response result of the service request based on the authority information when the identity information is the logged-in user.
Optionally, the single sign-on end 42 is configured to determine, based on the token information, identity information of the target user, and send the identity information to the server 41;
the server 41 is configured to determine, based on the service request, identification information of the target service when the identity information is a logged-in user, and send the identification information to the single sign-on server 42;
and the single sign-on terminal 42 is configured to determine, based on the identification information and the token information, authority information of the target user for the target service.
Optionally, the single sign-on terminal 42 is configured to send a single sign-on interface for user login to the target user when the identity information is an unregistered user, so that the target user performs a login operation based on the single sign-on interface;
the single sign-on terminal 42 is further configured to generate the token information corresponding to the target user when the target user successfully logs in, and send the token information to the target user.
Optionally, the micro service access platform further comprises a service front end 43, the service front end 43 is configured to:
when a static resource acquisition request initiated by a target user is received, sending a target static resource to the target user, wherein the target static resource comprises a resource corresponding to the target service, and the target user initiates the service request by operating the resource corresponding to the target service.
Optionally, the server 41 is configured to:
and determining service data corresponding to the service request and a target display mode of the service data based on the authority information, and using the service data and the target display mode as the response result so as to display the service data on the terminal equipment of the target user in the target display mode.
With regard to the above system, the specific functions of the respective modules have been described in detail in the embodiment of the single sign-on method provided in the embodiment of the present specification, and will not be elaborated herein.
In a third aspect, based on the same inventive concept as the single sign-on method in the foregoing embodiment, the present invention further provides a micro service access platform, where the apparatus includes: the single sign-on system comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor executes the computer program to realize the steps of the single sign-on method provided by the embodiment of the invention.
In a fourth aspect, based on the same inventive concept as the single sign-on method in the previous embodiments, the present invention further provides a computer readable storage medium, on which a computer program is stored, which when executed by a processor, implements the steps of any of the methods based on the single sign-on method described above.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (10)
1. A single sign-on method is applied to a micro-service access platform, and is characterized in that the micro-service access platform comprises a server and a single sign-on end, the server is deployed with a plurality of services, and the method comprises the following steps:
when the server receives a service request initiated by a target user for a target service, token information used for representing the identity of the target user is obtained, and the token information is sent to the single sign-on terminal;
the single sign-on end determines the identity information of the target user and the authority information of the target user aiming at the target service based on the token information and sends the identity information and the authority information to the server end;
and when the identity information is the logged-in user, the server generates a response result of the service request based on the authority information.
2. The method of claim 1, wherein the single sign-on terminal determines identity information of the target user and authority information of the target user for the target service based on the token information, comprising:
the single sign-on terminal determines the identity information of the target user based on the token information and sends the identity information to the server terminal;
when the identity information is the logged-in user, the server side determines the identification information of the target service based on the service request and sends the identification information to the single sign-on side;
and the single sign-on terminal determines the authority information of the target user for the target service based on the identification information and the token information.
3. The method of claim 1, wherein after the single sign-on determines the identity information of the target user based on the token information, the method further comprises:
when the identity information is a user who does not log in, the single sign-on terminal sends a single sign-on interface used for user login to the target user, so that the target user executes login operation based on the single sign-on interface;
and when the target user successfully logs in, the single sign-on terminal generates the token information corresponding to the target user and sends the token information to the target user.
4. The method of claim 1, wherein the microservice access platform further comprises a service front end, the method further comprising:
when the service front end receives a static resource acquisition request initiated by a target user, sending a target static resource to the target user, wherein the target static resource comprises a resource corresponding to the target service, and the target user initiates the service request by operating the resource corresponding to the target service.
5. The method of claim 1, wherein the server generates a response result of the service request based on the permission information, and wherein the response result comprises:
and the server determines service data corresponding to the service request and a target display mode of the service data based on the authority information, and takes the service data and the target display mode as the response result so as to display the service data on the terminal equipment of the target user in the target display mode.
6. A microservice access platform, comprising:
the system comprises a server and a single sign-on end, wherein the server is provided with a plurality of services;
the server is used for acquiring token information for representing the identity of a target user when receiving a service request initiated by the target user aiming at a target service, and sending the token information to the single sign-on terminal;
the single sign-on terminal is used for determining the identity information of the target user and the authority information of the target user for the target service based on the token information and sending the identity information and the authority information to the server terminal;
and the server is further used for generating a response result of the service request based on the authority information when the identity information is the logged-in user.
7. The platform of claim 6, wherein the single sign-on end is configured to determine identity information of the target user based on the token information and send the identity information to the server end;
the server is used for determining the identification information of the target service based on the service request when the identity information is the logged-in user and sending the identification information to the single sign-on terminal;
and the single sign-on terminal is used for determining the authority information of the target user for the target service based on the identification information and the token information.
8. The platform of claim 6, wherein the single sign-on terminal is configured to send a single sign-on interface for user login to the target user when the identity information is an unregistered user, so that the target user performs a login operation based on the single sign-on interface;
and the single sign-on end is further used for generating the token information corresponding to the target user when the target user successfully logs in, and sending the token information to the target user.
9. A microservice access platform comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the method of any of claims 1 to 5 when executing the program.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911397761.4A CN111143814B (en) | 2019-12-30 | 2019-12-30 | Single sign-on method, micro-service access platform and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911397761.4A CN111143814B (en) | 2019-12-30 | 2019-12-30 | Single sign-on method, micro-service access platform and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111143814A true CN111143814A (en) | 2020-05-12 |
| CN111143814B CN111143814B (en) | 2022-06-21 |
Family
ID=70522018
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911397761.4A Active CN111143814B (en) | 2019-12-30 | 2019-12-30 | Single sign-on method, micro-service access platform and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111143814B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111447245A (en) * | 2020-05-27 | 2020-07-24 | 杭州海康威视数字技术股份有限公司 | Authentication method, authentication device, electronic equipment and server |
| CN111832000A (en) * | 2020-07-17 | 2020-10-27 | 深信服科技股份有限公司 | Single sign-on method, system, equipment and computer readable storage medium |
| CN112487390A (en) * | 2020-11-27 | 2021-03-12 | 网宿科技股份有限公司 | Micro-service switching method and system |
| CN112671841A (en) * | 2020-12-10 | 2021-04-16 | 清研灵智信息咨询(北京)有限公司 | Data security management method and system based on micro-service technology architecture |
| CN113472796A (en) * | 2021-07-06 | 2021-10-01 | 山东电力工程咨询院有限公司 | Data center portal management method and system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101277193A (en) * | 2008-05-05 | 2008-10-01 | 北京航空航天大学 | One-point entry and access system based on authentication service acting information facing to service architecture |
| US8108920B2 (en) * | 2003-05-12 | 2012-01-31 | Microsoft Corporation | Passive client single sign-on for web applications |
| CN109743163A (en) * | 2019-01-03 | 2019-05-10 | 优信拍(北京)信息科技有限公司 | Purview certification method, apparatus and system in micro services framework |
-
2019
- 2019-12-30 CN CN201911397761.4A patent/CN111143814B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8108920B2 (en) * | 2003-05-12 | 2012-01-31 | Microsoft Corporation | Passive client single sign-on for web applications |
| CN101277193A (en) * | 2008-05-05 | 2008-10-01 | 北京航空航天大学 | One-point entry and access system based on authentication service acting information facing to service architecture |
| CN109743163A (en) * | 2019-01-03 | 2019-05-10 | 优信拍(北京)信息科技有限公司 | Purview certification method, apparatus and system in micro services framework |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111447245A (en) * | 2020-05-27 | 2020-07-24 | 杭州海康威视数字技术股份有限公司 | Authentication method, authentication device, electronic equipment and server |
| CN111832000A (en) * | 2020-07-17 | 2020-10-27 | 深信服科技股份有限公司 | Single sign-on method, system, equipment and computer readable storage medium |
| CN111832000B (en) * | 2020-07-17 | 2024-05-28 | 深信服科技股份有限公司 | Single sign-on method, system, equipment and computer readable storage medium |
| CN112487390A (en) * | 2020-11-27 | 2021-03-12 | 网宿科技股份有限公司 | Micro-service switching method and system |
| CN112671841A (en) * | 2020-12-10 | 2021-04-16 | 清研灵智信息咨询(北京)有限公司 | Data security management method and system based on micro-service technology architecture |
| CN113472796A (en) * | 2021-07-06 | 2021-10-01 | 山东电力工程咨询院有限公司 | Data center portal management method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111143814B (en) | 2022-06-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111143814B (en) | Single sign-on method, micro-service access platform and storage medium | |
| US11005848B2 (en) | Service processing method, apparatus and server | |
| US10749856B2 (en) | System and method for multi-tenant SSO with dynamic attribute retrieval | |
| US10516659B2 (en) | User information obtaining method and apparatus, and server by an organization to deliver targated data to the user | |
| CN111131242B (en) | Authority control method, device and system | |
| CN111556006B (en) | Third-party application system login method, device, terminal and SSO service platform | |
| US10445392B2 (en) | Official account quick response code generation method and server, official account following method and server, and terminal | |
| CN103220259B (en) | The use of Oauth API, call method, equipment and system | |
| US11720904B2 (en) | Consent management system with device registration process | |
| CN111030812A (en) | Token verification method, device, storage medium and server | |
| EP3413255A1 (en) | Electronic payment service processing method and device, and electronic payment method and device | |
| US20170324719A1 (en) | User authentication framework | |
| CA2988434C (en) | Automatic recharging system, method and server | |
| WO2023071305A1 (en) | Cloud database resource processing method and apparatus, and electronic device and storage medium | |
| CN113079164B (en) | Remote control method and device for bastion machine resources, storage medium and terminal equipment | |
| EP3249882A1 (en) | Data uploading method, device and system | |
| US9769159B2 (en) | Cookie optimization | |
| CN109726545B (en) | Information display method, equipment, computer readable storage medium and device | |
| KR20130077433A (en) | System and method for authority management in the mobile cloud service | |
| WO2015010644A1 (en) | Method, apparatus, and system for achieving privilege separation | |
| CN116578957A (en) | Account operation request response method and device and electronic equipment | |
| CN104065612B (en) | A kind of user management method, device and Union user management system | |
| CN114422231A (en) | Resource management method of multi-cloud management platform and related equipment | |
| CN112350982B (en) | Resource authentication method and device | |
| US10742802B2 (en) | Methods and devices for verifying a communication number |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |