CN111209578A - Application service access method and device - Google Patents

Application service access method and device Download PDF

Info

Publication number
CN111209578A
CN111209578A CN201911423914.8A CN201911423914A CN111209578A CN 111209578 A CN111209578 A CN 111209578A CN 201911423914 A CN201911423914 A CN 201911423914A CN 111209578 A CN111209578 A CN 111209578A
Authority
CN
China
Prior art keywords
identification information
service
user terminal
target service
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911423914.8A
Other languages
Chinese (zh)
Inventor
杨培旭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NetsUnion Clearing Corp
Original Assignee
NetsUnion Clearing Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NetsUnion Clearing Corp filed Critical NetsUnion Clearing Corp
Priority to CN201911423914.8A priority Critical patent/CN111209578A/en
Publication of CN111209578A publication Critical patent/CN111209578A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Technology Law (AREA)
  • Automation & Control Theory (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The application provides an application service access method and device, wherein the method is applied to a service transfer device and comprises the following steps: receiving an application service access request which is sent by a user terminal and comprises user identification information, login state information and target service identification information corresponding to the user terminal; when the login state information indicates that the user terminal is in a logged-in state, sending an authentication request containing user identification information and target service identification information to an authentication device based on an application service access request; receiving an authority verification result corresponding to the authentication request returned by the authentication device; and when the permission verification result indicates that the user terminal is allowed to access the target service corresponding to the target service identification information, the application service access request is transferred to the target service so that the user terminal can access the target service. The unified management of the authority is realized through the authentication device, the user terminal and the target service are separately deployed, and the target service can realize respective application service according to different services.

Description

Application service access method and device
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method and an apparatus for accessing an application service.
Background
Currently, a clearing institution such as an internet clearing institution or a payment institution such as a payment bank can be provided with target services such as providing personal information query, clearing processing, payment processing and the like, and usually, through dedicated access of each data center in different areas, each service of a service system has its own service authority control, and user terminal (page) deployment is controlled in each service system, that is, application service access authority is also controlled in each service system, a front end is deployed in each service system, the service systems are stateful, and a front end user needs to pay attention to the implementation of the front end of the service system.
Disclosure of Invention
The present application is directed to solving, at least to some extent, one of the technical problems in the related art.
Therefore, the application service access method is provided, the application service access request is processed through the application service transfer device, the authority unified management is carried out through the authentication device, the user terminal and the target service are separately deployed, and the target service can realize respective application service according to different services.
The application provides another application service access method.
The application provides a service transfer device.
The application provides an authentication device.
The application provides an application service access system.
The application provides an electronic device.
The present application provides a computer-readable storage medium.
An embodiment of one aspect of the present application provides an application service access method, which is applied to a service transfer device, and includes:
receiving an application service access request sent by a user terminal, wherein the application service access request comprises user identification information, login state information and target service identification information corresponding to the user terminal;
under the condition that the login state information indicates that the user terminal is in a logged-in state, sending an authentication request to an authentication device based on the application service access request, wherein the authentication request comprises the user identification information and the target service identification information;
receiving an authority verification result which is returned by the authentication device and corresponds to the authentication request;
and under the condition that the permission verification result indicates that the user terminal is allowed to access the target service corresponding to the target service identification information, the application service access request is transferred to the target service so as to enable the user terminal to access the target service.
Another embodiment of the present application provides an application service access method, which is applied to an authentication device, and includes:
receiving an authentication request from a service transfer device, wherein the authentication request comprises user identification information and target service identification information corresponding to an application service access request sent by a user terminal;
obtaining authorized service identification information corresponding to the user identification information;
and under the condition that the target service identification information is successfully matched with the authorized service identification information, generating an authority verification result, and returning the authority verification result to the service transfer device, so that the service transfer device transfers an application service access request to a target service according to the authority verification result, and the user terminal accesses the target service.
Another embodiment of the present application provides a service transfer apparatus, including:
the system comprises a first receiving module, a second receiving module and a third receiving module, wherein the first receiving module is used for receiving an application service access request sent by a user terminal, and the application service access request comprises user identification information, login state information and target service identification information corresponding to the user terminal;
a sending module, configured to send an authentication request to an authentication apparatus based on the application service access request when the login state information indicates that the user terminal is in a logged-in state, where the authentication request includes the user identification information and the target service identification information;
the second receiving module is used for receiving the authority verification result which is returned by the authentication device and corresponds to the authentication request;
and the processing module is used for transferring the application service access request to the target service so as to enable the user terminal to access the target service under the condition that the permission verification result indicates that the user terminal is allowed to access the target service corresponding to the target service identification information.
Another embodiment of the present application provides an authentication apparatus, including:
a third receiving module, configured to receive an authentication request from a service transfer apparatus, where the authentication request includes user identification information and target service identification information corresponding to an application service access request sent by a user terminal;
an obtaining module, configured to obtain authorized service identification information corresponding to the user identification information;
and the generation module is used for generating an authority verification result for indicating that the user terminal is allowed to access the target service corresponding to the target service identification information under the condition that the target service identification information is successfully matched with the authorized service identification information, and returning the authority verification result to the service transfer device, so that the service transfer device transfers an application service access request to the target service according to the authority verification result, and the user terminal accesses the target service.
Another embodiment of the present application provides an application service access system, including: the user terminal, the service transfer device, the authentication device and the target service in the embodiments;
the user terminal sends an application service access request to the service transfer device; the application service access request comprises user identification information, login state information and target service identification information corresponding to the user terminal;
under the condition that the login state information indicates that the user terminal is in a logged-in state, the service transfer device sends an authentication request to an authentication device based on the application service access request, wherein the authentication request comprises the user identification information and the target service identification information;
the authentication device acquires authorized service identification information corresponding to the user identification information, generates an authority verification result under the condition that the target service identification information is successfully matched with the authorized service identification information, and returns the authority verification result to the service transfer device;
and the service transfer device transfers the application service access request to the target service according to the permission verification result so as to enable the user terminal to access the target service.
An embodiment of another aspect of the present application provides an electronic device, including: a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the application service access method as described in the previous embodiments when executing the program.
In yet another aspect, the present application provides a computer-readable storage medium, on which a computer program is stored, which when executed by a processor implements the application service access method described in the foregoing method embodiments.
The technical scheme provided by the embodiment of the application can have the following beneficial effects:
receiving an application service access request sent by a user terminal, wherein the application service access request comprises user identification information, login state information and target service identification information corresponding to the user terminal; under the condition that the login state information indicates that the user terminal is in a logged-in state, sending an authentication request to an authentication device based on an application service access request, wherein the authentication request comprises user identification information and target service identification information; receiving an authority verification result corresponding to the authentication request returned by the authentication device; and under the condition that the permission verification result indicates that the user terminal is allowed to access the target service corresponding to the target service identification information, the application service access request is transferred to the target service so that the user terminal can access the target service. The application service access request is processed by the application service transfer device and the authority is uniformly managed by the authentication device, the user terminal and the target service are separately deployed, and the target service can realize respective application service according to different services.
Drawings
The foregoing and/or additional aspects and advantages of the present application will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
fig. 1 is a schematic flowchart of an application service access method according to an embodiment of the present application;
fig. 2 is a schematic flowchart of another application service access method provided in an embodiment of the present application;
fig. 3 is a flowchart illustrating an application service access method according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a service transfer device according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of an authentication apparatus according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of an application service access system according to an embodiment of the present application.
Detailed Description
Reference will now be made in detail to embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are exemplary and intended to be used for explaining the present application and should not be construed as limiting the present application.
An application service access method and apparatus according to an embodiment of the present application are described below with reference to the drawings.
Fig. 1 is a schematic flowchart of an application service access method according to an embodiment of the present application.
The application service access method in the embodiment of the present application is described first at the service transfer device side, and as shown in fig. 1, the method includes the following steps:
step 101, receiving an application service access request sent by a user terminal, where the application service access request includes user identification information, login state information, and target service identification information corresponding to the user terminal.
In practical application, after logging in the application service system through the user terminal, an application service access request can be sent to access a corresponding target service, such as a request for accessing a personal information page, and the application service access request sent by the user terminal in the application needs to be sent to a service transfer device, such as a gateway, for processing.
Further, the service transfer device may receive an application service access request sent by the user terminal, and it is understood that the application service access request includes user identification information corresponding to the user terminal, such as a user phone number, a user terminal identification, login information (a login account, a password), and the like, login status information (including a logged-in status and a logged-out status), and target service identification information. The login state information may be represented by a user token, that is, when a user token corresponding to the user terminal exists and represents that the user terminal is in a logged-in state, the user token corresponding to the user terminal does not exist and represents that the user terminal is in a logged-in state.
Step 103, under the condition that the login state information indicates that the user terminal is in the logged-in state, sending an authentication request to an authentication device based on the application service access request, wherein the authentication request comprises user identification information and target service identification information.
Specifically, in the case where the login state information indicates that the user terminal is in the logged-in state, indicating that no login verification processing is required, an authentication request may be sent to the authentication device based on the application service access request, that is, whether the user terminal has the right to access the target service may be determined by the authentication device.
It can be understood that, based on the user identification information and the target service identification information corresponding to the user terminal, the authentication device may perform the authority verification on the user identification information and the corresponding target service identification information through a preset authentication mode, generate an authority verification result, and return the authority verification result to the service transfer device, and for how to perform the authority verification, reference may be made to the detailed description of the authentication device side on the application service access method of the present application.
And 105, receiving an authority verification result corresponding to the authentication request returned by the authentication device.
And 107, in the case that the permission verification result indicates that the user terminal is allowed to access the target service corresponding to the target service identification information, transferring the application service access request to the target service so as to enable the user terminal to access the target service.
Specifically, the permission check result may be that the user terminal has access to the target service corresponding to the target service identification information, or that the user terminal does not have access to the target service corresponding to the target service identification information, so that after receiving the permission check result corresponding to the authentication request returned by the authentication device, in a case where the permission check result indicates that the user terminal is allowed to access to the target service corresponding to the target service identification information, the permission check result forwards the application service access request to the target service, so that the user terminal accesses to the target service.
For example, the application service access request sent by the user terminal is a request for querying personal information, and the user terminal may access a personal information page to obtain corresponding personal information when the permission verification result indicates that the user terminal is allowed to access a target service corresponding to the target service identification information.
It should be noted that, when the login state information indicates that the user terminal is in the non-login state, a login verification request is sent to the authentication device based on the user identification information, so that the authentication device performs login verification on the user identification information, and login state information is generated according to a login verification result.
Specifically, under the condition that the user terminal is not logged in, login verification is required to be performed before authority verification is performed, and the login verification is also processed through the authentication device, so that a detailed description of the application service access method of the application service can be referred to on the authentication device side for specifically verifying the login verification request, and the detailed description is omitted here, so that unified management of login verification through the authentication device is realized.
It is to be understood that, in the case where the permission check result indicates that the user terminal is not permitted to access the target service corresponding to the target service identification information, i.e., the user does not have permission to access the target service corresponding to the target service identification information, the unauthorized access information is transmitted to the user terminal and displayed on the related interface.
In the application service access method of the embodiment of the application, an application service access request sent by a user terminal is received, wherein the application service access request comprises user identification information, login state information and target service identification information corresponding to the user terminal; under the condition that the login state information indicates that the user terminal is in a logged-in state, sending an authentication request to an authentication device based on an application service access request, wherein the authentication request comprises user identification information and target service identification information; receiving an authority verification result corresponding to the authentication request returned by the authentication device; and under the condition that the permission verification result indicates that the user terminal is allowed to access the target service corresponding to the target service identification information, the application service access request is transferred to the target service so that the user terminal can access the target service. The application service access request is processed by the application service transfer device and the authority is uniformly managed by the authentication device, the user terminal and the target service are separately deployed, and the target service can realize respective application service according to different services.
In order to describe the above embodiments more fully, the present application describes the above method by using an authentication device, and this embodiment provides another application service access method, and fig. 2 is a schematic flow chart of another application service access method provided in this embodiment.
As shown in fig. 2, the method may include:
step 201, receiving an authentication request from the service transfer device, where the authentication request includes user identification information and target service identification information corresponding to an application service access request sent by a user terminal.
Specifically, the service transfer device may receive an application service access request sent by the user terminal, and send an authentication request to the authentication device based on the application service access request under the condition that the login state information indicates that the user terminal is in a logged-in state, where it may be understood that the authentication request includes user identification information and target service identification information.
Step 203, obtain authorized service identification information corresponding to the user identification information.
Step 205, in case that the matching between the target service identification information and the authorized service identification information is successful, generating an authority verification result for indicating that the user terminal is allowed to access the target service corresponding to the target service identification information, and returning to the service transfer device, so that the service transfer device transfers the application service access request to the target service according to the authority verification result, so that the user terminal accesses the target service.
Specifically, after receiving the authentication request sent by the service transfer device, the authentication device may perform permission check according to the user identification information and the target service identification information in the authentication request corresponding to the application service access request sent by the user terminal to generate a permission check result, and return the permission check result to the service transfer device, where there are many ways to perform permission check according to the user identification information and the target service identification information in the authentication request corresponding to the application service access request sent by the user terminal to generate the permission check result, and return the permission check result to the service transfer device.
As a possible implementation manner, authorized service identification information corresponding to the user identification information is obtained, and under the condition that the target service identification information is successfully matched with the authorized service identification information, an authority verification result is generated and returned to the service transfer device.
For example, the target service identification information is target service 1, the authorized service identification information is target service 1, target service 2 and target service 3, and the target service identification information is matched with the authorized service identification information, so that a permission verification result with access to target service 1 is generated.
It can be understood that, in the case that the matching between the target service identification information and the authorized service identification information is unsuccessful, an authority verification result is also generated and returned to the service transfer device, and at this time, the service transfer device sends the target service information without authority access to the user terminal according to the authority verification result, so as to improve the use experience.
It is to be understood that the authentication request from the service relay apparatus is received before the user terminal is in the login state, and therefore, the login authentication request process may be performed before the authentication request process is performed.
More specifically, a login authentication request from the service transfer device is received, the login authentication request includes user identification information corresponding to the application service access request, login authentication is performed on the user identification information, login state information of the user terminal is generated and returned to the service transfer device, that is, after the login authentication is performed, the generated login state information can be in a logged-in state or an unregistered state, the login state information is determined according to a login authentication result, and the service transfer device needs to send login success or failure information to the user terminal when the login state information is returned to the service transfer device, so that the user can perform corresponding subsequent operations through the user terminal, and the application service access efficiency is further improved.
The method comprises the steps of carrying out login verification on user identification information, generating login state information of a user terminal, returning the login state information of the user terminal to a service transfer device, matching the user identification information with preset user login data as an implementation mode, generating login success information of the user terminal and returning the login success information to the service transfer device under the condition that the user identification information is successfully matched with the preset user login data, and generating login failure information of the user terminal and returning the login failure information to the service transfer device under the condition that the user identification information is unsuccessfully matched with the preset user login data to realize unified management of login verification through an authentication device.
For example, the login information is an account A and a password B, if the account A and the password B are matched with preset user login data, the login verification is determined to be passed, and login success information of the user terminal is generated and returned to the service transfer device; and if the account A and the password B are not matched with the preset user login data, the user determines that the login verification fails, and login failure information of the user terminal is generated and returned to the service transfer device.
In the application service access method of the embodiment of the application, an authentication request from a service transfer device is received, wherein the authentication request comprises user identification information and target service identification information corresponding to an application service access request sent by a user terminal; obtaining authorized service identification information corresponding to the user identification information; and under the condition that the target service identification information is successfully matched with the authorized service identification information, generating an authority verification result for indicating that the user terminal is allowed to access the target service corresponding to the target service identification information, and returning the authority verification result to the service transfer device, so that the service transfer device transfers the application service access request to the target service according to the authority verification result, and the user terminal can access the target service. The application service access request is processed by the application service transfer device and the authority is uniformly managed by the authentication device, the user terminal and the target service are separately deployed, and the target service can realize respective application service according to different services.
In order to make the above process more clear for those in the art, the following detailed description is made with reference to fig. 3, as shown in fig. 3, the nginx _ lua script, the authentication device, the nginx, the front end (user terminal) and the target service (back end) on the architecture of the present application each perform its own role, so as to implement sending, authentication, front-back end separate deployment, the target service is unified and stateless, the service transfer device can use the nginx _ lua script to send the application service access request to the user terminal, determine whether the application service access request includes token (user token), if the user terminal is not in the non-login state, the authentication device successfully performs login verification on the user identification information and then performs authority verification on the application service access request, if the user terminal is in the login state, the authority verification is directly carried out on the user identification information and the target service identification information through the authentication device; and under the condition that the permission verification result indicates that the user terminal is allowed to access the target service corresponding to the target service identification information, the user terminal is switched to the target service to apply the service access request so as to access the target service.
And in the case that the permission verification result indicates that the user terminal is not allowed to access the target service corresponding to the target service identification information, namely the user does not have the permission to access the target service corresponding to the target service identification information, transmitting the unauthorized access information to the user terminal and displaying the unauthorized access information on a related interface.
Therefore, unified management of single sign-on and authentication of the user terminal, separate deployment of the front end and the back end (different target services only need to realize corresponding functional services according to own services), namely that the back end application is stateless, the front end only needs to care about participation and return results without paying attention to realization of the back end, the access authority of the current application service is also controlled in respective service systems, the front end is deployed in respective service systems, the back end service systems are stateful, the user terminal needs to pay attention to realization of the front end of the service ends, only secondary development is needed on openResty by utilizing lua script language, and the authentication, forwarding and separate deployment of the front end and the back end are realized by utilizing the distribution characteristic of nginx.
In order to implement the foregoing embodiment, the present application further provides a service transfer device, and fig. 4 is a schematic structural diagram of the service transfer device provided in the embodiment of the present application.
As shown in fig. 4, the service relay apparatus 300 includes: a first receiving module 301, a sending module 303, a second receiving module 305 and a processing module 307.
A first receiving module 301, configured to receive an application service access request sent by a user terminal, where the application service access request includes user identifier information, login status information, and target service identifier information corresponding to the user terminal.
A sending module 303, configured to send, based on the application service access request, an authentication request to an authentication apparatus when the login status information indicates that the user terminal is in a logged-in status, where the authentication request includes the user identifier information and the target service identifier information.
A second receiving module 305, configured to receive a permission check result returned by the authentication apparatus and corresponding to the authentication request.
A processing module 307, configured to forward the application service access request to the target service so that the user terminal accesses the target service when the permission check result indicates that the user terminal is allowed to access the target service corresponding to the target service identification information.
Further, in a possible implementation manner of the embodiment of the present application, the processing module 407 is further configured to: and under the condition that the login state information indicates that the user terminal is in a non-login state, sending a login verification request to the authentication device based on the user identification information so that the authentication device performs login verification on the user identification information, and generating the login state information according to a login verification result.
It should be noted that the foregoing explanation on the method embodiment is also applicable to the service transfer apparatus of this embodiment, and is not repeated here.
In the service transfer device of the embodiment of the application, an application service access request sent by a user terminal is received, wherein the application service access request comprises user identification information, login state information and target service identification information corresponding to the user terminal; under the condition that the login state information indicates that the user terminal is in a logged-in state, sending an authentication request to an authentication device based on an application service access request, wherein the authentication request comprises user identification information and target service identification information; receiving an authority verification result corresponding to the authentication request returned by the authentication device; and under the condition that the permission verification result indicates that the user terminal is allowed to access the target service corresponding to the target service identification information, the application service access request is transferred to the target service so that the user terminal can access the target service. The application service access request is processed by the application service transfer device and the authority is uniformly managed by the authentication device, the user terminal and the target service are separately deployed, and the target service can realize respective application service according to different services.
In order to implement the foregoing embodiments, the present application further provides an authentication device, and fig. 5 is a schematic structural diagram of the authentication device provided in the embodiments of the present application.
As shown in fig. 5, the authentication apparatus 500 includes: a third receiving module 501, an obtaining module 503 and a generating module 505.
A third receiving module 501, configured to receive an authentication request from a service relay apparatus, where the authentication request includes user identification information and target service identification information corresponding to an application service access request sent by a user terminal.
An obtaining module 503, configured to obtain authorized service identification information corresponding to the user identification information.
A generating module 505, configured to generate, under a condition that the target service identification information is successfully matched with the authorized service identification information, an authority verification result for indicating that the user terminal is allowed to access a target service corresponding to the target service identification information, and return the authority verification result to the service transfer device, so that the service transfer device transfers an application service access request to the target service according to the authority verification result, so that the user terminal accesses the target service.
Further, in a possible implementation manner of the embodiment of the present application, the method further includes:
a third receiving module 501, configured to receive a login authentication request from the service transfer apparatus, where the login authentication request includes the user identifier information corresponding to the application service access request;
the generating module 505 is further configured to perform login verification on the user identifier information, generate login status information of the user terminal, and return the login status information to the service transfer apparatus.
Further, in a possible implementation manner of the embodiment of the present application, the generating module 505 is specifically configured to: matching the user identification information with preset user login data; under the condition that the user identification information is successfully matched with preset user login data, login success information of the user terminal is generated and returned to the service transfer device; and under the condition that the user identification information fails to be matched with preset user login data, generating login failure information of the user terminal and returning the login failure information to the service transfer device.
It should be noted that the foregoing explanation on the method embodiment is also applicable to the service transfer apparatus of this embodiment, and is not repeated here.
In the authentication device of the embodiment of the application, an authentication request from a service transfer device is received, wherein the authentication request comprises user identification information and target service identification information corresponding to an application service access request sent by a user terminal; obtaining authorized service identification information corresponding to the user identification information; and under the condition that the target service identification information is successfully matched with the authorized service identification information, generating an authority verification result for indicating that the user terminal is allowed to access the target service corresponding to the target service identification information, and returning the authority verification result to the service transfer device, so that the service transfer device transfers the application service access request to the target service according to the authority verification result, and the user terminal can access the target service. The application service access request is processed by the application service transfer device and the authority is uniformly managed by the authentication device, the user terminal and the target service are separately deployed, and the target service can realize respective application service according to different services.
In order to implement the foregoing embodiment, the present application further provides an application service access system, and fig. 6 is a schematic structural diagram of the application service access system provided in the embodiment of the present application.
As shown in fig. 6, the application service access system includes: the user terminal 100, the service intermediation means 300 described in the above embodiment, and the authentication means 500 described in the above embodiment, and the target service 700.
Wherein, the user terminal 100 sends an application service access request to the service relay apparatus 300; the application service access request includes user identification information, login state information, and target service identification information corresponding to the user terminal 100.
In the case that the login state information indicates that the user terminal 100 is in the logged-in state, the service relay apparatus 300 sends an authentication request to the authentication apparatus 500 based on the application service access request, where the authentication request includes the user identification information and the target service identification information.
The authentication device 500 obtains the authorized service identification information corresponding to the user identification information, generates an authority verification result for indicating that the user terminal is allowed to access the target service corresponding to the target service identification information under the condition that the target service identification information is successfully matched with the authorized service identification information, and returns the authority verification result to the service relay device 300.
The service relay apparatus 300 relays the application service access request to the target service according to the authority verification result, so that the user terminal 100 accesses the target service 700.
In order to implement the foregoing embodiments, an embodiment of the present application provides an electronic device, including: the application service access method comprises the following steps of storing a program, storing a program in a memory, and executing a computer program stored in the memory and capable of running on a processor, wherein the processor executes the program to realize the application service access method according to the embodiment of the method executed by the terminal device.
In order to implement the foregoing embodiments, the present application provides a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the computer program implements the application service access method described in the foregoing method embodiments.
In the description herein, reference to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the application. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present application, "plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing steps of a custom logic function or process, and alternate implementations are included within the scope of the preferred embodiment of the present application in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present application.
The logic and/or steps represented in the flowcharts or otherwise described herein, e.g., an ordered listing of executable instructions that can be considered to implement logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). Additionally, the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.
It should be understood that portions of the present application may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. If implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.
In addition, functional units in the embodiments of the present application may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may also be stored in a computer readable storage medium.
The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc. Although embodiments of the present application have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present application, and that variations, modifications, substitutions and alterations may be made to the above embodiments by those of ordinary skill in the art within the scope of the present application.

Claims (10)

1. An application service access method is applied to a service transfer device and is characterized by comprising the following steps:
receiving an application service access request sent by a user terminal, wherein the application service access request comprises user identification information, login state information and target service identification information corresponding to the user terminal;
under the condition that the login state information indicates that the user terminal is in a logged-in state, sending an authentication request to an authentication device based on the application service access request, wherein the authentication request comprises the user identification information and the target service identification information;
receiving an authority verification result which is returned by the authentication device and corresponds to the authentication request;
and under the condition that the permission verification result indicates that the user terminal is allowed to access the target service corresponding to the target service identification information, the application service access request is transferred to the target service so as to enable the user terminal to access the target service.
2. The method of claim 1, wherein the method further comprises:
and under the condition that the login state information indicates that the user terminal is in a non-login state, sending a login verification request to the authentication device based on the user identification information so that the authentication device performs login verification on the user identification information, and generating the login state information according to a login verification result.
3. An application service access method applied to an authentication device is characterized by comprising the following steps:
receiving an authentication request from a service transfer device, wherein the authentication request comprises user identification information and target service identification information corresponding to an application service access request sent by a user terminal;
obtaining authorized service identification information corresponding to the user identification information;
and under the condition that the target service identification information is successfully matched with the authorized service identification information, generating an authority verification result for indicating that the user terminal is allowed to access the target service corresponding to the target service identification information, and returning to the service transfer device, so that the service transfer device transfers an application service access request to the target service according to the authority verification result, and the user terminal accesses the target service.
4. The method of claim 3, wherein before the receiving the authentication request from the service intermediary apparatus, further comprising:
receiving a login authentication request from the service transfer device, wherein the login authentication request comprises the user identification information corresponding to the application service access request;
and performing login verification on the user identification information, generating login state information of the user terminal, and returning the login state information to the service transfer device.
5. The method of claim 4, wherein the performing login authentication on the user identification information and generating login status information of the user terminal comprises:
matching the user identification information with preset user login data;
under the condition that the user identification information is successfully matched with preset user login data, login success information of the user terminal is generated;
and under the condition that the user identification information fails to be matched with preset user login data, login failure information of the user terminal is generated.
6. A service relay apparatus, comprising:
the system comprises a first receiving module, a second receiving module and a third receiving module, wherein the first receiving module is used for receiving an application service access request sent by a user terminal, and the application service access request comprises user identification information, login state information and target service identification information corresponding to the user terminal;
a sending module, configured to send an authentication request to an authentication apparatus based on the application service access request when the login state information indicates that the user terminal is in a logged-in state, where the authentication request includes the user identification information and the target service identification information;
the second receiving module is used for receiving the authority verification result which is returned by the authentication device and corresponds to the authentication request;
and the processing module is used for transferring the application service access request to the target service so as to enable the user terminal to access the target service under the condition that the permission verification result indicates that the user terminal is allowed to access the target service corresponding to the target service identification information.
7. An authentication apparatus, comprising:
a third receiving module, configured to receive an authentication request from a service transfer apparatus, where the authentication request includes user identification information and target service identification information corresponding to an application service access request sent by a user terminal;
an obtaining module, configured to obtain authorized service identification information corresponding to the user identification information;
and the generation module is used for generating an authority verification result for indicating that the user terminal is allowed to access the target service corresponding to the target service identification information under the condition that the target service identification information is successfully matched with the authorized service identification information, and returning the authority verification result to the service transfer device, so that the service transfer device transfers an application service access request to the target service according to the authority verification result, and the user terminal accesses the target service.
8. An application service access system, comprising: the user terminal, the service transfer device of the right 6, the authentication device of the right 7 and the target service;
the user terminal sends an application service access request to the service transfer device; the application service access request comprises user identification information, login state information and target service identification information corresponding to the user terminal;
under the condition that the login state information indicates that the user terminal is in a logged-in state, the service transfer device sends an authentication request to an authentication device based on the application service access request, wherein the authentication request comprises the user identification information and the target service identification information;
the authentication device acquires authorized service identification information corresponding to the user identification information, generates an authority verification result for indicating that the user terminal is allowed to access the target service corresponding to the target service identification information under the condition that the target service identification information is successfully matched with the authorized service identification information, and returns the authority verification result to the service transfer device;
and the service transfer device transfers an application service access request to a target service according to the permission verification result so as to enable the user terminal to access the target service.
9. An electronic device, comprising: memory, processor and computer program stored on the memory and executable on the processor, the processor implementing the application service access method according to any of claims 1-5 when executing the program.
10. A computer-readable storage medium, on which a computer program is stored, which program, when being executed by a processor, is adapted to carry out the application service access method of any one of claims 1 to 5.
CN201911423914.8A 2019-12-31 2019-12-31 Application service access method and device Pending CN111209578A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911423914.8A CN111209578A (en) 2019-12-31 2019-12-31 Application service access method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911423914.8A CN111209578A (en) 2019-12-31 2019-12-31 Application service access method and device

Publications (1)

Publication Number Publication Date
CN111209578A true CN111209578A (en) 2020-05-29

Family

ID=70787450

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911423914.8A Pending CN111209578A (en) 2019-12-31 2019-12-31 Application service access method and device

Country Status (1)

Country Link
CN (1) CN111209578A (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111988336A (en) * 2020-09-02 2020-11-24 南方电网数字电网研究院有限公司 Access request processing method, device and system and computer equipment
CN112055024A (en) * 2020-09-09 2020-12-08 深圳市欢太科技有限公司 Authority verification method and device, storage medium and electronic equipment
CN112671798A (en) * 2020-12-31 2021-04-16 北京明朝万达科技股份有限公司 Service request method, device and system in Internet of vehicles
CN112738100A (en) * 2020-12-29 2021-04-30 北京天融信网络安全技术有限公司 Authentication method, device, authentication equipment and authentication system for data access
CN112788529A (en) * 2021-01-15 2021-05-11 拉扎斯网络科技(上海)有限公司 Information display method and device and electronic equipment
CN113612806A (en) * 2021-10-09 2021-11-05 北京云歌科技有限责任公司 Secure network service method, device, electronic equipment and medium
CN113641966A (en) * 2021-08-10 2021-11-12 广域铭岛数字科技有限公司 Application integration method, system, device and medium
CN113656787A (en) * 2021-08-12 2021-11-16 青岛海信智慧生活科技股份有限公司 Service providing device, terminal, authentication device, resource access method and system
CN114338223A (en) * 2022-01-14 2022-04-12 百果园技术(新加坡)有限公司 User authentication method, system, device, equipment and storage medium
CN114915435A (en) * 2021-02-09 2022-08-16 网联清算有限公司 Service data access method and system
WO2022222001A1 (en) * 2021-04-19 2022-10-27 华为技术有限公司 Service access method and device
CN115378669A (en) * 2022-08-05 2022-11-22 北京达佳互联信息技术有限公司 Method and device for confirming IDE remote user permission in cloud integrated development environment
CN115878214A (en) * 2022-11-30 2023-03-31 广西壮族自治区信息中心 Application software access method, device, equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107645508A (en) * 2017-10-16 2018-01-30 深圳市买买提乐购金融服务有限公司 A kind of data handling system, method, client and server
CN109327477A (en) * 2018-12-06 2019-02-12 泰康保险集团股份有限公司 Authentication method, device and storage medium
CN110120946A (en) * 2019-04-29 2019-08-13 武汉理工大学 A kind of Centralized Authentication System and method of Web and micro services

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107645508A (en) * 2017-10-16 2018-01-30 深圳市买买提乐购金融服务有限公司 A kind of data handling system, method, client and server
CN109327477A (en) * 2018-12-06 2019-02-12 泰康保险集团股份有限公司 Authentication method, device and storage medium
CN110120946A (en) * 2019-04-29 2019-08-13 武汉理工大学 A kind of Centralized Authentication System and method of Web and micro services

Cited By (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111988336A (en) * 2020-09-02 2020-11-24 南方电网数字电网研究院有限公司 Access request processing method, device and system and computer equipment
CN112055024A (en) * 2020-09-09 2020-12-08 深圳市欢太科技有限公司 Authority verification method and device, storage medium and electronic equipment
CN112055024B (en) * 2020-09-09 2023-08-22 深圳市欢太科技有限公司 Authority verification method and device, storage medium and electronic equipment
CN112738100A (en) * 2020-12-29 2021-04-30 北京天融信网络安全技术有限公司 Authentication method, device, authentication equipment and authentication system for data access
CN112738100B (en) * 2020-12-29 2023-09-01 北京天融信网络安全技术有限公司 Authentication method, device, authentication equipment and authentication system for data access
CN112671798A (en) * 2020-12-31 2021-04-16 北京明朝万达科技股份有限公司 Service request method, device and system in Internet of vehicles
CN112788529A (en) * 2021-01-15 2021-05-11 拉扎斯网络科技(上海)有限公司 Information display method and device and electronic equipment
CN112788529B (en) * 2021-01-15 2023-04-25 拉扎斯网络科技(上海)有限公司 Information display method and device and electronic equipment
CN114915435A (en) * 2021-02-09 2022-08-16 网联清算有限公司 Service data access method and system
CN114915435B (en) * 2021-02-09 2024-03-19 网联清算有限公司 Service data access method and system
WO2022222001A1 (en) * 2021-04-19 2022-10-27 华为技术有限公司 Service access method and device
EP4319213A4 (en) * 2021-04-19 2024-05-29 Huawei Technologies Co., Ltd. Service access method and device
CN113641966A (en) * 2021-08-10 2021-11-12 广域铭岛数字科技有限公司 Application integration method, system, device and medium
CN113641966B (en) * 2021-08-10 2024-04-09 广域铭岛数字科技有限公司 Application integration method, system, equipment and medium
CN113656787A (en) * 2021-08-12 2021-11-16 青岛海信智慧生活科技股份有限公司 Service providing device, terminal, authentication device, resource access method and system
CN113656787B (en) * 2021-08-12 2023-10-27 青岛海信智慧生活科技股份有限公司 Service providing device, terminal, authentication device, resource access method and system
CN113612806B (en) * 2021-10-09 2021-12-17 北京云歌科技有限责任公司 Secure network service method, device, electronic equipment and medium
CN113612806A (en) * 2021-10-09 2021-11-05 北京云歌科技有限责任公司 Secure network service method, device, electronic equipment and medium
CN114338223A (en) * 2022-01-14 2022-04-12 百果园技术(新加坡)有限公司 User authentication method, system, device, equipment and storage medium
CN114338223B (en) * 2022-01-14 2024-01-09 百果园技术(新加坡)有限公司 User authentication method, system, device, equipment and storage medium
CN115378669A (en) * 2022-08-05 2022-11-22 北京达佳互联信息技术有限公司 Method and device for confirming IDE remote user permission in cloud integrated development environment
CN115878214B (en) * 2022-11-30 2023-10-27 广西壮族自治区信息中心 Application software access method, device, equipment and storage medium
CN115878214A (en) * 2022-11-30 2023-03-31 广西壮族自治区信息中心 Application software access method, device, equipment and storage medium

Similar Documents

Publication Publication Date Title
CN111209578A (en) Application service access method and device
CN108881232B (en) Sign-on access method, apparatus, storage medium and the processor of operation system
CN107018119B (en) Identity verification system, method and platform
CN110445614B (en) Certificate application method and device, terminal equipment, gateway equipment and server
CN112543169B (en) Authentication method, authentication device, terminal and computer readable storage medium
CN103826155A (en) Multi-screen interaction method, server, terminal and system
CN105681258B (en) Session method and conversational device based on third-party server
CN111538966A (en) Access method, access device, server and storage medium
CN110278179A (en) Single-point logging method, device and system and electronic equipment
CN110008690A (en) Right management method, device, equipment and the medium of terminal applies
CN105516135A (en) Method and device used for account login
CN109005159A (en) The data processing method and certificate server of terminal access system server
CN112632521A (en) Request response method and device, electronic equipment and storage medium
CN109067746B (en) Communication method and device between client and server
CN104702677A (en) Method, device and system for treating link
CN111259356B (en) Authorization method, auxiliary authorization component, management server and computer readable medium
CN114499975B (en) Verification method for login server, server and storage medium
CN108540552A (en) Apparatus interconnection method, apparatus, system, equipment and storage medium
CN110766388B (en) Virtual card generation method and system and electronic equipment
US9195416B2 (en) Printing for-pay content
CN103559430A (en) Application account management method and device based on android system
CN114389890B (en) User request proxy method, server and storage medium
CN109379378A (en) Sending method, device, server, system and the storage medium of internet short message
CN106487776B (en) Method, network entity and system for protecting machine type communication equipment
CN102393836A (en) Mobile memory and access control method and system for mobile memory

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20200529