CN111241523A - Authentication processing method, device, equipment and storage medium - Google Patents
Authentication processing method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN111241523A CN111241523A CN202010016732.5A CN202010016732A CN111241523A CN 111241523 A CN111241523 A CN 111241523A CN 202010016732 A CN202010016732 A CN 202010016732A CN 111241523 A CN111241523 A CN 111241523A
- Authority
- CN
- China
- Prior art keywords
- authentication
- configuration information
- terminal equipment
- address
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44505—Configuring for program initiating, e.g. using registry, configuration files
- G06F9/4451—User profiles; Roaming
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/451—Execution arrangements for user interfaces
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Human Computer Interaction (AREA)
- Information Transfer Between Computers (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides an authentication processing method, an authentication processing device, authentication processing equipment and a storage medium, wherein the method comprises the following steps: receiving an access request sent by terminal equipment, wherein the access request comprises user information and a system identifier of a target system; determining a verification object corresponding to the system identifier of the target system; determining configuration information corresponding to a system identifier of a target system, wherein the configuration information comprises address information of an authentication server; adopting a verification object corresponding to the system identification of the target system, and sending an authentication request to an authentication server corresponding to address information in configuration information corresponding to the system identification of the target system, wherein the authentication request comprises user information so that the authentication server completes authentication with the terminal equipment; receiving an authentication result sent by an authentication server; and when the authentication result represents that the authentication is passed, transmitting data required by the access request to the terminal equipment. The present case can reduce the task volume of development, realizes integrated processing, and then promotes user experience.
Description
Technical Field
The present invention relates to the field of terminal technologies, and in particular, to an authentication processing method, apparatus, device, and storage medium.
Background
Currently, an operator provides an order collection system, which generates a lot of order data through collection, processing, and the like. After the user authenticates the corresponding peripheral system, the user can acquire required order data from the order collection system through the peripheral system. For example, after the user successfully logs in the system a, the user may send a request to the order aggregation system through the browser, and then the order aggregation system determines whether the user is a user after the system a is authenticated through an authentication server of the system a, and if so, data requested by the user is provided to the user.
In the prior art, different clusters correspond to different authentication servers, for example, a system a and a system B belong to the same cluster, a system C belongs to another cluster, and the authentication methods of the different clusters are different, so that if it is desired that users in all the clusters can obtain data from the order collection system, a set of docking codes needs to be developed for each cluster, and thus the users in the corresponding cluster are authenticated based on each set of docking codes, and thus when the authentication is passed, the users in the corresponding cluster can obtain data from the order collection system.
However, in the prior art, because the number of clusters is large, if a set of codes is developed for each cluster to achieve data acquisition, the development task amount is huge, integrated processing cannot be achieved, and the maintenance is difficult, so that the user experience is poor.
Disclosure of Invention
The invention provides an authentication processing method, an authentication processing device, authentication processing equipment and a storage medium, which can reduce the amount of developed tasks, realize integrated processing and further improve user experience.
In a first aspect, the present invention provides an authentication processing method, including:
receiving an access request sent by terminal equipment, wherein the access request comprises user information and a system identifier of a target system;
determining a verification object corresponding to the system identifier of the target system according to a corresponding relation between a preset verification object and the system identifier, wherein the verification object is used for indicating an authentication mode between the terminal equipment and the authentication server; determining configuration information corresponding to the system identifier of the target system according to a corresponding relation between preset configuration information and the system identifier, wherein the configuration information comprises address information of an authentication server;
sending an authentication request to an authentication server corresponding to address information in configuration information corresponding to the system identifier of the target system by adopting a verification object corresponding to the system identifier of the target system, wherein the authentication request comprises the user information, so that the authentication server corresponding to the address information completes authentication with the terminal equipment according to the user information;
receiving an authentication result sent by an authentication server corresponding to the address information;
and when the authentication result represents that the authentication is passed, sending the data required by the access request to the terminal equipment.
Further, the method further comprises:
receiving a trigger instruction sent by a user, and displaying a visual interface according to the trigger instruction;
and acquiring the configuration information corresponding to each system identification input on the visual interface by the user, and storing the configuration information corresponding to each system identification.
Further, the method further comprises:
and when the authentication result represents that the authentication fails, sending an authentication failure message to the terminal equipment so that the terminal equipment displays a re-authentication page according to the authentication failure message.
Further, the authentication failure message includes an address of the re-authentication page; sending an authentication failure message to the terminal device to enable the terminal device to display a re-authentication page according to the authentication failure message, wherein the authentication failure message comprises:
and sending an authentication failure message to the terminal equipment so that the terminal equipment displays a re-authentication page according to the address of the re-authentication page.
Further, the configuration information further includes one or more of the following: system service authentication prefix, system service authentication type, system agent authentication address and access path list.
In a second aspect, the present invention provides an authentication processing apparatus comprising:
the terminal equipment comprises a first receiving unit, a second receiving unit and a third receiving unit, wherein the first receiving unit is used for receiving an access request sent by the terminal equipment, and the access request comprises user information and a system identifier of a target system;
the system comprises a determining unit, a verification server and a verification unit, wherein the determining unit is used for determining a verification object corresponding to a system identifier of a target system according to a corresponding relation between a preset verification object and the system identifier, and the verification object is used for indicating an authentication mode between terminal equipment and the authentication server; determining configuration information corresponding to the system identifier of the target system according to a corresponding relation between preset configuration information and the system identifier, wherein the configuration information comprises address information of an authentication server;
a first sending unit, configured to send, by using a verification object corresponding to a system identifier of the target system, an authentication request to an authentication server corresponding to address information in configuration information corresponding to the system identifier of the target system, where the authentication request includes the user information, so that the authentication server corresponding to the address information completes authentication with the terminal device according to the user information;
a second receiving unit, configured to receive an authentication result sent by an authentication server corresponding to the address information;
and the second sending unit is used for sending the data required by the access request to the terminal equipment when the authentication result represents that the authentication is passed.
Further, the device also comprises;
the configuration unit is used for receiving a trigger instruction sent by a user and displaying a visual interface according to the trigger instruction; and acquiring the configuration information corresponding to each system identification input on the visual interface by the user, and storing the configuration information corresponding to each system identification.
Further, the apparatus further comprises:
and the second sending unit is used for sending an authentication failure message to the terminal equipment when the authentication result represents that the authentication fails, so that the terminal equipment displays a re-authentication page according to the authentication failure message.
Further, the authentication failure message includes an address of the re-authentication page;
the second sending unit is specifically configured to send an authentication failure message to the terminal device, so that the terminal device displays a re-authentication page according to the address of the re-authentication page.
Further, the configuration information further includes one or more of the following: system service authentication prefix, system service authentication type, system agent authentication address and access path list.
In a third aspect, the present invention provides an authentication processing apparatus comprising: a memory and a processor;
the memory for storing a computer program;
wherein the processor executes the computer program in the memory to implement the method of any one of the embodiments of the first aspect.
In a fourth aspect, the present invention provides a computer-readable storage medium having stored thereon a computer program for execution by a processor to perform a method as in any one of the embodiments of the first aspect.
The invention provides an authentication processing method, an authentication processing device and a storage medium, wherein after an access request sent by a terminal device is received, a verification object corresponding to a system identifier of a target system is determined according to a corresponding relation between a preset verification object and the system identifier; and determining configuration information corresponding to the system identifier of the target system according to a corresponding relation between preset configuration information and the system identifier, sending an authentication request to an authentication server corresponding to address information in the configuration information corresponding to the system identifier of the target system by adopting a verification object corresponding to the system identifier of the target system, and currently serving as a client of a cluster corresponding to the target system, namely serving as a client of the authentication server corresponding to the cluster, through the determined verification object and configuration information, so that the user validity authentication is performed through the authentication server to provide corresponding data for the user after the authentication is passed. According to the scheme, the corresponding relation between the configuration information and the system identification and the corresponding relation between the verification object and the system identification can be used as clients of different clusters, namely the clients of the authentication servers corresponding to the clusters respectively, so that one-to-many relation between the clients and the authentication servers is realized, and corresponding docking codes do not need to be developed for each cluster, so that the development workload is small, the maintenance is simple, and the user experience is improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure.
Fig. 1 is a flowchart of an authentication processing method according to an embodiment of the present application;
fig. 2 is a flowchart of an authentication processing method according to a second embodiment of the present application;
fig. 3 is an authentication mapping diagram provided in the second embodiment of the present application;
fig. 4 is a schematic structural diagram of an authentication processing apparatus according to a third embodiment of the present application;
fig. 5 is a schematic structural diagram of an authentication processing apparatus according to a fourth embodiment of the present application;
fig. 6 is a schematic structural diagram of an authentication processing apparatus according to a fifth embodiment of the present application.
With the foregoing drawings in mind, certain embodiments of the disclosure have been shown and described in more detail below. These drawings and written description are not intended to limit the scope of the disclosed concepts in any way, but rather to illustrate the concepts of the disclosure to those skilled in the art by reference to specific embodiments.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims.
At present, operators provide order collection systems, which have a large number of peripheral systems connected to each other, and these peripheral systems all want to obtain corresponding order data and other functions from the order collection systems through their own authentication methods, but each peripheral system has its corresponding authority and authentication method. In the prior art, single sign-on of each system needs to be developed, and a plurality of users and authority information need to be synchronized, so that a great amount of human resources and time need to be invested. Moreover, when different authentication modes are connected, uniform processing cannot be achieved, and only separate processing can be performed, so that applications are deployed respectively, the number of code versions is large, and maintenance is difficult. Therefore, in order to save development time, optimize a code structure, save maintenance cost, reduce the modification amount and development cost of each docking system and improve the docking efficiency of the system, the present disclosure provides an authentication processing apparatus (or referred to as an integrated client) that integrates different authentication methods and different authentication servers based on single sign-on, and completes authentication docking without using the authentication methods and different authentication servers.
The single sign-on technique and cas authentication framework on which the present invention is based are explained first.
Single Sign On (SSO for short) means that a user can access all other mutually trusted systems by logging On only once among a plurality of application systems. In the current complex application system, the single sign-on scene application is very extensive. For example, the application system a and the application system B are mutually trusted systems, and a user accesses the application system a through a browser, and does not need to log in again when accessing the application system B after logging in the application system a.
The cas authentication framework, which was initially developed by people at yale university and then maintained by the Jasig community, has now become increasingly influential, widely used, and Java-based, open-source single sign-on solutions. The authentication process of the framework may include the steps of:
the first step is as follows: the user browser sends out an unauthenticated Uniform Resource Locator (URL).
The second step is that: if the application client identifies that the URL request is not authenticated, the request is redirected to a CAS Server (authentication Server) end, and the request address is added into the URL parameter.
The third step: the CAS Server end returns to the browser end authentication interface.
The fourth step: and the user browser end inputs authentication information and requests the CAS Server end to perform authentication.
The fifth step: and the CAS Server terminal authenticates, adds the request URL into the authentication bill information after the authentication is successful, and then redirects the request URL to the application client.
And a sixth step: after receiving the request with the authentication bill, the client initiates bill authentication to the CAS Server.
The seventh step: and after receiving the bill authentication request of the application client, the CAS Server verifies the bill authentication request and returns the bill authentication request to the application client after the bill authentication is successful.
Eighth step: and the application client returns corresponding data or page to the user browser according to the authentication information returned by the CAS Server.
In the prior art, each application client can only be used as a client of one authentication server, wherein a many-to-one relationship exists between the application client and the authentication server.
Fig. 1 is a flowchart of an authentication processing method according to an embodiment of the present invention, as shown in fig. 1, the method includes:
step 101: and receiving an access request sent by the terminal equipment, wherein the access request comprises user information and a system identifier of a target system.
In an example, when a user wants to obtain order data and the like, the user may access a browser through a terminal device, and then send an access request through the browser, so as to receive the access request sent by the terminal device, where the access request includes user information and a system identifier of a target system.
Step 102: determining a verification object corresponding to the system identifier of the target system according to a corresponding relation between a preset verification object and the system identifier, wherein the verification object is used for indicating an authentication mode between the terminal equipment and the authentication server; and determining configuration information corresponding to the system identifier of the target system according to the corresponding relation between the preset configuration information and the system identifier, wherein the configuration information comprises address information of the authentication server.
In this embodiment, a corresponding relationship between a verification object Verifier and a system identifier is preset, so that after an access request sent by a terminal device is received, a Verifier corresponding to the system identifier of a target system can be determined according to the corresponding relationship between the preset verification object Verifier and the system identifier, and the Verifier is dynamically loaded; in addition, for each system to be docked, the corresponding relationship between the system identifier and the configuration information of each system can be preset, so that the configuration information corresponding to the system identifier of the target system can be determined based on the corresponding relationship between the system identifier and the configuration information. The configuration information comprises address information of an authentication server corresponding to the system, so that an authentication request is sent to the authentication server corresponding to the address information according to the address information in the configuration information.
In addition, when the authentication processing device is just started, a default Verifier can be loaded into a system memory, and authentication judgment is carried out through the default Verifier in a default state, so that in the operation process of the authentication processing device, the corresponding Verifier can be dynamically loaded according to the system identification of the target system in the access request, and interactive authentication with different authentication servers is realized.
Step 103: and sending an authentication request to an authentication server corresponding to the address information in the configuration information corresponding to the system identifier of the target system by adopting a verification object corresponding to the system identifier of the target system, wherein the authentication request comprises user information, so that the authentication server corresponding to the address information completes authentication with the terminal equipment according to the user information.
In this embodiment, after receiving an access request sent by a terminal device, an authentication request may be generated according to user information in the access request, where the authentication request includes the user information, so that a verification object Verifier corresponding to a system identifier of a target system is used to send the authentication request to an authentication server corresponding to address information in configuration information corresponding to the system identifier of the target system, so that the authentication server corresponding to the address information completes authentication on the terminal device according to the user information carried in the authentication request, that is, authenticates a user corresponding to the terminal device. For example, if the user information is a user name and a password, the user name and the password are carried in the authentication request and sent to the authentication server corresponding to the target system, so that the authentication server performs identity authentication on the current user according to the pre-stored legal user information corresponding to the target system.
Step 104: and receiving an authentication result sent by the authentication server corresponding to the address information.
In this embodiment, the authentication server obtains the authentication result corresponding to the terminal device and sends the authentication result to the authentication processing apparatus, so that the authentication processing apparatus receives the authentication result sent by the authentication server.
Step 105: and when the authentication result represents that the authentication is passed, transmitting data required by the access request to the terminal equipment.
In this embodiment, when the authentication result indicates that the authentication is passed, it indicates that the current user is a valid user, and at this time, data required by the access request is sent to the terminal device.
The invention provides an authentication method, after receiving an access request sent by a terminal device, determining a verification object corresponding to a system identifier of a target system according to a corresponding relation between a preset verification object and the system identifier; and determining configuration information corresponding to the system identifier of the target system according to a corresponding relation between preset configuration information and the system identifier, sending an authentication request to an authentication server corresponding to address information in the configuration information corresponding to the system identifier of the target system by adopting a verification object corresponding to the system identifier of the target system, and currently serving as a client of a cluster corresponding to the target system, namely serving as a client of the authentication server corresponding to the cluster, through the determined verification object and configuration information, so that the user validity authentication is performed through the authentication server to provide corresponding data for the user after the authentication is passed. According to the scheme, the corresponding relation between the configuration information and the system identification and the corresponding relation between the verification object and the system identification can be used as clients of different clusters, namely the clients of the authentication servers corresponding to the clusters respectively, so that one-to-many relation between the clients and the authentication servers is realized, and corresponding docking codes do not need to be developed for each cluster, so that the development workload is small, the maintenance is simple, and the user experience is improved.
Fig. 2 is a flowchart of a base station construction evaluation method according to a second embodiment of the present invention, and as shown in fig. 2, the method may include:
step 201: and receiving a trigger instruction sent by a user, and displaying a visual interface according to the trigger instruction.
In this embodiment, a visual configuration mode is provided, and specifically, for a system that needs to be docked, a trigger instruction sent by a user (such as a manager) is received, then a visual configuration interface is displayed to the user according to the trigger instruction, and then the user can input corresponding configuration information on the visual configuration interface.
Step 202: and acquiring configuration information corresponding to each system identifier input by a user on a visual interface, and storing the configuration information corresponding to each system identifier.
In this embodiment, the configuration information corresponding to the system identifier includes address information of the authentication server, and in addition, the configuration information further includes one or more of the following: the system service authentication prefix, the system service authentication type, the address of the re-authentication page, the system proxy authentication address and the access path list, wherein when the address of the authentication server is imperfect, the accurate address of the authentication server can be obtained according to the system service authentication prefix and the address information of the authentication server, so that the subsequent authentication can be carried out according to the address of the authentication server; the system service authentication type refers to an authentication type of the system by an authentication server, for example, the authentication type is authentication by adopting a user name and a password; for another example, authentication is performed by adopting a mobile phone number and dynamic code mode, and the like; when the authentication server does not directly authenticate the user information, the user information can be authenticated through the system agent authentication address; a black list and a white list can be set in the access path list, wherein the black list and the white list store the system identification.
For example, there are three systems, which are a system a, a system B, and a system C, where the system a and the system C belong to the same cluster, that is, the system a and the system C are systems capable of realizing single sign-on, that is, after a user logs in the system a, the system C can be directly accessed without logging in once, and the system B belongs to another cluster, so that if the three systems need to be docked at present, a configurable interface can be displayed to the user, and the user can input configuration information corresponding to the system a, the system B, and the system C, respectively, through the configurable interface, where the user can be a related manager, a dockee, and the like of the order aggregation system. Through interface operation, relevant information of the docking system can be recorded, so that the friendliness of system operation can be realized, and the technical requirements on system docking personnel are reduced.
Step 203: and receiving an access request sent by the terminal equipment, wherein the access request comprises user information and a system identifier of a target system.
Step 204: determining a verification object corresponding to the system identifier of the target system according to a corresponding relation between a preset verification object and the system identifier, wherein the verification object is used for indicating an authentication mode between the terminal equipment and the authentication server; and determining configuration information corresponding to the system identifier of the target system according to the corresponding relation between the preset configuration information and the system identifier, wherein the configuration information comprises address information of the authentication server.
Step 205: and sending an authentication request to an authentication server corresponding to the address information in the configuration information corresponding to the system identifier of the target system by adopting a verification object corresponding to the system identifier of the target system, wherein the authentication request comprises user information, so that the authentication server corresponding to the address information completes authentication with the terminal equipment according to the user information.
Step 206: and receiving an authentication result sent by the authentication server corresponding to the address information.
Step 207: and when the authentication result represents that the authentication is passed, transmitting data required by the access request to the terminal equipment.
In this embodiment, the above-mentioned steps 203-207 may refer to the related explanations in the first embodiment, and are not described herein again.
Step 208: and when the authentication result represents that the authentication fails, sending an authentication failure message to the terminal equipment so that the terminal equipment displays a re-authentication page according to the authentication failure message.
In this embodiment, when the non-authentication is passed, an authentication failure message may be further sent to the terminal device, so that the terminal device displays a re-authentication page according to the authentication failure message and performs authentication again. Specifically, the authentication failure message includes an address of the re-authentication page; step 207 may specifically include: and sending an authentication failure message to the terminal equipment so that the terminal equipment displays a re-authentication page according to the address of the re-authentication page.
The authentication correspondence relationship realized by the present disclosure can be shown in fig. 3, and fig. 3 is an authentication correspondence relationship diagram provided in a second embodiment of the present disclosure, in which the authentication processing apparatus can also be referred to as an integrated client or an order aggregation system. As shown in fig. 3, terminal device 1, terminal device 2, terminal device 3, terminal device 4, and terminal device 5 may be terminal devices located in different domains; the authentication server 1, the authentication server 2, the authentication server 3, and the authentication server 4 may be authentication servers located in different domains. The authentication server 1 can adopt a token authentication mode, the authentication server 2 can adopt a CAS20 authentication mode and the like, namely, an integration mode that one integrated client corresponds to a plurality of authentication servers can be realized through the scheme; moreover, the dynamic loading of the route authentication can be realized based on the system identification of the target system through checking the corresponding relation between the object and the system identification.
The embodiment receives a trigger instruction sent by a user, and displays a visual interface according to the trigger instruction; the configuration information corresponding to each system identification input by the user on the visual interface is obtained, and the configuration information corresponding to each system identification is stored, namely, the relevant information of the docking system can be recorded through interface operation, so that the friendliness of system operation can be realized, and the technical requirements on system docking personnel are also reduced.
Fig. 4 is a schematic structural diagram of a base station construction evaluation apparatus according to a third embodiment of the present invention, including:
a first receiving unit 401, configured to receive an access request sent by a terminal device, where the access request includes user information and a system identifier of a target system;
a determining unit 402, configured to determine, according to a correspondence between a preset verification object and a system identifier, a verification object corresponding to the system identifier of the target system, where the verification object is used to indicate an authentication manner between the terminal device and the authentication server; determining configuration information corresponding to the system identifier of the target system according to the corresponding relation between the preset configuration information and the system identifier, wherein the configuration information comprises address information of the authentication server;
a first sending unit 403, configured to send, by using a verification object corresponding to a system identifier of a target system, an authentication request to an authentication server corresponding to address information in configuration information corresponding to the system identifier of the target system, where the authentication request includes user information, so that the authentication server corresponding to the address information completes authentication with a terminal device according to the user information;
a second receiving unit 404, configured to receive an authentication result sent by the authentication server corresponding to the address information;
a second sending unit 405, configured to send data required by the access request to the terminal device when the authentication result indicates that the authentication passes.
The authentication processing apparatus provided in this embodiment is the same as the technical solution for implementing the authentication processing method provided in any of the foregoing embodiments, and the implementation principle and technical effect thereof are similar and will not be described again.
Fig. 5 is a schematic structural diagram of an authentication processing apparatus according to a fourth embodiment of the present invention, including:
the configuration unit 501 is configured to receive a trigger instruction sent by a user, and display a visual interface according to the trigger instruction; and acquiring configuration information corresponding to each system identifier input by a user on a visual interface, and storing the configuration information corresponding to each system identifier.
The device, still include:
a third sending unit 502, configured to send an authentication failure message to the terminal device when the authentication result indicates that the authentication fails, so that the terminal device displays a re-authentication page according to the authentication failure message.
Further, the authentication failure message includes an address of the re-authentication page; and the second sending unit is specifically configured to send an authentication failure message to the terminal device, so that the terminal device displays the re-authentication page according to the address of the re-authentication page.
Further, the configuration information further includes one or more of the following: system service authentication prefix, system service authentication type, system agent authentication address and access path list.
The authentication processing apparatus provided in this embodiment is the same as the technical solution for implementing the authentication processing method provided in any of the foregoing embodiments, and the implementation principle and technical effect thereof are similar and will not be described again.
Fig. 6 is a schematic structural diagram of an authentication processing apparatus provided in the fifth embodiment of the present application, as shown in fig. 6, including: a memory 601 and a processor 602;
a memory 601 for storing a computer program;
wherein the processor 602 executes the computer program in the memory 601 to implement the method of any of the embodiments.
The present application provides a computer-readable storage medium having stored thereon a computer program for execution by a processor to perform the method of any of the embodiments.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It will be understood that the present disclosure is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.
Claims (12)
1. An authentication processing method, characterized in that the method comprises:
receiving an access request sent by terminal equipment, wherein the access request comprises user information and a system identifier of a target system;
determining a verification object corresponding to the system identifier of the target system according to a corresponding relation between a preset verification object and the system identifier, wherein the verification object is used for indicating an authentication mode between the terminal equipment and the authentication server; determining configuration information corresponding to the system identifier of the target system according to a corresponding relation between preset configuration information and the system identifier, wherein the configuration information comprises address information of an authentication server;
sending an authentication request to an authentication server corresponding to address information in configuration information corresponding to the system identifier of the target system by adopting a verification object corresponding to the system identifier of the target system, wherein the authentication request comprises the user information, so that the authentication server corresponding to the address information completes authentication with the terminal equipment according to the user information;
receiving an authentication result sent by an authentication server corresponding to the address information;
and when the authentication result represents that the authentication is passed, sending the data required by the access request to the terminal equipment.
2. The method of claim 1, further comprising:
receiving a trigger instruction sent by a user, and displaying a visual interface according to the trigger instruction;
and acquiring the configuration information corresponding to each system identification input on the visual interface by the user, and storing the configuration information corresponding to each system identification.
3. The method of claim 1, further comprising:
and when the authentication result represents that the authentication fails, sending an authentication failure message to the terminal equipment so that the terminal equipment displays a re-authentication page according to the authentication failure message.
4. The method of claim 3, wherein the authentication failure message includes an address of the re-authentication page; sending an authentication failure message to the terminal device to enable the terminal device to display a re-authentication page according to the authentication failure message, wherein the authentication failure message comprises:
and sending an authentication failure message to the terminal equipment so that the terminal equipment displays a re-authentication page according to the address of the re-authentication page.
5. The method according to any of claims 1-4, wherein the configuration information further comprises one or more of the following: system service authentication prefix, system service authentication type, system agent authentication address and access path list.
6. An authentication processing apparatus, comprising:
the terminal equipment comprises a first receiving unit, a second receiving unit and a third receiving unit, wherein the first receiving unit is used for receiving an access request sent by the terminal equipment, and the access request comprises user information and a system identifier of a target system;
the system comprises a determining unit, a verification server and a verification unit, wherein the determining unit is used for determining a verification object corresponding to a system identifier of a target system according to a corresponding relation between a preset verification object and the system identifier, and the verification object is used for indicating an authentication mode between terminal equipment and the authentication server; determining configuration information corresponding to the system identifier of the target system according to a corresponding relation between preset configuration information and the system identifier, wherein the configuration information comprises address information of an authentication server;
a first sending unit, configured to send, by using a verification object corresponding to a system identifier of the target system, an authentication request to an authentication server corresponding to address information in configuration information corresponding to the system identifier of the target system, where the authentication request includes the user information, so that the authentication server corresponding to the address information completes authentication with the terminal device according to the user information;
a second receiving unit, configured to receive an authentication result sent by an authentication server corresponding to the address information;
and the second sending unit is used for sending the data required by the access request to the terminal equipment when the authentication result represents that the authentication is passed.
7. The apparatus of claim 6, further comprising;
the configuration unit is used for receiving a trigger instruction sent by a user and displaying a visual interface according to the trigger instruction; and acquiring the configuration information corresponding to each system identification input on the visual interface by the user, and storing the configuration information corresponding to each system identification.
8. The apparatus of claim 7, further comprising:
and the second sending unit is used for sending an authentication failure message to the terminal equipment when the authentication result represents that the authentication fails, so that the terminal equipment displays a re-authentication page according to the authentication failure message.
9. The apparatus of claim 8, wherein the authentication failure message includes an address of the re-authentication page;
the second sending unit is specifically configured to send an authentication failure message to the terminal device, so that the terminal device displays a re-authentication page according to the address of the re-authentication page.
10. The apparatus according to any one of claims 6-9, wherein the configuration information further comprises one or more of: system service authentication prefix, system service authentication type, system agent authentication address and access path list.
11. An authentication processing apparatus characterized by comprising: a memory and a processor;
the memory for storing a computer program;
wherein the processor executes the computer program in the memory to implement the method of any one of claims 1-5.
12. A computer-readable storage medium, on which a computer program is stored, the computer program being executable by a processor to implement the method according to any of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010016732.5A CN111241523B (en) | 2020-01-08 | 2020-01-08 | Authentication processing method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010016732.5A CN111241523B (en) | 2020-01-08 | 2020-01-08 | Authentication processing method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111241523A true CN111241523A (en) | 2020-06-05 |
| CN111241523B CN111241523B (en) | 2022-07-26 |
Family
ID=70872471
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010016732.5A Active CN111241523B (en) | 2020-01-08 | 2020-01-08 | Authentication processing method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111241523B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111988336A (en) * | 2020-09-02 | 2020-11-24 | 南方电网数字电网研究院有限公司 | Access request processing method, device and system and computer equipment |
| CN112580006A (en) * | 2020-12-24 | 2021-03-30 | 中国建设银行股份有限公司 | Access right control method and device of multi-cloud system and authentication server |
| CN115834705A (en) * | 2022-11-09 | 2023-03-21 | 迈普通信技术股份有限公司 | Authentication service distribution method, node cluster and computer readable storage medium |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101431410A (en) * | 2007-11-09 | 2009-05-13 | 康佳集团股份有限公司 | Authentication method for network game client and server cluster |
| CN102271133A (en) * | 2011-08-11 | 2011-12-07 | 北京星网锐捷网络技术有限公司 | Authentication method, device and system |
| CN102546552A (en) * | 2010-12-24 | 2012-07-04 | 中国联合网络通信集团有限公司 | Authentication method, equipment and system |
| CN102624740A (en) * | 2012-03-30 | 2012-08-01 | 奇智软件(北京)有限公司 | Data interaction method, client and server |
| CN103297390A (en) * | 2012-02-27 | 2013-09-11 | 成都谛听科技有限公司 | Method for enabling server to be connected with client-sides reversely |
| CN103685187A (en) * | 2012-09-14 | 2014-03-26 | 华耀(中国)科技有限公司 | Method for switching SSL (Secure Sockets Layer) authentication mode on demands to achieve resource access control |
| US20140164879A1 (en) * | 2012-12-11 | 2014-06-12 | Sandisk Technologies Inc. | Data Recovery on Cluster Failures and ECC Enhancements with Code Word Interleaving |
| US20150169875A1 (en) * | 2013-12-17 | 2015-06-18 | Microsoft Corporation | Automatic Strong Identity Generation For Cluster Nodes |
| CN106131079A (en) * | 2016-08-29 | 2016-11-16 | 腾讯科技(北京)有限公司 | A kind of authentication method, system and proxy server |
| CN106302759A (en) * | 2016-08-20 | 2017-01-04 | 卡桑德电子科技(扬州)有限公司 | A kind of Intelligent vehicle-mounted multimedia system and method |
| CN107105033A (en) * | 2017-04-21 | 2017-08-29 | 北京奇安信科技有限公司 | Cloud application access method, cloud proxy server and cloud application access system |
-
2020
- 2020-01-08 CN CN202010016732.5A patent/CN111241523B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101431410A (en) * | 2007-11-09 | 2009-05-13 | 康佳集团股份有限公司 | Authentication method for network game client and server cluster |
| CN102546552A (en) * | 2010-12-24 | 2012-07-04 | 中国联合网络通信集团有限公司 | Authentication method, equipment and system |
| CN102271133A (en) * | 2011-08-11 | 2011-12-07 | 北京星网锐捷网络技术有限公司 | Authentication method, device and system |
| CN103297390A (en) * | 2012-02-27 | 2013-09-11 | 成都谛听科技有限公司 | Method for enabling server to be connected with client-sides reversely |
| CN102624740A (en) * | 2012-03-30 | 2012-08-01 | 奇智软件(北京)有限公司 | Data interaction method, client and server |
| CN103685187A (en) * | 2012-09-14 | 2014-03-26 | 华耀(中国)科技有限公司 | Method for switching SSL (Secure Sockets Layer) authentication mode on demands to achieve resource access control |
| US20140164879A1 (en) * | 2012-12-11 | 2014-06-12 | Sandisk Technologies Inc. | Data Recovery on Cluster Failures and ECC Enhancements with Code Word Interleaving |
| US20150169875A1 (en) * | 2013-12-17 | 2015-06-18 | Microsoft Corporation | Automatic Strong Identity Generation For Cluster Nodes |
| CN106302759A (en) * | 2016-08-20 | 2017-01-04 | 卡桑德电子科技(扬州)有限公司 | A kind of Intelligent vehicle-mounted multimedia system and method |
| CN106131079A (en) * | 2016-08-29 | 2016-11-16 | 腾讯科技(北京)有限公司 | A kind of authentication method, system and proxy server |
| CN107105033A (en) * | 2017-04-21 | 2017-08-29 | 北京奇安信科技有限公司 | Cloud application access method, cloud proxy server and cloud application access system |
Non-Patent Citations (5)
| Title |
|---|
| HASAN UL BANNA 等: "Generators coherency identification using relative correlation based clustering", 《2018 INTERNATIONAL CONFERENCE ON ENGINEERING AND EMERGING TECHNOLOGIES (ICEET)》 * |
| JUNSHI CHEN等: "Refactoring the Molecular Docking Simulation for Heterogeneous, Manycore Processors Systems", 《2017 IEEE INTERNATIONAL SYMPOSIUM ON PARALLEL AND DISTRIBUTED PROCESSING WITH APPLICATIONS AND 2017 IEEE INTERNATIONAL CONFERENCE ON UBIQUITOUS COMPUTING AND COMMUNICATIONS (ISPA/IUCC)》 * |
| 张琦: "基于Docker的CaaS管理平台架构研究与设计", 《计算机应用与软件》 * |
| 郭旭东 等: "RADIUS集群式认证研究及其在校园网中的应用", 《通信技术》 * |
| 陈起 等: "基于IPv6的省域广电宽带网络认证系统改造设计与实践", 《广播与电视技术》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111988336A (en) * | 2020-09-02 | 2020-11-24 | 南方电网数字电网研究院有限公司 | Access request processing method, device and system and computer equipment |
| CN112580006A (en) * | 2020-12-24 | 2021-03-30 | 中国建设银行股份有限公司 | Access right control method and device of multi-cloud system and authentication server |
| CN115834705A (en) * | 2022-11-09 | 2023-03-21 | 迈普通信技术股份有限公司 | Authentication service distribution method, node cluster and computer readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111241523B (en) | 2022-07-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111556006B (en) | Third-party application system login method, device, terminal and SSO service platform | |
| US10111096B2 (en) | AP connection method, terminal, and server | |
| US9485239B2 (en) | Implementing single sign-on across a heterogeneous collection of client/server and web-based applications | |
| CN108632253B (en) | Client data security access method and device based on mobile terminal | |
| CN111241523B (en) | Authentication processing method, device, equipment and storage medium | |
| CN112651011B (en) | Login verification method, device and equipment for operation and maintenance system and computer storage medium | |
| CN103428179B (en) | A kind of log in the method for many domain names website, system and device | |
| CN103051630A (en) | Method, device and system for implementing authorization of third-party application based on open platform | |
| CN110365684B (en) | Access control method and device for application cluster and electronic equipment | |
| CN104065616A (en) | Single sign-on method and system | |
| CN108632291A (en) | A kind of third party authorizes login method and system | |
| CN113079164B (en) | Remote control method and device for bastion machine resources, storage medium and terminal equipment | |
| CN112597472A (en) | Single sign-on method, device and storage medium | |
| CN109474600B (en) | Account binding method, system, device and equipment | |
| CN103036902A (en) | Login control method and login control system based on two-dimension code | |
| CN112491776B (en) | Security authentication method and related equipment | |
| US11171964B1 (en) | Authentication using device and user identity | |
| CN109726545B (en) | Information display method, equipment, computer readable storage medium and device | |
| CN112738021A (en) | Single sign-on method, terminal, application server, authentication server and medium | |
| CN112118238A (en) | Method, device, system, equipment and storage medium for authentication login | |
| CN113901429A (en) | Access method and device of multi-tenant system | |
| CN117251837A (en) | System access method and device, electronic equipment and storage medium | |
| US20230291726A1 (en) | System and method for providing multi factor authorization to rdp services through a zero trust cloud environment | |
| CN114338130B (en) | Information processing method, device, server and storage medium | |
| CN113901428A (en) | Login method and device of multi-tenant system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |