CN111444483A - Authentication method, device and equipment - Google Patents

Authentication method, device and equipment Download PDF

Info

Publication number
CN111444483A
CN111444483A CN202010223024.9A CN202010223024A CN111444483A CN 111444483 A CN111444483 A CN 111444483A CN 202010223024 A CN202010223024 A CN 202010223024A CN 111444483 A CN111444483 A CN 111444483A
Authority
CN
China
Prior art keywords
access
user
authority
access right
component
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010223024.9A
Other languages
Chinese (zh)
Inventor
钱陈胜
宋杨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing Cloud Core Intelligent Technology Co ltd
Hangzhou Diji Intelligent Technology Co ltd
Original Assignee
Chongqing Cloud Core Intelligent Technology Co ltd
Hangzhou Diji Intelligent Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing Cloud Core Intelligent Technology Co ltd, Hangzhou Diji Intelligent Technology Co ltd filed Critical Chongqing Cloud Core Intelligent Technology Co ltd
Priority to CN202010223024.9A priority Critical patent/CN111444483A/en
Publication of CN111444483A publication Critical patent/CN111444483A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/955Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the specification provides an authentication method, an authentication device and authentication equipment. The method comprises the following steps: the method comprises the steps of configuring user access authority and component access authority conditions in advance, comparing the access authority possessed by a user with the access authority conditions of a certain service component when the user requests to access the service component, responding to a user request if the former can meet the requirement of the latter, and rejecting the user request if the former cannot meet the requirement of the latter. Thereby, access authentication of the component dimension can be achieved.

Description

Authentication method, device and equipment
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to an authentication method, an authentication device, and an authentication apparatus.
Background
Authentication refers to the process of verifying whether a user has the right to access a target object.
The current authentication scheme is generally authenticated by a password, that is, a password is assigned to a user when the user registers, but the premise of the scheme is that each user who obtains the password is authorized. Once the password is stolen or lost, the situation is very troublesome, an administrator needs to modify the password of the user again, and the legal identity of the user needs to be verified manually before the password is modified.
Therefore, there is a need to provide a more efficient authentication scheme.
Disclosure of Invention
The embodiment of the specification provides an authentication method, an authentication device and authentication equipment, which are used for realizing an authentication scheme of component dimensions.
An embodiment of the present specification further provides an authentication method, including:
receiving an access request, wherein the access request is used for requesting access to a first service component and carries a user identifier;
determining an access right corresponding to the user identifier, wherein the access right is used for representing the right of the user to access the service component;
and responding to the access request if the access right is determined to meet the access right condition corresponding to the first service component.
Optionally, the determining the access right of the user identifier includes:
inquiring a user authority table, and determining the access authority corresponding to the user identifier;
and the user authority table stores access authorities corresponding to different users.
Optionally, the user permission table is generated based on a permission configuration file, and the permission configuration file is used for configuring the access permission of the user;
the method further comprises the following steps:
when the permission configuration file is detected to be maintained, updating the permission configuration file;
and maintaining the user authority table based on the updated authority configuration file.
Optionally, the permission configuration file is in an XM L format;
the authority configuration file is stored in a cache.
Optionally, the determining that the access right meets the access right condition corresponding to the first service component includes:
inquiring a component authority table, and determining an access authority condition corresponding to the first service component;
and if the access right is matched with the access right condition, determining that the access right meets the access right condition.
Optionally, before determining that the access right meets the access right condition corresponding to the first service component, the method further includes:
if the access right does not meet the access right condition corresponding to the second service component, refusing to respond to the access request;
wherein the second business component is a master business component of the first business component.
An embodiment of the present specification further provides an authentication apparatus, including:
a receiving module, configured to receive an access request, where the access request is used to request access to a first service component, and the access request carries a user identifier;
the determining module is used for determining the access authority corresponding to the user identifier, and the access authority is used for representing the authority of the user for accessing the service component;
and the processing module is used for responding to the access request if the access right is determined to meet the access right condition corresponding to the first service component.
Optionally, the determining module is specifically configured to query a user permission table, and determine an access permission corresponding to the user identifier; wherein, the user authority table stores access authorities corresponding to different users
Optionally, the user permission table is generated based on a permission configuration file, and the permission configuration file is used for configuring the access permission of the user; the apparatus further comprises:
the authority maintenance module is used for updating the authority configuration file when detecting that the authority configuration file is maintained; and maintaining the user authority table based on the updated authority configuration file.
Optionally, the permission configuration file is in an XM L format;
optionally, the permission configuration file is stored in a cache.
Optionally, the processing module is specifically configured to query a component permission table, and determine an access permission condition corresponding to the first service component; and if the access right is matched with the access right condition, determining that the access right meets the access right condition.
Optionally, the apparatus further comprises:
the inheritance processing module is used for refusing to respond to the access request if the access authority is determined not to meet the access authority condition corresponding to the second service component; wherein the second business component is a master business component of the first business component.
An embodiment of the present specification further provides an electronic device, which includes:
a processor; and
a memory arranged to store computer executable instructions which, when executed, cause the processor to perform the steps of the method as described above.
In one embodiment of the present description, a user access right and a component access right condition are configured in advance, when a user requests to access a certain service component, an access right possessed by the user and the access right condition of the service component are compared, if the access right condition is satisfied, the user request is responded, otherwise, the user request is rejected. Thereby, access authentication of the component dimension can be achieved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the specification and are incorporated in and constitute a part of this specification, illustrate embodiments of the specification and together with the description serve to explain the specification and not to limit the specification in a non-limiting sense. In the drawings:
fig. 1 is a schematic flowchart of an authentication method according to an embodiment of the present disclosure;
FIG. 2 is a flowchart illustrating the privilege configuration steps provided in an embodiment of the present disclosure;
FIG. 3 is a flow chart illustrating the steps of rights maintenance provided by an embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of an authentication apparatus according to an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure.
Detailed Description
In order to make the objects, technical solutions and advantages of the present disclosure more clear, the technical solutions of the present disclosure will be clearly and completely described below with reference to the specific embodiments of the present disclosure and the accompanying drawings. It is to be understood that the embodiments described are only a few embodiments of the present disclosure, and not all embodiments. All other embodiments obtained by a person skilled in the art without making any inventive step based on the embodiments in this description belong to the protection scope of this document.
The technical solutions provided by the embodiments of the present description are described in detail below with reference to the accompanying drawings.
Fig. 1 is a schematic flowchart of an authentication method provided in an embodiment of this specification, which may be specifically executed by a service component or may be executed by a component authentication system, and referring to fig. 1, the method may specifically include the following steps:
102, receiving an access request, wherein the access request is used for requesting access to a first service component, and the access request carries a user identifier;
the service component refers to a physical implementation, which has well-defined availability, reusability and portability, and is used to form the whole system in a software system, and includes software code (source code, binary code or executable code) or its equivalent (such as script or command file), which may be specifically an object or resource such as a page requested to be accessed by a user.
Specifically, after the user logs in through the user side, the user selects a Resource to be accessed, such as a Uniform Resource locator (Uniform Resource L adapter, UR L) of a target Resource (a first service component), initiates an access request for accessing the target Resource, where the access request carries a user identifier and UR L, and is authenticated by the target Resource or component authentication system.
104, determining an access right corresponding to the user identifier, wherein the access right is used for representing the right of the user to access the service component; referring to fig. 2, the user right configuration may be implemented by:
step 202, acquiring a permission configuration file, wherein the permission configuration file is used for configuring the access permission of a user;
the authority configuration file can be a file pre-configured by a developer, and comprises an administrator role and inherent authority thereof, and can also optionally comprise part of other roles and authority thereof. That is, the user role can be directly written into the initial permission configuration file, and can also be configured in the future, which is not limited herein.
And step 204, generating a user authority table based on the authority configuration file.
Specifically, the authority configuration file can be analyzed at the system initialization view, and relevant information in the authority configuration file is extracted and written into a user authority table. The user authority table is used for recording the corresponding relationship between a user, a role and authority, and specifically may include a user role sub table and a role authority sub table, the user role table is used for recording the corresponding relationship between a user and a role, and the role authority sub table is used for recording the corresponding relationship between a role and an authority, for example, a user: admin, role: administrator, authority: administrator privileges; of course,.
Step 206, inquiring a user authority table, and determining the access authority corresponding to the user identifier, wherein the access authority corresponding to different users is stored in the user authority table.
Specifically, firstly, based on a user identifier, a user role corresponding to the user identifier is inquired from a user authority table; then, the access authority corresponding to the user role is inquired.
The user identifier refers to information that can uniquely identify a user, for example, an account number, a mobile phone number, an identification number, and the like distributed by a server.
Further, in order to improve the later maintenance efficiency, after the user right configuration is completed, the embodiment further discloses a user right maintenance step, which specifically may be:
step 302, detecting whether the authority configuration file is maintained;
if yes, go to step 304;
step 304, updating the authority configuration file;
and step 306, maintaining the user authority table based on the updated authority configuration file.
The steps 302 to 306 may be specifically exemplified as:
the method comprises the steps of firstly, scanning an authority configuration file through a work thread, detecting whether codes in the authority configuration file are changed or not, then, replacing an old code block with a new changed code block to obtain an updated authority configuration file, and then, storing the updated authority configuration file in a cache so as to be convenient for reading and maintaining a user authority table and achieve the purpose of accelerating maintenance efficiency, wherein the authority configuration file is preferably in an XM L format.
Based on this, the embodiment establishes a synchronization association between the maintenance of the authority configuration file and the user authority table for a large-scale highly abstract service component, so that the maintenance operation of the authority configuration file by a technician can be synchronized into the user authority table, and if the technician adds/subtracts/deletes/modifies a part of authority through a code of the modified authority configuration file, based on the synchronization association, the modification can be automatically synchronized into the user authority table, so as to add/subtract/delete/modify a part of authority in the user authority table.
And 106, responding to the access request if the access right meets the access right condition corresponding to the first service component.
Wherein, the access authority condition refers to the access authority which needs to be satisfied by accessing the service component.
Specifically, a component authority table may be first queried according to a service component identifier of a first service component, and an access authority condition corresponding to the first service component is determined; and then, matching the access right with the access right condition, and if the access right is matched with the access right condition, determining that the access right meets the access right condition. For example, some business components need administrator authority, if the user has the administrator authority, it is determined that the access authority condition is met, otherwise, it is determined that the access authority condition is not met.
Further, in order to reduce the configuration complexity of the service component, the present embodiment further provides an access right condition inheritance principle, which is used to restrict the service component from inheriting the access right condition of the main service component, that is, if a user wants to access the slave service component, the user needs to first satisfy the access right condition of the main service component, and then needs to satisfy the access right condition of the slave service component.
Therefore, before step 106 is executed, this embodiment further includes a step of an access right of the main service component, specifically, if it is determined that the access right does not satisfy an access right condition corresponding to the second service component, the access request is directly responded to; and if the access right meets the access right condition corresponding to the second service component, executing step 106. Wherein the second business component is a master business component of the first business component.
Specific examples can be: assuming that a user requests to access a first page, and the first page is a sub-page of a second page, that is, the first page is a slave business component, and the second page is a master business component, the first page inherits the access right condition of the second page. Furthermore, in the authentication process, firstly, whether the access right of the user meets the access right condition of the second page is verified, and if not, the access request of the user is directly refused; if so, continuously verifying whether the access authority of the user meets the access authority condition of the first page.
Based on this, in this embodiment, by introducing the inheritance principle of the access right condition, the technician can only configure the independent access right condition for each service component, and thus the associated access right condition between each master service component and each slave service component can be realized, the configuration complexity is simplified, and the workload of the configuration operation is further reduced.
To sum up, in the embodiments of the present specification, by configuring the user access right and the component access right condition in advance, when a user requests to access a certain service component, the access right possessed by the user and the access right condition of the service component are compared, and if the access right condition is satisfied, the user request is responded, otherwise, the user request is rejected. Thereby, access authentication of the component dimension can be achieved.
In another possible embodiment, the authentication process corresponding to fig. 1 is briefly described in the following perspective of the authentication system:
the authentication system consists of a component group, a component group and component resource relationship, a user group and permission relationship, a user account, a user and user group relationship and component authentication.
Wherein, the component group refers to the category of the business components, and the component resource refers to the business components belonging to the category; the user group refers to the corresponding role of each user, the user account refers to the user identification, and the component authentication refers to the authentication process of the service component requested by the user.
Based on the method, the authentication system also supports the creation of the authority, the modification of the authority, the addition of the authority, the viewing of the authority and all the authorities, and all the authorities can be combined and used to reasonably complete the required operation of the service and the like.
Further, in order to realize the operation, the embodiment also discloses that the authority control of the interface layer and the interface layer of the authentication system can be configured in the data or interface definition file, the authority can be inherited by a sub-page, the configuration complexity is simplified, the authority of the data layer can be controlled to the field level authority in the entity definition file, the configuration file of the authority is defined by the XM L format, the file structure is clear, the readability is improved, and the secondary development difficulty is simplified.
In addition, the implementation mode of the verification extension Apache Shiro of the authentication authority is that when the framework is started, an execution context factory class is injected, a new execution context class is created for the request context when the front-end requests an interface, and the context class comprises the interface, the interface and the data entity configuration which are used by the interface call.
Based on the authentication system, when the operation verification of the related authority is executed, the authority authentication system is triggered to verify whether the user-defined configuration authority has the related operation authority, when the user-defined configuration authority does not have the related operation authority, the request is ended and related error feedback is given to the front end, and when the user-defined configuration authority has the authority, one authentication and interface request is completed.
Therefore, the authentication system of the embodiment, by configuring the user access right and the component access right condition in advance, when the user requests to access a certain service component, compares the access right possessed by the user with the access right condition of the service component, if the access right condition is satisfied, the user request is responded, otherwise, the user request is rejected. Thereby, access authentication of the component dimension can be achieved.
Fig. 4 is a schematic structural diagram of an authentication device according to an embodiment of the present disclosure, and referring to fig. 4, the authentication device may specifically include: a receiving module 401, a determining module 402 and a processing module 403, wherein:
a receiving module 401, configured to receive an access request, where the access request is used to request to access a first service component, and the access request carries a user identifier;
a determining module 402, configured to determine an access right corresponding to the user identifier, where the access right is used to characterize a right that a user has to access a service component;
a processing module 403, configured to respond to the access request if it is determined that the access right meets the access right condition corresponding to the first service component.
Optionally, the determining module 402 is specifically configured to query a user permission table, and determine an access permission corresponding to the user identifier; wherein, the user authority table stores access authorities corresponding to different users
Optionally, the user permission table is generated based on a permission configuration file, and the permission configuration file is used for configuring the access permission of the user; the apparatus further comprises:
the authority maintenance module is used for updating the authority configuration file when detecting that the authority configuration file is maintained; and maintaining the user authority table based on the updated authority configuration file.
Optionally, the permission configuration file is in an XM L format;
optionally, the permission configuration file is stored in a cache.
Optionally, the processing module 403 is specifically configured to query a component permission table, and determine an access permission condition corresponding to the first service component; and if the access right is matched with the access right condition, determining that the access right meets the access right condition.
Optionally, the apparatus further comprises:
the inheritance processing module is used for refusing to respond to the access request if the access authority is determined not to meet the access authority condition corresponding to the second service component; wherein the second business component is a master business component of the first business component.
Therefore, in the embodiment of the present specification, by configuring the user access right and the component access right condition in advance, when a user requests to access a certain service component, the access right possessed by the user and the access right condition of the service component are compared, if the access right condition is satisfied, the user request is responded, otherwise, the user request is rejected. Thereby, access authentication of the component dimension can be achieved.
In addition, as for the device embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and for the relevant points, reference may be made to part of the description of the method embodiment. It should be noted that, in the respective components of the apparatus of the present specification, the components therein are logically divided according to the functions to be implemented thereof, but the present specification is not limited thereto, and the respective components may be newly divided or combined as necessary.
Fig. 5 is a schematic structural diagram of an electronic device provided in an embodiment of the present disclosure, and referring to fig. 5, the electronic device includes a processor, an internal bus, a network interface, a memory, and a non-volatile memory, and may also include hardware required by other services. The processor reads the corresponding computer program from the nonvolatile memory into the memory and then runs the computer program to form the authentication device on the logic level. Of course, besides the software implementation, the present specification does not exclude other implementations, such as logic devices or a combination of software and hardware, and the like, that is, the execution subject of the following processing flow is not limited to each logic unit, and may be hardware or logic devices.
The network interface, the processor and the memory may be interconnected by a bus system. The bus may be an ISA (Industry Standard Architecture) bus, a PCI (peripheral component Interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one double-headed arrow is shown in FIG. 5, but this does not indicate only one bus or one type of bus.
The memory is used for storing programs. In particular, the program may include program code comprising computer operating instructions. The memory may include both read-only memory and random access memory, and provides instructions and data to the processor. The Memory may include a Random-Access Memory (RAM) and may also include a non-volatile Memory (non-volatile Memory), such as at least 1 disk Memory.
The processor is used for executing the program stored in the memory and specifically executing:
receiving an access request, wherein the access request is used for requesting access to a first service component and carries a user identifier;
determining an access right corresponding to the user identifier, wherein the access right is used for representing the right of the user to access the service component;
and responding to the access request if the access right is determined to meet the access right condition corresponding to the first service component.
The method performed by the authentication device or manager (Master) node according to the embodiment shown in fig. 4 of the present specification can be applied to or implemented by a processor. The processor may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or instructions in the form of software. The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components. The various methods, steps and logic blocks disclosed in the embodiments of the present specification may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the embodiments of the present specification may be embodied directly in a hardware decoding processor, or in a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in a memory, and a processor reads information in the memory and completes the steps of the method in combination with hardware of the processor.
The authentication device may also perform the methods of fig. 1-3 and implement the methods performed by the administrator node.
Based on the same inventive creation, the present specification also provides a computer readable storage medium storing one or more programs, which when executed by an electronic device including a plurality of application programs, cause the electronic device to execute the authentication method provided by the corresponding embodiment of fig. 1 to 3.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
As will be appreciated by one skilled in the art, embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, the description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The description has been presented with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the description. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, the description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The above description is only an example of the present specification, and is not intended to limit the present specification. Various modifications and alterations to this description will become apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present specification should be included in the scope of the claims of the present specification.

Claims (10)

1. An authentication method, comprising:
receiving an access request, wherein the access request is used for requesting access to a first service component and carries a user identifier;
determining an access right corresponding to the user identifier, wherein the access right is used for representing the right of the user to access the service component;
and responding to the access request if the access right is determined to meet the access right condition corresponding to the first service component.
2. The method of claim 1, wherein the determining the access rights of the user identifier comprises:
inquiring a user authority table, and determining the access authority corresponding to the user identifier;
and the user authority table stores access authorities corresponding to different users.
3. The method of claim 2, wherein the user permission table is generated based on a permission profile, the permission profile being used to configure user access permissions;
the method further comprises the following steps:
when the permission configuration file is detected to be maintained, updating the permission configuration file;
and maintaining the user authority table based on the updated authority configuration file.
4. The method of claim 3,
the permission configuration file is in an XM L format;
the authority configuration file is stored in a cache.
5. The method of claim 1, wherein the determining that the access right satisfies an access right condition corresponding to the first business component comprises:
inquiring a component authority table, and determining an access authority condition corresponding to the first service component;
and if the access right is matched with the access right condition, determining that the access right meets the access right condition.
6. The method of claim 1, prior to determining that the access right satisfies the access right condition corresponding to the first business component, further comprising:
if the access right does not meet the access right condition corresponding to the second service component, refusing to respond to the access request;
wherein the second business component is a master business component of the first business component.
7. An authentication apparatus, comprising:
a receiving module, configured to receive an access request, where the access request is used to request access to a first service component, and the access request carries a user identifier;
the determining module is used for determining the access authority corresponding to the user identifier, and the access authority is used for representing the authority of the user for accessing the service component;
and the processing module is used for responding to the access request if the access right is determined to meet the access right condition corresponding to the first service component.
8. The apparatus of claim 7,
the determining module is specifically configured to query a user permission table and determine an access permission corresponding to the user identifier;
and the user authority table stores access authorities corresponding to different users.
9. The apparatus of claim 7,
the processing module is further configured to refuse to respond to the access request if it is determined that the access right does not satisfy the access right condition corresponding to the second service component;
wherein the second business component is a master business component of the first business component.
10. An electronic device, comprising:
a processor; and
a memory arranged to store computer executable instructions that, when executed, cause the processor to perform the steps of the method of any one of claims 1 to 6.
CN202010223024.9A 2020-03-26 2020-03-26 Authentication method, device and equipment Pending CN111444483A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010223024.9A CN111444483A (en) 2020-03-26 2020-03-26 Authentication method, device and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010223024.9A CN111444483A (en) 2020-03-26 2020-03-26 Authentication method, device and equipment

Publications (1)

Publication Number Publication Date
CN111444483A true CN111444483A (en) 2020-07-24

Family

ID=71649110

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010223024.9A Pending CN111444483A (en) 2020-03-26 2020-03-26 Authentication method, device and equipment

Country Status (1)

Country Link
CN (1) CN111444483A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112966292A (en) * 2021-05-19 2021-06-15 北京仁科互动网络技术有限公司 Metadata access authority control method, system, electronic equipment and storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5757918A (en) * 1995-01-20 1998-05-26 Tandem Computers Incorporated Method and apparatus for user and security device authentication
CN101034990A (en) * 2007-02-14 2007-09-12 华为技术有限公司 Right management method and device
CN103067491A (en) * 2012-12-26 2013-04-24 飞天诚信科技股份有限公司 Method and device for achieving file sharing
CN105187365A (en) * 2015-06-04 2015-12-23 北京邮电大学 Method and device for access control based on roles and data items
CN107277038A (en) * 2017-07-18 2017-10-20 北京微影时代科技有限公司 Access control method, device and system
CN110113369A (en) * 2019-06-27 2019-08-09 无锡华云数据技术服务有限公司 A kind of method for authenticating of based role permission control
CN110138785A (en) * 2019-05-16 2019-08-16 重庆八戒电子商务有限公司 A kind of processing method of document access authority, device, medium and electronic equipment
CN110909373A (en) * 2018-09-18 2020-03-24 阿里巴巴集团控股有限公司 Access control method, device, system and storage medium

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5757918A (en) * 1995-01-20 1998-05-26 Tandem Computers Incorporated Method and apparatus for user and security device authentication
CN101034990A (en) * 2007-02-14 2007-09-12 华为技术有限公司 Right management method and device
CN103067491A (en) * 2012-12-26 2013-04-24 飞天诚信科技股份有限公司 Method and device for achieving file sharing
CN105187365A (en) * 2015-06-04 2015-12-23 北京邮电大学 Method and device for access control based on roles and data items
CN107277038A (en) * 2017-07-18 2017-10-20 北京微影时代科技有限公司 Access control method, device and system
CN110909373A (en) * 2018-09-18 2020-03-24 阿里巴巴集团控股有限公司 Access control method, device, system and storage medium
CN110138785A (en) * 2019-05-16 2019-08-16 重庆八戒电子商务有限公司 A kind of processing method of document access authority, device, medium and electronic equipment
CN110113369A (en) * 2019-06-27 2019-08-09 无锡华云数据技术服务有限公司 A kind of method for authenticating of based role permission control

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112966292A (en) * 2021-05-19 2021-06-15 北京仁科互动网络技术有限公司 Metadata access authority control method, system, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
CN109033774B (en) Method and device for acquiring and feeding back user resources and electronic equipment
CN110784433B (en) User access processing method, device and equipment
CN107426169B (en) Service processing method and device based on permission
EP3905078A1 (en) Identity verification method and system therefor
CN112564916A (en) Access client authentication system applied to micro-service architecture
JP2021504832A (en) Model training system and method and storage medium
CN106873958B (en) Calling method and device of application programming interface
CN111324875A (en) User data operation authority control and account management method, device and system
US9665732B2 (en) Secure Download from internet marketplace
CN111966422A (en) Localized plug-in service method and device, electronic equipment and storage medium
CN110309669B (en) Data labeling method, device and equipment
CN110704871A (en) Authority management method and device
CN111488095A (en) User login management method and device
CN109145621B (en) Document management method and device
CN111310137A (en) Block chain associated data evidence storing method and device and electronic equipment
CN111444483A (en) Authentication method, device and equipment
CN112491848A (en) Method and equipment for supporting extensible secure docking of third-party system
CN112734349A (en) Interface generation method, data calling method, device and electronic equipment
CN112100610B (en) Processing method, device and equipment for login and user login related services
CN113065120B (en) Interface calling authentication method and device, electronic equipment and readable storage medium
CN111062057B (en) Neutral data application method, device and system
CN113127845A (en) Method, device, equipment and storage medium for verifying application permission
CN112905984A (en) Authority control method and device and electronic equipment
CN111651469A (en) Method and device for managing block chain system contract
CN113158151B (en) Identity authentication processing method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination