CN111917762A - Authority authentication solution method and system for front-end and back-end separation management systems - Google Patents
Authority authentication solution method and system for front-end and back-end separation management systems Download PDFInfo
- Publication number
- CN111917762A CN111917762A CN202010738108.6A CN202010738108A CN111917762A CN 111917762 A CN111917762 A CN 111917762A CN 202010738108 A CN202010738108 A CN 202010738108A CN 111917762 A CN111917762 A CN 111917762A
- Authority
- CN
- China
- Prior art keywords
- authority authentication
- authority
- management system
- nginx
- sub
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Abstract
The invention discloses a method and a system for solving authority authentication of a front-end and back-end separation management system, wherein the method comprises the following steps: the front end requests to the background; an authority authentication service; filtering and accessing the interface authority of the sub-management system; and filtering the jar packet by using the interface authority. The authority authentication solution method for the front-end and rear-end separation management systems is quick in access and very simple in configuration, automatic assembly is supported by a springboot project, each service system only needs to introduce one jar packet, and configuration for opening an authority switch is added in properties or yml configuration files of the springboot, so that automatic assembly can be achieved.
Description
Technical Field
The invention relates to the field of authority authentication, in particular to a method and a system for solving authority authentication of a front-end and back-end separation management system.
Background
At present, more and more companies adopt a front-end and back-end separated development mode, but rights management frameworks such as CAS single sign-on and the like have low support degree on such projects, codes of rights are easy to be tedious and ugly, the CAS has poor support degree on popular front-end frameworks such as vue and the like, and returned state codes can cause that vue cannot realize page redirection.
Disclosure of Invention
In order to overcome the defects of the prior art, the invention provides a method and a system for solving the authority authentication of a front-end and back-end separation management system.
The technical scheme adopted by the invention for solving the technical problems is as follows:
a method for solving authority authentication of a front-end and back-end separation management system comprises the following steps:
s1, front end requesting to background:
s1.1, deploying a plurality of front-end projects on a front-end page of each sub-management system, nginx;
s1.2, the browser requests to open a front-end address, a front-end page is entered, a user operates, and a request in the page reaches nginx;
s1.3, the nginx reverse proxy forwards the message to a service system;
s2, authority authentication service:
s2.1, authority authentication is realized;
s2.2, realizing cache distribution;
s3, filtering access of interface authority of the sub-management system:
s3.1, introducing an authority authentication jar package;
s3.2, authority authentication configuration;
s4, realizing the interface authority filtering jar package:
s4.1, creating a configuration attribute class for reading yml/properties configuration information;
s4.2, creating a filtering processing service class for acquiring url and sessionid of the request, and sending an http request to the authority authentication service and returning an authority authentication result by the authority authentication service;
and S4.3, configuring the automatically configured classes in springs, instantiating the objects when the SpringBoot is started, loading the configuration files by loading the classes SpringFactorLoader, and loading the configuration classes in the files into spring containers.
Further, said step S1.1 comprises: nginx deployed a number of vue developed front-end projects.
Further, said step S1.3 comprises: nginx implements reverse proxy through location module.
Further, said step S2.1 comprises: and the authority authentication is realized through the Spring Security of a third-party framework.
Further, said step S2.2 comprises: and realizing cache distribution by introducing spring-session-data-redis management session.
The invention also discloses a system for solving the authority authentication of the front-end and back-end separation management systems, which comprises the following steps:
the system comprises a browser, an nginx server, a sub-management system and an authority authentication service system which are installed on terminal equipment;
the browser is used for requesting to log in the nginx server in a browser webpage;
the nginx server is used for requesting the authority authentication service system for the authority authentication service;
the sub-management system is used for returning the authority authentication result in the authority authentication service system to the sub-management system;
the authority authentication service system is used for authenticating through Spring Security, successfully logging in, loading user authority, and caching the session user and authority information to the redis cluster.
The invention has the beneficial effects that:
a. the access is fast, the configuration is very simple, the springboot project supports automatic assembly, each service system only needs to introduce one jar packet, and the configuration of opening the permission switch is added in the properties or yml configuration file of the springboot, so that the automatic assembly can be realized;
b. the method has the advantages that code embedding is not needed, low coupling is achieved, the business system can achieve authority authentication only by introducing a jar packet and adding spring boot configuration, and the spring bean of login user information is obtained by injecting spring annotation into the jar packet;
c. the distributed mode is supported, the cache is supported, the performance is good, and the user login information is stored in a redis cluster;
d. the authority strength is fine and accurate to the button;
e. vue, the modification of the front-end projects is small, and the session only needs to be saved in a specific domain for transmission.
Drawings
The invention is further illustrated with reference to the following figures and examples.
FIG. 1 is a business flow diagram of a method for resolving authority authentication of a front-end and back-end separation management system according to the present invention;
fig. 2 is a schematic structural diagram of a system for authenticating and resolving authority of a front-end and back-end separation management system according to the present invention.
Detailed Description
The conception, the specific structure, and the technical effects produced by the present invention will be clearly and completely described below in conjunction with the embodiments and the accompanying drawings to fully understand the objects, the features, and the effects of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments, and those skilled in the art can obtain other embodiments without inventive effort based on the embodiments of the present invention, and all embodiments are within the protection scope of the present invention. In addition, all the connection/connection relations referred to in the patent do not mean that the components are directly connected, but mean that a better connection structure can be formed by adding or reducing connection auxiliary components according to specific implementation conditions. All technical characteristics in the invention can be interactively combined on the premise of not conflicting with each other.
Referring to fig. 1 and fig. 2, the present invention discloses a solution for authority authentication of a front-end and back-end separation management system, including:
s1, front end requesting to background:
s1.1, deploying a plurality of front-end projects on a front-end page of each sub-management system, nginx;
s1.2, the browser requests to open a front-end address, a front-end page is entered, a user operates, and a request in the page reaches nginx;
s1.3, the nginx reverse proxy forwards the message to a service system;
s2, authority authentication service:
s2.1, authority authentication is realized;
s2.2, realizing cache distribution;
s3, filtering access of interface authority of the sub-management system:
s3.1, introducing an authority authentication jar package;
s3.2, authority authentication configuration;
s4, realizing the interface authority filtering jar package:
s4.1, creating a configuration attribute class for reading yml/properties configuration information;
s4.2, creating a filtering processing service class for acquiring url and sessionid of the request, and sending an http request to the authority authentication service and returning an authority authentication result by the authority authentication service;
and S4.3, configuring the automatically configured classes in springs, instantiating the objects when the SpringBoot is started, loading the configuration files by loading the classes SpringFactorLoader, and loading the configuration classes in the files into spring containers.
Further, said step S1.1 comprises: nginx deployed a number of vue developed front-end projects.
Further, said step S1.3 comprises: nginx implements reverse proxy through location module.
Further, said step S2.1 comprises: and the authority authentication is realized through the Spring Security of a third-party framework.
Further, said step S2.2 comprises: and realizing cache distribution by introducing spring-session-data-redis management session.
Referring to fig. 2, the present invention also discloses a system for resolving authority authentication of a front-end and back-end separation management system, which includes:
the system comprises a browser 101, an nginx server 102, a sub-management system 103 and an authority authentication service system 104 which are installed on terminal equipment;
the browser 101 is used for requesting to log in the nginx server 102 in a webpage of the browser 101;
the nginx server 102 is configured to request an authority authentication service from the authority authentication service system 104;
the sub-management system 103 is used for returning the authority authentication result in the authority authentication service system 104 to the sub-management system 103;
the authority authentication service system 104 is configured to authenticate through Spring Security, successfully log in, load a user authority, and cache a session user and authority information to a redis cluster.
Referring to fig. 1, a specific step of a service flow of a method for authenticating and resolving authority of a front-end and back-end separation management system is as follows:
1. a user enters a login page and clicks a login browser 101;
2. requesting to log in the nginx server 102 in a webpage of the browser 101;
3. the nginx server 102 forwards the login request in the webpage to the sub-management system 103;
4. the nginx server 102 requests the right authentication service from the right authentication service system 104;
5. the authority authentication service system 104 authenticates through Spring Security, successfully logs in and loads user authority, and caches the session user and authority information to the redis cluster;
6. the authority authentication service system 104 returns the login result to the browser 101;
7. entering a home page from the browser 101, requesting the authority authentication service system 104 to load a menu;
8. the authority authentication service system 104 returns menu information owned by the user to the browser 101;
9. the user clicks a menu in the sub-management system 103 in the browser 101;
10. requesting an interface 1 from the nginx server 102 in a webpage of the browser 101;
11. the nginx server 102 forwards the interface request in the webpage to the sub-management system 103;
12. said nginx server 102 requests sub-management system 103 interface 1;
13. the authority authentication jar packet of the authority authentication service system 104 performs filtering on the sub management system 103;
13.1, the sub-management system 103 sends an http request to the authority authentication service system 104, and requests parameters of an interface url and a sessionid from the authority authentication service system 104;
13.2, the authority authentication service system 104 returns the authority authentication result to the sub-management system 103;
14. the sub-management system 103 performs service processing on the interface 1;
15. the sub management system 103 returns the interface processing result to the browser 101.
The invention has the beneficial effects that:
a. the access is fast, the configuration is very simple, the springboot project supports automatic assembly, each service system only needs to introduce one jar packet, and the configuration of opening the permission switch is added in the properties or yml configuration file of the springboot, so that the automatic assembly can be realized;
b. the method has the advantages that code embedding is not needed, low coupling is achieved, the business system can achieve authority authentication only by introducing a jar packet and adding spring boot configuration, and the spring bean of login user information is obtained by injecting spring annotation into the jar packet;
c. the distributed mode is supported, the cache is supported, the performance is good, and the user login information is stored in a redis cluster;
d. the authority strength is fine and accurate to the button;
e. vue, the modification of the front-end projects is small, and the session only needs to be saved in a specific domain for transmission.
While the preferred embodiments of the present invention have been illustrated and described, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (6)
1. A method for solving authority authentication of a front-end and back-end separation management system is characterized by comprising the following steps:
s1, front end requesting to background:
s1.1, deploying a plurality of front-end projects on a front-end page of each sub-management system, nginx;
s1.2, the browser requests to open a front-end address, a front-end page is entered, a user operates, and a request in the page reaches nginx;
s1.3, the nginx reverse proxy forwards the message to a service system;
s2, authority authentication service:
s2.1, authority authentication is realized;
s2.2, realizing cache distribution;
s3, filtering access of interface authority of the sub-management system:
s3.1, introducing an authority authentication jar package;
s3.2, authority authentication configuration;
s4, realizing the interface authority filtering jar package:
s4.1, creating a configuration attribute class for reading yml/properties configuration information;
s4.2, creating a filtering processing service class for acquiring url and sessionid of the request, and sending an http request to the authority authentication service and returning an authority authentication result by the authority authentication service;
and S4.3, configuring the automatically configured classes in springs, instantiating the objects when the SpringBoot is started, loading the configuration files by loading the classes SpringFactorLoader, and loading the configuration classes in the files into spring containers.
2. The method for solving the authority authentication of the front-end and back-end separation management systems according to claim 1, wherein the step S1.1 includes: nginx deployed a number of vue developed front-end projects.
3. The method for solving the authority authentication of the front-end and back-end separation management systems according to claim 1, wherein the step S1.3 includes: nginx implements reverse proxy through location module.
4. The method for solving the authority authentication of the front-end and back-end separation management systems according to claim 1, wherein the step S2.1 includes: and the authority authentication is realized through the Spring Security of a third-party framework.
5. The method for solving the authority authentication of the front-end and back-end separation management systems according to claim 1, wherein the step S2.2 includes: and realizing cache distribution by introducing spring-session-data-redis management session.
6. A front-end and back-end separation management system authority authentication solution system is characterized by comprising:
the system comprises a browser, an nginx server, a sub-management system and an authority authentication service system which are installed on terminal equipment;
the browser is used for requesting to log in the nginx server in a browser webpage;
the nginx server is used for requesting the authority authentication service system for the authority authentication service;
the sub-management system is used for returning the authority authentication result in the authority authentication service system to the sub-management system;
the authority authentication service system is used for authenticating through Spring Security, successfully logging in, loading user authority, and caching the session user and authority information to the redis cluster.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010738108.6A CN111917762B (en) | 2020-07-28 | 2020-07-28 | Authority authentication solution method and system for front-end and back-end separation management systems |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010738108.6A CN111917762B (en) | 2020-07-28 | 2020-07-28 | Authority authentication solution method and system for front-end and back-end separation management systems |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111917762A true CN111917762A (en) | 2020-11-10 |
| CN111917762B CN111917762B (en) | 2022-11-08 |
Family
ID=73286405
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010738108.6A Active CN111917762B (en) | 2020-07-28 | 2020-07-28 | Authority authentication solution method and system for front-end and back-end separation management systems |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111917762B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112688937A (en) * | 2020-12-22 | 2021-04-20 | 武汉烽火众智数字技术有限责任公司 | Login method for system single sign-on under cross-application heterogeneous application |
| CN113434140A (en) * | 2021-06-25 | 2021-09-24 | 平安国际智慧城市科技股份有限公司 | Method, device and storage medium for loading menu and menu functions based on annotation |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120173490A1 (en) * | 2010-12-30 | 2012-07-05 | Verisign, Inc. | Method and system for implementing business logic |
| US20170006037A1 (en) * | 2011-04-12 | 2017-01-05 | Salesforce.Com, Inc. | Inter-application management of user credential data |
| CN106657046A (en) * | 2016-12-13 | 2017-05-10 | 飞狐信息技术(天津)有限公司 | Configurable fine grit authority control method and device |
| CN107977208A (en) * | 2017-12-19 | 2018-05-01 | 国云科技股份有限公司 | A kind of Safety actuality configuration authority method based on maven |
| CN108243183A (en) * | 2017-12-20 | 2018-07-03 | 北京车和家信息技术有限公司 | Integrated control method, system and the computer equipment of gate system |
| CN109462577A (en) * | 2018-10-16 | 2019-03-12 | 同伦拍拍科技服务有限公司 | A kind of third party communicates the inside login system and method for SSO in time |
| CN109814872A (en) * | 2019-01-25 | 2019-05-28 | 北京每日优鲜电子商务有限公司 | Max persistently disposes delivery platform and delivery method |
| CN109981561A (en) * | 2019-01-17 | 2019-07-05 | 华南理工大学 | Monomer architecture system moves to the user authen method of micro services framework |
| CN110430173A (en) * | 2019-07-19 | 2019-11-08 | 河南工程学院 | A kind of cloud platform based on Vue+SpringCloud |
| CN110908831A (en) * | 2019-10-24 | 2020-03-24 | 国网山东省电力公司 | System and method for avoiding high concurrency of mobile terminal |
| CN111123765A (en) * | 2019-12-06 | 2020-05-08 | 山东电工电气集团有限公司 | Cable tunnel comprehensive state monitoring system based on micro-service and implementation method thereof |
-
2020
- 2020-07-28 CN CN202010738108.6A patent/CN111917762B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120173490A1 (en) * | 2010-12-30 | 2012-07-05 | Verisign, Inc. | Method and system for implementing business logic |
| US20170006037A1 (en) * | 2011-04-12 | 2017-01-05 | Salesforce.Com, Inc. | Inter-application management of user credential data |
| CN106657046A (en) * | 2016-12-13 | 2017-05-10 | 飞狐信息技术(天津)有限公司 | Configurable fine grit authority control method and device |
| CN107977208A (en) * | 2017-12-19 | 2018-05-01 | 国云科技股份有限公司 | A kind of Safety actuality configuration authority method based on maven |
| CN108243183A (en) * | 2017-12-20 | 2018-07-03 | 北京车和家信息技术有限公司 | Integrated control method, system and the computer equipment of gate system |
| CN109462577A (en) * | 2018-10-16 | 2019-03-12 | 同伦拍拍科技服务有限公司 | A kind of third party communicates the inside login system and method for SSO in time |
| CN109981561A (en) * | 2019-01-17 | 2019-07-05 | 华南理工大学 | Monomer architecture system moves to the user authen method of micro services framework |
| CN109814872A (en) * | 2019-01-25 | 2019-05-28 | 北京每日优鲜电子商务有限公司 | Max persistently disposes delivery platform and delivery method |
| CN110430173A (en) * | 2019-07-19 | 2019-11-08 | 河南工程学院 | A kind of cloud platform based on Vue+SpringCloud |
| CN110908831A (en) * | 2019-10-24 | 2020-03-24 | 国网山东省电力公司 | System and method for avoiding high concurrency of mobile terminal |
| CN111123765A (en) * | 2019-12-06 | 2020-05-08 | 山东电工电气集团有限公司 | Cable tunnel comprehensive state monitoring system based on micro-service and implementation method thereof |
Non-Patent Citations (7)
| Title |
|---|
| SINGLEONEMAN: "springboot-整合vue,nginx前后端分离部署_SingleOneMan的博客-CSDN博客", 《HTTPS://BLOG.CSDN.NET/YHHYHHYHHYHH/ARTICLE/DETAILS/84574521》 * |
| 一只袜子: "SpringBoot实现前后端分离的跨域访问(Nginx)", 《HTTPS://WWW.JIANSHU.COM/P/520021853827》 * |
| 刘金羽: "前后端分离的在线考试系统设计与实现", 《电脑编程技巧与维护》 * |
| 晨丢丢: "SpringSecurity实现登录认证及权限验证", 《HTTPS://BLOG.CSDN.NET/ZHANGCHEN2449/ARTICLE/DETAILS/52623122》 * |
| 程序员漫话编程: "Spring Boot + Vue前后端分离(九)使用Shiro实现用户信息加密", 《HTTPS://MP.WEIXIN.QQ.COM/S?__BIZ=MZKZMTIZMZEZOA==&MID=2247489982&IDX=1&SN=87321FF6CEAC23E613A49256836FDA9A&SOURCE=41#WECHAT_REDIRECT》 * |
| 郑义平: "基于RBAC的通用权限管理设计与实现", 《金融科技时代》 * |
| 顾航等: "研究生信息平台中权限管理的设计与实现", 《华东师范大学学报(自然科学版)》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112688937A (en) * | 2020-12-22 | 2021-04-20 | 武汉烽火众智数字技术有限责任公司 | Login method for system single sign-on under cross-application heterogeneous application |
| CN113434140A (en) * | 2021-06-25 | 2021-09-24 | 平安国际智慧城市科技股份有限公司 | Method, device and storage medium for loading menu and menu functions based on annotation |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111917762B (en) | 2022-11-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102447677B (en) | Resource access control method, system and equipment | |
| US20100064234A1 (en) | System and Method for Browser within a Web Site and Proxy Server | |
| CN111917762B (en) | Authority authentication solution method and system for front-end and back-end separation management systems | |
| CN104102537B (en) | A kind of application call method and user terminal | |
| KR101795592B1 (en) | Control method of access to cloud service for business | |
| CN104219080B (en) | A kind of website faulty page log recording method | |
| CN108712372B (en) | Method and system for accessing WEB third party login by client | |
| CN104348789A (en) | Web server and method for preventing cross-site scripting attack | |
| CN111064708B (en) | Authorization authentication method and device and electronic equipment | |
| CN104683297A (en) | Resource access method and device, server and terminal | |
| CN112685726A (en) | Single-point authentication method based on KEYCLOAK | |
| CN112261111A (en) | Method and system for realizing cross-domain access of browser in application program | |
| US8863263B2 (en) | Server apparatus and program for single sign-on | |
| CN103905477A (en) | HTTP request processing method and server | |
| CN112966262A (en) | Method and device for generating operation log, electronic equipment and storage medium | |
| CN112788019A (en) | Application fusion scheme under zero trust concept | |
| CN106209894A (en) | A kind of method based on NGINX unified certification and system | |
| CN111245791A (en) | Single sign-on method for realizing management and IT service through reverse proxy | |
| CN111447189B (en) | Data access method and device, electronic equipment and storage medium | |
| CN114091077A (en) | Authentication method, device, equipment and storage medium | |
| CN117411724B (en) | Method and device for sharing credentials across multiple applications of zero-trust application gateway | |
| CN114386010A (en) | Application login method and device, electronic equipment and storage medium | |
| CN115801476B (en) | Verification method and device for application request | |
| CN111339469B (en) | News publishing and managing system | |
| CN114301890B (en) | Web access request processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |