CN111970282A - Authentication method and device for heterogeneous module in system - Google Patents
Authentication method and device for heterogeneous module in system Download PDFInfo
- Publication number
- CN111970282A CN111970282A CN202010837530.7A CN202010837530A CN111970282A CN 111970282 A CN111970282 A CN 111970282A CN 202010837530 A CN202010837530 A CN 202010837530A CN 111970282 A CN111970282 A CN 111970282A
- Authority
- CN
- China
- Prior art keywords
- service module
- authentication
- request
- verification
- main service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses an authentication method and device of a heterogeneous module in a system, which can be used in the financial field or other fields, and the method comprises the following steps: an auxiliary service module in the system receives an authentication request of a user, wherein the authentication request comprises authentication information of a main service module in the system; the auxiliary service module generates a verification request according to the authentication information and sends the verification request to the main service module so that the main service module verifies the authentication information; and when receiving verification success information which is sent by the main service module and corresponds to the verification request, the auxiliary service module determines that the authentication request is successfully authenticated. The invention realizes the beneficial effect that different modules of the authentication system in the system can be mutually authenticated under the condition of not making great change on the system architecture.
Description
Technical Field
The invention relates to the technical field of system authentication, in particular to an authentication method and device for a heterogeneous module in a system.
Background
At present, with the rapid development of the computer industry, the technical stacks of developers are continuously updated, and various development frameworks such as NET, EJB, struts, JSF, LAMP, Spring and the like are proposed in sequence. In general, most industry developers are adept at the most popular development framework in the time, such as Spring boots. However, although the technical framework is rapidly updated all the time, computer management systems in various industries are built many years ago, and after being built for many years, the systems generally have the characteristics of large system, complex functions, serious dependence on users, old systems and the like.
Therefore, when various IT systems with one or more of the characteristics are upgraded, in order to enable a user to perceive the difference of the change of the system before and after as little as possible, the heterogeneous modules are developed by using other technology stacks which are popular at present on the basis of keeping the front-end page style, so as to meet the business requirements.
In the industry, a system composed of different heterogeneous modules generally adopts a mode of designing a unified login platform to open authentication connectivity between systems. If the authentication systems of the heterogeneous module and the main service module in the system are the same, mutual authentication can be directly realized. However, if the authentication systems of the heterogeneous module and the main service module are different greatly and are difficult to be compatible, mutual authentication cannot be performed directly. Therefore, under the condition that the authentication systems of the heterogeneous module and the main service module are different, how to realize mutual authentication of the heterogeneous module and the main service module is the problem to be solved by the invention.
Disclosure of Invention
The present invention provides an authentication method and apparatus for heterogeneous modules in a system, in order to solve the technical problems in the background art.
In order to achieve the above object, according to an aspect of the present invention, there is provided an authentication method of a heterogeneous module in a system, the method including:
an auxiliary service module in the system receives an authentication request of a user, wherein the authentication request comprises authentication information of a main service module in the system;
the auxiliary service module generates a verification request according to the authentication information and sends the verification request to the main service module so that the main service module verifies the authentication information;
and when receiving verification success information which is sent by the main service module and corresponds to the verification request, the auxiliary service module determines that the authentication request is successfully authenticated.
Optionally, the authentication modes of the auxiliary service module and the main service module are different.
Optionally, the authentication information is generated by the main service module according to the login authentication request of the user.
Optionally, an information interface is arranged on the main service module;
the sending the verification request to the main service module specifically includes:
and sending the verification request to the information interface of the main service module.
Optionally, the main service module adopts a session authentication mode, the auxiliary service module adopts a token authentication mode, and the authentication information is session identification information.
Optionally, the main service module adopts a token authentication mode, the auxiliary service module adopts a session authentication mode, and the authentication information is a token value.
In order to achieve the above object, according to an aspect of the present invention, there is provided a method for authenticating a heterogeneous module in another system, the method including:
a main service module in a system receives a verification request sent by an auxiliary service module in the system, wherein the verification request is generated by the auxiliary service module according to authentication information of the main service module contained in an authentication request when the auxiliary service module receives the authentication request of a user;
and the main service module verifies the authentication information in the verification request and sends verification success information corresponding to the verification request to the auxiliary service module when the verification is passed so that the auxiliary service module determines that the authentication request is successfully authenticated according to the verification success information.
Optionally, the authentication method for the heterogeneous module in the system further includes:
the main service module receives a login authentication request sent by the user;
and the main service module generates authentication information corresponding to the user when the login authentication request is successfully authenticated.
In order to achieve the above object, according to another aspect of the present invention, there is provided an authentication apparatus for heterogeneous modules in a system, the apparatus including:
the authentication request receiving unit is used for receiving an authentication request of a user, wherein the authentication request comprises authentication information of a main service module in the system;
a verification request generating unit, configured to generate a verification request according to the authentication information, and send the verification request to the main service module, so that the main service module verifies the authentication information;
and the authentication unit is used for determining that the authentication of the authentication request is successful when receiving the verification success information which is sent by the main service module and corresponds to the verification request.
In order to achieve the above object, according to another aspect of the present invention, there is provided an authentication apparatus for heterogeneous modules in another system, the apparatus including:
a verification request receiving unit, configured to receive a verification request sent by an auxiliary service module in a system, where the verification request is generated by the auxiliary service module according to authentication information of a main service module included in an authentication request when the auxiliary service module receives the authentication request of a user;
and the authentication information verification unit is used for verifying the authentication information in the verification request and sending verification success information corresponding to the verification request to the auxiliary service module when the verification is passed so that the auxiliary service module determines that the authentication request is successfully authenticated according to the verification success information.
In order to achieve the above object, according to another aspect of the present invention, there is also provided a computer device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the steps in the authentication method for heterogeneous modules in the above system when executing the computer program.
In order to achieve the above object, according to another aspect of the present invention, there is also provided a computer-readable storage medium storing a computer program which, when executed in a computer processor, implements the steps in the authentication method of the heterogeneous module in the above system.
The invention has the beneficial effects that: when the auxiliary service module receives the authentication request, the verification request is generated according to the authentication information of the main service module contained in the authentication request, the verification request is sent to the main service module to verify the authentication information, and if the verification is passed, the auxiliary service module confirms that the authentication request passes the authentication. The invention can realize that the auxiliary service module authenticates based on the main service module under the condition that the authentication modes of the auxiliary service module and the main service module are completely different, and can realize the authentication of the main service module and the auxiliary service module under the condition that the system architecture is not greatly changed.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts. In the drawings:
FIG. 1 is a first flowchart of an authentication method for heterogeneous modules in the system according to an embodiment of the present invention;
FIG. 2 is a second flowchart of a method for authenticating a heterogeneous module in the system according to an embodiment of the present invention;
FIG. 3 is a flowchart illustrating a session authentication login in the prior art;
FIG. 4 is a flowchart illustrating a prior art token authenticated login;
FIG. 5 is a diagram of an application scenario of an authentication method for heterogeneous modules in the system according to an embodiment of the present invention;
fig. 6 is a first block diagram of an authentication apparatus of a heterogeneous module in the system according to the embodiment of the present invention;
fig. 7 is a second block diagram of an authentication apparatus of a heterogeneous module in the system according to the embodiment of the present invention;
FIG. 8 is a schematic diagram of a computer apparatus according to an embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
It should be noted that the terms "comprises" and "comprising," and any variations thereof, in the description and claims of the present invention and the above-described drawings, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict. The present invention will be described in detail below with reference to the embodiments with reference to the attached drawings.
The authentication method and apparatus for heterogeneous modules in the system of the present invention may be used in the financial field, and may also be used in any field other than the financial field.
The problem to be solved by the present invention is how to authenticate heterogeneous modules in a system, where the heterogeneous modules in the present invention mean that authentication systems adopted by two modules are different, and in the following embodiments of the present invention, a main service module and an auxiliary service module are heterogeneous modules, that is, authentication systems adopted by the main service module and the auxiliary service module are different. In the following embodiments of the present invention, a token authentication system and a session authentication system are used as examples, but the present invention is not limited thereto.
The Springboot + JWT is a main technical framework which is developed and adopted in the world, and the technical framework generally adopts a token-based mode to authenticate with a client; many conventional systems still use session-based authentication. See fig. 3 and 4 below, these two authentication methods have certain similarities, but the principle is different:
1. the client browser uses the session returned by the cookie storage server and uses token returned by the local storage server;
2. when a third-party storage system is not used, the server stores the session in the memory, but the server does not store the token in the memory;
3. session is generally transmitted in plaintext, token is a string of encrypted character string, and an encryption and decryption key and algorithm are agreed by a server and a client;
based on the above demonstration, the token authentication system and the session authentication system are not compatible and cannot directly authenticate each other. The invention provides a method for mutual authentication of heterogeneous modules in a system, which is used for reducing the development cost of the heterogeneous modules, furthest reserving the original development habit of developers and improving the online efficiency of new functions.
Fig. 5 is an application scenario diagram of an authentication method for a heterogeneous module in a system according to an embodiment of the present invention, and as shown in fig. 5, optional application scenarios of the present invention include: the system comprises a main service module and an auxiliary service module, wherein the main service module and the auxiliary service module are developed based on different development frames, and the authentication systems adopted by the main service module and the auxiliary service module are different.
Fig. 1 is a first flowchart of an authentication method for heterogeneous modules in a system according to an embodiment of the present invention, where an execution subject is an auxiliary service module in the system, and as shown in fig. 1, the authentication method for heterogeneous modules in the system according to the embodiment includes steps S101 to S103.
Step S101, an auxiliary service module in the system receives an authentication request of a user, wherein the authentication request comprises authentication information of a main service module in the system.
In an embodiment of the present invention, the authentication manners of the auxiliary service module and the main service module are different. Of course, the authentication method of the present invention is also applicable to the same scene as the authentication mode of the auxiliary service module and the main service module.
In the embodiment of the present invention, before step S101, the user has completed login authentication in the main service module through the client, and the main service module generates authentication information corresponding to the user. The specific process is as follows: a main service module receives a login authentication request sent by a user; and the main service module generates authentication information corresponding to the user when the login authentication request is authenticated successfully. The client stores the authentication information and adds the authentication information into all subsequent authentication requests of the user. In an alternative embodiment of the present invention, the authentication request may be an http request or an https request, and the authentication information may be written in a header (header) of the authentication request.
In a specific embodiment of the present invention, the main service module adopts a session authentication mode, the auxiliary service module adopts a token authentication mode, and the authentication information is session identification information, i.e., session _ id.
In another specific embodiment of the present invention, the main service module adopts a token authentication method, the auxiliary service module adopts a session authentication method, and the authentication information is a token value.
In the embodiment of the invention, after the main service module finishes login authentication, a user wants to use the function of the auxiliary service module, and the auxiliary service module needs to authenticate the user first. Specifically, the client may send an authentication request to the auxiliary service module, where the authentication request includes authentication information of the main service module.
Step S102, the auxiliary service module generates a verification request according to the authentication information, and sends the verification request to the main service module, so that the main service module verifies the authentication information.
In the embodiment of the invention, the main service module is provided with an information interface, and the auxiliary service module specifically sends the verification request to the information interface of the main service module. In an optional embodiment of the present invention, the verification request is an http request or an https request, and the information interface is an http interface or an https interface.
In the embodiment of the invention, when the main service module receives the verification request, the authentication information contained in the verification request is verified, whether the authentication information is correct or not is verified, if the authentication information is correct, the verification success information is sent to the auxiliary service module, and if the verification is incorrect, the verification failure information is sent to the auxiliary service module. In the embodiment of the invention, when the user logs in and authenticates at the main service module, the main service module stores the generated authentication information in the local. And when the verification request is received, verifying the authentication information contained in the verification request according to the locally stored authentication information.
Step S103, when receiving the verification success information corresponding to the verification request sent by the main service module, the auxiliary service module determines that the authentication request is successful.
In the embodiment of the invention, if the verification failure information sent by the main service module is received, the authentication request authentication is determined to fail.
Therefore, the method and the system can realize the authentication of the auxiliary service module based on the main service module under the condition that the authentication modes of the auxiliary service module and the main service module are completely different, and can realize the authentication of the main service module and the auxiliary service module under the condition that the system architecture is not greatly changed.
Fig. 2 is a second flowchart of the authentication method for heterogeneous modules in a system according to an embodiment of the present invention, where the execution subject is a main service module in the system, and as shown in fig. 2, the authentication method for heterogeneous modules in a system according to this embodiment includes step S201 and step S202.
Step S201, a main service module in a system receives a verification request sent by an auxiliary service module in the system, where the verification request is generated by the auxiliary service module according to authentication information of the main service module included in an authentication request when the auxiliary service module receives the authentication request of a user.
In the embodiment of the invention, the authentication modes of the auxiliary service module and the main service module are different.
In the embodiment of the present invention, before step S201, the user has completed login authentication in the main service module through the client, and the main service module generates authentication information corresponding to the user. The specific process is as follows: a main service module receives a login authentication request sent by a user; and the main service module generates authentication information corresponding to the user when the login authentication request is authenticated successfully.
Step S202, the main service module verifies the authentication information in the verification request, and sends verification success information corresponding to the verification request to the auxiliary service module when the verification is passed, so that the auxiliary service module determines that the authentication request is successfully authenticated according to the verification success information.
The invention provides a specific embodiment aiming at a scene that a main service module adopts a session authentication mode and an auxiliary service module adopts a token authentication mode. The specific process is as follows:
1. the client sends a login authentication request (containing a user name/password) and performs login authentication in an http/https mode.
2. The system server distributes a session for the connection of the client after authenticating the 'user name/password', transmits session identification information (session _ id) and some data required by the client back to the client, and simultaneously, the corresponding relation between the session and the session _ id is stored in the server.
3. The client stores the session data in the cookie, and writes the session _ id into the header of the subsequent authentication request, wherein the key value is named as Access-Token for example. Each subsequent request is accompanied by the key-value pair in the header (header) of the request: "Access-Token": "session _ id".
4. If the token authentication mode-based auxiliary service module is used in the current use, a request is sent to the main module for authentication before token authentication, and authentication content is session _ id carried by a request header. If the main module can recognize the session _ id, the data stored by the client on the server side and the result of the authentication pass are returned to the function module.
And opening an http interface at the main service module, wherein the interface receives the input of the session _ id, and searching whether the session _ id is distributed in the service process for finishing the verification of the session _ id. The interface does not need session authentication for calling of the main module, and is configured to be exceptional and free.
The auxiliary service module constructs an http request, and writes session _ id into the content body of the http request, where url is the address of the http interface mentioned above. The filter sends the request to the main service module.
The main service module finishes the check of the session _ id, and if the session corresponding to the session _ id exists, the result of passing the authentication and the client personalized data stored in the session are returned to the client; if the session corresponding to the session _ id does not exist, returning authentication failure to the client.
5. After the auxiliary service module obtains the result of 'passing the authentication', the subsequent token authentication process is not carried out any more, and the authentication is directly confirmed to be successful.
The invention also provides a specific embodiment aiming at the scene that the main service module adopts a token authentication mode and the auxiliary service module adopts a session authentication mode. The specific process is as follows:
1. the client sends a login authentication request (comprising a user name and a password) and performs login authentication in an http/https mode.
2. The server side uses the user name and the password sent by the client side to generate a token value by adopting a specific encryption algorithm, and the token value is returned to the client side.
3. The client writes the token value into the header of the subsequent authentication request, and the value of the key is exemplified as "authorization". Each subsequent request is accompanied by the key-value pair in the header (header) of the request: "authorization": "specific token value".
4. If the user uses the auxiliary service module based on the session authentication mechanism in the use, a request is sent to the main service module for authentication before the session authentication, and the authentication content is the token value carried by the request header. If the master module can recognize the token value, the data carried in the token is decrypted and returned to the function module along with the result of "authentication pass".
And opening an http interface at the main service module, wherein the http interface receives the input of the token and also needs to input elements (such as a user name and a password) of the authentication token required by the main module end, and the token is verified inside the service process. The interface does not need token authentication for calling of the main module, and is configured to be exceptional and free.
The auxiliary service module constructs an http request, writes the token and the elements (such as the user name and the password) which need to verify the token in the content body of the http request, and the url is the address of the http interface mentioned above. And the auxiliary service module sends the request to the main service module.
The main service module completes the verification of the token, and if the token can pass the verification, the result of 'authentication passing' and the client-side personalized data stored in the token are returned to the auxiliary service module; and if the token can not pass the verification, returning authentication failure to the auxiliary service module.
5. After the auxiliary service module based on session authentication obtains the result of 'authentication passing', the subsequent session authentication is not carried out any more, and the authentication success is directly confirmed.
It should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer-executable instructions and that, although a logical order is illustrated in the flowcharts, in some cases, the steps illustrated or described may be performed in an order different than presented herein.
Based on the same inventive concept, an embodiment of the present invention further provides an authentication apparatus for a heterogeneous module in a system, which can be used to implement the authentication method for the heterogeneous module in the system described in the foregoing embodiment, as described in the following embodiment. Because the principle of solving the problem of the authentication device of the heterogeneous module in the system is similar to that of the authentication method of the heterogeneous module in the system, the embodiment of the authentication device of the heterogeneous module in the system can be referred to the embodiment of the authentication method of the heterogeneous module in the system, and repeated details are not repeated. As used hereinafter, the term "unit" or "module" may be a combination of software and/or hardware that implements a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.
Fig. 6 is a first structural block diagram of an authentication apparatus for heterogeneous modules in a system according to an embodiment of the present invention, and as shown in fig. 6, the authentication apparatus for heterogeneous modules in the system according to an embodiment of the present invention includes:
an authentication request receiving unit 1, configured to receive an authentication request of a user, where the authentication request includes authentication information of a main service module in a system;
a verification request generating unit 2, configured to generate a verification request according to the authentication information, and send the verification request to the main service module, so that the main service module verifies the authentication information;
and the authentication unit 3 is configured to determine that the authentication of the authentication request is successful when receiving verification success information corresponding to the verification request sent by the main service module.
Fig. 7 is a second structural block diagram of an authentication apparatus for a heterogeneous module in a system according to an embodiment of the present invention, and as shown in fig. 7, the authentication apparatus for a heterogeneous module in a system according to an embodiment of the present invention includes:
a verification request receiving unit 4, configured to receive a verification request sent by an auxiliary service module in a system, where the verification request is generated by the auxiliary service module according to authentication information of a main service module included in an authentication request when the auxiliary service module receives the authentication request of a user;
and the authentication information verification unit 5 is configured to verify the authentication information in the verification request, and send verification success information corresponding to the verification request to the auxiliary service module when the verification passes, so that the auxiliary service module determines that the authentication request is successfully authenticated according to the verification success information.
To achieve the above object, according to another aspect of the present application, there is also provided a computer apparatus. As shown in fig. 8, the computer device comprises a memory, a processor, a communication interface and a communication bus, wherein a computer program that can be run on the processor is stored in the memory, and the steps of the method of the above embodiment are realized when the processor executes the computer program.
The processor may be a Central Processing Unit (CPU). The Processor may also be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, or a combination thereof.
The memory, which is a non-transitory computer readable storage medium, may be used to store non-transitory software programs, non-transitory computer executable programs, and units, such as the corresponding program units in the above-described method embodiments of the present invention. The processor executes various functional applications of the processor and the processing of the work data by executing the non-transitory software programs, instructions and modules stored in the memory, that is, the method in the above method embodiment is realized.
The memory may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created by the processor, and the like. Further, the memory may include high speed random access memory, and may also include non-transitory memory, such as at least one disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory optionally includes memory located remotely from the processor, and such remote memory may be coupled to the processor via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The one or more units are stored in the memory and when executed by the processor perform the method of the above embodiments.
The specific details of the computer device may be understood by referring to the corresponding related descriptions and effects in the above embodiments, and are not described herein again.
In order to achieve the above object, according to another aspect of the present application, there is also provided a computer-readable storage medium storing a computer program which, when executed in a computer processor, implements the steps in the authentication method of the heterogeneous module in the above system. It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic Disk, an optical Disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a Flash Memory (Flash Memory), a Hard Disk (Hard Disk Drive, abbreviated as HDD) or a Solid State Drive (SSD), etc.; the storage medium may also comprise a combination of memories of the kind described above.
It will be apparent to those skilled in the art that the modules or steps of the present invention described above may be implemented by a general purpose computing device, they may be centralized on a single computing device or distributed across a network of multiple computing devices, and they may alternatively be implemented by program code executable by a computing device, such that they may be stored in a storage device and executed by a computing device, or fabricated separately as individual integrated circuit modules, or fabricated as a single integrated circuit module from multiple modules or steps. Thus, the present invention is not limited to any specific combination of hardware and software.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (13)
1. A method for authenticating a heterogeneous module in a system, the method comprising:
an auxiliary service module in the system receives an authentication request of a user, wherein the authentication request comprises authentication information of a main service module in the system;
the auxiliary service module generates a verification request according to the authentication information and sends the verification request to the main service module so that the main service module verifies the authentication information;
and when receiving verification success information which is sent by the main service module and corresponds to the verification request, the auxiliary service module determines that the authentication request is successfully authenticated.
2. The method of claim 1, wherein the secondary service module and the primary service module are authenticated in different manners.
3. The method according to claim 1, wherein the authentication information is generated by the main service module according to a login authentication request of the user.
4. The authentication method for heterogeneous modules in the system according to claim 1, wherein an information interface is provided on the main service module;
the sending the verification request to the main service module specifically includes:
and sending the verification request to the information interface of the main service module.
5. The method of claim 1, wherein the main service module employs a session authentication method, the auxiliary service module employs a token authentication method, and the authentication information is session identification information.
6. The method of claim 1, wherein the main service module adopts a token authentication method, the auxiliary service module adopts a session authentication method, and the authentication information is a token value.
7. A method for authenticating a heterogeneous module in a system, the method comprising:
a main service module in a system receives a verification request sent by an auxiliary service module in the system, wherein the verification request is generated by the auxiliary service module according to authentication information of the main service module contained in an authentication request when the auxiliary service module receives the authentication request of a user;
and the main service module verifies the authentication information in the verification request and sends verification success information corresponding to the verification request to the auxiliary service module when the verification is passed so that the auxiliary service module determines that the authentication request is successfully authenticated according to the verification success information.
8. The method of claim 7, wherein the secondary service module and the primary service module are authenticated in different manners.
9. The method for authenticating heterogeneous modules in a system according to claim 7, further comprising:
the main service module receives a login authentication request sent by the user;
and the main service module generates authentication information corresponding to the user when the login authentication request is successfully authenticated.
10. An apparatus for authenticating a heterogeneous module in a system, comprising:
the authentication request receiving unit is used for receiving an authentication request of a user, wherein the authentication request comprises authentication information of a main service module in the system;
a verification request generating unit, configured to generate a verification request according to the authentication information, and send the verification request to the main service module, so that the main service module verifies the authentication information;
and the authentication unit is used for determining that the authentication of the authentication request is successful when receiving the verification success information which is sent by the main service module and corresponds to the verification request.
11. An apparatus for authenticating a heterogeneous module in a system, comprising:
a verification request receiving unit, configured to receive a verification request sent by an auxiliary service module in a system, where the verification request is generated by the auxiliary service module according to authentication information of a main service module included in an authentication request when the auxiliary service module receives the authentication request of a user;
and the authentication information verification unit is used for verifying the authentication information in the verification request and sending verification success information corresponding to the verification request to the auxiliary service module when the verification is passed so that the auxiliary service module determines that the authentication request is successfully authenticated according to the verification success information.
12. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method of any of claims 1 to 9 when executing the computer program.
13. A computer-readable storage medium, in which a computer program is stored which, when executed in a computer processor, implements the method of any one of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010837530.7A CN111970282B (en) | 2020-08-19 | 2020-08-19 | Authentication method and device for heterogeneous module in system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010837530.7A CN111970282B (en) | 2020-08-19 | 2020-08-19 | Authentication method and device for heterogeneous module in system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111970282A true CN111970282A (en) | 2020-11-20 |
| CN111970282B CN111970282B (en) | 2022-09-30 |
Family
ID=73388500
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010837530.7A Active CN111970282B (en) | 2020-08-19 | 2020-08-19 | Authentication method and device for heterogeneous module in system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111970282B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112804224A (en) * | 2021-01-07 | 2021-05-14 | 沈阳麟龙科技股份有限公司 | Authentication method, device, medium and electronic equipment based on micro service |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120216267A1 (en) * | 2011-02-23 | 2012-08-23 | International Business Machines Corporation | User Initiated and Controlled Identity Federation Establishment and Revocation Mechanism |
| CN109274685A (en) * | 2018-11-02 | 2019-01-25 | 深圳壹账通智能科技有限公司 | Multisystem login method, device, computer equipment and storage medium |
| CN109327477A (en) * | 2018-12-06 | 2019-02-12 | 泰康保险集团股份有限公司 | Authentication method, device and storage medium |
| CN109688114A (en) * | 2018-12-10 | 2019-04-26 | 迈普通信技术股份有限公司 | Single-point logging method, certificate server and application server |
| US10728247B1 (en) * | 2019-08-02 | 2020-07-28 | Alibaba Group Holding Limited | Selecting an authentication system for handling an authentication request |
-
2020
- 2020-08-19 CN CN202010837530.7A patent/CN111970282B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120216267A1 (en) * | 2011-02-23 | 2012-08-23 | International Business Machines Corporation | User Initiated and Controlled Identity Federation Establishment and Revocation Mechanism |
| CN109274685A (en) * | 2018-11-02 | 2019-01-25 | 深圳壹账通智能科技有限公司 | Multisystem login method, device, computer equipment and storage medium |
| CN109327477A (en) * | 2018-12-06 | 2019-02-12 | 泰康保险集团股份有限公司 | Authentication method, device and storage medium |
| CN109688114A (en) * | 2018-12-10 | 2019-04-26 | 迈普通信技术股份有限公司 | Single-point logging method, certificate server and application server |
| US10728247B1 (en) * | 2019-08-02 | 2020-07-28 | Alibaba Group Holding Limited | Selecting an authentication system for handling an authentication request |
Non-Patent Citations (2)
| Title |
|---|
| 曹志通等: "数字化校园统一身份认证系统的设计", 《计算机安全》 * |
| 罗国玮等: "数字化校园统一身份认证平台研究与实现", 《广西师范学院学报(自然科学版)》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112804224A (en) * | 2021-01-07 | 2021-05-14 | 沈阳麟龙科技股份有限公司 | Authentication method, device, medium and electronic equipment based on micro service |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111970282B (en) | 2022-09-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113438289B (en) | Block chain data processing method and device based on cloud computing | |
| CN111935094B (en) | Database access method, device, system and computer readable storage medium | |
| US11736469B2 (en) | Single sign-on enabled OAuth token | |
| CN110493202B (en) | Login token generation and verification method and device and server | |
| US11568257B2 (en) | Secure cloud-based machine learning without sending original data to the cloud | |
| US11190501B2 (en) | Hybrid single sign-on for software applications and services using classic and modern identity providers | |
| EP3488584B1 (en) | Usage tracking in hybrid cloud computing systems | |
| CN113783695A (en) | Client information authentication method and system of micro-service architecture | |
| CN112671720B (en) | Token construction method, device and equipment for cloud platform resource access control | |
| US10659443B2 (en) | Methods and apparatus for obtaining a scoped token | |
| US20160219030A1 (en) | Service Request Authentication Method and Apparatus | |
| CN111669351B (en) | Authentication method, service server, client and computer readable storage medium | |
| CN110069909A (en) | It is a kind of to exempt from the close method and device for logging in third party system | |
| CN111404695A (en) | Token request verification method and device | |
| CN111970282B (en) | Authentication method and device for heterogeneous module in system | |
| US11750391B2 (en) | System and method for performing a secure online and offline login process | |
| CN112653673B (en) | Multi-factor authentication method and system based on single sign-on | |
| CN112181599B (en) | Model training method, device and storage medium | |
| KR101946620B1 (en) | Method and server for generating a block of data comprising signature of the server | |
| CN113179273A (en) | Block chain side chain-based block header verification method and device and computer-readable storage medium | |
| CA3087593A1 (en) | Centralized authentication and authorization | |
| KR102428409B1 (en) | User authentication device, user authentication method using security code and computer program | |
| US11683173B2 (en) | Consensus algorithm for distributed ledger technology | |
| CN114584556A (en) | File transmission method and device | |
| KR20230094920A (en) | Blockchain Network System for Blockchain Service Provider and Method for Blockchain Service Provider |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20210125 Address after: 100140, 55, Fuxing Avenue, Xicheng District, Beijing Applicant after: INDUSTRIAL AND COMMERCIAL BANK OF CHINA Applicant after: ICBC Technology Co.,Ltd. Address before: 100029 Tianyuan Xiangtai building, No.5 Anding Road, Chaoyang District, Beijing Applicant before: ICBC Technology Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |