CN112084475A - Authentication method and server - Google Patents

Authentication method and server Download PDF

Info

Publication number
CN112084475A
CN112084475A CN202011013258.7A CN202011013258A CN112084475A CN 112084475 A CN112084475 A CN 112084475A CN 202011013258 A CN202011013258 A CN 202011013258A CN 112084475 A CN112084475 A CN 112084475A
Authority
CN
China
Prior art keywords
database
user
credential information
identity credential
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011013258.7A
Other languages
Chinese (zh)
Inventor
陈嘉乐
何光波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Xiaopeng Motors Technology Co Ltd
Original Assignee
Guangzhou Xiaopeng Motors Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Xiaopeng Motors Technology Co Ltd filed Critical Guangzhou Xiaopeng Motors Technology Co Ltd
Priority to CN202011013258.7A priority Critical patent/CN112084475A/en
Publication of CN112084475A publication Critical patent/CN112084475A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention provides an authentication method and a server, wherein the method comprises the following steps: receiving an authentication request sent by a client, wherein the authentication request comprises second identity credential information of a user; judging whether first identity credential information of the user exists in a first database; if the first database does not have the first identity credential information of the user, loading the first identity credential information of the user in the second database into the first database, and judging whether the first identity credential information of the user in the second database is matched with the second identity credential information of the user; if the first identity credential information of the user in the second database is matched with the second identity credential information of the user, sending an authentication passing message to the client; and if the first identity credential information of the user in the second database is not matched with the second identity credential information of the user, sending an authentication failure message to the client. The embodiment of the invention can process ten thousand-level authentication requests with lower cost.

Description

Authentication method and server
Technical Field
The present invention relates to the field of communications technologies, and in particular, to an authentication method and a server.
Background
With the development of intelligent vehicles, the intelligent vehicles provide more and more interactive functions, such as remote vehicle control functions. The remote vehicle control function allows a user to control the vehicle to perform some operations through the mobile phone, such as controlling the vehicle to open a window, opening an air conditioner, and the like.
In order to realize the remote vehicle control function, the vehicle and the server need to be kept connected for a long time, and if sudden network flash occurs, the vehicle is required to be quickly connected with the server. In this case, a large number of authentication requests may be sent to the server. In the existing authentication mode, the server can extract the identity credential information from the authentication request, match the identity credential information in the authentication request with the local identity credential information of the server, and return the authentication result to the client according to the matching result.
However, in the existing authentication method, the server is difficult to realize the throughput of ten thousand levels at a low cost, and the authentication scheme of dynamically updating the identity credential information is supported.
Disclosure of Invention
In view of the above, embodiments of the present invention are proposed in order to provide an authentication method and a corresponding server that overcome or at least partially solve the above problems.
In order to solve the above problem, an embodiment of the present invention discloses an authentication method applied to a server, where the server has a first database and a second database, the first database is used to store first identity credential information of a user in a preset time period, and the second database is used to persistently store the first identity credential information of the user, and the method includes:
receiving an authentication request sent by a client, wherein the authentication request comprises second identity credential information of a user;
judging whether first identity credential information of the user exists in the first database;
if the first database does not have the first identity credential information of the user, loading the first identity credential information of the user in the second database to the first database, and judging whether the first identity credential information of the user in the second database is matched with the second identity credential information of the user;
if the first identity credential information of the user in the second database is matched with the second identity credential information of the user, sending an authentication passing message to the client;
and if the first identity credential information of the user in the second database is not matched with the second identity credential information of the user, sending an authentication failure message to the client.
Optionally, the loading, to the first database, the first identity credential information of the user in the second database includes:
asynchronously loading first identity credential information of the user in the second database to the first database.
Optionally, the server has a first plug-in to the first database;
the determining whether the first identity credential information of the user exists in the first database includes:
and judging whether the first database has the first identity credential information of the user or not through the first plug-in.
Optionally, the server has a second plug-in to the second database;
the determining whether the first identity credential information of the user in the second database matches the second identity credential information of the user includes:
and judging whether the first identity credential information of the user in the second database is matched with the second identity credential information of the user through the second plug-in.
Optionally, the server further has a third plug-in; the method further comprises the following steps:
if the first database does not have the first identity credential information of the user, calling the second plug-in through the first plug-in;
the loading first identity credential information of the user in the second database to the first database comprises:
loading, by the first plugin, first identity credential information of the user in the second database to the first database.
Optionally, the server further has a third plug-in; the method further comprises the following steps:
if the first database does not contain the first identity credential information of the user, calling the third plug-in through the first plug-in, and calling the second plug-in through the third plug-in;
the loading first identity credential information of the user in the second database to the first database comprises:
loading, by the third plugin, the first identity credential information of the user in the second database to the first database.
Optionally, the method further comprises:
if the first database has the first identity credential information of the user, judging whether the first identity credential information of the user in the first database is matched with the second identity credential information of the user;
if the first identity credential information of the user in the first database is matched with the second identity credential information of the user, sending an authentication passing message to the client;
and if the first identity credential information of the user in the first database is not matched with the second identity credential information of the user, sending an authentication failure message to the client.
The embodiment of the invention also discloses a server, which is provided with a first database and a second database, wherein the first database is used for storing the first identity certificate information of the user in a preset time period, and the second database is used for persistently storing the first identity certificate information of the user, and the server comprises:
the request receiving module is used for receiving an authentication request sent by a client, wherein the authentication request comprises second identity credential information of a user;
the first judging module is used for judging whether the first identity certificate information of the user exists in the first database or not;
a processing module, configured to load, if first identity credential information of the user does not exist in the first database, the first identity credential information of the user in the second database to the first database, and determine whether the first identity credential information of the user in the second database matches the second identity credential information of the user;
the first authentication module is used for sending an authentication passing message to the client if the first identity credential information of the user in the second database is matched with the second identity credential information of the user;
and the second authentication module is used for sending an authentication failure message to the client if the first identity credential information of the user in the second database is not matched with the second identity credential information of the user.
Optionally, the processing module includes:
and the asynchronous loading submodule is used for asynchronously loading the first identity credential information of the user in the second database to the first database.
Optionally, the server has a first plug-in to the first database;
the first judging module comprises:
and the first judging submodule is used for judging whether the first database has the first identity certificate information of the user through the first plug-in.
Optionally, the server has a second plug-in to the second database;
the processing module comprises:
and the second judging submodule is used for judging whether the first identity credential information of the user in the second database is matched with the second identity credential information of the user through the second plug-in.
Optionally, the server further has a third plug-in; the server further comprises:
a first plug-in calling module, configured to call the second plug-in through the first plug-in if the first database does not have the first identity credential information of the user;
the processing module comprises:
and the first plug-in loading submodule is used for loading the first identity credential information of the user in the second database to the first database through the first plug-in.
Optionally, the server further has a third plug-in; the server further comprises:
a second plug-in calling module, configured to call the third plug-in through the first plug-in if the first database does not have the first identity credential information of the user, and call the second plug-in through the third plug-in;
the processing module comprises:
and the second plug-in loading submodule is used for loading the first identity credential information of the user in the second database to the first database through the third plug-in.
Optionally, the method further comprises:
a second judging module, configured to judge whether first identity credential information of the user in the first database matches second identity credential information of the user if the first identity credential information of the user exists in the first database;
a third authentication module, configured to send an authentication pass message to the client if the first identity credential information of the user in the first database matches the second identity credential information of the user;
a fourth authentication module, configured to send an authentication failure message to the client if the first identity credential information of the user in the first database is not matched with the second identity credential information of the user.
The embodiment of the invention also discloses an electronic device, which comprises: a processor, a memory and a computer program stored on the memory and executable on the processor, the computer program, when executed by the processor, implementing the steps of the authentication method as described above.
The embodiment of the invention also discloses a computer readable storage medium, wherein a computer program is stored on the computer readable storage medium, and the computer program realizes the steps of the authentication method when being executed by a processor.
The embodiment of the invention has the following advantages:
the authentication method in the embodiment of the present invention may be applied to a server, where the server has a first database and a second database, the first database is used to store first identity credential information of a user in a preset time period, and the second database is used to persistently store the first identity credential information of the user, and the method may include: receiving an authentication request sent by a client, wherein the authentication request comprises second identity credential information of a user; judging whether first identity credential information of the user exists in a first database; if the first database does not have the first identity credential information of the user, judging whether the first identity credential information of the user in the second database is matched with the second identity credential information of the user; if the first identity credential information of the user in the second database is matched with the second identity credential information of the user, sending an authentication passing message to the client; and if the first identity credential information of the user in the second database is not matched with the second identity credential information of the user, sending an authentication failure message to the client. The first database of the embodiment of the invention has the characteristics of high response speed and high concurrency support, and can be preferentially used for processing the authentication request. In the absence of the first identity credential information of the user in the first database, processing is performed for the authentication request using the second database. The success rate of the authentication request is improved, and the number of the authentication requests repeatedly sent by the client is reduced. Under the requirement of reaching the same throughput, if only one database is used for authentication, the database is required to have higher performance and higher cost. The embodiment of the invention uses two databases with different performances for authentication, has low requirements on the performances of the first database and the second database, can reduce the cost, and can process ten thousand-level authentication requests with lower cost. And under the condition that the first database does not have the first identity credential information of the user, the first identity credential information of the user can be loaded to the first database from the second database, so that the first database can update the first identity credential information of the user, and the problem that the first database cannot be dynamically updated is solved.
Drawings
FIG. 1 is a flow chart of the steps of a method of authentication according to an embodiment of the present invention;
FIG. 2 is a flow chart of an authentication method in an embodiment of the invention;
FIG. 3 is a flow chart of another authentication method in an embodiment of the present invention;
fig. 4 is a block diagram of a server according to an embodiment of the present invention.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
In order to realize the remote vehicle control function, the client of the vehicle is required to be connected with the server for a long time, a user can send an instruction to the server through the APP client on the mobile phone, and the server sends the instruction to the client of the vehicle.
In the embodiment of the invention, the client of the vehicle and the client of the mobile phone are required to be authenticated by the server. The identity credential information of the client of the vehicle may be the client configured to the vehicle by the vehicle manufacturer at the time the vehicle is manufactured. The identity credential information of the mobile phone client can be distributed by the server when the user registers an account. The server may assign corresponding identity credential information based on a user name and password registered by the user.
For a vehicle, because the vehicle generally uses an internet of things network to connect with a server, the stability of the internet of things network is not high at present, so that a client of the vehicle is easily disconnected from the server. For the mobile phone, the mobile phone generally uses a mobile network (such as a 4G network) to connect with the server, and because the mobile network has high stability, the mobile phone is not easily disconnected from the server. The server receives a large number of concurrent authentication requests, mostly from the vehicle's client.
In the embodiment of the invention, the server can be an EMQ server, and the EMQ server is an Internet of things MQTT message server developed based on an Erlang/OTP platform. Erlang/OTP is an excellent Soft-real-time (Soft-real), Low-Latency (Low-Latency), Distributed (Distributed) language platform. MQTT is a Lightweight (Lightweight), publish-subscribe mode (PubSub) messaging protocol for internet of things.
Referring to fig. 1, a flowchart illustrating steps of an authentication method according to an embodiment of the present invention is shown, where the method is applied to a server, where the server has a first database and a second database, the first database is used to store first identity credential information of a user for a preset time period, and the second database is used to persistently store the first identity credential information of the user, where the method specifically includes the following steps:
step 101, receiving an authentication request sent by a client, where the authentication request includes second identity credential information of a user.
In the embodiment of the present invention, the server may have a first database, where the first database is configured to store first identity credential information of the user in a preset time period, where the first identity credential information refers to identity credential information of the user stored in the server.
Compared with the second database, the first database has the characteristics of high response speed and high concurrency support, so that the server can preferentially use the first database for authentication processing after receiving the authentication request. In the embodiment of the present invention, the first database may be a Redis database, and the Redis database is a high-performance Key-Value database, and compared with a general database db (database), the response speed is faster, and the response to the authentication request with a throughput of ten thousand levels can be realized at a lower cost. However, the first identity credential information stored in the Redis database cannot be dynamically updated, and only the first identity credential information can be stored in a preset time period, and the Redis database can automatically clear the identity credential information with the storage duration exceeding the preset time period. For example, a first database may store first identity credential information for a user for a week.
In an embodiment of the invention, the server may have a second database for persistently storing the first identity credential information of the user. The second database may be a general database db (database), which is limited by the connection number and cost of the database, and cannot achieve ten thousand levels of throughput at a lower cost. Therefore, in the embodiment of the present invention, when the first database does not have the first identity credential information of the user, the authentication is performed according to the first identity credential information of the user in the second database, so that only a small number of authentication requests need to be authenticated according to the second database process.
In the embodiment of the present invention, the client is installed in an electronic device, and the electronic device may be a mobile phone, a tablet computer, a wearable device, an in-vehicle device, an Augmented Reality (AR)/Virtual Reality (VR) device, a notebook computer, an ultra-mobile personal computer (UMPC), a netbook, a Personal Digital Assistant (PDA), or other electronic devices.
When the client on the vehicle-mounted equipment is disconnected from the server, the client needs to immediately send the authentication request to the server again. The client on the mobile phone can send an authentication request to the server when the user needs to remotely control the vehicle.
Step 102, judging whether the first database has the first identity credential information of the user.
In the embodiment of the present invention, the authentication request may include user identification information, the first identity credential information in the first database may be stored in correspondence with the user identification information, and the corresponding first identity credential information may be searched from the first database according to the user identification information in the authentication request.
For example, for the mobile phone client, the user identification information may be assigned by the server according to a user name registered by the user when the user registers the account, the user identification information may be the user name, and the user name and the first identity credential information may be stored in the first database correspondingly. The authentication request sent by the mobile phone client may include a user name. The server may look up first identity credential information for the user stored in the first database based on the username.
For another example, for the vehicle-mounted device client, the user identification information may be device identification information allocated by a manufacturer at the time of factory shipment, and in the first database, the device identification information and the first identity credential information may be stored correspondingly. The authentication request sent by the vehicle-mounted device client can include device identification information. The server may look up the first identity credential information of the user stored in the first database based on the device identification information.
The authentication method of the embodiment of the invention can also comprise the following steps: if the first database has the first identity credential information of the user, judging whether the first identity credential information of the user in the first database is matched with the second identity credential information of the user; if the first identity credential information of the user in the first database is matched with the second identity credential information of the user, sending an authentication passing message to the client; and if the first identity credential information of the user in the first database is not matched with the second identity credential information of the user, sending an authentication failure message to the client.
If the first identity credential information of the user in the first database matches the second identity credential information of the user, the authentication is passed, and the server may send an authentication pass message to the client. If the first identity credential information of the user in the first database does not match the second identity credential information of the user, the authentication is not passed, and the server may send an authentication failure message to the client.
In an embodiment of the invention, a server may have a first plug-in to a first database; the step of determining whether the first identity credential information of the user exists in the first database may include: and judging whether the first database has the first identity credential information of the user or not through the first plug-in.
The first plug-in may be a Redis authentication plug-in for a Redis database, and the Redis authentication plug-in may determine whether the first identity credential information of the user exists in the first database. If the first database has the first identity credential information of the user, the Redis authentication plug-in can judge whether the first identity credential information of the user in the first database is matched with the second identity credential information of the user; if the first identity credential information of the user in the first database is matched with the second identity credential information of the user, the Redis authentication plug-in can send an authentication passing message to the client; if the first identity credential information of the user in the first database does not match the second identity credential information of the user, the Redis authentication plugin may send an authentication failure message to the client.
Step 103, if the first database does not have the first identity credential information of the user, loading the first identity credential information of the user in the second database to the first database, and determining whether the first identity credential information of the user in the second database matches with the second identity credential information of the user.
In the embodiment of the invention, if the first database does not have the first identity credential information of the user, the second database can be used for authentication. In practice, most authentication requests can be authenticated using the first database, and only a small number of authentication requests need to be authenticated using the second database, so that the concurrency requirement on the second database is very low.
In the embodiment of the present invention, the first identity credential information in the second database may be stored in correspondence with the user identification information, and the corresponding first identity credential information may be searched from the second database according to the user identification information in the authentication request.
And if the first identity certificate information of the user exists in the second database, judging whether the first identity certificate information of the user in the database is matched with the second identity certificate information of the user.
If the first identity credential information for the user is not present in the second database, the server may return an authentication failure message to the client.
In the embodiment of the invention, the first identity certificate information of the user in the second database is loaded to the first database, so that the server can search the first identity certificate information of the user from the first database when receiving the authentication request of the user next time, thereby quickly responding to the authentication request. After the first identity credential information of the user is loaded into the first database, the first database only stores the first identity credential information of the user within a preset time period. After a preset time period, the first database deletes the first identity credential information of the user again. It will be appreciated that the absence of first identity credential information for a user in the first database may include two situations, one where the server has never received an authentication request for that user, and therefore has never loaded the first identity credential information from the second database into the first database. In another case, the first identity credential information stored in the first database is deleted by the first database over a predetermined period of time.
In the embodiment of the invention, the first identity credential information of the user in the second database can be asynchronously loaded to the first database in an asynchronous loading mode. The asynchronous loading mode is that the loading is not carried out in the process of responding to the current authentication request, namely, the first identity credential information of the user in the second database is not loaded into the first database, and then whether the first identity credential information of the user exists in the first database is judged. If the first database does not have the first identity credential information of the user, whether the first identity credential information of the user exists in the second database or not is immediately judged. By means of asynchronous loading, the time for responding to the current authentication request cannot be increased.
In the embodiment of the present invention, the server may further have a second plug-in for a second database; the step of determining whether the first identity credential information of the user in the second database matches the second identity credential information of the user may comprise:
and judging whether the first identity credential information of the user in the second database is matched with the second identity credential information of the user through the second plug-in.
The second plug-in may be a database authentication plug-in for a general database DB, and the database authentication plug-in may determine whether the first identity credential information of the user in the second database matches the second identity credential information of the user; if the first identity credential information of the user in the second database is matched with the second identity credential information of the user, the second plug-in can send an authentication passing message to the client; if the first identity credential information of the user in the second database does not match the second identity credential information of the user, an authentication failure message may be sent to the client by the second plugin.
In an example of the embodiment of the present invention, the authentication method may further include: and if the first database does not contain the first identity credential information of the user, calling the second plug-in through the first plug-in.
If the first database does not have the first identity credential information of the user, the Redis authentication plug-in does not send an authentication failure message to the client, but can call the database authentication plug-in, and further judge whether the second database has the first identity credential information of the user or not through the database authentication plug-in.
In an embodiment of the present invention, the step of loading the first identity credential information of the user in the second database to the first database may include: loading, by the first plugin, first identity credential information of the user in the second database to the first database.
The Redis authentication plug-in may load the user's first identity credential information in the general database DB into the Redis database. The Redis authentication plug-in is generally provided by a Redis database service provider, and the Redis authentication plug-in provided by the service provider can have a basic authentication function. However, in the embodiment of the present invention, to implement the functions of loading the first identity credential information of the user in the second database to the first database and calling the database plug-in the Redis authentication plug-in, the Redis authentication plug-ins provided by these function service providers cannot be implemented, so additional development is required. The development of the Redis authentication plug-in requires that a developer is familiar with the development language of the Redis database, and has higher development requirements on the developer.
In another example of the embodiment of the present invention, the server may further have a third plug-in; the method may further comprise: if the first database does not contain the first identity credential information of the user, the third plugin is called through the first plugin, and the second plugin is called through the third plugin.
The third plug-in may be an Http authentication plug-in, and if the first database does not have the first identity credential information of the user, the Redis authentication plug-in may call the Http authentication plug-in, and the Http authentication plug-in calls the database plug-in.
In an embodiment of the present invention, the step of loading the first identity credential information of the user in the second database to the first database may include: loading, by the third plugin, the first identity credential information of the user in the second database to the first database.
The Http authentication plug-in may load the first identity credential information of the user in the second database to the first database. The Http authentication plug-in is a relatively mature authentication plug-in, the Http authentication plug-in is easy to develop, and a developer can easily load the first identity credential information of the user in the second database into the first database and call the database plug-in the Http authentication plug-in.
And 104, if the first identity credential information of the user in the second database is matched with the second identity credential information of the user, sending an authentication passing message to the client.
If the first identity credential information of the user in the second database matches the second identity credential information of the user, the authentication is passed, and the server may send an authentication pass message to the client.
Step 105, if the first identity credential information of the user in the second database does not match the second identity credential information of the user, sending an authentication failure message to the client.
If the first identity credential information of the user in the second database does not match the second identity credential information of the user, the authentication is not passed, and the server may send an authentication failure message to the client.
The authentication method in the embodiment of the present invention may be applied to a server, where the server has a first database and a second database, the first database is used to store first identity credential information of a user in a preset time period, and the second database is used to persistently store the first identity credential information of the user, and the method may include: receiving an authentication request sent by a client, wherein the authentication request comprises second identity credential information of a user; judging whether first identity credential information of the user exists in a first database; if the first database does not have the first identity credential information of the user, judging whether the first identity credential information of the user in the second database is matched with the second identity credential information of the user; if the first identity credential information of the user in the second database is matched with the second identity credential information of the user, sending an authentication passing message to the client; and if the first identity credential information of the user in the second database is not matched with the second identity credential information of the user, sending an authentication failure message to the client. The first database of the embodiment of the invention has the characteristics of high response speed and high concurrency support, and can be preferentially used for processing the authentication request. In the absence of the first identity credential information of the user in the first database, processing is performed for the authentication request using the second database. The success rate of the authentication request is improved, and the number of the authentication requests repeatedly sent by the client is reduced. Under the requirement of reaching the same throughput, if only one database is used for authentication, the database is required to have higher performance and higher cost. The embodiment of the invention uses two databases with different performances for authentication, has low requirements on the performances of the first database and the second database, and can reduce the cost. And under the condition that the first database does not have the first identity credential information of the user, the first identity credential information of the user can be loaded to the first database from the second database, so that the first database can update the first identity credential information of the user, and the problem that the first database cannot be dynamically updated is solved.
Fig. 2 is a flowchart of an authentication method according to an embodiment of the present invention. Among them, the EMQ server may be installed with a Redis database, a database DB, a Redis authentication plug-in, a database authentication plug-in, and an Http authentication plug-in.
After the EMQ server receives the authentication request of the client, the Redis authentication plugin may determine whether the first credential information of the user exists in the Redis database. If the Redis database has the first credential information of the user, judging whether the first credential information of the user is matched with the second credential information in the authentication request, if so, passing the authentication, and if not, failing the authentication. If the first credential information of the user does not exist in the Redis database, the Redis authentication plug-in may call the Http authentication plug-in.
The Http authentication plug-in calls the database authentication plug-in and asynchronously loads the first credential information of the user from the database DB to the Redis database, so that the Redis authentication plug-in can find the first credential information of the user in the Redis database when the EMQ server receives an authentication request next time.
The Http authentication plug-in is only responsible for loading the first credential information which does not exist in the Redis database into the Redis database from the data, and an asynchronous mode is used, so that the Http authentication plug-in hardly consumes the time of the total authentication. Because the functional logic is very simple and has low requirement on the quality of a developer, the requirements on high stability and high reliability can be met.
The database authentication plug-in is the last guarantee, and only a small number of authentication requests are transferred to the database authentication plug-in after the Redis authentication plug-in is authenticated, so that the concurrence requirement on the database is very low.
The database authentication plug-in may determine whether the first credential information of the user exists in the database DB. And if the first certificate information of the user exists in the database DB, judging whether the first certificate information of the user is matched with the second certificate information in the authentication request, and if the first certificate information of the user is matched with the second certificate information in the authentication request, the authentication is passed. If the first credential information of the user does not match the second credential information in the authentication request, the authentication fails. If the first credential information of the user does not exist in the database DB, the authentication fails.
Referring to fig. 3, a flow chart of another authentication method according to an embodiment of the invention is shown. Among them, the EMQ server may be installed with a Redis database, a database DB, a Redis authentication plug-in, and a database authentication plug-in.
After the EMQ server receives the authentication request of the client, the Redis authentication plugin may determine whether the first credential information of the user exists in the Redis database. If the Redis database has the first credential information of the user, judging whether the first credential information of the user is matched with the second credential information in the authentication request, if so, passing the authentication, and if not, failing the authentication. If the first credential information of the user does not exist in the Redis database, the Redis authentication plug-in can call the database authentication plug-in and asynchronously load the first credential information of the user from the database DB to the Redis database, so that the Redis authentication plug-in can find the first credential information of the user in the Redis database when the EMQ server receives an authentication request next time.
The database authentication plug-in may determine whether the first credential information of the user exists in the database DB. And if the first certificate information of the user exists in the database DB, judging whether the first certificate information of the user is matched with the second certificate information in the authentication request, and if the first certificate information of the user is matched with the second certificate information in the authentication request, the authentication is passed. If the first credential information of the user does not match the second credential information in the authentication request, the authentication fails. If the first credential information of the user does not exist in the database DB, the authentication fails.
It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.
Referring to fig. 4, a block diagram of a server according to an embodiment of the present invention is shown, where the server has a first database and a second database, the first database is used to store first identity credential information of a user for a preset time period, and the second database is used to persistently store the first identity credential information of the user, and the server may include the following modules:
a request receiving module 401, configured to receive an authentication request sent by a client, where the authentication request includes second identity credential information of a user;
a first determining module 402, configured to determine whether first identity credential information of the user exists in the first database;
a processing module 403, configured to, if the first database does not have the first identity credential information of the user, load the first identity credential information of the user in the second database into the first database, and determine whether the first identity credential information of the user in the second database matches the second identity credential information of the user;
a first authentication module 404, configured to send an authentication pass message to the client if the first identity credential information of the user in the second database matches the second identity credential information of the user;
a second authentication module 405, configured to send an authentication failure message to the client if the first identity credential information of the user in the second database is not matched with the second identity credential information of the user.
In this embodiment of the present invention, the processing module 403 may include:
and the asynchronous loading submodule is used for asynchronously loading the first identity credential information of the user in the second database to the first database.
In an embodiment of the invention, the server has a first plug-in to the first database; the first determining module 402 may include:
and the first judging submodule is used for judging whether the first database has the first identity certificate information of the user through the first plug-in.
In an embodiment of the invention, the server has a second plug-in to the second database; the processing module 403 may include:
and the second judging submodule is used for judging whether the first identity credential information of the user in the second database is matched with the second identity credential information of the user through the second plug-in.
In the embodiment of the invention, the server is also provided with a third plug-in; the server may further include:
a first plug-in calling module, configured to call the second plug-in through the first plug-in if the first database does not have the first identity credential information of the user;
the processing module 403 may include:
and the first plug-in loading submodule is used for loading the first identity credential information of the user in the second database to the first database through the first plug-in.
In the embodiment of the invention, the server is also provided with a third plug-in; the server may further include:
a second plug-in calling module, configured to call the third plug-in through the first plug-in if the first database does not have the first identity credential information of the user, and call the second plug-in through the third plug-in;
the processing module 403 may include:
and the second plug-in loading submodule is used for loading the first identity credential information of the user in the second database to the first database through the third plug-in.
In this embodiment of the present invention, the server may further include:
a second judging module, configured to judge whether first identity credential information of the user in the first database matches second identity credential information of the user if the first identity credential information of the user exists in the first database;
a third authentication module, configured to send an authentication pass message to the client if the first identity credential information of the user in the first database matches the second identity credential information of the user;
a fourth authentication module, configured to send an authentication failure message to the client if the first identity credential information of the user in the first database is not matched with the second identity credential information of the user.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
An embodiment of the present invention further provides an electronic device, including:
the authentication method comprises a processor, a memory and a computer program which is stored on the memory and can run on the processor, wherein when the computer program is executed by the processor, each process of the authentication method embodiment is realized, the same technical effect can be achieved, and the details are not repeated here to avoid repetition.
The embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when being executed by a processor, the computer program implements each process of the authentication method embodiment, and can achieve the same technical effect, and is not described herein again to avoid repetition.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing terminal to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing terminal to cause a series of operational steps to be performed on the computer or other programmable terminal to produce a computer implemented process such that the instructions which execute on the computer or other programmable terminal provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the embodiments of the invention.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or terminal that comprises the element.
The authentication method and the server provided by the present invention are described in detail above, and the principle and the implementation of the present invention are explained in detail herein by applying specific examples, and the description of the above embodiments is only used to help understanding the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (10)

1. An authentication method applied to a server, wherein the server has a first database and a second database, the first database is used for storing first identity credential information of a user within a preset time period, and the second database is used for persistently storing the first identity credential information of the user, the method comprising:
receiving an authentication request sent by a client, wherein the authentication request comprises second identity credential information of a user;
judging whether first identity credential information of the user exists in the first database;
if the first database does not have the first identity credential information of the user, loading the first identity credential information of the user in the second database to the first database, and judging whether the first identity credential information of the user in the second database is matched with the second identity credential information of the user;
if the first identity credential information of the user in the second database is matched with the second identity credential information of the user, sending an authentication passing message to the client;
and if the first identity credential information of the user in the second database is not matched with the second identity credential information of the user, sending an authentication failure message to the client.
2. The method of claim 1, wherein the loading the first identity credential information of the user in the second database to the first database comprises:
asynchronously loading first identity credential information of the user in the second database to the first database.
3. The method of claim 1, wherein the server has a first plug-in to the first database;
the determining whether the first identity credential information of the user exists in the first database includes:
and judging whether the first database has the first identity credential information of the user or not through the first plug-in.
4. The method of claim 3, wherein the server has a second plug-in to the second database;
the determining whether the first identity credential information of the user in the second database matches the second identity credential information of the user includes:
and judging whether the first identity credential information of the user in the second database is matched with the second identity credential information of the user through the second plug-in.
5. The method of claim 4, wherein the server further has a third plug-in; the method further comprises the following steps:
if the first database does not have the first identity credential information of the user, calling the second plug-in through the first plug-in;
the loading first identity credential information of the user in the second database to the first database comprises:
loading, by the first plugin, first identity credential information of the user in the second database to the first database.
6. The method of claim 4, wherein the server further has a third plug-in; the method further comprises the following steps:
if the first database does not contain the first identity credential information of the user, calling the third plug-in through the first plug-in, and calling the second plug-in through the third plug-in;
the loading first identity credential information of the user in the second database to the first database comprises:
loading, by the third plugin, the first identity credential information of the user in the second database to the first database.
7. The method of claim 1, further comprising:
if the first database has the first identity credential information of the user, judging whether the first identity credential information of the user in the first database is matched with the second identity credential information of the user;
if the first identity credential information of the user in the first database is matched with the second identity credential information of the user, sending an authentication passing message to the client;
and if the first identity credential information of the user in the first database is not matched with the second identity credential information of the user, sending an authentication failure message to the client.
8. A server having a first database for storing first identity credential information of a user for a preset period of time and a second database for persistently storing the first identity credential information of the user, the server comprising:
the request receiving module is used for receiving an authentication request sent by a client, wherein the authentication request comprises second identity credential information of a user;
the first judging module is used for judging whether the first identity certificate information of the user exists in the first database or not;
a processing module, configured to load, if first identity credential information of the user does not exist in the first database, the first identity credential information of the user in the second database to the first database, and determine whether the first identity credential information of the user in the second database matches the second identity credential information of the user;
the first authentication module is used for sending an authentication passing message to the client if the first identity credential information of the user in the second database is matched with the second identity credential information of the user;
and the second authentication module is used for sending an authentication failure message to the client if the first identity credential information of the user in the second database is not matched with the second identity credential information of the user.
9. An electronic device, comprising: processor, memory and a computer program stored on the memory and executable on the processor, the computer program, when executed by the processor, implementing the steps of the authentication method according to any one of claims 1-7.
10. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, which computer program, when being executed by a processor, carries out the steps of the authentication method according to any one of claims 1 to 7.
CN202011013258.7A 2020-09-23 2020-09-23 Authentication method and server Pending CN112084475A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011013258.7A CN112084475A (en) 2020-09-23 2020-09-23 Authentication method and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011013258.7A CN112084475A (en) 2020-09-23 2020-09-23 Authentication method and server

Publications (1)

Publication Number Publication Date
CN112084475A true CN112084475A (en) 2020-12-15

Family

ID=73739672

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011013258.7A Pending CN112084475A (en) 2020-09-23 2020-09-23 Authentication method and server

Country Status (1)

Country Link
CN (1) CN112084475A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108108597A (en) * 2016-11-25 2018-06-01 沈阳美行科技有限公司 Authentication method and device based on NGTP architecture
CN109960915A (en) * 2017-12-22 2019-07-02 苏州迈瑞微电子有限公司 A kind of identity authentication method
CN111680279A (en) * 2020-06-04 2020-09-18 上海东普信息科技有限公司 Login verification method, device and system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108108597A (en) * 2016-11-25 2018-06-01 沈阳美行科技有限公司 Authentication method and device based on NGTP architecture
CN109960915A (en) * 2017-12-22 2019-07-02 苏州迈瑞微电子有限公司 A kind of identity authentication method
CN111680279A (en) * 2020-06-04 2020-09-18 上海东普信息科技有限公司 Login verification method, device and system

Similar Documents

Publication Publication Date Title
CN107948284B (en) Service offline method, device and system based on micro-service architecture
CN107015870B (en) Method and device for realizing communication between web page and local application and electronic equipment
CN109391673B (en) Method, system and terminal equipment for managing update file
US20140195663A1 (en) Method and System for Providing Cloud-Based Common Distribution Applications
CN101571809A (en) Implementation method of plug-in registration and device thereof
CN110730171A (en) Service request processing method, device and system, electronic equipment and storage medium
CN103747010A (en) Method, system and device for controlling PC (personal computer) by mobile terminal
CN104731645A (en) Task scheduling method and device and data downloading method and device
CN109819033A (en) A kind of resource file loading method and system
CN109040263B (en) Service processing method and device based on distributed system
CN111694620B (en) Interaction method, device and equipment of third party service and computer storage medium
CN110750780B (en) User role permission fusion method, device and equipment based on multi-service system
US20170017921A1 (en) Location information validation techniques
CN111078437B (en) Remote calling method and device for verification codes, electronic equipment and readable storage medium
CN110505289B (en) File downloading method and device, computer readable medium and wireless communication equipment
CN112084475A (en) Authentication method and server
CN113596177B (en) Method and device for resolving IP address of intelligent household equipment
CN113824675B (en) Method and device for managing login state
CN113890906A (en) Call forwarding method and device, electronic equipment and computer readable storage medium
CN111966755A (en) Block chain-based APP application method, device and system
CN113541981A (en) Member management method and system for network slices
CN113641966B (en) Application integration method, system, equipment and medium
CN114679302B (en) Method, device, equipment and storage medium for docking single sign-on system
US20240152504A1 (en) Data interaction method, apparatus, and electronic device
CN111104439B (en) Stored data comparison method, stored data comparison device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination