CN112104641B

CN112104641B - Login form conversion method and device, storage medium and electronic equipment

Info

Publication number: CN112104641B
Application number: CN202010952858.3A
Authority: CN
Inventors: 陆文成; 张洺棋; 潘晓磊; 窦钐实; 张婷; 代博文; 田硕
Original assignee: China United Network Communications Group Co Ltd
Current assignee: China United Network Communications Group Co Ltd
Priority date: 2020-09-11
Filing date: 2020-09-11
Publication date: 2022-07-29
Anticipated expiration: 2040-09-11
Also published as: CN112104641A

Abstract

The embodiment of the application provides a login form conversion method, a device, a storage medium and electronic equipment, wherein a conversion plug-in installed on a server is used for judging whether the server initiates 302 redirection when the server receives a request message sent by a browser, intercepting a response message sent to the browser by the server when the server initiates 302 redirection and the generated 302 redirection address conforms to the address format of a CAS (central authentication service), processing the response message according to the type of the request message to obtain a first response message, and sending the first response message to the browser, so that the conversion of 'CAS single sign-on based on webpage skipping' into 'CAS single sign-on based on webpage embedded iframe popup window' is realized, the advantages of non-invasiveness and universality are achieved, and the cost required for modifying a login flow is saved.

Description

Login form conversion method and device, storage medium and electronic equipment

Technical Field

The embodiment of the application relates to the technical field of computers, in particular to a login form conversion method and device, a storage medium and electronic equipment.

Background

A Central Authentication Service (CAS) is a single sign-on mode which should be widely used at present, and in the CAS protocol, the user identity authentication process needs to go through three browser jumps, specifically: when a user accesses a resource needing to be logged in the Web application, the browser jumps to a login authentication platform; after a user inputs a correct login certificate in a login authentication platform, the browser jumps to a login ticket root verification page of the Web application, and a Uniform Resource Locator (URL) comprises the login ticket root of the user; and the Web application transmits the login ticket root to a login authentication platform for verification, and if the ticket root is correct, the browser finally jumps to the resource to be accessed by the user. In the process, a user faces a blank webpage for three times to wait for the browser to finish loading, so that the user experience is not smooth.

In order to improve the user fluency, in the prior art, by modifying the Web page source code of the server Web application, when the user accesses the limited resource through the browser, the CAS protocol completes the identity authentication of the user in a popup mode.

However, the prior art has the problems of low universality and high difficulty in recovering the original login function.

Disclosure of Invention

The embodiment of the application provides a login form conversion method, a login form conversion device, a storage medium and electronic equipment, and aims to solve the problems that in the prior art, the universality is low and the original login function is difficult to recover.

In a first aspect, an embodiment of the present application provides a login form conversion method, which is applied to a conversion plugin installed on a server; the method comprises the following steps:

when a server receives a request message sent by a browser, judging whether the server initiates 302 redirection;

intercepting a response message sent to the browser by the server when the server initiates 302 redirection and the generated 302 redirection address conforms to the address format of a CAS (central authentication service);

processing the response message according to the type of the request message to obtain a first response message;

and sending the first response message to a browser.

Optionally, the processing the response packet according to the type of the request packet to obtain a first response packet includes:

if the type of the request message is asynchronous JavaScript and an extensible markup language (Ajax) request, modifying a hypertext transfer protocol (HTTP) state code in a message header of the response message into 200;

And adding an authentication event attribute and an authentication success skip attribute in a message header of the response message, wherein the attribute value of the authentication event attribute is the 302 redirection address, and the attribute value of the authentication success skip attribute is a login success skip Uniform Resource Locator (URL) stored in the server.

if the type of the request message is non-asynchronous JavaScript and an extensible markup language (Ajax) request, modifying a hypertext transfer protocol (HTTP) state code in a message header of the response message into 200;

adding an authentication success skip attribute in a message header of the response message, wherein the attribute value of the authentication success skip attribute is a login success skip Uniform Resource Locator (URL) stored in the server;

and filling a message body for the response message, wherein the message body comprises a code of a login popup window embedded with the iframe and a code of a monitoring module, and the website source of the iframe in the login popup window embedded with the iframe is the 302 redirection address.

Optionally, the method further comprises:

if the server does not initiate 302 redirection, intercepting a response message sent by the server to the browser;

Judging whether the content type of the message body of the response message is in a hypertext markup language (HTML) format or not;

if the content type of the message body of the response message is in an HTML format, inserting a code of a monitoring module into the message body of the response message to obtain a second response message;

and sending the second response message to the browser.

In a second aspect, an embodiment of the present application provides a login form conversion method, which is applied to a browser of a terminal device, and the method includes:

receiving a first response message sent by a server;

processing the first response message, and determining a monitoring module corresponding to a webpage currently in an open state in the browser;

generating a login popup window embedded with the iframe by utilizing the monitoring module and the first response message;

and controlling the login popup window with the embedded iframe to execute the operation corresponding to the attribute value by using the monitoring module according to the attribute value of the position attribute of the iframe in the login popup window with the embedded iframe.

Optionally, the generating a login popup window with an embedded iframe by using the monitoring module and the first response packet includes:

processing the first response message by using the monitoring module, and determining that a message header of the first response message comprises an authentication success skip attribute, a message body of the first response message comprises a code of a login popup window embedded with an iframe, wherein an attribute value of the authentication success skip attribute is a login success skip Uniform Resource Locator (URL), and a website source of the iframe in the login popup window embedded with the iframe is a 302 redirection address;

And rendering the code of the login popup window embedded with the iframe to obtain the login popup window embedded with the iframe.

processing the first response message by using the monitoring module, and determining that a message header of the first response message comprises an authentication event attribute and an authentication success skip attribute, wherein the attribute value of the authentication event attribute is a 302 redirection address, and the attribute value of the authentication success skip attribute is a login success skip Uniform Resource Locator (URL);

and constructing a login popup window of the embedded iframe according to the attribute value of the authentication event attribute through the monitoring module.

Optionally, before the processing the first response packet and determining that the monitoring module corresponding to the currently open webpage in the browser exists, the method further includes:

receiving a second response message sent by the server, wherein the message body of the second response message comprises a code of the monitoring module;

correspondingly, the processing the first response packet and determining the monitoring module corresponding to the currently open webpage in the browser includes:

Processing the first response message, and determining that a message header of the first response message comprises an authentication event attribute;

and instantiating the code of the monitoring module in the message body of the second response message to obtain the monitoring module corresponding to the webpage currently in the open state in the browser.

Optionally, the processing the first response packet and determining a monitoring module corresponding to a webpage currently in an open state in the browser includes:

processing the first response message, and determining that the message header of the first response message does not include the authentication event attribute and the message body of the first response message includes the code of the monitoring module;

and instantiating codes of the monitoring module in the message body of the first response message to obtain the monitoring module corresponding to the webpage currently in the open state in the browser.

Optionally, before the monitoring module is utilized to control the login popup window of the embedded iframe to execute the operation corresponding to the attribute value according to the attribute value of the location attribute of the iframe in the login popup window of the embedded iframe, the method further includes:

controlling the login popup window with the embedded iframe to be in a hidden state by using a monitoring module;

Correspondingly, the controlling, by using the monitoring module, the login popup window of the embedded iframe to execute the operation corresponding to the attribute value according to the attribute value of the location attribute of the iframe in the login popup window of the embedded iframe includes:

judging whether the attribute value of the location attribute of the iframe can become a login success jump URL within a preset time threshold value by using the monitoring module;

if the attribute value of the location attribute of the iframe cannot become a login success jump URL within a preset time threshold, controlling the login popup window to display by using the monitoring module;

when the attribute value of the location attribute of the iframe changes, judging whether the attribute value of the location attribute of the iframe is equal to the login success jump URL or not by using the monitoring module;

and if the attribute value of the location attribute of the iframe is equal to the login success jump URL, setting the login popup window to be in a hidden state by using the monitoring module and controlling the current webpage to display an authentication success prompt message.

Optionally, the method further comprises:

if the attribute value of the location attribute of the iframe can become a login success jump URL within a preset time threshold, judging whether the attribute value of the location attribute of the iframe is equal to the login success jump URL or not by using the monitoring module when the attribute value of the location attribute of the iframe changes;

And if the login success skip URL is the attribute value of the location attribute of the iframe, controlling the current webpage to display a prompt message of authentication success by using the monitoring module.

In a third aspect, an embodiment of the present application provides a login form conversion apparatus, including:

the processing unit is used for judging whether the server initiates 302 redirection when the server receives a request message sent by a browser; intercepting a response message sent to the browser by the server when the server initiates 302 redirection and the generated 302 redirection address conforms to the address format of a CAS (central authentication service); processing the response message according to the type of the request message to obtain a first response message;

and the receiving and sending unit is used for sending the first response message to the browser.

In a fourth aspect, an embodiment of the present application provides a login form conversion apparatus, including:

the receiving and sending unit is used for receiving a first response message sent by the server;

the processing unit is used for processing the first response message and determining a monitoring module corresponding to a webpage currently in an open state in a browser; generating a login popup window embedded with an iframe by using the monitoring module and the first response message; and controlling the login popup window of the embedded iframe to execute the operation corresponding to the attribute value by utilizing the monitoring module according to the attribute value of the position attribute of the iframe in the login popup window of the embedded iframe.

In a fifth aspect, an embodiment of the present application provides a server, including: a transceiver, a memory, and a processor; the memory is configured to store a computer program, and the processor executes the computer program to implement the login form conversion method according to the first aspect.

In a sixth aspect, an embodiment of the present application provides a terminal device, including: a transceiver, a memory, and a processor; the memory is used for storing a computer program, and the processor executes the computer program to realize the login form conversion method according to the second aspect.

In a seventh aspect, an embodiment of the present application provides a storage medium, where the storage medium is used to store a computer program, and the computer program is used to implement the login form conversion method according to the first aspect.

In an eighth aspect, an embodiment of the present application provides a storage medium, where the storage medium is used to store a computer program, and the computer program is used to implement the login form conversion method according to the second aspect.

The login form conversion method, the device, the storage medium and the electronic equipment provided by the embodiment of the application judge whether the server initiates 302 redirection or not through a conversion plug-in installed on the server when the server receives a request message sent by a browser, intercept a response message sent to the browser by the server when the server initiates 302 redirection and the generated 302 redirection address conforms to the address format of the CAS (central authentication service), process the response message according to the type of the request message to obtain a first response message, send the first response message to the browser, process the first response message through the browser installed on the terminal equipment when receiving the first response message sent by the server, determine a monitoring module corresponding to a webpage currently in an open state in the browser, and utilize the monitoring module and the first response message, the method comprises the steps of generating a login popup window embedded with an iframe, controlling the login popup window embedded with the iframe to execute an operation corresponding to an attribute value according to the attribute value of the position attribute of the iframe in the login popup window embedded with the iframe by using a monitoring module, converting 'CAS single sign-on based on webpage skipping' into 'CAS single sign-on based on the embedded iframe popup window of the webpage' by installing a conversion plug-in on a server under the condition of not changing a source code of the server, and realizing the installation or the uninstallation of the conversion plug-in on different servers by one-key installation or one-key uninstallation.

Drawings

In order to more clearly illustrate the technical solutions in the present application or the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.

Fig. 1 is a schematic structural diagram of a login authentication system based on a central authentication service in the prior art;

fig. 2 is a schematic flowchart of a first login form conversion method according to an embodiment of the present application;

fig. 3 is a schematic flowchart of a second login form conversion method according to an embodiment of the present application;

fig. 4 is a schematic structural diagram of a first login form conversion apparatus according to an embodiment of the present application;

fig. 5 is a schematic structural diagram of a second login form conversion apparatus according to an embodiment of the present application;

FIG. 6 is a schematic structural diagram of an embodiment of a server provided in the present application;

fig. 7 is a schematic structural diagram of an embodiment of a terminal device provided in the present application.

Detailed Description

Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.

The technical solution of the present application will be described in detail below by taking a CAS login authentication system as an example, and it can be understood that the login form conversion method, apparatus, storage medium and electronic device provided in the embodiments of the present application are also applicable to a Web system that uses other products to implement login authentication, such as a Web system based on QQ login and GitHub OAuth, and are not limited herein.

In the prior art, in order to limit a user's access to a protected service function or resource, a CAS system needs to authenticate the identity of the user, i.e. login authentication, so as to ensure that only an authorized user can access or use the protected service function or resource, fig. 1 is a schematic structural diagram of a login authentication system based on a central authentication service in the prior art, as shown in fig. 1, the CAS login authentication system includes a terminal device (on which a browser or an application having the same function as the browser is installed), a unified authentication center, and a Web server, where the Web server is used for installing a Web application (software for logging in by using an account of the unified authentication center), and in the CAS login authentication system, a plurality of Web servers may be provided, and different Web servers correspond to different Web applications. Two Web servers, Web server a and Web server B, are taken as an example for explanation, and Web server a and Web server B are respectively corresponding Web servers of Web application a and Web application B:

Scene one: when the user who does not log in accesses the protected resource of the Web server A for the first time, the whole login authentication process is as follows: the Web server A judges whether the user logs in through the filter, and when the user is determined not to log in, the Web server A redirects (302) to a unified authentication center and sends a redirection address to the browser; the browser initiates redirection according to the redirection address, and inputs personal information (such as a user name and a password) of the user in a login page returned by the unified authentication center; the unified authentication center verifies whether the input personal information is valid or not, and after the verification is successful, the unified authentication center returns a special certificate (login ticket root) to the browser; after receiving the login ticket root, the browser redirects to the Web server A and includes the login ticket root in the URL; the Web server A takes out the login ticket root through a filter and sends the login ticket root to the unified authentication center so that the unified authentication center can verify whether the login ticket root is valid or not; when the Web server A receives the message that the login ticket root is valid and sent by the unified authentication center, the identity authentication of the user is completed, and the Web server A displays the resources of the Web application a requested by the user on a browser.

Scene two: when the user accesses the resource of the software platform A, the user suddenly initiates a request for accessing the resource on the Web server B, and the login authentication process is as follows: because the user accesses the Web server B for the first time, the Web server B redirects through 302, so that the browser can be sent to the unified authentication center for login authentication; because the browser uses the unified authentication center to perform identity authentication (when accessing the Web server A), the unified authentication center does not return a login page to acquire personal information of a user, but directly issues a login ticket root to the browser, the browser is redirected to the Web server B, the Web server B acquires the login ticket root and verifies the login ticket root in the unified authentication center, and after the verification is successful, the Web server B displays resources of a software platform B requested by the user on the browser.

From the above analysis, in the CAS login authentication system, the unregistered user accesses the resource of the Web application which needs to be logged in for the first time and has the right to access, and the process of performing login authentication needs to go through three browser jumps, which are respectively: skipping to an identity authentication page of the unified authentication center, skipping to a Web server login ticket root verification page and skipping to a redisplay page after login is successful. In the process, the user faces a blank webpage three times to wait for the loading of the browser to be completed, so that the user experience is not smooth.

In order to solve the defects existing in the CAS login authentication process, the prior art provides a method for modifying a Web page source code of a Web application, and when a user accesses a protected resource, the identity authentication of the user is completed in a popup window mode.

The main ideas of the technical scheme are as follows: based on the problems in the prior art, the method for realizing login authentication through the conversion plug-in is provided, the CAS single sign-on based on webpage skipping can be converted into the CAS single sign-on based on the webpage embedded iframe popup without modifying any source code after the conversion plug-in is installed on the appointed Web server, the advantages of non-invasiveness and universality are achieved, and the cost required by modifying the login process is saved.

Fig. 2 is a flowchart illustrating a first embodiment of a login form conversion method provided in an embodiment of the present application, where a conversion plug-in is installed in advance on a Web server and a browser is installed in advance on a terminal device in the present embodiment, and the method of the present embodiment is applied between the conversion plug-in of the Web server and the browser of the terminal device, as shown in fig. 2, the method of the present embodiment includes:

S101, when the server receives a request message sent by a browser, the conversion plug-in judges whether the server initiates 302 redirection.

As can be seen from the foregoing analysis, in the CAS login authentication process, if a user requests to access a protected resource (a resource that the user has permission to access only in the login state) through a browser in the non-login state, the CAS filter triggers 302 redirection when the server receives a request message, and if the user accesses the resource (including the protected resource and other resources) through the browser in the login state or accesses other resources (network resources other than the protected resource) through the browser in the non-login state, the CAS filter does not trigger 302 redirection when the server receives the request message. In this step, when the server receives the request message sent by the browser, the conversion plug-in determines whether the server initiates 302 redirection through the filter, and executes corresponding operations according to the determination result.

The request message is used for requesting to read or acquire a related network resource, such as a webpage, a data packet, and the like, and includes an address of a resource to be accessed and a state of a browser, and the state of the browser includes a user login state and a user non-login state, that is, whether a user logs in the browser, and the address of the resource to be accessed is a Uniform Resource Locator (URL) of the resource which the user requests to access. The server generates a corresponding response message according to the received request message, and sends the response message to the corresponding browser, for example, when the server determines that the state of the browser is the user unregistered state and the resource to be accessed is the protected resource according to the request message, the server sends the response message including the 302 redirection address to the browser, and otherwise, the server directly sends the response message including the resource to be accessed to the browser.

S102, when the conversion plug-in determines that the server initiates 302 redirection and the generated 302 redirection address conforms to the address format of CAS, the conversion plug-in intercepts a response message sent by the server to the browser.

In this step, when the conversion plug-in determines that the server initiates 302 redirection and the generated 302 redirection address conforms to the address format of CAS, it indicates that the browser requests to access the protected resource in the state that the user is not logged in, and a CAS authentication mechanism is used between the server and the browser, at this time, the conversion plug-in intercepts the response message sent by the server to the browser, and the header of the response message includes an HTTP status code and a 302 redirection address, where the HTTP status code is 302.

In one possible implementation, the translation plug-in monitors server operations to determine whether the server initiated a 302 redirect and the resulting address format of the 302 redirect.

In another possible implementation manner, the conversion plug-in determines whether the server initiates 302 redirection and the generated 302 redirection address format by reading a response message generated by the server.

S103, the conversion plug-in processes the response message according to the type of the request message to obtain a first response message.

In this step, when it is determined that the server initiates 302 redirection and the generated 302 redirection address conforms to the address format of the CAS, the conversion plug-in intercepts a response message sent by the server to the browser, and processes the response message according to the type of the request message, so as to obtain a first response message.

It should be noted that, in this embodiment, the conversion plug-in has a function of reading the request message received by the server and the generated response message at any time, and has a function of intercepting the response message and processing the response message.

The type of the request message includes asynchronous JavaScript and extensible markup language (Ajax, where XML is an abbreviation of extensible markup language) request and non-Ajax request (other requests except Ajax request).

Ajax is a web development technology for asynchronously requesting data, and simply, without refreshing a page, Ajax loads background data through an asynchronous request and presents the background data on the page. Common application scenes comprise form verification whether login is successful, hundred-degree search drop-down box prompt, express bill number query and the like. Accordingly, the Ajax request retrieves data rather than an HTML document. Thus, the Ajax requests are a class of more specific requests.

In this embodiment, the conversion plug-in may determine, according to a header of the request packet, whether the type of the request packet is an Ajax request or a non-Ajax request. According to different types of request messages, the conversion plug-in unit executes different processing on the response messages and generates different first response messages:

in a possible implementation manner, when the type of the request packet is an Ajax request, the conversion plug-in performs the following processing on the response packet to obtain a first response packet:

(1) modifying the HTTP status code in the message header of the response message to 200;

(2) and adding an authentication event attribute and an authentication success skip attribute in a message header of the response message, wherein the attribute value of the authentication event attribute is the 302 redirection address, and the attribute value of the authentication success skip attribute is a login success skip URL stored in the server.

In another possible implementation manner, when the type of the request message is a non-Ajax request, the conversion plug-in executes the following processing on the response message to obtain a first response message:

(2) adding an authentication success skip attribute in a message header of the response message, wherein the attribute value of the authentication success skip attribute is a login success skip URL stored in the server;

(3) And filling a message body for the response message, wherein the message body comprises a code of a login popup window embedded with the iframe and a code of a monitoring module, and a website address source (src) of the iframe in the login popup window embedded with the iframe is a 302 redirection address.

It should be understood that, in this embodiment, modifying the HTTP status code in the header of the response packet to 200 means modifying the HTTP status code in the header of the response packet from 302 to 200, that is, canceling 302 redirection. Reference numeral 200 denotes an HTTP status code indicating that a request transmitted from a browser is correctly processed at a server.

The code of the monitoring module is used for instantiating the monitoring module in the browser, and the monitoring module can execute corresponding operation in the browser.

iframe is an HTML tag that acts as a document within a document, or a floating frame (frame). The iframe element creates an inline frame (i.e., inline frame) that contains another document. The website source (src) is the website of the nested web pages.

Therefore, the finally obtained first response message includes two possible situations, one is the first response message in which the message header includes the HTTP status code 200, the authentication event attribute and the authentication success skip attribute, and the other is the first response message in which the message header includes the HTTP status code 200 and the authentication success skip attribute, and the message body includes the code of the login popup window embedded with the iframe and the code of the monitoring module. The conversion plug-in generates one of the two first response messages according to the type of the request message, namely the two first response messages cannot exist at the same time.

S104, the conversion plug-in sends the first response message to the browser.

In this step, after S104, the conversion plug-in sends the first response packet generated in S103 to the browser, and accordingly, the browser completes receiving the first response packet.

Optionally, in S101, if it is determined that the server does not initiate 302 redirection, the method of this embodiment further includes:

the conversion plug-in intercepts a response message sent by the server to the browser, and judges whether the content type of a message body of the response message is in a hypertext markup language (HTML) format or not; if the content type of the message body of the response message is in an HTML format, the conversion plug-in inserts a code of the monitoring module into the message body of the response message to obtain a second response message, and sends the second response message to the browser, and correspondingly, the browser receives the second response message; if the content type of the message body of the response message is in other formats, such as a plain text format, a picture format and the like, the conversion plug-in returns the response message to the server so that the server directly sends the response message to the browser.

As can be seen from the foregoing analysis, when the redirection is not initiated 302 by the server, it is indicated that the browser accesses other resources in the user non-login state or the browser accesses protected resources in the user login state, at this time, the server directly generates a response message whose message body includes a resource to be accessed (i.e., a resource requested by the user), and accordingly, in this step, the second response message is obtained by inserting a conversion plug-in into the message body including the response message of the resource to be accessed, the code of the monitoring module.

It can be understood that the code of the inserted monitoring module in this step is the same as the code of the monitoring module inserted into the response message when the 302 redirection is initiated and the type of the request message is not Ajax request.

S105, the browser processes the first response message and determines a monitoring module corresponding to the webpage in the browser which is currently in the open state.

In this embodiment, since the conversion plug-in is only installed in the server, to ensure that the conversion plug-in can also control corresponding operations in the browser, the conversion plug-in inserts a code of the monitoring module into a corresponding response message, and when the browser receives the first response message, the browser determines the monitoring module corresponding to the currently open webpage in the browser by reading and analyzing the content of the first response message.

Because the first response message has two different situations, correspondingly, the monitoring module corresponding to the webpage currently in the open state in the browser is determined, and the two possible situations are also distinguished:

in a possible implementation manner, the browser reads and analyzes the first response message, and when it is determined that the message header of the first response message does not include the authentication event attribute and the message body of the first response message includes the code of the monitoring module, the browser instantiates the code of the monitoring module in the message body of the first response message to obtain the monitoring module corresponding to the webpage currently in the open state in the browser.

In another possible implementation manner, before the browser processes the first response packet and determines the monitoring module corresponding to the webpage currently in the open state in the browser, the browser receives a second response packet sent by the server, and accordingly, when the browser reads and analyzes the first response packet and determines that the header of the first response packet includes the authentication event attribute, the browser instantiates the code of the monitoring module in the second response packet to obtain the monitoring module corresponding to the webpage currently in the open state in the browser.

S106, the browser generates a login popup window embedded with the inline frame by using the monitoring module and the first response message.

In this step, after instantiating the monitoring module, the browser generates a login popup window embedded with the iframe according to the content of the first response message by using the monitoring module. Similarly, when the content of the first response message is different, the login popup window mode for generating the embedded iframe is also different.

In a possible implementation mode, the browser processes the first response message by using the monitoring module, determines that a message header of the first response message includes an authentication success skip attribute, a message body of the first response message includes a code of a login popup window embedded with an iframe, the attribute value of the authentication success skip attribute is a login success skip URL, and after a website source of the iframe in the login popup window embedded with the iframe is a 302 redirection address, the browser renders the code of the login popup window embedded with the iframe to obtain the login popup window embedded with the iframe.

It can be understood that, in this implementation manner, since the packet body of the first response packet includes the code of the login popup window embedded with the iframe, rendering is performed on the code of the login popup window embedded with the iframe by the browser, so that the login popup window embedded with the iframe can be obtained, and the iframe src of the login popup window embedded with the iframe is the 302 redirection address.

In another possible implementation manner, the browser processes the first response message by using the monitoring module, determines that a message header of the first response message includes an authentication event attribute and an authentication success skip attribute, the attribute value of the authentication event attribute is a 302 redirection address, and after the attribute value of the authentication success skip attribute is a login success skip URL, the browser constructs the login popup window embedded with the iframe according to the attribute value of the authentication event attribute through the monitoring module, so that the website source of the iframe in the login popup window embedded with the iframe is the 302 redirection address.

It can be understood that, in this implementation manner, since the first response packet does not include the code of the login popup window embedded with the iframe, the browser needs to construct the login popup window embedded with the iframe according to the content, i.e., the authentication event attribute and the authentication event attribute value, in the packet header of the first response packet by using the monitoring module.

S107, the browser controls the login popup window of the embedded intranet frame to execute operation corresponding to the attribute value according to the attribute value of the position attribute of the intranet frame in the login popup window of the embedded intranet frame through the monitoring module.

In this step, it can be known from the foregoing analysis that, in a CAS authentication mechanism, a browser may perform three jumps, in this embodiment, the identity authentication is performed on the user through the login popup window of the iframe, and the jumps of the browser are converted into changes in the attribute value of the location attribute of the iframe, so in this step, after the login popup window of the embedded iframe is obtained, the browser controls the login popup window of the embedded iframe to perform an operation corresponding to the attribute value of the location attribute of the iframe according to the attribute value of the location attribute of the iframe in the login popup window of the embedded iframe by using the monitoring module, thereby achieving the completion of login authentication on the user in the login popup window.

In the embodiment, when a conversion plug-in installed on a server receives a request message sent by a browser, whether the server initiates 302 redirection is judged, when the server initiates 302 redirection and the generated 302 redirection address conforms to the address format of the CAS (central authentication service), a response message sent to the browser by the server is intercepted, the response message is processed according to the type of the request message to obtain a first response message, the first response message is sent to the browser, when the first response message sent by the server is received, the first response message is processed through the browser installed on a terminal device, a monitoring module corresponding to a webpage currently in an open state in the browser is determined, a login popup window embedded with an iframe is generated by using the monitoring module and the first response message, the monitoring module is used for generating an attribute value of the position attribute of the iframe in the login popup window embedded with the iframe, the method has the advantages that the login popup window with the embedded iframe is controlled to execute the operation corresponding to the attribute value, the conversion plug-in is installed on the server, the CAS single sign-on based on webpage skipping is converted into the CAS single sign-on based on the webpage embedded iframe popup window under the condition that the source code of the server is not changed, the conversion plug-in can be installed or uninstalled on different servers through one-key installation or one-key uninstallation, the operation is simple, and the conversion plug-in does not invade the source code, so that the cost required by the improvement of the login process is saved.

Preferably, in S106, while the login popup window of the embedded iframe is obtained, the browser controls the login popup window of the embedded iframe to be in a hidden state, that is, not displayed, and not visible to the user by using the monitoring module. Meanwhile, the browser can also display the prompting message being authenticated in the current webpage by using the monitoring module. Correspondingly, fig. 3 is a schematic flow diagram of a second embodiment of the login form conversion method provided in the embodiment of the present application, and as shown in fig. 3, S107 may be specifically implemented by the following steps:

s1071, judging whether the attribute value of the position attribute of the inline frame can become a login success jump URL within a preset time threshold value by using a monitoring module.

The initial attribute value of the location attribute of the iframe is iframe src, that is, 302 redirection address, but due to cross-domain limitation of the browser, before the attribute value of the location attribute of the iframe becomes a login successful jump URL, the monitoring module cannot read a specific attribute value of the location attribute of the iframe, so in this step, by using the monitoring module to judge whether the attribute value of the location attribute of the iframe can become the login successful jump URL within a preset time threshold, it can be determined that a current scene (scene one or scene two in the foregoing description is present), if the attribute value of the location attribute of the iframe cannot become the login successful jump URL within the preset time threshold, it is described that the personal information of the user is not stored in the unified authentication center, authentication can be performed by inputting the personal information by the user, and corresponding to the situation of the foregoing scene one, the browser executes S1072-S1074 accordingly; if the attribute value of the location attribute of the iframe can become a login success jump URL within the preset time threshold, the unified authentication center stores the personal information of the user, the authentication can be realized without inputting the personal information again by the user, and correspondingly, the browser executes S1075-S1076.

The preset time threshold value can be the time required for the browser to jump from the identity authentication page returned by the unified authentication center to the login ticket root verification page of the Web server when the user does not need to input personal information according to actual application, and the preset time threshold value can be only longer than the time.

S1072, the monitoring module is used for controlling the login popup window display of the embedded inline frame.

In this step, on the premise that the login popup is kept in a hidden state, when it is determined that the attribute value of the location attribute of the iframe does not become a login success jump URL within a preset time threshold, the monitoring module is used to control the login popup embedded with the iframe to display, so that a user can input personal information in the login popup.

S1073, when the attribute value of the position attribute of the inline frame changes, judging whether the attribute value of the position attribute of the inline frame is equal to the successfully logged-in jump URL or not by using a monitoring module.

In this step, after the user inputs personal information, the attribute value of the location attribute of the iframe changes, the browser further acquires the location attribute of the iframe by using the monitoring module, compares the attribute value of the successfully authenticated jump attribute in the first response message with the attribute value of the location attribute of the iframe, and determines whether the attribute value of the location attribute of the iframe is equal to the successfully logged jump URL, and by determining whether the attribute value of the location attribute of the iframe is equal to the successfully logged jump URL, it can be determined whether the user inputs correct personal information and whether the login ticket root verification passes.

S1074, if the attribute value of the position attribute of the inline frame is equal to the login success skip URL, the login popup is set to be in a hidden state by using the monitoring module and the current webpage is controlled to display a prompt message of authentication success.

In this step, if the attribute value of the location attribute of the iframe is equal to the login success skip URL, which indicates that both the personal information of the user and the login ticket root are verified, the browser sets the login popup window to a hidden state by using the monitoring module and controls the current webpage to display an authentication success prompt message to prompt the user that the login is successful. If the attribute value of the location attribute of the iframe is not equal to the login success jump URL, which indicates that the verification of the personal information or the login ticket root of the user fails, the browser sets the login popup window to be in a hidden state by using the monitoring module and controls the current webpage to display a prompt message related to authentication failure.

S1075, when the attribute value of the position attribute of the inline frame changes, judging whether the attribute value of the position attribute of the inline frame is equal to the successfully logged-in jump URL or not by using a monitoring module.

In this step, when it is determined that the attribute value of the location attribute of the iframe can become the login success jump URL within the preset time threshold, and on the premise that the login popup window is kept in the hidden state, when the attribute value of the location attribute of the iframe changes, the monitoring module is used to determine whether the attribute value of the location attribute of the iframe is equal to the login success jump URL, the specific implementation manner is similar to S1073, and details are not repeated here.

S1076, if the attribute value of the position attribute of the inline frame is equal to the login success skip URL, the monitoring module is used for controlling the current webpage to display an authentication success prompt message.

In this step, if the browser determines that the attribute value of the location attribute of the iframe is equal to the login success skip URL by using the monitoring module according to S1075, the monitoring module is used to control the current webpage to display an authentication success prompt message, which is implemented similarly to S1074 and is not described here again.

In the embodiment, whether the attribute value of the location attribute of the iframe can become a login success jump URL within a preset time threshold is judged by using the monitoring module, if the attribute value of the location attribute of the iframe cannot become the login success jump URL within the preset time threshold, the browser controls the login popup window of the embedded iframe to display by using the monitoring module, when the attribute value of the location attribute of the iframe changes, the monitoring module judges whether the attribute value of the location attribute of the iframe is equal to the login success jump URL, if the attribute value of the location attribute of the iframe is equal to the login success jump URL, the monitoring module sets the login popup window to a hidden state and controls the current webpage to display an authentication success prompt message, if the attribute value of the location attribute of the iframe can become the login success jump URL within the preset time threshold, and when the attribute value of the location attribute of the iframe changes, the browser judges whether the attribute value of the location attribute of the iframe is equal to the login success jump URL by using the monitoring module, if the attribute value of the location attribute of the iframe is equal to the login success skip URL, the monitoring module is used for controlling the current webpage to display an authentication success prompt message, identity authentication of the user under different scenes is achieved, different use requirements of the user are met, and the user use experience is improved.

The technical solution of the present application will be described in detail below by two specific examples:

example one:

(1) a user accesses a personal center page (the page can be accessed without logging) of a certain Web application in a non-login state, a browser sends a request message to a server, a conversion plug-in judges whether the server initiates 302 redirection, when the server does not initiate 302 redirection, the conversion plug-in intercepts a response message to be returned to the browser by the server, and when the content type of a message body of the response message is determined to be in an HTML format, the conversion plug-in inserts a monitoring module code into the response message to obtain a second response message and sends the second response message to the browser;

(2) when a user clicks a button for inquiring personal information (the user has access right after logging in) again under a personal central page displayed by a browser in a non-login state, the browser sends a request message to a server in an Ajax form; when monitoring that the server receives the request message, the conversion plug-in triggers 302 redirection and the generated 302 redirection address conforms to the address format of CAS, the conversion plug-in intercepts a response message to be sent to the browser by the server, modifies the HTTP status code in the message header of the response message to 200, adds an authentication event attribute and an authentication success skip attribute in the message header, wherein the attribute value of the authentication event attribute is the 302 redirection address, and the attribute value of the authentication success skip attribute is a login success skip URL stored in the server, so as to obtain a first response message, and sends the first response message to the browser.

(3) After the browser receives the first response message, the browser judges that the message header of the first response message comprises the authentication event attribute, and instantiates a code of the monitoring module in the second response message to obtain the monitoring module;

(4) the monitoring module constructs a login popup window embedded with the iframe according to the attribute value of the attribute of the authentication event, wherein the iframe src in the login popup window is a 302 redirection address;

(5) and the monitoring module controls the login popup window embedded with the iframe to execute the operation corresponding to the attribute value according to the attribute value of the position attribute of the iframe in the login popup window embedded with the iframe, and completes login authentication of the user through the login popup window.

(6) And the user can check the personal information by clicking the button for inquiring the personal information again.

Example two:

(1) a user accesses a personal basic data page of a certain Web application in a non-login state (the user has access right after logging in), and a browser sends a request message to a server in a non-Ajax form; when monitoring that the server receives the request message, the conversion plug-in triggers 302 redirection and generates a 302 redirection address conforming to the address format of CAS, the conversion plug-in intercepts a response message to be sent to the browser by the server, modifies the HTTP status code in the message header of the response message into 200, adds an authentication success skip attribute in the message header of the response message, wherein the attribute value of the authentication success skip attribute is a login success skip URL stored in the server, fills a message body for the response message, the message body comprises a code of a login popup window embedded with an iframe and a code of a monitoring module, the website source of the iframe in the login popup window embedded with the iframe is the 302 redirection address, obtains a first response message, and sends the first response message to the browser.

(2) After the browser receives the first response message, the browser judges that the message header does not include the authentication event attribute and the message body includes the code of the monitoring module, and instantiates the code of the monitoring module in the first response message to obtain the monitoring module.

(3) And rendering the code of the login popup window embedded with the iframe by the browser to obtain the login popup window embedded with the iframe, wherein the iframe src in the login popup window is 302 redirection address.

(4) And the monitoring module controls the login popup window embedded with the iframe to execute the operation corresponding to the attribute value according to the attribute value of the position attribute of the iframe in the login popup window embedded with the iframe, and completes login authentication of the user through the login popup window.

(5) The user clicks and views the personal basic data page, and the browser jumps to the personal basic data page.

Fig. 4 is a schematic structural diagram of a first embodiment of a login form conversion apparatus according to an embodiment of the present application, and as shown in fig. 1, the login form conversion apparatus 10 includes:

a processing unit 11 and a transceiver unit 12.

The processing unit 11 is configured to, when the server receives a request message sent by the browser, determine whether the server initiates 302 redirection; intercepting a response message sent to the browser by the server when the server initiates 302 redirection and the generated 302 redirection address conforms to the address format of the CAS (central authentication service); processing the response message according to the type of the request message to obtain a first response message;

The transceiving unit 12 is configured to send the first response message to the browser.

Optionally, the processing unit 11 is specifically configured to:

if the type of the request message is asynchronous JavaScript and an extensible markup language (Ajax) request, modifying a hypertext transfer protocol (HTTP) state code in a message header of the response message into 200; and adding an authentication event attribute and an authentication success skip attribute in a message header of the response message, wherein the attribute value of the authentication event attribute is the 302 redirection address, and the attribute value of the authentication success skip attribute is a login success skip Uniform Resource Locator (URL) stored in the server.

Optionally, the processing unit 11 is specifically configured to:

if the type of the request message is non-asynchronous JavaScript and an extensible markup language (Ajax) request, modifying a hypertext transfer protocol (HTTP) state code in a message header of the response message into 200; adding an authentication success skip attribute in a message header of the response message, wherein the attribute value of the authentication success skip attribute is a login success skip Uniform Resource Locator (URL) stored in the server; and filling a message body for the response message, wherein the message body comprises a code of a login popup window embedded with the iframe and a code of a monitoring module, and the website source of the iframe in the login popup window embedded with the iframe is a 302 redirection address.

Optionally, the processing unit 11 is further configured to:

if the server does not initiate 302 redirection, intercepting a response message sent to the browser by the server; judging whether the content type of the message body of the response message is in a hypertext markup language (HTML) format or not; and if the content type of the message body of the response message is in the HTML format, inserting a code of the monitoring module into the message body of the response message to obtain a second response message.

The receiving unit 12 is further configured to:

and sending the second response message to the browser.

The login form conversion apparatus 10 provided in this embodiment is configured to execute the technical solution on the server side in any one of the foregoing method embodiments, and the implementation principle and the technical effect are similar, which are not described herein again.

Fig. 5 is a schematic structural diagram of a second embodiment of a login form conversion apparatus according to an embodiment of the present application, and as shown in fig. 5, a login form conversion apparatus 20 in the present embodiment includes:

a transceiver unit 21 and a processing unit 22.

The transceiver unit 21 is configured to receive a first response packet sent by the server.

The processing unit 22 is configured to process the first response packet, determine a monitoring module corresponding to a currently open webpage in the browser, generate a login popup window with an embedded iframe by using the monitoring module and the first response packet, and control the login popup window with the embedded iframe to execute an operation corresponding to an attribute value according to the attribute value of the position attribute of the iframe in the login popup window with the embedded iframe by using the monitoring module.

Optionally, the processing unit 22 is specifically configured to:

processing the first response message by using a monitoring module, determining that a message header of the first response message comprises a successful authentication skip attribute, a message body of the first response message comprises a code of a login popup window embedded with an iframe, wherein the attribute value of the successful authentication skip attribute is a URL (uniform resource locator) for successful login skip, and a website source of the iframe in the login popup window embedded with the iframe is a 302 redirection address; and rendering the code of the login popup window embedded with the iframe to obtain the login popup window embedded with the iframe.

Optionally, the processing unit 22 is specifically configured to:

processing the first response message by using a monitoring module, and determining that a message header of the first response message comprises an authentication event attribute and an authentication success skip attribute, wherein the attribute value of the authentication event attribute is a 302 redirection address, and the attribute value of the authentication success skip attribute is a login success skip Uniform Resource Locator (URL); and constructing a login popup window embedded with the iframe according to the attribute value of the attribute of the authentication event through the monitoring module.

Optionally, the transceiving unit 21 is further configured to:

and receiving a second response message sent by the server, wherein the message body of the second response message comprises a code of the monitoring module.

Accordingly, the processing unit 22 is specifically configured to:

and processing the first response message, determining that the message header of the first response message comprises the authentication event attribute, and instantiating the code of the monitoring module in the message body of the second response message to obtain the monitoring module corresponding to the webpage currently in the open state in the browser.

Optionally, the processing unit 22 is specifically configured to:

and processing the first response message, determining that the message header of the first response message does not include the authentication event attribute and the message body of the first response message includes the code of the monitoring module, and instantiating the code of the monitoring module in the message body of the first response message to obtain the monitoring module corresponding to the webpage currently in the open state in the browser.

Optionally, the processing unit 22 is further configured to:

and controlling the login popup window embedded with the iframe to be in a hidden state by utilizing the monitoring module.

Accordingly, the processing unit 22 is specifically configured to:

judging whether the attribute value of the location attribute of the iframe can become a login success jump URL within a preset time threshold value by using a monitoring module;

if the attribute value of the location attribute of the iframe cannot become a login success jump URL within a preset time threshold, controlling login popup window display by using a monitoring module;

When the attribute value of the location attribute of the iframe changes, judging whether the attribute value of the location attribute of the iframe is equal to a jump URL which is logged successfully or not by using a monitoring module;

and if the attribute value of the location attribute of the iframe is equal to the login success jump URL, setting the login popup window into a hidden state by using the monitoring module and controlling the current webpage to display an authentication success prompt message.

Optionally, the processing unit 22 is further configured to:

if the attribute value of the location attribute of the iframe can become a login success jump URL within a preset time threshold, judging whether the attribute value of the location attribute of the iframe is equal to the login success jump URL or not by using a monitoring module when the attribute value of the location attribute of the iframe changes;

and if the attribute value of the location attribute of the iframe successfully logs in the jump URL, controlling the current webpage to display a prompt message of successful authentication by using the monitoring module.

The login form conversion apparatus 20 provided in this embodiment is configured to execute the technical solution on the terminal device side in any one of the foregoing method embodiments, and the implementation principle and the technical effect are similar, which are not described herein again.

Fig. 6 is a schematic structural diagram of an embodiment of a server provided in the present application, and as shown in fig. 6, a server 30 in the present embodiment includes: a transceiver 30, a memory 32 and a processor 33, the memory 32 being used for storing a computer program, the processor 33 executing the computer program to implement the login form conversion method in any of the method embodiments of the server side described above.

Fig. 7 is a schematic structural diagram of an embodiment of a terminal device provided in the present application, and as shown in fig. 7, the terminal device 40 in the present embodiment includes: a transceiver 41, a memory 42 and a processor 43, wherein the memory 42 is used for storing computer programs, and the processor 43 executes the computer programs to realize the login form conversion method in any method embodiment of the terminal device side.

The embodiment of the present application further provides a storage medium, where the storage medium is used to store a computer program, and the stored computer program is used to implement the method for converting the login form at the server side provided in any method embodiment.

The embodiment of the present application further provides a storage medium, where the storage medium is used to store a computer program, and the stored computer program is used to implement the method for converting the side login form of the terminal device provided in any of the above method embodiments.

In the above specific implementation of the terminal device or the server, it should be understood that the processor may be a Central Processing Unit (CPU), other general-purpose processors, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the present application may be embodied directly in a hardware processor, or in a combination of the hardware and software modules in the processor.

Those skilled in the art will appreciate that all or a portion of the steps of any of the above-described method embodiments may be performed by hardware associated with program instructions. The program may be stored in a computer-readable storage medium, and when executed, performs all or part of the steps of the method embodiments described above.

In a specific implementation of the storage medium, the storage medium may be implemented by any type of volatile or nonvolatile storage device or a combination thereof, such as a Static Random Access Memory (SRAM), an electrically erasable programmable read-only memory (EEPROM), an erasable programmable read-only memory (EPROM), a programmable read-only memory (PROM), a read-only memory (ROM), a magnetic memory, a flash memory, a magnetic disk or an optical disk, and so on. Readable storage media can be any available media that can be accessed by a general purpose or special purpose computer or similar base station.

Finally, it should be noted that: the above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims

1. A login form conversion method is characterized in that the method is applied to a conversion plug-in installed on a server; the method comprises the following steps:

sending the first response message to a browser;

the browser generates a login popup window of an embedded inline frame iframe by using the first response message, wherein a website source of the iframe in the login popup window of the embedded inline frame iframe is the 302 redirection address.

2. The method according to claim 1, wherein the processing the response packet according to the type of the request packet to obtain a first response packet comprises:

3. The method according to claim 1, wherein the processing the response packet according to the type of the request packet to obtain a first response packet comprises:

and filling a message body for the response message, wherein the message body comprises a code of a login popup window embedded with an inline frame iframe and a code of a monitoring module.

4. The method of claim 1, further comprising:

If the server does not initiate 302 redirection, intercepting a response message sent to the browser by the server;

and sending the second response message to the browser.

5. A login form conversion method according to claim 1, applied to a browser of a terminal device, the method comprising:

receiving a first response message sent by a server;

generating a login popup window embedded with an inline frame iframe by using the monitoring module and the first response message;

6. The method of claim 5, wherein the generating a login popup window with an embedded iframe by using the listening module and the first response packet comprises:

7. The method of claim 5, wherein the generating a login popup window with an embedded iframe by using the listening module and the first response packet comprises:

8. The method according to claim 7, wherein before the processing the first response packet and determining the monitoring module corresponding to the currently open webpage in the browser, the method further comprises:

9. The method according to claim 6, wherein the processing the first response packet and determining the monitoring module corresponding to the currently open webpage in the browser comprises:

10. The method according to any one of claims 6 to 9, wherein before the monitoring module is used to control the login popup window of the iframe to execute the operation corresponding to the attribute value according to the attribute value of the location attribute of the iframe in the login popup window of the iframe, the method further includes:

11. The method of claim 10, further comprising:

12. A server, comprising: a transceiver, a memory, and a processor; the memory is used for storing a computer program, and the processor executes the computer program to realize the login form conversion method of any one of claims 1 to 4.

13. A terminal device, comprising: a transceiver, a memory, and a processor; the memory is used for storing a computer program, and the processor executes the computer program to realize the login form conversion method according to any one of claims 5 to 11.

14. A storage medium characterized in that the storage medium is used for storing a computer program for implementing the login form conversion method according to any one of claims 1 to 4.

15. A storage medium characterized in that the storage medium is used for storing a computer program for implementing the login form conversion method according to any one of claims 5 to 11.