CN112491895A - Identity authentication method, storage medium and system based on micro-service - Google Patents
Identity authentication method, storage medium and system based on micro-service Download PDFInfo
- Publication number
- CN112491895A CN112491895A CN202011371007.6A CN202011371007A CN112491895A CN 112491895 A CN112491895 A CN 112491895A CN 202011371007 A CN202011371007 A CN 202011371007A CN 112491895 A CN112491895 A CN 112491895A
- Authority
- CN
- China
- Prior art keywords
- user
- token
- gateway
- authentication center
- micro
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 230000003993 interaction Effects 0.000 claims abstract description 23
- 238000012795 verification Methods 0.000 claims abstract description 15
- 238000004590 computer program Methods 0.000 claims description 12
- 238000013475 authorization Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 5
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012797 qualification Methods 0.000 description 2
- 230000009191 jumping Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
Abstract
The invention relates to an identity authentication method based on micro-service, which comprises the steps of constructing a micro-service management system comprising an authentication center and a network manager; when the authentication center receives the request, the authentication center generates a token according to the user information and forwards the token to the gateway; the gateway preliminarily verifies the identity of the user information by using the token, and establishes interaction between the user side and the server after the verification is passed; after the interaction between the user and the server is established, the grade of the user is judged, and different access rights are given according to different grades. The invention also provides a storage medium and an identity authentication system based on the micro-service.
Description
Technical Field
The invention relates to the technical field of computers, in particular to an identity authentication method, a storage medium and a system based on micro-services.
Background
The microservice architecture is a new technology for deploying applications and services in the cloud. Much of the debate around microservices is focused on whether containers or other technologies perform microservices well, and the red-hat says that the API should be the focus. The microservice may run in its own program and communicate with the HTTP-type API through the lightweight device. The key is that the service can run in its own program. By this we can distinguish service exposure from microservice architecture (distributing an API in existing systems). In service publishing, many services may be restricted by internal independent processes. If any of the services requires some functionality to be added, the process must be narrowed. In the micro-service architecture, only the required functions need to be added in a specific certain service without influencing the architecture of the whole process
The micro-service architecture develops and deploys a single application in a set of micro-services, the micro-services are divided according to business functions, are independently deployed and run in own processes through an automatic deployment mechanism, and the micro-services communicate with one another by using a lightweight communication mechanism. A typical micro service architecture should include modules such as a client, a micro service gateway, service discovery, a micro service atomic layer, a database, a deployment platform, and the like, and according to different application types and service scales, modules such as load balancing, authority authentication, service fusing, log monitoring, and the like may be added to meet non-functional requirements of services.
However, the discovery server has not authenticated any client's connection to date, nor protected the discovery server by basic authentication, and thus cannot prevent an unauthorized access client from accessing the service of the discovery server.
Disclosure of Invention
In view of the above, the present invention provides an identity authentication method, a storage medium and a system based on micro-services, which solve the problem that the existing micro-service framework does not perform identity verification on client connection.
In order to achieve the above object, the technical solution of the present invention for solving the technical problem is to provide an identity authentication method based on micro service, which includes the steps of: constructing a micro-service management system comprising an authentication center and a network manager; when the authentication center receives the request, the authentication center generates a token according to the user information and forwards the token to the gateway; the gateway preliminarily verifies the identity of the user information by using the token, and establishes interaction between the user side and the server after the verification is passed; after the interaction between the user and the server is established, the grade of the user is judged, and different access rights are given according to different grades.
Further, the method for constructing the micro-service management system comprising the authentication center and the network management comprises the following steps: creating an independent authentication center; and constructing a gateway capable of intercepting the information of the authentication center.
Further, when the authentication center receives the request, the authentication center generates a token according to the user information, and forwards the token to the gateway, including the steps of: sending a request to an authentication center; the authentication center generates a token after receiving the request; and sending the produced token to the gateway.
Further, the gateway preliminarily verifies the identity of the user information by using the token, and the step of establishing interaction between the user side and the server after the verification is passed comprises the following steps: the gateway verifies the token and judges whether the user information corresponding to the token has the access right; and after the verification is passed, the interaction between the user side and the server side is established.
Further, after the interaction between the user and the server is established, the step of judging the grade of the user and giving different access rights according to different grades comprises the following steps: judging the user grade; the access rights are given according to different levels.
Further, when the gateway analyzes and verifies the token, the analyzed user information is encrypted according to a preset encryption algorithm to generate a signature, and the signature comprises a KEY issued to the first micro service by the gateway, a current timestamp, an encryption type, an encryption algorithm and a secret KEY, and the signature is encrypted by the preset encryption algorithm.
Furthermore, the authentication center is an independent authentication center, only the authentication center can receive information such as a user name, a password and the like of the user for authentication, and other systems do not provide login entries.
The invention also provides a storage medium having a computer program stored therein, wherein the computer program is arranged to perform a microservice-based identity authentication method when running.
The invention also provides an identity authentication system based on the micro-service, which comprises a processor and a memory, wherein the memory is stored with a computer program, and the computer program is executed by the processor to realize the identity authentication method based on the micro-service.
Compared with the prior art, the identity authentication method, the storage medium and the system based on the micro-service have the following beneficial effects:
the method comprises the steps of sending a request to an authentication center and generating a token to judge whether a user preliminarily has interaction, and giving different access rights according to different user grades after judging that the user preliminarily has interaction qualification, so that identity verification at a micro-service end is realized, and the condition that the user can access without authentication is avoided.
The above-described embodiments of the present invention should not be construed as limiting the scope of the present invention. Any other corresponding changes and modifications made according to the technical idea of the present invention should be included in the protection scope of the present invention.
Drawings
Fig. 1 is a schematic flowchart of an identity authentication method based on microservice according to a first embodiment of the present invention;
FIG. 2 is a flowchart illustrating sub-steps of step S1 in FIG. 1;
FIG. 3 is a flowchart illustrating sub-steps of step S2 of FIG. 1;
FIG. 4 is a flowchart illustrating sub-steps of step S3 of FIG. 1;
fig. 5 is a flowchart illustrating sub-steps of step S4 in fig. 1.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1, an identity authentication method based on microservices provided by the present invention includes the steps of:
s1, constructing a micro service management system comprising an authentication center and a network manager;
specifically, an independent authentication center is created, only the authentication center can accept information such as a user name and a password of a user for authentication, other systems do not provide a login entrance and only accept indirect authorization of the authentication center, the indirect authorization is realized through a token, when the user name and the password provided by the user are authenticated by the authentication center, the authentication center can create an authorization token, in the following jumping process, the authorization token is sent to each subsystem as a parameter, the subsystem obtains authorization after taking the token, and then a local session is created.
The gateway is used for intercepting all requests, namely intercepting the login information of the user.
S2, when the authentication center receives the request, the authentication center generates a token according to the user information and forwards the token to the gateway;
specifically, after the authentication center and the gateway are constructed, when a user logs in, the authentication center generates a token according to a user name and a password of the user login, and forwards the generated token to the gateway.
S3, the gateway primarily verifies the identity of the user information by using the token, and establishes interaction between the user side and the server after the verification is passed;
specifically, after receiving the token, the gateway performs preliminary authentication on the user identity information, that is, determines whether the user name and the password used by the user have the authority to access the server, and establishes interaction between the user side and the server after verifying that the corresponding user name and the corresponding password have the authority to access the server.
S4, after the interaction between the user and the server is established, the grade of the user is judged, and different access rights are given according to the different grades;
specifically, after the verification is passed and the interaction is formed, the grade of the user is judged again, that is, the grade corresponding to the account and the password used by the user for logging in is given, and the access right corresponding to the grade is given according to the grade of the user, so that the authentication of the user identity is realized, and the access without authentication is avoided.
Referring to fig. 2, step S1 includes the sub-steps of:
s11, creating an independent authentication center;
specifically, an independent authentication center is created, only the authentication center can receive information such as a user name and a password of the user for authentication, and other systems do not provide a login entrance and only receive indirect authorization of the authentication center.
S12, constructing a gateway capable of intercepting the information of the authentication center;
specifically, the Gateway (Gateway) is also called an internetwork connector and a protocol converter. The gateway realizes network interconnection above a network layer, is a complex network interconnection device and is only used for interconnection of two networks with different high-level protocols. The gateway can be used for interconnection of both wide area networks and local area networks. A gateway is a computer system or device that acts as a switch-operative. The gateway is a translator used between two systems that differ in communication protocol, data format or language, or even in an entirely different architecture. Instead of the bridge simply communicating the information, the gateway repackages the received information to accommodate the needs of the destination system.
Referring to fig. 3, step S2 further includes the sub-steps of:
s21, sending a request to the authentication center;
specifically, when the user logs in by using the user name and the account, an authentication request is automatically sent to the authentication center.
S22, the authentication center generates a token after receiving the request;
specifically, Token requests data from the server frequently at the client, and the server frequently queries and compares the user name and the password in the database, determines whether the user name and the password are correct, and makes a corresponding prompt. When a user logs in by using a user name and a password, a request is sent to an authentication center, and the authentication center generates a token after receiving the request.
S23, sending the produced token to the gateway;
specifically, after the authentication center generates the token, the gateway intercepts the token.
Referring to fig. 4, step S3 further includes sub-steps;
s31, the gateway verifies the token and judges whether the user information corresponding to the token has the access right;
specifically, after the token is intercepted by the gateway, the token is verified, and whether the user information corresponding to the token has the access right or not is preliminarily judged.
S32, establishing interaction between the user side and the server side after the verification is passed;
specifically, after the verification is passed, the interaction between the user side and the server side is established. Otherwise, when the verification fails, the access of the user terminal is refused.
Further, when the gateway analyzes and verifies the token, the analyzed user information is encrypted according to a preset encryption algorithm to generate a signature, and the signature comprises a KEY issued to the first micro service by the gateway, a current timestamp, an encryption type, an encryption algorithm and a secret KEY, and the signature is encrypted by the preset encryption algorithm.
Referring to fig. 5, step S4 further includes the sub-steps of:
s41, judging the user grade;
specifically, after the initial interaction is established, the user information levels, such as general users and member users, are compared again, and the user levels can be determined by comparing the user information levels with the level correspondence table prestored in the server.
It can be understood that the level correspondence table pre-stored in the server is data that is recorded when the account is established.
S42, giving access rights according to different levels;
specifically, after the user rank is determined in step S41, different access rights are given to the users of different ranks.
The invention also provides a storage medium having a computer program stored therein, wherein the computer program is arranged to perform the above-mentioned method steps when run. The storage medium may include, for example, a floppy disk, an optical disk, a DVD, a hard disk, a flash Memory, a usb-disk, a CF card, an SD card, an MMC card, an SM card, a Memory Stick (Memory Stick), an XD card, etc.
A computer software product is stored on a storage medium and includes instructions for causing one or more computer devices (which may be personal computer devices, servers or other network devices, etc.) to perform all or a portion of the steps of the method of the present invention.
The invention also provides an identity authentication system based on the micro-service, which comprises a processor and a memory, wherein the memory is stored with a computer program, and the computer program is executed by the processor to realize the identity authentication method based on the micro-service.
Compared with the prior art, the identity authentication method, the storage medium and the system based on the micro-service have the following beneficial effects:
the method comprises the steps of sending a request to an authentication center and generating a token to judge whether a user preliminarily has interaction, and giving different access rights according to different user grades after judging that the user preliminarily has interaction qualification, so that identity verification at a micro-service end is realized, and the condition that the user can access without authentication is avoided.
The above-described embodiments of the present invention should not be construed as limiting the scope of the present invention. Any other corresponding changes and modifications made according to the technical idea of the present invention should be included in the protection scope of the present invention.
Claims (9)
1. An identity authentication method based on micro service is characterized by comprising the following steps:
constructing a micro-service management system comprising an authentication center and a network manager;
when the authentication center receives the request, the authentication center generates a token according to the user information and forwards the token to the gateway;
the gateway preliminarily verifies the identity of the user information by using the token, and establishes interaction between the user side and the server after the verification is passed;
after the interaction between the user and the server is established, the grade of the user is judged, and different access rights are given according to different grades.
2. The identity authentication method based on micro-service as claimed in claim 1, wherein the constructing of the micro-service management system including the authentication center and the network manager comprises the steps of:
creating an independent authentication center;
and constructing a gateway capable of intercepting the information of the authentication center.
3. The identity authentication method based on the microservice as claimed in claim 1, wherein the step of the authentication center generating the token according to the user information and forwarding the token to the gateway when the authentication center receives the request comprises the steps of:
sending a request to an authentication center;
the authentication center generates a token after receiving the request;
and sending the produced token to the gateway.
4. The microservice-based identity authentication method according to claim 1, wherein the gateway preliminarily verifies the identity of the user information by using token, and after the verification is passed, the interaction between the user terminal and the server is established, comprising the steps of:
the gateway verifies the token and judges whether the user information corresponding to the token has the access right;
and after the verification is passed, the interaction between the user side and the server side is established.
5. The identity authentication method based on microservice as claimed in claim 1, wherein the step of judging the grade of the user after the interaction between the user and the server is established, and giving different access rights according to the different grades comprises the steps of:
judging the user grade;
the access rights are given according to different levels.
6. The microservice-based identity authentication method of claim 4, wherein:
and when the gateway analyzes and verifies the token, encrypting the analyzed user information according to a preset encryption algorithm to generate a signature, wherein the signature comprises the KEY issued to the first micro service by the gateway, the current timestamp, the encryption type, the encryption algorithm and the KEY for encrypting the preset encryption algorithm.
7. A microservice-based identity authentication method according to claim 1, characterized in that:
the authentication center is an independent authentication center, only the authentication center can receive information such as a user name, a password and the like of the user for authentication, and other systems do not provide login entries.
8. A storage medium, characterized by:
the storage medium has stored thereon a computer program, wherein the computer program is arranged to execute the microservice-based identity authentication method of any of the claims 1-7 when run.
9. An identity authentication system based on micro-services, characterized in that:
the microservice-based identity authentication system comprises a processor and a memory, wherein the memory is stored with a computer program, and the computer program is executed by the processor to realize the microservice-based identity authentication method according to any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011371007.6A CN112491895A (en) | 2020-11-30 | 2020-11-30 | Identity authentication method, storage medium and system based on micro-service |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011371007.6A CN112491895A (en) | 2020-11-30 | 2020-11-30 | Identity authentication method, storage medium and system based on micro-service |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112491895A true CN112491895A (en) | 2021-03-12 |
Family
ID=74937385
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011371007.6A Pending CN112491895A (en) | 2020-11-30 | 2020-11-30 | Identity authentication method, storage medium and system based on micro-service |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112491895A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114338682A (en) * | 2021-12-24 | 2022-04-12 | 北京字节跳动网络技术有限公司 | Flow identity mark transmission method and device, electronic equipment and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109327477A (en) * | 2018-12-06 | 2019-02-12 | 泰康保险集团股份有限公司 | Authentication method, device and storage medium |
| CN109981561A (en) * | 2019-01-17 | 2019-07-05 | 华南理工大学 | Monomer architecture system moves to the user authen method of micro services framework |
| CN110086822A (en) * | 2019-05-07 | 2019-08-02 | 北京智芯微电子科技有限公司 | The realization method and system of unified identity authentication strategy towards micro services framework |
| US20190273746A1 (en) * | 2018-03-02 | 2019-09-05 | Syntegrity Networks Inc. | Microservice architecture for identity and access management |
| US20200177576A1 (en) * | 2018-11-30 | 2020-06-04 | Jpmorgan Chase Bank, N.A. | Systems and methods for securely calling apis on an api gateway from applications needing first party authentication |
| CN111865984A (en) * | 2020-07-21 | 2020-10-30 | 浪潮云信息技术股份公司 | Stateless authentication method for micro-service system |
| CN111865882A (en) * | 2019-04-30 | 2020-10-30 | 北京神州泰岳软件股份有限公司 | Micro-service authentication method and system |
-
2020
- 2020-11-30 CN CN202011371007.6A patent/CN112491895A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20190273746A1 (en) * | 2018-03-02 | 2019-09-05 | Syntegrity Networks Inc. | Microservice architecture for identity and access management |
| US20200177576A1 (en) * | 2018-11-30 | 2020-06-04 | Jpmorgan Chase Bank, N.A. | Systems and methods for securely calling apis on an api gateway from applications needing first party authentication |
| CN109327477A (en) * | 2018-12-06 | 2019-02-12 | 泰康保险集团股份有限公司 | Authentication method, device and storage medium |
| CN109981561A (en) * | 2019-01-17 | 2019-07-05 | 华南理工大学 | Monomer architecture system moves to the user authen method of micro services framework |
| CN111865882A (en) * | 2019-04-30 | 2020-10-30 | 北京神州泰岳软件股份有限公司 | Micro-service authentication method and system |
| CN110086822A (en) * | 2019-05-07 | 2019-08-02 | 北京智芯微电子科技有限公司 | The realization method and system of unified identity authentication strategy towards micro services framework |
| CN111865984A (en) * | 2020-07-21 | 2020-10-30 | 浪潮云信息技术股份公司 | Stateless authentication method for micro-service system |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114338682A (en) * | 2021-12-24 | 2022-04-12 | 北京字节跳动网络技术有限公司 | Flow identity mark transmission method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112039909B (en) | Authentication method, device, equipment and storage medium based on unified gateway | |
| US9380052B2 (en) | System and method for biometric protocol standards | |
| EP1914658B1 (en) | Identity controlled data center | |
| US7590684B2 (en) | System providing methodology for access control with cooperative enforcement | |
| US7904952B2 (en) | System and method for access control | |
| CN112422532B (en) | Service communication method, system and device and electronic equipment | |
| US7627896B2 (en) | Security system providing methodology for cooperative enforcement of security policies during SSL sessions | |
| CN107122674B (en) | Access method of oracle database applied to operation and maintenance auditing system | |
| US20010020274A1 (en) | Platform-neutral system and method for providing secure remote operations over an insecure computer network | |
| CN1993921A (en) | Enhanced security using service provider authentication | |
| CN113341798A (en) | Method, system, device, equipment and storage medium for remotely accessing application | |
| US20220345491A1 (en) | Systems and methods for scalable zero trust security processing | |
| JP2017097542A (en) | Authentication control program, authentication control device, and authentication control method | |
| CN112532599A (en) | Dynamic authentication method, device, electronic equipment and storage medium | |
| CN103152351A (en) | Network equipment and AD (Active Directory) domain single sign on method and system | |
| CN115333840A (en) | Resource access method, system, device and storage medium | |
| CN112491895A (en) | Identity authentication method, storage medium and system based on micro-service | |
| CN116996305A (en) | Multi-level security authentication method, system, equipment, storage medium and entry gateway | |
| CN112312392B (en) | Data acquisition method, system and storage medium suitable for mobile equipment | |
| CN111654501A (en) | Unified safe login method for electronic government affair safety supervision platform | |
| US20230229752A1 (en) | Attestation of application identity for inter-app communications | |
| CN114021094B (en) | Remote server login method, electronic device and storage medium | |
| CN115834234A (en) | Network access method, network connection system and storage medium | |
| CN110881047A (en) | Safe and reliable third party authentication scheme | |
| CN114500074A (en) | Single-point system security access method, device and related equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210312 |