CN112564916A - Access client authentication system applied to micro-service architecture - Google Patents
Access client authentication system applied to micro-service architecture Download PDFInfo
- Publication number
- CN112564916A CN112564916A CN202011386264.7A CN202011386264A CN112564916A CN 112564916 A CN112564916 A CN 112564916A CN 202011386264 A CN202011386264 A CN 202011386264A CN 112564916 A CN112564916 A CN 112564916A
- Authority
- CN
- China
- Prior art keywords
- information
- access client
- login authentication
- client
- architecture
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 claims abstract description 34
- 238000012795 verification Methods 0.000 claims abstract description 31
- 238000013475 authorization Methods 0.000 claims description 14
- 238000012217 deletion Methods 0.000 claims description 2
- 230000037430 deletion Effects 0.000 claims description 2
- 230000008569 process Effects 0.000 abstract description 15
- 230000000875 corresponding effect Effects 0.000 description 32
- 238000010586 diagram Methods 0.000 description 13
- 238000007726 management method Methods 0.000 description 11
- 230000006870 function Effects 0.000 description 10
- 230000006872 improvement Effects 0.000 description 9
- 238000003860 storage Methods 0.000 description 9
- 238000004590 computer program Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 2
- 238000010168 coupling process Methods 0.000 description 2
- 238000005859 coupling reaction Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000002596 correlated effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 229920001296 polysiloxane Polymers 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000012797 qualification Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/568—Storing data temporarily at an intermediate stage, e.g. caching
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
An embodiment of the present specification provides an access client authentication system applied to a microservice architecture, including: the micro service gateway is used for receiving and distributing login authentication information sent by the access client to the login authentication server; the login authentication server is used for carrying out correctness verification on login authentication information, returning token information generated after the verification is passed to the access client through the micro service gateway, and simultaneously storing the token information to the cache server; the microservice gateway is used for receiving a resource request carrying token information sent by an access client, and distributing a resource request route to a corresponding resource service in a microservice architecture after the token information passes verification; the microservice gateway verifies the token information based on the token information stored in the cache server, so that the problems that the login authentication process of an access client is complex and the resource management is unsafe in the existing microservice architecture are solved.
Description
Technical Field
The document relates to the technical field of internet, in particular to an access client authentication system applied to a micro service architecture.
Background
With the rapid increase of the transaction amount of internet applications, the traditional single-node application deployment cannot meet the current requirement of huge access amount, so that the traditional single-node application deployment gradually steps to a distributed, cluster and micro-service deployment architecture, but the problems of login authentication of an access client and resource management caused by the micro-service architecture become more complicated. The login authentication and resource management under the traditional single-node application deployment can not meet the requirements under the micro-service architecture.
Disclosure of Invention
The present specification provides an access client authentication system applied to a micro service architecture, so as to solve the problems of a complex login authentication process and unsafe resource management of an access client in the existing micro service architecture.
In order to achieve the above purpose, the embodiment of the invention adopts the following technical scheme:
an embodiment of the present specification provides an access client authentication system applied to a microservice architecture, including: the method comprises the following steps of accessing a client, a micro-service gateway, a login authentication server and a cache server;
the micro service gateway is used for receiving and distributing login authentication information sent by the access client to the login authentication server; the login authentication server is used for carrying out correctness verification on the login authentication information and returning token information generated after the verification is passed to the access client through the micro service gateway, and the login authentication server stores the token information to the cache server;
the microservice gateway is further configured to receive a resource request carrying token information sent by the access client, and route and distribute the resource request to a corresponding resource service in the microservice architecture after the token information is verified; the microservice gateway verifies the token information based on the token information stored in the cache server.
After the correctness of the login authentication information is verified, the login authentication server is further configured to obtain the user right information and/or the right information of the access client related to the login authentication information from the database, and store the user right and/or the right information of the access client in the cache server in association with the token information;
the microservice gateway is further configured to determine, before routing and distributing the resource request to a corresponding resource service in the microservice architecture, whether the resource request is allowed to be distributed according to the user permission information and/or permission information of an access client stored in association with the token information, and if the resource request is allowed to be distributed, determine to route and distribute the resource request to the corresponding resource service in the microservice architecture.
The above access client authentication system applied to the micro service architecture includes: the client side corresponding to the micro service architecture; the login authentication information is a user name and a password which are adopted by a user to log in and access the micro service architecture at a client corresponding to the micro service architecture.
The above access client authentication system applied to the micro service architecture includes: a server of a third party system independent of the microservice architecture; the login authentication information is a public key and a private key of the third-party system.
The above access client authentication system applied to the micro service architecture includes: a client of a third party system independent of the microservice architecture; the login authentication information is a public key and a private key of the third-party system and an authorization code acquired by a client of the third-party system from the login authentication server; and the private key of the third-party system is provided for the server of the third-party system.
As described above, the access client authentication system applied to the micro service architecture, where the obtaining, by the client of the third party system, the authorization code from the access client authentication system includes:
after the client of the third-party system responds to the authorized login through the micro-service architecture, the client forwards the authorized login through the micro-service gateway and sends the public key and the callback address of the third-party system to the login authentication server;
and the login authentication server transmits the authorization code to the client of the third-party system through the micro service gateway after the public key and the callback address of the third-party system are verified.
The access client authentication system applied to the micro service architecture is characterized in that the cache server is used for setting an expiration date for token information received from the login authentication server and stored locally, and automatically deleting token information beyond the expiration date.
After the login authentication information is verified correctly, the login authentication server is further configured to obtain user information and/or information of an access client related to the login authentication information from a database, and store the user information and/or the information of the access client in the cache server in association with the token information, so that after a resource request carrying the token information is received by a corresponding resource service in the micro service architecture, the resource request is processed based on the user information and/or the information of the access client stored in association with the token information.
The access client authentication system applied to the micro service architecture comprises at least two resource services for executing different services and a micro service management service;
the micro service management service is used for registering, discovering and configuring the resource service in the micro service architecture, so that the micro service gateway discovers the resource service.
The access client authentication system applied to the micro service architecture as described above, the micro service management service is further configured to register, discover and configure the login authentication server, so that the micro service gateway discovers the login authentication server.
The access client authentication system applied to the micro service architecture provided by the embodiment of the specification receives and distributes login authentication information sent by an access client to a login authentication server through a micro service gateway; the login authentication server is used for carrying out correctness verification on login authentication information and returning token information generated after the verification is passed to the access client through the micro service gateway, and meanwhile, the login authentication server also stores the token information to the cache server; when the micro-service architecture provides services to the outside, the micro-service gateway receives a resource request carrying token information sent by an access client, and distributes a resource request route to a corresponding resource service in the micro-service architecture after the token information passes verification, so that the identity verification of the access client can be realized; the microservice gateway verifies the token information based on the token information stored in the cache server. Because the token information is carried in the resource request sent by the access client each time, the micro service gateway can quickly verify the identity of the access client based on the token information without the need of the authentication server to respectively verify the access client aiming at the resource request each time, thereby effectively improving the simplicity of accessing the micro service architecture by the access client and simultaneously improving the safety of providing service resources by the micro service architecture.
Drawings
In order to more clearly illustrate one or more embodiments or prior art solutions of the present specification, the drawings that are needed in the description of the embodiments or prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present specification, and that other drawings can be obtained by those skilled in the art without inventive exercise.
Fig. 1 is a first schematic structural diagram of an access client authentication system applied to a microservice architecture according to an embodiment of the present disclosure;
fig. 2 is a schematic structural diagram of a second access client authentication system applied to a microservice architecture according to an embodiment of the present disclosure;
fig. 3 is a schematic structural diagram three of an access client authentication system applied to a microservice architecture according to an embodiment of the present disclosure;
fig. 4 is a fourth schematic structural diagram of an access client authentication system applied to a microservice architecture according to an embodiment of the present disclosure.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the embodiments of the present disclosure, the technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the described embodiments are only a part of the embodiments of the present disclosure, and not all of the embodiments. All other embodiments that can be derived by a person skilled in the art from one or more of the embodiments described herein without making any inventive step shall fall within the scope of protection of this document.
The access client authentication system applied to the micro service architecture provided by the embodiment of the present specification, wherein the micro service architecture is suitable for distributed, clustered and micro service deployment.
A brief explanation of some terms involved in the summary of the invention is as follows:
distributed: one service splits a plurality of sub-services, and the sub-services are deployed on different servers. A set of independent computers appear to the user as a unified whole, resembling a system.
Clustering: a group of mutually independent computers interconnected through a high-speed network constitute a group and are managed in a single system mode. A client interacts with a cluster, which appears as a stand-alone server. The cluster configuration is for improved availability and scalability.
Micro-service: a microservice is an architectural style, with a large complex software application consisting of one or more microservices. Each microservice in the system can be deployed independently, with loose coupling between each microservice. Each microservice is only concerned with completing one task and well completing the task. In all cases, each task represents a small business capability.
Micro service gateway: the micro service gateway is a uniform entrance for external access, provides authority verification, data filtering and dynamic routing distribution, and reduces the coupling degree of codes.
token login authentication is user identity information stored in a client side, and stateless session information can be shared in multiple servers.
Since the traditional login authentication and resource management are basically implemented by aiming at a single node (one server), the traditional login authentication and resource management method cannot be applied to a microservice architecture. Therefore, the embodiments of the present disclosure provide an authentication system for an access client applied to a micro service architecture, and aim to provide an applicable micro service scheme on the premise of ensuring distributed, clustered, and micro service deployment, so as to ensure the simplicity of access of the access client (which may include a client corresponding to the micro service architecture itself, and also include a third-party system independent from the micro service architecture) and the security of service resources provided by the micro service architecture.
Fig. 1 is a first schematic structural diagram of an access client authentication system applied to a microservice architecture according to an embodiment of the present disclosure. As shown in fig. 1, the access client authentication system includes: the method comprises the following steps of accessing a client 1, a micro service gateway 2, a login authentication server 3 and a cache server 4; wherein:
the micro service gateway 2 is used for receiving and distributing login authentication information sent by the access client 1 to the login authentication server 3; the login authentication server 3 is used for carrying out correctness verification on login authentication information and returning token information generated after the verification is passed to the access client 1 through the micro service gateway 2, and the login authentication server 3 stores the token information into the cache server;
the micro service gateway 2 is further configured to receive a resource request carrying token information sent by the access client 1, and route and distribute the resource request to a corresponding resource service in the micro service architecture after the token information is verified; the microservice gateway 2 verifies the token information based on the token information stored in the cache server.
The access client 1 may specifically be a client and/or a server in a mobile application, a web application, and a server application, and the specific type of the subject of the access client 1 is not limited in this embodiment.
The micro service architecture can comprise at least two resource services for executing different services and a micro service management service; each resource service may be deployed on a server separately, or at least two resource services may be deployed on the same server, each server corresponds to a designated Application Programming Interface (API), and the corresponding resource service is acquired by calling the resource server of the API. And the micro service management service is used for registering, discovering and configuring the resource services in the micro service architecture, so that the micro service gateway 2 discovers the resource services, and the resource request route is distributed to the target resource services.
Further, the micro service management service may be further configured to register, discover and configure the login authentication server 3, so that the micro service gateway 2 discovers the login authentication server 3, and forwards the login authentication information to the login authentication server 3.
As shown in fig. 1, when the access client 1 accesses the resource server in the micro server architecture to request the relevant resource, the login authentication of the login authentication server 3 needs to be passed first, and only after the authentication is passed, the access client has the authority to submit the resource request to the micro server gateway 2.
Specifically, before formally accessing the resource service in the micro service architecture, the access client 1 sends login authentication information to the micro service gateway 2 for login authentication, where the login authentication information is login authentication information that is registered in the micro service architecture in advance for an operator or a user of the access client 1 to access the service resource in the micro service architecture, and the login authentication information that has been registered is stored in a database in the micro service architecture; after receiving the login authentication information forwarded by the micro-service gateway 2, the login authentication server 3 checks the correctness of the login authentication information by inquiring a database in a micro-server architecture to determine whether the login authentication information is registered, if so, the check is passed, and if not, the check is not passed; after the verification is passed, the login authentication server 3 generates token information aiming at the result of the successful verification, and meanwhile, the token information also indicates that the access client 1 submitting the login authentication information has the qualification of requesting resources from the micro service architecture; the login authentication server 3 returns the generated token information to the access client 1 through the micro service gateway 2 to indicate the access client 1 to access the resource service based on the token information; meanwhile, the login authentication server 3 stores the token generation information in the cache server 4.
After token information returned by the micro service gateway 2 is obtained, the access client 1 sends a resource request carrying the token information to the micro service gateway 2, the micro service gateway 2 extracts the token information from the received resource request, verifies the token information in the current resource request by inquiring the token information already stored in the cache server 4, and confirms whether the token information is already stored in the cache server 4, if so, the verification is passed, and if not, the verification is not passed. After the verification is passed, the micro service gateway 2 routes and distributes the resource request to a corresponding resource service in the micro service architecture, for example, a corresponding API (Application Programming Interface) may be called through a resource information path carried in the resource request, so as to route and distribute the resource request to a corresponding resource server, and obtain a relevant resource. After the relevant resources are obtained, the micro service gateway 2 may feed back the obtained resources to the access client 1, thereby completing a resource service providing process once.
The access client authentication system applied to the micro service architecture provided by the embodiment of the specification receives and distributes login authentication information sent by an access client to a login authentication server through a micro service gateway; the login authentication server is used for carrying out correctness verification on login authentication information and returning token information generated after the verification is passed to the access client through the micro service gateway, and meanwhile, the login authentication server also stores the token information to the cache server; when the micro-service architecture provides services to the outside, the micro-service gateway receives a resource request carrying token information sent by an access client, and distributes a resource request route to a corresponding resource service in the micro-service architecture after the token information passes verification, so that the identity verification of the access client can be realized; the microservice gateway verifies the token information based on the token information stored in the cache server. Because the token information is carried in the resource request sent by the access client each time, the micro service gateway can quickly verify the identity of the access client based on the token information without the need of the authentication server to respectively verify the access client aiming at the resource request each time, thereby effectively improving the simplicity of accessing the micro service architecture by the access client and simultaneously improving the safety of providing service resources by the micro service architecture.
Further, after the login authentication information is subjected to correctness verification, the login authentication server 3 can be further used for acquiring user authority information and/or authority information of an access client related to the login authentication information from a database, and storing the user authority information and/or the authority information of the access client in a cache server in association with token information;
correspondingly, the micro service gateway 2 may further be configured to, before routing the resource request to the corresponding resource service in the micro service architecture, determine whether the resource request is allowed to be distributed according to the user permission information and/or the permission information of the access client stored in association with the token information (token information in the resource request), and if the resource request is allowed to be distributed, determine to route the resource request to the corresponding resource service in the micro service architecture.
Specifically, when the operator or the user accessing the client 1 accesses the service resource in the micro service architecture and registers login authentication information in the micro service architecture in advance, the micro service architecture may immediately give the user or the user right information corresponding to the access client and/or the right information of the access client, for example, the right of the corresponding access client is given according to the cooperation agreement with the registered operator; or giving corresponding user authority according to the member level registered by the user. After the operator or the user finishes the registration, the micro service architecture stores the login authentication information of the operator or the user, the user authority information given to the micro service architecture and/or the authority information of the access client into a database of the micro service architecture in a correlated manner.
After the login authentication information is verified correctly, the login authentication server 3 obtains the user authority information and/or the authority information of the access client related to the login authentication information from the database in the micro service architecture, and stores the user authority information and/or the authority information of the access client in the cache server 4 in a correlation manner together with the token information.
Correspondingly, after receiving the resource request sent by the access client 1, the micro service gateway 2 needs to check the correctness of token information carried in the resource request, and further queries the user permission information and/or the permission information of the access client stored in the database in association with the token information after the check is passed; if the authority of the current request resource is contained in the inquired user authority information and/or the authority information of the access client, the resource request of this time is determined to be allowed to be distributed, and if the resource request is determined to be allowed to be distributed, the operation of routing and distributing the resource request to the corresponding resource service in the micro-service architecture can be executed.
The resource request is verified through the user authority information and/or the authority information of the access client which are stored in association with the token information in advance, so that illegal or malicious access can be effectively prevented, and the safety of each resource service in the micro-service architecture is improved.
Further, the access client 1 may specifically be: a client corresponding to the micro-service architecture; correspondingly, the login authentication information may be a user name and a password used for the user to login at the client corresponding to the micro service architecture.
Specifically, the login process based on the user name and the password is as shown in fig. 2:
1. a user inputs a user name and a password on a client of an open platform (a service platform where a micro service architecture is located) to click login, and the client sends a login request carrying the user name and the password to the micro service gateway 2 for login authentication.
And 2-3, after receiving the login request, the micro service gateway distributes the request to the login authentication server 3.
The login authentication server 3 checks the correctness of the user name and the password carried in the login request, acquires the authority and the related information (such as the user name, the IP address, the user telephone and the like) of the user from a Database (DB) after the check is passed, and stores the information into a cache server 4 (which can be a Redis database); at the same time, the login authentication server 3 also generates a token for the user, and stores the token in the cache server 4 as a key of the cache information (the authority and the related information that the user has).
4. The login authentication server 3 returns the generated token to the client through the micro service gateway 2.
5. After obtaining token information, the client sends a token-carrying resource request to the microservice gateway 2, where the request indicates a resource information path (such as identification information of a resource);
6. after receiving the resource request, the micro service gateway 2 checks the validity of the current token based on the token stored in the cache server 4, and simultaneously acquires the related information of the current user and the authority of the current user from the cache server 4 based on the token.
7. And if the token is valid and the authority permits, distributing the resource request to the corresponding resource service according to the routing rule to obtain the corresponding resource data.
8. And the micro service gateway 2 feeds back the acquired resource data to the client.
The resource service in the micro-service architecture can be conveniently accessed based on the user name and the password through the method steps shown in fig. 2, and meanwhile, the security of the resource service is improved.
Further, the access client 1 may specifically be: a server of a third party system independent of the microservice architecture; accordingly, the login authentication information may be a public key and a private key of the third-party system.
Specifically, the server login process based on the third-party system is as shown in fig. 3:
1. when a user logs in a client of a third-party system to access a server of the third-party system, the user needs to access an open platform (a service platform where a micro-service architecture is located). At this time, the server of the third-party system sends the appkey (public key) and appsecret (private key) of the server (third-party system) to the micro-service gateway 2 for login authentication; the appkey and the appexecute are issued to the third-party system in advance for the open platform and are carried when the third-party system requests access to the open platform.
And 2-4, after receiving the login request, the micro service gateway distributes the request to the login authentication server 3.
The login authentication server 3 checks the correctness of appkey and appsect carried in the login request, acquires the authority and related information of the third-party system (application) from the Database (DB) after the checking is passed, and stores the information into the cache server 4 (which can be a Redis database); meanwhile, the login authentication server 3 also generates a token for the third-party system, and stores the token in the cache server 4 as the key of the cache information (the authority and the related information of the third-party system).
The login authentication server 3 returns the generated token to the server of the third-party system through the micro service gateway 2.
5. After obtaining the token information, the server of the third-party system sends a resource request carrying the token to the micro-service gateway 2, where the request indicates a resource information path (such as identification information of the resource);
6. after receiving the resource request, the micro service gateway 2 checks the validity of the current token based on the token stored in the cache server 4, and simultaneously acquires the related information and the authority of the current third-party system (application) from the cache server 4 based on the token.
7. And if the token is valid and the authority permits, distributing the resource request to the corresponding resource service according to the routing rule to obtain the corresponding resource data.
8. And the micro service gateway 2 feeds back the acquired resource data to a server of the third-party system.
The method steps shown in fig. 3 can facilitate the third-party system-based server to access the resource service in the micro-service architecture, and improve the security of the resource service.
Further, the access client 1 may specifically be: a client of a third party system independent of the microservice architecture; correspondingly, the login authentication information may be a public key and a private key of the third-party system and an authorization code acquired by the client of the third-party system from the login authentication server 3; and the private key of the third-party system is provided for the server of the third-party system.
Further, the obtaining, by the client of the third-party system, the authorization code from the login authentication server 3 includes:
after responding to the authorized login through the micro service architecture, the client of the third-party system forwards the information through the micro service gateway 2 and sends a public key and a callback address of the third-party system to the login authentication server 3;
and the login authentication server 3 transmits the authentication code to the client of the third-party system through the micro service gateway 2 after the public key and the callback address of the third-party system are verified.
Specifically, the login process based on the authorization code is as shown in fig. 4:
the process is suitable for the third-party system to perform uniform authorization authentication based on an open platform (a service platform where the micro-service architecture is located) on the premise that a user is not registered in the system (the third-party system).
1-2, the client sends an appkey and a callback address to the micro service gateway 2 of the open platform at the client of the third-party system to acquire the authorization code.
Specifically, the client clicks the authorization information of the open platform on a client login interface of the third-party system, and the client of the third-party system assembles the appkey and the callback address (the address of the third-party system) and jumps to the open platform to send the appkey and the callback address to the micro service gateway 2 for login and authorization code acquisition. After receiving the login request, the micro service gateway 2 distributes the login request to the login authentication server 3, and the login authentication server 3 verifies the correctness of the appkey and the callback address and guides the appkey and the callback address to a login page of the open platform; the client inputs the user name and the password of the open platform and submits the user name and the password to the micro service gateway 2, and the micro service gateway 2 distributes the user name and the password to the login authentication server 3 for verification. The login authentication server 3 verifies the correctness of the user name and the password, generates a code after passing the verification and being authorized by the client, and redirects the code to the third-party system, namely returns the code to the client of the third-party system.
3. After the client of the third-party system acquires the code, the appkey and the appsect are submitted to the micro-service gateway 2 of the open platform. The appkey and the appexecute are issued to the third-party system in advance for the open platform and are carried when the third-party system requests access to the open platform.
4. The micro service gateway 2 distributes the received appkey, appsect and code to the login authentication server 3 for login authentication.
5-6, after the code carried in the login request is checked by the login authentication server, the correctness of the code, appkey and appsearch is verified, after the code passes the verification, the authority and the related information (such as a user name, an IP address, a user telephone and the like) of the user are obtained from a Database (DB), and the information is stored in a cache server 4 (which can be a Redis database); at the same time, the login authentication server 3 also generates a token for the user, and stores the token in the cache server 4 as a key of the cache information (the authority and the related information that the user has).
The login authentication server 3 returns the generated token to the client through the micro service gateway 2.
7. After the client of the third-party system acquires the token information, a resource request carrying the token is sent to the micro-service gateway 2, and a resource information path (such as identification information of the resource) is indicated in the request;
8. after receiving the resource request, the micro service gateway 2 checks the validity of the current token based on the token stored in the cache server 4, and simultaneously acquires the related information of the current user and the authority of the current user from the cache server 4 based on the token.
9. And if the token is valid and the authority permits, distributing the resource request to the corresponding resource service according to the routing rule to obtain the corresponding resource data.
10. And the micro service gateway 2 feeds back the acquired resource data to the client.
The resource service in the micro-service architecture can be conveniently accessed based on the authorization code through the method steps shown in fig. 4, and meanwhile, the security of the resource service is improved.
Further, the cache server 4 is configured to set an expiration date for token information received from the login authentication server 3 and stored locally, and perform automatic deletion on token information exceeding the expiration date, so as to ensure real-time performance of the token information and improve security of resource services.
Further, after the login authentication information is verified correctly, the login authentication server 3 is further configured to obtain user information and/or information of an access client related to the login authentication information from a database, and store the user information and/or the information of the access client in association with token information in the cache server 4, so that after a resource request carrying the token information is received by a corresponding resource service in the micro-service framework, the resource request is processed based on the user information and/or the information of the access client stored in association with the token information.
Specifically, after token information is generated by verifying the login authentication information, user information (such as a user name, an IP address, a user phone, and the like listed in the above embodiment) associated with the login authentication information and/or information (such as registration information of an application) of an access client may also be collected and stored in the cache server 4 in association with the generated token information, so that after a resource request carrying the token information is received by a corresponding resource service in the micro service architecture, more information related to the resource service may be obtained in time based on the user information and/or information of the access client stored in association with the token information, and thus the resource request may be processed quickly to feed back resource data of the resource request.
The access client authentication system applied to the micro service architecture provided by the embodiment of the specification receives and distributes login authentication information sent by an access client to a login authentication server through a micro service gateway; the login authentication server is used for carrying out correctness verification on login authentication information and returning token information generated after the verification is passed to the access client through the micro service gateway, and meanwhile, the login authentication server also stores the token information to the cache server; when the micro-service architecture provides services to the outside, the micro-service gateway receives a resource request carrying token information sent by an access client, and distributes a resource request route to a corresponding resource service in the micro-service architecture after the token information passes verification, so that the identity verification of the access client can be realized; the microservice gateway verifies the token information based on the token information stored in the cache server. Because the token information is carried in the resource request sent by the access client each time, the micro service gateway can quickly verify the identity of the access client based on the token information without the need of the authentication server to respectively verify the access client aiming at the resource request each time, thereby effectively improving the simplicity of accessing the micro service architecture by the access client and simultaneously improving the safety of providing service resources by the micro service architecture.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
In the 30 s of the 20 th century, improvements in a technology could clearly be distinguished between improvements in hardware (e.g., improvements in circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements in process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain the corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical modules. For example, a Programmable Logic Device (PLD), such as a Field Programmable Gate Array (FPGA), is an integrated circuit whose Logic functions are determined by programming the Device by a user. A digital system is "integrated" on a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Furthermore, nowadays, instead of manually making an Integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development and writing, but the original code before compiling is also written by a specific Programming Language, which is called Hardware Description Language (HDL), and HDL is not only one but many, such as abel (advanced Boolean Expression Language), ahdl (alternate Hardware Description Language), traffic, pl (core universal Programming Language), HDCal (jhdware Description Language), lang, Lola, HDL, laspam, hardward Description Language (vhr Description Language), vhal (Hardware Description Language), and vhigh-Language, which are currently used in most common. It will also be apparent to those skilled in the art that hardware circuitry that implements the logical method flows can be readily obtained by merely slightly programming the method flows into an integrated circuit using the hardware description languages described above.
The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, and an embedded microcontroller, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may thus be considered a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functions of the units may be implemented in the same software and/or hardware or in multiple software and/or hardware when implementing the embodiments of the present description.
One skilled in the art will recognize that one or more embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, one or more embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The description has been presented with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the description. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
One or more embodiments of the present description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. One or more embodiments of the specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is only an example of this document and is not intended to limit this document. Various modifications and changes may occur to those skilled in the art from this document. Any modifications, equivalents, improvements, etc. which come within the spirit and principle of the disclosure are intended to be included within the scope of the claims of this document.
Claims (10)
1. An access client authentication system applied to a micro service architecture, comprising: the method comprises the following steps of accessing a client, a micro-service gateway, a login authentication server and a cache server;
the micro service gateway is used for receiving and distributing login authentication information sent by the access client to the login authentication server; the login authentication server is used for carrying out correctness verification on the login authentication information and returning token information generated after the verification is passed to the access client through the micro service gateway, and the login authentication server stores the token information to the cache server;
the microservice gateway is further configured to receive a resource request carrying token information sent by the access client, and route and distribute the resource request to a corresponding resource service in the microservice architecture after the token information is verified; the microservice gateway verifies the token information based on the token information stored in the cache server.
2. The access client authentication system applied to the microservice architecture as claimed in claim 1, wherein after the correctness check of the login authentication information is passed, the login authentication server is further configured to obtain the user right information and/or the right information of the access client related to the login authentication information from a database, and store the user right and/or the right information of the access client in the cache server in association with the token information;
the microservice gateway is further configured to determine, before routing and distributing the resource request to a corresponding resource service in the microservice architecture, whether the resource request is allowed to be distributed according to the user permission information and/or permission information of an access client stored in association with the token information, and if the resource request is allowed to be distributed, determine to route and distribute the resource request to the corresponding resource service in the microservice architecture.
3. The access client authentication system applied to the microservice architecture as claimed in claim 2, wherein the access client is specifically: the client side corresponding to the micro service architecture; the login authentication information is a user name and a password which are used for the user to login at the client corresponding to the micro service architecture.
4. The access client authentication system applied to the microservice architecture as claimed in claim 2, wherein the access client is specifically: a server of a third party system independent of the microservice architecture; the login authentication information is a public key and a private key of the third-party system.
5. The access client authentication system applied to the microservice architecture as claimed in claim 2, wherein the access client is specifically: a client of a third party system independent of the microservice architecture; the login authentication information is a public key and a private key of the third-party system and an authorization code acquired by a client of the third-party system from the login authentication server; and the private key of the third-party system is provided for the server of the third-party system.
6. The access client authentication system applied to the micro service architecture as claimed in claim 5, wherein the client of the third party system obtaining the authorization code from the access client authentication system comprises:
after the client of the third-party system responds to the authorized login through the micro-service architecture, the client forwards the authorized login through the micro-service gateway and sends the public key and the callback address of the third-party system to the login authentication server;
and the login authentication server transmits the authorization code to the client of the third-party system through the micro service gateway after the public key and the callback address of the third-party system are verified.
7. The access client authentication system applied to the microservice architecture as claimed in claim 1, wherein the cache server is configured to set an expiration date for token information received from the login authentication server and stored locally, and to perform automatic deletion for token information exceeding the expiration date.
8. The access client authentication system applied to the microservice architecture of claim 1, wherein after the correctness check of the login authentication information is passed, the login authentication server is further configured to obtain user information and/or information of an access client related to the login authentication information from a database, and store the user information and/or the information of the access client in the cache server in association with the token information, so that after the corresponding resource service in the microservice architecture receives the resource request carrying the token information, the resource request is processed based on the user information and/or the information of the access client stored in association with the token information.
9. The access client authentication system applied to the micro service architecture according to claim 1, wherein the micro service architecture comprises at least two resource services executing different businesses, and a micro service management service;
the micro service management service is used for registering, discovering and configuring the resource service in the micro service architecture, so that the micro service gateway discovers the resource service.
10. The access client authentication system applied to the microservice architecture of claim 9, wherein the microservice management service is further configured to register, discover and configure the login authentication server so that the microservice gateway discovers the login authentication server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011386264.7A CN112564916A (en) | 2020-12-01 | 2020-12-01 | Access client authentication system applied to micro-service architecture |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011386264.7A CN112564916A (en) | 2020-12-01 | 2020-12-01 | Access client authentication system applied to micro-service architecture |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112564916A true CN112564916A (en) | 2021-03-26 |
Family
ID=75046990
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011386264.7A Pending CN112564916A (en) | 2020-12-01 | 2020-12-01 | Access client authentication system applied to micro-service architecture |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112564916A (en) |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113067706A (en) * | 2021-04-16 | 2021-07-02 | 京东安联财产保险有限公司 | Application identification system and method, storage medium and electronic device |
| CN113259880A (en) * | 2021-05-20 | 2021-08-13 | 洛阳轴承研究所有限公司 | Micro-service safety charging method based on kong gateway |
| CN113472794A (en) * | 2021-07-05 | 2021-10-01 | 福州数据技术研究院有限公司 | Multi-application system authority unified management method based on micro-service and computer readable storage medium |
| CN113542384A (en) * | 2021-07-08 | 2021-10-22 | 平安科技(深圳)有限公司 | Access request access control method, device, computer equipment and storage medium |
| CN113568764A (en) * | 2021-07-29 | 2021-10-29 | 工银科技有限公司 | User information acquisition method, device, equipment and medium for micro service |
| CN113641966A (en) * | 2021-08-10 | 2021-11-12 | 广域铭岛数字科技有限公司 | Application integration method, system, device and medium |
| CN113783695A (en) * | 2021-08-03 | 2021-12-10 | 西北大学 | Client information authentication method and system of micro-service architecture |
| CN113824554A (en) * | 2021-08-30 | 2021-12-21 | 山东健康医疗大数据有限公司 | Dynamic authentication method and device for data transmission between middleware and computer medium |
| CN113836510A (en) * | 2021-08-13 | 2021-12-24 | 北京吉大正元信息技术有限公司 | Token-based application access control method and device, equipment and storage medium thereof |
| CN113923020A (en) * | 2021-10-09 | 2022-01-11 | 天翼物联科技有限公司 | Micro-service authentication method, device and equipment of SaaS multi-tenant architecture |
| CN113949566A (en) * | 2021-10-15 | 2022-01-18 | 工银科技有限公司 | Resource access method, device, electronic equipment and medium |
| CN114189358A (en) * | 2021-11-16 | 2022-03-15 | 深圳航天智慧城市系统技术研究院有限公司 | Service security policy management method based on private cloud |
| CN114385995A (en) * | 2022-01-06 | 2022-04-22 | 徐工汉云技术股份有限公司 | Handle-based method for accessing identifier analysis micro-service to industrial Internet and identifier service system |
| CN114465996A (en) * | 2022-01-30 | 2022-05-10 | 中国农业银行股份有限公司 | Interface authority control system and method and electronic equipment |
| CN114629637A (en) * | 2022-03-09 | 2022-06-14 | 航天科工智慧产业发展有限公司 | Method for micro-service safety management and application system thereof |
| CN114640472A (en) * | 2022-03-22 | 2022-06-17 | 湖南快乐阳光互动娱乐传媒有限公司 | Protected resource data acquisition method and device and unified open platform |
| CN114928460A (en) * | 2022-02-14 | 2022-08-19 | 上海大学 | Multi-tenant application integration framework system based on micro-service architecture |
| CN115242400A (en) * | 2022-06-29 | 2022-10-25 | 重庆长安汽车股份有限公司 | Vehicle Token uniqueness and cloud authentication system and method |
| CN115357403A (en) * | 2022-10-20 | 2022-11-18 | 智己汽车科技有限公司 | Micro-service system for task scheduling and task scheduling method |
| CN115665265A (en) * | 2022-12-29 | 2023-01-31 | 国家超级计算天津中心 | Request processing method, device, equipment, storage medium and system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20190024817A (en) * | 2017-08-31 | 2019-03-08 | 캐논 가부시끼가이샤 | Authority transfer system, control method therefor, and client |
| CN109743163A (en) * | 2019-01-03 | 2019-05-10 | 优信拍(北京)信息科技有限公司 | Purview certification method, apparatus and system in micro services framework |
| CN110086822A (en) * | 2019-05-07 | 2019-08-02 | 北京智芯微电子科技有限公司 | The realization method and system of unified identity authentication strategy towards micro services framework |
-
2020
- 2020-12-01 CN CN202011386264.7A patent/CN112564916A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20190024817A (en) * | 2017-08-31 | 2019-03-08 | 캐논 가부시끼가이샤 | Authority transfer system, control method therefor, and client |
| CN109743163A (en) * | 2019-01-03 | 2019-05-10 | 优信拍(北京)信息科技有限公司 | Purview certification method, apparatus and system in micro services framework |
| CN110086822A (en) * | 2019-05-07 | 2019-08-02 | 北京智芯微电子科技有限公司 | The realization method and system of unified identity authentication strategy towards micro services framework |
Non-Patent Citations (1)
| Title |
|---|
| 李增耀: "Moodle系统中微博第三方登录设计与开发", 《电脑编程技巧与维护》 * |
Cited By (30)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113067706A (en) * | 2021-04-16 | 2021-07-02 | 京东安联财产保险有限公司 | Application identification system and method, storage medium and electronic device |
| CN113259880A (en) * | 2021-05-20 | 2021-08-13 | 洛阳轴承研究所有限公司 | Micro-service safety charging method based on kong gateway |
| CN113472794A (en) * | 2021-07-05 | 2021-10-01 | 福州数据技术研究院有限公司 | Multi-application system authority unified management method based on micro-service and computer readable storage medium |
| CN113472794B (en) * | 2021-07-05 | 2023-08-15 | 福州数据技术研究院有限公司 | Multi-application system authority unified management method based on micro-service and storage medium |
| CN113542384A (en) * | 2021-07-08 | 2021-10-22 | 平安科技(深圳)有限公司 | Access request access control method, device, computer equipment and storage medium |
| CN113542384B (en) * | 2021-07-08 | 2022-11-08 | 平安科技(深圳)有限公司 | Access request access control method, device, computer equipment and storage medium |
| CN113568764A (en) * | 2021-07-29 | 2021-10-29 | 工银科技有限公司 | User information acquisition method, device, equipment and medium for micro service |
| CN113783695A (en) * | 2021-08-03 | 2021-12-10 | 西北大学 | Client information authentication method and system of micro-service architecture |
| CN113783695B (en) * | 2021-08-03 | 2022-12-09 | 西北大学 | Client information authentication method and system of micro-service architecture |
| CN113641966B (en) * | 2021-08-10 | 2024-04-09 | 广域铭岛数字科技有限公司 | Application integration method, system, equipment and medium |
| CN113641966A (en) * | 2021-08-10 | 2021-11-12 | 广域铭岛数字科技有限公司 | Application integration method, system, device and medium |
| CN113836510A (en) * | 2021-08-13 | 2021-12-24 | 北京吉大正元信息技术有限公司 | Token-based application access control method and device, equipment and storage medium thereof |
| CN113836510B (en) * | 2021-08-13 | 2022-07-12 | 北京吉大正元信息技术有限公司 | Token-based application access control method and device, equipment and storage medium thereof |
| CN113824554A (en) * | 2021-08-30 | 2021-12-21 | 山东健康医疗大数据有限公司 | Dynamic authentication method and device for data transmission between middleware and computer medium |
| CN113824554B (en) * | 2021-08-30 | 2024-02-13 | 山东浪潮智慧医疗科技有限公司 | Dynamic authentication method, device and computer medium for data transmission between middleware |
| CN113923020B (en) * | 2021-10-09 | 2024-05-17 | 天翼物联科技有限公司 | Micro-service authentication method, device and equipment of SaaS multi-tenant architecture |
| CN113923020A (en) * | 2021-10-09 | 2022-01-11 | 天翼物联科技有限公司 | Micro-service authentication method, device and equipment of SaaS multi-tenant architecture |
| CN113949566B (en) * | 2021-10-15 | 2024-06-11 | 工银科技有限公司 | Resource access method, device, electronic equipment and medium |
| CN113949566A (en) * | 2021-10-15 | 2022-01-18 | 工银科技有限公司 | Resource access method, device, electronic equipment and medium |
| CN114189358A (en) * | 2021-11-16 | 2022-03-15 | 深圳航天智慧城市系统技术研究院有限公司 | Service security policy management method based on private cloud |
| CN114385995B (en) * | 2022-01-06 | 2024-05-17 | 徐工汉云技术股份有限公司 | Method for accessing micro-service to industrial Internet through identification analysis based on Handle and identification service system |
| CN114385995A (en) * | 2022-01-06 | 2022-04-22 | 徐工汉云技术股份有限公司 | Handle-based method for accessing identifier analysis micro-service to industrial Internet and identifier service system |
| CN114465996A (en) * | 2022-01-30 | 2022-05-10 | 中国农业银行股份有限公司 | Interface authority control system and method and electronic equipment |
| CN114928460A (en) * | 2022-02-14 | 2022-08-19 | 上海大学 | Multi-tenant application integration framework system based on micro-service architecture |
| CN114629637A (en) * | 2022-03-09 | 2022-06-14 | 航天科工智慧产业发展有限公司 | Method for micro-service safety management and application system thereof |
| CN114640472A (en) * | 2022-03-22 | 2022-06-17 | 湖南快乐阳光互动娱乐传媒有限公司 | Protected resource data acquisition method and device and unified open platform |
| CN115242400A (en) * | 2022-06-29 | 2022-10-25 | 重庆长安汽车股份有限公司 | Vehicle Token uniqueness and cloud authentication system and method |
| CN115242400B (en) * | 2022-06-29 | 2024-06-04 | 重庆长安汽车股份有限公司 | Vehicle-mounted Token uniqueness and cloud authentication system and method |
| CN115357403A (en) * | 2022-10-20 | 2022-11-18 | 智己汽车科技有限公司 | Micro-service system for task scheduling and task scheduling method |
| CN115665265A (en) * | 2022-12-29 | 2023-01-31 | 国家超级计算天津中心 | Request processing method, device, equipment, storage medium and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112564916A (en) | Access client authentication system applied to micro-service architecture | |
| TWI706654B (en) | Authentication method, authentication data processing method and device based on blockchain | |
| CN109033774B (en) | Method and device for acquiring and feeding back user resources and electronic equipment | |
| US10484385B2 (en) | Accessing an application through application clients and web browsers | |
| JP2021504832A (en) | Model training system and method and storage medium | |
| CN108289101B (en) | Information processing method and device | |
| US11366803B2 (en) | Method for providing relational decentralized identifier service and blockchain node using the same | |
| US9934310B2 (en) | Determining repeat website users via browser uniqueness tracking | |
| CN110445769B (en) | Access method and device of business system | |
| JP2018536232A (en) | System and method for controlling sign-on to a web application | |
| US20170324719A1 (en) | User authentication framework | |
| WO2023040953A1 (en) | Progressively validating access tokens | |
| KR20160018554A (en) | Roaming internet-accessible application state across trusted and untrusted platforms | |
| CN109145621B (en) | Document management method and device | |
| CN113626795A (en) | Verification method and device of distributed system architecture, electronic equipment and storage medium | |
| CN112734349A (en) | Interface generation method, data calling method, device and electronic equipment | |
| CN108319506B (en) | A kind of data hierarchy processing method and processing device | |
| CN112015808B (en) | Vehicle data processing method and device based on alliance chain | |
| CN114091077A (en) | Authentication method, device, equipment and storage medium | |
| CN113472781A (en) | Service acquisition method, server and computer readable storage medium | |
| CN111444483A (en) | Authentication method, device and equipment | |
| CN112905984A (en) | Authority control method and device and electronic equipment | |
| CN112330366A (en) | Redemption code redemption request verification method, apparatus, device and computer readable medium | |
| CN112748960A (en) | Process control method and device, electronic equipment and storage medium | |
| CN113076552B (en) | HDFS (Hadoop distributed File System) resource access permission verification method and device and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: Room 306, No. 799, Ximen Road, Chengqiao Town, Chongming District, Shanghai 202150 Applicant after: SHANGHAI I2FINANCE SOFTWARE CO.,LTD. Address before: Room 2076, area C, building 8, No.2, Guanshan Road, Chengqiao Town, Chongming District, Shanghai 202150 Applicant before: SHANGHAI I2FINANCE SOFTWARE CO.,LTD. |
|
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210326 |