CN112929321B - Authentication method, device and terminal equipment - Google Patents
Authentication method, device and terminal equipment Download PDFInfo
- Publication number
- CN112929321B CN112929321B CN201911237083.5A CN201911237083A CN112929321B CN 112929321 B CN112929321 B CN 112929321B CN 201911237083 A CN201911237083 A CN 201911237083A CN 112929321 B CN112929321 B CN 112929321B
- Authority
- CN
- China
- Prior art keywords
- authentication
- request
- information
- parameter
- path
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0884—Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/562—Brokering proxy services
Abstract
The embodiment of the invention provides an authentication method, an authentication device and terminal equipment. Wherein the method comprises the following steps: acquiring configuration parameters pre-configured for the authentication server, wherein the configuration parameters are used for representing the authentication mode of the authentication server; when a data acquisition request is received, sending an authentication request conforming to the authentication mode to the authentication server according to the authentication mode represented by the configuration parameters; and receiving an authentication response returned by the authentication server aiming at the authentication request, wherein the authentication response carries authentication information. The deployment of the authentication system can be completed without changing the underlying service logic of the terminal equipment, so that the efficiency of deploying the authentication system in the CDN can be improved, and the labor cost for deploying the authentication system is reduced.
Description
Technical Field
The invention relates to the technical field of cloud storage, in particular to an authentication method, an authentication device and terminal equipment.
Background
The client device may send a data acquisition request to a terminal device in a CDN (Content Delivery Network) to acquire data in the CDN. In consideration of data security, after receiving a data request, the terminal device may send an authentication request for the client to the authentication server, and the authentication server returns an authentication response to the terminal device for the authentication request, where the authentication response carries authentication information used to indicate whether the client device has an authority to acquire the requested data. The terminal equipment obtains an authentication result by analyzing the authentication information, and determines whether to feed back the requested data to the client equipment or not according to the authentication result.
Different CDNs may have different authentication modes of the authentication server due to different application scenarios, and thus the required format of the authentication request and/or the format of the fed back authentication result may be different. In the related art, developers can develop terminal devices with different service logics for different authentication servers, so that the terminal devices can send authentication requests meeting the requirements of the authentication servers and accurately identify authentication responses returned by the authentication servers.
However, when there are a large number of CDNs with different application scenarios, it is necessary to develop corresponding terminal devices for the authentication server in each CDN, which results in low efficiency and high labor cost for deploying the authentication system in the CDN.
Disclosure of Invention
The embodiment of the invention aims to provide an authentication method, an authentication device and terminal equipment, so as to improve the efficiency of deploying an authentication system in a CDN (content delivery network) and reduce the labor cost of deploying the authentication system. The specific technical scheme is as follows:
in a first aspect of the embodiments of the present invention, an authentication method is provided, where the authentication method is applied to a terminal device in a content delivery network CDN, where the CDN further includes an authentication server, and the method includes:
acquiring configuration parameters which are configured in advance for the authentication server, wherein the configuration parameters are used for representing the authentication mode of the authentication server;
when a data acquisition request is received, sending an authentication request conforming to the authentication mode to the authentication server according to the authentication mode represented by the configuration parameters;
and receiving an authentication response returned by the authentication server aiming at the authentication request, wherein the authentication response carries authentication information.
In a possible embodiment, after said receiving an authentication response returned by said authentication server for said authentication request, said method further comprises:
and analyzing the authentication information according to the analysis condition represented by the configuration parameter to obtain an authentication result representing passing or refusing.
In a possible embodiment, the configuration parameter includes a response mode parameter, and the response mode parameter is used to indicate that an element used for indicating an authentication result in the authentication information is a status code and/or an information body;
the analyzing the authentication information according to the analysis condition represented by the configuration parameter to obtain an authentication result representing passing or refusing, including:
reading an element used for representing an authentication result from the authentication information according to the element represented by the response mode parameter;
if the read element accords with the authentication rule, determining that the authentication result is passed;
and if the read element does not accord with the authentication rule, determining that the authentication result is refused.
In a possible embodiment, the configuration parameters further include a judgment rule parameter, and the judgment rule parameter is used for representing an authentication rule.
In a possible embodiment, the configuration parameters include authentication path parameters, and the authentication path parameters are used for representing one or more preset paths;
the method further comprises the following steps:
when a data acquisition request is received, determining whether a path of data requested by the data acquisition request belongs to the preset path;
if the path of the data requested by the data acquisition request does not belong to the preset path, terminating authentication;
the sending of the authentication request conforming to the authentication mode to the authentication server includes:
and if the path of the data requested by the data acquisition request belongs to the preset path, sending an authentication request meeting the authentication mode to the authentication server.
In a possible embodiment, the configuration parameter includes an information modification parameter, and the information modification parameter is used for indicating a modification mode of information in the data acquisition request;
the sending an authentication request conforming to the authentication mode to the authentication server according to the authentication mode represented by the configuration parameters includes:
modifying the data acquisition request according to the modification mode represented by the information modification parameter to obtain an authentication request;
and sending the authentication request to the authentication server.
In a possible embodiment, the method further comprises:
determining whether an information body in the data acquisition request is not in a preset format;
the sending the authentication request to the authentication server includes:
if the information body in the data acquisition request is not in a preset format, the authentication request is sent to the middleware, so that the middleware packages the information body in the authentication request according to the preset format, and sends the packaged authentication request to the authentication server.
In a second aspect of the present invention, an authentication apparatus is provided, where the authentication apparatus is applied to a terminal device in a content delivery network CDN, the CDN further includes an authentication server, and the apparatus includes:
a parameter obtaining module, configured to obtain a configuration parameter pre-configured for the authentication server, where the configuration parameter is used to indicate an authentication mode of the authentication server;
the request module is used for sending an authentication request conforming to the authentication mode to the authentication server according to the authentication mode represented by the configuration parameters when receiving a data acquisition request;
the authentication module is used for receiving an authentication response returned by the authentication server aiming at the authentication request, and the authentication response carries authentication information;
in a possible embodiment, the apparatus further includes an analysis module, configured to analyze the authentication information according to an analysis condition indicated by the configuration parameter, so as to obtain an authentication result indicating passing or refusing.
In a possible embodiment, the configuration parameter includes a response mode parameter, and the response mode parameter is used to indicate that an element used for indicating an authentication result in the authentication information is a status code and/or an information body;
the analysis module is specifically configured to read an element used for representing an authentication result from the authentication information according to the element represented by the response mode parameter;
if the read element accords with the authentication rule, determining that the authentication result is passed;
and if the read element does not accord with the authentication rule, determining that the authentication result is refused.
In a possible embodiment, the configuration parameters further include a judgment rule parameter, and the judgment rule parameter is used to represent an authentication rule.
In a possible embodiment, the configuration parameters include authentication path parameters, which are used to represent one or more preset paths;
the request module is further configured to determine whether a path of data requested by a data acquisition request belongs to the preset path when the data acquisition request is received;
if the path of the data requested by the data acquisition request does not belong to the preset path, terminating authentication;
the request module is specifically configured to send an authentication request conforming to the authentication mode to the authentication server if a path of the data requested by the data acquisition request belongs to the preset path.
In a possible embodiment, the configuration parameter includes an information modification parameter, and the information modification parameter is used for indicating a modification mode of information in the data acquisition request;
the request module is specifically configured to modify the data acquisition request according to a modification manner indicated by the information modification parameter to obtain an authentication request;
and sending the authentication request to the authentication server.
In a possible embodiment, the request module is further configured to determine whether an information body in the data obtaining request is not in a preset format;
the request module is specifically configured to send the authentication request to a middleware if an information body in the data acquisition request is not in a preset format, so that the middleware packages the information body in the authentication request according to the preset format, and sends the packaged authentication request to the authentication server.
In a third aspect of the embodiments of the present invention, a terminal device is provided, where the terminal device includes a processor, a communication interface, a memory, and a communication bus, where the processor, the communication interface, and the memory complete mutual communication through the communication bus;
a memory for storing a computer program;
a processor for implementing the method steps of any one of the first aspect when executing a program stored in the memory.
In a fourth aspect of the embodiments IDE of the present invention, a computer-readable storage medium is provided, having stored thereon a computer program which, when executed by a processor, performs the method steps of any one of the first aspects.
The authentication method, the authentication device and the terminal equipment provided by the embodiment of the invention can enable the terminal equipment to send the authentication request with the format required by the authentication server in a parameter configuration mode, and can complete the deployment of the authentication system on the premise of not changing the underlying service logic of the terminal equipment, thereby improving the efficiency of deploying the authentication system in a CDN (content delivery network) and reducing the labor cost for deploying the authentication system. Of course, not all of the advantages described above need to be achieved at the same time in the practice of any one product or method of the invention.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic diagram of a possible application scenario of the authentication method according to the embodiment of the present invention;
fig. 2a is a schematic flowchart of an authentication method according to an embodiment of the present invention;
fig. 2b is another schematic flow chart of the authentication method according to the embodiment of the present invention;
fig. 3 is another schematic flow chart of an authentication method according to an embodiment of the present invention;
fig. 4 is a signaling interaction diagram of an authentication method according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an authentication apparatus according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a terminal device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, belong to the protection scope of the present invention.
For more clearly explaining the authentication method provided by the embodiment of the present invention, referring to fig. 1, fig. 1 is a schematic diagram illustrating a possible application scenario of the authentication method provided by the embodiment of the present invention, which includes a client device 110, a terminal device 120, and an authentication server 130.
When the client device 110 needs to obtain data in the CDN, a data obtaining request may be sent to the terminal device 120, and after receiving the data obtaining request, the terminal device 120 sends an authentication request to the authentication server 130 according to the received data obtaining request. The authentication server 130 feeds back the authentication information to the terminal device 120 according to the authentication request, and the terminal device 120 analyzes the authentication information to obtain an authentication result. If the authentication result is yes, the terminal device 120 may determine whether the data requested by the client device 110 is locally stored, send the data to the client device 110 if the requested data is locally stored, and obtain the requested data from a higher node of the terminal device 120 in the CDN and send the obtained data to the client device 110 if the requested data is not locally stored. If the authentication result is a rejection, the terminal device 120 terminates the data acquisition.
Fig. 1 shows only one possible application scenario of the authentication method provided in the embodiment of the present invention, and the authentication method provided in the embodiment of the present invention may also be applied to other application scenarios, which is not limited in this embodiment. Referring to fig. 2a, fig. 2a is a schematic flow chart of an authentication method according to an embodiment of the present invention, which may include:
s201, obtaining the configuration parameters configured in advance for the authentication server.
The configuration parameter is used for representing an authentication mode of the authentication server. The configuration parameters corresponding to the authentication server may be obtained by reading the configuration file corresponding to the authentication server. Parameters included in the configuration parameters may be different according to different application scenarios, and the parameters specifically included in the configuration parameters will be described in the subsequent embodiments, which are not described herein again.
S202, when receiving the data acquisition request, according to the authentication mode represented by the configuration parameters, sending an authentication request conforming to the authentication mode to the authentication server.
The configuration parameters can represent the authentication mode of the authentication server, so the authentication request which accords with the authentication mode of the authentication server can be obtained according to the configuration parameters, and the authentication server can correctly process the authentication request.
S203, receiving an authentication response returned by the authentication server aiming at the authentication request, wherein the authentication response carries authentication information.
As described in the foregoing analysis, since the authentication server can correctly process the authentication request, the authentication information fed back by the authentication server for the authentication request can be acquired. And the authentication information may represent the authentication result, so that authentication of the client device may be achieved.
By selecting the embodiment, the terminal equipment can send the authentication request with the format required by the authentication server in a parameter configuration mode, and the deployment of the authentication system can be completed on the premise of not changing the underlying service logic of the terminal equipment, so that the efficiency of deploying the authentication system in the CDN can be improved, and the labor cost for deploying the authentication system is reduced.
In another possible embodiment, as shown in fig. 2b, after S203, the method may further include:
and S204, analyzing the authentication information according to the analysis condition represented by the configuration parameter to obtain an authentication result representing passing or refusing.
The authentication information may be used to represent an authentication result, but in an authentication response returned by different authentication servers, the authentication information represents the authentication result in a different manner, for example, in some application scenarios, the authentication information may be represented by a status code in the authentication information, for example, if the status code in the authentication information is 200, the authentication result is indicated as pass, and if the status code in the authentication information is not 200, the authentication result is indicated as reject. In other application scenarios, the authentication result may also be represented by an information body in the authentication information, for example, if the information body of the authentication information is false, the authentication result is passed, and if the information body of the authentication information is True, the authentication result is rejected. In other application scenarios, the authentication result may also be represented by a status code and an information body in the authentication information, for example, if the status code in the authentication information is 200 and the information body is false, the authentication result is passed, and if the status code is not 200 or the information body is True, the authentication result is rejected.
The configuration parameters can represent the authentication mode of the authentication server, so that how the authentication information fed back by the authentication server carries the authentication result can be determined according to the configuration parameters, and the authentication information can be correctly analyzed according to the configuration parameters to obtain the authentication result.
By selecting the embodiment, the terminal equipment can send the authentication request with the format required by the authentication server in a parameter configuration mode, and the authentication information fed back by the authentication server is correctly analyzed, so that the deployment of the authentication system can be completed on the premise of not changing the underlying service logic of the terminal equipment, the efficiency of deploying the authentication system in the CDN can be improved, and the labor cost for deploying the authentication system is reduced.
The following describes parameters that may be included in the configuration parameters, and depending on different application scenarios, the configuration parameters may include part (one or more) or all of the subsequently described multiple parameters, and may also include other parameters besides the subsequently described multiple parameters.
In a possible embodiment, the configuration parameter may include a response mode parameter, where the response mode parameter is used to indicate that an element in the authentication information used to indicate the authentication result is a status code and/or an information body. As described above, the authentication result may be represented by the status code in the authentication information, or by the information body in the authentication information, or by both the status code and the information body.
Therefore, if the authentication information needs to be correctly parsed to obtain the authentication result, it needs to be determined which elements in the authentication information are used for representing the authentication result. In this embodiment, an element indicating an authentication result may be read from the authentication information according to the response mode parameter, and the authentication result may be determined according to the read element. For example, assuming that the element indicating the authentication result in the authentication information is a status code in response to the mode parameter, the status code is read from the authentication information, and the authentication result is determined according to the read status code.
In a possible embodiment, the configuration parameters may further include a judgment rule parameter, and the judgment rule parameter is used to represent an authentication rule. Illustratively, the authentication rule may be equal to 200, may also be equal to 200 or 206, may also be smaller than 201, and the like. In this embodiment, it may be determined whether the read element satisfies the authentication rule, if the read element satisfies the authentication rule, the authentication result is determined to be pass, and if the read element does not satisfy the authentication rule, the authentication result is determined to be reject. For example, it is assumed that the response mode parameter indicates that the element of the authentication result is the status code, and the judgment rule parameter indicates that the authentication rule is 200, if the read status code is 200, the authentication result is determined to be pass due to the authentication rule being met, and if the read status code is 198, the authentication result is determined to be reject due to the authentication rule not being met.
The judgment rule parameter may include a relationship sub-parameter and a value sub-parameter, where the relationship sub-parameter is used to represent a relationship, and may be, for example, any one of the following 8 operators: greater than, less than, equal to, not equal to, greater than equal to, less than equal to, matched, mismatched. The value sub-parameter is used for representing one or more values, and whether the preset rule represented by the rule parameter is the relationship represented by the relationship sub-parameter is met between the read element and the value represented by the value sub-parameter or not is judged. Illustratively, assuming the relationship sub-parameter representation is equal to, the value sub-parameters represent 200 and 206, the authentication rule is equal to 200 or 206.
In one possible embodiment, the configuration parameters may include authentication path parameters, which are used to represent one or more preset paths. The authentication path parameter may represent one or more paths in the form of a character string, for example, "/ultoken/auth", or represent one or more paths in the form of a variable, for example, may represent that a preset path is obtained from a variable token, or represent one or more paths in the form of a combination of a character string and a variable, which is not limited in this embodiment.
The embodiment may be as shown in fig. 3, where fig. 3 is a schematic flow chart of another authentication method provided in the embodiment of the present invention, and the method may include:
s301, obtaining the configuration parameters configured in advance for the authentication server.
The step is the same as S201, and reference may be made to the foregoing description about S201, which is not described herein again.
S302, when receiving the data obtaining request, determining whether a path of the data requested by the data obtaining request belongs to a preset path, if the path of the data requested by the data obtaining request belongs to the preset path, executing S303, and if the path of the data requested by the data obtaining request does not belong to the preset path, executing S306.
The path of the requested data belongs to the preset path, which means that at least one preset path exists and is the same as the path of the requested data.
S303, according to the authentication mode represented by the configuration parameters, sending an authentication request conforming to the authentication mode to the authentication server.
It can be understood that, if the requested data belongs to the preset path, it may be considered that the data requested by the client device needs to be successfully authenticated before being acquired, and therefore, an authentication request needs to be sent to the authentication server.
S304, receiving an authentication response returned by the authentication server aiming at the authentication request.
The step is the same as S203, and reference may be made to the foregoing description about S203, which is not described herein again.
S305, according to the analysis mode indicated by the configuration parameters, the authentication information is analyzed to obtain an authentication result.
The step is the same as S204, and reference may be made to the foregoing description about S204, which is not repeated herein.
S306, terminating the authentication.
It can be understood that, if the requested data does not belong to the preset path, it may be considered that the data requested by the client device is obtained without authentication, and thus the authentication may be terminated without sending an authentication request to the authentication server.
In one possible embodiment, the configuration parameters may include an information modification parameter, and the information modification parameter is used to indicate a modification manner of information in the data acquisition request. In this embodiment, the data acquisition request may be modified according to the modification mode indicated by the information modification parameter, so as to obtain the authentication request.
The request parameter in the data obtaining request may be modified, the request header of the data obtaining request may be modified, or the request parameter and the request header in the data obtaining request may be modified. When the request parameter is modified, any one of the following four modification modes can be adopted: ignore, reserve, delete, add. The ignoring means ignoring all request parameters, that is, the authentication request does not include any request parameter, the reserving means reserving the specified partial request parameters, that is, the authentication request includes the specified partial request parameters, the deleting means deleting the specified partial request parameters, that is, the authentication request includes all request parameters except the specified partial request parameters, and the adding means adding other request parameters except the original request parameters, that is, the authentication request includes other request parameters except the original request parameters. The modification to the request header may be the addition of a custom request header. If the information modification parameter is null in the configuration parameters, the information in the data acquisition request may not be modified, so as to retain all the information in the data acquisition request in the obtained authentication request (i.e., transparent transmission).
In some application scenarios, the authentication server may have a requirement on the format of the information body in the authentication request, for example, the format of the information body in the authentication request is required to be json format, and if the format of the information body in the data acquisition request is other format, such as string format, the information body in the authentication request obtained based on the data acquisition request is also other format.
Based on this, in a possible embodiment, it may be determined whether the information body in the data acquisition request is not in the preset format, and if the information body in the data acquisition request is not in the preset format, the authentication request is sent to the middleware, so that the middleware encapsulates the information body in the authentication request according to the preset format, and sends the encapsulated authentication request to the authentication server. In this embodiment, reference may be made to fig. 4 for signaling interaction in the authentication flow, and fig. 4 is a signaling interaction diagram of the authentication method according to the embodiment of the present invention, where the signaling interaction diagram includes the client device 110, the terminal device 120, the authentication server 130, and the middleware 140.
And step 2, the terminal equipment sends an authentication request to the local machine (127.0.0.1).
And 3, the local machine sends an authentication request to the internal network equipment of the CDN provider, and modifies the request host into the domain name of the internal network equipment.
And 4, the internal network equipment sends an authentication request to the middleware.
And 5, after the middleware is encapsulated again, sending an authentication request to the authentication server, and modifying the request host into the address of the authentication server.
And 6, the authentication server feeds back authentication information to the middleware.
And 7, the middleware feeds back authentication information to the internal network equipment.
And 8, the internal network equipment feeds back authentication information to the local network equipment.
And 9, feeding back the authentication information to the terminal equipment by the local machine.
By adopting the embodiment, the information body can be uniformly packaged, and the condition that the normal authentication cannot be carried out due to incorrect format of the information body is avoided.
Referring to fig. 5, fig. 5 is a schematic structural diagram of an authentication apparatus according to an embodiment of the present invention, which is applied to a terminal device in a content delivery network CDN, where the CDN further includes an authentication server, and the apparatus includes:
a parameter obtaining module 501, configured to obtain a configuration parameter pre-configured for the authentication server, where the configuration parameter is used to indicate an authentication mode of the authentication server;
a request module 502, configured to send, when receiving a data acquisition request, an authentication request conforming to an authentication mode to an authentication server according to the authentication mode indicated by the configuration parameter;
the authentication module 503 is configured to receive an authentication response returned by the authentication server for the authentication request, where the authentication response carries authentication information.
In a possible embodiment, the configuration parameter is further used for representing a resolution mode of the authentication information;
the device also comprises an analysis module used for analyzing the authentication information according to the analysis conditions represented by the configuration parameters to obtain the authentication result representing passing or refusing.
The configuration parameters comprise response mode parameters, and the response mode parameters are used for indicating that elements used for indicating the authentication result in the authentication information are status codes and/or information bodies;
the analysis module is specifically used for reading an element used for representing an authentication result from the authentication information according to the element represented by the response mode parameter;
if the read element accords with the authentication rule, determining that the authentication result is passed;
and if the read element does not accord with the authentication rule, determining that the authentication result is refused.
In a possible embodiment, the configuration parameters further include a judgment rule parameter, and the judgment rule parameter is used for representing the authentication rule.
In one possible embodiment, the configuration parameters include authentication path parameters, which are used to represent one or more preset paths;
the request module 502 is further configured to, when receiving a data acquisition request, determine whether a path of data requested by the data acquisition request belongs to a preset path;
if the path of the data requested by the data acquisition request does not belong to the preset path, terminating authentication;
the request module 502 is specifically configured to send an authentication request meeting an authentication mode to the authentication server if a path of data requested by the data obtaining request belongs to a preset path.
In a possible embodiment, the configuration parameters include an information modification parameter, and the information modification parameter is used for indicating a modification mode of information in the data acquisition request;
a request module 502, specifically configured to modify the data obtaining request according to the modification manner indicated by the information modification parameter, so as to obtain an authentication request;
an authentication request is sent to an authentication server.
In a possible embodiment, the request module 502 is further configured to determine whether an information body in the data obtaining request is not in a preset format;
the request module 502 is specifically configured to send an authentication request to the middleware if the information in the data obtaining request is not in the preset format, so that the middleware packages the information in the authentication request according to the preset format, and sends the packaged authentication request to the authentication server.
The embodiment of the present invention further provides a terminal device, as shown in fig. 6, which includes a processor 601, a communication interface 602, a memory 603, and a communication bus 604, where the processor 601, the communication interface 602, and the memory 603 complete mutual communication through the communication bus 604,
a memory 603 for storing a computer program;
the processor 601 is configured to implement the following steps when executing the program stored in the memory 603:
acquiring configuration parameters which are configured in advance aiming at an authentication server, wherein the configuration parameters are used for representing the authentication mode of the authentication server;
when a data acquisition request is received, sending an authentication request conforming to an authentication mode to an authentication server according to the authentication mode represented by the configuration parameters;
and receiving an authentication response returned by the authentication server aiming at the authentication request, wherein the authentication response carries authentication information.
It will be appreciated that the terminal device may be an edge device.
In a possible embodiment, after receiving an authentication response returned by the authentication server for the authentication request, the method further comprises:
and analyzing the authentication information according to the analysis condition represented by the configuration parameter to obtain an authentication result representing passing or refusing.
In a possible embodiment, the configuration parameter includes a response mode parameter, where the response mode parameter is used to indicate that an element in the authentication information used to indicate the authentication result is a status code and/or an information body;
analyzing the authentication information according to the analysis condition represented by the configuration parameter to obtain an authentication result representing passing or refusing, comprising:
reading an element for representing an authentication result from the authentication information according to the element represented by the response mode parameter;
if the read element accords with the authentication rule, determining that the authentication result is passed;
and if the read element does not accord with the authentication rule, determining that the authentication result is refused.
In a possible embodiment, the configuration parameters further include a judgment rule parameter, and the judgment rule parameter is used for representing the authentication rule.
In a possible embodiment, the configuration parameters include authentication path parameters, and the authentication path parameters are used for representing one or more preset paths;
the method further comprises the following steps:
when a data acquisition request is received, determining whether a path of data requested by the data acquisition request belongs to a preset path or not;
if the path of the data requested by the data acquisition request does not belong to the preset path, terminating authentication;
sending an authentication request conforming to the authentication mode to an authentication server, comprising:
and if the path of the data requested by the data acquisition request belongs to a preset path, sending an authentication request meeting the authentication mode to an authentication server.
In a possible embodiment, the configuration parameters include an information modification parameter, and the information modification parameter is used for indicating a modification mode of information in the data acquisition request;
sending an authentication request conforming to the authentication mode to an authentication server according to the authentication mode represented by the configuration parameters, wherein the authentication request comprises the following steps:
modifying the data acquisition request according to the modification mode represented by the information modification parameter to obtain an authentication request;
an authentication request is sent to an authentication server.
In one possible embodiment, the method further comprises:
determining whether an information body in the data acquisition request is not in a preset format;
sending an authentication request to an authentication server, comprising:
and if the information body in the data acquisition request is not in the preset format, sending an authentication request to the middleware so that the middleware packages the information body in the authentication request according to the preset format and sends the packaged authentication request to an authentication server.
The communication bus mentioned in the above terminal device may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown, but this is not intended to represent only one bus or type of bus.
The communication interface is used for communication between the terminal equipment and other equipment.
The Memory may include a Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), application Specific Integrated Circuits (ASICs), field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components.
In yet another embodiment provided by the present invention, a computer-readable storage medium is further provided, which stores instructions that, when executed on a computer, cause the computer to perform any one of the authentication methods in the above embodiments.
In a further embodiment provided by the present invention, there is also provided a computer program product containing instructions which, when run on a computer, cause the computer to perform any of the authentication methods of the above embodiments.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, it may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the invention to be performed in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website site, computer, server, or data center to another website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid State Disk (SSD)), among others.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of additional like elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the embodiments of the apparatus, the terminal device, the computer-readable storage medium, and the computer program product, since they are substantially similar to the method embodiments, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the method embodiments.
The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.
Claims (9)
1. An authentication method is applied to a terminal device in a Content Delivery Network (CDN), the CDN further includes an authentication server, and the method includes:
acquiring configuration parameters which are configured in advance for the authentication server, wherein the configuration parameters are used for representing the authentication mode of the authentication server; the configuration parameters comprise authentication path parameters, and the authentication path parameters are used for representing one or more preset paths;
when a data acquisition request is received, determining whether a path of data requested by the data acquisition request belongs to the preset path;
if the path of the data requested by the data acquisition request does not belong to the preset path, terminating authentication;
if the path of the data requested by the data acquisition request belongs to the preset path, sending an authentication request conforming to the authentication mode to the authentication server according to the authentication mode represented by the configuration parameters;
and receiving an authentication response returned by the authentication server aiming at the authentication request, wherein the authentication response carries authentication information.
2. The method of claim 1, wherein the configuration parameter is further used to indicate a parsing manner of the authentication information;
after the receiving of the authentication response returned by the authentication server for the authentication request, the method further comprises:
and analyzing the authentication information according to the analysis condition represented by the configuration parameter to obtain an authentication result representing passing or refusing.
3. The method according to claim 2, wherein the configuration parameter includes a response mode parameter, and the response mode parameter is used to indicate that an element in the authentication information used to indicate the authentication result is a status code and/or an information body;
the analyzing the authentication information according to the analysis condition represented by the configuration parameter to obtain an authentication result representing passing or refusing, including:
reading an element for representing an authentication result from the authentication information according to the element represented by the response mode parameter;
if the read element accords with the authentication rule, determining that the authentication result is passed;
and if the read element does not accord with the authentication rule, determining that the authentication result is refused.
4. The method of claim 3, wherein the configuration parameters further comprise a judgment rule parameter, and wherein the judgment rule parameter is used for representing an authentication rule.
5. The method according to claim 1, wherein the configuration parameters include an information modification parameter, and the information modification parameter is used for indicating a modification manner of information in the data acquisition request;
the sending an authentication request conforming to the authentication mode to the authentication server according to the authentication mode represented by the configuration parameters includes:
modifying the data acquisition request according to the modification mode represented by the information modification parameter to obtain an authentication request;
and sending the authentication request to the authentication server.
6. The method of claim 5, further comprising:
determining whether an information body in the data acquisition request is not in a preset format;
the sending the authentication request to the authentication server includes:
if the information body in the data acquisition request is not in a preset format, the authentication request is sent to the middleware, so that the middleware packages the information body in the authentication request according to the preset format, and sends the packaged authentication request to the authentication server.
7. An authentication apparatus, applied to a terminal device in a Content Delivery Network (CDN), the CDN further including an authentication server, the apparatus comprising:
a parameter obtaining module, configured to obtain a configuration parameter pre-configured for the authentication server, where the configuration parameter is used to indicate an authentication mode of the authentication server;
the request module is used for sending an authentication request conforming to the authentication mode to the authentication server according to the authentication mode represented by the configuration parameters when receiving a data acquisition request;
the authentication module is used for receiving an authentication response returned by the authentication server aiming at the authentication request, and the authentication response carries authentication information;
the configuration parameters comprise authentication path parameters, and the authentication path parameters are used for representing one or more preset paths;
the request module is further configured to determine whether a path of data requested by a data acquisition request belongs to the preset path when the data acquisition request is received;
if the path of the data requested by the data acquisition request does not belong to the preset path, terminating authentication;
the request module is specifically configured to send an authentication request conforming to the authentication mode to the authentication server if a path of the data requested by the data acquisition request belongs to the preset path.
8. The terminal equipment is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor and the communication interface are used for realizing the communication between the processor and the memory through the communication bus;
a memory for storing a computer program;
a processor for implementing the method steps of any of claims 1-6 when executing a program stored in the memory.
9. A computer-readable storage medium, characterized in that a computer program is stored in the computer-readable storage medium, which computer program, when being executed by a processor, carries out the method steps of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911237083.5A CN112929321B (en) | 2019-12-05 | 2019-12-05 | Authentication method, device and terminal equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911237083.5A CN112929321B (en) | 2019-12-05 | 2019-12-05 | Authentication method, device and terminal equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112929321A CN112929321A (en) | 2021-06-08 |
| CN112929321B true CN112929321B (en) | 2023-02-03 |
Family
ID=76162360
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911237083.5A Active CN112929321B (en) | 2019-12-05 | 2019-12-05 | Authentication method, device and terminal equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112929321B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1642083A (en) * | 2004-09-23 | 2005-07-20 | 华为技术有限公司 | Network side anthority-discrimination-mode selecting method |
| CN1835436A (en) * | 2005-03-14 | 2006-09-20 | 华为技术有限公司 | General power authentication frame and method of realizing power auttientication |
| CN101132279A (en) * | 2006-08-24 | 2008-02-27 | 华为技术有限公司 | Authentication method and authentication system |
| CN109379344A (en) * | 2018-09-27 | 2019-02-22 | 网宿科技股份有限公司 | The method for authenticating and authentication server of access request |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9736271B2 (en) * | 2012-12-21 | 2017-08-15 | Akamai Technologies, Inc. | Scalable content delivery network request handling mechanism with usage-based billing |
-
2019
- 2019-12-05 CN CN201911237083.5A patent/CN112929321B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1642083A (en) * | 2004-09-23 | 2005-07-20 | 华为技术有限公司 | Network side anthority-discrimination-mode selecting method |
| CN1835436A (en) * | 2005-03-14 | 2006-09-20 | 华为技术有限公司 | General power authentication frame and method of realizing power auttientication |
| CN101132279A (en) * | 2006-08-24 | 2008-02-27 | 华为技术有限公司 | Authentication method and authentication system |
| CN109379344A (en) * | 2018-09-27 | 2019-02-22 | 网宿科技股份有限公司 | The method for authenticating and authentication server of access request |
Non-Patent Citations (1)
| Title |
|---|
| URI Signing for CDN Interconnection (CDNI) draft-ietf-cdni-uri-signing-06;K. Leung等;《IETF 》;20151230;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112929321A (en) | 2021-06-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113489713B (en) | Network attack detection method, device, equipment and storage medium | |
| CN109391673B (en) | Method, system and terminal equipment for managing update file | |
| CN104219230B (en) | Identify method and the device of malicious websites | |
| CN111818035B (en) | Permission verification method and device based on API gateway | |
| CN110888838A (en) | Object storage based request processing method, device, equipment and storage medium | |
| US10084777B2 (en) | Secure data processing method and system | |
| CN107454041B (en) | Method and device for preventing server from being attacked | |
| CN112073374B (en) | Information interception method, device and equipment | |
| CN112235124B (en) | Method and device for configuring pico-cell, storage medium and electronic device | |
| CN108512889B (en) | Application response pushing method based on HTTP and proxy server | |
| CN112671605B (en) | Test method and device and electronic equipment | |
| CN117251837A (en) | System access method and device, electronic equipment and storage medium | |
| CN112929321B (en) | Authentication method, device and terminal equipment | |
| CN108965108B (en) | Message pushing method and related equipment | |
| CN115913671A (en) | Token injection access method and device based on zero-trust gateway, electronic equipment and storage medium | |
| CN112069430B (en) | Quick application preview method and device, electronic equipment and storage medium | |
| CN114048457A (en) | Multi-platform user relationship creation method, device, system and storage medium | |
| CN113726855A (en) | Service aggregation method, device, electronic equipment and computer-readable storage medium | |
| CN107222559B (en) | Information calling method | |
| CN112288990A (en) | Method, system, medium and device for generating internet of things event based on internet of things data | |
| US20140208438A1 (en) | Download management method and device based on android browser | |
| CN110209513B (en) | Broadcast registration method, device, equipment and medium of application program | |
| CN110995848B (en) | Service management method, device, system, electronic equipment and storage medium | |
| CN114765552B (en) | Data processing method, medium system, storage medium and electronic equipment | |
| CN111163088B (en) | Message processing method, system and device and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |