CN113014588B - Authentication processing method for multiple application systems under same main domain name - Google Patents
Authentication processing method for multiple application systems under same main domain name Download PDFInfo
- Publication number
- CN113014588B CN113014588B CN202110244325.4A CN202110244325A CN113014588B CN 113014588 B CN113014588 B CN 113014588B CN 202110244325 A CN202110244325 A CN 202110244325A CN 113014588 B CN113014588 B CN 113014588B
- Authority
- CN
- China
- Prior art keywords
- token
- xxx
- login
- userid
- cookie
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 7
- 238000000034 method Methods 0.000 claims abstract description 23
- 235000014510 cooky Nutrition 0.000 claims description 36
- 238000012544 monitoring process Methods 0.000 claims description 8
- 230000008569 process Effects 0.000 claims description 8
- 230000009191 jumping Effects 0.000 claims description 6
- 230000010354 integration Effects 0.000 claims description 5
- 238000004140 cleaning Methods 0.000 claims description 3
- YWXYYJSYQOXTPL-SLPGGIOYSA-N isosorbide mononitrate Chemical compound [O-][N+](=O)O[C@@H]1CO[C@@H]2[C@@H](O)CO[C@@H]21 YWXYYJSYQOXTPL-SLPGGIOYSA-N 0.000 claims description 3
- 230000007246 mechanism Effects 0.000 claims description 3
- 230000007547 defect Effects 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000002955 isolation Methods 0.000 description 2
- 230000006872 improvement Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Abstract
The invention provides an authentication processing method of multiple application systems under the same main domain name, belonging to the technical field of user authority. The method solves the problem of consistency of login and logout of different components in the service system, avoids the defects of login confusion, authentication failure, circular login and the like among different service systems, and improves the login and authentication success rate.
Description
Technical Field
The invention relates to the technical field of user permission, in particular to an authentication processing method of multiple application systems under the same main domain name.
Background
With the development of cloud computing and big data technology, the development of the internet + is more and more rapid. The content of the internet + facing the inside and outside of a department is more and more, and the same unit is involved in various service fields, so that a plurality of branches are often established in one unit, each branch supports different services, but the web application of the application system of each service branch has the same first-level domain name to the outside, and different service systems are distinguished only by second-level domain names or even third-level domain names.
However, how to solve the problem of user authentication isolation among a plurality of application systems under the same main domain name and how to ensure the consistency of user authentication in each system becomes a problem to be solved in the first place and the second place, which belong to application systems of the same organization and different systems.
Disclosure of Invention
In order to solve the technical problem, the invention provides an authentication processing method for multiple application systems under the same home domain name.
The technical scheme of the invention is as follows:
an authentication processing method for multiple application systems under the same main domain name,
the method comprises the steps that authentication is carried out based on a Token, the Token is a string of character strings generated by a server side and used as a Token requested by a client side, after login is carried out for the first time, the server generates the Token and returns the Token to the client side, and the client side only needs to take the Token to request data before later, and does not need to take a user name and a password again.
Further, in the above-mentioned case,
the method comprises the following steps:
(1) the user token and the user information/login state are stored separately;
(2) storing the token information of the user into sessionstorage;
(3) storing the user information/login state to the shared cookie;
(4) inquiring login user information and login state before sending a request to a background every time, and ensuring that a logged-in user does not need to log in again;
(5) automatically clearing sessionstorage and cookie when quitting, and setting a quit tag in localStorage;
(6) and monitoring an exit event to ensure that the components of different tab pages can exit in a linkage manner.
Still further, the concrete steps are as follows:
1) related token related information related to login and authority authentication is stored in sessionstore, and comprises XXX _ token (XXX integrated system configuration is configured to XXX _ token) and refresh _ token. The sessionStorage message is not permanent and is automatically cleared when the page closes.
2) Two shared cookies, isLogiinValid and userId, are set under the primary domain name. The name prefixes of the 2 cookies isLoginValid and userld are configurable, such as XXX integration systems are configured to: XXX, then the cookie name for isLoginValid is XXX _ login _ isLoginValid and the cookie name for userId is XXX _ userId. The purpose is to share current user information and login status.
3) When login is successful, the cookie value of XXX _ login _ isLoginValid is set to true, and XXX _ userId is set to userId of the user. This allows the login status to be shared even if the browser opens multiple tabs. When the login fails or exits, the cookie is deleted.
4) Inquiring the values of XXX _ login _ isLoginValid and XXX _ userId before sending a request to the background each time, judging that the current user is in an exit state if the current user is inconsistent with the XXX _ userId and the XXX _ login _ isLoginValid does not exist, and redirecting to a login page.
5) And when exiting, actively cleaning the values written in the sessionStorage and the shared cookie, and ensuring that the terminal is in an exiting state when operating, logging in and refreshing next time.
6) In order to realize exit linkage between components of different tab pages, the front end of each component is required to monitor exit by using an onstorage event of window. Provided that each component is required to set a flag bit into the localStorage upon exit.
Further, in the above-mentioned case,
the login process specifically comprises the following steps:
1) the method for providing the front-end public package comprises the steps of firstly judging whether xxx _ token and refresh _ token in sessionstore exist or not, and jumping to a login page if the xxx _ token and refresh _ token do not exist;
2) a timer 1 is arranged in the front-end public packet, and the login state is refreshed regularly; if the login state is invalid, jumping to a login page; if the login state is valid and the current userId is consistent with the current userId in the cookie, directly logging in;
3) a timer 2 is arranged in the front-end public packet, token information is refreshed regularly, and whether the token is overdue or not is judged; if yes, reapplying xxx _ token by using refresh _ token, and assigning the access _ token and refresh _ token returned by the authentication background to the xxx _ token and the refresh _ token respectively;
4) after login of the login page is successful, assigning an access _ token and a refresh _ token returned by the background to the xxx _ token and the refresh _ token respectively;
5) and after the login page is successfully logged in, setting XXX _ login _ isLoginValid in the cookie as true, and writing XXX _ userId into the user ID.
The exiting process specifically comprises the following steps:
when the user logs off:
1) the front-end public packet firstly empties xxx _ token and refresh _ token in sessionstore;
2) secondly, clearing XXX _ logic _ isLoginValid and XXX _ userId in the shared cookie;
3) finally, setting the position of logOut mark in localStorage as false.
The multi-tab component exit linkage process specifically comprises the following steps:
1) the front-end public packet provides an event monitoring mechanism and monitors a logOut flag bit in localStorage;
2) if the logOut flag bit is true, other components automatically quit, otherwise, monitoring is continued.
The invention has the advantages that
(1) The isolation of user authentication between multiple systems under the same main domain name is guaranteed;
(2) the consistency of login authentication between different components in the system under the same main domain name is solved;
(3) the user experience of multi-system users under the same main domain name is improved.
Drawings
FIG. 1 is a schematic workflow diagram of the present invention;
FIG. 2 is a schematic exit flow diagram of the present invention;
FIG. 3 is a schematic linkage flow diagram of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer and more complete, the technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention, and based on the embodiments of the present invention, all other embodiments obtained by a person of ordinary skill in the art without creative efforts belong to the scope of the present invention.
The token and other information used by the login authority of the integrated system A exist in the cookie at present, and the login information exists in a higher-level domain name because all components integrated by the integrated system A are respectively deployed and the login state needs to be synchronized among the components. For example, the domain name of the a integration system is console.a.company.com, and the information exists under the domain name of the company.com, the domain name of the a1 service is a.1.a.company.com, and the information also exists under the domain name of the company.com, so that the sharing of the login related information is realized between the a integration system and the integrated component.
However, at present, a service line is added, a B integrated system is developed, a domain name deployed by the B system is console.b.company.com, and information also exists under the company.com domain name, so that cookie information of the a integrated system and the B integrated system is disordered and mutually covered, and the two platforms have the phenomena of login confusion, authentication failure, circular login and the like.
The method comprises the following specific steps:
1) related token related information related to login and authority authentication is stored in sessionstore, and comprises XXX _ token (XXX integrated system configuration is configured to XXX _ token) and refresh _ token. The sessionStorage message is not permanent and is automatically cleared when the page closes.
2) Two shared cookies, isLogiinValid and userId, are set under the primary domain name. The name prefixes of the 2 cookies isLoginValid and userld are configurable, such as XXX integration systems are configured to: XXX, then the cookie name for isLoginValid is XXX _ login _ isLoginValid and the cookie name for userId is XXX _ userId. The purpose is to share current user information and login status.
3) When login is successful, the cookie value of XXX _ login _ isLoginValid is set to true, and XXX _ userId is set to userId of the user. This allows the login status to be shared even if the browser opens multiple tabs. When the login fails or exits, the cookie is deleted.
4) Inquiring the values of XXX _ login _ isLoginValid and XXX _ userId before sending a request to the background each time, judging that the current user is in an exit state if the current user is inconsistent with the XXX _ userId and the XXX _ login _ isLoginValid does not exist, and redirecting to a login page.
5) And when exiting, actively cleaning the values written in the sessionStorage and the shared cookie, and ensuring that the terminal is in an exiting state when operating, logging in and refreshing next time.
6) In order to realize exit linkage between components of different tab pages, the front end of each component is required to monitor exit by using an onstorage event of window. Provided that each component is required to set a flag bit into the localStorage upon exit.
The invention mainly considers the problems of authentication and login quit among different service systems under the same first-level domain name but belonging to different second-level, third-level and even multi-level domain names. Therefore, the problem of consistency of login and logout of different components in the service system and the problem of 400 caused by overlarge request Header are solved, the defects of login confusion, authentication failure, circular login and the like among different service systems are overcome, the login and authentication success rate is improved, and the user experience is improved.
The login process is shown in fig. 1:
1) the method for providing the front-end public package comprises the steps of firstly judging whether xxx _ token and refresh _ token in sessionstore exist or not, and jumping to a login page if the xxx _ token and refresh _ token do not exist;
2) the timer 1 is arranged in the front-end public packet, and the login state is regularly refreshed. If the login state is invalid, jumping to a login page; if the login state is valid and the current userId is consistent with the current userId in the cookie, directly logging in;
3) and a timer 2 is arranged in the front-end public packet, so that token information is regularly refreshed, and whether the token is overdue or not is judged. If yes, reapplying xxx _ token by using refresh _ token, and assigning the access _ token and refresh _ token returned by the authentication background to the xxx _ token and the refresh _ token respectively;
4) after login of the login page is successful, assigning an access _ token and a refresh _ token returned by the background to the xxx _ token and the refresh _ token respectively;
5) and after the login page is successfully logged in, setting XXX _ login _ isLoginValid in the cookie as true, and writing XXX _ userId into the user ID.
Exit the flow, as shown in fig. 2:
when the user logs off:
1) the front-end public packet firstly empties xxx _ token and refresh _ token in sessionstore;
2) secondly, clearing XXX _ logic _ isLoginValid and XXX _ userId in the shared cookie;
3) finally, setting the position of logOut mark in localStorage as false.
(3) And (3) the multi-tab component exits the linkage flow:
when components of different tab pages are opened in the integrated system, in order to ensure that one of the components exits, other components also exit, a linkage process is designed, as shown in fig. 3: :
1) the front-end public packet provides an event monitoring mechanism and monitors a logOut flag bit in localStorage;
2) if the logOut flag bit is true, other components automatically quit, otherwise, monitoring is continued.
The above description is only a preferred embodiment of the present invention, and is only used to illustrate the technical solutions of the present invention, and not to limit the protection scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.
Claims (6)
1. An authentication processing method of multiple application systems under the same main domain name is characterized in that,
the method comprises the steps that identity authentication is carried out based on a token, the token is a string of character strings generated by a server side and used as a token requested by a client side, after login for the first time, the server generates the token and returns the token to the client side, and the client side only needs to take the token to request data before later, and does not need to take a user name and a password again;
the method comprises the following steps:
(1) the user token and the user information/login state are stored separately;
(2) storing the token information of the user into sessionstorage;
(3) storing the user information/login state to the shared cookie;
(4) inquiring login user information and login state before sending a request to a background every time, and ensuring that a logged-in user does not need to log in again;
(5) automatically clearing sessionstore and cookie when quitting, and setting a quit tag in the localstorage;
(6) monitoring an exit event to ensure that components of different tab pages can exit in a linkage manner;
the method comprises the following specific steps:
1) related token related information related to login and authority authentication exists in sessionstore, and comprises XXX _ token (XXX integrated system configuration is configured to XXX _ token) and refresh _ token;
2) setting two shared cookies under a first-level domain name, namely isLoginValid and userId; the name prefixes of the 2 cookies isLoginValid and userld are configurable;
when the XXX integration system is configured to: XXX, the cookie name of isLoginValid is XXX _ login _ isLoginValid, and the cookie name of userId is XXX _ userId;
3) after login is successful, setting the cookie value of XXX _ login _ isLoginValid as true, and setting XXX _ userId as userId of the user; deleting the cookie when the login is invalid or quit;
4) inquiring the values of XXX _ logic _ isLoginValid and XXX _ userId before sending a request to the background each time, judging that the current user is in an exit state if the current user is inconsistent with the XXX _ userId and the XXX _ logic _ isLoginValid does not exist, and redirecting to a login page;
5) when quitting, actively cleaning the values written in the sessionstorage and the shared cookie;
6) the front end of each component is required to listen for exits with the onstorage event of the window.
2. The method of claim 1,
the sessionstore information in step 1) is not permanent and is automatically cleared when the page is closed.
3. The method of claim 1,
the exit linkage requires each component to set a flag in the localstorage at the time of exit.
4. The method of claim 1,
the login process specifically comprises the following steps:
1) the method for providing the front-end public package comprises the steps of firstly judging whether XXX _ token and refresh _ token in sessionstore exist or not, and jumping to a login page if not;
2) a timer 1 is arranged in the front-end public packet, and the login state is refreshed regularly; if the login state is invalid, jumping to a login page; if the login state is valid and the current userId is consistent with the current userId in the cookie, directly logging in;
3) a timer 2 is arranged in the front-end public packet, token information is refreshed regularly, and whether the token is overdue or not is judged; if yes, reapplying the XXX _ token by using the refresh _ token, and respectively assigning the access _ token and the refresh _ token returned by the authentication background to the XXX _ token and the refresh _ token;
4) after login of the login page is successful, assigning access _ token and refresh _ token returned by the background to XXX _ token and refresh _ token respectively;
5) and after the login page is successfully logged in, setting XXX _ login _ isLoginValid in the cookie as true, and writing XXX _ userId into the user ID.
5. The method of claim 4,
the exiting process specifically comprises the following steps:
when the user logs off:
1) the front-end public packet firstly empties the XXX _ token and the refresh _ token in the sessionstore;
2) secondly, clearing XXX _ logic _ isLoginValid and XXX _ userId in the shared cookie;
3) finally, the logOut mark position in the localstorage is false.
6. The method of claim 3,
the multi-tab component exit linkage process specifically comprises the following steps:
1) the front-end public packet provides an event monitoring mechanism and monitors a logOut flag bit in the localstorage;
2) if the logOut flag bit is true, other components automatically quit, otherwise, monitoring is continued.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110244325.4A CN113014588B (en) | 2021-03-05 | 2021-03-05 | Authentication processing method for multiple application systems under same main domain name |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110244325.4A CN113014588B (en) | 2021-03-05 | 2021-03-05 | Authentication processing method for multiple application systems under same main domain name |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113014588A CN113014588A (en) | 2021-06-22 |
| CN113014588B true CN113014588B (en) | 2022-04-12 |
Family
ID=76406506
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110244325.4A Active CN113014588B (en) | 2021-03-05 | 2021-03-05 | Authentication processing method for multiple application systems under same main domain name |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113014588B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110177120A (en) * | 2019-06-14 | 2019-08-27 | 北京首都在线科技股份有限公司 | A kind of method, apparatus and computer readable storage medium of single-sign-on |
| CN110611660A (en) * | 2019-08-22 | 2019-12-24 | 山东浪潮通软信息科技有限公司 | Enterprise-level multi-domain-name login integration method |
| CN110933084A (en) * | 2019-11-29 | 2020-03-27 | 深圳乐信软件技术有限公司 | Cross-domain shared login state method, device, terminal and storage medium |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8613067B2 (en) * | 2009-11-17 | 2013-12-17 | Secureauth Corporation | Single sign on with multiple authentication factors |
| CN111628965B (en) * | 2020-04-03 | 2022-09-30 | 北京奇艺世纪科技有限公司 | Cross-domain name login method and device |
-
2021
- 2021-03-05 CN CN202110244325.4A patent/CN113014588B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110177120A (en) * | 2019-06-14 | 2019-08-27 | 北京首都在线科技股份有限公司 | A kind of method, apparatus and computer readable storage medium of single-sign-on |
| CN110611660A (en) * | 2019-08-22 | 2019-12-24 | 山东浪潮通软信息科技有限公司 | Enterprise-level multi-domain-name login integration method |
| CN110933084A (en) * | 2019-11-29 | 2020-03-27 | 深圳乐信软件技术有限公司 | Cross-domain shared login state method, device, terminal and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113014588A (en) | 2021-06-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6442588B1 (en) | Method of administering a dynamic filtering firewall | |
| US6173311B1 (en) | Apparatus, method and article of manufacture for servicing client requests on a network | |
| US9661108B2 (en) | Per-request control of DNS behavior | |
| KR101099238B1 (en) | Architecture for connecting a remote client to a local client desktop | |
| US8131861B2 (en) | Method for cross-domain tracking of web site traffic | |
| US7484012B2 (en) | User enrollment in an e-community | |
| US7536392B2 (en) | Network update manager | |
| US8544075B2 (en) | Extending a customer relationship management eventing framework to a cloud computing environment in a secure manner | |
| CN107251528B (en) | Method and apparatus for providing data originating within a service provider network | |
| US20050086347A1 (en) | Routing client requests to back-end servers | |
| US20120180120A1 (en) | System for data leak prevention from networks using context sensitive firewall | |
| CN103404103A (en) | System and method for combining an access control system with a traffic management system | |
| US6453317B1 (en) | Customer information storage and delivery system | |
| CN103095676A (en) | Filtrating system and filtrating method | |
| US20220103654A1 (en) | Systems and methods for providing secure access to shared registration systems | |
| US20010044829A1 (en) | Remote e-mail management and communication system | |
| CN108429743A (en) | A kind of security policy configuration method, system, domain control server and firewall box | |
| CN110753045A (en) | Single sign-on method between different domains | |
| CN113014588B (en) | Authentication processing method for multiple application systems under same main domain name | |
| US20020194295A1 (en) | Scalable data-sharing architecture | |
| JP4356693B2 (en) | Message delivery apparatus and method, system and program thereof | |
| US6553421B1 (en) | Method and system for broadcast management in a data communication network that permits namesharing | |
| JP2008520022A (en) | Method and system for preventing the reception of unwanted electronic messages such as spam mail | |
| Cisco | CDAT Expert Interface | |
| JP2000172645A (en) | Server computer and certificate information managing method for the same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |