CN113177195A

CN113177195A - Client access method, login service module, client and system

Info

Publication number: CN113177195A
Application number: CN202110472578.7A
Authority: CN
Inventors: 张孝尊
Original assignee: Hangzhou DPTech Technologies Co Ltd
Current assignee: Hangzhou DPTech Technologies Co Ltd
Priority date: 2021-04-29
Filing date: 2021-04-29
Publication date: 2021-07-27

Abstract

The disclosure provides a client access method, a login service module, a client and a system. The method comprises the following steps: receiving a starting message sent by a client, wherein the client comprises a webpage client and an application client; and starting a service module of the application client by using the administrator authority of the client so that the client acquires a resource page. The application client login diversity and the application client use of the non-administrator account are achieved.

Description

Client access method, login service module, client and system

Technical Field

The present disclosure relates to the field of computer technologies and communications technologies, and in particular, to a client access method, a login service module, a client, and a system.

Background

The SSL (Secure Socket Layer) protocol is a general protocol for ensuring security of transmitted information on the internet, and adopts a B/S (Browser/Server) structure. It is at the application layer and SSL works with public key encryption of data transmitted over the SSL connection. The SSL protocol specifies a secure mechanism for data exchange between the application protocol and TCP/IP, providing data encryption, server authentication, and optionally client authentication for TCP/IP connections. A VPN (Virtual Private Network) can be understood as a Virtual Private line inside an enterprise. It can establish a private communication line between two or more intranets connected to the Internet at different locations by a special encrypted communication protocol as if a private line were established, but it does not require a physical line such as a real cable to be laid. It is just as if the telecommunication office applies for a dedicated line, but without paying for the laying of the line and purchasing hardware devices such as routers. The VPN technology is one of the important technologies of routers, and the core of the VPN is to establish a virtual private network by using a public network.

At present, an application client of a Windows system provides an implementation scheme for accessing an intranet. The user logs in the application client, the application client is an application program installed on the terminal equipment, and the application client realizes the access to the internal network resources by establishing the SSL VPN tunnel.

Each terminal device can set a plurality of user accounts for the application client, the account types can be set as administrators or non-administrators, login can be achieved through different types of accounts, the terminal device is used for logging in the application client, and access to the internal network resources is achieved. The application client may set the launch attribute to administrator-run or non-administrator-run.

Since part of the operation of the application client in the running process needs the administrator authority to be successfully executed, the starting attribute of the application client is generally set to be the administrator authority to run. And the login mode is only login for the application client, when the non-administrator account starts the application client, an administrator authorization party needs to be provided to normally use, for example, when the non-administrator account double-clicks the application client, a prompt is popped up to input an administrator account password, and then the application client can be opened, but some special application clients, for example, before a test stage or before release, or when the administrator account and the non-administrator account do not have any difference in using the application client, the non-administrator account cannot open the application client if the administrator account does not exist.

The above information disclosed in this background section is only for enhancement of understanding of the background of the disclosure and therefore it may contain information that does not constitute prior art that is already known to a person of ordinary skill in the art. .

Disclosure of Invention

In view of this, the invention provides a client access method, a login service module, a client and a system, which realize the diversity of login of an application client and the use of a non-administrator account number to the application client.

Additional features and advantages of the invention will be set forth in the detailed description which follows, or may be learned by practice of the invention.

According to an aspect of the embodiments of the present invention, there is provided a client access method applied to a login service module, the method including: receiving a starting message sent by a client, wherein the client comprises a webpage client and an application client; and starting a service module of the application client by using the administrator authority of the client so that the client acquires a resource page.

In some exemplary embodiments of the present invention, based on the foregoing scheme, receiving an initiation message sent by a client includes: monitoring an address communicated with the local machine of the client, and receiving a starting message sent by the client.

In some exemplary embodiments of the present invention, based on the foregoing scheme, the initiation message includes a login parameter;

starting the service module of the application client side with the own administrator authority, comprising: and starting the service module and transmitting the login parameters by the administrator authority of the service module, so that the service module analyzes and verifies the login parameters and starts a Virtual Private Network (VPN).

In some exemplary embodiments of the present invention, based on the foregoing solution, if the client is a web client, after starting a service module of the application client with the authority of an administrator of the client, and sending the login parameter to the service module, the method further includes:

receiving a first query message of the webpage client for querying the state of a service module; the first query message is assembled into a second query message, the second query message is sent to an address which is in local communication with the service module, and a second response message of the service module for the second query message is received; and assembling the second response message into a first response message, and returning the first response message to the webpage client, so that the webpage client requests a resource page from a VPN server when the first response message is that VPN is started successfully.

In some exemplary embodiments of the invention, based on the foregoing scheme, the first response message includes: and the service module verifies the login parameters.

In some exemplary embodiments of the present invention, based on the foregoing scheme, if the client is an application client, receiving a start message sent by the client includes: and receiving a starting message sent by the interface module of the application client when the interface module is determined to be not the administrator authority.

According to an aspect of the embodiments of the present invention, there is provided a client access method for a web client, the method including: sending a starting message to a login service module so that the login service module starts a business module of an application client under the authority of an administrator of the login service module; sending a first query message aiming at the business module state query to the login service module so as to enable the login service module to return a first response message aiming at the first query message; and if the first response message is that the virtual private network VPN is successfully started, requesting a resource page from a VPN server.

In some exemplary embodiments of the present invention, based on the foregoing scheme, sending an initiation message to the login service module includes: and sending a starting message to an address communicated with the login service module local machine.

According to an aspect of the embodiments of the present invention, there is provided a client access method applied to an application client, where the application client includes an interface module and a service module, the method includes: the interface module sends a starting message to a login service module, wherein the starting message comprises login parameters, so that the login service module starts the business module with the authority of an administrator of the login service module and transmits the login parameters; the service module analyzes and verifies the login parameters and starts a Virtual Private Network (VPN) after the verification is successful; and the service module acquires a resource page when the interface module is confirmed to log in.

In some exemplary embodiments of the present invention, based on the foregoing solution, the interface module sends an initiation message to the login service module, including: the interface module determines whether the interface module is started for the administrator authority according to the parameters of the calling interface API of the application program, and sends a starting message to the login service module when the interface module is determined to be started for the non-management authority.

In some exemplary embodiments of the present invention, based on the foregoing solution, the interface module sends an initiation message to the login service module, including: and the interface module sends a starting message to an address which is communicated with the local machine of the login service module.

According to an aspect of the embodiments of the present invention, a login service module for a client to access is provided, where the login service module includes: the system comprises a receiving unit, a sending unit and a processing unit, wherein the receiving unit is configured to receive a starting message sent by a client, and the client comprises a webpage client and an application client; and the starting unit is configured to start the service module of the application client by using the administrator authority of the starting unit so that the client can acquire the resource page.

According to an aspect of the embodiments of the present invention, there is provided a web client accessed by a client, where the web client includes: the system comprises a first sending module, a login service module and a second sending module, wherein the first sending module is configured to send a starting message to the login service module, the starting message comprises login parameters, so that the login service module starts the business module with the authority of an administrator of the login service module and transmits the login parameters; the second sending module is configured to send a first query message aiming at the business module state query to the login service module so that the login service module returns a first response message aiming at the first query message; and the resource request module is configured to request a resource page from the VPN server if the first response message indicates that the virtual private network VPN is successfully started.

According to an aspect of the embodiments of the present invention, an application client for a client access is provided, where the application client includes an interface module and a service module; the interface module is configured to send a start message to a login service module, wherein the start message comprises login parameters, so that the login service module starts the business module with the authority of an administrator of the login service module and transmits the login parameters; the service module is configured to analyze and verify the login parameters, start a Virtual Private Network (VPN) after the verification is successful, and acquire a resource page when the interface module is determined to log in.

According to an aspect of the embodiments of the present invention, a client access system is provided, which includes the login service module, the web client, and the application client.

According to an aspect of embodiments of the present invention, there is provided a computer readable storage medium having a computer program stored thereon, wherein the program when executed by a processor implements the method steps as described above.

According to still another aspect of the embodiments of the present invention, there is provided an electronic apparatus, including: one or more processors; storage means for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to carry out the method steps as described above.

In the embodiment of the invention, a starting message sent by a client is received, wherein the client comprises a webpage client and an application client; and starting a service module of the application client by using the administrator authority of the client so that the client acquires a resource page. The application client login diversity and the application client use of the non-administrator account are achieved.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention. It is obvious that the drawings in the following description are only some embodiments of the invention, and that for a person skilled in the art, other drawings can be derived from them without inventive effort. In the drawings:

FIG. 1 is a block diagram illustrating a client access system in accordance with an exemplary embodiment;

FIG. 2 is a flow chart illustrating a client access method in accordance with an exemplary embodiment;

FIG. 3 is a flow chart illustrating a client access method according to another exemplary embodiment;

FIG. 4 is a flow chart illustrating a client access method according to yet another exemplary embodiment;

FIG. 5 is a block diagram illustrating a client-accessed login service module 110 in accordance with an exemplary embodiment;

FIG. 6 is a schematic diagram illustrating a structure of a client-accessible web client 120, according to an example embodiment;

FIG. 7 is a block diagram illustrating an application client 130 for client access in accordance with an exemplary embodiment;

fig. 8 is a schematic structural diagram of an electronic device according to an exemplary embodiment.

Detailed Description

Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The same reference numerals denote the same or similar parts in the drawings, and thus, a repetitive description thereof will be omitted.

Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to provide a thorough understanding of embodiments of the invention. One skilled in the relevant art will recognize, however, that the invention may be practiced without one or more of the specific details, or with other methods, components, devices, steps, and so forth. In other instances, well-known methods, devices, implementations or operations have not been shown or described in detail to avoid obscuring aspects of the invention.

The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.

The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.

It will be understood that, although the terms first, second, third, etc. may be used herein to describe various components, these components should not be limited by these terms. These terms are used to distinguish one element from another. Thus, a first component discussed below may be termed a second component without departing from the teachings of the disclosed concept. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.

It is to be understood by those skilled in the art that the drawings are merely schematic representations of exemplary embodiments, and that the blocks or processes shown in the drawings are not necessarily required to practice the present disclosure and are, therefore, not intended to limit the scope of the present disclosure.

FIG. 1 is a block diagram illustrating a client access system, which may include a login service module 110, a web client 120, and an application client 130, as shown in FIG. 1, in accordance with an exemplary embodiment.

The application client 130 includes a service module 134 and an interface module 132, the application client 130 is an application installed on the terminal device, the interface module 134 is used for providing an account login service, and the service module is used for providing a service.

The login service module 110 is a module that is synchronously installed on the terminal device when the application client 130 is installed, and is a process that runs in the background of the windows system, and the login service module 110 runs in the background all the time after the installation is completed and is set to be started up. The login service module 110 does not stop with the exit of the application client 130 (the login service module 110 may stop manually), and the login service module 110 is unloaded simultaneously when the application client 130 is unloaded. The module is used for providing a service of administrator authority login for the application client 130 or the web page client 120, administrator authorization is required in the installation process, and the authority level of the login service module 110 is the administrator authority.

The web client 120 mainly refers to a connection for accessing functions achieved by the application client 130 through a web Browser (Browser). For example, a client, i.e. a PC terminal downloaded to a local site, i.e. the application client 130, may also input a web page version of the connection, i.e. the web page client 120, in the browser.

It should be noted that, when the application client logs in, the resource page may be opened by the web browser, and when the web client logs in, the resource page may be requested by the VPN server, and the page may be redirected to the resource page.

In the embodiment of the present invention, the login service module 110, the web client 120, and the application client 130 acquire the resource page through data interaction or data processing, so that the diversity of login of the application client and the use of the non-administrator account on the application client are realized.

The following describes the client access method provided by the present invention in detail with reference to specific embodiments.

When the application client is started under the Windows system in the embodiment of the invention, the application client can inherit the authority category of the current login account. When an application starts another application, the started application inherits the permission level of the application.

Fig. 2 is a flowchart illustrating a client access method according to an exemplary embodiment, in the embodiment of the present invention, a login service module is taken as an execution subject to be described, it should be noted that the login service module may be any device having a computing function, as shown in fig. 2, the method may include, but is not limited to, the following processes:

in S210, a start message sent by a client is received, where the client includes a web page client and an application client.

In the embodiment of the invention, the login service module receives the starting message sent by the client by monitoring the address communicated with the local machine of the client. It should be noted that, no matter in the web page client or the application client, the information sent to the login service module is sent to the address of the same local machine, so that the login service module monitors the address to obtain the data sent by the web page client or the application client. The local communication address can be: 127.0.0.1:65432 address.

In this embodiment of the present invention, the initiation message may include login parameters, and the login parameters may include, but are not limited to, an address, a personal account number, and a password input by the user. It should be noted that the personal account is different from an administrator account or a non-administrator account, the administrator account or the non-administrator account is determined by information such as an IP address of the terminal device, and the personal account is set by the user himself/herself, for example, a certain terminal device logs in as an administrator account, and the personal account is XXX.

In the embodiment of the invention, if the client is a webpage client, the webpage client inputs information such as a personal account, a password, an address and the like to click and log in after opening a user login page by inputting an address, and the webpage client sends a starting message aiming at a business module of the application client to a login service module through a local communication address to transmit login parameters (the address, the personal account and the password).

In the embodiment of the invention, if the client is the application client, the interface module of the application client sends the starting message aiming at the business module to the login service module when the interface module is determined to be started without the administrator authority.

It should be noted that, if the interface module is determined to be the administrator authority to start, the service module is directly started without the need of starting the service module by logging in the service module.

In S220, the service module of the application client is started with the administrator authority of the application client, so that the client acquires the resource page.

In the embodiment of the invention, when the login service module starts the service module, the service module is started and the login parameters are transmitted under the authority of the administrator of the login service module, so that the service module analyzes and verifies the login parameters and starts the virtual private network VPN, and a client side can acquire a resource page.

It should be noted that, when the application program is started in the Windows system, the application program inherits the authority category of the current login account. When an application starts another application, the started application inherits the permission level of the application. Since the login service module is the authority level of the administrator, the login service module can start the business module.

In the embodiment of the invention, when the login service module starts the service module, the source of the received starting message is marked, so that the service module can determine whether the application client logs in or the webpage client logs in. When the client is the application client, the resource page is directly opened through the web browser, and when the client is the webpage client, the operation of opening the resource page is not executed, but the webpage client requests the VPN server for the resource page after determining that the VPN is started successfully, and the page is redirected to the resource page.

It should be noted that the login service module sends a start request through an address in communication with the local machine of the service module, starts the service module, and transmits login parameters. The address of the local communication can be as follows: address 127.0.0.1: 62345. The business module monitors the address and acquires the data sent by the login service module.

In the embodiment of the invention, if the client is a web page client, the business module only passively monitors the address communicated with the local machine of the login service module, and the login service module only passively monitors the address communicated with the local machine of the client, so that the business module does not actively return the state information of the business module to the login service module, and the login service module does not actively return the information to the web page client, therefore, the web page client needs to periodically send a first query message for querying the state of the business module to the login service module.

It should be noted that the first query message refers to information between the web page client and the login service module, the second query message refers to information between the login service module and the service module, and the transmission formats of the two are different, so that the login service module does not directly forward the first query message after receiving the first query message, but assembles the first query message into the second query message, and then sends the second query message to the service module, and the service module returns the second response message in the state of the service module after receiving the second query message, and the login service module assembles the second response message into the first response message and returns the first response message to the web page client.

It should be noted that the second response message is data between the service module and the login service module corresponding to the second query message, and the first response message is data between the login service module and the web client corresponding to the first query message, which are different from each other, so that the login service module needs to be reassembled.

And when the first response message is that the VPN is started successfully, the webpage client requests a resource page from the VPN server.

In this embodiment of the present invention, the state of the service module may include, but is not limited to: the verification result of the login parameter by the service module and the successful VPN activation correspond to the state of the service module, and the first response message and the second response message may include, but are not limited to, the verification result of the login parameter by the service module and the successful VPN activation.

Fig. 3 is a flowchart illustrating a client access method according to another exemplary embodiment, in the embodiment of the present invention, a web client is taken as an execution subject to be described, it should be noted that the web client may be any device having a computing function, as shown in fig. 3, and the method may include, but is not limited to, the following processes:

in S310, a start message is sent to the login service module, so that the login service module starts a service module of the application client under the authority of its own administrator.

It should be noted that, for the web client, no matter the administrator account logs in or the non-management account logs in, the start message needs to be sent to the login service module. The initiation message may include login parameters, which may include, but is not limited to, an address, a personal account number, and a password input by the user.

In the embodiment of the invention, the webpage client sends the starting message to the address communicated with the login service module local machine.

In S320, a first query message for the business module status query is sent to the login service module, so that the login service module returns a first response message for the first query message.

In S330, if the first response message is that the virtual private network VPN is successfully started, a resource page is requested from the VPN server.

In the embodiment of the invention, after confirming that the VPN is successfully started, the webpage client requests the resource page through the VPN server, if the first response message obtained by the webpage client is the verification result of the login parameter by the service module, the webpage client continues to periodically send the first query message for querying the state of the service module to the login service module until the first response message is that the VPN is successfully started, and the resource page is requested to the VPN server.

It should be noted that the web page client does not directly open the resource page, but requests the resource page from the VPN server after determining that the VPN has been successfully opened, and redirects the page to the resource page.

In the embodiment of the invention, a starting message is sent to a login service module so that the login service module starts a business module of an application client under the authority of an administrator per se; sending a first query message aiming at the business module state query to the login service module so as to enable the login service module to return a first response message aiming at the first query message; and if the first response message is that the virtual private network VPN is successfully started, requesting a resource page from a VPN server. The login mode of the webpage client is realized, and the use of the non-administrator account number to the application client is realized.

Fig. 4 is a flowchart illustrating a client access method according to still another exemplary embodiment, in the embodiment of the present invention, an application client is taken as an execution subject to be described, it should be noted that the web client may be any device with a computing function, and has a business module and an interface module, as shown in fig. 4, the method may include, but is not limited to, the following processes:

in S410, the interface module sends a start message to a login service module, where the start message includes login parameters, so that the login service module starts the service module with the authority of its own administrator and transmits the login parameters.

In the embodiment of the invention, the interface module determines whether the interface module is started for the administrator authority according to the parameter of the calling interface API of the application program, and sends a starting message to the login service module when the interface module is determined to be started for the non-management authority. If the user is the administrator authority, the service module is directly started and login parameters (address, personal account and password) are transmitted.

It should be noted that the interface module sends a start message to an address in local communication with the login service module.

In S420, the service module analyzes and verifies the login parameter, and starts a virtual private network VPN after the verification is successful.

It should be noted that, after being started, the service module mainly performs the following two operations:

1. and (5) analyzing and verifying the login parameters.

If the password in the login parameter is judged to be the same as the recorded password of the personal account, if so, the authentication is passed, otherwise, the authentication is failed, and it needs to be pointed out that if the authentication is failed, the access operation of the client can be terminated. If the verification is passed, the following operations are continued:

2. the VPN is started.

In the embodiment of the present invention, starting the VPN may include setting a route and the like.

In S430, the service module obtains a resource page when determining that the interface module logs in.

In the embodiment of the invention, the webpage client and the application client carry the self identification when sending the start message to the login service module, and the service module can determine whether the application client logs in or the webpage client logs in when the login service module starts the service module. When the client is the application client, the resource page is directly opened through the web browser, and when the client is the webpage client, the operation of opening the resource page is not executed, but the webpage client requests the VPN server for the resource page after determining that the VPN is started successfully, and the page is redirected to the resource page.

In the embodiment of the invention, an interface module sends a starting message to a login service module, wherein the starting message comprises login parameters, so that the login service module starts a business module with the authority of an administrator of the login service module and transmits the login parameters; the service module analyzes and verifies the login parameters and starts a Virtual Private Network (VPN) after the verification is successful; and the service module acquires a resource page when the interface module is confirmed to log in. The application client side is used by the non-administrator account.

It should be clearly understood that the present disclosure describes how to make and use particular examples, but the principles of the present disclosure are not limited to any details of these examples. Rather, these principles can be applied to many other embodiments based on the teachings of the present disclosure.

The following are embodiments of the apparatus of the present invention that may be used to perform embodiments of the method of the present invention. In the following description of the system, the same parts as those of the foregoing method will not be described again.

Fig. 5 is a schematic structural diagram illustrating a login service module 110 for client access according to an exemplary embodiment, where the login service module 110 includes: a receiving unit 1110 and an activating unit 1120.

The receiving unit 1110 is configured to receive a start message sent by a client, where the client includes a web page client and an application client.

The starting unit 1120 is configured to start the service module of the application client with the administrator authority of the application client, so that the client acquires the resource page.

The receiving unit 1110 is further configured to monitor an address in local communication with the client, and receive a start message sent by the client.

The initiation message includes a login parameter.

The starting unit 1120 is further configured to start the service module with the administrator authority of the service module and transmit the login parameter, so that the service module analyzes, analyzes and verifies the login parameter and starts a virtual private network VPN.

The starting unit 1120 is further configured to receive a first query message of the web client for querying a service module status; the first query message is assembled into a second query message, the second query message is sent to an address which is in local communication with the service module, and a second response message of the service module for the second query message is received; and assembling the second response message into a first response message, and returning the first response message to the webpage client, so that the webpage client requests a resource page from a Virtual Private Network (VPN) server when the first response message is successful in starting the VPN.

Wherein the first response message comprises: and the service module verifies the login parameters.

If the client is an application client, the receiving unit 1110 is further configured to receive a start message sent by the interface module of the application client when it is determined that the interface module is not started by the administrator authority.

Fig. 6 is a schematic structural diagram illustrating a web client 120 for client access according to an exemplary embodiment, where the web client 120 includes: a first sending module 1210, a second sending module 1220 and a resource requesting module 1230.

The first sending module 1210 is configured to send a start message to a login service module, so that the login service module starts a service module of an application client with the authority of an administrator of the login service module;

a second sending module 1220, configured to send a first query message for the business module status query to the login service module, so that the login service module returns a first response message for the first query message;

the resource requesting module 1230 is configured to request a resource page from the VPN server if the first response message indicates that the VPN is successfully started.

The first sending module 1210 is further configured to send a start message to an address in local communication with the login service module.

Fig. 7 is a schematic structural diagram illustrating an application client 130 for client access according to an exemplary embodiment, where the application client 130 includes: an interface module 132 and a business module 134.

The interface module 132 is configured to send a start message to a login service module, where the start message includes login parameters, so that the login service module starts the service module with the authority of its own administrator and transmits the login parameters.

The service module 134 is configured to analyze and verify the login parameters, start a virtual private network VPN after the verification is successful, and obtain a resource page when it is determined that the interface module logs in.

The interface module 132 is further configured to determine whether to start for the administrator authority according to a parameter of a call interface API of the application program, and send a start message to the login service module when determining that the start is not the administrator authority.

The interface module 132 is further configured to send an initiation message to an address in native communication with the login service module.

Fig. 8 is a schematic structural diagram of an electronic device according to an exemplary embodiment. It should be noted that the electronic device shown in fig. 8 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present application.

As shown in fig. 8, the computer system 800 includes a Central Processing Unit (CPU)801 that can perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)802 or a program loaded from a storage section 808 into a Random Access Memory (RAM) 803. In the RAM 803, various programs and data necessary for the operation of the system 800 are also stored. The CPU 801, ROM 802, and RAM 803 are connected to each other via a bus 804. An input/output (I/O) interface 805 is also connected to bus 804.

The following components are connected to the I/O interface 805: an input portion 806 including a keyboard, a mouse, and the like; an output section 807 including a signal such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage portion 808 including a hard disk and the like; and a communication section 809 including a network interface card such as a LAN card, a modem, or the like. The communication section 809 performs communication processing via a network such as the internet. A drive 810 is also connected to the I/O interface 805 as necessary. A removable medium 811 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 810 as necessary, so that a computer program read out therefrom is mounted on the storage section 808 as necessary.

In particular, according to an embodiment of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program can be downloaded and installed from a network through the communication section 809 and/or installed from the removable medium 811. The computer program executes the above-described functions defined in the terminal of the present application when executed by the Central Processing Unit (CPU) 801.

It should be noted that the computer readable medium shown in the present application may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present application, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In this application, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.

The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

The modules described in the embodiments of the present application may be implemented by software or hardware. The modules described may also be provided in a processor, where the name of a module in some cases does not constitute a limitation of the module itself.

Exemplary embodiments of the present invention are specifically illustrated and described above. It is to be understood that the invention is not limited to the precise construction, arrangements, or instrumentalities described herein; on the contrary, the invention is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.

Claims

1. A client access method is applied to a login service module, and the method comprises the following steps:

receiving a starting message sent by a client, wherein the client comprises a webpage client and an application client;

and starting a service module of the application client by using the administrator authority of the client so that the client acquires a resource page.

2. The client access method of claim 1, wherein receiving the initiation message sent by the client comprises:

monitoring an address communicated with the local machine of the client, and receiving a starting message sent by the client.

3. The client access method of claim 2, wherein if the client is a web client, starting a service module of the application client with the authority of its own administrator comprises:

receiving a first query message of the webpage client for querying the state of a service module;

the first query message is assembled into a second query message, the second query message is sent to an address which is in local communication with the service module, and a second response message of the service module for the second query message is received;

and assembling the second response message into a first response message, and returning the first response message to the webpage client, so that the webpage client requests a resource page from a VPN server when the first response message is that VPN is started successfully.

4. The client access method of claim 3, wherein the first response message comprises: and the service module verifies the login parameters.

5. The client access method according to claim 1, wherein if the client is an application client, receiving a start message sent by the client comprises:

and receiving a starting message sent by the interface module of the application client when the interface module is determined to be not the administrator authority.

6. A client access method is applied to a webpage client, and comprises the following steps:

sending a starting message to a login service module so that the login service module starts a business module of an application client under the authority of an administrator of the login service module;

sending a first query message aiming at the business module state query to the login service module so as to enable the login service module to return a first response message aiming at the first query message;

and if the first response message is that the virtual private network VPN is successfully started, requesting a resource page from a VPN server.

7. The client access method of claim 6, wherein sending an initiation message to the login service module comprises:

and sending a starting message to an address communicated with the login service module local machine.

8. A client access method is applied to an application client, the application client comprises an interface module and a service module, and the method comprises the following steps:

the interface module sends a starting message to a login service module, wherein the starting message comprises login parameters, so that the login service module starts the business module with the authority of an administrator of the login service module and transmits the login parameters;

the service module analyzes and verifies the login parameters and starts a Virtual Private Network (VPN) after the verification is successful;

and the service module acquires a resource page when the interface module is confirmed to log in.

9. The client access method of claim 8, wherein the interface module sending an initiation message to the login service module comprises:

the interface module determines whether the interface module is started for the administrator authority according to the parameters of the calling interface API of the application program, and sends a starting message to the login service module when the interface module is determined to be started for the non-management authority.

10. The client access method of claim 8, wherein the interface module sending an initiation message to the login service module comprises:

and the interface module sends a starting message to an address which is communicated with the local machine of the login service module.

11. A login service module for client access, the login service module comprising:

the system comprises a receiving unit, a sending unit and a processing unit, wherein the receiving unit is configured to receive a starting message sent by a client, and the client comprises a webpage client and an application client;

and the starting unit is configured to start the service module of the application client by using the administrator authority of the starting unit so that the client can acquire the resource page.

12. A web client for client access, the web client comprising:

the system comprises a first sending module, a login service module and a second sending module, wherein the first sending module is configured to send a starting message to the login service module, the starting message comprises login parameters, so that the login service module starts the business module with the authority of an administrator of the login service module and transmits the login parameters;

the second sending module is configured to send a first query message aiming at the business module state query to the login service module so that the login service module returns a first response message aiming at the first query message;

and the resource request module is configured to request a resource page from the VPN server if the first response message indicates that the virtual private network VPN is successfully started.

13. An application client accessed by a client is characterized by comprising an interface module and a business module;

the interface module is configured to send a start message to a login service module, wherein the start message comprises login parameters, so that the login service module starts the business module with the authority of an administrator of the login service module and transmits the login parameters;

and the service module is configured to verify according to the login parameters, start a Virtual Private Network (VPN) after the verification is successful, and acquire a resource page when the interface module is confirmed to log in.

14. A client access system, comprising the login service module of claim 11, the web client of claim 12, and the application client of claim 13.

15. An electronic device, comprising:

one or more processors;

storage means for storing one or more programs;

when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-10.