CN113190828A - Request proxy method, client device and proxy service device - Google Patents
Request proxy method, client device and proxy service device Download PDFInfo
- Publication number
- CN113190828A CN113190828A CN202110572059.8A CN202110572059A CN113190828A CN 113190828 A CN113190828 A CN 113190828A CN 202110572059 A CN202110572059 A CN 202110572059A CN 113190828 A CN113190828 A CN 113190828A
- Authority
- CN
- China
- Prior art keywords
- authentication
- browser
- proxy
- establishment request
- tunnel establishment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44521—Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
- G06F9/44526—Plug-ins; Add-ons
Abstract
The invention discloses a request agent method, client equipment and agent service equipment, which solve the problem of lower safety and service efficiency of the existing browser agent service, and the request agent method comprises the following steps: after the browser finishes the loading of the proxy plug-in, the proxy plug-in acquires an authentication certificate authorized by a proxy server from a Cookie information list cached by the browser and verifies the validity of the authentication certificate; if the authentication voucher is determined to be valid, starting proxy service for the browser, so that an access request sent by the browser is received by the proxy server; if the authentication credential is determined to be invalid, displaying a login authentication prompt to the user through the browser, and returning to execute the step of acquiring the authentication credential after the login authentication is completed; and when the browser needs to provide the authentication certificate for the proxy server, providing the acquired effective authentication certificate for the browser so that the proxy server performs identity authentication based on the effective authentication certificate.
Description
Technical Field
The present invention relates to the field of proxy service technologies, and in particular, to a proxy request method, a client device, and a proxy service device.
Background
When the proxy server is used for proxy service of the browser, the proxy server needs to authenticate identity information of a browser user first, and then proxy a request sent by the browser after the authentication is passed. In the existing browser proxy authentication, when a browser needs to access a target server through a proxy server, login authentication information appointed by a browser user is configured on the browser through a manual configuration proxy server, when the browser establishes connection with a target site through the proxy server, the login authentication information is directly obtained from local browser configuration information and carried in a connection establishment request to be sent to the proxy server, the proxy server performs identity authentication on an account of the browser user based on the login authentication information, if the authentication is passed, connection is established with the target server, and then proxy is performed on the request sent to the target server by the browser.
However, in the above proxy service process, since the login authentication information configured in advance by a human can be clearly checked by other users using the browser, there is a risk of leakage, so that the security of the proxy service is low, and in addition, since the login authentication information is configured fixedly, when the login authentication information is changed, the login authentication information needs to be configured on the browser again by a human to perform synchronous updating, which affects the efficiency of the proxy service.
Disclosure of Invention
In order to solve the problem that the existing browser proxy service is low in safety and service efficiency, the embodiment of the invention provides a request proxy method, client equipment and proxy service equipment.
In a first aspect, an embodiment of the present invention provides a method for requesting a proxy, which is applied to a proxy plugin, and includes: after the browser finishes the loading of the proxy plug-in, acquiring an authentication certificate authorized by a proxy server from a Cookie information list cached by the browser, and verifying the validity of the authentication certificate; if the authentication certificate is determined to be valid, starting proxy service for the browser, so that an access request sent by the browser is received by the proxy server; if the authentication credential is determined to be invalid, displaying a login authentication prompt to the user through the browser, and returning to execute the step of acquiring the authentication credential after the login authentication is completed; and when the browser needs to provide the authentication credential for the proxy server, providing the acquired effective authentication credential for the browser so that the proxy server performs identity authentication based on the effective authentication credential.
The proxy request method provided by the embodiment of the invention comprises the steps that after a browser finishes loading of a proxy plug-in, the proxy plug-in obtains an authentication certificate authorized by a proxy server from a Cookie information list cached by the browser and verifies the validity of the authentication certificate, if the authentication certificate is determined to be valid, the proxy plug-in starts proxy service for the browser so that an access request subsequently sent by the browser is received by the proxy server and the proxy server provides the proxy service, and if the authentication certificate is determined to be invalid, a login authentication prompt is displayed to a user through the browser so as to remind the user to obtain the valid authentication certificate by finishing login authentication, so that the proxy plug-in can return to execute the step of obtaining the authentication certificate authorized by the proxy server from the Cookie information list cached by the browser after the login authentication is finished; when the browser needs to provide the authentication certificate for the proxy server, the proxy plug-in provides the acquired effective authentication certificate for the browser, so that the browser provides the effective authentication certificate for the proxy server, and the proxy server performs identity authentication on an access request based on the effective authentication certificate.
In a preferred embodiment, the obtaining an authentication credential authorized by a proxy server from a Cookie information list cached by the browser specifically includes: and inquiring authentication credentials meeting preset conditions from the Cookie information list.
In a preferred embodiment, the storing the validity period of the authentication credential in the Cookie information list, and the verifying the validity of the authentication credential specifically includes: and judging whether the authentication voucher is expired or not based on the current time of the system and the validity period of the authentication voucher, if so, determining that the authentication voucher is invalid, otherwise, determining that the authentication voucher is valid. In the implementation, the verification of the validity of the authentication voucher is realized through the proxy plug-in, so that the validity of the authentication voucher can be ensured to a certain extent, and the processing pressure of the proxy server is further reduced.
In an optional embodiment, after the proxy service is opened for the browser, the method further includes: periodically acquiring the authentication certificate from the Cookie information list, and verifying the validity of the authentication certificate; if the authentication voucher is determined to be invalid, closing the proxy service, displaying a login authentication prompt to the user through the browser, and returning to execute the step of acquiring the authentication voucher after the login authentication is completed. In this embodiment, by periodically acquiring the authentication credentials, on one hand, the change of the user state can be acquired in time, and on the other hand, the latest authentication credentials can be acquired in time.
In a second aspect, an embodiment of the present invention provides a request proxy method, which is applied to a proxy server, and the method includes: receiving a tunnel establishment request sent by a browser, wherein the tunnel establishment request is used for indicating the proxy server to establish connection with a source station server; verifying the validity of the tunnel establishment request; if the tunnel establishment request is illegal, sending an authentication requirement message to the browser to indicate the browser to carry a valid authentication certificate in the tunnel establishment request, wherein the authentication certificate is provided to the browser by a proxy plug-in on the browser; and if the tunnel establishment request is legal, establishing connection with the source station server.
In the request proxy method provided by the embodiment of the invention, the proxy server receives a tunnel establishment request sent by the browser, the tunnel establishment request is used for indicating the proxy server to establish connection with a source station server which the browser requests to access, the proxy server verifies the legality of the tunnel establishment request, if the tunnel establishment request is illegal, the proxy server sends an authentication requirement message to the browser to indicate the browser to carry an effective authentication certificate in the tunnel establishment request, the authentication certificate is provided to the browser by a proxy plug-in installed and loaded on the browser, if the tunnel establishment request is legal, the proxy server establishes connection with the source station server to proxy the access request sent by the browser to the source station server, compared with the prior art, the proxy server carries out validity verification on the validity of the authentication certificate carried in the tunnel establishment request, the validity of the tunnel establishment request is determined, and the connection with the source station server is established only when the validity of the tunnel establishment request is verified, so that the validity verification of the user is realized through the proxy server, the security of the access proxy is improved, unnecessary connection with the source station server is avoided, and service resources are saved. Furthermore, the authentication certificate carried in the tunnel establishment request is automatically provided by the proxy plug-in, so that the process of browser configuration is reduced, and the safety of user information is ensured.
In a preferred embodiment, the verifying the validity of the tunnel establishment request specifically includes:
detecting whether the tunnel establishment request carries an effective authentication credential, and if so, determining that the tunnel establishment request is legal; and if not, determining that the tunnel establishment request is illegal.
In a preferred embodiment, detecting whether the tunnel establishment request carries a valid authentication credential includes: and if the tunnel establishment request carries an authentication certificate which is provided by the proxy server to the browser and is not expired, determining that the tunnel establishment request carries an effective authentication certificate.
In a preferred embodiment, detecting whether the tunnel establishment request carries a valid authentication credential includes: determining whether the tunnel establishment request meets the authority requirement or not based on an authentication certificate carried in the tunnel establishment request, and if so, determining that the tunnel establishment request is legal; if not, feeding back prompt information of no access permission to the browser.
In an optional embodiment, the method further comprises: receiving a login request sent by the browser, wherein the login request carries user authentication information; generating a corresponding authentication certificate based on the user authentication information, and storing a mapping relation between the authentication certificate and an access authority corresponding to the user authentication information; and responding to the login request, and carrying the authentication certificate in response information.
In a third aspect, an embodiment of the present invention provides a client device, where a browser runs on the client device, and an agent plugin is loaded in the browser, where the agent plugin is used to implement the request agent method according to the present invention.
In a fourth aspect, an embodiment of the present invention provides a proxy service device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps in the request proxy method according to the present invention when executing the program.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the invention and not to limit the invention. In the drawings:
fig. 1 is a schematic view of an application scenario of a request broker method according to an embodiment of the present invention;
fig. 2 is a schematic flow chart illustrating an implementation of a request broker method according to an embodiment of the present invention;
fig. 3 is a schematic flow chart illustrating an implementation of a request broker method according to an embodiment of the present invention;
fig. 4 is a schematic flow chart illustrating an implementation of a request broker method according to an embodiment of the present invention.
Detailed Description
In order to solve the problems in the background art, embodiments of the present invention provide a request proxy method, a client device, and a proxy service device.
The preferred embodiments of the present invention will be described below with reference to the accompanying drawings of the specification, it being understood that the preferred embodiments described herein are merely for illustrating and explaining the present invention, and are not intended to limit the present invention, and that the embodiments and features of the embodiments in the present invention may be combined with each other without conflict.
Referring to fig. 1, which is a schematic view of an application scenario of a method for requesting a proxy according to an embodiment of the present invention, a browser is run on a client 11, when a user 10 needs to request a proxy service through the browser running on the client 11, a proxy plugin can be installed on the browser running on the client 11, after the installation and loading of the proxy plugin are completed, the proxy plugin can obtain an authentication credential authorized by a proxy server 12 from a Cookie information list cached by the browser, and verify the validity of the obtained authentication credential, if the authentication credential is determined to be valid, open the proxy service for the browser, if the authentication credential is determined to be invalid, the proxy plugin displays a login authentication prompt to the user through the browser, and after the login authentication is completed, obtains the authentication credential authorized by the proxy server 12 from the Cookie information list cached by the browser again, in one implementation, the proxy plugin can also periodically acquire an authentication certificate from a cookie information list cached by the browser and verify the validity of the authentication certificate, when the authentication certificate is determined to be invalid, the opened proxy service can be closed, and a login authentication prompt is displayed to a user through the browser.
Before the browser needs to send a service access request to the source station server 13, a tunnel establishment request may be sent to request establishment of a secure Transmission tunnel for transmitting a subsequent service access request, where the tunnel establishment request is used to request establishment of a TCP (Transmission Control Protocol) proxy tunnel.
The proxy function of the browser is started by the proxy plug-in, the tunnel establishment request is forwarded to the proxy server 12, the proxy server 12 can verify the legality of the tunnel establishment request after receiving the tunnel establishment request sent by the browser, and if the tunnel establishment request is legal, the proxy server 12 responds to the tunnel establishment request after establishing tunnel connection with the source station server 13 to complete the tunnel connection with the client, so that the establishment of tunnels between the client and the proxy server, and between the proxy server and the source station server is completed; if the tunnel establishment request is determined to be illegal, the proxy server 12 sends an authentication required message to the browser to indicate that the browser carries valid authentication credentials in the tunnel establishment request. After receiving the authentication requirement message, the browser can acquire the authentication certificate from the proxy plug-in and resend the tunnel establishment request, and meanwhile, the acquired authentication certificate is carried in the tunnel establishment request.
In implementation, the method for the proxy server 12 to verify whether the tunnel establishment request is legal includes detecting whether the tunnel establishment request carries a valid authentication credential, and if so, determining that the tunnel establishment request is legal; if the authentication credential is not carried, determining that the tunnel establishment request is illegal, specifically, when determining whether the authentication credential is valid, determining whether the authentication credential is provided to the browser by the proxy server, and whether the authentication credential is expired.
In this application scenario, the client 11 and the proxy server 12 are communicatively connected via a Network, and the proxy server 12 and the source station server 13 are communicatively connected via a Network, where the Network may be a local Area Network, a Wide Area Network, and the like, and preferably, the proxy server 12 and the source station server 13 may be communicatively connected based on a VPN (secure-Defined Wide Area Network) technology, where the VPN may be implemented based on an SD-WAN (Software-Defined Wide Area Network).
The client 11 may be a terminal device (e.g., a smart phone, a tablet, a notebook, a Personal Computer (PC), etc.) installed with a browser. The proxy server 12 may be any server capable of providing a proxy service, a server cluster composed of several servers, or a cloud computing center, and the source station server may be an application server deployed in a local area network.
Based on the above application scenarios, exemplary embodiments of the present invention will be described in more detail below with reference to fig. 2 to 4, it is to be understood that the above application scenarios are only shown for the convenience of understanding the spirit and principle of the present invention, and the embodiments of the present invention are not limited thereto. Rather, embodiments of the present invention may be applied to any scenario where applicable.
As shown in fig. 2, which is a schematic diagram of an implementation flow of a request broker method according to an embodiment of the present invention, the request broker method, applied in the application scenario, may include the following steps:
and S21, when the browser finishes the loading of the proxy plug-in, the proxy plug-in obtains the authentication certificate authorized by the proxy server from the Cookie information list cached by the browser.
In specific implementation, when the proxy service is required to be used, a proxy plug-in can be installed on a browser running at a client, and after the browser finishes loading the proxy plug-in, the proxy plug-in can automatically inquire an authentication certificate meeting preset conditions from a Cookie information list cached locally in the browser.
Specifically, the authentication credential is generated and sent to the client by the proxy server after the user identity authentication is completed Specifically, the cookie setting item (set-cookie) can be sent to the client browser, so that the browser is based on the cookie setting item (set-cookie) The cookie setting item generates corresponding cookie information and caches the cookie information in a local cookie information list. Wherein the proxy server The string of characters of a given length with unique identification can be calculated according to a preset algorithm when generating the authentication certificate, for example, the base Encrypting the user identity information by an encryption algorithm, or calculating a generated character string with a specified length based on the login request time, or a character string with specified length generated based on random algorithm calculation is used as a partial content value of the authentication certificate and can be simultaneously calculated according to the content value Preset isThe authentication credential may be, in particular, a "name" and a "value" in the cookie information, e.g., in a format setThe Cookie name of Cookie information generated by the browser based on the Cookie setting item is designated as "slweb _ id", and the Cookie value is a 32-bit character string with unique identification generated based on a random algorithm, and may be specifically in the following form:
slweb_id=db066cab0F729bf1695ddbf3ceb8ffc7
in a specific implementation process, the proxy plugin can query a cookie value named 'slweb _ id' from the cookie information list to serve as an authentication credential, and when a query result is null, it indicates that a valid authentication credential cannot be acquired.
S22, the proxy plug-in verifies the validity of the authentication certificate.
In particular, when the proxy server generates the cookie setting item, the proxy server may specify an expiration date for indicating the expiration date of the cookie information, and therefore, when the browser generates corresponding cookie information based on the cookie setting item, the browser records the corresponding expiration date. In other words, the Cookie information list stores the validity period of the authentication credential, and when the proxy plugin queries the authentication credential, the proxy plugin can further determine whether the authentication credential is expired based on the current system time and the validity period of the authentication credential, and if the authentication credential is expired, the proxy plugin determines that the authentication credential is invalid, otherwise, the proxy plugin is valid.
And S23, if the proxy plug-in determines that the authentication voucher is valid, starting proxy service for the browser.
In specific implementation, if the proxy plugin determines that the authentication certificate is valid, proxy service is started for the browser, so that an access request sent by the browser is forwarded to the proxy server.
And S24, if the proxy plug-in determines that the authentication certificate is invalid, displaying a login authentication prompt to the user through the browser.
In specific implementation, if the proxy plugin determines that the authentication credential is invalid, the proxy plugin indicates that user authentication is invalid, and if login authentication is not performed yet or the authentication is invalid, login needs to be performed again for authentication.
Specifically, the login authentication entry indicated by the proxy plugin icon may be displayed through the browser, for example, the user may be prompted to perform login authentication by changing the color of the plugin icon, and the user enters a login authentication page provided by the proxy server by clicking the plugin icon, that is, the plugin icon may be linked to the login authentication page. The login reminding notification may also be sent to the user, and the user directly inputs a URL (Uniform Resource Locator) address of the login authentication page on the browser, enters the login authentication page, and inputs user authentication information, i.e., a user name and a password. The embodiment of the present invention is not limited thereto.
S25, the browser receives the user authentication information input by the user, and sends a login request carrying the user authentication information to the proxy server.
In specific implementation, the browser receives a user name and a password input by a user, carries the user name and the password in a login request, sends the login request to the proxy server, and the proxy server performs authentication.
S26, the proxy server generates corresponding authentication certificate based on the user authentication information, and stores the mapping relation between the authentication certificate and the access authority corresponding to the user authentication information.
In specific implementation, the proxy server may authenticate the user identity based on the user authentication information, and after the authentication is passed, may generate a corresponding authentication credential for the login, where the generation process of the authentication credential is described in step S21, and is not described herein again, so as to facilitate verification of a tunnel establishment request sent by the browser in the following and provide the user authentication information to the source station server, the proxy server may store a mapping relationship between the authentication credential and the user authentication information for subsequent query and verification, further, the proxy server may pre-configure access permissions of the users, so that the access permissions of the users may be determined according to the user authentication information, and the access permissions are stored in the mapping relationship together, where the access permissions are used to determine source station server information that the users may access.
S27, the proxy server responds to the login request, carries the authentication certificate in response information, and returns the response information to the browser.
S28, the browser caches the authentication voucher in the Cookie information list, and the proxy plug-in returns to execute the step of obtaining the authentication voucher in the step S21.
S29, the browser sends a tunnel establishment request to the proxy server.
In a specific implementation process, the browser may send a tunnel establishment request through an HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer) or an HTTP (Hyper Text Transfer Protocol) to request data interaction with the source station server through the tunnel.
S210, the proxy server verifies the validity of the tunnel establishment request, if the tunnel establishment request is valid, step S211 is executed, and if the tunnel establishment request is not valid, step S213 is executed.
In specific implementation, the proxy server verifies the validity of the tunnel establishment request in the following way: the proxy server detects whether the tunnel establishment request carries a valid authentication credential, if so, the proxy server determines that the tunnel establishment request is legal, and if not, the proxy server determines that the tunnel establishment request is illegal.
Specifically, the proxy server detects whether the tunnel establishment request carries an effective authentication credential in the following manner: and if the tunnel establishment request carries an authentication certificate which is provided by the proxy server to the browser and is not expired, determining that the tunnel establishment request carries an effective authentication certificate. In implementation, after obtaining the authentication credential carried in the tunnel establishment request, the proxy server may query the locally stored mapping relationship based on the authentication credential to determine whether the authentication credential is generated by the proxy server.
In a preferred embodiment, if the tunnel establishment request carries an authentication credential, and the authentication credential is an authentication credential that has not expired and is provided by the proxy server to the browser, it may be further determined, based on the authentication credential, whether the tunnel establishment request meets the permission requirement, if so, it is determined that the tunnel establishment request is legal, and if not, prompt information of unauthorized access is fed back to the browser.
Determining whether the tunnel establishment request meets the permission requirement based on the authentication credential, specifically comprising:
and the proxy server searches the access authority corresponding to the authentication certificate carried in the tunnel establishment request according to the stored mapping relation, if the access authority contains source station server information for requesting the proxy server to establish connection by a user, the proxy server determines to proxy the tunnel establishment request, and if not, the proxy server determines that the tunnel establishment request does not need to be proxied and can directly forward the tunnel establishment request.
S211, the proxy server sends a connection establishment request to the source station server and establishes connection with the source station server.
In specific implementation, the proxy server sends a connection establishment request to the source station server to establish a TCP proxy tunnel connection with the source station server.
S212, the source station server and the proxy server establish TCP proxy tunnel connection.
S213, the proxy server sends an authentication requirement message to the browser to indicate the browser to carry an effective authentication certificate in the tunnel establishment request.
In specific implementation, if the tunnel establishment request is illegal, the proxy server sends 407 a response code to the browser to indicate that the browser carries an effective authentication credential in the tunnel establishment request.
In a preferred embodiment, in order to further ensure the validity of the authentication credentials, after the proxy plugin starts proxy service for the browser, the proxy plugin can periodically acquire the authentication credentials authorized by the proxy server from the Cookie information list and verify the validity of the authentication credentials; if the authentication certificate is determined to be invalid, closing the proxy service, displaying a login authentication prompt to the user through the browser, returning to the step of obtaining the authentication certificate (in the step S21) after the login authentication is completed, and after the proxy service is closed, not forwarding an access request sent by the browser to the proxy server any more, so that the processing pressure of the proxy server can be effectively relieved. The period for acquiring the authentication credential may be set by itself, and the embodiment of the present invention is not limited.
After receiving the authentication requirement message, the browser can acquire the authentication certificate from the proxy plug-in, and regenerate a tunnel establishment request, and simultaneously carry the authentication certificate and send the authentication certificate to the proxy server. In one implementation, the proxy plug-in registers an authentication callback function, where the authentication callback function is used to return, as an authentication credential, Cookie information authorized by the proxy server after performing identity authentication on user authentication information (e.g., a unique user name and a password set by the proxy server for a user), and when the browser needs to obtain the authentication credential from the proxy plug-in, the authentication credential can be obtained by calling the authentication callback function.
Therefore, compared with the prior art, the embodiment of the invention verifies the legality of the tunnel establishment request sent by the browser through the authentication certificate generated by the proxy server, can ensure the security of network access to a certain extent, meanwhile, the proxy plug-in is installed and loaded on the browser, the proxy authentication and proxy functions are automatically realized through the proxy plug-in, user authentication information (namely a user name and a password provided by the proxy server) does not need to be configured on the browser in advance, only login authentication is needed, the user name and the password are required to be manually input by the user for login authentication, the leakage risk does not exist, and after the authentication is successful, the proxy server generates a corresponding authentication certificate, the authentication certificate is automatically acquired through the proxy plug-in of the browser, and the proxy function of the proxy plug-in is automatically effective, so that the safety and the service efficiency of the proxy service of the browser are improved.
Based on the same inventive concept, the embodiment of the present invention further provides a request proxy method implemented by the proxy plugin side, and because the principle of solving the problem of the request proxy method implemented by the proxy plugin side is similar to that of the request proxy method, the implementation of the request proxy method implemented by the proxy plugin side can refer to the implementation of the request proxy method, and repeated details are omitted.
As shown in fig. 3, which is a schematic diagram illustrating an implementation flow of a request broker method according to an embodiment of the present invention, the request broker method, applied to a broker plug-in, may include the following steps:
and S31, after the browser finishes the loading of the proxy plug-in, the proxy plug-in acquires the authentication certificate authorized by the proxy server from the Cookie information list cached by the browser, and verifies the validity of the authentication certificate.
Preferably, the obtaining the authentication credential authorized by the proxy server from the Cookie information list cached by the browser specifically includes:
and inquiring authentication credentials meeting preset conditions from the Cookie information list.
Preferably, the storing the validity period of the authentication credential in the Cookie information list, and the verifying the validity of the authentication credential specifically includes:
and judging whether the authentication voucher is expired or not based on the current time of the system and the validity period of the authentication voucher, if so, determining that the authentication voucher is invalid, otherwise, determining that the authentication voucher is valid.
And S32, if the proxy plug-in determines that the authentication certificate is valid, starting proxy service for the browser, so that the access request sent by the browser is received by the proxy server.
And S33, if the proxy plug-in determines that the authentication certificate is invalid, displaying a login authentication prompt to the user through the browser, and returning to execute the step of acquiring the authentication certificate after the login authentication is completed.
And S34, when the browser needs to provide the authentication voucher to the proxy server, the proxy plug-in provides the acquired effective authentication voucher to the browser, so that the proxy server performs identity authentication based on the effective authentication voucher.
Optionally, after the proxy service is opened for the browser, the method further includes:
periodically acquiring the authentication certificate from the Cookie information list, and verifying the validity of the authentication certificate;
if the authentication voucher is determined to be invalid, closing the proxy service, displaying a login authentication prompt to the user through the browser, and returning to execute the step of acquiring the authentication voucher after the login authentication is completed.
Based on the same inventive concept, embodiments of the present invention further provide a request proxy method implemented by a proxy server side, and since the principle of solving the problem of the request proxy method implemented by the proxy server side is similar to that of the request proxy method, reference may be made to the implementation of the request proxy method for implementing the request proxy method implemented by the proxy server side, and repeated details are not described again.
As shown in fig. 4, which is a schematic diagram illustrating an implementation flow of a request proxy method according to an embodiment of the present invention, the request proxy method, applied to a proxy server, may include the following steps:
s41, the proxy server receives a tunnel establishment request sent by the browser, wherein the tunnel establishment request is used for indicating the proxy server to establish connection with the source station server.
And S42, the proxy server verifies the validity of the tunnel establishment request.
Preferably, the verifying the validity of the tunnel establishment request specifically includes:
detecting whether the tunnel establishment request carries an effective authentication credential, and if so, determining that the tunnel establishment request is legal; and if not, determining that the tunnel establishment request is illegal.
Preferably, the detecting whether the tunnel establishment request carries an effective authentication credential specifically includes:
and if the tunnel establishment request carries an authentication certificate which is provided by the proxy server to the browser and is not expired, determining that the tunnel establishment request carries an effective authentication certificate.
Preferably, the detecting whether the tunnel establishment request carries an effective authentication credential specifically includes:
determining whether the tunnel establishment request meets the authority requirement or not based on an authentication certificate carried in the tunnel establishment request, and if so, determining that the tunnel establishment request is legal; if not, feeding back prompt information of no access permission to the browser.
And S43, if the tunnel establishment request is illegal, the proxy server sends an authentication demand message to the browser to indicate that the browser carries an effective authentication certificate in the tunnel establishment request.
Wherein the authentication credentials are provided to the browser by a proxy plugin on the browser.
And S44, if the tunnel establishment request is legal, the proxy server establishes connection with the source station server.
Optionally, the method further comprises:
the proxy server receives a login request sent by the browser, wherein the login request carries user authentication information;
generating a corresponding authentication certificate based on the user authentication information, and storing a mapping relation between the authentication certificate and an access authority corresponding to the user authentication information;
and responding to the login request, and carrying the authentication certificate in response information.
The embodiment of the invention provides client equipment, wherein a browser runs on the client equipment, and an agent plug-in is loaded in the browser, wherein the agent plug-in is used for realizing the agent requesting method shown in fig. 3.
An embodiment of the present invention provides a proxy service device, where the proxy service device includes a memory, a processor, and a computer program stored in the memory and running on the processor, and when the processor executes the computer program, the processor implements a request proxy method as shown in fig. 4.
The embodiment of the present application further provides a computer-readable storage medium, which stores computer-executable instructions required to be executed by the processor, and includes a program required to be executed by the processor.
In some possible embodiments, the various aspects of the request broker method provided by the present invention may also be implemented in the form of a program product, which includes program code for causing an electronic device to perform the steps in the request broker method according to various exemplary embodiments of the present invention described above in this specification, when the program product is run on the electronic device.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (devices), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (11)
1. A request broker method, applied to a broker plugin, the method comprising:
after the browser finishes the loading of the proxy plug-in, acquiring an authentication certificate authorized by a proxy server from a Cookie information list cached by the browser, and verifying the validity of the authentication certificate;
if the authentication certificate is determined to be valid, starting proxy service for the browser, so that an access request sent by the browser is received by the proxy server;
if the authentication credential is determined to be invalid, displaying a login authentication prompt to the user through the browser, and returning to execute the step of acquiring the authentication credential after the login authentication is completed;
and when the browser needs to provide the authentication credential for the proxy server, providing the acquired effective authentication credential for the browser so that the proxy server performs identity authentication based on the effective authentication credential.
2. The method of claim 1, wherein the obtaining the authentication credential authorized by the proxy server from the Cookie information list cached by the browser specifically comprises:
and inquiring authentication credentials meeting preset conditions from the Cookie information list.
3. The method of claim 1, wherein the Cookie information list stores a validity period of the authentication credential, and the verifying the validity of the authentication credential specifically comprises:
and judging whether the authentication voucher is expired or not based on the current time of the system and the validity period of the authentication voucher, if so, determining that the authentication voucher is invalid, otherwise, determining that the authentication voucher is valid.
4. The method of claim 1, wherein after opening a proxy service for the browser, the method further comprises:
periodically acquiring the authentication certificate from the Cookie information list, and verifying the validity of the authentication certificate;
if the authentication voucher is determined to be invalid, closing the proxy service, displaying a login authentication prompt to the user through the browser, and returning to execute the step of acquiring the authentication voucher after the login authentication is completed.
5. A request broker method, applied to a proxy server, the method comprising:
receiving a tunnel establishment request sent by a browser, wherein the tunnel establishment request is used for indicating the proxy server to establish connection with a source station server;
verifying the validity of the tunnel establishment request;
if the tunnel establishment request is illegal, sending an authentication requirement message to the browser to indicate the browser to carry a valid authentication certificate in the tunnel establishment request, wherein the authentication certificate is provided to the browser by a proxy plug-in on the browser;
and if the tunnel establishment request is legal, establishing connection with the source station server.
6. The method according to claim 5, wherein said verifying the validity of the tunnel establishment request specifically comprises:
detecting whether the tunnel establishment request carries an effective authentication credential, and if so, determining that the tunnel establishment request is legal; and if not, determining that the tunnel establishment request is illegal.
7. The method of claim 6, wherein detecting whether the tunnel establishment request carries a valid authentication credential comprises:
and if the tunnel establishment request carries an authentication certificate which is provided by the proxy server to the browser and is not expired, determining that the tunnel establishment request carries an effective authentication certificate.
8. The method according to claim 6 or 7, wherein detecting whether the tunnel establishment request carries a valid authentication credential comprises:
determining whether the tunnel establishment request meets the authority requirement or not based on an authentication certificate carried in the tunnel establishment request, and if so, determining that the tunnel establishment request is legal; if not, feeding back prompt information of no access permission to the browser.
9. The method of claim 5, wherein the method further comprises:
receiving a login request sent by the browser, wherein the login request carries user authentication information;
generating a corresponding authentication certificate based on the user authentication information, and storing a mapping relation between the authentication certificate and an access authority corresponding to the user authentication information;
and responding to the login request, and carrying the authentication certificate in response information.
10. A client device, wherein a browser runs on the client device, and the browser is loaded with a proxy plugin, wherein the proxy plugin is used for implementing the request proxy method according to any one of claims 1 to 4.
11. A proxy service apparatus comprising a memory, a processor and a computer program stored on the memory and operable on the processor, the processor implementing the request proxy method of any one of claims 5 to 9 when executing the program.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110572059.8A CN113190828A (en) | 2021-05-25 | 2021-05-25 | Request proxy method, client device and proxy service device |
| PCT/CN2021/121738 WO2022247090A1 (en) | 2021-05-25 | 2021-09-29 | Proxy requesting method, client device and proxy service device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110572059.8A CN113190828A (en) | 2021-05-25 | 2021-05-25 | Request proxy method, client device and proxy service device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113190828A true CN113190828A (en) | 2021-07-30 |
Family
ID=76984913
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110572059.8A Pending CN113190828A (en) | 2021-05-25 | 2021-05-25 | Request proxy method, client device and proxy service device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN113190828A (en) |
| WO (1) | WO2022247090A1 (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114095263A (en) * | 2021-11-24 | 2022-02-25 | 上海派拉软件股份有限公司 | Communication method, device and system |
| CN114090936A (en) * | 2021-11-25 | 2022-02-25 | 万商云集(成都)科技股份有限公司 | Method and device for acquiring cookie data from any system, analyzing and storing cookie data |
| CN114301639A (en) * | 2021-12-13 | 2022-04-08 | 杭州迪普科技股份有限公司 | Connection establishing method and device |
| CN114338076A (en) * | 2021-11-11 | 2022-04-12 | 清华大学 | Distributed cross-device access control method and device suitable for smart home environment |
| CN114363054A (en) * | 2021-12-31 | 2022-04-15 | 杭州数梦工场科技有限公司 | Interface request conversion method, interface conversion device, electronic device and storage medium |
| WO2022247090A1 (en) * | 2021-05-25 | 2022-12-01 | 网宿科技股份有限公司 | Proxy requesting method, client device and proxy service device |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9571331B1 (en) * | 2012-11-21 | 2017-02-14 | Amazon Technologies, Inc. | Techniques for accessing local networks via a virtualized gateway |
| CN104320423B (en) * | 2014-11-19 | 2018-12-28 | 重庆邮电大学 | Single-sign-on lightweight implementation method based on Cookie |
| CN106302504A (en) * | 2016-08-31 | 2017-01-04 | 浪潮电子信息产业股份有限公司 | A kind of Xenserver vnc based on safety implementation method |
| CN112333141B (en) * | 2020-09-06 | 2023-04-18 | 于奎 | Method, device and system for providing Internet Web application service based on remote application |
| CN113190828A (en) * | 2021-05-25 | 2021-07-30 | 网宿科技股份有限公司 | Request proxy method, client device and proxy service device |
-
2021
- 2021-05-25 CN CN202110572059.8A patent/CN113190828A/en active Pending
- 2021-09-29 WO PCT/CN2021/121738 patent/WO2022247090A1/en unknown
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2022247090A1 (en) * | 2021-05-25 | 2022-12-01 | 网宿科技股份有限公司 | Proxy requesting method, client device and proxy service device |
| CN114338076A (en) * | 2021-11-11 | 2022-04-12 | 清华大学 | Distributed cross-device access control method and device suitable for smart home environment |
| CN114338076B (en) * | 2021-11-11 | 2023-04-07 | 清华大学 | Distributed cross-device access control method and device suitable for smart home environment |
| CN114095263A (en) * | 2021-11-24 | 2022-02-25 | 上海派拉软件股份有限公司 | Communication method, device and system |
| CN114090936A (en) * | 2021-11-25 | 2022-02-25 | 万商云集(成都)科技股份有限公司 | Method and device for acquiring cookie data from any system, analyzing and storing cookie data |
| CN114090936B (en) * | 2021-11-25 | 2022-07-29 | 万商云集(成都)科技股份有限公司 | Method and device for acquiring cookie data from any system, analyzing and storing cookie data |
| CN114301639A (en) * | 2021-12-13 | 2022-04-08 | 杭州迪普科技股份有限公司 | Connection establishing method and device |
| CN114301639B (en) * | 2021-12-13 | 2024-02-27 | 杭州迪普科技股份有限公司 | Connection establishment method and device |
| CN114363054A (en) * | 2021-12-31 | 2022-04-15 | 杭州数梦工场科技有限公司 | Interface request conversion method, interface conversion device, electronic device and storage medium |
| CN114363054B (en) * | 2021-12-31 | 2023-12-01 | 杭州数梦工场科技有限公司 | Interface request conversion method, interface conversion device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2022247090A1 (en) | 2022-12-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113190828A (en) | Request proxy method, client device and proxy service device | |
| KR102375777B1 (en) | Payment authentication method, device and system for on-board terminal | |
| EP3249877B1 (en) | Redirection method, apparatus, and system | |
| US8532620B2 (en) | Trusted mobile device based security | |
| JP5950225B2 (en) | Server device, in-vehicle terminal, information communication method, and information distribution system | |
| US20150188779A1 (en) | Split-application infrastructure | |
| CN110768940B (en) | Ciphertext data management and control method and system based on HTTPS (Hypertext transfer protocol secure) protocol, proxy server and storage medium | |
| JP5644770B2 (en) | Access control system, server, and access control method | |
| US20100077467A1 (en) | Authentication service for seamless application operation | |
| CN109362074B (en) | Method for h5 and server side safety communication in mixed mode APP | |
| CN106230838A (en) | A kind of third-party application accesses the method and apparatus of resource | |
| CN103685139A (en) | Authentication and authorization processing method and device | |
| CN105808990B (en) | Method and apparatus based on the control URL access of IOS system | |
| US20160241536A1 (en) | System and methods for user authentication across multiple domains | |
| CN109257365B (en) | Information processing method, device, equipment and storage medium | |
| CN111628871B (en) | Block chain transaction processing method and device, electronic equipment and storage medium | |
| CN113285807A (en) | Method and system for network access authentication of intelligent equipment | |
| CN113472790A (en) | Information transmission method based on HTTPS (hypertext transfer protocol secure protocol), client and server | |
| CN107294935B (en) | Virtual private network access method, device and system | |
| CN110838919B (en) | Communication method, storage method, operation method and device | |
| CN109729045B (en) | Single sign-on method, system, server and storage medium | |
| CN110830493B (en) | Single sign-on implementation method based on intelligent enterprise portal | |
| CN110807210B (en) | Information processing method, platform, system and computer storage medium | |
| CN106888200B (en) | Identification association method, information sending method and device | |
| CN104243488A (en) | Login authentication method of cross-website server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |