CN113271308B - System login authentication method and device, computer equipment and readable storage medium - Google Patents

System login authentication method and device, computer equipment and readable storage medium Download PDF

Info

Publication number
CN113271308B
CN113271308B CN202110550449.5A CN202110550449A CN113271308B CN 113271308 B CN113271308 B CN 113271308B CN 202110550449 A CN202110550449 A CN 202110550449A CN 113271308 B CN113271308 B CN 113271308B
Authority
CN
China
Prior art keywords
login
token authorization
user information
user
redis cache
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110550449.5A
Other languages
Chinese (zh)
Other versions
CN113271308A (en
Inventor
吴林娟
徐禄春
付和萍
彭飞
林建斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Construction Bank Corp
Original Assignee
China Construction Bank Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Construction Bank Corp filed Critical China Construction Bank Corp
Priority to CN202110550449.5A priority Critical patent/CN113271308B/en
Publication of CN113271308A publication Critical patent/CN113271308A/en
Application granted granted Critical
Publication of CN113271308B publication Critical patent/CN113271308B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Abstract

The invention relates to the field of mobile interconnection, and provides a system login authentication method, a device, computer equipment and a readable storage medium, wherein the method comprises the following steps: receiving login requests of different login modes, and verifying user information in the login requests; after the user information passes verification, judging whether the current online number corresponding to the user information is smaller than a preset value or not; if yes, generating a Token authorization code, correspondingly storing the user information and the Token authorization code in a Redis cache, and successfully logging in the current user; if not, deleting the Token authorization code corresponding to the first login in the Redis cache according to the user information login sequence, enabling the user who logs in the first login to be offline, generating the Token authorization code, correspondingly storing the user information and the Token authorization code in the Redis cache, and enabling the current user to login successfully. The scheme is favorable for accurately determining and controlling the number of the online people in real time; meanwhile, the method is favorable for improving the flexibility of authentication.

Description

System login authentication method and device, computer equipment and readable storage medium
Technical Field
The invention relates to the technical field of mobile interconnection, in particular to a system login authentication method, a system login authentication device, computer equipment and a readable storage medium.
Background
The existing scheme only allows the same account to be logged in one place, and if the same account is also logged in another place after the same account is logged in one place, the previous account is forced to be offline.
There are many ways to achieve this effect, for example, session is created by using cache mechanisms such as redis and memcache, etc., to control the singleness of account login, and this effect is achieved by using a background interception filter on the premise that no cache mechanism such as redis is used.
For example, a solution implemented by a background interception filter may include the following execution steps:
step one, a global sessionSave class is created to store sessionId of each account login;
secondly, when the user logs in, whether the sessionId is stored or not is obtained according to the account name, if yes, the original sessionId is deleted, and then the current sessionId is saved again; if not, directly saving the current sessionId; meanwhile, the current account information is stored in a global Session;
thirdly, when an action request is made, an interception filter class is used for acquiring whether a synchronous session cache has a current account, if not, the synchronous session cache is directly jumped to a login interface;
step four, if yes, acquiring sessionId of the corresponding account stored in the SessionSave and acquiring the current sessionId, comparing the sessionId acquired by the SessionSave with the current sessionId, and if the sessionId acquired by the SessionSave and the current sessionId are equal, indicating that the accounts log in the same place and directly releasing the action request; if not, the user logs in at another place, the current login is forced to be offline, the action request is intercepted, and the user directly jumps back to the login interface;
however, this method has a drawback that Session monitoring may not be timely, because when the browser is closed, only the Session id of the client is invalid, and the Session (expiration time) of the server still exists until the Session is cleared after the Session is timed out, so that the client is offline, but the Session of the server still exists, which indicates that the client is still online, and thus the login of another client is affected, so that the accuracy of authentication is affected.
The scheme for creating session using the Redis cache may include the following steps:
the method comprises the following steps: when a user logs in, session _ id is stored in a user data table, then a key is generated according to uid, and some user information is stored in redis (a login identification, session _ id and the like are generated)
Step two: and when another terminal logs in by using the same account, acquiring the session _ id of the user table. And performing the operation of the first step.
Step three: the session _ id acquired in the second step is changed into old information, which may be currently used or outdated, and at this time, the data in the session _ id may be cleared from the redis according to the session _ id, no matter whether the session _ id is valid or not; after the above processing, if there is a login in another terminal, the session in other places should be cleared, and the exit state is determined when the page needing login is accessed.
Step four: the method can be realized by an ajax timing request polling mode, the realization mode is that whether the current session data still exists is judged by a server, if the current session data does not exist, whether the session _ id stored in the user table is consistent with the session _ id stored in the redis is found according to the login state data and the user information which are stored in the redis, and if the current session data does not exist, the user can be prompted to log in at another terminal. If the session _ id is consistent, it should be certain that it is expired. At this time, relevant redis data of the user can be cleared and then redirected login is carried out.
The method has the defects that the real-time performance of the ajax timed request polling method is low, and the method is not suitable when the data size is large, so that the real-time performance and the accuracy of authentication can be influenced.
Disclosure of Invention
The embodiment of the invention provides a system login authentication method, which aims to solve the technical problems of low accuracy and poor real-time performance of authentication in the prior art. The method comprises the following steps:
receiving login requests of different login modes, and verifying user information in the login requests;
after the user information passes verification, judging whether the current online number corresponding to the user information is smaller than a preset value or not;
if yes, generating a Token authorization code, correspondingly storing the user information and the Token authorization code in a Redis cache, and enabling the current user to successfully log in; if not, deleting the Token authorization code corresponding to the first login in the Redis cache according to the user information login sequence, taking the first login user off line, generating the Token authorization code, and correspondingly storing the user information and the Token authorization code in the Redis cache, wherein the current user login is successful.
In one embodiment, the different login modes include
A login manner using a user name and a password, a login manner using a terminal number and a password, and a login manner using a terminal number and a dynamic password.
In one embodiment, verifying the user information in the login request includes:
and acquiring relevant information of the user from the Redis cache to verify the user information in the login request.
In one embodiment, the determining whether the current number of online people corresponding to the user information is less than a preset value includes:
and querying the number of Token authorization codes stored corresponding to the user information in the Redis cache, and judging whether the number of the Token authorization codes is smaller than a preset value, wherein the user information and the Token authorization codes of successful login users of each single-point login system are stored in the Redis cache.
In one embodiment, the correspondingly storing the user information and the Token authorization code in a Redis cache includes:
and correspondingly storing the user information and the Token authorization code in a Redis cache in a stack form.
In one embodiment, according to the user information login sequence, deleting the Token authorization code corresponding to the first login in the Redis cache, including:
according to the sequence identifier of the Token authorization code corresponding to the user information when the Token authorization code is stored in the Redis cache, deleting the Token authorization code which is stored firstly in the Redis cache according to a first-in first-out principle.
In one embodiment, deleting the Token authorization code corresponding to the first login in the Redis cache according to the user information login sequence includes:
and determining the Token authorization codes bound with the common login places of the user in the Redis cache, and deleting the Token authorization codes which are stored firstly in the Redis cache according to a first-in first-out principle according to the sequence identification of the Token authorization codes when the Token authorization codes are stored in the Redis cache in the Token authorization codes which are not bound with the common login places of the user.
In one embodiment, the sequence identification includes a storage time and a storage number.
In one embodiment, further comprising:
setting expiration time for the stored Token authorization codes in the Redis cache, and automatically deleting the Token authorization codes when the expiration time is reached.
The embodiment of the invention also provides a system login authentication device, which is used for solving the technical problems of low accuracy and poor real-time performance of authentication in the prior art. The device includes:
the verification module is used for receiving login requests of different login modes and verifying user information in the login requests;
the judging module is used for judging whether the current online number corresponding to the user information is smaller than a preset value or not after the user information passes verification;
the authentication module is used for generating a Token authorization code if the number of the current online people corresponding to the user information is smaller than a preset value, correspondingly storing the user information and the Token authorization code in a Redis cache, and successfully logging in a current user; if the number of the current online users corresponding to the user information is not less than a preset value, deleting the Token authorization code corresponding to the first login in the Redis cache according to the user information login sequence, taking the user logged in first off-line, generating the Token authorization code, and correspondingly storing the user information and the Token authorization code in the Redis cache, wherein the current user login is successful.
In one embodiment, the different login modes include
A login manner using a user name and a password, a login manner using a terminal number and a password, and a login manner using a terminal number and a dynamic password.
In an embodiment, the authentication module is configured to acquire information about a user from a Redis cache to authenticate user information in the login request.
In an embodiment, the determining module is specifically configured to query the number of Token authorization codes stored in the Redis cache corresponding to the user information, and determine whether the number of the Token authorization codes is smaller than a preset value, where the user information of the user who successfully logs in the single sign-on system and the Token authorization codes are stored in the Redis cache.
In an embodiment, the authentication module is further configured to store the user information and the Token authorization code in a Redis cache in a stack.
In one embodiment, an authentication module, comprising:
and the first authentication unit is used for deleting the Token authorization code which is stored firstly in the Redis cache according to a first-in first-out principle according to the sequence identifier of the Token authorization code corresponding to the user information when the Token authorization code is stored in the Redis cache.
In one embodiment, the authentication module further comprises:
and the second authentication unit is used for determining the Token authorization codes bound with the common login places of the user in the Redis cache, and deleting the Token authorization codes which are stored firstly in the Redis cache according to a first-in first-out principle according to sequence identifiers of the Token authorization codes when the Token authorization codes are stored in the Redis cache in the Token authorization codes which are not bound with the common login places of the user.
In one embodiment, the sequence identification includes a storage time and a storage number.
In one embodiment, further comprising:
and the expiration processing module is used for setting expiration time for the stored Token authorization codes in the Redis cache, and automatically deleting the Token authorization codes when the expiration time is reached.
The embodiment of the invention also provides computer equipment which comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the processor executes the computer program to realize the arbitrary system login authentication method so as to solve the technical problems of low accuracy and poor real-time performance of authentication in the prior art.
The embodiment of the invention also provides a computer readable storage medium, which stores a computer program for executing the arbitrary system login authentication method, so as to solve the technical problems of low accuracy and poor real-time performance existing in the prior art.
In the embodiment of the invention, the user information and the Token authorization code of the successful login user of each single-point login system are stored based on the Redis cache, so that data sharing among different systems is realized, further, whether the number of online people of the current user information exceeds the preset value of the number of online people at the same time is judged based on the comprehensive data stored in the Redis cache, a Session monitoring mode is avoided, and further, the number of online people of the current user information is controlled not to exceed the preset value in a mode of deleting the Token authorization code in the Redis cache, so that the real-time and accurate determination and control of the number of online people are facilitated, and the real-time and accuracy of authentication are further facilitated to be improved; meanwhile, the preset numerical value of the number of online people and the mode of deleting the Token authorization code can be flexibly configured, and the flexibility of authentication is favorably improved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the principles of the invention. In the drawings:
fig. 1 is a flowchart of a system login authentication method according to an embodiment of the present invention;
fig. 2 is a flowchart for implementing the system login authentication method according to an embodiment of the present invention;
FIG. 3 is a block diagram of a computer device according to an embodiment of the present invention;
fig. 4 is a block diagram of a system login authentication apparatus according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail with reference to the following embodiments and accompanying drawings. The exemplary embodiments and descriptions of the present invention are provided to explain the present invention, but not to limit the present invention.
The inventor of the present application finds that the existing single-point system login function is mainly realized by using sessions to store user information, but a plurality of single-point systems may have a plurality of tomcats, and sessions depend on the Tomcat of the current system, so that the user information logged in between the plurality of single-point systems is not shared, for example, the user information between the sessions of the system a and the sessions of the system B is not shared.
In an embodiment of the present invention, a method for system login authentication is provided, as shown in fig. 1, the method includes:
step 102: receiving login requests of different login modes, and verifying user information in the login requests;
step 104: after the user information passes verification, judging whether the current online number corresponding to the user information is smaller than a preset value or not;
step 106: if yes, generating a Token authorization code, correspondingly storing the user information and the Token authorization code in a Redis cache, and successfully logging in the current user; if not, deleting the Token authorization code corresponding to the first login in the Redis cache according to the user information login sequence, enabling the user who logs in the first login to be offline, generating the Token authorization code, correspondingly storing the user information and the Token authorization code in the Redis cache, and enabling the current user to login successfully.
As can be seen from the process shown in fig. 1, in the embodiment of the present invention, it is proposed to store the user information and the Token authorization code of the successful login user of each single sign-on system based on the Redis cache, so as to implement data sharing between different systems, and further determine whether the number of online users of the current user information exceeds a preset number of simultaneous online users based on the comprehensive data stored in the Redis cache, so as to avoid a Session monitoring manner, and further control the number of online users of the current user information not to exceed the preset number by deleting the Token authorization code in the Redis cache, so as to facilitate determining and controlling the number of online users in real time and accurately, and further facilitate improving the real-time performance and accuracy of authentication; meanwhile, the preset numerical value of the number of the online people and the mode of deleting the Token authorization code can be flexibly configured, and the flexibility of authentication is favorably improved.
In specific implementation, in order to improve the flexibility and the generalization of the authentication method, in this embodiment, the system login authentication method may receive login requests of different login manners sent by a terminal, and further perform login verification based on user information in the login requests. Specifically, the login method may be diversified, and for example, the login method may be a login method using a user name and a password, a login method using a terminal number and a password, or a login method using a terminal number and a dynamic password.
In specific implementation, for login requests of different login modes, relevant information of a user can be acquired from the Redis cache to verify the user information in the login request.
Specifically, the Redis cache may store non-dynamic user-related information in the user information, for example, in a login manner using a user name and a password, the user information may include the user name and the password, both the user name and the password belong to the non-dynamic information, and then the login authentication may obtain the stored user name and password from the Redis cache to authenticate whether the user name and the password in the login request are correct; in a login mode using a terminal number and a password, the user information may include the terminal number and the password, for example, a mobile phone number and a password, both the terminal number and the password belong to non-dynamic information, and then login verification may obtain the stored terminal number and the password from the Redis cache to verify whether the terminal number and the password in the login request are correct; in the login mode using the terminal number and the dynamic password, the user information may include the terminal number and the dynamic password, for example, a mobile phone number and the dynamic password, and only the terminal number belongs to the non-dynamic information at this time, and then the login authentication may obtain the stored terminal number from the Redis cache to authenticate whether the terminal number in the login request is correct, and meanwhile, the dynamic password generated by the dynamic password generation device is used to authenticate whether the dynamic password in the login request is correct.
In specific implementation, when a system login problem is processed, in order to achieve account security and information synchronization, people need to set the number of people who can simultaneously log on the account, for example, one account can simultaneously log on 2 people (the number of people on the account is configurable) as required, and people kicking needs to be performed when a third person logs on. Because Redis has the characteristics of high access speed and persistence, and Token is only used for identity authentication of a login user, the authentication is simpler and more convenient, and the security is higher.
For example, after the user information passes the verification, it is determined whether the number of the current online users corresponding to the user information is smaller than a preset value N, specifically, it is determined whether the number of the Token authorization codes is smaller than the preset value N by querying the number of the Token authorization codes correspondingly stored in the Redis cache by the user information, if so, the number of the current online users corresponding to the user information is smaller than the preset value N, a Token authorization code is generated, the user information and the Token authorization code are correspondingly stored in the Redis cache, and the current user successfully logs in; otherwise, the number of the current online users corresponding to the user information exceeds a preset value N, the Token authorization code corresponding to the first login needs to be deleted in the Redis cache, so that the user who logs in first is offline, the Token authorization code is generated, the user information and the Token authorization code are correspondingly stored in the Redis cache, and the current user login is successful.
In particular, in order to facilitate querying the number of Token authorization codes stored in the Redis cache, in this embodiment, the Token authorization codes may be stored correspondingly to indicate the serial numbers or serial numbers of the Token authorization codes, the number of the stored Token authorization codes is the same as the number of online people, that is, after the identification code of the last stored Token authorization code is found, the current number of online people can be known.
In specific implementation, the preset value may be configured according to specific requirements, for example, the size of the preset value N of the number of people who can be online at the same time may be determined according to the security requirement of the account.
In particular, in order to facilitate removal of the Token authorization code in the process of controlling the number of online people at the same time, in this embodiment, it is proposed to correspondingly store the user information and the Token authorization code in a Redis cache in a stack manner, so that removal of the Token authorization code according to a first-in first-out principle is facilitated when the number of online people at the same time is greater than a preset value N.
When the method is specifically implemented, in order to further improve the security of the account and the configurability of authentication, the authentication is safe and convenient, and in the embodiment, the control of the number of online people can be realized by configuring different people kicking modes.
For example, people can be kicked according to a login sequence, specifically, when the number of current online people corresponding to user information is equal to a preset value N, according to a sequence identifier of the Token authorization code corresponding to the user information when being stored in the Redis cache, according to a first-in first-out principle, the Token authorization code stored first is deleted in the Redis cache.
Specifically, N authorization codes are stored in the Token set in the Redis cache, when the current user is an N +1 login user, according to the sequence identifier of the Token authorization codes stored in the Redis cache, the first stored authorization code in the Token set is removed according to the first-in first-out principle, so that the first login user goes offline, a new Token authorization code is generated for the current N +1 user, the user information and the Token authorization code are stored in the Redis cache, and the current user successfully logs in.
Specifically, the sequence identifier may be any information capable of indicating a storage sequence of the Token authorization code, for example, the storage sequence may be a storage time, and the storage sequence may also be a number, that is, the number or the storage time of the Token authorization code is stored while the Token authorization code is stored.
For example, a login sequence and a user common login place may be combined to kick a person, specifically, when the number of current online persons corresponding to user information is equal to a preset value N, the Token authorization code bound to the user common login place is determined in the Redis cache, and in the Token authorization code that is not bound to the user common login place, according to a sequence identifier of the Token authorization code stored in the Redis cache, the Token authorization code stored first is deleted in the Redis cache according to a first-in first-out principle.
Specifically, N authorization codes are stored in the Token set in the Redis cache, when the current user is an N +1 login user, in addition to the authorization codes bound to the common login location of the user, in the Token authorization codes that are not bound to the common login location of the user, according to the sequence identifier of the Token authorization codes stored in the Redis cache, according to the first-in first-out principle, the first stored Token authorization code is removed, so that the first login user goes offline, a new Token authorization code is generated for the current N +1 user, and the user information and the Token authorization code are stored in the Redis cache, and the current user successfully logs in.
In a specific implementation, the frequently-used login location of the user may be determined according to a frequency of using the login location by the user within a preset time period, for example, a location with the highest user frequency within one month is a frequently-used login location of the user.
In specific implementation, in order to improve the real-time performance and timeliness of authentication, in this embodiment, an expiration time is set for the stored Token authorization code in the Redis cache, and when the expiration time is reached, the Token authorization code is automatically deleted. Specifically, when the Token authorization code correspondingly stored when a certain user logs in reaches the expiration time, the Token authorization code is automatically deleted, that is, the user is automatically offline, and when logging in again, the authentication process is performed again.
In practical implementation, the length of the expiration time may be determined according to specific factors such as the needs of different users, security requirements, and the like, for example, 6 hours, 24 hours, several months, permanence, and the like. When the expiration time of the stored Token authorization code is set to be permanent when a certain user logs in, the user can be always on line, and when the user logs in again after automatically going off line, the user can directly log in without re-authentication.
The following describes in detail a process for implementing the above system login authentication method with reference to fig. 2, where the process includes the following steps:
step one, when a user logs in, judging and verifying user information according to different login modes: (assuming background allows simultaneous online population is N)
The login method is as follows: when the user uses a login mode of a user name and a password:
a. judging whether the user name exists, for example, judging whether the user name exists in the Redis cache, and if not, giving a prompt;
b. if the user name exists, judging whether the password is correct, for example, judging whether the password exists in the Redis cache corresponding to the user name, if so, judging that the password is correct, if not, judging that the password is incorrect, and if not, giving a prompt;
c. and if the user name exists and the password is correct, the next judgment is carried out.
The second method comprises the following steps: when the user uses the login mode of the mobile phone number + the password:
a. judging whether the mobile phone number exists, for example, judging whether the mobile phone number exists in the Redis cache, and if not, giving a prompt;
b. if the mobile phone number exists, judging whether the password is correct, for example, judging whether the password exists in the Redis cache corresponding to the mobile phone number, if so, judging that the password is correct, if not, judging that the password is incorrect, and if not, giving a prompt;
c. and if the mobile phone number exists and the password is correct, entering the next judgment.
The third method comprises the following steps: when the user uses the login mode of the mobile phone number + the dynamic code:
a. judging whether the mobile phone number exists, for example, judging whether the mobile phone number exists in the Redis cache, and if not, giving a prompt;
b. if the mobile phone number exists, judging whether the dynamic code is correct, for example, judging whether the generated dynamic code is consistent with the dynamic code, if so, judging that the dynamic code is correct, otherwise, judging that the dynamic code is incorrect, and if not, giving a prompt;
c. and if the mobile phone number exists and the dynamic code is correct, the next judgment is carried out.
And secondly, when the user name/mobile phone number and the password/dynamic code are correct, judging whether the current online number of the user information exceeds the number N of the simultaneously online people set in the background.
Specifically, the determination manner may be to determine whether the number of the queried Token authorization codes (representing the number of online users) is greater than or equal to the number N of the simultaneously-available online users set in the background by querying whether the user name and the corresponding Token authorization code are simultaneously stored in the Redis cache.
And thirdly, if the number of online users of the user information does not exceed the number N of simultaneous online users set by the background, generating a new Token authorization code, storing the user information and the Token authorization code into a Redis cache, and enabling the current user to successfully log in.
And step four, if yes, the number of online users of the user information exceeds the number of simultaneous online users N set in the background, and different kicking modes can be executed, for example, the mode 1: the method comprises the steps that N authorization codes are stored in a Token set in a Redis cache, when a current user is a N +1 login user, according to a sequence identifier of the Token authorization codes stored in the Redis cache, a first stored authorization code in the Token set is removed according to a first-in first-out principle, the first login user is enabled to be offline, a new Token authorization code is generated for the N +1 user, user information and the Token authorization codes (including the sequence identifier) are stored in the Redis cache, and the current user successfully logs in. In a mode 2, N authorization codes are stored in a Token set in a Redis cache, when a current user is an N +1 login user, except the Token authorization code bound with a common login place, in the Token authorization codes which are not bound with the common login place of the user, according to a sequence identifier of the Token authorization codes stored in the Redis cache, according to a first-in first-out principle, a first stored authorization code is removed, so that the first login user goes offline, a new Token authorization code is generated for the N +1 user, user information and the Token code are stored in the Redis cache, and the current user successfully logs in.
Specifically, the system login authentication method has the following characteristics:
the single sign-on system generates a token authorization code, stores the user information and the token authorization code in the Redis, and sets expiration time for the token authorization code.
In this embodiment, a computer device is provided, as shown in fig. 3, and includes a memory 302, a processor 304, and a computer program stored in the memory and executable on the processor, and the processor implements any of the above-mentioned system login authentication methods when executing the computer program.
In particular, the computer device may be a computer terminal, a server or a similar computing device.
In the present embodiment, there is provided a computer-readable storage medium storing a computer program for executing any of the above-described system login authentication methods.
In particular, computer-readable storage media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer-readable storage media include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable storage medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
Based on the same inventive concept, the embodiment of the present invention further provides a system login authentication apparatus, as described in the following embodiments. The principle of solving the problem of the system login authentication device is similar to that of the system login authentication method, so the implementation of the system login authentication device can refer to the implementation of the system login authentication method, and repeated parts are not described again. As used hereinafter, the term "unit" or "module" may be a combination of software and/or hardware that implements a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.
Fig. 4 is a block diagram of a structure of a system login authentication apparatus according to an embodiment of the present invention, as shown in fig. 4, the apparatus includes:
the verification module 402 is configured to receive login requests of different login manners, and verify user information in the login requests;
the judging module 404 is configured to judge whether the current online number corresponding to the user information is smaller than a preset value after the user information passes verification;
the authentication module 406 is configured to generate a Token authorization code if the current online number of people corresponding to the user information is smaller than a preset value, store the user information and the Token authorization code in a Redis cache, and enable the current user to successfully log in; if the number of the current online users corresponding to the user information is not less than a preset value, deleting the Token authorization code corresponding to the first login in the Redis cache according to the user information login sequence, taking the user logged in first off-line, generating the Token authorization code, and correspondingly storing the user information and the Token authorization code in the Redis cache, wherein the current user login is successful.
In one embodiment, the different login modes include
A login manner using a user name and a password, a login manner using a terminal number and a password, and a login manner using a terminal number and a dynamic password.
In an embodiment, the authentication module is configured to acquire the relevant information of the user from the Redis cache to authenticate the user information in the login request.
In an embodiment, the determining module is specifically configured to query the number of Token authorization codes stored in the Redis cache corresponding to the user information, and determine whether the number of the Token authorization codes is smaller than a preset value, where the user information of the user who successfully logs in the single sign-on system and the Token authorization codes are stored in the Redis cache.
In an embodiment, the authentication module is further configured to store the user information and the Token authorization code in a Redis cache in a stack.
In one embodiment, an authentication module, comprising:
and the first authentication unit is configured to delete the first stored Token authorization code in the Redis cache according to a first-in first-out principle and according to a sequence identifier of the Token authorization code corresponding to the user information when the Token authorization code is stored in the Redis cache.
In one embodiment, the authentication module further comprises:
and a second authentication unit, configured to determine, in the Redis cache, the Token authorization code bound to the user common login location, and delete, in the Redis cache, the Token authorization code that is stored first according to a first-in first-out principle and according to a sequence identifier of the Token authorization code when stored in the Redis cache, among the Token authorization codes that are not bound to the user common login location.
In one embodiment, the sequence identification includes a storage time and a storage number.
In one embodiment, further comprising:
and the expiration processing module is used for setting expiration time for the stored Token authorization codes in the Redis cache, and automatically deleting the Token authorization codes when the expiration time is reached.
The embodiment of the invention realizes the following technical effects: the method has the advantages that the user information and the Token authorization codes of successful login users of each single-point login system are stored based on the Redis cache, data sharing among different systems is achieved, whether the number of online people of the current user information exceeds a preset value of the number of online people at the same time is judged based on comprehensive data stored in the Redis cache, a Session monitoring mode is avoided, the number of online people of the current user information is controlled not to exceed the preset value in a mode of deleting the Token authorization codes in the Redis cache, real-time and accurate determination and control of the number of online people are facilitated, and real-time performance and accuracy of authentication are facilitated to be improved; meanwhile, the preset numerical value of the number of the online people and the mode of deleting the Token authorization code can be flexibly configured, and the flexibility of authentication is favorably improved.
Although the present invention provides method steps as described in the examples or flowcharts, more or fewer steps may be included based on routine or non-inventive labor. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. When implemented in practice, the apparatus or client products may be executed sequentially or in parallel (e.g., in the context of parallel processors or multi-threaded processing) according to the methods shown in the embodiments or figures.
As will be appreciated by one skilled in the art, embodiments of the present description may be provided as a method, apparatus (system) or computer program product. Accordingly, embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, as for the system embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and reference may be made to the partial description of the method embodiment for relevant points. In this document, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. The terms "upper", "lower", and the like, indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are only for convenience in describing the present invention and simplifying the description, but do not indicate or imply that the referred devices or elements must have a specific orientation, be constructed and operated in a specific orientation, and thus, should not be construed as limiting the present invention. Unless expressly stated or limited otherwise, the terms "mounted," "connected," and "connected" are intended to be inclusive and mean, for example, that they may be fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood by those skilled in the art according to specific situations. It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict. The present invention is not limited to any single aspect, nor is it limited to any single embodiment, nor is it limited to any combination and/or permutation of these aspects and/or embodiments. Moreover, each aspect and/or embodiment of the present invention may be utilized alone or in combination with one or more other aspects and/or embodiments thereof.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the present invention, and they should be construed as being included in the following claims and description.

Claims (14)

1. A system login authentication method is characterized by comprising the following steps:
receiving login requests of different login modes, and verifying user information in the login requests;
after the user information passes verification, judging whether the current online number corresponding to the user information is smaller than a preset value or not;
if yes, generating a Token authorization code, correspondingly storing the user information and the Token authorization code in a Redis cache, and successfully logging in the current user; if not, deleting the Token authorization code corresponding to the first login in the Redis cache according to the user information login sequence, enabling the user who logs in the first login to be offline, generating a Token authorization code, correspondingly storing the user information and the Token authorization code in the Redis cache, and enabling the current user to login successfully;
the different login modes comprise
A login mode using a user name and a password, a login mode using a terminal number and a password, and a login mode using a terminal number and a dynamic password;
verifying the user information in the login request, including:
acquiring relevant information of a user from a Redis cache to verify the user information in the login request; storing relevant information of a non-dynamic user in user information in a Redis cache;
deleting the Token authorization code corresponding to the first login in the Redis cache according to the user information login sequence, wherein the deleting comprises:
and determining the Token authorization codes bound with the common login places of the user in the Redis cache, and deleting the Token authorization codes which are stored firstly in the Redis cache according to a first-in first-out principle according to the sequence identification of the Token authorization codes when the Token authorization codes are stored in the Redis cache in the Token authorization codes which are not bound with the common login places of the user.
2. The system login authentication method of claim 1, wherein the step of judging whether the current online number corresponding to the user information is less than a preset value comprises the steps of:
and inquiring the number of the Token authorization codes correspondingly stored in the user information in the Redis cache, and judging whether the number of the Token authorization codes is smaller than a preset value, wherein the user information and the Token authorization codes of the users who successfully log in the single sign-on system are stored in the Redis cache.
3. The system login authentication method of claim 1, wherein correspondingly storing the user information and the Token authorization code in a Redis cache comprises:
and correspondingly storing the user information and the Token authorization code in a Redis cache in a stack form.
4. The system login authentication method according to any one of claims 1 to 3, wherein deleting the Token authorization code corresponding to the first login in the Redis cache according to the user information login sequence, comprises:
according to the sequence identifier of the Token authorization code corresponding to the user information when being stored in the Redis cache, deleting the Token authorization code which is stored firstly in the Redis cache according to a first-in first-out principle.
5. The system login authentication method of claim 1, wherein the sequence identification comprises a storage time and/or a storage number.
6. The system login authentication method according to any one of claims 1 to 3, further comprising:
and setting expiration time for the stored Token authorization codes in the Redis cache, and automatically deleting the Token authorization codes when the expiration time is reached.
7. A system login authentication device, comprising:
the verification module is used for receiving login requests of different login modes and verifying user information in the login requests;
the judging module is used for judging whether the current online number corresponding to the user information is smaller than a preset value or not after the user information passes verification;
the authentication module is used for generating a Token authorization code if the number of the current online people corresponding to the user information is smaller than a preset value, and storing the user information and the Token authorization code in a Redis cache correspondingly, so that the current user successfully logs in; if the number of the current online users corresponding to the user information is not less than a preset value, deleting the Token authorization code corresponding to the first login in the Redis cache according to the user information login sequence, taking the user logged in first off-line, generating a Token authorization code, and correspondingly storing the user information and the Token authorization code in the Redis cache, wherein the current user login is successful;
the different login modes comprise
A login mode using a user name and a password, a login mode using a terminal number and a password, and a login mode using a terminal number and a dynamic password;
the authentication module is used for acquiring the relevant information of the user from the Redis cache to authenticate the user information in the login request; storing relevant information of a non-dynamic user in user information in a Redis cache;
the authentication module further comprises:
and the second authentication unit is used for determining the Token authorization codes bound with the common login places of the user in the Redis cache, and deleting the Token authorization codes which are stored firstly in the Redis cache according to a first-in first-out principle according to sequence identifiers of the Token authorization codes when the Token authorization codes are stored in the Redis cache in the Token authorization codes which are not bound with the common login places of the user.
8. The system login authentication device according to claim 7, wherein the determining module is specifically configured to query a number of Token authorization codes, which are stored in the Redis cache in correspondence with the user information, and determine whether the number of the Token authorization codes is smaller than a preset value, where the user information and the Token authorization codes of the users who successfully login in each single sign-on system are stored in the Redis cache.
9. The system login authentication device of claim 7, wherein the authentication module is further configured to store the user information and the Token authorization code in a Redis cache in a stack.
10. The system login authentication device of any one of claims 7 to 9, wherein the authentication module comprises:
and the first authentication unit is used for deleting the Token authorization code which is stored firstly in the Redis cache according to a first-in first-out principle according to the sequence identifier of the Token authorization code corresponding to the user information when the Token authorization code is stored in the Redis cache.
11. The system login authentication device of claim 7, wherein the sequence identification comprises a storage time and a storage number.
12. The system login authentication device according to any one of claims 7 to 9, further comprising:
and the expiration processing module is used for setting expiration time for the stored Token authorization codes in the Redis cache, and automatically deleting the Token authorization codes when the expiration time is reached.
13. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the system login authentication method according to any one of claims 1 to 6 when executing the computer program.
14. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program for executing the system login authentication method of any one of claims 1 to 6.
CN202110550449.5A 2021-05-20 2021-05-20 System login authentication method and device, computer equipment and readable storage medium Active CN113271308B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110550449.5A CN113271308B (en) 2021-05-20 2021-05-20 System login authentication method and device, computer equipment and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110550449.5A CN113271308B (en) 2021-05-20 2021-05-20 System login authentication method and device, computer equipment and readable storage medium

Publications (2)

Publication Number Publication Date
CN113271308A CN113271308A (en) 2021-08-17
CN113271308B true CN113271308B (en) 2023-04-07

Family

ID=77231993

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110550449.5A Active CN113271308B (en) 2021-05-20 2021-05-20 System login authentication method and device, computer equipment and readable storage medium

Country Status (1)

Country Link
CN (1) CN113271308B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114124508B (en) * 2021-11-16 2024-04-19 上海浦东发展银行股份有限公司 Application login method and system
CN114139135B (en) * 2022-02-08 2022-06-21 深圳希施玛数据科技有限公司 Equipment login management method, device and storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150281227A1 (en) * 2014-03-31 2015-10-01 Symple ID Inc. System and method for two factor user authentication using a smartphone and nfc token and for the automatic generation as well as storing and inputting of logins for websites and web applications
US11227041B2 (en) * 2018-08-24 2022-01-18 Baskaran Dharmarajan Identification service based authorization
CN112653681B (en) * 2020-12-15 2023-02-10 中国建设银行股份有限公司 Multi-feature fusion user login access method, device and system

Also Published As

Publication number Publication date
CN113271308A (en) 2021-08-17

Similar Documents

Publication Publication Date Title
CN111556006B (en) Third-party application system login method, device, terminal and SSO service platform
CN113271308B (en) System login authentication method and device, computer equipment and readable storage medium
CN110381031B (en) Single sign-on method, device, equipment and computer readable storage medium
CN111030812A (en) Token verification method, device, storage medium and server
CN111931144A (en) Unified safe login authentication method and device for operating system and service application
CN108632241B (en) Unified login method and device for multiple application systems
CN112653681B (en) Multi-feature fusion user login access method, device and system
CN104753909B (en) Method for authenticating after information updating, Apparatus and system
CN109831310B (en) Identity verification method, system, equipment and computer readable storage medium
CN110601832A (en) Data access method and device
KR20180092319A (en) Method and apparatus for recognizing a service request for changing a mobile number
CN106295384B (en) Big data platform access control method and device and authentication server
CN109829321B (en) Method, device, equipment and storage medium for authenticating identity
CN114385995A (en) Handle-based method for accessing identifier analysis micro-service to industrial Internet and identifier service system
CN111695098B (en) Multi-distributed cluster access method and device
CN104601532B (en) A kind of method and device of logon account
CN104518871B (en) A kind of network platform and method of self-service certification movable storage device
CN111147235B (en) Object access method and device, electronic equipment and machine-readable storage medium
CN111090616B (en) File management method, corresponding device, equipment and storage medium
RU121946U1 (en) AUTOMATED LAST INSTANCE SOCIAL AUTHENTICATION SYSTEM
CN111600864A (en) Method and device for verifying access service interface based on token authentication multidimensional
CN108494759B (en) Access request processing method, system, device and storage medium
CN114329394A (en) Multiple identity authentication method, device, terminal and storage medium for rail transit crew
CN109600342A (en) Uniform authentication method and device based on one-point technique
CN113364798A (en) Redis-based user access frequency processing device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant