CN113297562A - Authentication method, device, system, electronic equipment and storage medium - Google Patents
Authentication method, device, system, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN113297562A CN113297562A CN202110680646.9A CN202110680646A CN113297562A CN 113297562 A CN113297562 A CN 113297562A CN 202110680646 A CN202110680646 A CN 202110680646A CN 113297562 A CN113297562 A CN 113297562A
- Authority
- CN
- China
- Prior art keywords
- service request
- identity token
- web application
- user
- user identity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 44
- 238000012795 verification Methods 0.000 claims description 19
- 230000004044 response Effects 0.000 claims description 10
- 230000008569 process Effects 0.000 claims description 8
- 238000012545 processing Methods 0.000 claims description 6
- 238000004590 computer program Methods 0.000 claims description 3
- 238000011161 development Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 235000014510 cooky Nutrition 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
- G06F21/445—Program or device authentication by mutual authentication, e.g. between devices or programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/101—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities
- G06F21/1014—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities to tokens
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The present disclosure relates to an authentication method, apparatus, system, electronic device and storage medium, the method is applied to an internet platform, and includes: receiving a first service request sent by a first web application through an authentication module, wherein the first web application is any one of a plurality of web applications corresponding to the internet platform; acquiring a user identity token in the first service request, wherein the user identity token is obtained after a second web application logs in the internet platform through an authentication module, and the second web application is any one of the web applications; checking the first service request according to the user identity token; and controlling the first web application to respond to the first service request according to the checking result.
Description
Technical Field
The present disclosure relates to the field of network authentication technologies, and in particular, to an authentication method, an apparatus, a system, an electronic device, and a storage medium.
Background
Along with the continuous development of industrial interconnection informatization, the product applications in a plurality of fields such as intelligent factory, wisdom garden, wisdom thing antithetical couplet have hatched to enterprise inside, have made huge contribution for the production management of enterprise, but have mutually independent login system between each application, need input user name and password alone to log in different application system during the use, have caused a great deal of inconvenience in the use, also do not benefit to the combinatorial popularization and the marketing of product simultaneously.
Disclosure of Invention
The disclosure provides an authentication method, an authentication device, an authentication system, an electronic device and a storage medium.
According to some embodiments of the present disclosure, there is provided an authentication method applied to an internet platform, the method including:
receiving a first service request sent by a first web application through an authentication module, wherein the first web application is any one of a plurality of web applications corresponding to the internet platform;
acquiring a user identity token in the first service request, wherein the user identity token is obtained after a second web application logs in the internet platform through an authentication module, and the second web application is any one of the web applications;
checking the first service request according to the user identity token;
and controlling the first web application to respond to the first service request according to the checking result.
In one embodiment, further comprising:
receiving login information sent by the second web application through an authentication module, wherein the login information is input by a user after the second web application receives a second service request without a user identity token;
determining whether the login information is legal and effective;
and responding to the fact that the login information is legal and effective, generating a user identity token according to the login information, and returning the user identity token to the user through the second web application.
In one embodiment, the first service request is intercepted by an intercepting unit in an authentication module, and a forwarding unit of the authentication module sends the intercepted first service request to the internet platform according to a destination address carried by the first service request; and/or the presence of a gas in the gas,
the second service request is intercepted by an intercepting unit in the authentication module; and/or the presence of a gas in the gas,
and intercepting the login information by an interception unit in the authentication module, and sending the login information to the interconnection expectation platform by a forwarding unit of the authentication module according to a destination address carried by the login information.
In one embodiment, said returning said user identity token to the user through said second web application comprises:
returning the user identity token and a preset identifier to the user through the second web application;
the obtaining the user identity token in the first service request includes:
and acquiring the user identity token from the first service request by using the preset identifier.
In one embodiment, the first service request is generated by service content input by a user through a browser; and/or the presence of a gas in the gas,
the second service request is generated by service content input by a user through a browser; and/or the presence of a gas in the gas,
the login information is generated by a user name and a password input by a user through a browser.
In one embodiment, the returning the user identity token and the preset identifier to the user through the second web application includes:
returning the user identity token and the preset identifier to the second web application through the authentication module so that the second web application returns the user identity token and the preset identifier to the browser;
the first service request is generated by service content input by a user through a browser, and comprises the following steps:
the first service request is generated by service content input by a user through a browser, the user identity token in the browser and the preset identifier.
In one embodiment, the determining whether the login information is valid or not includes:
and if the user information consistent with the login information exists in the user information stored in the user database, determining that the login information is legal and effective.
In one embodiment, the verifying the first service request according to the user identity token includes:
determining whether the user identity token is valid; and/or the presence of a gas in the gas,
and determining whether the service content of the first service request is matched with the service authority corresponding to the user identity token.
In one embodiment, the determining whether the login information is valid, further includes:
decrypting the login information by using a preset rule; and/or the presence of a gas in the gas,
the verifying the first service request according to the user identity token further comprises:
and decrypting the user identity token by using a preset rule.
In one embodiment, the controlling, according to the result of the checking, the first web application to respond to the first service request includes:
responding to the user identity token is legal and valid, and the service content of the first service request is matched with the service authority corresponding to the user identity token, controlling the first web application to process the service content, and returning response data to the browser;
otherwise, controlling the first web application to return prompt information to the browser, wherein the prompt information is used for representing the verification result.
In one embodiment, further comprising:
receiving a super service request sent by a third web application through an authentication module, wherein the third web application is any one of the plurality of web applications;
acquiring a super identity token in the super service request, wherein the super identity token is obtained after a super user registers on the Internet platform through any one web application and authentication module;
and responding to the legality and validity of the super identity token, and adjusting user information, department information or application information stored in the Internet platform according to the service content of the super service request.
According to some embodiments of the present disclosure, there is provided an authentication apparatus applied to an internet platform, the apparatus including:
the system comprises a receiving module, a processing module and a processing module, wherein the receiving module is used for receiving a first service request sent by a first web application through an authentication module, and the first web application is any one of a plurality of web applications corresponding to the internet platform;
an obtaining module, configured to obtain a user identity token in the first service request, where the user identity token is obtained after a second web application logs in the internet platform through an authentication module, and the second web application is any one of the multiple web applications;
the verification module is used for verifying the first service request according to the user identity token;
and the response module is used for controlling the first web application to respond to the first service request according to the verification result.
According to some embodiments of the present disclosure, there is provided an authentication system comprising:
the system comprises a plurality of web applications, a plurality of authentication modules and a plurality of service modules, wherein the web applications are used for receiving service contents input by a user through a browser, generating a first service request according to the service contents and a user identity token in the browser and sending the first service request to the authentication modules;
the authentication module is used for receiving the first service request sent by the web application and sending the first service request to an internet platform;
and the internet platform is used for receiving the first service request sent by the authentication module and controlling the corresponding web application to respond to the first service request according to the verification result of the user identity token in the first service request.
In one embodiment, the web application is further configured to prompt the user to input login information after receiving a second service request without a user identity token, which is input by the user through a browser, and receive the login information input by the user through the browser;
the authentication module is also used for receiving login information sent by the web application and sending the login information to the Internet platform;
the Internet platform is further used for receiving login information sent by the authentication module, generating a user identity token according to the login information under the condition that the login information is legal and effective, and returning the user identity token to the browser through the authentication module and the corresponding web application.
In one embodiment, the authentication module is in the form of a plug-in; the authentication module comprises an interception unit and a forwarding unit, wherein the interception unit is used for intercepting information related to the Internet platform, and the forwarding unit is used for forwarding the information related to the Internet platform.
According to some embodiments of the present disclosure, there is provided an authentication system comprising:
the authentication module is used for receiving the first service request sent by the web application and sending the first service request to an internet platform;
and the internet platform is used for receiving the first service request sent by the authentication module and controlling the corresponding web application to respond to the first service request according to the verification result of the user identity token in the first service request.
According to some embodiments of the present disclosure, there is provided an electronic device comprising a memory for storing computer instructions executable on a processor, the processor for implementing the method of the first aspect when executing the computer instructions.
According to some embodiments of the disclosure, a computer-readable storage medium is provided, on which a computer program is stored which, when executed by a processor, implements the method of the first aspect.
According to the embodiment, the first web application is controlled to respond to the first service request by receiving the first service request sent by the first web application through the authentication module, acquiring the user identity token in the first service request, verifying the first service request according to the user identity token, and finally controlling the first web application according to the verification result. The user identity token is obtained by logging in the internet platform by the second web application through the authentication module, and the first web application and the second web application are any one of a plurality of web applications corresponding to the internet platform, namely the identity token obtained by logging in the internet platform by any one web application can be carried in a service request by the web application or other web applications, so that the service request can be verified by the internet platform, the web application can respond to the service request, inconvenience caused by independent logging in of different application systems by each web application is avoided, and the service processing efficiency is improved; meanwhile, the information safety of the user can be protected by reducing the login times.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure.
Fig. 1 is a flow diagram illustrating an authentication method according to some embodiments of the present disclosure;
FIG. 2 is a schematic block diagram of an authentication system according to some embodiments of the present disclosure;
FIG. 3 is a flow chart illustrating an authentication method according to further embodiments of the present disclosure;
fig. 4 is a schematic structural diagram of an authentication device according to some embodiments of the present disclosure;
fig. 5 is a schematic structural diagram of an electronic device shown in some embodiments of the present disclosure.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims.
The terminology used in the present disclosure is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. As used in this disclosure and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present disclosure. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
For enterprise application consisting of a plurality of subsystems, each subsystem independently stores a user name and a password, a user needs to register for many times and can use different subsystems only by frequently switching login, the operation process is complicated, the user experience is poor, and the user name and the password are transmitted when the system is logged in every time, so that the privacy information and the safety information of the user are easily revealed.
Based on this, some embodiments of the present disclosure provide an authentication method, please refer to fig. 1, which shows a flow of the authentication method, including steps S101 to S104.
The method can be applied to an Internet platform. As shown in fig. 2, the internet platform 230 may be a server side of an authentication system of an enterprise, the internet platform corresponds to a plurality of web applications 210, and the web applications 210 are installed on the internet platform and run, so when the web applications 210 process service requests, validity of the service requests needs to be verified through the internet platform 230, that is, the web applications may verify validity of the service requests in a remote verification (remote) manner. The plurality of web applications 210 may be product applications in a plurality of fields, such as intelligent factories, intelligent parks, and intelligent things-relations that hatch inside the enterprise. The users who process the business requests using these web applications 210 may be business workers, managers, or the like.
In step S101, a first service request sent by a first web application through an authentication module is received, where the first web application is any one of a plurality of web applications corresponding to the internet platform.
The first service request may be generated by service content input by a user through a browser, a user identity token in the browser, and a preset identifier, for example, the preset identifier may be set in a cookie of an Http request header. The user identity token and the preset identifier may be obtained after the second web application logs in the internet platform through the authentication module, the user identity token may be generated by the internet platform according to logged user information, and the preset identifier may be pre-stored in a configuration file of the floral networking platform. The second web application is any one of the plurality of web applications. The first web application and the second web application may be the same or different.
With continued reference to fig. 2, the authentication system includes an authentication module 220 in addition to the internet platform 230 and its corresponding plurality of web applications 210. The authentication module may be in the form of a plug-in, and may have an interception unit for intercepting information related to the internet platform and a forwarding unit for forwarding the information related to the internet platform. The authentication module in the form of a plug-in can be an SDK developed in JAVA language, an interception unit and a forwarding unit are packaged in the plug-in based on Spring Aop, the packaged plug-in can be introduced into a project service (e.g., an internet platform or a web application) for package operation through a project management tool Maven, and then the project service can call related functions (an interception function, a forwarding function, etc.) in the plug-in. Therefore, the first service request can be intercepted by the intercepting unit in the authentication module, and the forwarding unit of the authentication module sends the first service request to the internet platform according to the destination address carried by the first service request. The authentication module can also have an abstract class for uniform authentication and an annotation class for skipping authentication, the authentication module can realize interception and forwarding by using methods in the abstract class so as to authenticate the service request, and the authentication module can also pass the service request contained in the annotation class because the service requests do not need authentication. The interception unit filters all service requests, intercepts the first service request and does not intercept other service requests, and the interception function of the interception unit can enable the first service request needing internet platform authentication to be sent to the internet platform and simultaneously avoid other service requests from being sent to the internet platform by mistake, so that the authentication of the internet platform is targeted and the efficiency is high.
In step S102, a user identity token in the first service request is obtained.
The preset identifier carried by the first service request may be stored in a configuration file of an internet platform in advance, so that the user identity token may be obtained from the first service request by using the preset identifier. For example, the user identity token may be obtained from the Http request header by a preset identifier. It is to be understood that the above-mentioned manner for obtaining the user identity token in the first service request is only one example that can be implemented, and is not a limitation on the manner for obtaining the user identity token.
In step S103, the first service request is verified according to the user identity token.
The user identity token may be decrypted by using a preset rule, and the first service request may be verified according to the user identity token. For example, the internet platform encrypts the user identity token when returning the user identity token to the second web application using a preset rule, and thus the user identity token may be decrypted using the same rule before verifying the first service request. That is, the encryption and confidentiality rules are only stored in the internet platform, and the browser is not stored, that is, the user can only carry the user identity token when initiating the service request, and cannot decrypt the user identity token, which further increases the security of the user information.
In an example, the internet platform checks the first service request, and may use a local authentication (local) manner to verify whether the user identity token carried by the first service request is valid, for example, the internet platform may perform synchronous storage in the token database when returning the user identity token, so that when verifying whether the user identity token is valid, the user identity token stored in the token database may be compared with the user identity token carried by the first service request, and if the user identity token stored in the token database is a user token whose user identity token carried by the first service request is consistent, it may be determined that the user identity token carried by the first service request is valid. And checking the first service request, and determining whether the service content of the first service request is matched with the service authority corresponding to the user identity token. For example, when the internet platform stores the user identity token, the service authority corresponding to the user is synchronously stored, and when the user identity token is valid, the service content of the first service request and the service curve of the user can be compared to determine whether the service content and the service curve are matched.
In step S104, according to the result of the verification, the first web application is controlled to respond to the first service request.
In an example, in response to that the user identity token is valid and valid, and the service content of the first service request matches the service authority corresponding to the user identity token, controlling the first web application to process the service content, and returning response data to the browser; otherwise, controlling the first web application to return prompt information to the browser, wherein the prompt information is used for representing the verification result.
According to the embodiment, the first web application is controlled to respond to the first service request by receiving the first service request sent by the first web application through the authentication module, acquiring the user identity token in the first service request, verifying the first service request according to the user identity token, and finally controlling the first web application according to the verification result. The user identity token is obtained by logging in the internet platform by the second web application through the authentication module, and the first web application and the second web application are any one of a plurality of web applications corresponding to the internet platform, namely the identity token obtained by logging in the internet platform by any one web application can be carried in a service request by the web application or other web applications, so that the service request can be verified by the internet platform, the web application can respond to the service request, inconvenience caused by independent logging in of different application systems by each web application is avoided, and the service processing efficiency is improved; meanwhile, the information safety of the user can be protected by reducing the login times.
In some embodiments of the present disclosure, the second web application may enable the user to obtain the user identity token in a manner as shown in fig. 3, including steps S301 to S303.
In step S301, login information sent by the second web application through the authentication module is received, where the login information is prompted to be input by the user after the second web application receives the second service request without the user identity token.
The second service request may be generated by service content input by the user through the browser, for example, the service content may be input in an application interface of the second web application displayed by the browser. After the second service request is generated, the authentication module intercepts and checks whether the second service request has a user identity token, if the second service request carries the user identity token, the second service request is forwarded to an internet platform, if the second service request does not carry the user identity token, a login page is displayed in an application interface of a second web application function of the browser to prompt a user to log in, the user can generate login information through a user name and a password input by the browser, the login information is encrypted by a preset rule, the login information is intercepted by an intercepting unit in the authentication module after being generated and encrypted, and the forwarding unit of the authentication module sends the login information to the internet platform according to a destination address carried by the login information.
It should be noted that the encryption rule of the login information and the encryption rule of the user identity token may be the same or different.
In step S302, it is determined whether the login information is valid.
The internet platform can store user information of legal users in a user database, the user information can be generated or updated by a super service request of a super user, and the super user can be a manager of an enterprise and the like. Therefore, when the login information is verified, the user information stored in the user database and the user information in the login information can be compared, and if the user information consistent with the login information exists in the user information stored in the user database, the login information can be determined to be valid and effective. In addition, if the login information is encrypted after being generated, the login information needs to be decrypted by using a preset rule before determining whether the login information is legal and valid.
In step S303, in response to that the login information is valid, a user identity token is generated according to the login information, and the user identity token is returned to the user through the second web application.
Before returning to the user identity token, the user identity token can be encrypted according to a preset rule. When the user identity token is returned, the preset identifier can be returned to the user through the second web application. The encryption rule can decrypt the user identity token when receiving a service request carrying the user identity token; the preset identifier can be used for acquiring the user identity token when receiving a service request carrying the user identity token.
The user identity token and the preset identifier may be returned to the second web application through the authentication module to cause the second web application to return the user identity token and the preset identifier to the browser. The browser may store the user identity token after receiving the user identity token, for example, by storing the user identity token and the preset identifier in the browser in the form of a key-value pair through a set-cookie method of Http response. When a user inputs service content through a browser to generate a first service request, the service content, a user identity token and a preset identifier are used for generating the first service request.
In some embodiments of the present disclosure, the authentication method further includes the following management steps: firstly, receiving a super service request sent by a third web application through an authentication module, wherein the third web application is any one of the web applications; next, acquiring a super identity token in the super service request, wherein the super identity token is obtained after a super user registers on the internet platform through any one web application and authentication module; and finally, responding to the legality and validity of the super identity token, and adjusting user information, department information or application information stored in the Internet platform according to the service content of the super service request. The super user can be a manager of an enterprise, the manager can distribute the super user name plate after registering so as to be different from a common user, and the manager manages user information, department information and application information through a super service request, so that the management is convenient and reliable.
The embodiment combines the requirements of an industrial internet platform, realizes unified management authentication of users, can integrate a plurality of applications on the platform, and the users can access the application system authorized to be accessed by any single sign-on only by once login authentication, thereby avoiding frequent login switching, improving the working efficiency and improving the user experience. Meanwhile, in the product application development process, the development work of the user management authentication module can be reduced, and only the development work of the business process needs to be concentrated, so that the development progress is accelerated, and better production service is provided.
According to some embodiments of the present disclosure, there is provided an authentication apparatus applied to an internet platform, referring to fig. 4, which shows a schematic structural diagram of the apparatus, the apparatus including:
a receiving module 401, configured to receive a first service request sent by a first web application through an authentication module, where the first web application is any one of multiple web applications corresponding to the internet platform;
an obtaining module 402, configured to obtain a user identity token in the first service request, where the user identity token is obtained after a second web application logs in the internet platform through an authentication module, and the second web application is any one of the multiple web applications;
a verification module 403, configured to verify the first service request according to the user identity token;
a response module 404, configured to control, according to the result of the verification, the first web application to respond to the first service request.
According to some embodiments of the present disclosure, an authentication system is provided, referring to fig. 2, which shows a structure of the authentication system, including:
the system comprises a plurality of web applications 210, a plurality of authentication modules and a plurality of service modules, wherein the web applications are used for receiving service contents input by a user through a browser, generating a first service request according to the service contents and a user identity token in the browser, and sending the first service request to the authentication modules;
the authentication module 220 is configured to receive the first service request sent by the web application, and send the first service request to an internet platform;
the internet platform 230 is configured to receive the first service request sent by the authentication module, and control the corresponding web application to respond to the first service request according to a verification result of the user identity token in the first service request.
In some embodiments of the present disclosure, the web application is further configured to prompt the user to input login information after receiving a second service request without a user identity token, the second service request being input by the user through a browser, and receive the login information input by the user through the browser;
the authentication module is also used for receiving login information sent by the web application and sending the login information to the Internet platform;
the Internet platform is further used for receiving login information sent by the authentication module, generating a user identity token according to the login information under the condition that the login information is legal and effective, and returning the user identity token to the browser through the authentication module and the corresponding web application.
In some embodiments of the present disclosure, the authentication module is in the form of a plug-in; the authentication module comprises an interception unit and a forwarding unit, wherein the interception unit is used for intercepting information related to the Internet platform, and the forwarding unit is used for forwarding the information related to the Internet platform.
According to some embodiments of the present disclosure, there is provided an authentication system comprising:
the authentication module is used for receiving the first service request sent by the web application and sending the first service request to an internet platform;
and the internet platform is used for receiving the first service request sent by the authentication module and controlling the corresponding web application to respond to the first service request according to the verification result of the user identity token in the first service request.
With regard to the apparatus in the above embodiments, the specific manner in which each module and the network perform operations has been described in detail in the first aspect with respect to the embodiment of the method, and will not be described in detail here.
Referring to fig. 5, some embodiments of the present disclosure provide an electronic device comprising a memory for storing computer instructions executable on a processor, and a processor for performing device registration based on the method of the first aspect when executing the computer instructions.
Some embodiments of the present disclosure provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the method of the first aspect.
Various component embodiments of the disclosure may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof.
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless explicitly stated herein. Moreover, at least a portion of the steps in the flow chart of the figure may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
In this disclosure, the terms "first" and "second" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance. The term "plurality" means two or more unless expressly limited otherwise.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This disclosure is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It will be understood that the present disclosure is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.
Claims (18)
1. An authentication method applied to an internet platform, the method comprising:
receiving a first service request sent by a first web application through an authentication module, wherein the first web application is any one of a plurality of web applications corresponding to the internet platform;
acquiring a user identity token in the first service request, wherein the user identity token is obtained after a second web application logs in the internet platform through an authentication module, and the second web application is any one of the web applications;
checking the first service request according to the user identity token;
and controlling the first web application to respond to the first service request according to the checking result.
2. The authentication method according to claim 1, further comprising:
receiving login information sent by the second web application through an authentication module, wherein the login information is input by a user after the second web application receives a second service request without a user identity token;
determining whether the login information is legal and effective;
and responding to the fact that the login information is legal and effective, generating a user identity token according to the login information, and returning the user identity token to the user through the second web application.
3. The authentication method according to claim 2, wherein the first service request is intercepted by an interception unit in the authentication module, and is sent to the internet platform by a forwarding unit of the authentication module according to a destination address carried by the first service request; and/or the presence of a gas in the gas,
the second service request is intercepted by an intercepting unit in the authentication module; and/or the presence of a gas in the gas,
and intercepting the login information by an interception unit in the authentication module, and sending the login information to the Internet platform by a forwarding unit of the authentication module according to a destination address carried by the login information.
4. The authentication method of claim 2, wherein returning the user identity token to the user through the second web application comprises:
returning the user identity token and a preset identifier to the user through the second web application;
the obtaining the user identity token in the first service request includes:
and acquiring the user identity token from the first service request by using the preset identifier.
5. The authentication method according to claim 4, wherein the first service request is generated by service content input by a user through a browser; and/or the presence of a gas in the gas,
the second service request is generated by service content input by a user through a browser; and/or the presence of a gas in the gas,
the login information is generated by a user name and a password input by a user through a browser.
6. The authentication method according to claim 5, wherein the returning the user identity token and the preset identifier to the user through the second web application comprises:
returning the user identity token and the preset identifier to the second web application through the authentication module so that the second web application returns the user identity token and the preset identifier to the browser;
the first service request is generated by service content input by a user through a browser, and comprises the following steps:
the first service request is generated by service content input by a user through a browser, the user identity token in the browser and the preset identifier.
7. The authentication method of claim 5, wherein said determining whether said login information is valid comprises:
and if the user information consistent with the login information exists in the user information stored in the user database, determining that the login information is legal and effective.
8. The authentication method according to claim 7, wherein the verifying the first service request according to the user identity token comprises:
determining whether the user identity token is valid; and/or the presence of a gas in the gas,
and determining whether the service content of the first service request is matched with the service authority corresponding to the user identity token.
9. The authentication method of claim 8, wherein said determining whether said login information is valid further comprises:
decrypting the login information by using a preset rule; and/or the presence of a gas in the gas,
the verifying the first service request according to the user identity token further comprises:
and decrypting the user identity token by using a preset rule.
10. The authentication method according to claim 1 or 8, wherein the controlling the first web application to respond to the first service request according to the result of the check comprises:
responding to the user identity token is legal and valid, and the service content of the first service request is matched with the service authority corresponding to the user identity token, controlling the first web application to process the service content, and returning response data to the browser;
otherwise, controlling the first web application to return prompt information to the browser, wherein the prompt information is used for representing the verification result.
11. The authentication method according to claim 1, further comprising:
receiving a super service request sent by a third web application through an authentication module, wherein the third web application is any one of the plurality of web applications;
acquiring a super identity token in the super service request, wherein the super identity token is obtained after a super user registers on the Internet platform through any one web application and authentication module;
and responding to the legality and validity of the super identity token, and adjusting user information, department information or application information stored in the Internet platform according to the service content of the super service request.
12. An authentication apparatus, applied to an internet platform, the apparatus comprising:
the system comprises a receiving module, a processing module and a processing module, wherein the receiving module is used for receiving a first service request sent by a first web application through an authentication module, and the first web application is any one of a plurality of web applications corresponding to the internet platform;
an obtaining module, configured to obtain a user identity token in the first service request, where the user identity token is obtained after a second web application logs in the internet platform through an authentication module, and the second web application is any one of the multiple web applications;
the verification module is used for verifying the first service request according to the user identity token;
and the response module is used for controlling the first web application to respond to the first service request according to the verification result.
13. An authentication system, comprising:
the system comprises a plurality of web applications, a plurality of authentication modules and a plurality of service modules, wherein the web applications are used for receiving service contents input by a user through a browser, generating a first service request according to the service contents and a user identity token in the browser and sending the first service request to the authentication modules;
the authentication module is used for receiving the first service request sent by the web application and sending the first service request to an internet platform;
and the internet platform is used for receiving the first service request sent by the authentication module and controlling the corresponding web application to respond to the first service request according to the verification result of the user identity token in the first service request.
14. The authentication system of claim 13, wherein the web application is further configured to prompt the user to enter login information after receiving a second service request without a user identity token, the second service request being input by the user through a browser, and to receive the login information input by the user through the browser;
the authentication module is also used for receiving login information sent by the web application and sending the login information to the Internet platform;
the Internet platform is further used for receiving login information sent by the authentication module, generating a user identity token according to the login information under the condition that the login information is legal and effective, and returning the user identity token to the browser through the authentication module and the corresponding web application.
15. The authentication system according to claim 13 or 14, wherein the authentication module is in the form of a plug-in; the authentication module comprises an interception unit and a forwarding unit, wherein the interception unit is used for intercepting information related to the Internet platform, and the forwarding unit is used for forwarding the information related to the Internet platform.
16. An authentication system, comprising:
the authentication module is used for receiving a first service request sent by a web application and sending the first service request to an Internet platform;
and the internet platform is used for receiving the first service request sent by the authentication module and controlling the corresponding web application to respond to the first service request according to the verification result of the user identity token in the first service request.
17. An electronic device, characterized in that the device comprises a memory for storing computer instructions executable on a processor, the processor being adapted to implement the method of any of claims 1 to 11 when executing the computer instructions.
18. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the method of any one of claims 1 to 11.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110680646.9A CN113297562A (en) | 2021-06-18 | 2021-06-18 | Authentication method, device, system, electronic equipment and storage medium |
| PCT/CN2022/079103 WO2022262322A1 (en) | 2021-06-18 | 2022-03-03 | Authentication method, apparatus and system, electronic device, and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110680646.9A CN113297562A (en) | 2021-06-18 | 2021-06-18 | Authentication method, device, system, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113297562A true CN113297562A (en) | 2021-08-24 |
Family
ID=77328860
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110680646.9A Pending CN113297562A (en) | 2021-06-18 | 2021-06-18 | Authentication method, device, system, electronic equipment and storage medium |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN113297562A (en) |
| WO (1) | WO2022262322A1 (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114513350A (en) * | 2022-02-08 | 2022-05-17 | 中国农业银行股份有限公司 | Identity verification method, system and storage medium |
| WO2022262322A1 (en) * | 2021-06-18 | 2022-12-22 | 京东方科技集团股份有限公司 | Authentication method, apparatus and system, electronic device, and storage medium |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117354010B (en) * | 2023-10-10 | 2024-08-13 | 天翼数字生活科技有限公司 | Authentication method, system and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102457376A (en) * | 2010-10-29 | 2012-05-16 | 中兴通讯股份有限公司 | Method and system for uniformly authenticating cloud computing services |
| CN105847220A (en) * | 2015-01-14 | 2016-08-10 | 北京神州泰岳软件股份有限公司 | Authentication method and system, and service platform |
| CN110417730A (en) * | 2019-06-17 | 2019-11-05 | 平安科技(深圳)有限公司 | The unified access method and relevant device of multiple utility program |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104378376B (en) * | 2014-11-18 | 2019-02-26 | 深圳中兴网信科技有限公司 | Single-point logging method, certificate server and browser based on SOA |
| EP3334115B1 (en) * | 2016-12-07 | 2019-10-09 | Swisscom AG | User authentication based on token |
| CN110730171A (en) * | 2019-10-10 | 2020-01-24 | 北京东软望海科技有限公司 | Service request processing method, device and system, electronic equipment and storage medium |
| CN113297562A (en) * | 2021-06-18 | 2021-08-24 | 北京中祥英科技有限公司 | Authentication method, device, system, electronic equipment and storage medium |
-
2021
- 2021-06-18 CN CN202110680646.9A patent/CN113297562A/en active Pending
-
2022
- 2022-03-03 WO PCT/CN2022/079103 patent/WO2022262322A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102457376A (en) * | 2010-10-29 | 2012-05-16 | 中兴通讯股份有限公司 | Method and system for uniformly authenticating cloud computing services |
| CN105847220A (en) * | 2015-01-14 | 2016-08-10 | 北京神州泰岳软件股份有限公司 | Authentication method and system, and service platform |
| CN110417730A (en) * | 2019-06-17 | 2019-11-05 | 平安科技(深圳)有限公司 | The unified access method and relevant device of multiple utility program |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2022262322A1 (en) * | 2021-06-18 | 2022-12-22 | 京东方科技集团股份有限公司 | Authentication method, apparatus and system, electronic device, and storage medium |
| CN114513350A (en) * | 2022-02-08 | 2022-05-17 | 中国农业银行股份有限公司 | Identity verification method, system and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2022262322A1 (en) | 2022-12-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113297562A (en) | Authentication method, device, system, electronic equipment and storage medium | |
| CN114679293A (en) | Access control method, device and storage medium based on zero trust security | |
| CN112202705A (en) | Digital signature verification generation and verification method and system | |
| CN107347068A (en) | Single-point logging method and system, electronic equipment | |
| CN102271124A (en) | Data processing equipment and data processing method | |
| US10257171B2 (en) | Server public key pinning by URL | |
| JP6572750B2 (en) | Authentication control program, authentication control device, and authentication control method | |
| CN114900338A (en) | Encryption and decryption method, device, equipment and medium | |
| CN112532599B (en) | Dynamic authentication method, device, electronic equipment and storage medium | |
| US10700865B1 (en) | System and method for granting secure access to computing services hidden in trusted computing environments to an unsecure requestor | |
| CN112688773A (en) | Token generation and verification method and device | |
| CN110826049B (en) | Single sign-on implementation system based on intelligent enterprise portal | |
| US20130086388A1 (en) | Credentials management | |
| CN113949566B (en) | Resource access method, device, electronic equipment and medium | |
| Selvamani et al. | A review on cloud data security and its mitigation techniques | |
| CN111737232A (en) | Database management method, system, device, equipment and computer storage medium | |
| Chae et al. | A study on secure user authentication and authorization in OAuth protocol | |
| CN110008727B (en) | Encryption sensitive parameter processing method and device, computer equipment and storage medium | |
| US20230262045A1 (en) | Secure management of a robotic process automation environment | |
| CN114268487A (en) | Authority control method and device based on industrial identification node | |
| CN110830493B (en) | Single sign-on implementation method based on intelligent enterprise portal | |
| CN114861144A (en) | Data authority processing method based on block chain | |
| KR20150115332A (en) | Access control managemnet apparatus and method for open service components | |
| CN102427461B (en) | Method and system for realizing Web service application security | |
| US10116665B2 (en) | Secured distributed computing across multiple firewalls |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |