CN113765676B - Interface access control method based on multiple identities of user and related equipment - Google Patents

Interface access control method based on multiple identities of user and related equipment Download PDF

Info

Publication number
CN113765676B
CN113765676B CN202111095935.9A CN202111095935A CN113765676B CN 113765676 B CN113765676 B CN 113765676B CN 202111095935 A CN202111095935 A CN 202111095935A CN 113765676 B CN113765676 B CN 113765676B
Authority
CN
China
Prior art keywords
user
enterprise
login
identifier
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111095935.9A
Other languages
Chinese (zh)
Other versions
CN113765676A (en
Inventor
余松
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An International Smart City Technology Co Ltd
Original Assignee
Ping An International Smart City Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An International Smart City Technology Co Ltd filed Critical Ping An International Smart City Technology Co Ltd
Priority to CN202111095935.9A priority Critical patent/CN113765676B/en
Publication of CN113765676A publication Critical patent/CN113765676A/en
Application granted granted Critical
Publication of CN113765676B publication Critical patent/CN113765676B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention relates to the technical field of information security, and discloses an interface access control method based on multiple identities of a user and related equipment, which are used for supporting flexible configuration and flexible switching of the identities of the user. The interface access control method based on the multiple identities of the user comprises the following steps: extracting user login identity information from a user multi-identity login request; carrying out identity verification on the user login identity information, and determining that the user successfully logs in the target enterprise application program when the verification result is that the verification is successful; acquiring user enterprise identity information based on a target user identifier and an application identifier to be accessed, and setting a security identifier according to the target user identifier and the user enterprise identity information; and carrying out interface annotation identification and authentication processing on the enterprise service interface access request through a preset interceptor, and sending service response data to the target terminal, wherein the enterprise service interface access request carries a security identifier. Furthermore, the present invention relates to blockchain technology, and the security identifier may be stored in a blockchain node.

Description

Interface access control method based on multiple identities of user and related equipment
Technical Field
The invention relates to the technical field of access rules of information security, in particular to an interface access control method based on multiple identities of users and related equipment.
Background
Enterprise WeChat is taken as a popular software for enterprise office, a user can have multiple enterprise identities and can switch and adjust in the software, but no situation of customizing enterprise WeChat into other application programs exists at present, products (such as Tengxin class, internet cloud class and the like) oriented to C-end clients do not exist, and a scene that the user has multiple identities only has one natural person identity.
And the application terminal comprises adult vocational education facing the B-end and C-end client groups, with the development of business, enterprise clients are continuously increased, the user system is more and more complex, the user can be a natural person, can also have a plurality of enterprise identities, and the application programs which belong to the internal use of the enterprise company of the user are customized, and the application programs which are correspondingly used by each enterprise identity can be different. In the prior art, the flexibility of multi-identity access to enterprise services on the same application terminal through one user account is poor, so that the access efficiency of each enterprise training service is low.
Disclosure of Invention
The invention provides an interface access control method based on multiple identities of users and related equipment, which are used for supporting the flexible configuration and flexible switching of the identities of the users and improving the access efficiency of a user account to training services of enterprises on the same application terminal.
To achieve the above object, a first aspect of the present invention provides an interface access control method based on multiple identities of a user, including: acquiring a user multi-identity login request, and extracting user login identity information from the user multi-identity login request, wherein the user login identity information comprises a login account number, a login password and an application identifier to be accessed, and the application identifier to be accessed is used for indicating a target enterprise application accessed by a user; carrying out identity verification on the user login identity information to obtain a verification result, determining that the user successfully logs in the target enterprise application program when the verification result is that the verification is successful, and acquiring a target user identifier according to the user login identity information; acquiring user enterprise identity information based on the target user identifier and the application identifier to be accessed, setting a safety identifier according to the target user identifier and the user enterprise identity information, and returning the safety identifier to a target terminal; and acquiring an enterprise service interface access request, carrying out interface annotation identification and authentication processing on the enterprise service interface access request through a preset interceptor to obtain a processing result, and sending service response data to the target terminal according to the processing result, wherein the enterprise service interface access request carries a security identifier.
Optionally, in a first implementation manner of the first aspect of the present invention, the obtaining a user multi-identity login request, extracting user login identity information from the user multi-identity login request, where the user login identity information includes a login account, a login password, and an application identifier to be accessed, where the application identifier to be accessed is used to indicate a target enterprise application accessed by a user, and includes: receiving a user multi-identity login request sent by a target terminal, and carrying out parameter analysis on the user multi-identity login request to obtain a plurality of user identity ciphertext parameter values; and decrypting the plurality of user identity ciphertext parameter values according to a preset decryption algorithm to obtain user login identity information, wherein the user login identity information comprises a login account number, a login password and an application identifier to be accessed, and the application identifier to be accessed is used for indicating a target enterprise application program accessed by a user.
Optionally, in a second implementation manner of the first aspect of the present invention, the performing identity verification on the user login identity information to obtain a verification result, when the verification result is that verification is successful, determining that the user successfully logs in the target enterprise application program, and obtaining the target user identifier according to the user login identity information includes: searching a preset user account information table based on the login account in the user identity information to obtain a registered password; judging whether the login password in the user identity information is consistent with the registered password; if the login password in the user identity information is consistent with the registered password, determining that the verification result is successful in verification, and when the verification result is successful in verification, determining that the user successfully logs in the target enterprise application program; inquiring a preset user identity data table according to the login account, the login password and the application identification to be accessed to obtain inquiry data; when the query data is not null, reading a target user identification from the query data according to a preset identification field name; and when the query data is null, generating a target user identifier, and writing the target user identifier, the login account, the login password and the application identifier to be accessed into the preset user identity data table.
Optionally, in a third implementation manner of the first aspect of the present invention, the acquiring user enterprise identity information based on the target user identifier and the application identifier to be accessed, setting a security identifier according to the target user identifier and the user enterprise identity information, and returning the security identifier to the target terminal includes: setting the target user identifier as a target index value, and inquiring a preset employee data table according to the reverse order of the user login time based on the target index value to obtain an inquiry result; when the query result is not null, determining that the query result is user enterprise identity information, reading a user enterprise identity from the user enterprise identity information, and checking the user enterprise identity according to the application identity to be accessed and a preset enterprise information table to obtain a checking result; when the verification result is that verification is passed, setting the user enterprise identity and the target user identity as target values, and randomly distributing a security identifier to the target values, wherein the security identifier is a 32-bit character string; setting the security identifier as a target key, storing the target key and the target value in a preset memory database and a preset login data table, and returning the target key to a target terminal.
Optionally, in a fourth implementation manner of the first aspect of the present invention, the obtaining an enterprise service interface access request, performing interface annotation identification and authentication processing on the enterprise service interface access request through a preset interceptor to obtain a processing result, and sending service response data to the target terminal according to the processing result, where the enterprise service interface access request carries a security identifier, includes: receiving an enterprise business interface access request sent by the target terminal, wherein the enterprise business interface access request carries a security identifier and an interface identifier; intercepting and judging whether a service interface corresponding to the interface identifier is an annotated interface or not through a preset interceptor, wherein the annotated interface is an application program interface added with preset annotations in advance, and the preset annotations comprise login state authentication identifiers; if the service interface corresponding to the interface identifier is an annotated interface, reading the user enterprise identity information from the preset memory database according to the security identifier through a preset message queue; if the user enterprise identity information is not null, determining that the processing result is that the service interface authentication is successful, calling and executing interface logic corresponding to the service interface, and obtaining interface return data; and carrying out data encapsulation on the interface return data according to a preset data format to obtain service response data, recording the enterprise service interface access request and the service response data into a preset login log table, and sending the service response data to the target terminal.
Optionally, in a fifth implementation manner of the first aspect of the present invention, after the obtaining an enterprise service interface access request, performing interface annotation identification and authentication processing on the enterprise service interface access request through a preset interceptor to obtain a processing result, and sending service response data to the target terminal according to the processing result, where the enterprise service interface access request carries a security identifier, the user multi-identity-based interface access control method further includes: acquiring a switching identity request, and sending a plurality of application identifiers to be switched to the target terminal according to the switching identity request, wherein the application identifiers to be switched comprise the application identifiers to be accessed; and switching the business resource data to be accessed according to a target switching application identifier, and acquiring and caching new user enterprise identity information, wherein the business resource data to be accessed comprises the target enterprise application program, and the target switching application identifier belongs to the plurality of application identifiers to be switched.
Optionally, in a sixth implementation manner of the first aspect of the present invention, after the obtaining an enterprise service interface access request, performing interface annotation identification and authentication processing on the enterprise service interface access request through a preset interceptor to obtain a processing result, and sending service response data to the target terminal according to the processing result, where the enterprise service interface access request carries a security identifier, the user multi-identity-based interface access control method further includes: storing the enterprise service interface access request, the processing result and the service response data into a preset log record table; and analyzing the preset log record table and the preset login data table at fixed time to obtain a user multi-identity interface access report.
The second aspect of the present invention provides an interface access control device based on multiple identities of a user, comprising: the system comprises an acquisition module, a user login module and a user identification module, wherein the acquisition module is used for acquiring a user multi-identity login request, extracting user login identity information from the user multi-identity login request, wherein the user login identity information comprises a login account number, a login password and an application identification to be accessed, and the application identification to be accessed is used for indicating a target enterprise application program accessed by a user; the verification module is used for carrying out identity verification on the user login identity information to obtain a verification result, and when the verification result is that the verification is successful, determining that the user successfully logs in the target enterprise application program, and acquiring a target user identifier according to the user login identity information; the setting module is used for acquiring user enterprise identity information based on the target user identifier and the application identifier to be accessed, setting a safety identifier according to the target user identifier and the user enterprise identity information, and returning the safety identifier to the target terminal; the authentication module is used for acquiring an enterprise service interface access request, carrying out interface annotation identification and authentication processing on the enterprise service interface access request through a preset interceptor to obtain a processing result, and sending service response data to the target terminal according to the processing result, wherein the enterprise service interface access request carries a security identifier.
Optionally, in a first implementation manner of the second aspect of the present invention, the acquiring module is specifically configured to: receiving a user multi-identity login request sent by a target terminal, and carrying out parameter analysis on the user multi-identity login request to obtain a plurality of user identity ciphertext parameter values; and decrypting the plurality of user identity ciphertext parameter values according to a preset decryption algorithm to obtain user login identity information, wherein the user login identity information comprises a login account number, a login password and an application identifier to be accessed, and the application identifier to be accessed is used for indicating a target enterprise application program accessed by a user.
Optionally, in a second implementation manner of the second aspect of the present invention, the verification module is specifically configured to: searching a preset user account information table based on the login account in the user identity information to obtain a registered password; judging whether the login password in the user identity information is consistent with the registered password; if the login password in the user identity information is consistent with the registered password, determining that the verification result is successful in verification, and when the verification result is successful in verification, determining that the user successfully logs in the target enterprise application program; inquiring a preset user identity data table according to the login account, the login password and the application identification to be accessed to obtain inquiry data; when the query data is not null, reading a target user identification from the query data according to a preset identification field name; and when the query data is null, generating a target user identifier, and writing the target user identifier, the login account, the login password and the application identifier to be accessed into the preset user identity data table.
Optionally, in a third implementation manner of the second aspect of the present invention, the setting module is specifically configured to: setting the target user identifier as a target index value, and inquiring a preset employee data table according to the reverse order of the user login time based on the target index value to obtain an inquiry result; when the query result is not null, determining that the query result is user enterprise identity information, reading a user enterprise identity from the user enterprise identity information, and checking the user enterprise identity according to the application identity to be accessed and a preset enterprise information table to obtain a checking result; when the verification result is that verification is passed, setting the user enterprise identity and the target user identity as target values, and randomly distributing a security identifier to the target values, wherein the security identifier is a 32-bit character string; setting the security identifier as a target key, storing the target key and the target value in a preset memory database and a preset login data table, and returning the target key to a target terminal.
Optionally, in a fourth implementation manner of the second aspect of the present invention, the authentication module is specifically configured to: receiving an enterprise business interface access request sent by the target terminal, wherein the enterprise business interface access request carries a security identifier and an interface identifier; intercepting and judging whether a service interface corresponding to the interface identifier is an annotated interface or not through a preset interceptor, wherein the annotated interface is an application program interface added with preset annotations in advance, and the preset annotations comprise login state authentication identifiers; if the service interface corresponding to the interface identifier is an annotated interface, reading the user enterprise identity information from the preset memory database according to the security identifier through a preset message queue; if the user enterprise identity information is not null, determining that the processing result is that the service interface authentication is successful, calling and executing interface logic corresponding to the service interface, and obtaining interface return data; and carrying out data encapsulation on the interface return data according to a preset data format to obtain service response data, recording the enterprise service interface access request and the service response data into a preset login log table, and sending the service response data to the target terminal.
Optionally, in a fifth implementation manner of the second aspect of the present invention, the interface access control device based on multiple identities of a user further includes: the sending module is used for obtaining a switching identity request, and sending a plurality of application identifiers to be switched to the target terminal according to the switching identity request, wherein the application identifiers to be switched comprise the application identifiers to be accessed; and the caching module is used for switching the business resource data to be accessed according to the target switching application identifiers, acquiring and caching new user enterprise identity information, wherein the business resource data to be accessed comprises the target enterprise application program, and the target switching application identifiers belong to the plurality of application identifiers to be switched.
Optionally, in a sixth implementation manner of the second aspect of the present invention, the interface access control device based on multiple identities of a user further includes: the storage module is used for storing the enterprise service interface access request, the processing result and the service response data into a preset log record table; and the analysis module is used for analyzing the preset log record table and the preset login data table at regular time to obtain a user multi-identity interface access report.
A third aspect of the present invention provides an interface access control device based on multiple identities of a user, comprising: a memory and at least one processor, the memory having a computer program stored therein; the at least one processor invokes the computer program in the memory to cause the user multi-identity based interface access control device to perform the user multi-identity based interface access control method described above.
A fourth aspect of the present invention provides a computer readable storage medium having a computer program stored therein, which when run on a computer causes the computer to perform the above-described user multi-identity based interface access control method.
In the technical scheme provided by the invention, a user multi-identity login request is obtained, user login identity information is extracted from the user multi-identity login request, the user login identity information comprises a login account, a login password and an application identifier to be accessed, and the application identifier to be accessed is used for indicating a target enterprise application program accessed by a user; carrying out identity verification on the user login identity information to obtain a verification result, determining that the user successfully logs in the target enterprise application program when the verification result is that the verification is successful, and acquiring a target user identifier according to the user login identity information; acquiring user enterprise identity information based on the target user identifier and the application identifier to be accessed, setting a safety identifier according to the target user identifier and the user enterprise identity information, and returning the safety identifier to a target terminal; and acquiring an enterprise service interface access request, carrying out interface annotation identification and authentication processing on the enterprise service interface access request through a preset interceptor to obtain a processing result, and sending service response data to the target terminal according to the processing result, wherein the enterprise service interface access request carries a security identifier. In the embodiment of the invention, the identity verification is carried out on the user login identity information, when the verification result is that the verification is successful, the user is determined to successfully login the target enterprise application program, the safety identifier is set according to the target user identifier and the user enterprise identity information, the interface annotation identification and authentication processing are carried out on the enterprise service interface access request carrying the safety identifier through the preset interceptor, the service response data is obtained, the flexible configuration and flexible switching of the user identity are supported, and the access efficiency of one user account to each enterprise training service on the same application terminal is improved.
Drawings
FIG. 1 is a diagram of an embodiment of a method for controlling access to an interface based on multiple identities of a user according to an embodiment of the present invention;
FIG. 2 is a diagram of another embodiment of a method for controlling access to an interface based on multiple identities of a user according to an embodiment of the present invention;
FIG. 3 is a diagram of an embodiment of an interface access control device based on multiple identities of users according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of another embodiment of an interface access control device based on multiple identities of users according to an embodiment of the present invention;
Fig. 5 is a schematic diagram of an embodiment of an interface access control device based on multiple identities of a user according to an embodiment of the present invention.
Detailed Description
The embodiment of the invention provides an interface access control method based on multiple identities of a user and related equipment, which are used for supporting flexible configuration and flexible switching of the identities of the user and improving the access efficiency of a user account to training services of enterprises on the same application terminal.
The terms "first," "second," "third," "fourth" and the like in the description and in the claims and in the above drawings, if any, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments described herein may be implemented in other sequences than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed or inherent to such process, method, article, or apparatus.
For ease of understanding, a specific flow of an embodiment of the present invention is described below, referring to fig. 1, and an embodiment of a method for controlling access to an interface based on multiple identities of a user in the embodiment of the present invention includes:
101. The method comprises the steps of obtaining a user multi-identity login request, extracting user login identity information from the user multi-identity login request, wherein the user login identity information comprises a login account, a login password and an application identifier to be accessed, and the application identifier to be accessed is used for indicating a target enterprise application program accessed by a user.
The login account and the login password have one-to-one correspondence, and the login account and the login password have one-to-many correspondence with the application identifier to be accessed respectively. The login account may be a user phone number or a user mailbox address, or may be a user name or a user id card number, which is not limited herein. The user multi-identity login request is used to indicate a user having multiple enterprise identities, and the user is authorized to access multiple enterprise applications through the same login account and the same login password. Specifically, a server acquires a user multi-identity login request; the server extracts a plurality of user identity ciphertext parameter values from the user multi-identity login request according to a plurality of preset parameter names, and each user identity ciphertext parameter value is encrypted by a preset encryption algorithm; the server decrypts the multiple user identity ciphertext parameter values according to a preset decryption algorithm to obtain user login identity information, wherein the user login identity information comprises a login account number, a login password and an application identifier to be accessed, and the application identifier to be accessed is used for indicating a target enterprise application program accessed by a user. The preset encryption algorithm and the preset decryption algorithm are in inverse operation.
It is to be understood that the execution subject of the present invention may be an interface access control device based on multiple identities of a user, and may also be a terminal or a server, which is not limited herein. The embodiment of the invention is described by taking a server as an execution main body as an example.
102. And carrying out identity verification on the user login identity information to obtain a verification result, and when the verification result is that the verification is successful, determining that the user successfully logs in the target enterprise application program and acquiring a target user identifier according to the user login identity information.
Wherein the target user identification is a combination of one or more of numbers, letters, and/or punctuation marks. Specifically, the server judges whether the application identifier to be accessed exists in a preset application data table, if the application identifier to be accessed exists in the preset application data table, the server judges whether a login account number and a login password are correct, if the login account number and the login password are both correct, the server determines that the verification result is verification success, and the user successfully logs in the target enterprise application program, the server determines the target user identifier according to user login identity information and the preset user identity data table, and the preset user identity data table is used for storing information such as the user login account number, the login password, weChat and user nickname of user registration binding. The preset user identity data table is database_user. For example, a user logs in to a bird terminal, a server obtains a login account number of 133XXXX, a login password of XXXX, an application to be accessed is identified as zhiniao.Id, and the server checks whether the login account number and the login password are correct and whether the login account number and the login password are matched; if the user login identification information is matched with the user login identification information in the preset user identity data table, the server determines that the user successfully logs in the target enterprise application program.
103. And acquiring user enterprise identity information based on the target user identification and the application identification to be accessed, setting a security identifier according to the target user identification and the user enterprise identity information, and returning the security identifier to the target terminal.
The user enterprise identity information is stored in a preset employee data table. The preset employee data table is database_emp, and the table includes a target user identifier, an employee identifier, an enterprise identifier, and a phone number or a mail address, which is not limited herein. For example, the target user identification userId is useridxxx, employee identification empId is xia_a, and enterprise identification enterprise _id is ENTERPRISEID _a. The secure identifier is also a globally unique identifier. It should be noted that, when the user enterprise identity information is null, the server determines that the user is a natural person, and is not a user bound with the enterprise. Specifically, the server reads user enterprise identity information from a preset employee data table based on a target user identifier and an application identifier to be accessed, sets a safety identifier according to the target user identifier and the user enterprise identity information, returns the safety identifier to the target terminal, and has a one-to-one correspondence with the target user identifier and the user enterprise identity information. Further, the server stores the secure identifier in a blockchain database, as not limited herein.
104. And acquiring an enterprise service interface access request, carrying out interface annotation identification and authentication processing on the enterprise service interface access request through a preset interceptor to obtain a processing result, and sending service response data to a target terminal according to the processing result, wherein the enterprise service interface access request carries a security identifier.
Specifically, the server self-defines an interceptor according to a preset service requirement to obtain the preset interceptor, wherein the preset interceptor is used for checking whether the security identifier is valid or not. Further, the server checks comments on classes, functions or fields in the business interface corresponding to the business interface access request by the tool class AnnotationUtils to obtain a check result, judges whether the business interface checks the login state according to the check result, acquires a security identifier from the business interface access request if the business interface checks the login state, and inquires corresponding user enterprise identity information from a preset memory database according to the security identifier; if the user enterprise identity information is null, the server returns login error information, if the user enterprise identity information is not null, the server executes an enterprise service interface access request, processes the result, and sends service response data to the target terminal according to the processing result, wherein the enterprise service interface access request carries a security identifier.
In the embodiment of the invention, the identity verification is carried out on the user login identity information, when the verification result is that the verification is successful, the user is determined to successfully login the target enterprise application program, the safety identifier is set according to the target user identifier and the user enterprise identity information, the interface annotation identification and authentication processing are carried out on the enterprise service interface access request carrying the safety identifier through the preset interceptor, the service response data is obtained, the flexible configuration and flexible switching of the user identity are supported, and the access efficiency of one user account to each enterprise training service on the same application terminal is improved.
Referring to fig. 2, another embodiment of an interface access control method based on multiple identities of a user according to an embodiment of the present invention includes:
201. The method comprises the steps of obtaining a user multi-identity login request, extracting user login identity information from the user multi-identity login request, wherein the user login identity information comprises a login account, a login password and an application identifier to be accessed, and the application identifier to be accessed is used for indicating a target enterprise application program accessed by a user.
The target terminal comprises a bird-known mobile terminal and a bird-known personal computer PC terminal, and is used for providing professional education contents such as enterprise cultural access, enterprise business training system and the like for the B-end user group and the C-end user group. Optionally, the server receives a user multi-identity login request sent by the target terminal, and performs parameter analysis on the user multi-identity login request to obtain a plurality of user identity ciphertext parameter values; the server decrypts the multiple user identity ciphertext parameter values according to a preset decryption algorithm to obtain user login identity information, wherein the user login identity information comprises a login account number, a login password and an application identifier to be accessed, and the application identifier to be accessed is used for indicating a target enterprise application program accessed by a user.
Further, the server decrypts the plurality of user identity ciphertext parameter values through a digital signature algorithm, a hash algorithm, a symmetric encryption algorithm or an asymmetric encryption algorithm to obtain user login identity information, wherein the user login identity information comprises a login account number, a login password and an application identifier to be accessed, and the application identifier to be accessed is used for indicating a target enterprise application program accessed by a user.
202. And carrying out identity verification on the user login identity information to obtain a verification result, and when the verification result is that the verification is successful, determining that the user successfully logs in the target enterprise application program and acquiring a target user identifier according to the user login identity information.
The verification result comprises verification success and verification failure. Optionally, the server retrieves a preset user account information table based on the login account in the user identity information to obtain a registered password; the server judges whether the login password in the user identity information is consistent with the registered password or not, specifically, the server compares the login password in the user identity information with the registered password through a preset character string comparison function to obtain a comparison result; if the comparison result is not the preset value, the server determines that the login password in the user identity information is inconsistent with the registered password, and sends prompt information that the user login identity information is abnormal to the target terminal; if the comparison result is the preset value, the server determines that the login password in the user identity information is consistent with the registered password. If the login password in the user identity information is consistent with the registered password, the server determines that the verification result is successful in verification, and when the verification result is successful in verification, the server determines that the user successfully logs in the target enterprise application program; the server queries a preset user identity data table according to the login account, the login password and the application identifier to be accessed to obtain query data; when the query data is not null, the server reads the target user identification from the query data according to the preset identification field name; when the query data is null, the server generates a target user identifier, and writes the target user identifier, the login account, the login password and the application identifier to be accessed into a preset user identity data table.
It can be understood that the name of the identification field preset can be userId or user_id, which is not limited herein. The field value corresponding to the target user identifier may be userld_xxx, or may be a unique self-increasing identifier generated according to the received request timestamp and the application identifier to be accessed, which is not limited herein. The target user identity is used to indicate a unique identity assigned to each successfully logged-in user.
203. And acquiring user enterprise identity information based on the target user identification and the application identification to be accessed, setting a security identifier according to the target user identification and the user enterprise identity information, and returning the security identifier to the target terminal.
It should be noted that, the security identifier sil, the data generated by each login is stored in the login log table, and each sil corresponds to the identity information selected by the current user, for example, the login account number, the user enterprise identity identifier and/or the application identifier to be accessed; the user enterprise identity information corresponding to the user login target enterprise application program depends on the application identifier to be accessed and the enterprise (namely, the user enterprise identity identifier) selected to login by the user for the first time, if the application identifier to be accessed and the user enterprise identity identifier are correct, the user login uses the corresponding enterprise identity, otherwise, the target terminal login is displayed as a natural person. The preset memory database is a non-relational database, and may be a remote dictionary service rediss or a map, which is not limited herein. The server takes the redis as a cache, and the redis is a high-performance key-value database, so that the server stores user information stored by the sil in the redis, shortens the verification processing time, can cope with high concurrency distributed scenes, and ensures data consistency.
Optionally, the server sets the target user identifier as a target index value, and queries a preset employee data table according to the reverse order of the user login time based on the target index value to obtain a query result; when the query result is not null, the server determines that the query result is user enterprise identity information, reads user enterprise identity identification from the user enterprise identity information, and verifies the user enterprise identity identification according to the application identification to be accessed and a preset enterprise information table to obtain a verification result; when the verification result is that verification passes, the server sets the user enterprise identity and the target user identity as target values, and randomly distributes a security identifier to the target values, wherein the security identifier is a 32-bit character string; the server sets the security identifier as a target key, stores the target key and the target value in a preset memory database and a preset login data table, and returns the target key to the target terminal.
204. And acquiring an enterprise service interface access request, carrying out interface annotation identification and authentication processing on the enterprise service interface access request through a preset interceptor to obtain a processing result, and sending service response data to a target terminal according to the processing result, wherein the enterprise service interface access request carries a security identifier.
It should be noted that, the preset interceptor associates any information or any metadata with the elements in the target enterprise application through the custom annotation. annotion is an interface, the server obtains annotion object specifying the program element through reflection mechanism, and then the server obtains metadata for annotation pairs through annotion object. All enterprise business interfaces which can be accessed by users through login can be added with the custom annotation to realize logic separation, the enterprise business interfaces only concentrate on corresponding business realization, login check logics are uniformly processed, repeated codes are greatly reduced, and interface access efficiency is improved.
Optionally, the server receives an enterprise service interface access request sent by the target terminal, wherein the enterprise service interface access request carries a security identifier and an interface identifier; the server intercepts and judges whether a service interface corresponding to the interface identifier is an annotated interface through a preset interceptor, wherein the annotated interface is an application program interface added with preset annotations in advance, and the preset annotations comprise login state authentication identifiers; if the service interface corresponding to the interface identifier is an annotated interface, the server reads user enterprise identity information from a preset memory database according to the safety identifier through a preset message queue; if the user enterprise identity information is not null, the server determines that the processing result is that the service interface authentication is successful, and invokes and executes interface logic corresponding to the service interface to obtain interface return data; the server performs data encapsulation on the interface return data according to a preset data format to obtain service response data, records the enterprise service interface access request and the service response data into a preset log table, and sends the service response data to the target terminal.
205. And acquiring a switching identity request, and sending a plurality of application identifiers to be switched to the target terminal according to the switching identity request, wherein the application identifiers to be switched comprise application identifiers to be accessed.
Specifically, a server target terminal sends a switching identity request, and obtains a plurality of application identifiers to be switched based on the switching identity request, wherein the application identifiers to be switched comprise application identifiers to be accessed; and carrying out data encapsulation processing on the plurality of application identifiers to be switched to obtain encapsulated data, and calling a preset application interface by the server to send the encapsulated data to the target terminal.
206. And switching the business resource data to be accessed according to the target switching application identifier, and acquiring and caching new user enterprise identity information, wherein the business resource data to be accessed comprises target enterprise application programs, and the target switching application identifier belongs to a plurality of application identifiers to be switched.
It can be understood that the target terminal receives the encapsulated data and performs data analysis on the encapsulated data to obtain a plurality of application identifiers to be switched; and the target terminal receives the switching operation of the user, obtains the target switching application identifier and sends the target switching application identifier to the server. After the server performs verification processing on the target switching application identifier, service resource data to be accessed corresponding to the target switching application identifier is provided, the server acquires and caches new user enterprise identity information based on the target switching application identifier, the service resource data to be accessed comprises a target enterprise application program, and the target switching application identifier belongs to a plurality of application identifiers to be switched.
Further, the server stores the enterprise service interface access request, the processing result and the service response data into a preset log record table; the server analyzes a preset log record table and a preset login data table at regular time to obtain a user multi-identity interface access report. The user multi-identity interface access report is used for indicating the access condition of the user to different enterprise services on the same application terminal through the same user account after the user login is successful.
In the embodiment of the invention, the identity verification is carried out on the user login identity information, when the verification result is that the verification is successful, the user is determined to successfully login the target enterprise application program, the safety identifier is set according to the target user identifier and the user enterprise identity information, the interface annotation identification and authentication processing are carried out on the enterprise service interface access request carrying the safety identifier through the preset interceptor, the service response data is obtained, the flexible configuration and flexible switching of the user identity are supported, and the access efficiency of one user account to each enterprise training service on the same application terminal is improved.
The above describes the method for controlling the access to the interface based on the multiple identities of the user in the embodiment of the present invention, and the following describes the device for controlling the access to the interface based on the multiple identities of the user in the embodiment of the present invention, please refer to fig. 3, and one embodiment of the device for controlling the access to the interface based on the multiple identities of the user in the embodiment of the present invention includes:
The obtaining module 301 is configured to obtain a user multi-identity login request, extract user login identity information from the user multi-identity login request, where the user login identity information includes a login account, a login password, and an application identifier to be accessed, where the application identifier to be accessed is used to indicate a target enterprise application accessed by the user;
The verification module 302 is configured to perform identity verification on the user login identity information to obtain a verification result, determine that the user successfully logs in the target enterprise application program when the verification result is that the verification is successful, and obtain a target user identifier according to the user login identity information;
the setting module 303 is configured to obtain user enterprise identity information based on the target user identifier and the application identifier to be accessed, set a security identifier according to the target user identifier and the user enterprise identity information, and return the security identifier to the target terminal;
The authentication module 304 is configured to obtain an enterprise service interface access request, perform interface annotation identification and authentication processing on the enterprise service interface access request through a preset interceptor, obtain a processing result, and send service response data to the target terminal according to the processing result, where the enterprise service interface access request carries a security identifier.
Further, the secure identifier is stored in a blockchain database, and is not limited herein in particular.
In the embodiment of the invention, the identity verification is carried out on the user login identity information, when the verification result is that the verification is successful, the user is determined to successfully login the target enterprise application program, the safety identifier is set according to the target user identifier and the user enterprise identity information, the interface annotation identification and authentication processing are carried out on the enterprise service interface access request carrying the safety identifier through the preset interceptor, the service response data is obtained, the flexible configuration and flexible switching of the user identity are supported, and the access efficiency of one user account to each enterprise training service on the same application terminal is improved.
Referring to fig. 4, another embodiment of an interface access control device based on multiple identities of a user according to an embodiment of the present invention includes:
The obtaining module 301 is configured to obtain a user multi-identity login request, extract user login identity information from the user multi-identity login request, where the user login identity information includes a login account, a login password, and an application identifier to be accessed, where the application identifier to be accessed is used to indicate a target enterprise application accessed by the user;
The verification module 302 is configured to perform identity verification on the user login identity information to obtain a verification result, determine that the user successfully logs in the target enterprise application program when the verification result is that the verification is successful, and obtain a target user identifier according to the user login identity information;
the setting module 303 is configured to obtain user enterprise identity information based on the target user identifier and the application identifier to be accessed, set a security identifier according to the target user identifier and the user enterprise identity information, and return the security identifier to the target terminal;
The authentication module 304 is configured to obtain an enterprise service interface access request, perform interface annotation identification and authentication processing on the enterprise service interface access request through a preset interceptor, obtain a processing result, and send service response data to the target terminal according to the processing result, where the enterprise service interface access request carries a security identifier.
Optionally, the obtaining module 301 may be further specifically configured to:
Receiving a user multi-identity login request sent by a target terminal, and carrying out parameter analysis on the user multi-identity login request to obtain a plurality of user identity ciphertext parameter values;
And decrypting the plurality of user identity ciphertext parameter values according to a preset decryption algorithm to obtain user login identity information, wherein the user login identity information comprises a login account number, a login password and an application identifier to be accessed, and the application identifier to be accessed is used for indicating a target enterprise application accessed by the user.
Optionally, the verification module 302 may be further specifically configured to:
searching a preset user account information table based on a login account in the user identity information to obtain a registered password;
Judging whether the login password in the user identity information is consistent with the registered password;
if the login password in the user identity information is consistent with the registered password, determining that the verification result is successful, and when the verification result is successful, determining that the user successfully logs in the target enterprise application program;
Inquiring a preset user identity data table according to the login account, the login password and the application identification to be accessed to obtain inquiry data;
when the query data is not null, reading a target user identification from the query data according to a preset identification field name;
And when the query data is null, generating a target user identifier, and writing the target user identifier, the login account, the login password and the application identifier to be accessed into a preset user identity data table.
Optionally, the setting module 303 may be further specifically configured to:
Setting a target user identifier as a target index value, and inquiring a preset employee data table according to the reverse order of the user login time based on the target index value to obtain an inquiry result;
When the query result is not null, determining that the query result is user enterprise identity information, reading user enterprise identity identification from the user enterprise identity information, and checking the user enterprise identity identification according to the application identification to be accessed and a preset enterprise information table to obtain a check result;
when the verification result is that the verification is passed, setting the user enterprise identity and the target user identity as target values, and randomly distributing a security identifier to the target values, wherein the security identifier is a 32-bit character string;
setting the security identifier as a target key, storing the target key and the target value in a preset memory database and a preset login data table, and returning the target key to the target terminal.
Optionally, the authentication module 304 may be further specifically configured to:
Receiving an enterprise service interface access request sent by a target terminal, wherein the enterprise service interface access request carries a security identifier and an interface identifier;
Intercepting and judging whether a service interface corresponding to the interface identifier is an annotated interface through a preset interceptor, wherein the annotated interface is an application program interface added with preset annotations in advance, and the preset annotations comprise login state authentication identifiers;
If the service interface corresponding to the interface identifier is an annotated interface, reading user enterprise identity information from a preset memory database according to the safety identifier through a preset message queue;
If the user enterprise identity information is not null, determining that the processing result is that the service interface authentication is successful, calling and executing interface logic corresponding to the service interface, and obtaining interface return data;
And carrying out data encapsulation on the interface return data according to a preset data format to obtain service response data, recording the enterprise service interface access request and the service response data into a preset log-in table, and sending the service response data to the target terminal.
Optionally, the interface access control device based on multiple identities of the user further includes:
a sending module 305, configured to obtain a handover identity request, send a plurality of application identifiers to be handed over to a target terminal according to the handover identity request, where the plurality of application identifiers to be handed over include application identifiers to be accessed;
The caching module 306 is configured to switch the service resource data to be accessed according to a target switching application identifier, obtain and cache new user enterprise identity information, where the service resource data to be accessed includes a target enterprise application program, and the target switching application identifier belongs to a plurality of application identifiers to be switched.
Optionally, the interface access control device based on multiple identities of the user further includes:
The storage module 307 is configured to store the enterprise service interface access request, the processing result, and the service response data into a preset log record table;
the analysis module 308 is configured to analyze the preset log record table and the preset login data table at regular time to obtain a user multi-identity interface access report.
In the embodiment of the invention, the identity verification is carried out on the user login identity information, when the verification result is that the verification is successful, the user is determined to successfully login the target enterprise application program, the safety identifier is set according to the target user identifier and the user enterprise identity information, the interface annotation identification and authentication processing are carried out on the enterprise service interface access request carrying the safety identifier through the preset interceptor, the service response data is obtained, the flexible configuration and flexible switching of the user identity are supported, and the access efficiency of one user account to each enterprise training service on the same application terminal is improved.
Fig. 3 and fig. 4 above describe the user multi-identity based interface access control device in the embodiment of the present invention in detail from the viewpoint of modularization, and the user multi-identity based interface access control device in the embodiment of the present invention is described in detail from the viewpoint of hardware processing below.
Fig. 5 is a schematic structural diagram of a user multi-identity based interface access control device 500 according to an embodiment of the present invention, where the user multi-identity based interface access control device 500 may have relatively large differences due to configuration or performance, and may include one or more processors (central processing units, CPU) 510 (e.g., one or more processors) and memory 520, one or more storage media 530 (e.g., one or more mass storage devices) storing application programs 533 or data 532. Wherein memory 520 and storage medium 530 may be transitory or persistent storage. The program stored on the storage medium 530 may include one or more modules (not shown), each of which may include a series of computer program operations in the user-multi-identity based interface access control device 500. Still further, the processor 510 may be arranged to communicate with the storage medium 530 to perform a series of computer program operations in the storage medium 530 on the user multi-identity based interface access control device 500.
The user multi-identity based interface access control device 500 may also include one or more power supplies 540, one or more wired or wireless network interfaces 550, one or more input output interfaces 560, and/or one or more operating systems 531, such as Windows Serve, mac OS X, unix, linux, freeBSD, and the like. It will be appreciated by those skilled in the art that the configuration of the user multi-identity based interface access control device shown in fig. 5 does not constitute a limitation of the user multi-identity based interface access control device, and may include more or less components than illustrated, or may combine certain components, or may be a different arrangement of components.
The present invention also provides a computer readable storage medium, which may be a non-volatile computer readable storage medium, and may also be a volatile computer readable storage medium, in which a computer program is stored, which when run on a computer causes the computer to perform the steps of the user multi-identity based interface access control method.
The invention also provides an interface access control device based on the user multi-identity, which comprises a memory and a processor, wherein the memory stores a computer program, and the computer program is executed by the processor to cause the processor to execute the steps of the interface access control method based on the user multi-identity in the above embodiments.
Further, the computer-readable storage medium may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created from the use of blockchain nodes, and the like.
The blockchain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, consensus mechanism, encryption algorithm and the like. The blockchain (Blockchain), essentially a de-centralized database, is a string of data blocks that are generated in association using cryptographic methods, each of which contains information from a batch of network transactions for verifying the validity (anti-counterfeit) of its information and generating the next block. The blockchain may include a blockchain underlying platform, a platform product services layer, an application services layer, and the like.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, which are not repeated herein.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in whole or in part in the form of a software product stored in a storage medium, comprising a number of computer programs for causing a computer device (which may be a personal computer, a terminal, a network device, etc.) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a read-only memory (ROM), a random access memory (random access memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (10)

1. The interface access control method based on the multiple identities of the user is characterized by comprising the following steps of:
Acquiring a user multi-identity login request, and extracting user login identity information from the user multi-identity login request, wherein the user login identity information comprises a login account, a login password and an application identifier to be accessed, the application identifier to be accessed is used for indicating a target enterprise application accessed by a user, and the user has a plurality of enterprise identities;
Carrying out identity verification on the user login identity information to obtain a verification result, determining that the user successfully logs in the target enterprise application program when the verification result is that the verification is successful, and acquiring a target user identifier according to the user login identity information;
Acquiring user enterprise identity information based on the target user identifier and the application identifier to be accessed, setting a safety identifier according to the target user identifier and the user enterprise identity information, and returning the safety identifier to a target terminal, wherein the safety identifier is stored in a blockchain database;
And acquiring an enterprise service interface access request, carrying out interface annotation identification and authentication processing on the enterprise service interface access request through a preset interceptor to obtain a processing result, and sending service response data to the target terminal according to the processing result, wherein the enterprise service interface access request carries a security identifier.
2. The method for controlling access to an interface based on multiple identities of a user according to claim 1, wherein the obtaining a multiple-identity login request of the user extracts user login identity information from the multiple-identity login request of the user, the user login identity information including a login account, a login password, and an application identifier to be accessed, the application identifier to be accessed being used for indicating a target enterprise application accessed by the user, and the method comprises:
receiving a user multi-identity login request sent by a target terminal, and carrying out parameter analysis on the user multi-identity login request to obtain a plurality of user identity ciphertext parameter values;
and decrypting the plurality of user identity ciphertext parameter values according to a preset decryption algorithm to obtain user login identity information, wherein the user login identity information comprises a login account number, a login password and an application identifier to be accessed, and the application identifier to be accessed is used for indicating a target enterprise application program accessed by a user.
3. The method for controlling access to an interface based on multiple identities of a user according to claim 1, wherein the step of performing authentication on the user login identity information to obtain an authentication result, and when the authentication result is that authentication is successful, determining that the user successfully logs in to the target enterprise application, and obtaining the target user identifier according to the user login identity information includes:
Searching a preset user account information table based on a login account in the user login identity information to obtain a registered password;
judging whether a login password in the user login identity information is consistent with the registered password;
If the login password in the user login identity information is consistent with the registered password, determining that the verification result is successful in verification, and when the verification result is successful in verification, determining that the user successfully logs in the target enterprise application program;
Inquiring a preset user identity data table according to the login account, the login password and the application identification to be accessed to obtain inquiry data;
when the query data is not null, reading a target user identification from the query data according to a preset identification field name;
and when the query data is null, generating a target user identifier, and writing the target user identifier, the login account, the login password and the application identifier to be accessed into the preset user identity data table.
4. The method for controlling access to an interface based on multiple identities of a user according to claim 1, wherein the steps of obtaining user enterprise identity information based on the target user identity and the application identity to be accessed, setting a security identifier according to the target user identity and the user enterprise identity information, and returning the security identifier to a target terminal include:
Setting the target user identifier as a target index value, and inquiring a preset employee data table according to the reverse order of the user login time based on the target index value to obtain an inquiry result;
When the query result is not null, determining that the query result is user enterprise identity information, reading a user enterprise identity from the user enterprise identity information, and checking the user enterprise identity according to the application identity to be accessed and a preset enterprise information table to obtain a checking result;
When the verification result is that verification is passed, setting the user enterprise identity and the target user identity as target values, and randomly distributing a security identifier to the target values, wherein the security identifier is a 32-bit character string;
Setting the security identifier as a target key, storing the target key and the target value in a preset memory database and a preset login data table, and returning the target key to a target terminal.
5. The method for controlling access to an interface based on multiple identities of a user according to claim 4, wherein the obtaining an access request of an enterprise service interface, performing interface annotation identification and authentication processing on the access request of the enterprise service interface through a preset interceptor, obtaining a processing result, and sending service response data to the target terminal according to the processing result, where the access request of the enterprise service interface carries a security identifier, includes:
receiving an enterprise business interface access request sent by the target terminal, wherein the enterprise business interface access request carries a security identifier and an interface identifier;
Intercepting and judging whether a service interface corresponding to the interface identifier is an annotated interface or not through a preset interceptor, wherein the annotated interface is an application program interface added with preset annotations in advance, and the preset annotations comprise login state authentication identifiers;
If the service interface corresponding to the interface identifier is an annotated interface, reading the user enterprise identity information from the preset memory database according to the security identifier through a preset message queue;
if the user enterprise identity information is not null, determining that the processing result is that the service interface authentication is successful, calling and executing interface logic corresponding to the service interface, and obtaining interface return data;
And carrying out data encapsulation on the interface return data according to a preset data format to obtain service response data, recording the enterprise service interface access request and the service response data into a preset login log table, and sending the service response data to the target terminal.
6. The method for controlling access to an interface based on multiple identities of a user according to any one of claims 1 to 5, wherein after the obtaining of the access request of the business interface, the interface annotation identification and authentication process are performed on the access request of the business interface through a preset interceptor, a processing result is obtained, and service response data is sent to the target terminal according to the processing result, and after the security identifier is carried in the access request of the business interface, the method for controlling access to an interface based on multiple identities of a user further comprises:
Acquiring a switching identity request, and sending a plurality of application identifiers to be switched to the target terminal according to the switching identity request, wherein the application identifiers to be switched comprise the application identifiers to be accessed;
And switching the business resource data to be accessed according to a target switching application identifier, and acquiring and caching new user enterprise identity information, wherein the business resource data to be accessed comprises the target enterprise application program, and the target switching application identifier belongs to the plurality of application identifiers to be switched.
7. The method for controlling access to an interface based on multiple identities of a user according to any one of claims 1 to 5, wherein after the obtaining of the access request of the business interface, the interface annotation identification and authentication process are performed on the access request of the business interface through a preset interceptor, a processing result is obtained, and service response data is sent to the target terminal according to the processing result, and after the security identifier is carried in the access request of the business interface, the method for controlling access to an interface based on multiple identities of a user further comprises:
storing the enterprise service interface access request, the processing result and the service response data into a preset log record table;
and analyzing the preset log record table and the preset login data table at fixed time to obtain a user multi-identity interface access report.
8. An interface access control device based on multiple identities of users, characterized in that the interface access control device based on multiple identities of users comprises:
The system comprises an acquisition module, a user identification module and a user identification module, wherein the acquisition module is used for acquiring a user multi-identity login request, extracting user login identity information from the user multi-identity login request, wherein the user login identity information comprises a login account number, a login password and an application identification to be accessed, the application identification to be accessed is used for indicating a target enterprise application program accessed by a user, and the user has a plurality of enterprise identities;
The verification module is used for carrying out identity verification on the user login identity information to obtain a verification result, and when the verification result is that the verification is successful, determining that the user successfully logs in the target enterprise application program, and acquiring a target user identifier according to the user login identity information;
The setting module is used for acquiring user enterprise identity information based on the target user identifier and the application identifier to be accessed, setting a safety identifier according to the target user identifier and the user enterprise identity information, returning the safety identifier to the target terminal, and storing the safety identifier in a blockchain database;
the authentication module is used for acquiring an enterprise service interface access request, carrying out interface annotation identification and authentication processing on the enterprise service interface access request through a preset interceptor to obtain a processing result, and sending service response data to the target terminal according to the processing result, wherein the enterprise service interface access request carries a security identifier.
9. An interface access control device based on multiple identities of a user, the interface access control device based on multiple identities of a user comprising: a memory and at least one processor, the memory having a computer program stored therein;
The at least one processor invoking the computer program in the memory to cause the user multi-identity based interface access control device to perform the user multi-identity based interface access control method of any of claims 1-7.
10. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the user multi-identity based interface access control method according to any one of claims 1-7.
CN202111095935.9A 2021-09-18 2021-09-18 Interface access control method based on multiple identities of user and related equipment Active CN113765676B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111095935.9A CN113765676B (en) 2021-09-18 2021-09-18 Interface access control method based on multiple identities of user and related equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111095935.9A CN113765676B (en) 2021-09-18 2021-09-18 Interface access control method based on multiple identities of user and related equipment

Publications (2)

Publication Number Publication Date
CN113765676A CN113765676A (en) 2021-12-07
CN113765676B true CN113765676B (en) 2024-05-24

Family

ID=78796361

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111095935.9A Active CN113765676B (en) 2021-09-18 2021-09-18 Interface access control method based on multiple identities of user and related equipment

Country Status (1)

Country Link
CN (1) CN113765676B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114239015B (en) * 2021-12-15 2024-06-07 成都飞机工业(集团)有限责任公司 Data security management method and device, data cloud platform and storage medium

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101426009A (en) * 2007-10-31 2009-05-06 中国移动通信集团公司 Identity management platform, service server, uniform login system and method
CN107277038A (en) * 2017-07-18 2017-10-20 北京微影时代科技有限公司 Access control method, device and system
CN107643927A (en) * 2016-07-20 2018-01-30 中兴通讯股份有限公司 A kind of united portal method, apparatus and system
CN109286633A (en) * 2018-10-26 2019-01-29 深圳市华云中盛科技有限公司 Single sign-on method, device, computer equipment and storage medium
CN109639723A (en) * 2019-01-10 2019-04-16 深圳市买买提信息科技有限公司 A kind of micro services access method and server based on ERP system
CN110582769A (en) * 2019-07-11 2019-12-17 深圳市鹰硕技术有限公司 single-account multi-identity login method, device, server and storage medium
CN110784450A (en) * 2019-09-24 2020-02-11 云深互联(北京)科技有限公司 Single sign-on method and device based on browser
CN112597472A (en) * 2021-03-03 2021-04-02 北京视界云天科技有限公司 Single sign-on method, device and storage medium
CN112615849A (en) * 2020-12-15 2021-04-06 平安科技(深圳)有限公司 Micro-service access method, device, equipment and storage medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050240763A9 (en) * 2001-08-06 2005-10-27 Shivaram Bhat Web based applications single sign on system and method

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101426009A (en) * 2007-10-31 2009-05-06 中国移动通信集团公司 Identity management platform, service server, uniform login system and method
CN107643927A (en) * 2016-07-20 2018-01-30 中兴通讯股份有限公司 A kind of united portal method, apparatus and system
CN107277038A (en) * 2017-07-18 2017-10-20 北京微影时代科技有限公司 Access control method, device and system
CN109286633A (en) * 2018-10-26 2019-01-29 深圳市华云中盛科技有限公司 Single sign-on method, device, computer equipment and storage medium
CN109639723A (en) * 2019-01-10 2019-04-16 深圳市买买提信息科技有限公司 A kind of micro services access method and server based on ERP system
CN110582769A (en) * 2019-07-11 2019-12-17 深圳市鹰硕技术有限公司 single-account multi-identity login method, device, server and storage medium
CN110784450A (en) * 2019-09-24 2020-02-11 云深互联(北京)科技有限公司 Single sign-on method and device based on browser
CN112615849A (en) * 2020-12-15 2021-04-06 平安科技(深圳)有限公司 Micro-service access method, device, equipment and storage medium
CN112597472A (en) * 2021-03-03 2021-04-02 北京视界云天科技有限公司 Single sign-on method, device and storage medium

Also Published As

Publication number Publication date
CN113765676A (en) 2021-12-07

Similar Documents

Publication Publication Date Title
US11582040B2 (en) Permissions from entities to access information
US10135796B2 (en) Masking and unmasking data over a network
US20220343017A1 (en) Provision of risk information associated with compromised accounts
US7496954B1 (en) Single sign-on system and method
US9473568B2 (en) Detecting code injections through cryptographic methods
CN107645486B (en) login authentication method and device
US8739265B2 (en) System and method of sort-order preserving tokenization
US8196189B2 (en) Simple, secure login with multiple authentication providers
US5706427A (en) Authentication method for networks
US7725944B2 (en) Matching session records of network users with corresponding transaction data
CN111291043A (en) Identification value query method, identification resolution server and storage medium
JP4470069B2 (en) Input assist device, input assist system, input assist method, and input assist program
US20090164795A1 (en) System and method for providing program credentials
AU2013100802A4 (en) Device authentication using inter-person message metadata
US20210349988A1 (en) Systems and methods for decentralized recovery of identity attributes
CN105516059B (en) A kind of resource access control method and device
CN112380575B (en) Multiparty electronic signature synthesis method, device, equipment and storage medium
CN114218322B (en) Data display method, device, equipment and medium based on ciphertext transmission
CN107169094A (en) information aggregation method and device
JP2012164031A (en) Data processor, data storage device, data processing method, data storage method and program
US20080163191A1 (en) System and method for file transfer management
CN111770072B (en) Method and device for accessing function page through single sign-on
EP2702723B1 (en) System and method for data obfuscation in interception of communication with a cloud
CN113765676B (en) Interface access control method based on multiple identities of user and related equipment
US6968373B1 (en) System, computer program, and method for network resource inventory

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant