CN114567460A - Identity authentication method of ESB port to access system - Google Patents
Identity authentication method of ESB port to access system Download PDFInfo
- Publication number
- CN114567460A CN114567460A CN202210113306.2A CN202210113306A CN114567460A CN 114567460 A CN114567460 A CN 114567460A CN 202210113306 A CN202210113306 A CN 202210113306A CN 114567460 A CN114567460 A CN 114567460A
- Authority
- CN
- China
- Prior art keywords
- esb
- token
- service
- consumption system
- interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 238000012795 verification Methods 0.000 claims abstract description 51
- 238000012545 processing Methods 0.000 claims abstract description 25
- 230000003014 reinforcing effect Effects 0.000 claims description 5
- 230000002159 abnormal effect Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000006978 adaptation Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 230000010354 integration Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to an identity authentication method of an ESB port to an access system, which is used for performing security authentication between a consumption system, a service system, a preposition center and the ESB port in a bank and comprises the following steps: issuing tokens for a consumption system and a service system regularly through an ESB (enterprise service bus); when a consumption system requests an ESB, the request is attached to a token, the ESB unpacks the request to acquire the token for verification after receiving the request, meanwhile, the ESB synchronously verifies whether the consumption system has the access right of a current interface, a service interface based on a front center feeds back a response message to the consumption system after the verification is passed, and the consumption system executes subsequent processing; when the ESB requests the service of the service system, a token for identity identification is added to the ESB, the service system verifies the ESB request based on the token, the service system executes subsequent processing after the verification is passed, a response message is fed back to the consumption system after the verification is failed, and the consumption system executes the subsequent processing. Compared with the prior art, the invention has the advantages of high safety, flexible control and the like.
Description
Technical Field
The invention relates to the technical field of ESB access identity authentication, in particular to an identity authentication method of an ESB port to an access system.
Background
The concept of Enterprise Service Bus (ESB) has evolved from a Service Oriented Architecture (SOA). The SOA is a service-oriented architecture, and emphasizes that an architecture of software, a relatively stable structure for supporting software operation, and the surface meaning is the same, and the SOA is a concept for solving system integration through service integration. The method is not a specific technology and is a strategy and idea in nature. The ESB is an enterprise service bus, like a pipe, for connecting the nodes. In order to integrate services of different systems and different protocols, the ESB performs the work of message conversion, interpretation, routing and the like, so that different services are interconnected and intercommunicated.
In the financial business industry, particularly in the aspect of banks, each system completes cross-system service calling through an ESB (enterprise service bus), when a consumption system is accessed, a system identifier is added in a message header for identity marking, and the ESB judges whether the access is legal or not through the comparison of the system identifier and an accessed port. However, the mapping relationship between the current access system and the port corresponding to the access ESB is easily leaked, so that other terminals can still illegally request the ESB through the simulation request message. Therefore, how to solve the leakage of the ESB port and further ensure the security of accessing the system through the ESB port is an urgent problem to be solved at present.
Disclosure of Invention
The present invention aims to overcome the defects of the prior art and provide a safe and flexible method for authenticating the identity of an ESB port to an access system.
The purpose of the invention can be realized by the following technical scheme:
an identity authentication method of ESB port to access system is used to carry out security authentication between consumption system, service system, preposition center and ESB port in bank, the method includes:
issuing tokens for a consumption system and a service system regularly through an ESB;
when a consumption system requests an ESB, the request is attached to a token, the ESB unpacks the request to acquire the token for verification after receiving the request, meanwhile, the ESB synchronously verifies whether the consumption system has the access right of a current interface, a service interface based on a front center feeds back a response message to the consumption system after the verification is passed, and the consumption system executes subsequent processing;
when the ESB requests the service of the service system, a token for identity identification is added to the ESB, the service system verifies the ESB request based on the token, the service system executes subsequent processing after the verification is passed, a response message is fed back to the consumption system after the verification is failed, and the consumption system executes the subsequent processing.
Further, the specific steps of issuing tokens for the consumption system and the service system regularly through the ESB comprise:
101) setting an issuing period of an ESB (enterprise service bus) timed issuing token, and generating the token according to a consumption system and a service system;
102) storing the generated token to Redis, and setting the validity period of the token;
103) the ESB issues a token to a consumption system and a service system and updates the token; the consumption system and the service system receive the token and update the token, and simultaneously store the updated token;
104) the ESB judges whether the token is successfully issued, if so, the ESB finishes the process and waits for the next issuing period to execute the token issuing; and if the issuing fails, performing reissue, and issuing once every minute in the issuing period until the issuing is successful or the next issuing period is reached.
Further, in step 102), the valid period of Redis is set to the length of two issuance periods.
Further, when the consumption system requests the ESB, the specific content of the token request is as follows:
firstly, judging whether a consumption system designates a security reinforcing interface with an ESB, if so, inquiring a token, then placing the token in a token field domain newly added by an ESB message, organizing an AXML message, and requesting the ESB based on the AXML message.
Further, after the ESB receives the token-attached consumption system request, the specific identity authentication step includes:
201) after receiving a token attaching request of a consumption system, the ESB firstly judges whether an interface corresponding to the consumption system is a specified security reinforced interface, and if so, executes step 202); if not, executing step 204);
202) disassembling the message, judging whether the consumption system has the right to access the interface, if so, acquiring a token uploaded by the consumption system, and then executing step 203); otherwise, organizing the response message of the unauthorized access interface, and executing the step 206 after returning to the consumption system);
203) the ESB inquires whether a token of a consumption system sending a request in the Redis exists or not, verifies the existing token, and if the verification is passed, executes the step 204); if the verification fails, organizing a token verification failure response message, and returning the message to the consumption system to execute the step 206);
204) the front center is connected with the ESB through a front center interface, and the ESB organizes the fixed-length message according to the front center interface specification and requests the service of the front center;
205) ESB obtains the response message of the front center through the front center interface, and after the AXML response message is organized according to the response message of the front center, the AXML response message is returned to the consumption system;
206) And the consumption system receives the response message of the ESB for subsequent processing.
Further, when the ESB requests a service of the service system, the specific identity authentication step includes:
301) judging whether a consumption system designates a security reinforcing interface with an ESB, if so, inquiring a token, then placing the token into a token field domain newly added by an ESB message, organizing an AXML message, and requesting the ESB based on the AXML message;
302) after receiving the request, the ESB first determines whether the interface corresponding to the consuming system is a designated security hardened interface, and if so, executes step 303); if not, go to step 305);
303) disassembling the message, judging whether the consumption system has the right to access the interface, if so, acquiring a token uploaded by the consumption system and then executing step 304); otherwise, organizing the response message of the unauthorized access interface, and executing step 307) after returning to the consumption system;
304) the ESB inquires whether a token of a consumption system sending a request in the Redis exists or not, verifies the existing token, and if the verification is passed, executes the step 305); if the verification fails, organizing a token verification failure response message, and returning the message to the consumption system to execute step 307);
305) the ESB acquires a token of the request service system, then connects a service interface of the service system and sends the token to the service system;
306) The service system verifies whether the token sent by the ESB is valid through the connected service interface, if the token is passed through the verification, the subsequent processing is carried out and a processing result is returned to the ESB, the ESB organizes an AXML response message according to the service response message of the service system, and after the AXML response message is returned to the consumption system, the step 307 is executed); if the verification fails, returning a token verification failure message to the ESB, and after the ESB organizes a token verification failure response message and returns to the consumption system, executing the step 307);
307) and the consumption system receives the response message of the ESB and carries out subsequent processing.
Compared with the prior art, the identity authentication method of the ESB port to the access system provided by the invention at least comprises the following beneficial effects:
1) the invention reinforces the authentication control of the access system to the request of the access system and the ESB port, and the identity authentication based on the ESB can avoid the leakage problem of the ESB port; by issuing an identity token (encrypted transmission) for the consuming system, the authentication of the identity to the access system is enforced by the identity token;
2) the ESB can flexibly control the automatic issuing and updating of the token through the management page, can close the identity verification switch at any time according to abnormal conditions, is flexible to control, and can further ensure the normal calling of the service.
Drawings
FIG. 1 is a schematic diagram of a token issuance flow in an identity authentication method of an ESB port to an access system in an embodiment;
FIG. 2 is a schematic diagram of token verification flow of a front center in an identity authentication method of an ESB port to an access system in an embodiment;
fig. 3 is a schematic diagram illustrating a token verification process of a service system in an identity authentication method of an ESB port to an access system in an embodiment.
Detailed Description
The invention is described in detail below with reference to the figures and the specific embodiments. It should be apparent that the described embodiments are only some of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, shall fall within the scope of protection of the present invention.
Examples
The invention relates to an identity authentication method of an ESB port to an access system, which is used for correcting security vulnerabilities among a consumption system, a service system, a front center and the ESB port in a bank. The consumption system, the service system, the preposition center and the ESB port are all connected through an http protocol.
The consumption system is used for being accessed as a service consumer, and realizes service addressing routing, load balancing, service safety and interface adaptation. The service system is used for being taken as the output of a service provider, and realizing service registration and release, interface adaptation, service safety management, service quality guarantee, flow control, overtime processing and the like. The front center is used for realizing management of a consuming system, a service system and an ESB, and realizing management of service release, service registration, service addressing and the like.
The method adopts a token verification mode as a solution for the ESB terminal to request the system to access the identity authentication, and the main improvement thought is as follows: the method comprises the steps that an ESB issues tokens for associated systems regularly (each system issues different tokens and comprises a consumption system and a service system), the consumption system carries a token request when requesting the ESB, the ESB unpacks and acquires the tokens for verification after receiving the request, and meanwhile, the ESB synchronously verifies whether the system has access authority of a current interface (only the interface related to safety improvement is used for strong access authority control), and subsequent processing can be carried out by a verification passing party; and when the ESB requests the service of the service system, adding an ESB identity identification token and verifying by the service system. The present embodiment takes the service system as a member payment platform as an example for explanation.
In the present invention, the token validation scheme comprises two parts: token issuing and token verifying, wherein a service system related to the interface comprises a head office and a member payment system, and the process of transaction request token verifying is divided into two processing processes, namely a head office interface and a member payment interface. The detailed scheme is as follows:
in the invention, token tokens are uniformly maintained by an ESB platform and are issued and updated regularly, and the specific issuing processing flow of token tokens is shown in FIG. 1. The method comprises the following steps:
a1, setting an ESB (enterprise service bus) timing issuing period of the token, and generating the token according to the correlation system.
a2, storing the generated token to Redis, and setting the validity period of the token; preferably, the effective period of Redis set to the length of two issue periods.
a3, the ESB issues a token to a consumption system and a member payment platform (service system) and updates; the consumption system and the member payment platform receive the token and update, and simultaneously store the updated token.
a4, the ESB verifies whether the token is successfully issued, if so, the method is finished, and the token issuing of the next issuing period is waited; and if the issuing is failed, performing additional issuing, namely issuing again, wherein the issuing is performed once per minute in the issuing period until the issuing is successful or the next issuing period is finished.
In this embodiment, the front center is a front center of a bank head office (hereinafter referred to as head office), and in the present invention, an interface token verification process between the head office and an ESB is shown in fig. 2, and includes:
b1, judging whether the consumption system appoints a security reinforcing interface with the ESB, if so, inquiring the token, then placing the token in a token field domain newly added by the ESB message, organizing the AXML message, and requesting the ESB based on the AXML message.
b2, after receiving the request, the ESB firstly judges whether the interface corresponding to the consumption system is the appointed safety reinforced interface, if yes, the step b3 is executed; if not, step b5 is executed.
b3, disassembling the message, judging whether the consuming system has the right to access the interface, if so, acquiring a token uploaded by the consuming system, and then executing the step b 4; otherwise, organizing the response message of the unauthorized access interface, and executing the step b7 after returning to the requesting system (consuming system).
b4, the ESB inquires whether a token of the consumption system exists in the Redis, verifies the existing token, and if the verification is passed, executes the step b 5; if the verification fails, the token verification failure response message is organized, and after the message is returned to the requesting system (consuming system), step b7 is executed.
b5, front head of the head office is connected with ESB through head office service interface, ESB organizes fixed length message according to head office service interface specification and requests head office service.
b6, ESB obtains the head office response message through the head office service interface, organizes the AXML response message according to the head office response message, and then returns the message to the request system, namely the consumption system.
b7, the consuming system receives the response message of the ESB to carry out subsequent processing.
In this embodiment, the interface token verification process between the member payment platform and the ESB is shown in fig. 3, and includes:
c1, judging whether the consumption system appoints a security reinforcing interface with the ESB, if so, inquiring the token, then placing the token in a token field domain newly added by the ESB message, organizing the AXML message, and requesting the ESB based on the AXML message.
c2, after receiving the request, the ESB firstly judges whether the interface corresponding to the consumption system is the appointed safety reinforced interface, if yes, the step c3 is executed; if not, step c5 is executed.
c3, disassembling the message, judging whether the consuming system has the right to access the interface, if so, acquiring a token uploaded by the consuming system, and then executing the step c 4; otherwise, organizing the response message of the unauthorized access interface, and executing the step c7 after returning to the requesting system (consuming system).
c4, the ESB inquires whether a token of the consumption system exists in the Redis, verifies the existing token, and if the verification is passed, executes the step c 5; if the verification fails, the token verification failure response message is organized, and after the message is returned to the requesting system (consuming system), step c7 is executed.
c5, the ESB acquires the token of the requesting member payment platform, then connects the member payment service interface of the member payment platform and sends the token to the member payment platform.
c6, the member payment platform verifies whether the token sent by the ESB is valid through the connected member payment service interface, and verifies the valid token. If the verification is passed, performing subsequent processing and returning a processing result to the ESB; the ESB organizes the AXML response message according to the member payment response message, and executes step c7 after returning to the requesting system (consuming system). If the verification fails, returning a token verification failure message to the ESB, and after the ESB organizes a token verification failure response message and returns to the request system (consumption system), executing the step c 7.
c7, the consuming system receives the response message of the ESB to carry out subsequent processing.
In conclusion, the authentication control of the access system is reinforced based on the identity authentication of the ESB, and the problem of leakage of an ESB end port can be avoided; an identity token (encrypted transmission) is issued for consumption, by means of which identity authentication to the access system is enforced. The ESB can flexibly control the issuance of the token through the management page and can close the authentication switch at any time according to abnormal conditions.
Based on the identity authentication of the ESB, the access control of the ESB service to an access system is enhanced; the Token can be automatically distributed and managed, and the ESB can monitor and realize automatic distribution and updating of the Token. The invention also enables a flexible access control switch: and the token verification switch can be flexibly closed under the abnormal condition, so that the normal calling of the service is ensured.
While the invention has been described with reference to specific embodiments, the invention is not limited thereto, and those skilled in the art can easily conceive of various equivalent modifications or substitutions within the technical scope of the invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (6)
1. An identity authentication method of an ESB port to an access system is used for carrying out security authentication between a consumption system, a service system, a front center and the ESB port in a bank, and is characterized by comprising the following steps:
issuing tokens for a consumption system and a service system regularly through an ESB (enterprise service bus);
when a consumption system requests an ESB, the request is attached to a token, the ESB unpacks the request to acquire the token for verification after receiving the request, meanwhile, the ESB synchronously verifies whether the consumption system has the access right of a current interface, a service interface based on a front center feeds back a response message to the consumption system after the verification is passed, and the consumption system executes subsequent processing;
when the ESB requests the service of the service system, a token for identity identification is added to the ESB, the service system verifies the ESB request based on the token, the service system executes subsequent processing after the verification is passed, a response message is fed back to the consumption system after the verification is failed, and the consumption system executes the subsequent processing.
2. The method for authenticating the identity of the access system through the ESB port as recited in claim 1, wherein the specific step of issuing tokens for the consumption system and the service system periodically through the ESB comprises:
101) setting an issuing period of an ESB (enterprise service bus) timed issuing token, and generating the token according to a consumption system and a service system;
102) storing the generated token to Redis, and setting the validity period of the token;
103) the ESB issues a token to a consumption system and a service system and updates the token; the consumption system and the service system receive the token and update the token, and simultaneously store the updated token;
104) the ESB judges whether the token is successfully issued, if so, the ESB finishes the process and waits for the next issuing period to execute the token issuing; and if the issuing fails, performing reissue, and issuing once every minute in the issuing period until the issuing is successful or the next issuing period is reached.
3. The method for authenticating the identity of the access system through the ESB port as claimed in claim 2, wherein in the step 102), the effective period of Redis is set to be the length of two issuing periods.
4. The method for authenticating the identity of an ESB port to an access system according to claim 1, wherein the specific content of the token request attached when the consumption system requests the ESB is as follows:
Firstly, judging whether a consumption system designates a security reinforced interface between the consumption system and an ESB (enterprise service bus), if so, inquiring a token, then placing the token into a token field domain newly added by an ESB message, organizing an AXML message, and requesting the ESB based on the AXML message.
5. The method of claim 4, wherein after the ESB receives the token-attached consumption system request, the specific authentication step comprises:
201) after receiving a token attaching request of a consumption system, the ESB firstly judges whether an interface corresponding to the consumption system is a specified security reinforced interface, and if so, executes step 202); if not, executing step 204);
202) disassembling the message, judging whether the consumption system has the right to access the interface, if so, acquiring a token uploaded by the consumption system, and then executing step 203); otherwise, organizing the response message of the unauthorized access interface, and executing the step 206 after returning to the consumption system);
203) the ESB inquires whether a token of a consumption system sending a request in the Redis exists or not, verifies the existing token, and if the verification is passed, executes the step 204); if the verification fails, organizing a token verification failure response message, and returning the message to the consumption system to execute the step 206);
204) The front center is connected with the ESB through a front center interface, and the ESB organizes the fixed-length message according to the front center interface specification and requests the service of the front center;
205) ESB obtains the response message of the front center through the front center interface, and after the AXML response message is organized according to the response message of the front center, the AXML response message is returned to the consumption system;
206) and the consumption system receives the response message of the ESB and carries out subsequent processing.
6. The method of claim 1, wherein when the ESB requests the service of the service system, the specific authentication step comprises:
301) judging whether a consumption system designates a security reinforcing interface with an ESB, if so, inquiring a token, then placing the token into a token field domain newly added by an ESB message, organizing an AXML message, and requesting the ESB based on the AXML message;
302) after receiving the request, the ESB first determines whether the interface corresponding to the consuming system is a designated security hardened interface, and if so, executes step 303); if not, go to step 305);
303) disassembling the message, judging whether the consumption system has the right to access the interface, if so, acquiring a token uploaded by the consumption system and then executing step 304); otherwise, organizing the response message of the unauthorized access interface, and executing step 307) after returning to the consumption system;
304) The ESB queries whether a token of a consumption system sending a request in Redis exists or not, verifies the existing token, and if the verification is passed, executes step 305); if the verification fails, organizing a token verification failure response message, and executing the step 307 after returning the message to the consumption system);
305) the ESB acquires a token of the request service system, then connects a service interface of the service system and sends the token to the service system;
306) the service system verifies whether the token sent by the ESB is valid through the connected service interface, if the token is passed through the verification, the subsequent processing is carried out and a processing result is returned to the ESB, the ESB organizes an AXML response message according to the service response message of the service system, and after the AXML response message is returned to the consumption system, the step 307 is executed); if the verification fails, returning a token verification failure message to the ESB, and after the ESB organizes a token verification failure response message and returns to the consumption system, executing the step 307);
307) and the consumption system receives the response message of the ESB and carries out subsequent processing.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210113306.2A CN114567460A (en) | 2022-01-30 | 2022-01-30 | Identity authentication method of ESB port to access system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210113306.2A CN114567460A (en) | 2022-01-30 | 2022-01-30 | Identity authentication method of ESB port to access system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114567460A true CN114567460A (en) | 2022-05-31 |
Family
ID=81714420
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210113306.2A Pending CN114567460A (en) | 2022-01-30 | 2022-01-30 | Identity authentication method of ESB port to access system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114567460A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102739405A (en) * | 2012-07-06 | 2012-10-17 | 深圳市远行科技有限公司 | Authentication method for service-orientated architecture service costumer |
| CN106612246A (en) * | 2015-10-21 | 2017-05-03 | 星际空间(天津)科技发展有限公司 | Unified authentication method for simulation identity |
| CN111639327A (en) * | 2020-05-29 | 2020-09-08 | 深圳前海微众银行股份有限公司 | Authentication method and device for open platform |
| CN112822080A (en) * | 2020-12-31 | 2021-05-18 | 中国人寿保险股份有限公司上海数据中心 | Bus system based on SOA architecture |
-
2022
- 2022-01-30 CN CN202210113306.2A patent/CN114567460A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102739405A (en) * | 2012-07-06 | 2012-10-17 | 深圳市远行科技有限公司 | Authentication method for service-orientated architecture service costumer |
| CN106612246A (en) * | 2015-10-21 | 2017-05-03 | 星际空间(天津)科技发展有限公司 | Unified authentication method for simulation identity |
| CN111639327A (en) * | 2020-05-29 | 2020-09-08 | 深圳前海微众银行股份有限公司 | Authentication method and device for open platform |
| CN112822080A (en) * | 2020-12-31 | 2021-05-18 | 中国人寿保险股份有限公司上海数据中心 | Bus system based on SOA architecture |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107483509B (en) | A kind of auth method, server and readable storage medium storing program for executing | |
| CN101582762B (en) | Method and system for identity authentication based on dynamic password | |
| CN102638454B (en) | Plug-in type SSO (single signon) integration method oriented to HTTP (hypertext transfer protocol) identity authentication protocol | |
| CN108197913B (en) | Payment method, system and computer readable storage medium based on block chain | |
| CN101582764B (en) | Method and system for identity authentication based on dynamic password | |
| CN101183932B (en) | Security identification system of wireless application service and login and entry method thereof | |
| CN102067145B (en) | Obtaining digital identities or tokens through independent endpoint resolution | |
| CN110781476A (en) | Flexible micro-service security access control method and system | |
| CN107294916B (en) | Single-point logging method, single-sign-on terminal and single-node login system | |
| CN110474863B (en) | Micro-service security authentication method and device | |
| CN101594232B (en) | Authentication method for dynamic password, system and corresponding authentication device | |
| CN110049048B (en) | Data access method, equipment and readable medium for government affair public service | |
| CN101582763B (en) | Method and system for identity authentication based on dynamic password | |
| CN111030812A (en) | Token verification method, device, storage medium and server | |
| CN101582886A (en) | Method and system for identity authentication based on dynamic password | |
| KR20100038990A (en) | Apparatus and method of secrity authenticate in network authenticate system | |
| CN113676452B (en) | Replay attack resisting method and system based on one-time key | |
| CN113992408B (en) | Multi-system unified login information processing method and system | |
| KR20090095940A (en) | System and Method for Non-faced Financial Transaction by Using Verification of Transaction Step and Program Recording Medium | |
| CN114567460A (en) | Identity authentication method of ESB port to access system | |
| CN116996305A (en) | Multi-level security authentication method, system, equipment, storage medium and entry gateway | |
| KR100639992B1 (en) | Security apparatus for distributing client module and method thereof | |
| CN114022150B (en) | Resource transfer method, device, electronic equipment and storage medium | |
| CN110635915A (en) | High-concurrency digital certificate registration management method based on multiple CA | |
| CN111369246B (en) | Calling authentication method and device of intelligent contract, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |