CN115473732A - Method, device, equipment and storage medium for sharing Web application account - Google Patents

Method, device, equipment and storage medium for sharing Web application account Download PDF

Info

Publication number
CN115473732A
CN115473732A CN202211103318.3A CN202211103318A CN115473732A CN 115473732 A CN115473732 A CN 115473732A CN 202211103318 A CN202211103318 A CN 202211103318A CN 115473732 A CN115473732 A CN 115473732A
Authority
CN
China
Prior art keywords
user
operation log
real
web application
account
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211103318.3A
Other languages
Chinese (zh)
Inventor
丁龙
孙悦
郭晓鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Trusfort Technology Co ltd
Original Assignee
Beijing Trusfort Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Trusfort Technology Co ltd filed Critical Beijing Trusfort Technology Co ltd
Priority to CN202211103318.3A priority Critical patent/CN115473732A/en
Publication of CN115473732A publication Critical patent/CN115473732A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The utility model provides a method, a device and a storage medium for sharing Web application account, which comprises the steps of obtaining the real-name login request information of a user, wherein the real-name login request information comprises the real-name identification information of the user to be verified and a target shared account; and when the user to be verified is determined to be a preset authorized user, skipping a Web application page corresponding to the target shared account, and recording an operation log of the user, so that account real-name login and account operation real-name audit of Web application are realized, the safety problem in the Web application account sharing process is solved, and the safety of sharing and using Web application accounts is obviously improved.

Description

Method, device, equipment and storage medium for sharing Web application account
Technical Field
The disclosure relates to the technical field of internet, and in particular, to a method, an apparatus, a device and a storage medium for sharing a Web application account.
Background
The Web application program is an application program which can be accessed through the Web, and has the greatest advantage that a user can access the Web application program through any browser without installing other software.
With the wide popularization of internet technology, users can apply for accounts of any platform on the Web and open membership rights to use privileged digital resources on the platform. To improve account utilization, multiple users often share the same account. In addition, no matter the work entrustment or the privilege account sharing is realized by sharing the account password, the account password is easy to leak, the real user corresponding to the account login operation cannot be audited, and higher potential safety hazards exist.
Disclosure of Invention
The disclosure provides a method, a device, equipment and a storage medium for sharing a Web application account, so as to at least solve the technical problems in the prior art.
According to a first aspect of the present disclosure, a method for sharing a Web application account is provided, including:
acquiring real-name login request information of a user, wherein the real-name login request information comprises real-name identification information of the user to be verified and a target shared account;
and when the user to be verified is determined to be a preset authorized user, skipping a Web application page corresponding to the target shared account, and recording an operation log of the user.
In an implementation manner, when it is determined that the user to be authenticated is a preset authorized user, jumping to the Web application page corresponding to the target shared account includes:
intercepting the real-name login request information by adopting a Web plug-in;
judging whether the user to be verified is a preset authorized user or not through the Web plug-in;
and when the user to be authenticated is determined to be a preset authorized user, logging in a Web application page corresponding to the target shared account through a single sign-on protocol set by the Web plug-in.
In an embodiment, before the recording the operation log of the user, the method further includes:
constructing an operation log database;
establishing an association relation among the target shared account, the real-name identification information of the preset authorized user and an operation log unit corresponding to the preset authorized user through the operation log database;
correspondingly, the recording the operation log of the user includes:
and acquiring the operation log of the user through the Web plug-in, and recording the operation log into an operation log unit under a corresponding preset authorized user name in the operation log database.
In an embodiment, after the building the operation log database, the method further includes:
acquiring real-name identification information of a preset authorized user authorized by the target shared account;
and storing the real-name identification information of the preset authorized user into the operation log database.
In an embodiment, after the recording the operation log of the user, the method further includes:
carrying out risk analysis on the operation log of the user through the Web plug-in;
and if the operation log of the user has risks, intercepting or warning according to the operation log of the user.
In one embodiment, the real name identification information includes one of: two-dimensional code information, face recognition information and a mobile phone number; the single sign-on protocol comprises one of: oauth protocol, oid protocol, SAML protocol, cas protocol, and JWT protocol.
According to a second aspect of the present disclosure, an apparatus for sharing a Web application account is provided, including:
the system comprises a request receiving module, a target sharing account number obtaining module and a verification module, wherein the request receiving module is used for obtaining real-name login request information of a user, and the real-name login request information comprises real-name identification information and the target sharing account number of the user to be verified;
and the log recording module is used for skipping the Web application page corresponding to the target shared account and recording an operation log of the user when the user to be verified is determined to be a preset authorized user.
In an implementation manner, the logging module is specifically configured to:
intercepting the real-name login request information by adopting a Web plug-in;
judging whether the user to be verified is a preset authorized user or not through the Web plug-in;
and when the user to be authenticated is determined to be a preset authorized user, logging in a Web application page corresponding to the target shared account through a single sign-on protocol set by the Web plug-in.
In one embodiment, the apparatus further comprises:
the database construction module is used for constructing an operation log database before the operation log of the user is recorded; establishing an association relation among the target shared account, the real-name identification information of the preset authorized user and an operation log unit corresponding to the preset authorized user through the operation log database;
correspondingly, the logging module is specifically configured to: and acquiring the operation log of the user through the Web plug-in, and recording the operation log into an operation log unit under a corresponding preset authorized user name in the operation log database.
In an implementation manner, the logging module is further specifically configured to:
acquiring real-name identification information of a preset authorized user authorized by the target shared account;
and storing the real name identification information of the preset authorized user into the operation log database.
In one embodiment, the apparatus further comprises:
the risk module is used for carrying out risk analysis on the operation log of the user through the Web plug-in after the operation log of the user is recorded; and if the operation log of the user has risks, intercepting or warning according to the operation log of the user.
In one embodiment, the real name identification information includes one of: two-dimensional code information, face recognition information and a mobile phone number; the single sign-on protocol comprises one of: oauth protocol, oid protocol, SAML protocol, cas protocol, and JWT protocol.
According to a third aspect of the present disclosure, there is provided an electronic device comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the methods of the present disclosure.
According to a fourth aspect of the present disclosure, there is provided a non-transitory computer readable storage medium having stored thereon computer instructions for causing the computer to perform the method of the present disclosure.
According to the method, the device, the equipment and the storage medium for sharing the Web application account, real-name login request information sent by a user is received, wherein the real-name login request information comprises real-name identification information of the user to be verified and a target shared account; and when the user to be verified is determined to be a preset authorized user, skipping a Web application page corresponding to the target shared account, and recording an operation log of the user, so that account real-name login and account operation real-name audit of Web application are realized, the safety problem in the Web application account sharing process is solved, and the safety of sharing and using Web application accounts is obviously improved.
It should be understood that the statements in this section do not necessarily identify key or critical features of the embodiments of the present disclosure, nor do they limit the scope of the present disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
The above and other objects, features and advantages of exemplary embodiments of the present disclosure will become readily apparent from the following detailed description read in conjunction with the accompanying drawings. Several embodiments of the present disclosure are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings and in which:
in the drawings, the same or corresponding reference numerals indicate the same or corresponding parts.
Fig. 1 illustrates an implementation flow diagram of a method for sharing a Web application account according to an embodiment of the present disclosure;
fig. 2A illustrates an implementation flow diagram of a method for sharing a Web application account according to a second embodiment of the present disclosure;
fig. 2B is a logic framework diagram of a method for sharing a Web application account according to a second embodiment of the present disclosure;
fig. 2C is a schematic key flow diagram of a method for sharing a Web application account according to a second embodiment of the present disclosure;
fig. 3 is a schematic structural diagram illustrating a sharing apparatus for Web application accounts according to a third embodiment of the present disclosure;
fig. 4 shows a schematic structural diagram of an electronic device according to an embodiment of the present disclosure.
Detailed Description
In order to make the objects, features and advantages of the present disclosure more obvious and understandable, the technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in the embodiments of the present disclosure. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
Example one
Fig. 1 is a flowchart of a method for sharing a Web application account according to a first embodiment of the present disclosure, where the method may be executed by a device for sharing a Web application account according to a second embodiment of the present disclosure, and the device may be implemented in a software and/or hardware manner. The method specifically comprises the following steps:
and S110, acquiring real-name login request information of the user.
The real-name login request information comprises real-name identification information of a user to be authenticated and a target shared account.
The real-name login request information may be real-name identification information provided by a user to be authenticated when the user needs to access a certain Web application, and application account information of the Web application. The real-name identification information may be information for marking the identity of the user to be authenticated, and is used to verify whether the user to be authenticated is a preset authorized user. The target shared account is account information corresponding to the Web application which the user to be verified wants to access. The Web application may be an application program accessed through a Browser, and may also be a Browser/Server (BS) application.
Specifically, before the user logs in a certain Web application, the present embodiment needs to perform an authorization operation. For example, the client may authorize the Web application account as a target shared account to other users by himself, or authorize the user to use the right by an authorization relationship established by an administrator. In addition, the present embodiment may set an authorization deadline, and the user may log in the Web application for unlimited times within the authorization deadline. Of course, the present embodiment may also cancel the authorization at any time, and after canceling the authorization, the user cannot enter the Web application to use the resource.
Specifically, when a user needs to open a non-shared Web page of a certain Web application in a browser, the user can select to enter a login page, and the login page displays a login mode of real-name authentication. After the user enters the real-name identification information, the server receives the real-name login request information of the user. In another embodiment, the user may also directly enter the landing page by linking or entering a web address.
In an embodiment of the present disclosure, the real-name identification information includes one of: two-dimensional code information, face recognition information and a mobile phone number. Besides, the real-name identification information may also include biometric features such as fingerprint information. When the real-name authentication mode of the Web application is code scanning authentication, a login page displays a code scanning prompt, and a user can log in the Web application by uploading two-dimensional code information; or when the real-name authentication mode of the Web application is face recognition, the login page can display a face scanning prompt, and a user can log in the Web application by uploading face information; or, when the real-name authentication mode of the Web application is a dynamic-time Password (OTP), the login page may display an input phone number and a dynamic verification code, and the user may input the dynamic verification code and a phone number to log in the Web application.
In a practical situation, the account password is usually shared with the authorized user, but the authorized user can freely share the account password with anyone, and the server side of the Web application does not know who the real user using the Web application is, so that the implementation adopts an authentication mode with a high security level to log in the Web application in a real name manner, the risk that the Web application is used by an unauthorized user is remarkably reduced, and the security of account sharing is improved.
And S120, when the user to be verified is determined to be a preset authorized user, jumping to a Web application page corresponding to the target shared account, and recording an operation log of the user.
The preset authorized user may be an authorized user with the right to use the Web application. The operation log may record all behavior information of the user in using the Web application, for example, browsing information, operation information, and the like. Specifically, when the user to be verified is determined to be the preset authorized user, the method and the device can directly jump to the Web application page corresponding to the target shared account for use by the user.
In the embodiment of the present disclosure, when it is determined that the user to be authenticated is a preset authorized user, jumping to a Web application page corresponding to the target shared account includes: intercepting real-name login request information by adopting a Web plug-in; judging whether the user to be verified is a preset authorized user or not through the Web plug-in; and when the user to be authenticated is determined to be a preset authorized user, logging in a Web application page corresponding to the target shared account through a single sign-on protocol set by the Web plug-in.
The Web plug-in may be a Web filter (Web filter), so as to intercept the Web application operation. The Single Sign On (SSO) refers to an operation that a user can access all mutually trusted application systems only by logging On once, and the Single Sign On protocol in this embodiment includes one of the following: oauth protocol, OIDC protocol, SAML protocol, cas protocol, JWT protocol.
Specifically, in the embodiment, the Web plug-in is adopted to intercept the real-name login request information, and determine whether the user to be authenticated is a preset authorized user. If the real-name authentication mode of the Web application is code scanning authentication, the embodiment judges whether the two-dimensional code uploaded by the user is consistent with the record in the Web application; if the real-name authentication mode of the Web application is face recognition, the embodiment judges whether the face information uploaded by the user is consistent with the face information recorded in the Web application; if the real-name authentication mode of the Web application is dynamic password authentication, the embodiment judges whether the phone number uploaded by the user is consistent with the record in the Web application, if so, the user fills in the dynamic verification code, and the user uses the account number through the dynamic verification code, so that the user to be verified is determined to be a preset authorized user.
Specifically, when it is determined that the user to be authenticated is the preset authorized user, the user can click to log in through the single sign-on protocol, and jump to the Web application page corresponding to the target shared account. Meanwhile, in the embodiment, after the user logs in the Web application page, the operation of the user is recorded through the Web plug-in until the user exits from the Web application, and the operation information and the browsing information of the user are collected in real time in the using process of the user and are used as operation logs to be recorded, so that a manager or a client can conveniently consult the operation logs. According to the embodiment, the login mode of the single sign-on protocol set by the Web plug-in replaces the existing account password login mode, the Web application page can be directly accessed, the complexity of inputting the account password is avoided, the time of the user is saved, and convenience is provided for the user.
The embodiment has extremely wide applicability, is not only suitable for work and privilege account delegation, but also suitable for daily life. Receiving real-name login request information sent by a user, wherein the real-name login request information comprises real-name identification information of the user to be verified and a target shared account; when the user to be verified is determined to be the preset authorized user, the Web application page corresponding to the target sharing account is skipped, and the operation log of the user is recorded, so that account real-name login and account operation real-name audit of Web application are realized, the safety problem in the Web application account sharing process is solved, and the safety of sharing and using the Web application account is obviously improved.
Example two
Fig. 2A is a flowchart of a method for sharing a Web application account according to a second embodiment of the present disclosure, where on the basis of the second embodiment, before recording an operation log of a user, the embodiment of the present disclosure further includes: constructing an operation log database; establishing an association relation among a target shared account, real-name identification information of a preset authorized user and an operation log unit corresponding to the preset authorized user through an operation log database; correspondingly, the operation log of the user is recorded, and the method comprises the following steps: and acquiring an operation log of the user through the Web plug-in, and recording the operation log into an operation log unit under a corresponding preset authorized user name in an operation log database. The method specifically comprises the following steps:
and S210, acquiring real-name login request information of the user.
The real-name login request information comprises real-name identification information of a user to be authenticated and a target shared account.
Before recording the operation log of the user, the present embodiment further includes: and constructing an operation log database, and constructing an association relation among the target shared account, real-name identification information of a preset authorized user and an operation log unit corresponding to the preset authorized user through the operation log database. The operation log database is used for recording real-name identification information and operation information of each preset authorized user.
Specifically, since a plurality of users share the same account, the usage record for the same account is not operation information of one person. That is, the server of the Web application does not record operations of each person using the same account in a differentiated manner, so that the embodiment constructs the operation log database to perform detailed recording on different real users of each account, and can effectively help an entrusting person or a manager to clearly know the real use condition of each preset authorized user. The operation log unit may be an operation log for using a Web application set for one user. Specifically, the operation log database in this embodiment may include a plurality of operation log units, where each operation log unit corresponds to one target shared account and corresponds to a plurality of real-name identification information of one preset authorized user.
In this embodiment of the present disclosure, after the building the operation log database, the method further includes: acquiring real-name identification information of a preset authorized user authorized by the target shared account; and storing the real name identification information of the preset authorized user into the operation log database.
Specifically, in the embodiment, for the authorization operation of the preset authorized user, an association relationship may be established between the target shared account and the real-name identification information of the preset authorized user, for example, a two-dimensional code, face recognition information, and a mobile phone number of the user may be obtained, and the association relationship between the target shared account and the target shared account is stored in the operation log database, so that the server of the Web application is convenient to distinguish different users of the same account.
And S220, when the user to be verified is determined to be a preset authorized user, jumping to a Web application page corresponding to the target shared account, acquiring an operation log of the user through a Web plug-in, and recording the operation log into an operation log unit under a corresponding preset authorized user name in an operation log database.
Specifically, when the user to be authenticated is determined to be the preset authorized user, the user may directly jump to the Web application page corresponding to the target shared account, or may log in the Web application page corresponding to the target shared account by one key in a single sign-on manner. After the user logs in the Web application, the operation log of the user is collected through the Web plug-in and recorded in an operation log unit under a corresponding preset authorized user name in an operation log database.
For example, user a authorizes Web application X to user B and user C, and then three sets of associated document information are recorded in the operation log database, including: web application X, a mobile phone number, a two-dimensional code and face information of a preset authorized user A, and an operation log unit A; web application X, a mobile phone number, a two-dimensional code and face information of a preset authorized user B, and an operation log unit B; web application X-preset authorized user C mobile phone number, two-dimensional code and face information-operation log unit C. When the user B successfully logs in the Web application X with the real name, the embodiment records the operation log of the collected user B into the operation log unit B.
In this embodiment of the present disclosure, after recording the operation log of the user, the method further includes: performing risk analysis on an operation log of a user through a Web plug-in; and if the operation log of the user has risks, intercepting or warning according to the operation log content of the user.
Specifically, the embodiment can not only realize real-name auditing of each user operation, but also perform risk analysis through technologies such as big data, rule engine and AI when the Web plug-in collects user operation information, and perform different risk prevention and control operations according to the analysis result. For example, the Web application in this embodiment may further set the personal usage right and the usage time of each preset authorized user, for example, when the user uses the non-personal right, perform an interception operation; and for example, when the user uses the device for a long time or in an unspecified use time, the warning operation is carried out.
In the embodiment, the user operation is monitored in real time through the Web plug-in, and the identification intervention function of the account operation risk can be realized.
Fig. 2B is a logic framework diagram of a method for sharing a Web application account according to a second embodiment of the present disclosure, where the logic framework diagram includes: the system comprises a management system, an authentication portal system, a Web application plug-in, a risk identification system and a Web application. Further comprising the steps of:
and S2B01, account sharing authorization.
And S2B02, logging in the user with the real name.
And S2B03, obtaining display authorization information.
S2B04, single sign-on application.
And S2B05, recording a log of a user real-name login account.
And S2B06, logging in by an account, and recording the relation between the user and the login account.
And S2B07, intercepting account operation.
And S2B08, recording a real-name operation log of a user login account, and respectively storing the log to a management system and a risk identification system.
And S2B09, identifying operation risks.
And S2B010, account risk intervention.
And S2B011, account number sharing audit.
The management system is used for managing users, web application accounts, account sharing authorization, log audit and the like.
The authentication portal system is used for a user to safely authenticate a login device, such as an authentication login device in a code scanning mode, an OTP mode, a biometric authentication mode and the like. The authentication portal system displays the Web application authorized by the user and the corresponding shared account, and logs in the Web application shared account by using a standard single sign-on protocol, wherein the standard single sign-on protocol can be Oauth, OIDC, SAML, cas, JWT and the like, and does not depend on passwords for logging in. The embodiment records a log of the Web application shared account logged by the user.
The Web application plug-in is used for being integrated with Web application to run together and is responsible for processing single sign-on of the Web application, association of a sign-on user and a sign-on account, collection and storage of a user account operation log and identification intervention of account operation risks. The Web application plug-in adopts a Web filter technology to intercept user login and operation requests, perform single sign-on, record the association relation between a user and an account, collect logs, analyze risks and intervene risks.
The risk identification system is used for carrying out risk identification on the operation log by utilizing technologies such as big data, a rule engine and AI (artificial intelligence).
Fig. 2C is a schematic key flow diagram of a method for sharing a Web application account according to a second embodiment of the present disclosure, where the method includes: the system comprises a user browser, an authentication portal system, a Web application plug-in and a Web application. Further comprising the steps of:
and S2C01, safely logging in the real name of the user, such as code scanning, OTP (one time programmable) and face scanning.
And S2C02, checking the authorized application account.
S2C03, single sign-on application.
And S2C04, recording information of the application account for logging in by the user.
And S2C05, logging in the application, and recording the association relation between the user and the account.
And S2C06, intercepting Web application operation by using a filter technology, and identifying risks and intervening operation.
And S2C07, intercepting Web application operation by using a filter technology, and recording a log of user login account operation.
According to the method, the Web application shared account is logged in by using the single sign-on protocol, the account password is not used in the logging-on process, the problem that the password is required to be shared in the traditional account sharing is effectively solved, and the account sharing safety is obviously improved. Meanwhile, the embodiment associates the use of the shared account with the real-name user through the login and the operation audit of the real-name user, effectively ensures the sharing safety of the Web application account, supports the authorization of an administrator and the self-service authorization of the user on the Web application account, and can effectively control the sharing range of the Web application account, namely, control the authorized use user and the use time, for example, for the sharing of a privileged account and a work entrusting, thereby obviously improving the account sharing safety.
EXAMPLE III
Fig. 3 is a schematic structural diagram of a sharing device for Web application accounts, where the device specifically includes:
the request receiving module 310 is configured to obtain real-name login request information of a user, where the real-name login request information includes real-name identification information of the user to be authenticated and a target shared account;
and the log recording module 320 is configured to jump to a Web application page corresponding to the target shared account and record an operation log of the user when it is determined that the user to be authenticated is a preset authorized user.
In an implementation, the logging module 320 is specifically configured to:
intercepting real-name login request information by adopting a Web plug-in;
judging whether the user to be verified is a preset authorized user or not through the Web plug-in;
and when the user to be verified is determined to be a preset authorized user, logging in a Web application page corresponding to the target shared account through a single sign-on protocol set by the Web plug-in.
In one embodiment, the apparatus further comprises:
the database construction module is used for constructing an operation log database before recording the operation log of the user; establishing an association relation among a target shared account, real-name identification information of a preset authorized user and an operation log unit corresponding to the preset authorized user through an operation log database;
correspondingly, the logging module 320 is specifically configured to: and acquiring an operation log of the user through the Web plug-in, and recording the operation log into an operation log unit under a corresponding preset authorized user name in an operation log database.
In an implementation manner, the logging module 320 is further specifically configured to:
acquiring real-name identification information of a preset authorized user authorized by the target shared account;
and storing the real-name identification information of the preset authorized user into the operation log database.
In one embodiment, the apparatus further comprises:
the risk module is used for performing risk analysis on the operation log of the user through the Web plug-in after the operation log of the user is recorded; and if the operation log of the user has risks, intercepting or warning according to the operation log of the user.
In one embodiment, the real name identification information includes one of: two-dimensional code information, face recognition information and a mobile phone number; the single sign-on protocol comprises one of: oauth protocol, oid protocol, SAML protocol, cas protocol, and JWT protocol.
The present disclosure also provides an electronic device and a readable storage medium according to an embodiment of the present disclosure.
FIG. 4 shows a schematic block diagram of an example electronic device 400 that may be used to implement embodiments of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. Electronic devices may also represent various forms of mobile devices, such as personal digital processors, cellular telephones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not meant to limit implementations of the disclosure described and/or claimed herein.
As shown in fig. 4, the apparatus 400 includes a computing unit 401 that can perform various appropriate actions and processes according to a computer program stored in a Read Only Memory (ROM) 402 or a computer program loaded from a storage unit 408 into a Random Access Memory (RAM) 403. In the RAM 403, various programs and data required for the operation of the device 400 can also be stored. The computing unit 401, ROM 402, and RAM 403 are connected to each other via a bus 404. An input/output (I/O) interface 405 is also connected to bus 404.
A number of components in the device 400 are connected to the I/O interface 405, including: an input unit 406 such as a keyboard, a mouse, or the like; an output unit 407 such as various types of displays, speakers, and the like; a storage unit 408, such as a magnetic disk, optical disk, or the like; and a communication unit 409 such as a network card, modem, wireless communication transceiver, etc. The communication unit 409 allows the device 400 to exchange information/data with other devices via a computer network, such as the internet, and/or various telecommunication networks.
Computing unit 401 may be a variety of general and/or special purpose processing components with processing and computing capabilities. Some examples of the computing unit 401 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various dedicated Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, and so forth. The computing unit 401 executes the respective methods and processes described above, such as the sharing method of the Web application account. For example, in some embodiments, the method of sharing Web application accounts may be implemented as a computer software program tangibly embodied on a machine-readable medium, such as storage unit 408. In some embodiments, part or all of the computer program may be loaded and/or installed onto the device 400 via the ROM 402 and/or the communication unit 409. When the computer program is loaded into the RAM 403 and executed by the computing unit 401, one or more steps of the above-described sharing method of the Web application account may be performed. Alternatively, in other embodiments, the computing unit 401 may be configured to perform the sharing method of the Web application account in any other suitable manner (e.g., by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems on a chip (SOCs), complex Programmable Logic Devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
Program code for implementing the methods of the present disclosure may be written in any combination of one or more programming languages. These program codes may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program codes, when executed by the processor or controller, cause the functions/operations specified in the flowchart and/or block diagram to be performed. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user may provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), and the Internet.
The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server may be a cloud server, a server of a distributed system, or a server with a combined blockchain.
It should be understood that various forms of the flows shown above, reordering, adding or deleting steps, may be used. For example, the steps described in the present disclosure may be executed in parallel, sequentially, or in different orders, as long as the desired results of the technical solutions disclosed in the present disclosure can be achieved, and the present disclosure is not limited herein.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one of the feature. In the description of the present disclosure, "a plurality" means two or more unless specifically limited otherwise.
The above description is only for the specific embodiments of the present disclosure, but the scope of the present disclosure is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present disclosure, and all the changes or substitutions should be covered within the scope of the present disclosure. Therefore, the protection scope of the present disclosure should be subject to the protection scope of the claims.

Claims (10)

1. A method for sharing Web application accounts is characterized by comprising the following steps:
acquiring real-name login request information of a user, wherein the real-name login request information comprises real-name identification information of the user to be verified and a target shared account;
and when the user to be verified is determined to be a preset authorized user, skipping the Web application page corresponding to the target shared account, and recording the operation log of the user.
2. The method according to claim 1, wherein when it is determined that the user to be authenticated is a preset authorized user, jumping to the Web application page corresponding to the target shared account includes:
intercepting the real-name login request information by adopting a Web plug-in;
judging whether the user to be verified is a preset authorized user or not through the Web plug-in;
and when the user to be verified is determined to be a preset authorized user, logging in a Web application page corresponding to the target shared account through a single sign-on protocol set by the Web plug-in.
3. The method of claim 2, further comprising, prior to said logging the user's operation log:
constructing an operation log database;
establishing an association relation among the target shared account, the real-name identification information of the preset authorized user and an operation log unit corresponding to the preset authorized user through the operation log database;
correspondingly, the recording the operation log of the user includes:
and acquiring the operation log of the user through the Web plug-in, and recording the operation log into an operation log unit under a corresponding preset authorized user name in the operation log database.
4. The method of claim 3, after said building the oplog database, further comprising:
acquiring real-name identification information of a preset authorized user authorized by the target shared account;
and storing the real-name identification information of the preset authorized user into the operation log database.
5. The method of claim 4, further comprising, after said logging the user's operation log:
carrying out risk analysis on the operation log of the user through the Web plug-in;
and if the operation log of the user has risks, intercepting or warning according to the operation log content of the user.
6. An apparatus for sharing a Web application account, the apparatus comprising:
the system comprises a request receiving module, a target sharing account number obtaining module and a verification module, wherein the request receiving module is used for obtaining real-name login request information of a user, and the real-name login request information comprises real-name identification information and the target sharing account number of the user to be verified;
and the log recording module is used for jumping to a Web application page corresponding to the target shared account and recording an operation log of the user when the user to be verified is determined to be a preset authorized user.
7. The apparatus of claim 6, wherein the logging module is specifically configured to:
intercepting the real-name login request information by adopting a Web plug-in;
judging whether the user to be verified is a preset authorized user or not through the Web plug-in;
and when the user to be authenticated is determined to be a preset authorized user, logging in a Web application page corresponding to the target shared account through a single sign-on protocol set by the Web plug-in.
8. The apparatus of claim 7, further comprising:
the database construction module is used for constructing an operation log database before the operation log of the user is recorded; establishing an association relation among the target shared account, the real-name identification information of the preset authorized user and an operation log unit corresponding to the preset authorized user through the operation log database;
correspondingly, the logging module is specifically configured to: and acquiring the operation log of the user through the Web plug-in, and recording the operation log into an operation log unit under a corresponding preset authorized user name in the operation log database.
9. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-5.
10. A non-transitory computer readable storage medium having stored thereon computer instructions for causing the computer to perform the method of any one of claims 1-5.
CN202211103318.3A 2022-09-09 2022-09-09 Method, device, equipment and storage medium for sharing Web application account Pending CN115473732A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211103318.3A CN115473732A (en) 2022-09-09 2022-09-09 Method, device, equipment and storage medium for sharing Web application account

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211103318.3A CN115473732A (en) 2022-09-09 2022-09-09 Method, device, equipment and storage medium for sharing Web application account

Publications (1)

Publication Number Publication Date
CN115473732A true CN115473732A (en) 2022-12-13

Family

ID=84370960

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211103318.3A Pending CN115473732A (en) 2022-09-09 2022-09-09 Method, device, equipment and storage medium for sharing Web application account

Country Status (1)

Country Link
CN (1) CN115473732A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104899485A (en) * 2015-07-02 2015-09-09 三星电子(中国)研发中心 User management method and device
CN105373614A (en) * 2015-11-24 2016-03-02 中国科学院深圳先进技术研究院 Sub-user identification method and system based on user account
CN108737424A (en) * 2018-05-24 2018-11-02 深圳市零度智控科技有限公司 Authority sharing method, server, system and the readable storage medium storing program for executing of smart home
CN112883366A (en) * 2021-03-29 2021-06-01 口碑(上海)信息技术有限公司 Account sharing login method, device, system, electronic equipment and storage medium
CN113553570A (en) * 2021-07-27 2021-10-26 未鲲(上海)科技服务有限公司 Information output method, device and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104899485A (en) * 2015-07-02 2015-09-09 三星电子(中国)研发中心 User management method and device
CN105373614A (en) * 2015-11-24 2016-03-02 中国科学院深圳先进技术研究院 Sub-user identification method and system based on user account
CN108737424A (en) * 2018-05-24 2018-11-02 深圳市零度智控科技有限公司 Authority sharing method, server, system and the readable storage medium storing program for executing of smart home
CN112883366A (en) * 2021-03-29 2021-06-01 口碑(上海)信息技术有限公司 Account sharing login method, device, system, electronic equipment and storage medium
CN113553570A (en) * 2021-07-27 2021-10-26 未鲲(上海)科技服务有限公司 Information output method, device and storage medium

Similar Documents

Publication Publication Date Title
US10182078B2 (en) Selectively enabling and disabling biometric authentication based on mobile device state information
US20180196875A1 (en) Determining repeat website users via browser uniqueness tracking
CN111416811B (en) Unauthorized vulnerability detection method, system, equipment and storage medium
US7631362B2 (en) Method and system for adaptive identity analysis, behavioral comparison, compliance, and application protection using usage information
US20130111586A1 (en) Computing security mechanism
US20110314558A1 (en) Method and apparatus for context-aware authentication
CN113536258A (en) Terminal access control method and device, storage medium and electronic equipment
CN111683047B (en) Unauthorized vulnerability detection method, device, computer equipment and medium
CN110268406B (en) Password security
US11368464B2 (en) Monitoring resource utilization of an online system based on statistics describing browser attributes
CN105162775A (en) Logging method and device of virtual machine
CN107770192A (en) Identity authentication method and computer-readable recording medium in multisystem
CN103975567A (en) Dual-factor authentication method and virtual machine device
CN114139135B (en) Equipment login management method, device and storage medium
US9268917B1 (en) Method and system for managing identity changes to shared accounts
CN117150461A (en) Platform access method and device, electronic equipment and storage medium
CN115473732A (en) Method, device, equipment and storage medium for sharing Web application account
US20230114138A1 (en) Sensitive data management system
US11321481B1 (en) Method for determining to grant or deny a permission request based on empirical data aggregation
CN113343220A (en) Login authentication method, device, equipment and medium of application program
CN113542238A (en) Risk judgment method and system based on zero trust
CN112347436A (en) Authority management method of security component in security resource pool and related component
CN111885006B (en) Page access and authorized access method and device
CN115426146B (en) System login method, device, computer equipment and storage medium
CN115834252B (en) Service access method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20221213