CN115529154A - Login management method, login management device, electronic device and readable storage medium - Google Patents
Login management method, login management device, electronic device and readable storage medium Download PDFInfo
- Publication number
- CN115529154A CN115529154A CN202210920175.9A CN202210920175A CN115529154A CN 115529154 A CN115529154 A CN 115529154A CN 202210920175 A CN202210920175 A CN 202210920175A CN 115529154 A CN115529154 A CN 115529154A
- Authority
- CN
- China
- Prior art keywords
- login
- user information
- access request
- global session
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 39
- 238000000034 method Methods 0.000 claims abstract description 10
- 238000013475 authorization Methods 0.000 claims description 47
- 238000004590 computer program Methods 0.000 claims description 9
- 238000012795 verification Methods 0.000 description 14
- 238000004891 communication Methods 0.000 description 9
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 238000012790 confirmation Methods 0.000 description 1
- 235000014510 cooky Nutrition 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The application relates to a login management method, a login management device, an electronic device and a readable storage medium, wherein the method comprises the following steps: receiving a first access request, acquiring user information and a first system identifier corresponding to the first access request, and executing login operation of a system corresponding to the first system identifier according to the user information; creating a global session and storing user information into the global session; and receiving a second access request, acquiring a second system identifier in the second access request, and executing login operation of a system corresponding to the second system identifier through the global session, wherein the first access request is the access request received when the global session is invalid, and the second access request is the access request received when the global session is valid. By generating the global session and storing the user information during the first login, the user only needs to input the user information during the first login, and can directly log in through the global session during the subsequent login of other systems, so that the login efficiency of the user is improved, and the user experience is improved.
Description
Technical Field
The present application relates to the field of internet, and in particular, to a login management method, device, electronic device, and readable storage medium.
Background
Different business systems can be developed by a company based on different businesses, independent user data is set by the different systems, and when a user needs to log in the different business systems, multiple login operations are needed, so that experience and efficiency are influenced.
Disclosure of Invention
The application provides a login management method, a login management device, an electronic device and a readable storage medium, and aims to solve the technical problem of low efficiency in multi-system login in the prior art.
In order to solve the above technical problem or at least partially solve the above technical problem, the present application provides a login management method, including the steps of:
receiving a first access request, acquiring user information and a first system identifier corresponding to the first access request, and executing login operation of a system corresponding to the first system identifier according to the user information;
creating a global session and storing the user information into the global session;
receiving a second access request, acquiring a second system identifier in the second access request, and executing login operation of a system corresponding to the second system identifier through the global session, wherein the first access request is an access request received when the global session is invalid, and the second access request is an access request received when the global session is valid.
Optionally, the step of executing the login operation of the system corresponding to the first system identifier according to the user information includes:
sending the user information and the first system identification to an authentication server;
receiving a first authorization code returned by the authentication server based on the user information and the first system identification;
sending the first authorization code to the authentication server to receive a first access token returned by the authentication server based on the first authorization code;
and saving the first access token to a gateway.
Optionally, the user information includes a user account, a password, and a permission type; the step of receiving a first authorization code returned by the authentication server based on the user information and the first system identifier includes:
and receiving a first authorization code corresponding to the permission type returned by the authentication server after the authentication server successfully verifies the identity through the user account, the password and the first system identifier.
Optionally, the step of executing, by the global session, a login operation of a system corresponding to the second system identifier includes:
acquiring user information and login state information in the global session, and judging whether the current login state is valid according to the login state information;
if the current login state is valid, sending the second system identifier to an authentication server, and receiving a second authorization code returned by the authentication server based on the second system identifier;
sending the second authorization code to the authentication server to receive a second access token returned by the authentication server based on the second authorization code;
and saving the second access token to a gateway.
Optionally, the step of determining whether the current login state is valid according to the login state information includes:
acquiring preset login timeliness and acquiring login duration in the login state information;
judging whether the login duration is less than the preset login time limit or not;
and if the login duration is less than the preset login time limit, the current login state is valid.
Optionally, the step of obtaining the user information and the first system identifier corresponding to the first access request, and performing a login operation of a system corresponding to the first system identifier according to the user information includes:
acquiring an external software identifier in the first access request, and returning a login entry corresponding to the external software identifier so that a user can perform login authorization on a platform server corresponding to the external software identifier according to the login entry;
receiving a third access token and the user information returned by the platform server after the login authorization is completed;
and generating a fourth access token according to the third access token, the user information and the first system identifier, and storing the fourth access token to a gateway.
Optionally, the creating a global session and saving the user information to the global session further includes:
if an exit instruction containing any system identification is received, the global session and the user information are cleared, and whether a logged-in system exists currently is judged;
and if the logged-in system exists, logging out of the logged-in system.
In order to achieve the above object, the present invention further provides a login management device, including:
the first receiving module is used for receiving a first access request, acquiring user information and a first system identifier corresponding to the first access request, and executing login operation of a system corresponding to the first system identifier according to the user information;
the first establishing module is used for establishing a global session and storing the user information into the global session;
a second receiving module, configured to receive a second access request, obtain a second system identifier in the second access request, and execute a login operation of a system corresponding to the second system identifier through the global session, where the first access request is an access request received when the global session is invalid, and the second access request is an access request received when the global session is valid.
To achieve the above object, the present invention further provides an electronic device, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the computer program, when executed by the processor, implements the steps of the login management method as described above.
To achieve the above object, the present invention further provides a computer-readable storage medium having stored thereon a computer program, which when executed by a processor, implements the steps of the login management method as described above.
The invention provides a login management method, a login management device, an electronic device and a readable storage medium, which are used for receiving a first access request, acquiring user information and a first system identification corresponding to the first access request, and executing login operation of a system corresponding to the first system identification according to the user information; creating a global session and storing the user information into the global session; receiving a second access request, acquiring a second system identifier in the second access request, and executing login operation of a system corresponding to the second system identifier through the global session, wherein the first access request is an access request received when the global session is invalid, and the second access request is an access request received when the global session is valid. By generating the global session and storing the user information during the first login, the user only needs to input the user information during the first login, and can directly log in through the global session without inputting the user information during the subsequent login of other systems, so that the login efficiency of the user is improved, and the user experience is improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive exercise.
FIG. 1 is a flowchart illustrating a login management method according to a first embodiment of the present invention;
FIG. 2 is a schematic flow chart illustrating a login operation in the login management method according to the present invention;
FIG. 3 is a schematic overall flowchart of a login management method according to the present invention;
fig. 4 is a schematic block diagram of an electronic device according to the present invention.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. In order to make the technical solutions of the present application better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only some embodiments of the present application, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The invention provides a login management method, referring to fig. 1, fig. 1 is a schematic flow diagram of a first embodiment of the login management method of the invention, the method comprises the steps of:
step S10, receiving a first access request, acquiring user information and a first system identification corresponding to the first access request, and executing login operation of a system corresponding to the first system identification according to the user information;
the first access request is an access request received when the global session is invalid; the first access request is sent by a user, and specifically, the user can trigger the first access request on a login interface of corresponding software or a webpage; taking a webpage as an example, when a user enters a login interface, judging whether the user logs in at the moment, for example, detecting the login state of the user by introducing a sso-client class; when the user logs in, displaying an input area of user information on a login interface so that the user can fill in the user information, selecting a system needing to log in on the login interface, and automatically matching the system selected by the user to obtain a corresponding first system identifier; it should be noted that the user information may be directly input by the user in the login interface, or may be provided by authorization of external software, for example, by providing a two-dimensional code of the external software, the user authorizes the user information by scanning the two-dimensional code, and then obtains the user information from a platform server of the external software; it should be noted that, the user may also select a system that needs to be logged in, and then the corresponding login interface is displayed according to the system selected by the user. The login operation can be executed after the user information and the first system identification are obtained, and particularly, the method is applied to a user login module, the user login module is connected with an authentication server, the user login module sends the first system identification and the user information to the authentication server, the authentication server determines a system needing to be logged in according to the first system identification, and authentication is carried out through the user information so as to complete login of the system.
Step S20, establishing a global session, and storing the user information into the global session;
after the login operation is successfully executed, a global session is created; it can be understood that all systems perform login authentication through the same login authentication interface, a global session corresponds to a session ID, and login operation based on the same user information is represented through the same session ID;
step S30, receiving a second access request, obtaining a second system identifier in the second access request, and executing a login operation of a system corresponding to the second system identifier through the global session, where the second access request is an access request received when the global session is valid.
The triggering manner of the second access request can be set by analogy according to the first access request, and is not described herein again. When the user enters a login interface, judging whether the user logs in at the moment, for example, detecting the login state of the user by introducing a sso-client class; when the user logs in currently, selectable systems are displayed on a login interface, the user selects a system needing to log in, and the corresponding second system identification is matched based on the user selection; and performing login operation on the authentication server based on the same global session, and determining the system needing to be logged in by the authentication server according to the second system identifier so as to complete the login operation.
According to the embodiment, the global session is generated and the user information is stored when the user logs in for the first time, so that the user only needs to input the user information when logging in for the first time, the user information does not need to be input when logging in other systems subsequently, the user can directly log in through the global session, the login efficiency of the user is improved, and the user experience is improved.
Further, referring to fig. 2, in a second embodiment of the login management method according to the present invention proposed based on the first embodiment of the present invention, the step S10 includes the steps of:
step S11, sending the user information and the first system identification to an authentication server;
step S12, receiving a first authorization code returned by the authentication server based on the user information and the first system identifier;
step S13, sending the first authorization code to the authentication server to receive a first access token returned by the authentication server based on the first authorization code;
and S14, storing the first access token to a gateway.
Sending user information and a first system identifier to an authentication server at a user login module, and verifying the user information by the authentication server, wherein the user information specifically comprises a user account, a password and an authority category; the step S12 includes the steps of:
step S121, receiving a first authorization code corresponding to the permission type returned by the authentication server after the authentication server successfully performs identity verification through the user account, the password, and the first system identifier.
The authentication server stores an authorized user account and a password in advance, and when the user information is matched with the user account and the password stored in the authentication server, the identity verification is successful; after the identity verification is successful, the authentication server generates a first authorization code corresponding to the first system identification. Furthermore, different permissions, namely permission types, can be set for corresponding user accounts according to different user identities, different loginable systems corresponding to different permission types are different, and the range of applicable functions in the corresponding single system is different; when the identity authentication is carried out, whether the first system identification is in accordance with the corresponding authority category or not needs to be verified, and if not, the authentication is not passed. It should be noted that the service system may report the user information to the unified user center in batch, and the unified user center provides an interface for the service system to pull the user information.
And after the verification is passed, the authentication server sends the first authorization code to the user login module, and the user login module exchanges the first authorization code for the first access token through the authentication server and stores the first access token in the gateway to complete the login operation.
Further, referring to fig. 3, the user account can be divided into a domain account and a common account:
if the domain account is the ldap domain account, verification of the ldap domain account is carried out, subsequent login operation is carried out after the verification is passed, and meanwhile, the domain account can be updated or associated or modified with a common account by a user; when the verification fails, prompting that the account number or the password is wrong on the login interface, and locking the account when the number of errors reaches a preset number of errors, wherein the preset number of errors can be set according to actual application requirements, in the embodiment 2, in addition, a mobile phone verification code login mode can be introduced for login.
If the common account number is the common account number, unified user common account number verification is carried out, subsequent login operation is executed after the verification is passed, and if the common account number is the first login, the password modification page can be set to be skipped to for the user to carry out password modification; when the verification fails, the login interface prompts that the account or the password is wrong, and the user needs to input the account and the password again, which needs to be described that the common account can also set a corresponding verification rule when the verification fails, and details are not described herein.
The step S30 includes the steps of:
step S31, obtaining user information and login state information in the global session, and judging whether the current login state is valid according to the login state information;
step S32, if the current login state is valid, the second system identification is sent to an authentication server, and a second authorization code returned by the authentication server based on the second system identification is received;
step S33, sending the second authorization code to the authentication server to receive a second access token returned by the authentication server based on the second authorization code;
and step S34, storing the second access token to a gateway.
The second authorization code can be obtained in a manner similar to that of the first authorization code, and the difference is that the authentication server determines the login operation of the same user through the global session, so that the system needing to be logged in is determined only through the second system identifier, and further description of other steps is omitted.
The login state information is used for representing the login state of the user information, and the login state information can be obtained by determining login records through cookie information submitted by a login interface; and judging whether the login state of the current user information is still valid or not through the login state information, and only when the login state is valid, directly executing subsequent login operation. Specifically, the step S31 includes the steps of:
step S311, acquiring preset login timeliness and acquiring login duration in the login state information;
step S312, judging whether the login duration is less than the preset login time limit;
and step S313, if the login duration is less than the preset login time limit, the current login state is valid.
The preset login time limit is used for indicating the effective time of single user information login, and the preset login time limit can be set based on actual application scenes and needs. When the system login corresponding to the first system identification is successful, starting timing login duration; when the login duration reaches the preset login time limit, the login state is invalid, and at the moment, the user needs to input user information again to log in; different rules can be set according to actual needs, for example, when the login state is invalid, the login state of the currently logged-in system is kept, but if a new system needs to be logged in, the user information needs to be input again by the user, or when the login state is aged, the login state of the currently logged-in system is completely invalid, no matter the currently logged-in system is used or the new system is logged in, the user information needs to be input again by the user, and at this time, the global session can be cleared. When the current login state is valid, the user can login a new system without inputting user information.
The step S20 is followed by the steps of:
step S40, if an exit instruction containing any system identification is received, the global session and the user information are cleared, and whether a logged-in system exists currently is judged;
and S50, if the logged system exists, logging out of the logged system.
In this embodiment, a unified user logout mechanism is set, when a logout instruction of a user for any system is received, the global session is cleared, all currently logged-in systems are logged out, and when an originally logged-in system is accessed, user information needs to be input again for logging in. It should be noted that, when the global session is cleared, the login state may be set to be invalid synchronously, the validity of the login state is verified each time the system is accessed or a new system is logged in, if the login state is invalid, the user information needs to be input again, and if the login state is valid, the user can directly access or log in.
The embodiment can realize the rule management of the login timeliness and the logout, and further improves the management capability of the system.
Further, in a third embodiment of the login management method according to the present invention proposed based on the first embodiment of the present invention, the step S10 includes the steps of:
step S15, obtaining an external software identifier in the first access request, and returning a login entry corresponding to the external software identifier so that a user can perform login authorization on a platform server corresponding to the external software identifier according to the login entry;
step S16, receiving a third access token and the user information returned by the platform server after the login authorization is completed;
and S17, generating a fourth access token according to the third access token, the user information and the first system identifier, and storing the fourth access token to a gateway.
In the embodiment, besides the login can be realized by inputting the user information by the user, the authorized login can be performed by software, such as flybook, weChat and the like. Specifically, a user selects an external software identifier on a login interface to determine external software needing authorization, and after receiving the external software identifier, a login entry of the corresponding external software is returned, wherein the login entry includes but is not limited to a two-dimensional code, a link and the like; taking a login entry as a two-dimensional code as an example, a user initiates a request to a platform server of external software by scanning the two-dimensional code, the platform server returns user information such as a nickname, a head portrait and the like to user equipment for authorization confirmation, after the user confirms, the authorization code transmitted by the platform server is received, a third access token and user information are further obtained from the platform server, the user information contains openid, the user identity is determined through the openid, and a fourth access token is generated according to the third access token, the user information and a first system identifier; specifically, the generation manner of the fourth access token may be similar to that of the first access token, and is not described herein again.
The embodiment expands the login mode and improves the user experience.
It should be noted that for simplicity of description, the above-mentioned embodiments of the method are described as a series of acts, but those skilled in the art should understand that the present application is not limited by the described order of acts, as some steps may be performed in other orders or simultaneously according to the present application. Further, those skilled in the art will recognize that the embodiments described in this specification are preferred embodiments and that acts or modules referred to are not necessarily required for this application.
Through the above description of the embodiments, those skilled in the art can clearly understand that the method according to the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but the former is a better implementation mode in many cases. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present application.
The present application further provides a login management apparatus for implementing the login management method, where the login management apparatus includes:
the first receiving module is used for receiving a first access request, acquiring user information and a first system identifier corresponding to the first access request, and executing login operation of a system corresponding to the first system identifier according to the user information;
the first establishing module is used for establishing a global session and storing the user information into the global session;
a second receiving module, configured to receive a second access request, obtain a second system identifier in the second access request, and execute a login operation of a system corresponding to the second system identifier through the global session, where the first access request is an access request received when the global session is invalid, and the second access request is an access request received when the global session is valid.
The login management device generates the global session and stores the user information during initial login, so that the user only needs to input the user information during initial login, and can directly log in through the global session without inputting the user information during subsequent login of other systems, thereby improving the login efficiency of the user and improving the user experience.
It should be noted that the first receiving module in this embodiment may be configured to execute step S10 in this embodiment, the first creating module in this embodiment may be configured to execute step S20 in this embodiment, and the first receiving module in this embodiment may be configured to execute step S30 in this embodiment.
Further, the first receiving module comprises:
the first sending unit is used for sending the user information and the first system identification to an authentication server;
a first receiving unit, configured to receive a first authorization code returned by the authentication server based on the user information and the first system identifier;
a second sending unit, configured to send the first authorization code to the authentication server, so as to receive a first access token returned by the authentication server based on the first authorization code;
and the first storage unit is used for storing the first access token to the gateway.
Further, the user information comprises a user account, a password and a permission type; the first receiving unit includes:
and the first receiving subunit is configured to receive a first authorization code corresponding to the permission type, which is returned by the authentication server after the authentication server successfully performs identity verification through the user account, the password and the first system identifier.
Further, the second receiving module comprises:
the first acquisition unit is used for acquiring the user information and the login state information in the global session and judging whether the current login state is valid or not according to the login state information;
a third sending unit, configured to send the second system identifier to an authentication server if the current login status is valid, and receive a second authorization code returned by the authentication server based on the second system identifier;
a fourth sending unit, configured to send the second authorization code to the authentication server, so as to receive a second access token returned by the authentication server based on the second authorization code;
and the second storage unit is used for storing the second access token to the gateway.
Further, the first acquisition unit includes:
the first obtaining subunit is used for obtaining preset login timeliness and obtaining login duration in the login state information;
the first judgment subunit is used for judging whether the login duration is less than the preset login time limit;
and the first execution subunit is used for judging that the current login state is valid if the login duration is less than the preset login time limit.
Further, the first receiving module comprises:
a second obtaining unit, configured to obtain an external software identifier in the first access request, and return a login entry corresponding to the external software identifier, so that a user performs login authorization on a platform server corresponding to the external software identifier according to the login entry;
the second receiving unit is used for receiving a third access token and the user information which are returned by the platform server after the login authorization is finished;
and the first generation unit generates a fourth access token according to the third access token, the user information and the first system identification, and stores the fourth access token to a gateway.
Further, the login management device further includes:
the first clearing module is used for clearing the global session and the user information and judging whether a logged-in system exists at present or not if an exit instruction containing any system identification is received;
the first quitting module is used for quitting the logged-in system if the logged-in system exists.
It should be noted that the modules described above are the same as examples and application scenarios realized by corresponding steps, but are not limited to what is disclosed in the foregoing embodiments. The modules may be implemented by software as part of the apparatus, or may be implemented by hardware, where the hardware environment includes a network environment.
Referring to fig. 4, the electronic device may include components such as a communication module 10, a memory 20, and a processor 30 in a hardware structure. In the electronic device, the processor 30 is connected to the memory 20 and the communication module 10, respectively, the memory 20 stores thereon a computer program, which is executed by the processor 30 at the same time, and when executed, implements the steps of the above-mentioned method embodiments.
The communication module 10 may be connected to an external communication device through a network. The communication module 10 may receive a request from an external communication device, and may also send a request, an instruction, and information to the external communication device, where the external communication device may be another electronic apparatus, a server, or an internet of things device, such as a television.
The memory 20 may be used to store software programs as well as various data. The memory 20 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function (such as receiving a first access request), and the like; the storage data area may include a database, and the storage data area may store data or information created according to use of the system, or the like. Further, the memory 20 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
The processor 30, which is a control center of the electronic device, connects various parts of the entire electronic device using various interfaces and lines, and performs various functions of the electronic device and processes data by operating or executing software programs and/or modules stored in the memory 20 and calling data stored in the memory 20, thereby performing overall monitoring of the electronic device. Processor 30 may include one or more processing units; alternatively, the processor 30 may integrate an application processor, which primarily handles operating systems, user interfaces, applications, etc., and a modem processor, which primarily handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 30.
Although not shown in fig. 4, the electronic device may further include a circuit control module, which is used for connecting with a power supply to ensure the normal operation of other components. Those skilled in the art will appreciate that the electronic device configuration shown in fig. 4 does not constitute a limitation of the electronic device and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
The invention also proposes a computer-readable storage medium on which a computer program is stored. The computer-readable storage medium may be the Memory 20 in the electronic apparatus in fig. 4, and may also be at least one of a ROM (Read-Only Memory)/RAM (Random Access Memory), a magnetic disk, and an optical disk, and the computer-readable storage medium includes instructions for enabling a terminal device (which may be a television, an automobile, a mobile phone, a computer, a server, a terminal, or a network device) having a processor to execute the method according to the embodiments of the present invention.
In the present invention, the terms "first", "second", "third", "fourth" and "fifth" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance, and it is obvious to those skilled in the art that the above-mentioned terms have specific meanings in the present invention according to specific situations.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
Although the embodiment of the present invention has been shown and described, the scope of the present invention is not limited thereto, it should be understood that the above embodiment is illustrative and not to be construed as limiting the present invention, and that those skilled in the art can make changes, modifications and substitutions to the above embodiment within the scope of the present invention, and that these changes, modifications and substitutions should be covered by the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. A login management method, the method comprising:
receiving a first access request, acquiring user information and a first system identifier corresponding to the first access request, and executing login operation of a system corresponding to the first system identifier according to the user information;
creating a global session and storing the user information into the global session;
receiving a second access request, acquiring a second system identifier in the second access request, and executing login operation of a system corresponding to the second system identifier through the global session, wherein the first access request is an access request received when the global session is invalid, and the second access request is an access request received when the global session is valid.
2. The login management method of claim 1, wherein the step of performing a login operation of a system corresponding to the first system identifier according to the user information comprises:
sending the user information and the first system identification to an authentication server;
receiving a first authorization code returned by the authentication server based on the user information and the first system identification;
sending the first authorization code to the authentication server to receive a first access token returned by the authentication server based on the first authorization code;
and saving the first access token to a gateway.
3. The login management method according to claim 2, wherein the user information includes a user account, a password, and a permission type; the step of receiving a first authorization code returned by the authentication server based on the user information and the first system identification includes:
and receiving a first authorization code corresponding to the permission type returned by the authentication server after the authentication server successfully verifies the identity through the user account, the password and the first system identifier.
4. The login management method of claim 1, wherein the step of performing a login operation of the second system identification corresponding to the system through the global session comprises:
acquiring user information and login state information in the global session, and judging whether the current login state is valid according to the login state information;
if the current login state is valid, sending the second system identifier to an authentication server, and receiving a second authorization code returned by the authentication server based on the second system identifier;
sending the second authorization code to the authentication server to receive a second access token returned by the authentication server based on the second authorization code;
and saving the second access token to a gateway.
5. The login management method according to claim 4, wherein the step of determining whether the current login status is valid according to the login status information comprises:
acquiring preset login timeliness and acquiring login duration in the login state information;
judging whether the login duration is less than the preset login time limit or not;
and if the login duration is less than the preset login time limit, the current login state is valid.
6. The login management method according to claim 1, wherein the step of obtaining the user information and the first system identifier corresponding to the first access request, and performing the login operation of the system corresponding to the first system identifier according to the user information comprises:
acquiring an external software identifier in the first access request, and returning a login entry corresponding to the external software identifier so that a user can perform login authorization on a platform server corresponding to the external software identifier according to the login entry;
receiving a third access token and the user information returned by the platform server after the login authorization is completed;
and generating a fourth access token according to the third access token, the user information and the first system identifier, and storing the fourth access token to a gateway.
7. The login management method of claim 1, wherein the steps of creating a global session and saving the user information into the global session are followed by further comprising:
if an exit instruction containing any system identification is received, the global session and the user information are cleared, and whether a logged-in system exists currently is judged;
and if the logged-in system exists, logging out of the logged-in system.
8. A login management apparatus, comprising:
the first receiving module is used for receiving a first access request, acquiring user information and a first system identifier corresponding to the first access request, and executing login operation of a system corresponding to the first system identifier according to the user information;
the first establishing module is used for establishing a global session and storing the user information into the global session;
a second receiving module, configured to receive a second access request, obtain a second system identifier in the second access request, and execute a login operation of a system corresponding to the second system identifier through the global session, where the first access request is an access request received when the global session is invalid, and the second access request is an access request received when the global session is valid.
9. An electronic device, characterized in that the electronic device comprises a memory, a processor and a computer program stored on the memory and executable on the processor, which computer program, when executed by the processor, carries out the steps of the login management method according to any one of claims 1 to 7.
10. A computer-readable storage medium, characterized in that a computer program is stored thereon, which computer program, when being executed by a processor, carries out the steps of the login management method according to one of the claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210920175.9A CN115529154A (en) | 2022-08-01 | 2022-08-01 | Login management method, login management device, electronic device and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210920175.9A CN115529154A (en) | 2022-08-01 | 2022-08-01 | Login management method, login management device, electronic device and readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115529154A true CN115529154A (en) | 2022-12-27 |
Family
ID=84695090
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210920175.9A Pending CN115529154A (en) | 2022-08-01 | 2022-08-01 | Login management method, login management device, electronic device and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115529154A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116800546A (en) * | 2023-08-24 | 2023-09-22 | 北京建筑大学 | User switching method, system, terminal and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120291114A1 (en) * | 2011-05-13 | 2012-11-15 | Cch Incorporated | Single sign-on between applications |
| CN109413032A (en) * | 2018-09-03 | 2019-03-01 | 中国平安人寿保险股份有限公司 | A kind of single-point logging method, computer readable storage medium and gateway |
| CN110311899A (en) * | 2019-06-17 | 2019-10-08 | 平安医疗健康管理股份有限公司 | Multiservice system access method, device and server |
| WO2020155492A1 (en) * | 2019-01-31 | 2020-08-06 | 平安科技(深圳)有限公司 | Device id-based login state sharing method and device |
-
2022
- 2022-08-01 CN CN202210920175.9A patent/CN115529154A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120291114A1 (en) * | 2011-05-13 | 2012-11-15 | Cch Incorporated | Single sign-on between applications |
| CN109413032A (en) * | 2018-09-03 | 2019-03-01 | 中国平安人寿保险股份有限公司 | A kind of single-point logging method, computer readable storage medium and gateway |
| WO2020155492A1 (en) * | 2019-01-31 | 2020-08-06 | 平安科技(深圳)有限公司 | Device id-based login state sharing method and device |
| CN110311899A (en) * | 2019-06-17 | 2019-10-08 | 平安医疗健康管理股份有限公司 | Multiservice system access method, device and server |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116800546A (en) * | 2023-08-24 | 2023-09-22 | 北京建筑大学 | User switching method, system, terminal and storage medium |
| CN116800546B (en) * | 2023-08-24 | 2023-11-03 | 北京建筑大学 | User switching method, system, terminal and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107070945B (en) | Identity login method and equipment | |
| US8250635B2 (en) | Enabling authentication of openID user when requested identity provider is unavailable | |
| CN101990183B (en) | Method, device and system for protecting user information | |
| JP4880699B2 (en) | Method, system, and apparatus for protecting a service account | |
| CN111131242A (en) | Authority control method, device and system | |
| CN105227321B (en) | Information processing method, server and client | |
| CN107086979B (en) | User terminal verification login method and device | |
| CN103067378A (en) | Log-in control method and system based on two-dimension code | |
| CN103036902A (en) | Login control method and login control system based on two-dimension code | |
| CN108259502A (en) | For obtaining the identification method of interface access rights, server-side and storage medium | |
| CN103023919A (en) | Two-dimensional code based login control method and two-dimensional code based login control system | |
| CN110336870B (en) | Method, device and system for establishing remote office operation and maintenance channel and storage medium | |
| CN105827624A (en) | Identity verifying system | |
| US11165768B2 (en) | Technique for connecting to a service | |
| CN106060034A (en) | Account login method and device | |
| CN105681258A (en) | Session method and session device based on third-party server | |
| CN114071791A (en) | User plane function information reporting method, access network equipment and core network equipment | |
| CN104796408A (en) | Single-point live login method and single-point live login device | |
| CN109714363B (en) | Method and system for modifying switch password | |
| CN115529154A (en) | Login management method, login management device, electronic device and readable storage medium | |
| CN110224971B (en) | Method, authorization server, system, device and storage medium for authorizing login | |
| CN112597118B (en) | Shared file adding method and device | |
| CN111935151B (en) | Cross-domain unified login method and device, electronic equipment and storage medium | |
| CN116707844A (en) | Behavior tracking method and device based on public account number, electronic equipment and medium | |
| CN112351048B (en) | Interface access control method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |