CN115883113A - JWT-based login authentication method and related equipment - Google Patents

JWT-based login authentication method and related equipment Download PDF

Info

Publication number
CN115883113A
CN115883113A CN202111136161.XA CN202111136161A CN115883113A CN 115883113 A CN115883113 A CN 115883113A CN 202111136161 A CN202111136161 A CN 202111136161A CN 115883113 A CN115883113 A CN 115883113A
Authority
CN
China
Prior art keywords
jwt
edge system
target
target edge
determining
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111136161.XA
Other languages
Chinese (zh)
Inventor
马洪波
李净雅
邱凯义
刘洁
蔡笠
张正超
肖亚婷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Information and Telecommunication Co Ltd
State Grid Information and Telecommunication Co Ltd Beijing Branch
Original Assignee
State Grid Information and Telecommunication Co Ltd
State Grid Information and Telecommunication Co Ltd Beijing Branch
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Information and Telecommunication Co Ltd, State Grid Information and Telecommunication Co Ltd Beijing Branch filed Critical State Grid Information and Telecommunication Co Ltd
Priority to CN202111136161.XA priority Critical patent/CN115883113A/en
Publication of CN115883113A publication Critical patent/CN115883113A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Information Transfer Between Computers (AREA)

Abstract

The present disclosure provides a login authentication method and related devices based on JWT, which is implemented by a central system and an edge system, the method includes: the central system acquires a request sent by a target user for logging in a target edge system; the target user is any user who has logged in the central system; the central system generates JWT for the target user and splices the JWT to the network address of the target edge system; the target edge system acquires the JWT and verifies the JWT by using the key; the target edge system further verifies whether the JWT is expired in response to determining that the JWT passes the key verification; the target edge system further verifies whether JWT is misappropriated sm _ url in response to determining that JWT is not expired; the target edge system logs the target user into the target edge system in response to determining that the JWT is unmixed sm _ url. Through the method and the device, cross-system login can be realized without inputting login information again.

Description

基于JWT的登录认证方法及相关设备JWT-based login authentication method and related equipment

技术领域technical field

本公开涉及互联网技术领域,尤其涉及一种基于JWT的登录认证方法及相关设备。The present disclosure relates to the technical field of the Internet, in particular to a JWT-based login authentication method and related equipment.

背景技术Background technique

现有技术中的应用系统登录和认证方法通常是每个系统拥有自己独立的认证模块和权限数据,这样当系统过多的时候,登录每个系统都需要经过一次对应系统的认证,这种认证方式导致了登录操作频繁,用户使用不便,多系统登录效率很低。The application system login and authentication method in the prior art is usually that each system has its own independent authentication module and authority data, so when there are too many systems, each system needs to be authenticated once for the corresponding system. This method leads to frequent login operations, inconvenience for users, and low efficiency of multi-system login.

同时,数据的异构导致人员信息不能互通,用户信息的变化,需要多系统同步维护,极大的增加了维护成本。At the same time, the heterogeneity of data leads to the incompatibility of personnel information, and the change of user information requires simultaneous maintenance of multiple systems, which greatly increases maintenance costs.

发明内容Contents of the invention

有鉴于此,本公开的目的在于提出一种基于JWT的登录认证方法及相关设备。In view of this, the purpose of this disclosure is to propose a JWT-based login authentication method and related equipment.

基于上述目的,本公开提供了一种基于JWT的登录认证方法,通过中心系统和边缘系统实现,所述方法,包括:Based on the above purpose, the present disclosure provides a JWT-based login authentication method, which is realized by a central system and an edge system. The method includes:

所述中心系统获取目标用户发送的登录目标边缘系统的请求;所述目标用户为已经登录所述中心系统的任一用户;The central system obtains a request from a target user to log in to the target edge system; the target user is any user who has logged into the central system;

所述中心系统为所述目标用户生成JWT,并将所述JWT拼接到所述目标边缘系统的网络地址上;The central system generates a JWT for the target user, and splices the JWT into the network address of the target edge system;

所述目标边缘系统获取所述JWT,并利用密钥验证所述JWT;the target edge system obtains the JWT and verifies the JWT using a secret key;

所述目标边缘系统响应于确定所述JWT通过密钥验证,进一步验证所述JWT是否过期;The target edge system, in response to determining that the JWT passes key validation, further verifies whether the JWT has expired;

所述目标边缘系统响应于确定所述JWT未过期,进一步验证所述JWT是否混用sm_url;The target edge system, in response to determining that the JWT has not expired, further verifies whether the JWT mixes sm_url;

所述目标边缘系统响应于确定所述JWT未混用sm_url,使所述目标用户登录所述目标边缘系统。The target edge system logs the target user into the target edge system in response to determining that the JWT does not mix sm_url.

基于同一发明构思,本公开提供了一种基于JWT的登录认证系统,包括:中心系统和边缘系统;Based on the same inventive concept, the present disclosure provides a JWT-based login authentication system, including: a central system and an edge system;

所述中心系统,用于:The central system for:

获取目标用户发送的登录目标边缘系统的请求;所述目标用户为已经登录所述中心系统的任一用户;Obtaining a request sent by a target user to log in to the target edge system; the target user is any user who has already logged into the central system;

为所述目标用户生成JWT,并将所述JWT拼接到所述目标边缘系统的网络地址上;generating a JWT for the target user, and splicing the JWT to the network address of the target edge system;

所述目标边缘系统,用于:The target limbic system for:

获取所述JWT,并利用密钥验证所述JWT;Obtain the JWT, and verify the JWT with a secret key;

响应于确定所述JWT通过密钥验证,进一步验证所述JWT是否过期;further verifying whether the JWT has expired in response to determining that the JWT passes key validation;

响应于确定所述JWT未过期,进一步验证所述JWT是否混用sm_url;In response to determining that the JWT has not expired, further verifying whether the JWT is mixed with sm_url;

响应于确定所述JWT未混用sm_url,使所述目标用户登录所述目标边缘系统。Responsive to determining that the JWT is not mixed with sm_url, logging the target user into the target edge system.

基于同一发明构思,本公开提供了一种电子设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,所述处理器执行所述程序时实现如上所述的方法。Based on the same inventive concept, the present disclosure provides an electronic device, including a memory, a processor, and a computer program stored on the memory and operable on the processor, and the processor implements the above-mentioned method when executing the program .

基于同一发明构思,本公开提供了一种非暂态计算机可读存储介质,所述非暂态计算机可读存储介质存储计算机指令,所述计算机指令用于使计算机执行上述方法。Based on the same inventive concept, the present disclosure provides a non-transitory computer-readable storage medium, where the non-transitory computer-readable storage medium stores computer instructions, and the computer instructions are used to cause a computer to execute the above method.

从上面所述可以看出,本公开提供的基于JWT的登录认证方法及相关设备,通过中心系统和边缘系统实现,所述方法,包括:中心系统获取目标用户发送的登录目标边缘系统的请求;目标用户为已经登录中心系统的任一用户;中心系统为目标用户生成JWT,并将JWT拼接到目标边缘系统的网络地址上;目标边缘系统获取JWT,并利用密钥验证JWT;目标边缘系统响应于确定JWT通过密钥验证,进一步验证JWT是否过期;目标边缘系统响应于确定JWT未过期,进一步验证JWT是否混用sm_url;目标边缘系统响应于确定JWT未混用sm_url,使目标用户登录目标边缘系统。通过本公开,不需要再次输入登录信息即可实现跨系统登录。It can be seen from the above that the JWT-based login authentication method and related equipment provided by the present disclosure are implemented through the central system and the edge system. The method includes: the central system obtains the request sent by the target user to log in to the target edge system; The target user is any user who has logged into the central system; the central system generates a JWT for the target user, and splices the JWT to the network address of the target edge system; the target edge system obtains the JWT, and uses the key to verify the JWT; the target edge system responds Determine whether the JWT has passed the key verification, and further verify whether the JWT has expired; the target edge system further verifies whether the JWT is mixed with sm_url in response to determining that the JWT is not expired; Through the present disclosure, cross-system login can be realized without inputting login information again.

附图说明Description of drawings

为了更清楚地说明本公开或相关技术中的技术方案,下面将对实施例或相关技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本公开的实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the present disclosure or related technologies, the following will briefly introduce the accompanying drawings that need to be used in the descriptions of the embodiments or related technologies. Obviously, the accompanying drawings in the following description are only for the present disclosure Embodiments, for those of ordinary skill in the art, other drawings can also be obtained based on these drawings without any creative effort.

图1为本公开实施例提供的基于JWT的登录认证方法的一种流程示意图;FIG. 1 is a schematic flowchart of a JWT-based login authentication method provided by an embodiment of the present disclosure;

图2为本公开实施例提供的基于JWT的登录认证系统的一种结构示意图;FIG. 2 is a schematic structural diagram of a JWT-based login authentication system provided by an embodiment of the present disclosure;

图3为本公开实施例提供的一种更为具体的电子设备硬件结构示意图。FIG. 3 is a schematic diagram of a more specific hardware structure of an electronic device provided by an embodiment of the present disclosure.

具体实施方式Detailed ways

为使本公开的目的、技术方案和优点更加清楚明白,以下结合具体实施例,并参照附图,对本公开进一步详细说明。In order to make the purpose, technical solutions and advantages of the present disclosure clearer, the present disclosure will be further described in detail below in conjunction with specific embodiments and with reference to the accompanying drawings.

需要说明的是,除非另外定义,本公开实施例使用的技术术语或者科学术语应当为本公开所属领域内具有一般技能的人士所理解的通常意义。本公开实施例中使用的“第一”、“第二”以及类似的词语并不表示任何顺序、数量或者重要性,而只是用来区分不同的组成部分。“包括”或者“包含”等类似的词语意指出现该词前面的元件或者物件涵盖出现在该词后面列举的元件或者物件及其等同,而不排除其他元件或者物件。“连接”或者“相连”等类似的词语并非限定于物理的或者机械的连接,而是可以包括电性的连接,不管是直接的还是间接的。“上”、“下”、“左”、“右”等仅用于表示相对位置关系,当被描述对象的绝对位置改变后,则该相对位置关系也可能相应地改变。It should be noted that, unless otherwise defined, the technical terms or scientific terms used in the embodiments of the present disclosure shall have ordinary meanings understood by those skilled in the art to which the present disclosure belongs. "First", "second" and similar words used in the embodiments of the present disclosure do not indicate any sequence, quantity or importance, but are only used to distinguish different components. "Comprising" or "comprising" and similar words mean that the elements or items appearing before the word include the elements or items listed after the word and their equivalents, without excluding other elements or items. Words such as "connected" or "connected" are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. "Up", "Down", "Left", "Right" and so on are only used to indicate the relative positional relationship. When the absolute position of the described object changes, the relative positional relationship may also change accordingly.

有鉴于此,本公开提出一种基于JWT的登录认证方法及相关设备,采用基于JWT的平台登录认证对接方法,打破传统的系统登录和权限控制方式,整个过程通过安全校验,并使用JWT解决跨系统身份验证的问题,同时使用加密密钥机制进行传输,保护信息安全,降低被窃取、被伪造概率。In view of this, this disclosure proposes a JWT-based login authentication method and related equipment, adopts a JWT-based platform login authentication docking method, breaks the traditional system login and authority control methods, passes security verification throughout the entire process, and uses JWT to solve the problem. The issue of cross-system authentication, while using the encryption key mechanism for transmission, protects information security and reduces the probability of being stolen or forged.

JWT(JSON Web Token)是一个开放标准,它定义了一种紧凑的、自包含的方式,用于作为JSON对象在各方之间安全地传输信息。该信息可以被验证和信任,因为它是数字签名的。JWT (JSON Web Token) is an open standard that defines a compact, self-contained way to securely transmit information between parties as JSON objects. This information can be verified and trusted because it is digitally signed.

图1为本公开实施例提供的基于JWT的登录认证方法的一种流程示意图。FIG. 1 is a schematic flowchart of a JWT-based login authentication method provided by an embodiment of the present disclosure.

基于JWT的登录认证方法,通过中心系统和边缘系统实现,所述方法,包括:The JWT-based login authentication method is implemented through the central system and the edge system, and the method includes:

S110、中心系统获取目标用户发送的登录目标边缘系统的请求。目标用户为已经登录中心系统的任一用户。S110. The central system acquires a request sent by the target user to log in to the target edge system. The target user is any user who has logged into the central system.

S120、中心系统为目标用户生成JWT,并将JWT拼接到目标边缘系统的网络地址上。S120. The central system generates a JWT for the target user, and splices the JWT to the network address of the target edge system.

在一些实施例中,JWT包括:头部,载荷部和签名;In some embodiments, the JWT includes: a header, a payload and a signature;

头部,用于承载声明类型和声明加密的算法;Header, used to carry the declaration type and the encryption algorithm of the declaration;

载荷部,用于存放包括标准中注册的声明、公共的声明和私有的声明的有效信息;The payload section is used to store valid information including declarations registered in the standard, public declarations and private declarations;

签名,包括加密的头部、加密的载荷部和私钥。Signature, including encrypted header, encrypted payload and private key.

S130、目标边缘系统获取JWT,并利用密钥验证JWT。S130. The target edge system acquires the JWT, and uses the key to verify the JWT.

在一些实施例中,目标边缘系统利用密钥验证JWT,包括:In some embodiments, the target edge system verifies the JWT with a key, including:

目标边缘系统对头部进行解码,得到声明加密的算法,并利用声明加密的算法对头部和载荷部进行签名,得到验证用签名,响应于确定验证用签名与JWT中的签名相同,确定JWT通过密钥验证。The target edge system decodes the header, obtains the algorithm for claim encryption, and uses the algorithm for claim encryption to sign the header and the payload to obtain a signature for verification. In response to determining that the signature for verification is the same as the signature in the JWT, determine the JWT Pass key authentication.

S140、目标边缘系统响应于确定JWT通过密钥验证,进一步验证JWT是否过期。S140. The target edge system further verifies whether the JWT is expired in response to determining that the JWT passes the key verification.

在一些实施例中,标准中注册的声明中包括预设有效时刻,目标边缘系统响应于确定JWT通过密钥验证,进一步验证JWT是否过期,包括:In some embodiments, the statement registered in the standard includes a preset valid time, and the target edge system further verifies whether the JWT is expired in response to determining that the JWT passes the key verification, including:

目标边缘系统获取当前时刻,响应于确定当前时刻未超过预设有效时刻,确定JWT未过期。The target edge system obtains the current time, and in response to determining that the current time does not exceed the preset valid time, determines that the JWT has not expired.

S150、目标边缘系统响应于确定JWT未过期,进一步验证JWT是否混用sm_url。S150. In response to determining that the JWT has not expired, the target edge system further verifies whether the JWT is mixed with sm_url.

S160、目标边缘系统响应于确定JWT未混用sm_url,使目标用户登录目标边缘系统。S160. The target edge system enables the target user to log in the target edge system in response to determining that the JWT is not mixed with sm_url.

从上面所述可以看出,本公开提供的基于JWT的登录认证方法及相关设备,通过中心系统和边缘系统实现,所述方法,包括:中心系统获取目标用户发送的登录目标边缘系统的请求;目标用户为已经登录中心系统的任一用户;中心系统为目标用户生成JWT,并将JWT拼接到目标边缘系统的网络地址上;目标边缘系统获取JWT,并利用密钥验证JWT;目标边缘系统响应于确定JWT通过密钥验证,进一步验证JWT是否过期;目标边缘系统响应于确定JWT未过期,进一步验证JWT是否混用sm_url;目标边缘系统响应于确定JWT未混用sm_url,使目标用户登录目标边缘系统。通过本公开,不需要再次输入登录信息即可实现跨系统登录。It can be seen from the above that the JWT-based login authentication method and related equipment provided by the present disclosure are implemented through the central system and the edge system. The method includes: the central system obtains the request sent by the target user to log in to the target edge system; The target user is any user who has logged into the central system; the central system generates a JWT for the target user, and splices the JWT to the network address of the target edge system; the target edge system obtains the JWT, and uses the key to verify the JWT; the target edge system responds Determine whether the JWT has passed the key verification, and further verify whether the JWT has expired; the target edge system further verifies whether the JWT is mixed with sm_url in response to determining that the JWT is not expired; Through the present disclosure, cross-system login can be realized without inputting login information again.

需要说明的是,本公开实施例的方法可以由单个设备执行,例如一台计算机或服务器等。本实施例的方法也可以应用于分布式场景下,由多台设备相互配合来完成。在这种分布式场景的情况下,这多台设备中的一台设备可以只执行本公开实施例的方法中的某一个或多个步骤,这多台设备相互之间会进行交互以完成所述的方法。It should be noted that the methods in the embodiments of the present disclosure may be executed by a single device, such as a computer or a server. The method of this embodiment can also be applied in a distributed scenario, and is completed by cooperation of multiple devices. In the case of such a distributed scenario, one of the multiple devices may only perform one or more steps in the method of the embodiment of the present disclosure, and the multiple devices will interact with each other to complete all described method.

需要说明的是,上述对本公开的一些实施例进行了描述。其它实施例在所附权利要求书的范围内。在一些情况下,在权利要求书中记载的动作或步骤可以按照不同于上述实施例中的顺序来执行并且仍然可以实现期望的结果。另外,在附图中描绘的过程不一定要求示出的特定顺序或者连续顺序才能实现期望的结果。在某些实施方式中,多任务处理和并行处理也是可以的或者可能是有利的。It should be noted that some embodiments of the present disclosure are described above. Other implementations are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in an order different from those in the above-described embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. Multitasking and parallel processing are also possible or may be advantageous in certain embodiments.

基于同一发明构思,与上述任意实施例方法相对应的,本公开还提供了一种基于JWT的登录认证装置。Based on the same inventive concept, the present disclosure further provides a JWT-based login authentication device corresponding to the method in any of the above embodiments.

参考图2,所述基于JWT的登录认证装置,包括:中心系统210和边缘系统220;Referring to FIG. 2, the JWT-based login authentication device includes: a central system 210 and an edge system 220;

中心系统210,用于:Central system 210 for:

获取目标用户发送的登录目标边缘系统的请求;目标用户为已经登录中心系统的任一用户;Obtain the request sent by the target user to log in to the target edge system; the target user is any user who has already logged into the central system;

为目标用户生成JWT,并将JWT拼接到目标边缘系统的网络地址上;Generate JWT for the target user, and splicing the JWT to the network address of the target edge system;

目标边缘系统220,用于:target edge system 220 for:

获取JWT,并利用密钥验证JWT;Get the JWT and verify the JWT with the key;

响应于确定JWT通过密钥验证,进一步验证JWT是否过期;further verifying whether the JWT has expired in response to determining that the JWT passes key validation;

响应于确定JWT未过期,进一步验证JWT是否混用sm_url;In response to determining that the JWT has not expired, further verifying whether the JWT is mixed with sm_url;

响应于确定JWT未混用sm_url,使目标用户登录目标边缘系统。Responsive to determining that the JWT is not mixed with sm_url, the target user is logged into the target edge system.

在一些实施例中,中心系统210,具体用于:In some embodiments, the central system 210 is specifically used for:

生成头部,载荷部和签名;Generate header, payload and signature;

头部,用于承载声明类型和声明加密的算法;Header, used to carry the declaration type and the encryption algorithm of the declaration;

载荷部,用于存放包括标准中注册的声明、公共的声明和私有的声明的有效信息;The payload section is used to store valid information including declarations registered in the standard, public declarations and private declarations;

签名,包括加密的头部、加密的载荷部和私钥。Signature, including encrypted header, encrypted payload and private key.

在一些实施例中,目标边缘系统220,具体用于:In some embodiments, the target edge system 220 is specifically used for:

对头部进行解码,得到声明加密的算法,并利用声明加密的算法对头部和载荷部进行签名,得到验证用签名,响应于确定验证用签名与JWT中的签名相同,确定JWT通过密钥验证。Decoding the header to obtain a statement encryption algorithm, and using the statement encryption algorithm to sign the header and the payload part to obtain a verification signature, and in response to determining that the verification signature is the same as the signature in the JWT, determine the JWT passing key verify.

在一些实施例中,标准中注册的声明中包括预设有效时刻,目标边缘系统220,具体用于:In some embodiments, the statement registered in the standard includes a preset effective time, and the target edge system 220 is specifically used for:

获取当前时刻,响应于确定当前时刻未超过预设有效时刻,确定JWT未过期。The current time is obtained, and in response to determining that the current time does not exceed the preset effective time, it is determined that the JWT has not expired.

为了描述的方便,描述以上装置时以功能分为各种模块分别描述。当然,在实施本公开时可以把各模块的功能在同一个或多个软件和/或硬件中实现。For the convenience of description, when describing the above devices, functions are divided into various modules and described separately. Of course, when implementing the present disclosure, the functions of each module can be implemented in one or more pieces of software and/or hardware.

上述实施例的装置用于实现前述任一实施例中相应的基于JWT的登录认证方法,并且具有相应的方法实施例的有益效果,在此不再赘述。The device in the above embodiment is used to implement the corresponding JWT-based login authentication method in any of the above embodiments, and has the beneficial effects of the corresponding method embodiment, which will not be repeated here.

基于同一发明构思,与上述任意实施例方法相对应的,本公开还提供了一种电子设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,所述处理器执行所述程序时实现上任意一实施例所述的基于JWT的登录认证方法。Based on the same inventive concept, and corresponding to the methods in any of the above embodiments, the present disclosure also provides an electronic device, including a memory, a processor, and a computer program stored in the memory and operable on the processor, the processor When the program is executed, the JWT-based login authentication method described in any one of the above embodiments is realized.

图3示出了本实施例所提供的一种更为具体的电子设备硬件结构示意图,该设备可以包括:处理器1010、存储器1020、输入/输出接口1030、通信接口1040和总线1050。其中处理器1010、存储器1020、输入/输出接口1030和通信接口1040通过总线1050实现彼此之间在设备内部的通信连接。FIG. 3 shows a schematic diagram of a more specific hardware structure of an electronic device provided by this embodiment. The device may include: a processor 1010 , a memory 1020 , an input/output interface 1030 , a communication interface 1040 and a bus 1050 . The processor 1010 , the memory 1020 , the input/output interface 1030 and the communication interface 1040 are connected to each other within the device through the bus 1050 .

处理器1010可以采用通用的CPU(Central Processing Unit,中央处理器)、微处理器、应用专用集成电路(Application Specific Integrated Circuit,ASIC)、或者一个或多个集成电路等方式实现,用于执行相关程序,以实现本说明书实施例所提供的技术方案。The processor 1010 may be implemented by a general-purpose CPU (Central Processing Unit, central processing unit), a microprocessor, an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), or one or more integrated circuits, and is used to execute related programs to realize the technical solutions provided by the embodiments of this specification.

存储器1020可以采用ROM(Read Only Memory,只读存储器)、RAM(Random AccessMemory,随机存取存储器)、静态存储设备,动态存储设备等形式实现。存储器1020可以存储操作系统和其他应用程序,在通过软件或者固件来实现本说明书实施例所提供的技术方案时,相关的程序代码保存在存储器1020中,并由处理器1010来调用执行。The memory 1020 may be implemented in the form of ROM (Read Only Memory, read only memory), RAM (Random Access Memory, random access memory), static storage device, dynamic storage device, and the like. The memory 1020 can store operating systems and other application programs. When implementing the technical solutions provided by the embodiments of this specification through software or firmware, the relevant program codes are stored in the memory 1020 and invoked by the processor 1010 for execution.

输入/输出接口1030用于连接输入/输出模块,以实现信息输入及输出。输入/输出模块可以作为组件配置在设备中(图中未示出),也可以外接于设备以提供相应功能。其中输入设备可以包括键盘、鼠标、触摸屏、麦克风、各类传感器等,输出设备可以包括显示器、扬声器、振动器、指示灯等。The input/output interface 1030 is used to connect the input/output module to realize information input and output. The input/output module can be configured in the device as a component (not shown in the figure), or can be externally connected to the device to provide corresponding functions. The input device may include a keyboard, mouse, touch screen, microphone, various sensors, etc., and the output device may include a display, a speaker, a vibrator, an indicator light, and the like.

通信接口1040用于连接通信模块(图中未示出),以实现本设备与其他设备的通信交互。其中通信模块可以通过有线方式(例如USB、网线等)实现通信,也可以通过无线方式(例如移动网络、WIFI、蓝牙等)实现通信。The communication interface 1040 is used to connect a communication module (not shown in the figure), so as to realize the communication interaction between the device and other devices. The communication module can realize communication through wired means (such as USB, network cable, etc.), and can also realize communication through wireless means (such as mobile network, WIFI, Bluetooth, etc.).

总线1050包括一通路,在设备的各个组件(例如处理器1010、存储器1020、输入/输出接口1030和通信接口1040)之间传输信息。Bus 1050 includes a path that carries information between the various components of the device (eg, processor 1010, memory 1020, input/output interface 1030, and communication interface 1040).

需要说明的是,尽管上述设备仅示出了处理器1010、存储器1020、输入/输出接口1030、通信接口1040以及总线1050,但是在具体实施过程中,该设备还可以包括实现正常运行所必需的其他组件。此外,本领域的技术人员可以理解的是,上述设备中也可以仅包含实现本说明书实施例方案所必需的组件,而不必包含图中所示的全部组件。It should be noted that although the above device only shows the processor 1010, the memory 1020, the input/output interface 1030, the communication interface 1040 and the bus 1050, in the specific implementation process, the device may also include other components. In addition, those skilled in the art can understand that the above-mentioned device may only include components necessary to implement the solutions of the embodiments of this specification, and does not necessarily include all the components shown in the figure.

上述实施例的电子设备用于实现前述任一实施例中相应的基于JWT的登录认证方法,并且具有相应的方法实施例的有益效果,在此不再赘述。The electronic device in the above-mentioned embodiments is used to implement the corresponding JWT-based login authentication method in any of the above-mentioned embodiments, and has the beneficial effects of the corresponding method embodiments, which will not be repeated here.

基于同一发明构思,与上述任意实施例方法相对应的,本公开还提供了一种非暂态计算机可读存储介质,所述非暂态计算机可读存储介质存储计算机指令,所述计算机指令用于使所述计算机执行如上任一实施例所述的基于JWT的登录认证方法。Based on the same inventive concept, the present disclosure also provides a non-transitory computer-readable storage medium corresponding to the method in any of the above-mentioned embodiments, the non-transitory computer-readable storage medium stores computer instructions, and the computer instructions use It is used to make the computer execute the JWT-based login authentication method described in any one of the above embodiments.

本实施例的计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带,磁带磁磁盘存储或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。The computer-readable medium in this embodiment includes permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology. Information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read only memory (ROM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Flash memory or other memory technology, Compact Disc Read-Only Memory (CD-ROM), Digital Versatile Disc (DVD) or other optical storage, Magnetic tape cartridge, tape magnetic disk storage or other magnetic storage device or any other non-transmission medium that can be used to store information that can be accessed by a computing device.

上述实施例的存储介质存储的计算机指令用于使所述计算机执行如上任一实施例所述的基于JWT的登录认证方法,并且具有相应的方法实施例的有益效果,在此不再赘述。The computer instructions stored in the storage medium of the above embodiments are used to make the computer execute the JWT-based login authentication method described in any of the above embodiments, and have the beneficial effects of the corresponding method embodiments, which will not be repeated here.

需要说明的是,本公开的实施例还可以以下方式进一步描述:It should be noted that the embodiments of the present disclosure can also be further described in the following ways:

一种基于JWT的登录认证方法,通过中心系统和边缘系统实现,所述方法,包括:A JWT-based login authentication method, implemented by a central system and an edge system, the method includes:

中心系统获取目标用户发送的登录目标边缘系统的请求;目标用户为已经登录中心系统的任一用户;The central system obtains the request sent by the target user to log in to the target edge system; the target user is any user who has logged into the central system;

中心系统为目标用户生成JWT,并将JWT拼接到目标边缘系统的网络地址上;The central system generates a JWT for the target user, and splices the JWT to the network address of the target edge system;

目标边缘系统获取JWT,并利用密钥验证JWT;The target edge system obtains the JWT and verifies the JWT with the key;

目标边缘系统响应于确定JWT通过密钥验证,进一步验证JWT是否过期;The target edge system further verifies whether the JWT has expired in response to determining that the JWT passes key validation;

目标边缘系统响应于确定JWT未过期,进一步验证JWT是否混用sm_url;The target edge system, in response to determining that the JWT has not expired, further verifies whether the JWT is mixed with sm_url;

目标边缘系统响应于确定JWT未混用sm_url,使目标用户登录目标边缘系统。The target edge system logs the target user into the target edge system in response to determining that the JWT is not mixed with sm_url.

可选的,其中,JWT包括:头部,载荷部和签名;Optionally, JWT includes: header, payload and signature;

头部,用于承载声明类型和声明加密的算法;Header, used to carry the declaration type and the encryption algorithm of the declaration;

载荷部,用于存放包括标准中注册的声明、公共的声明和私有的声明的有效信息;The payload section is used to store valid information including declarations registered in the standard, public declarations and private declarations;

签名,包括加密的头部、加密的载荷部和私钥。Signature, including encrypted header, encrypted payload and private key.

可选的,其中,目标边缘系统利用密钥验证JWT,包括:Optionally, where the target edge system validates the JWT with a key, including:

目标边缘系统对头部进行解码,得到声明加密的算法,并利用声明加密的算法对头部和载荷部进行签名,得到验证用签名,响应于确定验证用签名与JWT中的签名相同,确定JWT通过密钥验证。The target edge system decodes the header, obtains the algorithm for claim encryption, and uses the algorithm for claim encryption to sign the header and the payload to obtain a signature for verification. In response to determining that the signature for verification is the same as the signature in the JWT, determine the JWT Pass key authentication.

可选的,其中,标准中注册的声明中包括预设有效时刻,目标边缘系统响应于确定JWT通过密钥验证,进一步验证JWT是否过期,包括:Optionally, the statement registered in the standard includes a preset valid time, and the target edge system further verifies whether the JWT is expired in response to determining that the JWT passes key verification, including:

目标边缘系统获取当前时刻,响应于确定当前时刻未超过预设有效时刻,确定JWT未过期。The target edge system obtains the current time, and in response to determining that the current time does not exceed the preset valid time, determines that the JWT has not expired.

一种基于JWT的登录认证系统,包括:中心系统和边缘系统;A JWT-based login authentication system, including: a central system and an edge system;

中心系统,用于:Central system for:

获取目标用户发送的登录目标边缘系统的请求;目标用户为已经登录中心系统的任一用户;Obtain the request sent by the target user to log in to the target edge system; the target user is any user who has already logged into the central system;

为目标用户生成JWT,并将JWT拼接到目标边缘系统的网络地址上;Generate JWT for the target user, and splicing the JWT to the network address of the target edge system;

目标边缘系统,用于:Targets the limbic system for:

获取JWT,并利用密钥验证JWT;Get the JWT and verify the JWT with the key;

响应于确定JWT通过密钥验证,进一步验证JWT是否过期;Further verifying whether the JWT has expired in response to determining that the JWT passes key verification;

响应于确定JWT未过期,进一步验证JWT是否混用sm_url;In response to determining that the JWT has not expired, further verifying whether the JWT is mixed with sm_url;

响应于确定JWT未混用sm_url,使目标用户登录目标边缘系统。Responsive to determining that the JWT is not mixed with sm_url, the target user is logged into the target edge system.

可选的,其中,中心系统,具体用于:Optionally, the central system is specifically used for:

生成头部,载荷部和签名;Generate header, payload and signature;

头部,用于承载声明类型和声明加密的算法;Header, used to carry the declaration type and the encryption algorithm of the declaration;

载荷部,用于存放包括标准中注册的声明、公共的声明和私有的声明的有效信息;The payload section is used to store valid information including declarations registered in the standard, public declarations and private declarations;

签名,包括加密的头部、加密的载荷部和私钥。Signature, including encrypted header, encrypted payload and private key.

可选的,其中,目标边缘系统,具体用于:Optionally, wherein the target limbic system is specifically used for:

对头部进行解码,得到声明加密的算法,并利用声明加密的算法对头部和载荷部进行签名,得到验证用签名,响应于确定验证用签名与JWT中的签名相同,确定JWT通过密钥验证。Decoding the header to obtain a statement encryption algorithm, and using the statement encryption algorithm to sign the header and the payload part to obtain a verification signature, and in response to determining that the verification signature is the same as the signature in the JWT, determine the JWT passing key verify.

可选的,其中,标准中注册的声明中包括预设有效时刻,目标边缘系统,具体用于:Optionally, the statement registered in the standard includes a preset effective time, the target limbic system, specifically for:

获取当前时刻,响应于确定当前时刻未超过预设有效时刻,确定JWT未过期。The current time is obtained, and in response to determining that the current time does not exceed the preset effective time, it is determined that the JWT has not expired.

一种电子设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,所述处理器执行所述程序时实现如上所述的方法。An electronic device includes a memory, a processor, and a computer program stored in the memory and operable on the processor, and the processor implements the above-mentioned method when executing the program.

一种非暂态计算机可读存储介质,所述非暂态计算机可读存储介质存储计算机指令,所述计算机指令用于使计算机执行上述方法。A non-transitory computer-readable storage medium, the non-transitory computer-readable storage medium stores computer instructions, and the computer instructions are used to cause a computer to execute the above method.

所属领域的普通技术人员应当理解:以上任何实施例的讨论仅为示例性的,并非旨在暗示本公开的范围(包括权利要求)被限于这些例子;在本公开的思路下,以上实施例或者不同实施例中的技术特征之间也可以进行组合,步骤可以以任意顺序实现,并存在如上所述的本公开实施例的不同方面的许多其它变化,为了简明它们没有在细节中提供。Those of ordinary skill in the art should understand that: the discussion of any of the above embodiments is exemplary only, and is not intended to imply that the scope of the present disclosure (including claims) is limited to these examples; under the idea of the present disclosure, the above embodiments or Combinations between technical features in different embodiments are also possible, steps may be implemented in any order, and there are many other variations of the different aspects of the disclosed embodiments as described above, which are not provided in detail for the sake of brevity.

另外,为简化说明和讨论,并且为了不会使本公开实施例难以理解,在所提供的附图中可以示出或可以不示出与集成电路(IC)芯片和其它部件的公知的电源/接地连接。此外,可以以框图的形式示出装置,以便避免使本公开实施例难以理解,并且这也考虑了以下事实,即关于这些框图装置的实施方式的细节是高度取决于将要实施本公开实施例的平台的(即,这些细节应当完全处于本领域技术人员的理解范围内)。在阐述了具体细节(例如,电路)以描述本公开的示例性实施例的情况下,对本领域技术人员来说显而易见的是,可以在没有这些具体细节的情况下或者这些具体细节有变化的情况下实施本公开实施例。因此,这些描述应被认为是说明性的而不是限制性的。In addition, to simplify illustration and discussion, and so as not to obscure the embodiments of the present disclosure, well-known power supply/connection circuits associated with integrated circuit (IC) chips and other components may or may not be shown in the provided figures. ground connection. Furthermore, devices may be shown in block diagram form in order to avoid obscuring the embodiments of the disclosure, and this also takes into account the fact that details regarding the implementation of these block diagram devices are highly dependent on the implementation of the embodiments of the disclosure in which they are to be implemented. platform (ie, the details should be well within the purview of those skilled in the art). Where specific details (eg, circuits) have been set forth in order to describe example embodiments of the present disclosure, it will be apparent to those skilled in the art that reference may be made without or with variation from these specific details. Embodiments of the present disclosure are implemented below. Accordingly, these descriptions should be regarded as illustrative rather than restrictive.

尽管已经结合了本公开的具体实施例对本公开进行了描述,但是根据前面的描述,这些实施例的很多替换、修改和变型对本领域普通技术人员来说将是显而易见的。例如,其它存储器架构(例如,动态RAM(DRAM))可以使用所讨论的实施例。Although the disclosure has been described in conjunction with specific embodiments thereof, many alternatives, modifications and variations of those embodiments will be apparent to those of ordinary skill in the art from the foregoing description. For example, other memory architectures such as dynamic RAM (DRAM) may use the discussed embodiments.

本公开实施例旨在涵盖落入所附权利要求的宽泛范围之内的所有这样的替换、修改和变型。因此,凡在本公开实施例的精神和原则之内,所做的任何省略、修改、等同替换、改进等,均应包含在本公开的保护范围之内。The disclosed embodiments are intended to embrace all such alterations, modifications and variations that fall within the broad scope of the appended claims. Therefore, any omissions, modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the embodiments of the present disclosure shall fall within the protection scope of the present disclosure.

Claims (10)

1.一种基于JWT的登录认证方法,通过中心系统和边缘系统实现,所述方法,包括:1. A JWT-based login authentication method, realized by a central system and an edge system, said method comprising: 所述中心系统获取目标用户发送的登录目标边缘系统的请求;所述目标用户为已经登录所述中心系统的任一用户;The central system obtains a request from a target user to log in to the target edge system; the target user is any user who has logged into the central system; 所述中心系统为所述目标用户生成JWT,并将所述JWT拼接到所述目标边缘系统的网络地址上;The central system generates a JWT for the target user, and splices the JWT into the network address of the target edge system; 所述目标边缘系统获取所述JWT,并利用密钥验证所述JWT;the target edge system obtains the JWT and verifies the JWT using a secret key; 所述目标边缘系统响应于确定所述JWT通过密钥验证,进一步验证所述JWT是否过期;The target edge system, in response to determining that the JWT passes key validation, further verifies whether the JWT has expired; 所述目标边缘系统响应于确定所述JWT未过期,进一步验证所述JWT是否混用sm_url;The target edge system, in response to determining that the JWT has not expired, further verifies whether the JWT mixes sm_url; 所述目标边缘系统响应于确定所述JWT未混用sm_url,使所述目标用户登录所述目标边缘系统。The target edge system logs the target user into the target edge system in response to determining that the JWT does not mix sm_url. 2.根据权利要求1所述的方法,其中,所述JWT包括:头部,载荷部和签名;2. The method according to claim 1, wherein the JWT comprises: a header, a payload and a signature; 所述头部,用于承载声明类型和声明加密的算法;The header is used to carry the declaration type and the encryption algorithm of the declaration; 所述载荷部,用于存放包括标准中注册的声明、公共的声明和私有的声明的有效信息;The payload part is used to store valid information including declarations registered in the standard, public declarations and private declarations; 所述签名,包括加密的所述头部、加密的所述载荷部和私钥。The signature includes the encrypted header, encrypted payload and private key. 3.根据权利要求2所述的方法,其中,所述目标边缘系统利用密钥验证所述JWT,包括:3. The method of claim 2, wherein the target edge system authenticating the JWT with a secret key comprises: 所述目标边缘系统对所述头部进行解码,得到所述声明加密的算法,并利用所述声明加密的算法对所述头部和所述载荷部进行签名,得到验证用签名,响应于确定所述验证用签名与所述JWT中的所述签名相同,确定所述JWT通过密钥验证。The target edge system decodes the header to obtain the statement encryption algorithm, and uses the statement encryption algorithm to sign the header and the payload to obtain a signature for verification, and responds to the determination The verification signature is the same as the signature in the JWT, and it is determined that the JWT passes key verification. 4.根据权利要求2所述的方法,其中,所述标准中注册的声明中包括预设有效时刻,所述目标边缘系统响应于确定所述JWT通过密钥验证,进一步验证所述JWT是否过期,包括:4. The method according to claim 2, wherein the statement registered in the standard includes a preset validity time, and the target edge system further verifies whether the JWT is expired in response to determining that the JWT passes key verification ,include: 所述目标边缘系统获取当前时刻,响应于确定所述当前时刻未超过所述预设有效时刻,确定所述JWT未过期。The target edge system acquires the current time, and in response to determining that the current time does not exceed the preset valid time, determines that the JWT has not expired. 5.一种基于JWT的登录认证系统,包括:中心系统和边缘系统;5. A JWT-based login authentication system, including: a central system and an edge system; 所述中心系统,用于:The central system for: 获取目标用户发送的登录目标边缘系统的请求;所述目标用户为已经登录所述中心系统的任一用户;Obtaining a request sent by a target user to log in to the target edge system; the target user is any user who has already logged into the central system; 为所述目标用户生成JWT,并将所述JWT拼接到所述目标边缘系统的网络地址上;generating a JWT for the target user, and splicing the JWT to the network address of the target edge system; 所述目标边缘系统,用于:The target limbic system for: 获取所述JWT,并利用密钥验证所述JWT;Obtain the JWT, and verify the JWT with a secret key; 响应于确定所述JWT通过密钥验证,进一步验证所述JWT是否过期;further verifying whether the JWT has expired in response to determining that the JWT passes key validation; 响应于确定所述JWT未过期,进一步验证所述JWT是否混用sm_url;In response to determining that the JWT has not expired, further verifying whether the JWT is mixed with sm_url; 响应于确定所述JWT未混用sm_url,使所述目标用户登录所述目标边缘系统。Responsive to determining that the JWT is not mixed with sm_url, logging the target user into the target edge system. 6.根据权利要求5所述的系统,其中,所述中心系统,具体用于:6. The system according to claim 5, wherein the central system is specifically used for: 生成头部,载荷部和签名;Generate header, payload and signature; 所述头部,用于承载声明类型和声明加密的算法;The header is used to carry the declaration type and the encryption algorithm of the declaration; 所述载荷部,用于存放包括标准中注册的声明、公共的声明和私有的声明的有效信息;The payload part is used to store valid information including declarations registered in the standard, public declarations and private declarations; 所述签名,包括加密的所述头部、加密的所述载荷部和私钥。The signature includes the encrypted header, encrypted payload and private key. 7.根据权利要求6所述的系统,其中,所述目标边缘系统,具体用于:7. The system according to claim 6, wherein the target edge system is specifically used for: 对所述头部进行解码,得到所述声明加密的算法,并利用所述声明加密的算法对所述头部和所述载荷部进行签名,得到验证用签名,响应于确定所述验证用签名与所述JWT中的所述签名相同,确定所述JWT通过密钥验证。Decoding the header to obtain the declared encryption algorithm, signing the header and the payload with the declared encrypted algorithm to obtain a verification signature, and responding to determining the verification signature Same as the signature in the JWT, it is determined that the JWT passes key verification. 8.根据权利要求6所述的系统,其中,所述标准中注册的声明中包括预设有效时刻,所述目标边缘系统,具体用于:8. The system according to claim 6, wherein the statement registered in the standard includes a preset effective time, and the target edge system is specifically used for: 获取当前时刻,响应于确定所述当前时刻未超过所述预设有效时刻,确定所述JWT未过期。The current time is obtained, and in response to determining that the current time does not exceed the preset effective time, it is determined that the JWT has not expired. 9.一种电子设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,所述处理器执行所述程序时实现如权利要求1至4任意一项所述的方法。9. An electronic device, comprising a memory, a processor, and a computer program stored on the memory and operable on the processor, when the processor executes the program, the method described in any one of claims 1 to 4 is realized. method. 10.一种非暂态计算机可读存储介质,所述非暂态计算机可读存储介质存储计算机指令,所述计算机指令用于使计算机执行权利要求1至4任一所述方法。10. A non-transitory computer-readable storage medium, the non-transitory computer-readable storage medium stores computer instructions, and the computer instructions are used to cause a computer to execute the method according to any one of claims 1 to 4.
CN202111136161.XA 2021-09-27 2021-09-27 JWT-based login authentication method and related equipment Pending CN115883113A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111136161.XA CN115883113A (en) 2021-09-27 2021-09-27 JWT-based login authentication method and related equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111136161.XA CN115883113A (en) 2021-09-27 2021-09-27 JWT-based login authentication method and related equipment

Publications (1)

Publication Number Publication Date
CN115883113A true CN115883113A (en) 2023-03-31

Family

ID=85762958

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111136161.XA Pending CN115883113A (en) 2021-09-27 2021-09-27 JWT-based login authentication method and related equipment

Country Status (1)

Country Link
CN (1) CN115883113A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118972147A (en) * 2024-08-30 2024-11-15 中电金信软件有限公司 Data transmission method and device

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118972147A (en) * 2024-08-30 2024-11-15 中电金信软件有限公司 Data transmission method and device

Similar Documents

Publication Publication Date Title
US9699180B2 (en) Cloud service authentication
US10382426B2 (en) Authentication context transfer for accessing computing resources via single sign-on with single use access tokens
US9386015B2 (en) Security model for industrial devices
US9083531B2 (en) Performing client authentication using certificate store on mobile device
US10009355B2 (en) Bootstrapping user authentication on devices
CN110677376B (en) Authentication method, related device and system and computer readable storage medium
JP6204986B2 (en) Safe handling of server certificate errors in synchronous communication
US10212151B2 (en) Method for operating a designated service, service unlocking method, and terminal
US8745401B1 (en) Authorizing actions performed by an online service provider
US20230370265A1 (en) Method, Apparatus and Device for Constructing Token for Cloud Platform Resource Access Control
KR102698459B1 (en) Method and system for authenticating transmission of security credentials to a device
CN106203021B (en) A kind of more certification modes are integrated to apply login method and system
WO2020143906A1 (en) Method and apparatus for trust verification
CN112653673B (en) Multi-factor authentication method and system based on single sign-on
KR102112897B1 (en) Roaming internet-accessible application state across trusted and untrusted platforms
CN113709115B (en) Authentication method and device
AU2022218907A1 (en) Secure module and method for app-to-app mutual trust through app-based identity
CN115460019A (en) Digital identity-based target application providing method and device, equipment and medium
CN112653676B (en) Identity authentication method and equipment crossing authentication system
CN115883113A (en) JWT-based login authentication method and related equipment
CN117097482A (en) Remote signature authority verification method, device, storage medium and processor
CN115221562A (en) Browser file signature method, device and computer-readable storage medium
CN110351090B (en) Group signature digital certificate revoking method and device, storage medium and electronic equipment
CN114329424A (en) Authority determination method and device, computer equipment and computer readable storage medium
CN114090996A (en) Multi-party system mutual trust authentication method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20230331

WD01 Invention patent application deemed withdrawn after publication