CN116170174B - Login authentication method and device, electronic equipment and storage medium - Google Patents
Login authentication method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN116170174B CN116170174B CN202211574354.8A CN202211574354A CN116170174B CN 116170174 B CN116170174 B CN 116170174B CN 202211574354 A CN202211574354 A CN 202211574354A CN 116170174 B CN116170174 B CN 116170174B
- Authority
- CN
- China
- Prior art keywords
- page
- access request
- authentication
- login page
- login
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 38
- 235000014510 cooky Nutrition 0.000 claims abstract description 64
- 238000012795 verification Methods 0.000 claims abstract description 61
- 230000004044 response Effects 0.000 claims abstract description 26
- 238000012545 processing Methods 0.000 claims description 15
- 238000004891 communication Methods 0.000 claims description 4
- 238000004590 computer program Methods 0.000 claims description 2
- 230000015654 memory Effects 0.000 description 14
- 238000010586 diagram Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000013515 script Methods 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The application provides a login authentication method, a login authentication device, electronic equipment and a storage medium, wherein the login authentication method comprises the following steps: and when the login information passes verification, returning the first system page to the sender of the first request, and sending the target token after the verification to the unified authentication login page, so that the unified authentication login page stores the target token in a cookie, and in response to a second access request for a second system, acquiring the target token from the cookie, and returning the second system page to the sender of the second request after the target token passes verification. The method and the device can realize unified login of different provider systems.
Description
Technical Field
The present disclosure relates to the field of secure login authentication technologies, and in particular, to a login authentication method, a device, an electronic device, and a storage medium.
Background
A typical factory will use development systems for each of the different software vendors, each of which typically has its own login module. Some good suppliers realize single sign-on, and all the systems of the suppliers can be accessed by one sign-on (called unified sign-on for short). There is no way to uniformly log in between different suppliers. Meanwhile, the user module designs among the systems are also different, so that when the systems of different suppliers need assistance, the systems need to be respectively adapted to different suppliers. It is a big problem for enterprises that the user and its associated modules do not have a unified standard. Most factories in the present stage require different suppliers to support well-known third party login modes such as mobile phone number login, weChat and the like. The problem of inconsistent user names can be solved.
But still difficult to solve for the following 2 problems: one aspect is the unified login problem between different suppliers. On the other hand, the factory level user module specifications, i.e. some factories may require suppliers to follow their specifications to adjust their respective user modules, but the suppliers are difficult to adjust, and basically all project codes are required, which is not desirable for general suppliers.
Disclosure of Invention
In view of this, the embodiments of the present application provide a login authentication method, a login authentication device, an electronic device, and a storage medium, which can implement unified login of different provider systems.
The technical scheme of the embodiment of the application is realized as follows:
in a first aspect, an embodiment of the present application provides a login authentication method, including the following steps:
responding to a first access request aiming at a first system, carrying out verification processing on the first access request, and sending a unified authentication login page to a sender of the first access request when the first access request needs to be accessed after login, wherein the first access request points to a first initial authentication login page, and the first initial authentication login page is a default authentication login page of the first system;
responding to the submitting operation of the unified authentication login page, and acquiring a token in the unified authentication login page, wherein the token carries login information;
verifying the login information, returning a first system page to a sender of the first request after the login information is verified, and sending a target token after the verification is passed to the unified authentication login page so that the unified authentication login page stores the target token in a cookie, wherein the first system page is an initial page for logging in the first system;
And responding to a second access request aiming at a second system, acquiring the target token from the cookie, and returning a second system page to a sender of the second request after the target token passes verification, wherein the second system page is an initial page for logging in the second system, the sender of the first request and the sender of the second request use the same local equipment, the second access request points to a second initial authentication login page, the second initial authentication login page is a default authentication login page of the second system, and the authentication modes of the first initial authentication login page and the second initial authentication login page are different.
In one possible implementation manner, after the verifying the first access request in response to the first access request for the first system, the method further includes:
and when the first access request does not need to be accessed after login, sending the first system page to a sender of the first access request.
In one possible implementation manner, the obtaining, in response to the submitting operation for the unified authentication login page, a token in the unified authentication login page includes:
And responding to the submitting operation of the unified authentication login page, detecting a request header/request parameter/cookie of the unified authentication login page, and acquiring a JWT token when the request header/request parameter/cookie of the unified authentication login page carries the JWT token, wherein the JWT token carries the login information.
In a possible implementation manner, after the detecting the request header/request parameter/the cookie of the unified authentication login page, the method further includes:
when the request header/request parameter of the unified authentication login page/the cookie does not carry the JWT token, or the request header/request parameter of the unified authentication login page/the JWT token in the cookie is out of date, determining that the authentication state is failed;
and returning prompt information of which the authentication state is failed to the sender of the first access request.
In one possible implementation, the obtaining the target token from the cookie in response to the second access request for the second system, and returning the second system page to the sender of the second request after the target token passes verification, includes:
Obtaining a verified JWT token from the cookie in response to a second access request for a second system;
and after the JWT token passes the verification, returning a second system page to the sender of the second request.
In one possible embodiment, the method further comprises:
responding to a third access request aiming at a third system, returning a third initial authentication login page to a sender of the third access request so that the sender of the third access request can log in based on the third initial authentication login page, wherein the third access request points to the third initial authentication login page, the third initial authentication login page is a default authentication login page of the third system, and the logic of judging the login state of the third initial authentication login page is different from that of the first initial authentication login page;
and responding to the submitting operation aiming at the third initial authentication login page, authenticating the submitting information, and returning a third system page to a sender of the third access request after the submitting information passes the authentication, wherein the third system page is an initial page logged in the third system.
In one possible embodiment, the method further comprises:
responding to a fourth access request aiming at a fourth system, and acquiring the target token from the cookie, wherein the fourth access request points to a fourth initial authentication login page, the fourth initial authentication login page is a default authentication login page of the fourth system, and the logic of the fourth initial authentication login page for judging the login state is different from that of the first initial authentication login page;
converting the login information in the target token to obtain target login information required by the fourth initial authentication login page;
and authenticating the fourth access request based on the target login information, and returning a fourth system page to a sender of the fourth access request after the authentication is passed, wherein the fourth system page is an initial page for logging in the fourth system.
In a second aspect, an embodiment of the present application further provides a login authentication device, where the device includes:
the first verification module is used for responding to a first access request aiming at a first system, carrying out verification processing on the first access request, and sending a unified authentication login page to a sender of the first access request when the first access request needs to be accessed after login, wherein the first access request points to a first initial authentication login page, and the first initial authentication login page is a default authentication login page of the first system;
The acquisition module is used for responding to the submitting operation of the unified authentication login page and acquiring a token in the unified authentication login page, wherein the token carries login information;
the second verification module is used for verifying the login information, returning a first system page to a sender of the first request after the login information passes verification, and sending a target token after the verification passes to the unified authentication login page so that the unified authentication login page stores the target token in a cookie, wherein the first system page is an initial page for logging in the first system;
the third verification module is used for responding to a second access request aiming at a second system, acquiring the target token from the cookie, and returning a second system page to a sender of the second request after the target token passes verification, wherein the second system page is an initial page for logging in the second system, the sender of the first request and the sender of the second request use the same local equipment, the second access request points to a second initial authentication login page, the second initial authentication login page is a default authentication login page of the second system, and the authentication modes of the first initial authentication login page and the second initial authentication login page are different.
In a third aspect, embodiments of the present application further provide an electronic device, including: a processor, a storage medium, and a bus, the storage medium storing machine-readable instructions executable by the processor, the processor in communication with the storage medium via the bus when the electronic device is running, the processor executing the machine-readable instructions to perform the login authentication method of any of the first aspects.
In a fourth aspect, embodiments of the present application further provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the login authentication method according to any one of the first aspects.
The embodiment of the application has the following beneficial effects:
by responding to a first access request aiming at a first system, carrying out verification processing on the first access request, intercepting the first access request when the first access request needs to be accessed after logging in, sending a unified authentication login page to a sender of the first access request, then responding to a submitting operation aiming at the unified authentication login page, acquiring a token in the unified authentication login page, then verifying login information, returning the first system page to the sender of the first request after the login information is verified, and sending a target token after the verification to the unified authentication login page so that the target token is stored in a cookie by the unified authentication login page, thus, direct access can be realized when other systems are accessed later, finally, responding to a second access request aiming at a second system, acquiring the target token from the cookie, and returning the second system page to the sender of the second request after the target token is verified, thereby realizing the unified login problem of systems of different suppliers.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered limiting the scope, and that other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic flow chart of steps S101-S104 provided in the embodiment of the present application;
fig. 2 is a schematic flow chart of steps S201-S202 provided in the embodiment of the present application;
fig. 3 is a schematic flow chart of steps S301 to S303 provided in the embodiment of the present application;
fig. 4 is a schematic structural diagram of a login authentication device according to an embodiment of the present application;
fig. 5 is a schematic diagram of a composition structure of an electronic device according to an embodiment of the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more clear, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it should be understood that the accompanying drawings in the present application are only for the purpose of illustration and description, and are not intended to limit the protection scope of the present application. In addition, it should be understood that the schematic drawings are not drawn to scale. A flowchart, as used in this application, illustrates operations implemented according to some embodiments of the present application. It should be understood that the operations of the flow diagrams may be implemented out of order and that steps without logical context may be performed in reverse order or concurrently. Moreover, one or more other operations may be added to the flow diagrams and one or more operations may be removed from the flow diagrams as directed by those skilled in the art.
In the following description, reference is made to "some embodiments" which describe a subset of all possible embodiments, but it is to be understood that "some embodiments" can be the same subset or different subsets of all possible embodiments and can be combined with one another without conflict.
In addition, the described embodiments are only some, but not all, of the embodiments of the present application. The components of the embodiments of the present application, which are generally described and illustrated in the figures herein, may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present application, as provided in the accompanying drawings, is not intended to limit the scope of the application, as claimed, but is merely representative of selected embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present application without making any inventive effort, are intended to be within the scope of the present application.
In the following description, the terms "first", "second", "third" and the like are merely used to distinguish similar objects and do not represent a particular ordering of the objects, it being understood that the "first", "second", "third" may be interchanged with a particular order or sequence, as permitted, to enable embodiments of the application described herein to be practiced otherwise than as illustrated or described herein.
It should be noted that the term "comprising" will be used in the embodiments of the present application to indicate the presence of the features stated hereinafter, but not to exclude the addition of other features.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used herein is for the purpose of describing embodiments of the present application and is not intended to be limiting of the present application.
Referring to fig. 1, fig. 1 is a schematic flow chart of steps S101 to S104 of a login authentication method according to an embodiment of the present application, and will be described with reference to steps S101 to S104 shown in fig. 1.
Step S101, responding to a first access request aiming at a first system, performing verification processing on the first access request, and sending a unified authentication login page to a sender of the first access request when the first access request needs to be accessed after login, wherein the first access request points to a first initial authentication login page, and the first initial authentication login page is a default authentication login page of the first system;
step S102, responding to the submitting operation of the unified authentication login page, and acquiring a token in the unified authentication login page, wherein the token carries login information;
Step S103, verifying the login information, returning a first system page to a sender of the first request after the login information is verified, and sending a target token after the verification is passed to the unified authentication login page so that the unified authentication login page stores the target token in a cookie, wherein the first system page is an initial page for logging in the first system;
step S104, responding to a second access request aiming at a second system, acquiring the target token from the cookie, and returning a second system page to a sender of the second request after the target token passes verification, wherein the second system page is an initial page for logging in the second system, the sender of the first request and the sender of the second request use the same local equipment, the second access request points to a second initial authentication login page, the second initial authentication login page is a default authentication login page of the second system, and the authentication modes of the first initial authentication login page and the second initial authentication login page are different.
According to the login authentication method, verification processing is carried out on a first access request aiming at a first system, when the first access request needs to be accessed after login, the first access request is intercepted, a unified authentication login page is sent to a sender of the first access request, then a token in the unified authentication login page is obtained in response to submitting operation aiming at the unified authentication login page, login information is verified, after the login information is verified, the first system page is returned to the sender of the first request, the verified target token is sent to the unified authentication login page, so that the target token is stored in a cookie by the unified authentication login page, direct access can be achieved when other systems are accessed later, finally, the target token is obtained from the cookie in response to a second access request aiming at a second system, and after the target token is verified, the second system page is returned to the sender of the second request, and therefore the unified login problem of systems of different suppliers is achieved.
The following describes the above exemplary steps of the embodiments of the present application, respectively.
In step S101, in response to a first access request for a first system, performing verification processing on the first access request, and when the first access request needs to be accessed after login, sending a unified authentication login page to a sender of the first access request, where the first access request points to a first initial authentication login page, and the first initial authentication login page is a default authentication login page of the first system.
In some embodiments, after the validating the first access request for the first system in response to the first access request, the method further comprises:
and when the first access request does not need to be accessed after login, sending the first system page to a sender of the first access request.
Here, the browser inputs the address of the first system, and determines whether to access a page (white list) that is accessible without logging in the gateway system, and if so, returns to the specific page directly (this operation is also called reverse proxy). Otherwise, the login state needs to be verified
In step S102, in response to the submitting operation for the unified authentication login page, a token in the unified authentication login page is obtained, where the token carries login information.
In some embodiments, the obtaining the token in the unified authentication login page in response to the submitting operation for the unified authentication login page includes:
and responding to the submitting operation of the unified authentication login page, detecting a request header/request parameter/cookie of the unified authentication login page, and acquiring a JWT token when the request header/request parameter/cookie of the unified authentication login page carries the JWT token, wherein the JWT token carries the login information.
In some embodiments, after the detecting the request header/request parameter/cookie of the unified authentication login page, the method further comprises:
when the request header/request parameter of the unified authentication login page/the cookie does not carry the JWT token, or the request header/request parameter of the unified authentication login page/the JWT token in the cookie is out of date, determining that the authentication state is failed;
and returning prompt information of which the authentication state is failed to the sender of the first access request.
Here, if the verification result (specifically, the verification manner is to determine whether the request header/request parameter/cookie 3 forms in the http request (to meet the requirements of different suppliers) carry jwt (a stateless authentication key to prevent single point of failure), if jwt expires or does not, it is regarded as verification failure). A verification failure is a non-login, which will redirect the address to the login page to the user authentication system and carry the original address (recorded for subsequent rebound to a specific page).
In the unified authentication login page, a user performs authentication login by using a plurality of authentication modes such as mobile phone numbers, weChat or user names. After authentication is successful, i.e. login is successful, jwt is returned to the unified authentication login page.
In step S103, the login information is verified, and after the login information is verified, a first system page is returned to the sender of the first request, and the target token after the verification is passed is sent to the unified authentication login page, so that the unified authentication login page stores the target token in a cookie, wherein the first system page is an initial page for logging in the first system.
In step S104, the target token is obtained from the cookie in response to the second access request for the second system, and after the target token passes verification, a second system page is returned to the sender of the second request, where the second system page is an initial page for logging in the second system, the sender of the first request and the sender of the second request use the same local device, the second access request points to a second initial authentication login page, and the second initial authentication login page is a default authentication login page of the second system, and the authentication manner of the first initial authentication login page is different from that of the second initial authentication login page.
In some embodiments, the obtaining the target token from the cookie in response to the second access request for the second system, and returning a second system page to the sender of the second request after the target token passes verification, comprises:
obtaining a verified JWT token from the cookie in response to a second access request for a second system;
and after the JWT token passes the verification, returning a second system page to the sender of the second request.
Here, the unified authentication login page is saved jwt into the cookie, as the http (browser) specification requires that the cookie be shared in the same domain and carried with each request. All other systems thus have jwt. Subsequent gateway verification will be successful and the specific page is returned directly. All pages can directly enter the unified authentication login page, and the unified authentication login page can not be transferred.
In some embodiments, referring to fig. 2, fig. 2 is a schematic flow chart of steps S201 to S202 provided in the embodiments of the present application, and each step will be described in connection with the description.
In step S201, in response to a third access request for a third system, a third initial authentication login page is returned to the sender of the third access request, so that the sender of the third access request can log in based on the third initial authentication login page, where the third access request refers to the third initial authentication login page, the third initial authentication login page is a default authentication login page of the third system, and the third initial authentication login page determines that the logic of the login state is different from that of the first initial authentication login page.
In step S202, in response to the submitting operation for the third initial authentication login page, the submitting information is authenticated, and after the authentication is passed, a third system page is returned to the sender of the third access request, where the third system page is an initial page for logging in to the third system.
Here, if the logics of the providers themselves for determining the login status are different, for example, some systems of the providers (third systems) verify the login status by session, or skip to the login page of the respective provider, that is, login is performed by the third initial authentication login page.
In some embodiments, referring to fig. 3, fig. 3 is a schematic flow chart of steps S301 to S303 provided in the embodiments of the present application, and each step will be described in connection with the description.
In step S301, the target token is obtained from the cookie in response to a fourth access request for a fourth system, where the fourth access request refers to a fourth initial authentication login page, the fourth initial authentication login page is a default authentication login page of the fourth system, and logic of the fourth initial authentication login page for determining a login state is different from that of the first initial authentication login page.
In step S302, the login information in the target token is converted to obtain target login information required by the fourth initial authentication login page.
In step S303, the fourth access request is authenticated based on the target login information, and after the authentication is passed, a fourth system page is returned to the sender of the fourth access request, where the fourth system page is an initial page for logging in the fourth system.
Here, when the logics of the providers themselves for determining the login status are different, for example, some systems of the providers (the fourth system) may verify the login status by session, and the providers may be allowed to adjust the corresponding logics. I.e. when it is decided by oneself to take jwt out of the cookie and translate it into the user information required by itself, so that the user module system of the provider is compatible, thus facilitating the modification by the provider.
In summary, the embodiment of the application has the following beneficial effects:
by responding to a first access request aiming at a first system, carrying out verification processing on the first access request, intercepting the first access request when the first access request needs to be accessed after logging in, sending a unified authentication login page to a sender of the first access request, then responding to a submitting operation aiming at the unified authentication login page, acquiring a token in the unified authentication login page, then verifying login information, returning the first system page to the sender of the first request after the login information is verified, and sending a target token after the verification to the unified authentication login page so that the target token is stored in a cookie by the unified authentication login page, thus, direct access can be realized when other systems are accessed later, finally, responding to a second access request aiming at a second system, acquiring the target token from the cookie, and returning the second system page to the sender of the second request after the target token is verified, thereby realizing the unified login problem of systems of different suppliers.
Based on the same inventive concept, the embodiment of the present application further provides a login authentication device corresponding to the login authentication method in the first embodiment, and since the principle of solving the problem of the device in the embodiment of the present application is similar to that of the login authentication method described above, the implementation of the device may refer to the implementation of the method, and the repetition is omitted.
As shown in fig. 4, fig. 4 is a schematic structural diagram of a login authentication device 400 according to an embodiment of the present application. The login authentication device 400 includes:
the first verification module is used for responding to a first access request aiming at a first system, carrying out verification processing on the first access request, and sending a unified authentication login page to a sender of the first access request when the first access request needs to be accessed after login, wherein the first access request points to a first initial authentication login page, and the first initial authentication login page is a default authentication login page of the first system;
the acquisition module is used for responding to the submitting operation of the unified authentication login page and acquiring a token in the unified authentication login page, wherein the token carries login information;
the second verification module is used for verifying the login information, returning a first system page to a sender of the first request after the login information passes verification, and sending a target token after the verification passes to the unified authentication login page so that the unified authentication login page stores the target token in a cookie, wherein the first system page is an initial page for logging in the first system;
The third verification module is used for responding to a second access request aiming at a second system, acquiring the target token from the cookie, and returning a second system page to a sender of the second request after the target token passes verification, wherein the second system page is an initial page for logging in the second system, the sender of the first request and the sender of the second request use the same local equipment, the second access request points to a second initial authentication login page, the second initial authentication login page is a default authentication login page of the second system, and the authentication modes of the first initial authentication login page and the second initial authentication login page are different.
Those skilled in the art will appreciate that the implementation functions of the units in the login authentication device 400 shown in fig. 4 can be understood with reference to the foregoing description of the login authentication method. The functions of the respective units in the login authentication device 400 shown in fig. 4 may be realized by a program running on a processor or by a specific logic circuit.
In one possible implementation, after the first authentication module 401 performs the authentication processing on the first access request for the first system in response to the first access request for the first system, the method further includes:
And when the first access request does not need to be accessed after login, sending the first system page to a sender of the first access request.
In one possible implementation, the obtaining module 402 obtains the token in the unified authentication login page in response to the submitting operation for the unified authentication login page, including:
and responding to the submitting operation of the unified authentication login page, detecting a request header/request parameter/cookie of the unified authentication login page, and acquiring a JWT token when the request header/request parameter/cookie of the unified authentication login page carries the JWT token, wherein the JWT token carries the login information.
In one possible implementation, after the obtaining module 402 detects the request header/request parameter/the cookie of the unified authentication login page, the method further includes:
when the request header/request parameter of the unified authentication login page/the cookie does not carry the JWT token, or the request header/request parameter of the unified authentication login page/the JWT token in the cookie is out of date, determining that the authentication state is failed;
And returning prompt information of which the authentication state is failed to the sender of the first access request.
In one possible implementation, the third verification module 404, in response to a second access request for a second system, obtains the target token from the cookie, and returns a second system page to the sender of the second request after the target token passes verification, including:
obtaining a verified JWT token from the cookie in response to a second access request for a second system;
and after the JWT token passes the verification, returning a second system page to the sender of the second request.
In one possible implementation, the third verification module 404 further includes:
responding to a third access request aiming at a third system, returning a third initial authentication login page to a sender of the third access request so that the sender of the third access request can log in based on the third initial authentication login page, wherein the third access request points to the third initial authentication login page, the third initial authentication login page is a default authentication login page of the third system, and the logic of judging the login state of the third initial authentication login page is different from that of the first initial authentication login page;
And responding to the submitting operation aiming at the third initial authentication login page, authenticating the submitting information, and returning a third system page to a sender of the third access request after the submitting information passes the authentication, wherein the third system page is an initial page logged in the third system.
In one possible implementation, the third verification module 404 further includes:
responding to a fourth access request aiming at a fourth system, and acquiring the target token from the cookie, wherein the fourth access request points to a fourth initial authentication login page, the fourth initial authentication login page is a default authentication login page of the fourth system, and the logic of the fourth initial authentication login page for judging the login state is different from that of the first initial authentication login page;
converting the login information in the target token to obtain target login information required by the fourth initial authentication login page;
and authenticating the fourth access request based on the target login information, and returning a fourth system page to a sender of the fourth access request after the authentication is passed, wherein the fourth system page is an initial page for logging in the fourth system.
The login authentication device performs authentication processing on a first access request by responding to the first access request aiming at a first system, intercepts the first access request when the first access request needs to be accessed after login, sends a unified authentication login page to a sender of the first access request, then acquires a token in the unified authentication login page by responding to the submitting operation aiming at the unified authentication login page, then authenticates login information, returns the first system page to the sender of the first request after the login information is authenticated, and sends the authenticated target token to the unified authentication login page so that the unified authentication login page stores the target token in a cookie.
As shown in fig. 5, fig. 5 is a schematic diagram of a composition structure of an electronic device 500 according to an embodiment of the present application, where the electronic device 500 includes:
The login authentication method comprises the steps of a processor 501, a storage medium 502 and a bus 503, wherein the storage medium 502 stores machine-readable instructions executable by the processor 501, when the electronic device 500 is running, the processor 501 communicates with the storage medium 502 through the bus 503, and the processor 501 executes the machine-readable instructions to execute the steps of the login authentication method according to the embodiment of the application.
In practice, the various components of the electronic device 500 are coupled together via a bus 503. It is understood that the bus 503 is used to enable connected communication between these components. The bus 503 includes a power bus, a control bus, and a status signal bus in addition to a data bus. But for clarity of illustration the various buses are labeled as bus 503 in fig. 5.
The electronic equipment performs verification processing on the first access request by responding to the first access request aiming at the first system, intercepts the first access request when the first access request needs to be accessed after logging in, sends a unified authentication login page to a sender of the first access request, then acquires a token in the unified authentication login page by responding to the submitting operation aiming at the unified authentication login page, then verifies login information, returns the first system page to the sender of the first request after the login information is verified, and sends the target token after the verification to the unified authentication login page so that the target token is stored in a cookie by the unified authentication login page.
The embodiment of the present application further provides a computer readable storage medium, where executable instructions are stored, and when the executable instructions are executed by at least one processor 501, the login authentication method described in the embodiment of the present application is implemented.
In some embodiments, the storage medium may be a magnetic random Access Memory (FRAM, ferromagneticRandom Access Memory), read Only Memory (ROM), programmable Read Only Memory (PROM, programmable Read-Only Memory), erasable programmable Read Only Memory (EPROM, erasableProgrammable Read-Only Memory), electrically erasable programmable Read Only Memory (EEPROM, electricallyErasable Programmable Read-Only Memory), flash Memory (Flash Memory), magnetic surface Memory, optical disk, or compact disk Read Only Memory (CD-ROM, compact Disc Read-Only Memory), or the like; but may be a variety of devices including one or any combination of the above memories.
In some embodiments, the executable instructions may be in the form of programs, software modules, scripts, or code, written in any form of programming language (including compiled or interpreted languages, or declarative or procedural languages), and they may be deployed in any form, including as stand-alone programs or as modules, components, subroutines, or other units suitable for use in a computing environment.
As an example, the executable instructions may, but need not, correspond to files in a file system, may be stored as part of a file that holds other programs or data, for example, in one or more scripts in a hypertext markup Language (HTML, hyperTextMarkup Language) document, in a single file dedicated to the program in question, or in multiple coordinated files (e.g., files that store one or more modules, sub-programs, or portions of code).
As an example, executable instructions may be deployed to be executed on one computing device or on multiple computing devices located at one site or, alternatively, distributed across multiple sites and interconnected by a communication network.
The computer readable storage medium performs verification processing on a first access request by responding to the first access request aiming at a first system, intercepts the first access request when the first access request needs to be accessed after logging in, sends a unified authentication login page to a sender of the first access request, then acquires a token in the unified authentication login page by responding to the submitting operation aiming at the unified authentication login page, verifies login information, returns the first system page to the sender of the first request after the login information is verified, and sends a target token after the verification to the unified authentication login page, so that the target token is stored in a cookie by the unified authentication login page, and then, when other systems are accessed later, direct access can be realized by the target token in the cookie, finally, the target token is acquired from the cookie in response to the second access request aiming at a second system, and returns the second system page to the sender of the second request after the target token is verified, thereby realizing unified login of systems of different suppliers.
In several embodiments provided in the present application, it should be understood that the disclosed method and electronic device may be implemented in other manners. The above described device embodiments are only illustrative, e.g. the division of the units is only one logical function division, and there may be other divisions in practice, such as: multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. In addition, the various components shown or discussed may be coupled or directly coupled or communicatively coupled to each other via some interface, whether indirectly coupled or communicatively coupled to devices or units, whether electrically, mechanically, or otherwise.
The modules described as separate components may or may not be physically separate, and components shown as modules may or may not be physical units, may be located in one place, or may be distributed over multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a non-volatile computer readable storage medium executable by a processor. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a platform server, or a network device, etc.) to perform all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a usb disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk, etc.
The foregoing is merely a specific embodiment of the present application, but the protection scope of the present application is not limited thereto, and any person skilled in the art can easily think about changes or substitutions within the technical scope of the present application, and the changes or substitutions are covered in the protection scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (8)
1. A login authentication method, comprising the steps of:
responding to a first access request aiming at a first system, carrying out verification processing on the first access request, and sending a unified authentication login page to a sender of the first access request when the first access request needs to be accessed after login, wherein the first access request points to a first initial authentication login page, and the first initial authentication login page is a default authentication login page of the first system;
responding to the submitting operation of the unified authentication login page, and acquiring a token in the unified authentication login page, wherein the token carries login information;
verifying the login information, returning a first system page to a sender of the first access request after the login information is verified, and sending a target token after the verification is passed to the unified authentication login page so that the unified authentication login page stores the target token in a cookie, wherein the first system page is an initial page for logging in the first system;
responding to a second access request aiming at a second system, acquiring the target token from the cookie, and returning a second system page to a sender of the second access request after the target token passes verification, wherein the second system page is an initial page for logging in the second system, the sender of the first access request and the sender of the second access request use the same local equipment, the second access request points to a second initial authentication login page, the second initial authentication login page is a default authentication login page of the second system, and the authentication modes of the first initial authentication login page and the second initial authentication login page are different;
Responding to a third access request aiming at a third system, returning a third initial authentication login page to a sender of the third access request so that the sender of the third access request can log in based on the third initial authentication login page, wherein the third access request points to the third initial authentication login page, the third initial authentication login page is a default authentication login page of the third system, and the logic of judging the login state of the third initial authentication login page is different from that of the first initial authentication login page;
responding to the submitting operation aiming at the third initial authentication login page, authenticating the submitting information, and returning a third system page to a sender of the third access request after the submitting information passes the authentication, wherein the third system page is an initial page for logging in the third system;
responding to a fourth access request aiming at a fourth system, and acquiring the target token from the cookie, wherein the fourth access request points to a fourth initial authentication login page, the fourth initial authentication login page is a default authentication login page of the fourth system, and the logic of the fourth initial authentication login page for judging the login state is different from that of the first initial authentication login page;
Converting the login information in the target token to obtain target login information required by the fourth initial authentication login page;
and authenticating the fourth access request based on the target login information, and returning a fourth system page to a sender of the fourth access request after the authentication is passed, wherein the fourth system page is an initial page for logging in the fourth system.
2. The method of claim 1, wherein after the validating the first access request for the first system in response to the first access request, the method further comprises:
and when the first access request does not need to be accessed after login, sending the first system page to a sender of the first access request.
3. The method of claim 1, wherein the obtaining the token in the unified authentication landing page in response to the submitting operation for the unified authentication landing page comprises:
and responding to the submitting operation of the unified authentication login page, detecting a request header/request parameter/cookie of the unified authentication login page, and acquiring a JWT token when the request header/request parameter/cookie of the unified authentication login page carries the JWT token, wherein the JWT token carries the login information.
4. The method of claim 3, wherein after the detecting the request header/request parameters/cookie of the unified authentication login page, the method further comprises:
when the request header/request parameter of the unified authentication login page/the cookie does not carry the JWT token, or the request header/request parameter of the unified authentication login page/the JWT token in the cookie is out of date, determining that the authentication state is failed;
and returning prompt information of which the authentication state is failed to the sender of the first access request.
5. The method of claim 1, wherein the obtaining the target token from the cookie in response to the second access request for the second system and returning a second system page to the sender of the second access request after the target token passes verification, comprises:
obtaining a verified JWT token from the cookie in response to a second access request for a second system;
and after the JWT token passes the verification, returning a second system page to the sender of the second access request.
6. A login authentication device, the device comprising:
The first verification module is used for responding to a first access request aiming at a first system, carrying out verification processing on the first access request, and sending a unified authentication login page to a sender of the first access request when the first access request needs to be accessed after login, wherein the first access request points to a first initial authentication login page, and the first initial authentication login page is a default authentication login page of the first system;
the acquisition module is used for responding to the submitting operation of the unified authentication login page and acquiring a token in the unified authentication login page, wherein the token carries login information;
the second verification module is used for verifying the login information, returning a first system page to a sender of the first access request after the login information passes verification, and sending a target token after the verification passes to the unified authentication login page so that the unified authentication login page stores the target token in a cookie, wherein the first system page is an initial page for logging in the first system;
the third verification module is used for responding to a second access request aiming at a second system, acquiring the target token from the cookie, and returning a second system page to a sender of the second access request after the target token passes verification, wherein the second system page is an initial page for logging in the second system, the sender of the first access request and the sender of the second access request use the same local equipment, the second access request points to a second initial authentication login page, the second initial authentication login page is a default authentication login page of the second system, and the authentication modes of the first initial authentication login page and the second initial authentication login page are different; responding to a third access request aiming at a third system, returning a third initial authentication login page to a sender of the third access request so that the sender of the third access request can log in based on the third initial authentication login page, wherein the third access request points to the third initial authentication login page, the third initial authentication login page is a default authentication login page of the third system, and the logic of judging the login state of the third initial authentication login page is different from that of the first initial authentication login page; responding to the submitting operation aiming at the third initial authentication login page, authenticating the submitting information, and returning a third system page to a sender of the third access request after the submitting information passes the authentication, wherein the third system page is an initial page for logging in the third system; responding to a fourth access request aiming at a fourth system, and acquiring the target token from the cookie, wherein the fourth access request points to a fourth initial authentication login page, the fourth initial authentication login page is a default authentication login page of the fourth system, and the logic of the fourth initial authentication login page for judging the login state is different from that of the first initial authentication login page; converting the login information in the target token to obtain target login information required by the fourth initial authentication login page; and authenticating the fourth access request based on the target login information, and returning a fourth system page to a sender of the fourth access request after the authentication is passed, wherein the fourth system page is an initial page for logging in the fourth system.
7. An electronic device, comprising: a processor, a storage medium, and a bus, the storage medium storing machine-readable instructions executable by the processor, the processor in communication with the storage medium via the bus when the electronic device is running, the processor executing the machine-readable instructions to perform the login authentication method according to any one of claims 1 to 5.
8. A computer readable storage medium, characterized in that the computer readable storage medium has stored thereon a computer program which, when executed by a processor, performs the login authentication method according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211574354.8A CN116170174B (en) | 2022-12-08 | 2022-12-08 | Login authentication method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211574354.8A CN116170174B (en) | 2022-12-08 | 2022-12-08 | Login authentication method and device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116170174A CN116170174A (en) | 2023-05-26 |
| CN116170174B true CN116170174B (en) | 2024-04-12 |
Family
ID=86410290
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211574354.8A Active CN116170174B (en) | 2022-12-08 | 2022-12-08 | Login authentication method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116170174B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105162779A (en) * | 2015-08-20 | 2015-12-16 | 南威软件股份有限公司 | Method for using uniform user authentication in multiple systems |
| CN108600203A (en) * | 2018-04-11 | 2018-09-28 | 四川长虹电器股份有限公司 | Secure Single Sign-on method based on Cookie and its unified certification service system |
| CN113472735A (en) * | 2021-05-13 | 2021-10-01 | 新华三大数据技术有限公司 | Big data service single sign-on method, device and storage medium |
| CN113761509A (en) * | 2021-09-18 | 2021-12-07 | 中国银行股份有限公司 | iframe verification login method and device |
| CN115225354A (en) * | 2022-07-07 | 2022-10-21 | 通号智慧城市研究设计院有限公司 | Multi-application single sign-on method, device, computer equipment and medium |
-
2022
- 2022-12-08 CN CN202211574354.8A patent/CN116170174B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105162779A (en) * | 2015-08-20 | 2015-12-16 | 南威软件股份有限公司 | Method for using uniform user authentication in multiple systems |
| CN108600203A (en) * | 2018-04-11 | 2018-09-28 | 四川长虹电器股份有限公司 | Secure Single Sign-on method based on Cookie and its unified certification service system |
| CN113472735A (en) * | 2021-05-13 | 2021-10-01 | 新华三大数据技术有限公司 | Big data service single sign-on method, device and storage medium |
| CN113761509A (en) * | 2021-09-18 | 2021-12-07 | 中国银行股份有限公司 | iframe verification login method and device |
| CN115225354A (en) * | 2022-07-07 | 2022-10-21 | 通号智慧城市研究设计院有限公司 | Multi-application single sign-on method, device, computer equipment and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116170174A (en) | 2023-05-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107948167B (en) | Single sign-on method and device | |
| CN102281311B (en) | Method, system and device for implementing network service based on open application programming interface | |
| CN104580074B (en) | The login method of client application and its corresponding server | |
| US20170346805A1 (en) | Login method and apparatus, and open platform system | |
| JP6533871B2 (en) | System and method for controlling sign-on to web applications | |
| CN103634301A (en) | Client side and method for accessing private data stored in server by user | |
| CN112800411B (en) | Multi-protocol and multi-mode supporting safe and reliable identity authentication method and device | |
| KR20150040325A (en) | Cloud-assisted method and service for application security verification | |
| CN111698250A (en) | Access request processing method and device, electronic equipment and computer storage medium | |
| CN104506542A (en) | Security certification method and security certification system | |
| CN111475795A (en) | Method and device for unified authentication and authorization facing to multiple applications | |
| CN111177672A (en) | Page access control method and device and electronic equipment | |
| CN112965955B (en) | Data migration method, device, computer equipment and storage medium | |
| CN111737687A (en) | Access control method, system, electronic device and medium for webpage application system | |
| Fett et al. | Analyzing the BrowserID SSO system with primary identity providers using an expressive model of the web | |
| CN107948148A (en) | It is a kind of to simulate for the method and device filled out | |
| CN115022047B (en) | Account login method and device based on multi-cloud gateway, computer equipment and medium | |
| CN112434054A (en) | Audit log updating method and device | |
| CN113761509B (en) | iframe verification login method and device | |
| CN101222505A (en) | Method for implementing client terminal local disposition | |
| CN113901429A (en) | Access method and device of multi-tenant system | |
| CN116170174B (en) | Login authentication method and device, electronic equipment and storage medium | |
| CN107979577A (en) | A kind of method and apparatus of terminal authentication | |
| JP5630245B2 (en) | Accreditation information verification apparatus, accreditation information verification program, accreditation information verification system, and accreditation information verification method | |
| CN114157472B (en) | Network access control method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |