CN117675338A - Method and system for communicating different authentication systems - Google Patents
Method and system for communicating different authentication systems Download PDFInfo
- Publication number
- CN117675338A CN117675338A CN202311650881.7A CN202311650881A CN117675338A CN 117675338 A CN117675338 A CN 117675338A CN 202311650881 A CN202311650881 A CN 202311650881A CN 117675338 A CN117675338 A CN 117675338A
- Authority
- CN
- China
- Prior art keywords
- authentication
- token
- authentication system
- user
- systems
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 46
- 230000008569 process Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 239000000243 solution Substances 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000002347 injection Methods 0.000 description 2
- 239000007924 injection Substances 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 235000010627 Phaseolus vulgaris Nutrition 0.000 description 1
- 244000046052 Phaseolus vulgaris Species 0.000 description 1
- 239000008186 active pharmaceutical agent Substances 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to the technical field of Internet, in particular to a method and a system for mutually communicating different authentication systems, wherein the method comprises the following steps: setting a configuration menu address of the first authentication system as an address of a front page of the second authentication system, wherein the configuration menu address comprises an authentication token; acquiring an authentication token on a front-end page of a second authentication system, and placing the authentication token on a request head of a network in the second authentication system; acquiring an authentication token on a request head in a back-end system of a second authentication system, and then accessing a user interface of the first authentication system according to the authentication token in the back-end system to acquire user information; authentication information for authentication of the second authentication system is created based on the user information and the authentication token, and user authentication is performed in the second authentication system based on the authentication information. The invention enables service interfaces of different and mutually independent service systems to be mutually called and share the same user system, thereby solving the jump problem among different service systems.
Description
Technical Field
The invention relates to the technical field of Internet, in particular to a method and a system for mutually communicating different authentication systems.
Background
Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. Using the easy-to-understand API of Apache Shiro, enterprise applications can be quickly and easily built.
Spring Security is a Security framework that can provide a declarative secure access control solution for Spring-based enterprise application systems. The method provides a set of beans which can be configured in the Spring application context, fully utilizes Spring IoC (Inversion of Control, control inversion), DI (Dependency Injection, dependent injection) and AOP (tangential plane programming) functions, provides declarative security access control functions for an application system, and reduces the task of writing a large number of repeated codes for enterprise system security control.
However, in the actual use scenario, if one set of service system uses the Apache Shiro framework and the other set of service system uses the Spring Security framework, the authentication tokens of the two sets of systems cannot be used commonly, and cannot access the interface without any obstacle, so that the user experience is poor.
Disclosure of Invention
The invention provides a method and a system for mutually communicating different authentication systems, and aims to solve the technical problems that tokens among different authentication systems are not universal and are difficult to access in the prior art.
To solve the above technical problem, in a first aspect, the present invention provides a method for mutually opening different authentication systems, the method includes the following steps:
s1, setting a configuration menu address of a first authentication system as an address of a front-end page of a second authentication system, wherein the configuration menu address comprises an authentication token for user authentication of the first authentication system;
s2, acquiring the authentication token from a front-end page of the second authentication system, and placing the authentication token on a request head of a network in the second authentication system;
s3, acquiring the authentication token on the request head in a back-end system of the second authentication system, and accessing a user interface of the first authentication system in the back-end system of the second authentication system according to the authentication token to acquire user information;
and S4, creating authentication information for user authentication of the second authentication system based on the user information and the authentication token, and carrying out user authentication in the second authentication system based on the authentication information.
Still further, the first authentication system is implemented based on a Spring Security framework, and the second authentication system is implemented based on an Apache Shiro framework.
Further, the front-end page of the second authentication system is implemented based on an iframe.
Further, the backend system of the second authentication system is realized based on java.
Further, in step S3, the step of obtaining the authentication token on the request header in the backend system of the second authentication system specifically includes:
and in a back-end system of the second authentication system, the authentication token on the request head of the doGetAuthenticalnfo method is acquired by inheriting the doGetAuthenticalnfo method of the AuthorizingRealm class.
Further, in step S3, accessing, in the backend system of the second authentication system, the user interface of the first authentication system according to the authentication token to obtain user information, which specifically includes:
accessing the first authentication system by taking the authentication token as a head of a link accessing the first authentication system based on a RestTemplate method in a back-end system of the second authentication system, wherein:
and if the authentication token is a legal token for the first authentication system, the first authentication system returns the user information to the second authentication system through the user interface.
In a second aspect, the present invention also provides a system for mutually communicating different authentication systems, including:
the configuration module is used for setting a configuration menu address of the first authentication system as an address of a front-end page of the second authentication system, wherein the configuration menu address comprises an authentication token for user authentication of the first authentication system;
the token acquisition module is used for acquiring the authentication token on a front-end page of the second authentication system and placing the authentication token on a request head of a network in the second authentication system;
the first authentication module is used for acquiring the authentication token on the request head in a back-end system of the second authentication system, and then accessing a user interface of the first authentication system according to the authentication token in the back-end system of the second authentication system to acquire user information;
and the second authentication module is used for creating authentication information for user authentication of the second authentication system based on the user information and the authentication token and carrying out user authentication in the second authentication system based on the authentication information.
Still further, the first authentication system is implemented based on a Spring Security framework, and the second authentication system is implemented based on an Apache Shiro framework.
The invention has the beneficial effects that a method and a system for mutually communicating authentication systems constructed aiming at different frameworks are provided, interfaces of different authentication systems are interactively accessed in the modes of authentication tokens, request heads and access links, so that data among different service systems which are mutually independent can be associated, service interfaces can be mutually called and share the same set of user system, the jump problem among different service systems is solved, and user experience is optimized.
Drawings
Fig. 1 is a flow chart of method steps for mutually opening different authentication systems according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of processing a request header code according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of interaction of a method for mutually opening different authentication systems according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a system in which different authentication systems according to an embodiment of the present invention are mutually opened.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
Referring to fig. 1, fig. 1 is a flow chart of steps of a method for mutually opening different authentication systems according to an embodiment of the present invention, and the method includes the following steps:
s1, setting a configuration menu address of a first authentication system as an address of a front-end page of a second authentication system, wherein the configuration menu address comprises an authentication token for user authentication of the first authentication system.
The first authentication system is realized based on a Spring Security framework, and the second authentication system is realized based on an Apache Shiro framework. The authentication token is in the form of token, i.e. a temporary used encryption string in the embodiment of the invention.
The front-end page of the second authentication system is realized based on the iframe. The iframe is an HTML tag, which is used as a document in the document or a floating frame, and the iframe element creates an inline frame containing another document, and in the embodiment of the present invention, the address of the front page of the second authentication system is nested in the iframe.
S2, acquiring the authentication token from the front-end page of the second authentication system, and placing the authentication token on a request head of a network in the second authentication system.
And the backend system of the second authentication system is realized based on java. Specifically, the front page of the authentication system (i.e. the second authentication system) based on Apache Shiro acquires the authentication token on the access link, and puts the authentication token on the request header of each network of the system, which can be implemented based on the code processing mode shown in fig. 2.
S3, acquiring the authentication token on the request head in a back-end system of the second authentication system, and accessing a user interface of the first authentication system in the back-end system of the second authentication system according to the authentication token to acquire user information.
The step of acquiring the authentication token on the request head in the back-end system of the second authentication system specifically comprises the following steps:
and in a back-end system of the second authentication system, the authentication token on the request head of the doGetAuthenticalnfo method is acquired by inheriting the doGetAuthenticalnfo method of the AuthorizingRealm class.
Accessing a user interface of the first authentication system in a back-end system of the second authentication system according to the authentication token to acquire user information, wherein the step specifically comprises the following steps:
accessing the first authentication system by taking the authentication token as a head of a link accessing the first authentication system based on a RestTemplate method in a back-end system of the second authentication system, wherein:
and if the authentication token is a legal token for the first authentication system, the first authentication system returns the user information to the second authentication system through the user interface.
Correspondingly, if the authentication token is an illegal token for the first authentication system, the user authentication fails for the first authentication system, the second authentication system cannot correctly acquire the user information, and the authentication process is ended.
And S4, creating authentication information for user authentication of the second authentication system based on the user information and the authentication token, and carrying out user authentication in the second authentication system based on the authentication information.
In the embodiment of the invention, the interaction process between the first authentication system realized based on the Spring Security framework and the second authentication system realized based on the Apache Shiro framework is realized, and the use condition of each function is shown in figure 3.
The user authentication in step S4 will also fail due to an illegal situation of the authentication information. When the user authentication is successful, the user is indicated to have corresponding user information in the two authentication systems, and the data interaction purpose of the two authentication systems is achieved.
The invention has the beneficial effects that a method and a system for mutually communicating authentication systems constructed aiming at different frameworks are provided, the interfaces of different authentication systems are interactively accessed in the modes of authentication tokens, request heads and access links, so that data among different and mutually independent service systems can be associated, service interfaces can be mutually called and share the same set of user system, the jump problem among different service systems is solved, and the user experience is optimized.
Referring to fig. 4, fig. 4 is a schematic structural diagram of a system for mutually opening different authentication systems provided in the embodiment of the present invention, where the system 200 for mutually opening different authentication systems includes:
a configuration module 201, configured to set a configuration menu address of a first authentication system to an address of a front page of a second authentication system, where the configuration menu address includes an authentication token for user authentication of the first authentication system;
a token acquisition module 202, configured to acquire the authentication token on a front page of the second authentication system, and place the authentication token on a request header of a network in the second authentication system;
a first authentication module 203, configured to obtain the authentication token on the request header in a back-end system of the second authentication system, and then access, in the back-end system of the second authentication system, a user interface of the first authentication system according to the authentication token, so as to obtain user information;
a second authentication module 204, configured to create authentication information for user authentication of the second authentication system based on the user information and the authentication token, and perform user authentication in the second authentication system based on the authentication information.
The first authentication system is realized based on a Spring Security framework, and the second authentication system is realized based on an Apache Shiro framework.
The system 200 in which the different authentication systems are mutually communicated can implement steps in the method in which the different authentication systems are mutually communicated in the above embodiment, and can implement the same technical effects, which are not described herein again with reference to the description in the above embodiment.
The embodiment of the invention also provides a computer readable storage medium, on which a computer program is stored, which when executed by a processor, implements each process and step in the method for mutually opening different authentication systems provided by the embodiment of the invention, and can implement the same technical effect, so that repetition is avoided and redundant description is omitted.
Those skilled in the art will appreciate that implementing all or part of the above-described methods in accordance with the embodiments may be accomplished by way of a computer program stored on a computer readable storage medium, which when executed may comprise the steps of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM) or the like.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) comprising instructions for causing a terminal (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the method according to the embodiments of the present invention.
While the embodiments of the present invention have been illustrated and described in connection with the drawings, what is presently considered to be the most practical and preferred embodiments of the invention, it is to be understood that the invention is not limited to the disclosed embodiments, but on the contrary, is intended to cover various equivalent modifications and equivalent arrangements included within the spirit and scope of the appended claims.
Claims (8)
1. A method for mutually communicating different authentication systems, said method comprising the steps of:
s1, setting a configuration menu address of a first authentication system as an address of a front-end page of a second authentication system, wherein the configuration menu address comprises an authentication token for user authentication of the first authentication system;
s2, acquiring the authentication token from a front-end page of the second authentication system, and placing the authentication token on a request head of a network in the second authentication system;
s3, acquiring the authentication token on the request head in a back-end system of the second authentication system, and accessing a user interface of the first authentication system in the back-end system of the second authentication system according to the authentication token to acquire user information;
and S4, creating authentication information for user authentication of the second authentication system based on the user information and the authentication token, and carrying out user authentication in the second authentication system based on the authentication information.
2. The method for mutually communicating different authentication systems according to claim 1, wherein the first authentication system is implemented based on a Spring Security framework and the second authentication system is implemented based on an Apache Shiro framework.
3. The method for mutually opening different authentication systems according to claim 1, wherein the front page of the second authentication system is implemented based on an iframe.
4. The method for enabling different authentication systems to communicate with each other according to claim 1, wherein the backend system of the second authentication system is implemented based on java.
5. The method for mutually communicating different authentication systems according to claim 4, wherein in step S3, the step of obtaining the authentication token on the request header in the backend system of the second authentication system is specifically:
and in a back-end system of the second authentication system, the authentication token on the request head of the doGetAuthenticalnfo method is acquired by inheriting the doGetAuthenticalnfo method of the AuthorizingRealm class.
6. The method for enabling different authentication systems to communicate with each other according to claim 4, wherein in step S3, accessing the user interface of the first authentication system according to the authentication token in the backend system of the second authentication system to obtain the user information comprises the following steps:
accessing the first authentication system by taking the authentication token as a head of a link accessing the first authentication system based on a RestTemplate method in a back-end system of the second authentication system, wherein:
and if the authentication token is a legal token for the first authentication system, the first authentication system returns the user information to the second authentication system through the user interface.
7. A system for mutually communicating different authentication systems, comprising:
the configuration module is used for setting a configuration menu address of the first authentication system as an address of a front-end page of the second authentication system, wherein the configuration menu address comprises an authentication token for user authentication of the first authentication system;
the token acquisition module is used for acquiring the authentication token on a front-end page of the second authentication system and placing the authentication token on a request head of a network in the second authentication system;
the first authentication module is used for acquiring the authentication token on the request head in a back-end system of the second authentication system, and then accessing a user interface of the first authentication system according to the authentication token in the back-end system of the second authentication system to acquire user information;
and the second authentication module is used for creating authentication information for user authentication of the second authentication system based on the user information and the authentication token and carrying out user authentication in the second authentication system based on the authentication information.
8. The system for mutually communicating different authentication systems according to claim 7, wherein the first authentication system is implemented based on a Spring Security framework and the second authentication system is implemented based on an Apache Shiro framework.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311650881.7A CN117675338B (en) | 2023-12-04 | 2023-12-04 | Method and system for communicating different authentication systems |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311650881.7A CN117675338B (en) | 2023-12-04 | 2023-12-04 | Method and system for communicating different authentication systems |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117675338A true CN117675338A (en) | 2024-03-08 |
| CN117675338B CN117675338B (en) | 2024-07-30 |
Family
ID=90085950
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311650881.7A Active CN117675338B (en) | 2023-12-04 | 2023-12-04 | Method and system for communicating different authentication systems |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117675338B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107948214A (en) * | 2018-01-17 | 2018-04-20 | 北京网信云服信息科技有限公司 | A kind of shared login method and device |
| CN111131301A (en) * | 2019-12-31 | 2020-05-08 | 江苏徐工信息技术股份有限公司 | Unified authentication and authorization scheme |
| CN112866385A (en) * | 2021-01-19 | 2021-05-28 | 北京字跳网络技术有限公司 | Interface calling method and device, electronic equipment and storage medium |
| CN114692118A (en) * | 2020-12-25 | 2022-07-01 | 青岛海尔科技有限公司 | Method, device and equipment for cross-domain single sign-on |
| US20220322090A1 (en) * | 2021-04-02 | 2022-10-06 | Vmware, Inc. | System and method for establishing trust between multiple management entities with different authentication mechanisms |
-
2023
- 2023-12-04 CN CN202311650881.7A patent/CN117675338B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107948214A (en) * | 2018-01-17 | 2018-04-20 | 北京网信云服信息科技有限公司 | A kind of shared login method and device |
| CN111131301A (en) * | 2019-12-31 | 2020-05-08 | 江苏徐工信息技术股份有限公司 | Unified authentication and authorization scheme |
| CN114692118A (en) * | 2020-12-25 | 2022-07-01 | 青岛海尔科技有限公司 | Method, device and equipment for cross-domain single sign-on |
| CN112866385A (en) * | 2021-01-19 | 2021-05-28 | 北京字跳网络技术有限公司 | Interface calling method and device, electronic equipment and storage medium |
| US20220322090A1 (en) * | 2021-04-02 | 2022-10-06 | Vmware, Inc. | System and method for establishing trust between multiple management entities with different authentication mechanisms |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117675338B (en) | 2024-07-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107948167B (en) | Single sign-on method and device | |
| US8402518B2 (en) | Secure management of authentication information | |
| CN112612985B (en) | Multi-user and multi-type message pushing system and method based on WebSocket | |
| US10091179B2 (en) | User authentication framework | |
| US20010047477A1 (en) | Transparent user and session management for web applications | |
| CN111431920A (en) | Security control method and system based on dynamic token | |
| US10368243B1 (en) | System and method for authentication and sharing of subscriber data | |
| CN113347163B (en) | Single sign-on method, device, equipment and medium | |
| CN116170234B (en) | Single sign-on method and system based on virtual account authentication | |
| CN106878244B (en) | Authenticity certification information providing method and device | |
| CN116484338A (en) | Database access method and device | |
| CN114218550A (en) | Single sign-on method and device, electronic equipment and storage medium | |
| CN111901289B (en) | Identity authentication method, device, equipment and storage medium | |
| CN117675338B (en) | Method and system for communicating different authentication systems | |
| US20080086472A1 (en) | Supporting Multiple Security Mechanisms in a Database Driver | |
| CN116383799A (en) | Business processing method and device based on applet and electronic equipment | |
| JP6622900B2 (en) | Providing multi-factor authentication credentials via device notification | |
| KR101542170B1 (en) | Method and apparatus for interworking between a webpage | |
| CN109787945B (en) | Method and device for realizing user component in Android system | |
| CN112417403A (en) | Automatic system authentication and authorization processing method based on GitLab API | |
| CN117762601B (en) | Method, system, terminal and storage medium for invoking hydra service | |
| CA2403383C (en) | System, method and computer program product for providing unified authentication services for online applications | |
| CN112751844B (en) | Portal authentication method and device and electronic equipment | |
| CN117763625B (en) | Token acquisition method, device, computer equipment and storage medium | |
| CN113067706B (en) | Service identification system and method, storage medium, and electronic device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |