CN117834270A

CN117834270A - Login management method, system, device and storage medium

Info

Publication number: CN117834270A
Application number: CN202410009931.1A
Authority: CN
Inventors: 邓伟; 贾丽影; 宋健; 王洪
Original assignee: BOE Technology Group Co Ltd; Beijing Zhongxiangying Technology Co Ltd
Current assignee: BOE Technology Group Co Ltd; Beijing Zhongxiangying Technology Co Ltd
Priority date: 2024-01-02
Filing date: 2024-01-02
Publication date: 2024-04-05

Abstract

A login management method, system, device and computer readable storage medium, the method includes that a service system server deployed with a service system receives a session request initiated by a user, detects that if user access credentials of the user are not contained, enables the user to access the login management server and jump to a login page, and sends authorization information of the service system to the login management server; the login management server receives login information input by a user in a login page, and after authorization information and login information of a service system are checked, the user accesses the service system server and sends user access credentials to the service system server; and the service system server inquires authority information of the user for the service system according to the user access credentials and provides service for the user according to the inquired authority information. According to the embodiment of the application, the login management server can be used for uniformly managing the login and authority functions, so that the management cost is greatly reduced.

Description

Login management method, system, device and storage medium

Technical Field

The present disclosure relates to the field of information technologies, and in particular, to a login management method, system, device, and computer readable storage medium.

Background

The industrial Internet platform is a service system based on mass data acquisition, aggregation and analysis, which is constructed for the requirements of manufacturing industry on digitization, networking and intellectualization, and supports the industrial cloud platform with ubiquitous connection, elastic supply and efficient configuration of manufacturing resources.

In practical application, a plurality of service systems are mounted on an industrial internet platform, however, as each service system is independently developed, the login and authority function management cost is high.

Disclosure of Invention

The embodiment of the application provides a login management method, a login management system, a login management device and a computer readable storage medium, which can uniformly manage login and authority functions, so that management cost is greatly reduced.

In one aspect, an embodiment of the present disclosure provides a login management method, including:

a service system server deployed with a service system receives a session request initiated by a user, detects that if the session request does not contain user access credentials of the user, enables the user to access a login management server and jump to a login page of the login management server, and sends authorization information of the service system to the login management server;

The login management server receives login information input by the user in the login page, and after authorization information of the service system and the login information are checked, the user accesses the service system server and sends user access credentials of the user to the service system server;

and the service system server queries authority information of the user aiming at the service system according to the user access credentials of the user and provides service for the user according to the queried authority information.

In another aspect, an embodiment of the present disclosure further provides a login management system, including: the device comprises a first receiving module, a first processing module and a first transmitting module;

the first receiving module is used for receiving a session request initiated by a user;

the first processing module is configured to detect that if the session request does not include a user access credential of the user, enable the user to access the login management server and jump to a login page of the login management server;

the first sending module is used for sending the authorization information of the service system to the login management server;

The first receiving module is further configured to receive a user access credential of the user sent by the login management server;

the first processing module is further configured to query authority information of the user for the service system according to the user access credentials of the user, and provide service for the user according to the queried authority information.

In yet another aspect, an embodiment of the present disclosure further provides a service system server, including: the device comprises a second receiving module, a second processing module and a second sending module;

the second receiving module is used for receiving the authorization information of the service system sent by the service system server and receiving login information input by a user in the login page;

the second processing module is used for enabling the user to access the service system server after the authorization information and the login information of the service system are checked;

and the second sending module is used for sending the user access certificate of the user to the service system server.

In yet another aspect, the disclosed embodiments also provide a computer-readable storage medium having stored thereon computer-executable commands for use in the above-described login management method.

Compared with the related art, the method comprises the steps that a service system server deployed with a service system receives a session request initiated by a user, detects that if a user access credential of the user is not contained in the session request, enables the user to access a login management server and jump to a login page of the login management server, and sends authorization information of the service system to the login management server; the login management server receives login information input by the user in the login page, and after authorization information of the service system and the login information are checked, the user accesses the service system server and sends user access credentials of the user to the service system server; and the service system server queries authority information of the user aiming at the service system according to the user access credentials of the user and provides service for the user according to the queried authority information. The embodiment of the disclosure can uniformly manage the login and authority functions by using the login management server, thereby greatly reducing the management cost.

Additional features and advantages of the application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the application. Other advantages of the present application may be realized and attained by the structure particularly pointed out in the written description and drawings.

Drawings

The accompanying drawings are included to provide an understanding of the technical aspects of the present application, and are incorporated in and constitute a part of this specification, illustrate the technical aspects of the present application and together with the examples of the present application, and not constitute a limitation of the technical aspects of the present application.

Fig. 1 is a flow chart of a login management method according to an embodiment of the present application;

FIG. 2 is a right configuration screenshot of an enterprise user purchasing multiple business systems according to an embodiment of the present application;

FIG. 3 is a right configuration screenshot in a business system according to an embodiment of the present application;

fig. 4 is a schematic structural diagram of a service system server according to an embodiment of the present application;

fig. 5 is a schematic structural diagram of a login management server according to an embodiment of the present application.

Detailed Description

The present application describes a number of embodiments, but the description is illustrative and not limiting and it will be apparent to those of ordinary skill in the art that many more embodiments and implementations are possible within the scope of the embodiments described herein. Although many possible combinations of features are shown in the drawings and discussed in the detailed description, many other combinations of the disclosed features are possible. Any feature or element of any embodiment may be used in combination with or in place of any other feature or element of any other embodiment unless specifically limited.

Furthermore, in describing representative embodiments, the specification may have presented the method and/or process as a particular sequence of steps. However, to the extent that the method or process does not rely on the particular order of steps set forth herein, the method or process should not be limited to the particular sequence of steps described. Other sequences of steps are possible as will be appreciated by those of ordinary skill in the art. Accordingly, the particular order of the steps set forth in the specification should not be construed as limitations on the claims. Furthermore, the claims directed to the method and/or process should not be limited to the performance of their steps in the order written, and one skilled in the art can readily appreciate that the sequences may be varied and still remain within the spirit and scope of the embodiments of the present application.

As described above, in the related art, the front end and the back end of each service system need to develop the user management, the resource management, the login function and the authentication function, and when the enterprise needs to use a plurality of service systems, the enterprise needs to configure in the service systems separately, which is complex in operation and difficult in operation and maintenance.

To this end, an embodiment of the present disclosure provides a login management method, as shown in fig. 1, including:

Step 101, a service system server deployed with a service system receives a session request initiated by a user, detects that if the session request does not contain user access credentials of the user, enables the user to access a login management server and jump to a login page of the login management server, and sends authorization information of the service system to the login management server;

the user initiates a session request, that is, the user equipment sends the session request to the service system server, for example, the user opens a browser pre-installed on the user equipment, inputs the address of the service system server in the browser, and the browser sends the session request to the service system server.

The session request may specifically be a hypertext transfer protocol (Hypertext Transfer Protocol, HTTP) request, where the session request is an HTTP request, the user access credential may be filled in a preset location (e.g. a request header of HTTP) in the HTTP request, so when the service system server receives the session request initiated by the user, the service system server parses the HTTP request, then detects whether the access credential of the user exists at the preset location, determines that the HTTP request includes the user access credential of the user when the user access credential is detected, and determines that the HTTP request does not include the user access credential of the user when the user access credential is not detected.

The authorization information of the service system may specifically be information allocated to the service system by the login management server after the service system registers the login management server. Therefore, the service system server enables the user to access the login management server and jump to the login page of the login management server, and sends the authorization information of the service system to the login management server, so as to "indicate" to the login management server that the user is a "compliant" service system of the registered login management server, and not an "illegal" service system of other unregistered login management servers.

102, the login management server receives login information input by the user in the login page, and after authorization information of the service system and the login information are checked, the user accesses the service system server and sends user access credentials of the user to the service system server;

the authorization information of the service system is, for example, information which is distributed by the login management server for the service system after the service system is registered by the login management server and is used for indicating that the service system is registered by the login management server. After the service system is registered by the login management server, the login function of the login management server can be used to realize unified login management.

The user accessing the service system server means that the user equipment establishes connection with the service server.

And step 103, the service system server queries authority information of the user aiming at the service system according to the user access credentials of the user, and provides service for the user according to the queried authority information.

In this example, the authority information of the user for the service system is uniformly managed by the login management server, and the login management server helps the service system server complete the query.

The service is provided to the user according to the queried authority information, specifically, a default display content is intercepted on a preset display page of the service system (may be a first page of the service system), and then corresponding content is rendered for display according to the queried authority information, so that the service is provided to the user based on the displayed content.

The login management method provided by the embodiment of the disclosure can uniformly manage login and authority functions by using the login management server, so that the management cost is greatly reduced. Through centralized management, the management difficulty of enterprises is greatly reduced, the operation flow is simplified, repeated operation of the enterprises is avoided, and the user experience is improved; meanwhile, the development period of the service system is reduced, and repeated development of the same function is avoided.

In an exemplary embodiment, after the login management server sends the user access credential of the user to the service system server, the method further includes: and the service system server receives the user access credential sent by the login management server, stores the user access credential in a browser used when the user initiates a session request, and carries the user access credential of the user in the session request initiated by the user for other service systems when the user uses the browser to send the session request to other service systems sharing the login management server.

And after the verification is passed, the service system server inquires authority information of the user for the service system from a service management server according to the user access credentials of the user, and provides service for the user according to the inquired authority information.

After first login, the user access credentials are stored in the user equipment browser, so that the user can carry the user access credentials when accessing other service system servers registered with the same login management server, and the user does not need to repeatedly log in operation.

In an exemplary embodiment, when the user sends a session request to other service systems sharing the login management server, detecting that if the session request does not include the user access credential of the user, the user accesses the login management server, and if the login management server determines that the user access credential of the user is valid, the user accesses a service system server corresponding to the current service system and sends the user access credential of the user to the service system server. Whether the user access credential is valid may be determined by whether the user access credential is valid. In this example, by setting the validity period of the user access credentials, the user may not have to repeatedly log in while logging in to multiple systems during the validity period

In an exemplary embodiment, after the authorization information of the service system and the login information are checked by the login management server, the method further includes: the login management server receives target enterprise identity information input by the user in the login page, acquires authority information of the user for the service system under the target enterprise identity information according to authorization information of the service system, user information contained in user access credentials of the user and the target enterprise identity information, and stores the acquired authority information in a third-party storage medium; the target enterprise identity information is used for indicating the enterprise identity selected by the user in the login.

By way of example, the target enterprise identity information entered by the user in the login page may be implemented as follows: the login management server determines all enterprise identity information corresponding to the user according to the user login information of the user, then displays all enterprise identity information on a login page (particularly, all enterprise identity information can be displayed in a list mode), and the user selects an enterprise identity to be adopted in the login from a plurality of enterprise identities.

The login management server is used for acquiring the authority information of the user for the service system according to the authorization information of the service system and the user information contained in the user access credentials of the user after verification of the authorization information of the service system and the login information is passed, and storing the acquired authority information in a third-party storage medium, so that the service system can inquire the authority information of the service system in the third-party storage medium through a background interface of the login management system. The third party storage medium may be a medium for data storage provided by an independent vendor or provider.

For example, the enterprise identity indicates an enterprise to which the user belongs, each user corresponds to at least one enterprise identity, and when the user has more than two (including two) enterprise identities, that is, the user belongs to more than two different enterprises at the same time, for one service system, since permission packages purchased by different enterprises may be different, and roles of the user in different enterprises may be different, users having more than two enterprise identities may correspond to different permissions to log into the same service system using different enterprise identities. After the authorization information of the business system and the login information are checked, the login management server can display all corresponding enterprise identity information for the user on a display interface, the user selects one target enterprise identity information for the current login from all enterprise identity information, and the login management server gives the user authority information for the business system under the target enterprise identity information.

In the step 103, the service system server queries the authority information of the user according to the user access credential of the user, including: the service system server sends a permission information acquisition request to the login management server, wherein the permission information acquisition request carries a user access credential of the user; and the login management server acquires the authority information of the user from the third-party storage medium according to the user access credentials of the user, and returns the authority information obtained by inquiry to the service system server.

The login management server stores the authority information of the user, and when the service system server needs to provide service for the user, the service system server obtains the authority information from the login management server according to the user access credentials of the user. The login management server is used for storing the user data and the authority information in advance, so that centralized authority control and management can be realized on one hand, and the situation that the user data and the authority information are not synchronous in each system can be avoided on the other hand. All the user data and the corresponding authority information which finish login are stored through a third-party storage medium, so that the inquiry of each service system is facilitated, and the local data of a login management server cannot be affected.

In an exemplary embodiment, the method may further include: the login management server pre-stores authority information of all service systems, and the authority information of each service system comprises: all user information in the service system is respectively corresponding to the role identifications under the corresponding enterprise identity information, and each role identification is respectively corresponding to the operation authority.

In the foregoing solution, the obtaining, by the login management server, authority information of the user for the service system according to authorization information of the service system and user information included in user access credentials of the user includes: the login management server searches the authority information of the service system from the authority information of all the service systems according to the authorization information of the service system; and acquiring a role identifier corresponding to the user and an operation authority corresponding to the role identifier according to the user information and the target enterprise identity information, and taking the acquired operation authority as authority information of the user for the service system.

The authority information of the service system, which is obtained by searching from the authority information of all service systems according to the authority information of the service system, comprises the authority information of all users in the service system, wherein the authority information of all users refers to the authority information of each user under each enterprise identity information corresponding to the user, and the authority information corresponding to each enterprise identity information is possibly different, so that the role identifier corresponding to the user needs to be acquired firstly according to the user information and the target enterprise identity information, and the operation authority corresponding to the role identifier is acquired.

In this example, the operational rights of the business system are bound to the role identification, while the user information is bound to the role identification. Each user corresponds to a role identifier, and different users may have the same role identifier, each role identifier corresponds to a set of operation rights, each set of operation rights includes an operation object (one or more items) and an operation right for the operation object, and the operation rights include, but are not limited to: browsing rights, editing rights, etc.

In an exemplary embodiment, the user may include, by type: enterprise users and individual users, for each enterprise user, may be provided with one or more management level users, and when the users are management level users of the enterprise, the method further comprises: the login management server determines the use authority of the management level user, so that the management level user configures different role identifications for internal staff of an enterprise managed by the management level user in the use authority of the management level user, and each role identification corresponds to a group of operation authorities. The enterprise user may obtain different usage rights by purchasing different packages of the business system, e.g., packages of the business system may include: basic edition and higher-order edition, wherein the basic edition only has the basic function of the business system, and the higher-order edition opens more functions.

In an exemplary embodiment, the method further comprises: the service system server receives the login exit request initiated by the user and sends the authorization information of the service system and the user access credentials of the user to a login management server; after the login management server verifies the authorization information of the service system and the user access credentials of the user, the login management server deletes the authorization information of the user for the service system in the third-party storage medium according to the user information contained in the user access credentials. And the privacy of the user is protected by timely deleting the authority information of the user in the third-party storage medium. Wherein the user initiated logout request may be, for example, a user clicking a logout button,

in an exemplary embodiment, the method is applied to an industrial internet platform, and the service system is a service system in the industrial internet platform. The business system may, for example, relate to production manufacturing, product supervision, sales, etc. processes.

The above login management method will be described below by way of a specific example. First, the following configuration operation is performed on the industrial internet management platform (including the login management server in the above embodiment):

The login management server records the access address (generally the first page address of the service system) of the service system of the login management server, and generates an authorization code and an authorization key for each service system;

configuring authority information of all service systems in the login management server, and taking the service system a as an example, if the service system a includes 20 operation or navigation options, each option corresponds to a menu, storing information of the 20 navigation options in the login management server, configuring roles in the login management server, each role corresponds to a role identifier, allocating an operable object (i.e. which navigation options can be operated) to each role and an operation authority for each object, the roles may be divided according to functions, for example, an administrator role has all operation authorities of all 20 options, a department manager role has all operation authorities of part options related to the department service, a staff role has part operation authorities of part options related to the department to which the staff belongs, and so on. The operation authority comprises the following steps: browsing rights, editing (including, for example, modification, deletion, addition) rights, etc., e.g., a general staff role has only browsing rights, a department manager role has browsing and editing rights, etc. The above description of roles and operation rights is merely an example. From the above description, it will be appreciated by those skilled in the art that a set of operation rights for each character means that each character has a set of operation rights for one or more options, the options for which may be set, and the operation rights for which may be set. After the operation authority of each role is set, only the role is set (bound) for the user, so that the user has the authority of the role.

The following operations are performed on each business system and the industrial Internet management platform:

a front-end SDK (software development tool) package is embedded in the front-end code of each service system, where the embedded SDK package includes an access address of a login server, an authorization code of the service system, an authorization key, and a web page address (typically, a home page address of the service system) after the service system is logged in. The front-end SDK may be located, for example, in a user interface of the business system for handling interactions with the user.

A backend SDK package is embedded at each business system server that contains call logic to log in to the management server interface. The backend SDK package may be located, for example, in the business system server code for handling interactions with the login management server.

The login process comprises the following steps:

step 1, a user inputs an access address of a service system A in a browser;

step 2, checking session by the SDK at the front end of the service system a, judging whether a user access certificate exists in the session, if yes, executing step 4, if not, performing website jump, and jumping to a login interface of a login management server, namely a login management system, wherein the jump carries an authorization code of the service system a and an authorization key (the authorization code and the authorization key are the authorization information) of the service system a obtained from the front end SDK, and records that the jump is performed by the service system a.

And 3, checking the authorization code of the service system A and the authorization key of the service system A by the login management server, and executing the step 4 when the verification is passed.

The service system is a user of the industrial Internet management platform relative to the industrial Internet management platform, each user has own user name and password when logging in, and likewise, the service system can log in the industrial Internet management platform and also has own user name and password, and the user name and password used for logging in the industrial Internet management platform by the service system are authorization codes and authorization keys. In the process of the jump, the service system A encodes based on the authorization code and the authorization key thereof and transmits the encoded code to the login management server, and the login management server decodes the encoded code to obtain the authorization code and the key and compares the authorization code and the key with the pre-stored authorization code and key.

Step 4, after the login management server inputs user information (such as an account number) and a password on a login interface and clicks the login, the login management server checks the account password, after the verification is passed, the login management server searches authority information of the user in the service system A in authority information of all the pre-stored service systems through the user information of the user and the authorization code of the service system A, stores the authority information of the user in the service system A in a third-party storage medium, generates user access credentials (such as user information and an authentication token) of the user, returns the user access credentials to the service system A, and returns the step 2;

The user access credentials generated by the login management server may also be stored in the third party storage medium at the same time.

Step 5, before a page is displayed for a user (namely, a browser is rendered), the front-end SDK of the service system A calls an interface of a login management server through the back-end SDK, and permission information of the user in the service system A is inquired from a third-party storage medium by using a user access credential of the user as an inquiry condition, and page display is carried out according to the permission information of the user;

for example, the authority information of the current user displays the authority of only a part of options (e.g., 10) among 20 options, and wherein the part of options (e.g., 3) only have browsing authority, the part of options (e.g., 7) have editing authority, and then only a part of navigation options of the authority of the user is displayed for the user, and wherein the 3 options are only browsable, and the remaining 7 are editable. And 5, the user initiates a logout request (for example, a logout button is clicked) on the service system A, the SDK at the front end of the service system A sends the logout request to a logout management server, the logout management server carries an authorization code of the service system A and a user access credential of the current user, the logout management server deletes the information of the user stored in the third-party storage medium according to the authorization code of the service system A and the user access credential of the current user, and after the logout is successful, a logout success page is displayed to the user through the front end SDK of the service system A.

The login management method provided by the embodiment of the disclosure combines the actual business flow, provides a unified industrial Internet management platform, and performs centralized configuration and encryption protection on information such as access addresses, authorization keys and the like of a business system before the business system accesses a login system; meanwhile, the resource configuration and role configuration of the service system can be carried out on the industrial Internet management platform, and the centralized authority configuration is carried out on the resource access of the service system. The access address and the resource of the service system are configured in a centralized way through centralized configuration, so that the jump of the system and the centralized judgment of the resource authority after the login is successful can be ensured.

The industrial internet platform of this example may include, but is not limited to, one or more of the following business systems: green product management system (ziGPM), environmental safety and health system (ziEHS), enterprise learning platform (ziLearning), smart property management system (ziBuilding), dead space (ziBox), low code platform (ziPowerCode), industrial vision AI platform (ziBrain), and internet of things platform (ziIoT). The platform manager can modify the rights in the service systems to form a different rights package (or rights version) for each service system, the enterprise user can purchase any one or more service systems in the platform, and for one service system, the enterprise user can choose to purchase a rights version of that service system as needed. As shown in FIG. 2, currently businesses purchase inspection maintenance versions of the business system Zibuilding, basic versions of the business system ZiBox, basic versions of the business system Zibrain, and basic versions of the business system ZiPowerCode. By adopting the login management method of the embodiment, an enterprise administrator (namely the management level user) can inquire a plurality of business systems purchased by the enterprise after logging in the platform, and can realize centralized authority configuration of the business systems.

The centralized authority configuration of the enterprise administrator on the multiple business systems comprises the steps of granting different operation authorities of different business systems for employees in the enterprise so as to uniformly manage and control the operation of the employees in the different systems, for example, configuring the authority corresponding to each role for any business system and configuring the roles in the business system for the employees in the enterprise. Taking a business system as an intelligent property management system as an example, a schematic configuration diagram of rights may be shown in fig. 3, and rights configured by an enterprise administrator for employees include: the method comprises the following steps of patrol monitoring (comprising the steps of implementing monitoring and planning execution record), patrol management (comprising patrol project management, collecting data templates, patrol route management, patrol point management and patrol plan management), maintenance management, report management, system management and the like.

According to the login management method provided by the embodiment of the disclosure, the login and authority control functions are independently used as a system, decoupling is carried out on the system and the service system, and inter-system access is automatically skipped through the browser address. When a user accesses a service system address, judging whether the user logs in or not through a front-end session, if not, jumping to a login system to log in, wherein the login system serves as an independent system, carrying out centralized verification on information and authority of the user, after the verification is passed, jumping according to system jumping parameters and authorization information configured by an industrial Internet management platform, simultaneously storing the login state of the user in a mode of matching a front-end cookie through a rear-end third-party storage medium buffer, after jumping, acquiring the authorization information by the service system, then acquiring a user access credential by using the authorization information through an interface mode, and storing the user access credential in the front-end session. When the user accesses the system again, the login state of the user is acquired first, and after the login is successfully acquired, the user can directly jump to the corresponding service system for normal use without login.

Spring Security is an open source Security framework for providing Authentication, authorization, and other Security functions for Java applications. It builds on top of the Spring framework, providing a set of easy-to-use and highly extensible APIs and tools to protect applications from various security threats. According to the login management method provided by the embodiment of the disclosure, the Spring Security of the Security framework is upgraded and modified, the front end and the rear end of the Spring Security framework are separated and modified to meet the current login flow, the cookie technology of the front end and the cache technology of the rear end are combined, authentication information of a user is saved, authority information of the user is saved, centralized management and control of the user and the authority are performed through a unified platform, data query services are provided for different service systems in an interface mode, consistency of user data and authority data in each system is guaranteed, the purposes of centralized login and authority control are achieved, the problem that user data and authority data in each system are not synchronous is solved, and the situation of repeated development of general functions in each service system is avoided.

Compared with the related technology, the login management method provided by the embodiment of the disclosure has the following characteristics:

1. In the related art, a plurality of service systems are mounted on an industrial internet platform, and each service system is independently developed, so that login and authority functions are disordered, users cannot centrally manage the service systems, data among the systems are isolated from each other, barriers among the systems cannot be opened, unified requirements on the platform cannot be met, and the problem of product advantages of the platform level cannot be formed. According to the login management method provided by the embodiment of the disclosure, through centralized management of the user and login rights, data among systems are communicated, fine-granularity rights control of enterprises on access systems of different employees in the enterprises is realized, and internal management of the enterprises is greatly facilitated.

2. In the related art, the front end and the back end of single system development are required to perform user management, resource management, login function and authentication function development, and when an enterprise needs to use a plurality of systems, the enterprise needs to configure in the systems independently, so that the operation is complex and the operation and maintenance are difficult. The login management method provided by the embodiment of the disclosure greatly reduces the management difficulty of enterprises, simplifies the operation flow, avoids repeated operation of the enterprises and improves the user experience through centralized management; meanwhile, the development period of the service system is reduced, and repeated development of the same function is avoided.

3. In the related art, because of centralized login and authority management of a plurality of systems, a user may repeatedly log in when switching systems. According to the login management method provided by the embodiment of the disclosure, the login state of the user is saved through the cache technology at the rear end and the cookie technology at the front end, the login state judgment is automatically carried out when the system is switched, if the user is logged in, the automatic login operation is carried out, repeated login operation of the user is avoided, user experience is improved, and the operation flow is simplified.

The embodiment of the disclosure also provides a login management system, which can implement the login management method, and comprises the following steps: a business system server and a login management server;

the service system server is used for receiving a session request initiated by a user, detecting a user access credential of the user if the session request does not contain the user access credential, enabling the user to access a login management server, jumping to a login page of the login management server, and sending authorization information of the service system to the login management server;

the login management server is used for receiving login information input by the user in the login page, enabling the user to access the service system server and sending user access credentials of the user to the service system server after authorization information of the service system and the login information are checked;

The business system server is also used for inquiring the authority information of the user for the business system according to the user access credentials of the user and providing business services for the user according to the inquired authority information.

In an exemplary embodiment, the service system server is further configured to receive the user access credential sent by the login management server, and store the user access credential in a browser used when the user initiates a session request, where when the user uses the browser to send a session request to other service systems sharing the login management server, the user access credential of the user is carried in the session request initiated by the user for the other service systems; or when the user sends a session request to other service systems sharing the login management server, detecting that if the session request does not contain the user access credential of the user, the user accesses the login management server, and if the user access credential of the user is valid, the login management server is further configured to determine that the user access credential of the user accesses the service system server corresponding to the current service system and send the user access credential of the user to the service system server.

In an exemplary embodiment, the login management server is further configured to obtain rights information of the user for the service system according to authorization information of the service system and user information included in user access credentials of the user, and store the obtained rights information in a third party storage medium;

the business system server is further configured to send a permission information acquisition request to the login management server, where the permission information acquisition request carries a user access credential of the user;

the login management server is further configured to obtain authority information of the user from the third party storage medium according to user access credentials of the user, and return the authority information obtained by the query to the service system server.

In an exemplary embodiment, the login management server is further configured to pre-store authority information of all service systems, where the authority information of each service system includes: all user information in the service system is respectively corresponding to the role identifications, and each role identification is respectively corresponding to the operation authority.

In an exemplary embodiment, the login management server is further configured to search authority information of the service system from authority information of all service systems according to authorization information of the service system; and acquiring a role identifier corresponding to the user and an operation authority corresponding to the role identifier according to the user information, and taking the acquired operation authority as authority information of the user for the service system.

In an exemplary embodiment, when the user is a management level user, the login management server is further configured to determine a use authority of the management level user, so that the management level user configures different role identifiers for employees in the management level user within the use authority of the management level user, where each role identifier corresponds to a set of operation authorities.

In an exemplary embodiment, the service system server is further configured to receive a logout request initiated by the user, and send authorization information of the service system and user access credentials of the user to a logon management server;

and the login management server is also used for deleting the authority information of the user for the service system in the third-party storage medium according to the user information contained in the user access certificate after the authorization information of the service system and the user access certificate of the user are checked.

In an exemplary embodiment, the method is applied to an industrial internet platform, and the service system is a service system in the industrial internet platform.

The login management system provided by the embodiment of the disclosure can uniformly manage login and authority functions by using the login management server, so that the management cost is greatly reduced.

The embodiment of the disclosure provides a service system server, as shown in fig. 4, including: a first receiving module 21, a first processing module 22 and a first transmitting module 23;

the first receiving module 21 is configured to receive a session request initiated by a user;

the first processing module 22 is configured to detect that if the session request does not include the user access credential of the user, enable the user to access the login management server and jump to a login page of the login management server;

the first sending module 23 is configured to send authorization information of the service system to the login management server;

the first receiving module 21 is further configured to receive a user access credential of the user sent by the login management server;

the first processing module 22 is further configured to query authority information of the user for the service system according to the user access credential of the user, and provide service to the user according to the queried authority information.

In an exemplary embodiment, the first receiving module 21 is further configured to receive the user access credential sent by the login management server.

The first processing module 22 is further configured to save the user access credential in a browser used when the user initiates a session request.

The first sending module 23 is further configured to, when the user uses the browser to send a session request to other service systems sharing the login management server, carry a user access credential of the user in a session request initiated by the user for the other service systems.

In an exemplary embodiment, the first sending module 23 is further configured to send a rights information obtaining request to the login management server, where the rights information obtaining request carries a user access credential of the user.

In an exemplary embodiment, the first receiving module 21 is further configured to receive an logout request initiated by the user;

the first sending module 23 is further configured to send authorization information of the service system and a user access credential of the user to a login management server.

The business system server provided by the embodiment of the disclosure can perform unified management on login and authority functions by interacting with the login management server and utilizing the login management server, so that management cost is greatly reduced.

An embodiment of the present disclosure provides a login management server, as shown in fig. 5, including: a second receiving module 31, a second processing module 32, and a second transmitting module 33;

the second receiving module 31 is configured to receive login information input by a user in the login page, where the login information is authorization information of a service system sent by the service system server;

the second processing module 32 is configured to enable the user to access the service system server after the authorization information and the login information of the service system are checked;

the second sending module 33 is configured to send the user access credential of the user to the service system server.

In an exemplary embodiment, the second processing module 32 is further configured to obtain, according to authorization information of the service system and user information included in user access credentials of the user, rights information of the user for the service system, and store the obtained rights information in a third party storage medium;

in an exemplary embodiment, the second processing module 32 is further configured to obtain rights information of the user from the third party storage medium according to user access credentials of the user;

The second sending module 33 is further configured to return the authority information obtained by the query to the service system server.

In an exemplary embodiment, the second processing module 32 is further configured to pre-store authority information of all service systems, where the authority information of each service system includes: all user information in the service system is respectively corresponding to the role identifications, and each role identification is respectively corresponding to the operation authority.

In an exemplary embodiment, the second processing module 32 is further configured to search authority information of the service system from authority information of all service systems according to authorization information of the service system; and acquiring a role identifier corresponding to the user and an operation authority corresponding to the role identifier according to the user information, and taking the acquired operation authority as authority information of the user for the service system.

In an exemplary embodiment, the user includes: and when the user is an enterprise-level user, the second processing module 32 is further configured to determine a use authority of the enterprise user, so that the enterprise user configures different role identifiers for employees in the enterprise user within the use authority, and the different role identifiers correspond to different operation authorities.

In an exemplary embodiment, the second processing module 32 is further configured to verify the authorization information of the service system and the user access credentials of the user after passing; and deleting the authority information of the user aiming at the service system in the third-party storage medium according to the user information contained in the user access certificate.

The login management server provided by the embodiment of the disclosure can uniformly manage login and authority functions, so that management cost is greatly reduced.

The present disclosure also provides a computer-readable storage medium having stored thereon computer-executable commands for performing the login management method described in any of the above embodiments.

Those of ordinary skill in the art will appreciate that all or some of the steps, systems, functional modules/units in the apparatus, and methods disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between the functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed cooperatively by several physical components. Some or all of the components may be implemented as software executed by a processor, such as a digital signal processor or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes both volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as known to those skilled in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computer. Furthermore, as is well known to those of ordinary skill in the art, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media.

Claims

1. A login management method, comprising:

2. The method of claim 1, wherein after the login management server sends the user access credentials of the user to the business system server, the method further comprises:

The business system server receives the user access credential sent by the login management server, stores the user access credential in a browser used when the user initiates a session request, and carries the user access credential of the user in the session request initiated by the user for other business systems when the user uses the browser to send the session request to other business systems sharing the login management server; or alternatively

When the user sends a session request to other service systems sharing the login management server, detecting that if the session request does not contain the user access credential of the user, enabling the user to access the login management server, and if the login management server judges that the user access credential of the user is effective, enabling the user to access a service system server corresponding to the current service system and sending the user access credential of the user to the service system server.

3. The method of claim 1, wherein the login management server, after verifying authorization information for the service system and the login information, further comprises:

The login management server receives target enterprise identity information input by the user in the login page, acquires authority information of the user for the service system under the target enterprise identity information according to authorization information of the service system, user information of the user and the target enterprise identity information, and stores the acquired authority information in a third-party storage medium; the target enterprise identity information is used for representing the enterprise identity selected by the user in the login;

the service system server queries authority information of the user according to the user access credentials of the user, and comprises the following steps: the service system server sends a permission information acquisition request to the login management server, wherein the permission information acquisition request carries a user access credential of the user; and the login management server acquires the authority information of the user from the third-party storage medium according to the user access credentials of the user, and returns the authority information obtained by inquiry to the service system server.

4. A method according to claim 3, characterized in that the method further comprises: the login management server pre-stores authority information of all service systems, and the authority information of each service system comprises: all user information in the business system is respectively corresponding to the role identifications under the corresponding enterprise identity information, and each role identification is respectively corresponding to the operation authority;

The login management server obtains authority information of the user for the service system according to the authorization information of the service system and the user information contained in the user access credentials of the user, and the login management server comprises:

the login management server searches the authority information of the service system from the authority information of all the service systems according to the authorization information of the service system;

and acquiring a role identifier corresponding to the user and an operation authority corresponding to the role identifier according to the user information and the target enterprise identity information, and taking the acquired operation authority as authority information of the user for the service system.

5. The method of claim 1, wherein when the user is a management level user, the method further comprises:

the login management server determines the use authority of the management level user, so that the management level user configures different role identifications for internal staff of an enterprise managed by the management level user in the use authority of the management level user, and each role identification corresponds to a group of operation authorities.

6. A method according to claim 3, characterized in that the method further comprises:

The service system server receives the login exit request initiated by the user and sends the authorization information of the service system and the user access credentials of the user to a login management server;

after the login management server verifies the authorization information of the service system and the user access credentials of the user, the login management server deletes the authorization information of the user for the service system in the third-party storage medium according to the user information contained in the user access credentials.

7. A login management system, comprising: a business system server and a login management server;

the service system server is used for receiving a session request initiated by a user; detecting that if the session request does not contain the user access credential of the user, enabling the user to access the login management server and jump to a login page of the login management server, and sending authorization information of the service system to the login management server;

8. A service system server, comprising: the device comprises a first receiving module, a first processing module and a first transmitting module;

9. A login management server, comprising: the device comprises a second receiving module, a second processing module and a second sending module;

10. A computer-readable storage medium having stored thereon computer-executable instructions for performing the login management method according to any one of claims 1-6 below.