CN118282711A - Cross-system automatic login method, device and storage medium - Google Patents
Cross-system automatic login method, device and storage medium Download PDFInfo
- Publication number
- CN118282711A CN118282711A CN202410216983.6A CN202410216983A CN118282711A CN 118282711 A CN118282711 A CN 118282711A CN 202410216983 A CN202410216983 A CN 202410216983A CN 118282711 A CN118282711 A CN 118282711A
- Authority
- CN
- China
- Prior art keywords
- access
- login
- cross
- target
- request link
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 59
- 238000012795 verification Methods 0.000 claims abstract description 119
- 238000012545 processing Methods 0.000 claims description 25
- 238000010200 validation analysis Methods 0.000 claims 1
- 230000008569 process Effects 0.000 abstract description 8
- 238000013475 authorization Methods 0.000 description 28
- 238000013461 design Methods 0.000 description 21
- 230000007246 mechanism Effects 0.000 description 15
- 238000010586 diagram Methods 0.000 description 8
- 238000011161 development Methods 0.000 description 6
- 230000009466 transformation Effects 0.000 description 4
- 230000000694 effects Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 235000014510 cooky Nutrition 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 210000001503 joint Anatomy 0.000 description 2
- 230000009191 jumping Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000010276 construction Methods 0.000 description 1
- 238000009792 diffusion process Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 101150108030 ppiD gene Proteins 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Abstract
The application provides a cross-system automatic login method, equipment and a storage medium. The method comprises the following steps: receiving a cross-system login request sent by a target account, and determining to access the target system based on the cross-system login request; acquiring preset configuration information of the access target system, and generating an access request link based on the preset configuration information, wherein the access request link comprises at least one of an application ID, a secret key or an authorized user; and sending the access request link to the access target system, receiving a verification result returned by the access target system, and completing cross-system login based on the verification result. The cross-system automatic login method improves the authentication efficiency of cross-system login and increases the security of the cross-system login process.
Description
Technical Field
The present application relates to the field of automated office technologies, and in particular, to a cross-system automatic login method, device, and storage medium.
Background
In the digital transformation wave, various enterprises attach more and more importance to the construction of IT systems, often deploy various professional digital systems in different directions and multiple fields, and in various business scenes of business integration and application support, the digital systems often need to be subjected to cross access.
In the prior art, in order to ensure the security of cross access, a cross access authorization mechanism mainly adopted includes: two mechanisms of re-login authorization and automatic login authorization. However, the re-login authorization mode can reduce the use efficiency and user experience of the system; the automatic login authorization mode requires key transformation of the existing system except for newly adding key nodes, and has certain transformation difficulty and transformation risk for the complex system.
In view of the above problems, no effective solution has been proposed at present.
Disclosure of Invention
The application provides a cross-system automatic login method, equipment and a storage medium, which are used for solving the technical problems of low automatic login efficiency and safety risk existing in the automatic login process of a cross-system in the prior art.
In a first aspect, the present application provides a cross-system automatic login method, including:
Receiving a cross-system login request sent by a target account, and determining to access the target system based on the cross-system login request;
acquiring preset configuration information of the access target system, and generating an access request link based on the preset configuration information, wherein the access request link comprises at least one of an application ID, a secret key or an authorized user;
And sending the access request link to the access target system, receiving a verification result returned by the access target system, and completing cross-system login based on the verification result.
In one possible design, the receiving the cross-system login request sent by the target account, determining to access the target system based on the cross-system login request, includes:
responding to the cross-system login request, judging the login condition of the target account in an access source system, and obtaining a judgment result;
When the judgment result is that the target account is logged in the access source system, acquiring the access target system in the cross-system login request;
and when the judgment result is that the target account is not logged in the access source system, sending a re-login prompt message to the target account.
In one possible design, the obtaining the preset configuration information of the access target system includes:
Determining a login protocol between the access target system and the access source system;
Determining the preset configuration information between the access target system and the access source system based on the login protocol, wherein the preset configuration information comprises: application ID, key and authorized user.
In one possible design, the obtaining the preset configuration information of the access target system, and generating the access request link based on the preset configuration information includes:
Acquiring an application ID, a key and an authorized user configured by the access target system for the access source system;
obtaining a time stamp of the generation time of the cross-system login request;
and signing the application ID, the secret key, the authorized user and the timestamp to obtain the access request link.
In one possible design, sending the access request link to the access target system, receiving a verification result returned by the access target system, and completing cross-system login based on the verification result, including:
The access request link is sent to the access target system, wherein the access target system performs verification processing on the access request link to obtain a verification result;
And receiving the verification result returned by the access target system, and completing cross-system login under the condition that the verification result is verification passing.
In a second aspect, the present application provides a cross-system automatic login method, including:
receiving an access request link sent by a target account in an access source system, wherein the access request link comprises at least one of an application ID, a secret key, an authorized user or a timestamp;
Performing verification processing on the access request link to obtain a verification result;
And allowing the target account to log in the access target system under the condition that the verification result is that the verification is passed.
In one possible design, the verifying the access request link to obtain a verification result includes:
Determining the access source system based on the access request link, and judging the login condition of the target account in the access source system to obtain a judgment result;
when the judgment result is that the target account is registered in the access source system, decrypting the access request link, and determining the verification result based on the decrypted access request link;
and when the judgment result is that the target account is not logged in the access source system, sending a re-login prompt message to the target account.
In one possible design, the determining the verification result based on the decrypted access request link includes:
Obtaining preset configuration information between the access target system and the access source system, wherein the preset configuration information comprises: application ID, key and authorized user;
and verifying the decrypted access request link based on the preset configuration information to obtain a verification result.
In one possible design, the verifying the decrypted access request link based on the preset configuration information to obtain a verification result includes:
acquiring an application ID, a secret key, an authorized user and a time stamp in the decrypted access request link;
And judging whether the timestamp is in a preset time range, if so, carrying out verification processing on the application ID and the authorized user based on the key to obtain the verification result.
In a third aspect, the present application provides a cross-system automatic login device, comprising:
The first receiving module is used for receiving a cross-system login request sent by a target account and determining an access target system based on the cross-system login request;
The access request link comprises at least one of an application ID, a key or an authorized user;
and the first login module is used for sending the access request link to the access target system, receiving a verification result returned by the access target system, and completing cross-system login based on the verification result.
In one possible design, the first receiving module is specifically configured to:
responding to the cross-system login request, judging the login condition of the target account in an access source system, and obtaining a judgment result;
When the judgment result is that the target account is logged in the access source system, acquiring the access target system in the cross-system login request;
and when the judgment result is that the target account is not logged in the access source system, sending a re-login prompt message to the target account.
In one possible design, the above-mentioned acquisition module is specifically configured to:
Determining a login protocol between the access target system and the access source system;
Determining the preset configuration information between the access target system and the access source system based on the login protocol, wherein the preset configuration information comprises: application ID, key and authorized user.
In one possible design, the above-mentioned acquisition module is further specifically configured to:
Acquiring an application ID, a key and an authorized user configured by the access target system for the access source system;
obtaining a time stamp of the generation time of the cross-system login request;
and signing the application ID, the secret key, the authorized user and the timestamp to obtain the access request link.
In one possible design, the first login module is specifically configured to:
The access request link is sent to the access target system, wherein the access target system performs verification processing on the access request link to obtain a verification result;
And receiving the verification result returned by the access target system, and completing cross-system login under the condition that the verification result is verification passing.
In a fourth aspect, the present application provides a cross-system automatic login device, comprising:
The second receiving module is used for receiving an access request link sent by the target account in the access source system, wherein the access request link comprises at least one of an application ID, a secret key, an authorized user or a timestamp;
The verification module is used for carrying out verification processing on the access request link to obtain a verification result;
and the second login module is used for allowing the target account to login in the access target system when the verification result is that the verification is passed.
In one possible design, the verification module is specifically configured to:
Determining the access source system based on the access request link, and judging the login condition of the target account in the access source system to obtain a judgment result;
when the judgment result is that the target account is registered in the access source system, decrypting the access request link, and determining the verification result based on the decrypted access request link;
and when the judgment result is that the target account is not logged in the access source system, sending a re-login prompt message to the target account.
In one possible design, the verification module is further specifically configured to:
Obtaining preset configuration information between the access target system and the access source system, wherein the preset configuration information comprises: application ID, key and authorized user;
and verifying the decrypted access request link based on the preset configuration information to obtain a verification result.
In one possible design, the verification module is further specifically configured to:
acquiring an application ID, a secret key, an authorized user and a time stamp in the decrypted access request link;
And judging whether the timestamp is in a preset time range, if so, carrying out verification processing on the application ID and the authorized user based on the key to obtain the verification result.
In a fifth aspect, the present application provides an electronic device, comprising: a processor and a memory communicatively coupled to the processor;
The memory stores computer-executable instructions;
The processor executes the computer-executable instructions stored in the memory to implement any of the cross-system auto-logon methods described above.
In a sixth aspect, the present application provides a computer-readable storage medium having stored therein computer-executable instructions that, when executed by a processor, are configured to implement any of the cross-system automatic login methods described above.
According to the cross-system automatic login method, the cross-system automatic login equipment and the storage medium, the cross-system login request sent by the target account is received, and the access target system is determined based on the cross-system login request; acquiring preset configuration information of the access target system, and generating an access request link based on the preset configuration information, wherein the access request link comprises at least one of an application ID, a secret key or an authorized user; and sending the access request link to the access target system, receiving a verification result returned by the access target system, and completing a technical means of cross-system login based on the verification result, thereby realizing the technical effects of improving the cross-system login authentication efficiency and increasing the security of the cross-system login process.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application.
FIG. 1 is a schematic flow chart of a cross-system automatic login method provided by the application;
FIG. 2 is a schematic flow chart of a cross-system automatic login method provided by the application;
FIG. 3 is a schematic overall flow chart of a cross-system automatic login method provided by the application;
FIG. 4 is a schematic diagram of a cross-system automatic login system according to the present application;
fig. 5 is a schematic structural diagram of a cross-system automatic login device according to an embodiment of the present invention;
Fig. 6 is a schematic structural diagram of a cross-system automatic login device according to an embodiment of the present invention;
fig. 7 is a hardware schematic diagram of a cross-system automatic login device according to an embodiment of the present invention.
Specific embodiments of the present application have been shown by way of the above drawings and will be described in more detail below. The drawings and the written description are not intended to limit the scope of the inventive concepts in any way, but rather to illustrate the inventive concepts to those skilled in the art by reference to the specific embodiments.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the application. Rather, they are merely examples of apparatus and methods consistent with aspects of the application as detailed in the accompanying claims.
It should be noted that, the user information (including but not limited to user equipment information, user personal information, etc.) and the data (including but not limited to data for analysis, stored data, presented data, etc.) related to the present application are information and data authorized by the user or fully authorized by each party, and the collection, use and processing of the related data need to comply with related laws and regulations and standards, and provide corresponding operation entries for the user to select authorization or rejection.
In the prior art, to ensure access security, the main authorization mechanisms of current cross access can be divided into: re-login authorization and automatic login authorization. Re-login authorization, namely when a user logged in the system A needs to access another system B from the platform of the system A, returning a login page by the system B, and after logging in the system B again, jumping to the original target page to continue to access; and (3) automatic login authorization, namely when a user logged in the system A needs to access another system B from the system A, initiating an automatic login request to the system B through the system A, completing user authorization after the system B judges that the request is legal, and returning to the original target page for continuous access.
In the existing re-login authorization mode, from an authorization mechanism of the system A for accessing the system B across systems, a user is required to re-input login information of the system B when logging in the system A. This mechanism first reduces the efficiency of use and user experience of the system, and more importantly, requires that the user of system a additionally possess the login account of system B, otherwise it cannot be accessed. Currently, cross-system calling has become an important means for breaking information islands, wherein one key effect is that non-self system users finish information access through other authorized systems through system mutual trust. Therefore, the re-login authorization mode cannot meet the requirements of the current system application.
The existing automatic login authorization mode utilizes the completed login state of the system A, does not need a user to input login information of the system B again, is transparent to the user in the cross-system login authorization process, is more friendly in user experience and is more suitable for cross-system application requirements. A typical automatic login authorization method at present is to deploy a public authentication center to provide bill distribution and verification interfaces for automatic login functions, and two systems need to complete center butt joint and interface joint debugging. When the system A accesses the system B, firstly applying a bill to a public authentication center, checking the login state of the system A of a user by the public authentication center, and distributing the bill normally; after the system A obtains the bill, an access request is initiated to the system B, the system B submits the bill to an authentication center checking interface after receiving the request, the center checking bill passes through and returns the related user information, and the system B completes automatic login and returns to the target page based on the user information.
It can be seen that the automatic login authorization mode requires deployment of a public authentication center, and the system A and the system B need to be in butt joint with the center; it is also desirable that the public authentication center be able to identify whether the source of the ticket distribution request has been legitimately logged in to system a. The original login mechanism of the system A is often required to be modified, namely, when a user logs in the system A, login is completed at an authentication center, so that the authentication center can effectively identify a legal login user of the system A.
The specific application scene is a decentralised cross-system automatic login scene, the target access system B configures information such as an application ID and an authorized user for the access source system A through a system negotiation signature algorithm and a secret key, and the automatic login can be realized only by carrying the application ID, a time stamp and a signature when the access source system A accesses the target system B.
The application provides a cross-system automatic login method, which aims to solve the technical problems in the prior art.
The following describes the technical scheme of the present application and how the technical scheme of the present application solves the above technical problems in detail with specific embodiments. The following embodiments may be combined with each other, and the same or similar concepts or processes may not be described in detail in some embodiments. Embodiments of the present application will be described below with reference to the accompanying drawings.
Fig. 1 is a schematic flow chart of a cross-system automatic login method provided by the application, which specifically includes the following steps:
S101: receiving a cross-system login request sent by a target account, and determining to access the target system based on the cross-system login request;
In this embodiment, the access target system (hereinafter referred to as system B) may allocate an application ID, a key, and an authorized user to the access source system (hereinafter referred to as system a) in advance, negotiate a signature algorithm, a request method, and the like. After a user logs into system a through a browser, the user accesses the front end of system a to initiate a cross-system login request for requesting access to system B.
Specifically, in response to the cross-system login request, the login condition of the target account in the access source system is judged, and a judgment result is obtained; when the judgment result is that the target account is logged in the access source system, acquiring the access target system in the cross-system login request; and when the judgment result is that the target account is not logged in the access source system, sending a re-login prompt message to the target account.
Optionally, checking the login condition of the user in the source system A, returning to the login interface if the user is not logged in, and determining the system B in the cross-system login request if the user is logged in.
S102: acquiring preset configuration information of the access target system, and generating an access request link based on the preset configuration information, wherein the access request link comprises at least one of an application ID, a secret key or an authorized user;
In this embodiment, the front end of the system a initiates a request to the back end of the system a, and the back end of the system a checks the login condition of the request source, and if it is valid, generates a signature by using a negotiation algorithm according to the distribution key, the application ID, the request parameter and the real-time timestamp, and returns an access request link.
The generated signature is to use the secret key, the application ID, the request parameter and the timestamp as source data to sign at the same time, so as to avoid the tampering of the request parameter, the immediate availability of the request and the expiration of the request.
Specifically, determining a login protocol between the access target system and the access source system; determining the preset configuration information between the access target system and the access source system based on the login protocol, wherein the preset configuration information comprises: application ID, key and authorized user.
Optionally, the pre-configuration may include application ID, key, authorized user, etc., and the pre-negotiation may be performed between systems, which may include: signature algorithm negotiation, request method negotiation, etc.
Specifically, an application ID, a key and an authorized user configured by the access target system for the access source system are obtained; obtaining a time stamp of the generation time of the cross-system login request; and signing the application ID, the secret key, the authorized user and the timestamp to obtain the access request link.
Optionally, adding the original request parameters into the pre-negotiated application ID, the key and the timestamp, and generating a request login signature according to a signature algorithm; the original request link is added with the application ID, the secret key, the time stamp and the request login signature, and then the automatic login request link is obtained.
S103: and sending the access request link to the access target system, receiving a verification result returned by the access target system, and completing cross-system login based on the verification result.
In this embodiment, the system A browser obtains the requested link and accesses the system B front end accordingly.
Specifically, the access request link is sent to the access target system, wherein the access target system performs verification processing on the access request link to obtain a verification result; and receiving the verification result returned by the access target system, and completing cross-system login under the condition that the verification result is verification passing.
Fig. 2 is a schematic flow chart of a cross-system automatic login method provided by the application, which specifically includes the following steps:
S201: receiving an access request link sent by a target account in an access source system, wherein the access request link comprises at least one of an application ID, a secret key, an authorized user or a timestamp;
in this embodiment, before receiving an access request link sent by an access source system, an access target system (hereinafter referred to as system B) allocates an application ID, a key and an authorized user to the access source system (hereinafter referred to as system a), and negotiates a signature algorithm and a request method.
Specifically, for different access source systems, different application IDs and keys should be allocated; the system B should create a special authorized user for the automatic login function, can create users with different page authorities according to different access source systems, and also can only create default users (namely the default users are common user types in software use) to support access to all pages of the automatic login.
Optionally, the system B should negotiate a unified automatic login request method with the system a, and may consider a request parameter method or a route whitelist method.
The system B checks whether the access request carries special parameters, such as an agreed signature field, if the request carries the parameters, the request is judged to be an automatic login request, and after the next login is completed, the system B directly jumps to a target page; the system A can trigger automatic login by accessing the target page and carrying special request parameters;
the system B maps the page which needs to support automatic login opening to a special white list route, when an access request in the white list is received, the system B determines the automatic login request, and after the next login is completed, the system B returns to a target page corresponding to the route; the system A can trigger automatic login by accessing the white list route.
The routing white list method can limit the auto-login entry compared to the request parameter method, but requires system B to configure a special routing map, and also requires system a to access a special link.
S202: performing verification processing on the access request link to obtain a verification result;
in this embodiment, after the front end of the system B receives the request, it first checks whether the user has logged in, if so, directly displays the target page, otherwise, it enters the next login request judgment.
Specifically, based on the access request link, determining the access source system, and judging the login condition of the target account in the access source system to obtain a judgment result; when the judgment result is that the target account is registered in the access source system, decrypting the access request link, and determining the verification result based on the decrypted access request link; and when the judgment result is that the target account is not logged in the access source system, sending a re-login prompt message to the target account.
Optionally, judging whether the automatic login request belongs to, if yes, entering a next request check, otherwise, responding according to the original mechanism; after the automatic login request is judged and confirmed, the front end of the system B sends a link containing request parameters, application IDs, time stamps and signatures to the back end of the system B for verification.
Specifically, the verifying the access request link to obtain a verification result includes: obtaining preset configuration information between the access target system and the access source system, wherein the preset configuration information comprises: application ID, key and authorized user; and verifying the decrypted access request link based on the preset configuration information to obtain the verification result.
Specifically, an application ID, a secret key, an authorized user and a time stamp in the decrypted access request link are obtained; and judging whether the timestamp is in a preset time range, if so, carrying out verification processing on the application ID and the authorized user based on the key to obtain the verification result.
Optionally, the back end of the system B checks the request time stamp, compares the current time, and returns login failure if the current time is overtime; if the time stamp check is normal, the back end of the system B checks the signature, obtains the distribution key according to the application ID, calculates the signature by the same algorithm, if the signature is consistent, the verification is passed, the authorized user is extracted to enter the next automatic login, and if the signature is inconsistent, the login failure is returned.
S203: and allowing the target account to log in the access target system under the condition that the verification result is that the verification is passed.
In the embodiment, the rear end of the system B directly completes automatic login by using the authorized user obtained by the matching in the previous step and returns login success and a user token; after the front end of the system B obtains a login success message, displaying a target page; and simultaneously, adding the user token into a computer file cookie sent to the central server information by a network or Internet user, wherein subsequent accesses of the browser all carry the user token, and the automatic login is completed.
In the embodiment of the present application, as shown in fig. 3, an overall flow chart of a cross-system automatic login method includes the following overall steps: the access target system B distributes an application ID, a secret key and an authorized user for the access source system A and negotiates a signature algorithm and a request method; after logging into the system a, the user (browser) accesses the front end of the system a and requests access to the system B.
Optionally, the front end of the system A initiates a request to the rear end of the system A, the rear end of the system A checks the login condition of the request source, and if the login condition is effective, a signature is generated by utilizing a negotiation algorithm according to the distribution key, the application ID, the request parameter and the real-time timestamp, and a request link is returned; the browser gets the requested link to access the front end of system B.
Optionally, after receiving the request, the front end of the system B firstly checks whether the user is logged in, if so, directly displays the target page, otherwise, enters the next login request judgment; judging whether the automatic login request belongs to the automatic login request, if yes, entering a next request check, otherwise, responding according to the original mechanism; after the automatic login request is judged and confirmed, the front end of the system B sends a link containing request parameters, application IDs, time stamps and signatures to the back end of the system B for verification. The back end of the system B checks the request time stamp, compares the current time, and returns login failure if the current time is overtime; if the time stamp check is normal, the back end of the system B checks the signature, obtains the distribution key according to the application ID, calculates the signature by the same algorithm, if the signature is consistent, the verification is passed, the authorized user is extracted to enter the next automatic login, and if the signature is inconsistent, the login failure is returned.
Optionally, the rear end of the system B directly completes automatic login by using the authorized user obtained by the matching in the previous step and returns login success and a user token; after the front end of the system B obtains a login success message, displaying a target page; and simultaneously, adding the user token into the cookie, and carrying the user token for subsequent access by the browser to complete automatic login.
Fig. 4 is a schematic structural diagram of a cross-system automatic login system according to the present application, which specifically includes: the system comprises a request device, an interception device, a verification device and an authorization device.
The request equipment is deployed by the source system A and is used for calculating login request signatures and generating request links, and the specific working mechanism is as follows: checking the login condition of a user in the source system A, and returning to a login interface if the user is not logged in; extracting original request parameters according to an original request facing the target system B; adding the original request parameters into the pre-negotiated application ID, the secret key and the timestamp, and generating a request login signature according to a signature algorithm; the original request link is added with the application ID, the secret key, the time stamp and the request login signature, and then the automatic login request link is obtained.
The interception device is deployed by the target system B and is used for identifying an automatic login request, and the specific working mechanism is as follows: judging whether the access user is logged in or not, returning to the target page if the access user is logged in, and entering a next automatic login judgment if the access user is not logged in; checking whether the access request carries a request login signature parameter, if so, sending the request to verification equipment, otherwise, processing according to the original mechanism of the system, and jumping to a login page.
And (3) checking equipment: the target system B is deployed for verifying the time and signature validity of the automatic login request to obtain an authorized user corresponding to the request, and the specific working mechanism is as follows: checking the request time stamp, comparing the current time, returning to login failure if the current time is overtime, otherwise, entering the next signature verification; and matching the application ID carried by the request to obtain a secret key and an authorized user, calculating a signature by an agreed algorithm, if the signature is consistent, checking, extracting the authorized user to send the signature to the authorized device, and otherwise, returning failure.
And the authorization equipment is deployed by the target system B and is used for automatically logging in by using the authorized user to finish authorization and returning a user token.
In the embodiment of the application, a cross-system automatic login realization system is provided, and the development and deployment flow comprises the following steps: the system comprises a development deployment request device, a development deployment interception device, a development deployment verification device and a development deployment authorization device.
Specifically, the request equipment belongs to the rear end of the source system A, and automatic login request link generation is realized. The generation process is exemplified as follows: assuming that the logged-in user of the source system a needs to access the authorization page of the target system B, the link is "targetBItem =x"; extracting an original request parameter as item=x (if a plurality of original request parameters are selected, sorting from small to large according to parameter ASCII codes) according to the original access link; acquiring a current timestamp: "timestamp= 1692090429865", join request parameter together with pre-negotiated application ID, key, splice new request parameter "appId = llmmnn & APPSECRET =1a2b3c & timestamp=1692090429865 & item=x"; calculating a signature based on an agreed algorithm, e.g. encryption with MD5 algorithm, based on the new request parameters, the result being saved in 16-bit lower case, resulting in a signature "autoLoginSign =61 c3e0fcf760071e"; the automatic login request link is finally generated as follows:
"targetBappId=llmmnn&appSecret=1a2b3c×tamp=1692090429865&item=x&autoLoginSign=61c3e0fcf760071e".
Specifically, the interception equipment belongs to the front end of the target system B, uniformly intercepts the access request, and further processes the access request after judging the attribute. Taking the access request link as an example, the processing procedure of the device is as follows: judging whether the user is logged in or not according to whether a legal user token is carried in a request head of the access request; if the user logs in, returning to the display target page; checking an access request of an unregistered user, wherein the request carries parameters, if the request does not contain an automatic login signature field autoLoginSign, the request belongs to common unauthorized access, and returns an unregistered prompt and jumps to a login page; if the access request carrying parameter contains an automatic login signature field autoLoginSign, the access request is judged not to be the automatic login access request, and the request is sent to the verification device.
Specifically, the verification device belongs to the back end of the target system B, and is used for verifying the time and signature validity of the automatic login request and outputting an authorized user corresponding to the request. Taking access request linking as an example, as a possible implementation, the processing procedure of the device is as follows: checking an access request timestamp field of 'timestamp= 1692090429865', comparing the current time of the server, and determining that the access request timestamp field is an expired request if the interval exceeds 5s, and returning to login failure; checking an access request application identification field 'ppId = llmmnn', and matching a signature key and an authorized user name from a self-memory bank; if no matching result is obtained, returning login failure; after combining the request parameters of the access link according to the negotiation rules, calculating a signature by utilizing a signature key and a negotiation encryption algorithm, comparing the signature with a signature field in the access link, and returning to failure if the signature field is inconsistent; if the signature comparison is successful, returning an authorized user name and sending the authorized user name to the authorization equipment; the request parameter fields related to the above processing, such as the access request is not carried, and the login failure is uniformly returned.
Specifically, the authorization equipment belongs to the rear end of the target system B, realizes automatic login, completes authorization and returns a user token. The processing procedure of the equipment is as follows: directly completing user login by using the authorized user name sent by the verification equipment; the computing user token returns, after which the user (browser) accessing the target system B will carry the user token as a logged-in user to interact with the system B.
In this embodiment, the source system accessed by the cross-system does not need to negotiate with the target system or a third party or modify the existing login mechanism, and can complete the cross-system login only by adding special fields such as signature when the cross-system login access request is initiated; the target system accessed across systems does not need to interact with a source system or a third party for login authentication, user identification and the like, and application identification, user matching and automatic login can be realized only through parameter verification of the cross-system login access request.
In addition, the source system and the target system accessed across the system do not need to unify users and roles, and the target system can realize automatic login by automatically distributing appointed roles and users according to the source system based on the existing user system.
By the embodiment of the application, the center can be removed, a public authentication center does not need to be deployed, the negotiation and compatibility of the center and the original user authentication identification mechanism do not need to be completed, and the cross-system security access can be realized with lower development amount under the condition that the original login authentication role authorization mechanism of the system is not influenced.
In the embodiment, the signature and verification of the automatic login are respectively completed by the back end of the source system and the back end of the target system, so that the risk of automatic login counterfeiting caused by front-end reverse secret key leakage is avoided; the automatic login request also carries a time stamp and is listed in a signature field, so that the real-time availability of the request is ensured, the automatic login request is obsolete due to expiration, and the risk of automatic login diffusion is avoided.
Fig. 5 is a schematic structural diagram of a cross-system automatic login device according to an embodiment of the present invention. As shown in fig. 5, the cross-system automatic login device 50 includes: a first receiving module 501, an obtaining module 502 and a first logging module 503.
A first receiving module 501, configured to receive a cross-system login request sent by a target account, and determine to access a target system based on the cross-system login request;
An obtaining module 502, configured to obtain preset configuration information of the access target system, and generate an access request link based on the preset configuration information, where the access request link includes at least one of an application ID, a key, or an authorized user;
And the first login module 503 is configured to send the access request link to the access target system, receive a verification result returned by the access target system, and complete cross-system login based on the verification result.
In one possible design, the first receiving module 501 is specifically configured to:
responding to the cross-system login request, judging the login condition of the target account in an access source system, and obtaining a judgment result;
When the judgment result is that the target account is logged in the access source system, acquiring the access target system in the cross-system login request;
when the target account is not logged into the access source system as a result of the determination, a re-login prompt message is sent to the target account
In one possible design, the obtaining module 502 is specifically configured to:
Determining a login protocol between the access target system and the access source system;
Determining the preset configuration information between the access target system and the access source system based on the login protocol, wherein the preset configuration information comprises: application ID, key and authorized user.
In one possible design, the obtaining module 502 is further specifically configured to:
Acquiring an application ID, a key and an authorized user configured by the access target system for the access source system;
obtaining a time stamp of the generation time of the cross-system login request;
and signing the application ID, the secret key, the authorized user and the timestamp to obtain the access request link.
In one possible design, the first login module 503 is specifically configured to:
The access request link is sent to the access target system, wherein the access target system performs verification processing on the access request link to obtain a verification result;
And receiving the verification result returned by the access target system, and completing cross-system login under the condition that the verification result is verification passing.
Fig. 6 is a schematic structural diagram of a cross-system automatic login device according to an embodiment of the present invention. As shown in fig. 6, the cross-system automatic login device 60 includes: a second receiving module 601, a verification module 602, and a second login module 603.
A second receiving module 601, configured to receive an access request link sent by a target account in an access source system, where the access request link includes at least one of an application ID, a key, an authorized user, or a timestamp;
the verification module 602 is configured to perform verification processing on the access request link to obtain a verification result;
and a second login module 603, configured to allow the target account to login in the access target system when the verification result is that the verification is passed.
In one possible design, the verification module 602 is specifically configured to:
Determining the access source system based on the access request link, and judging the login condition of the target account in the access source system to obtain a judgment result;
when the judgment result is that the target account is registered in the access source system, decrypting the access request link, and determining the verification result based on the decrypted access request link;
and when the judgment result is that the target account is not logged in the access source system, sending a re-login prompt message to the target account.
In one possible design, the verification module 602 is further specifically configured to:
Obtaining preset configuration information between the access target system and the access source system, wherein the preset configuration information comprises: application ID, key and authorized user;
and verifying the decrypted access request link based on the preset configuration information to obtain a verification result.
In one possible design, the verification module 602 is further specifically configured to:
acquiring an application ID, a secret key, an authorized user and a time stamp in the decrypted access request link;
And judging whether the timestamp is in a preset time range, if so, carrying out verification processing on the application ID and the authorized user based on the key to obtain the verification result.
Fig. 7 is a hardware schematic diagram of a cross-system automatic login device according to an embodiment of the present invention. As shown in fig. 7, the cross-system automatic login device 70 provided in the present embodiment includes: at least one processor 701 and a memory 702. The device 70 further comprises communication means 703. Wherein the processor 701, the memory 702 and the communication means 703 are connected by a bus 707.
In a specific implementation, at least one processor 701 executes the computer-executable instructions stored in the memory 702, such that the at least one processor 701 performs the cross-system auto-logon method as described above.
The specific implementation process of the processor 701 can be referred to the above method embodiment, and its implementation principle and technical effects are similar, and this embodiment will not be described herein again.
In the embodiment shown in fig. 7, it should be understood that the Processor may be a central processing unit (english: central Processing Unit, abbreviated as CPU), other general purpose processors, digital signal Processor (english: DIGITAL SIGNAL Processor, abbreviated as DSP), application-specific integrated Circuit (english: application SPECIFIC INTEGRATED Circuit, abbreviated as ASIC), and the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the present invention may be embodied directly in a hardware processor for execution, or in a combination of hardware and software modules in a processor for execution.
The memory may comprise high speed RAM memory or may further comprise non-volatile storage NVM, such as at least one disk memory.
The bus may be an industry standard architecture (Industry Standard Architecture, ISA) bus, an external device interconnect (PERIPHERAL COMPONENT, PCI) bus, or an extended industry standard architecture (Extended Industry Standard Architecture, EISA) bus, among others. The buses may be divided into address buses, data buses, control buses, etc. For ease of illustration, the buses in the drawings of the present application are not limited to only one bus or to one type of bus.
The present application also provides an electronic device including: a processor and a memory communicatively coupled to the processor; the memory stores computer-executable instructions; the processor executes the computer-executable instructions stored in the memory to implement any of the cross-system auto-logon methods described above.
The application also provides a computer readable storage medium, wherein the computer readable storage medium stores computer execution instructions, and when a processor executes the computer execution instructions, the cross-system automatic login method is realized.
The computer readable storage medium described above may be implemented by any type of volatile or non-volatile memory device or combination thereof, such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic disk, or optical disk. A readable storage medium can be any available medium that can be accessed by a general purpose or special purpose computer.
An exemplary readable storage medium is coupled to the processor such the processor can read information from, and write information to, the readable storage medium. In the alternative, the readable storage medium may be integral to the processor. The processor and the readable storage medium may reside in an Application SPECIFIC INTEGRATED Circuits (ASIC). It is also possible that the processor and the readable storage medium are present as discrete components in the device X0.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the method embodiments described above may be performed by hardware associated with program instructions. The foregoing program may be stored in a computer readable storage medium. The program, when executed, performs steps including the method embodiments described above; and the aforementioned storage medium includes: various media that can store program code, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the invention.
Claims (13)
1. A cross-system automatic login method, comprising:
Receiving a cross-system login request sent by a target account, and determining to access a target system based on the cross-system login request;
Acquiring preset configuration information of the access target system, and generating an access request link based on the preset configuration information, wherein the access request link comprises at least one of an application ID, a secret key or an authorized user;
And sending the access request link to the access target system, receiving a verification result returned by the access target system, and completing cross-system login based on the verification result.
2. The method of claim 1, wherein the receiving a cross-system login request sent by the target account, determining to access the target system based on the cross-system login request, comprises:
responding to the cross-system login request, judging the login condition of the target account in an access source system, and obtaining a judgment result;
Acquiring the access target system in the cross-system login request under the condition that the target account is logged in the access source system according to the judgment result;
And sending a re-login prompt message to the target account under the condition that the target account is not logged in the access source system according to the judgment result.
3. The method according to claim 2, wherein the obtaining the preset configuration information of the access target system includes:
Determining a login protocol between the access target system and the access source system;
Determining the preset configuration information between the access target system and the access source system based on the login protocol, wherein the preset configuration information comprises: application ID, key and authorized user.
4. The method of claim 3, wherein obtaining preset configuration information of the access target system, generating an access request link based on the preset configuration information, comprises:
acquiring an application ID, a key and an authorized user configured by the access target system for the access source system;
Obtaining a timestamp of the generation time of the cross-system login request;
And carrying out signature processing on the application ID, the secret key, the authorized user and the timestamp to obtain the access request link.
5. The method of claim 1, wherein sending the access request link to the access target system and receiving a verification result returned by the access target system, and completing cross-system login based on the verification result, comprises:
The access request link is sent to the access target system, wherein the access target system performs verification processing on the access request link to obtain a verification result;
And receiving the verification result returned by the access target system, and completing cross-system login under the condition that the verification result is verification passing.
6. A cross-system automatic login method, comprising:
receiving an access request link sent by a target account in an access source system, wherein the access request link comprises at least one of an application ID, a secret key, an authorized user or a timestamp;
performing verification processing on the access request link to obtain a verification result;
and allowing the target account to log in the access target system under the condition that the verification result is that the verification is passed.
7. The method of claim 6, wherein validating the access request link results in a validation result comprising:
determining the access source system based on the access request link, and judging the login condition of the target account in the access source system to obtain a judgment result;
Under the condition that the target account is logged in the access source system, the access request link is decrypted, and the verification result is determined based on the decrypted access request link;
And sending a re-login prompt message to the target account under the condition that the target account is not logged in the access source system according to the judgment result.
8. The method of claim 7, wherein the determining the verification result based on the decrypted access request link comprises:
obtaining preset configuration information between the access target system and the access source system, wherein the preset configuration information comprises: application ID, key and authorized user;
and verifying the decrypted access request link based on the preset configuration information to obtain a verification result.
9. The method according to claim 8, wherein the verifying the decrypted access request link based on the preset configuration information to obtain a verification result includes:
acquiring an application ID, a secret key, an authorized user and a time stamp in the decrypted access request link;
judging whether the time stamp is in a preset time range, if so, carrying out verification processing on the application ID and the authorized user based on the secret key to obtain the verification result.
10. A cross-system automatic login device, comprising:
The first receiving module is used for receiving a cross-system login request sent by a target account and determining an access target system based on the cross-system login request;
the access request link comprises at least one of an application ID, a key or an authorized user;
and the first login module is used for sending the access request link to the access target system, receiving a verification result returned by the access target system, and completing cross-system login based on the verification result.
11. A cross-system automatic login device, comprising:
the second receiving module is used for receiving an access request link sent by the target account in the access source system, wherein the access request link comprises at least one of an application ID, a secret key, an authorized user or a timestamp;
the verification module is used for carrying out verification processing on the access request link to obtain a verification result;
and the second login module is used for allowing the target account to login in the access target system when the verification result is that the verification is passed.
12. An electronic device, comprising: a processor, and a memory communicatively coupled to the processor;
the memory stores computer-executable instructions;
the processor executes computer-executable instructions stored in the memory to implement the cross-system auto-logon method of any one of claims 1 to 9.
13. A computer readable storage medium having stored therein computer executable instructions which when executed by a processor are for implementing a cross-system auto-logon method as claimed in any one of claims 1 to 9.
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN118282711A true CN118282711A (en) | 2024-07-02 |
Family
ID=
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110493007B (en) | Block chain based information verification method, device, equipment and storage medium | |
| AU2022200068B2 (en) | Telecommunication system and method for settling session transactions | |
| CN111429254B (en) | Business data processing method and device and readable storage medium | |
| CN111541656B (en) | Identity authentication method and system based on converged media cloud platform | |
| CN110266764B (en) | Gateway-based internal service calling method and device and terminal equipment | |
| TW202018571A (en) | Data storage method and device based on block chain and electronic equipment | |
| CN113537984A (en) | Content verification method and device based on block chain and electronic equipment | |
| CN110555029A (en) | ticket management method and device based on block chain and storage medium | |
| CN110569643A (en) | traffic management method and device based on block chain network | |
| CN109388957B (en) | Block chain-based information transfer method, device, medium and electronic equipment | |
| CN111292174A (en) | Tax payment information processing method and device and computer readable storage medium | |
| CN112700250B (en) | Identity authentication method, device and system in financial scene | |
| CN110674531B (en) | Residential information management method, device, server and medium based on block chain | |
| CN110597908A (en) | Credit investigation recording method, device and storage medium based on block chain | |
| US20220036351A1 (en) | Method and apparatus for resource exchange | |
| CN111476652A (en) | Data processing method and device based on block chain, terminal and storage medium | |
| CN115378737B (en) | Cross-domain device communication trust method, device, equipment and medium | |
| CN114117264A (en) | Illegal website identification method, device, equipment and storage medium based on block chain | |
| CN109697368B (en) | Method, device and system for safe use of user information data and storage medium | |
| CN111178896B (en) | Bus taking payment method, device and storage medium | |
| CN116881275A (en) | Database query method, device and storage medium | |
| CN107566410A (en) | A kind of data save message request treating method and apparatus from damage | |
| CN118282711A (en) | Cross-system automatic login method, device and storage medium | |
| KR20210017308A (en) | Method for providing secondary authentication service using device registration and distributed storage of data | |
| US20220301376A1 (en) | Method and System for Deployment of Authentication Seal in Secure Digital Voting |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication |