WO2024120403A1 - 应用程序的登录方法及装置、计算机设备、存储介质和芯片 - Google Patents

应用程序的登录方法及装置、计算机设备、存储介质和芯片 Download PDF

Info

Publication number
WO2024120403A1
WO2024120403A1 PCT/CN2023/136541 CN2023136541W WO2024120403A1 WO 2024120403 A1 WO2024120403 A1 WO 2024120403A1 CN 2023136541 W CN2023136541 W CN 2023136541W WO 2024120403 A1 WO2024120403 A1 WO 2024120403A1
Authority
WO
WIPO (PCT)
Prior art keywords
login
login authentication
authentication mode
user
web application
Prior art date
Application number
PCT/CN2023/136541
Other languages
English (en)
French (fr)
Inventor
陈岩
许国彪
孙冬冬
张云
肖宇
梁伟亮
Original Assignee
顺丰科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 顺丰科技有限公司 filed Critical 顺丰科技有限公司
Publication of WO2024120403A1 publication Critical patent/WO2024120403A1/zh

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • the present application belongs to the field of software development technology, and in particular, relates to a method and device for logging into an application, a computer device, a storage medium, and a chip.
  • the login authentication mode corresponding to a Web application is fixed, and a login authentication mode can include one or more login methods.
  • Different application scenarios of the same Web application often have different requirements for the login authentication mode, and a fixed login authentication mode is difficult to meet the requirements of different application scenarios.
  • the embodiments of the present application provide a method and apparatus for logging in to an application program, a computer device, a storage medium, and a chip, which can solve the technical problem of how to realize the switching of different login authentication modes of an application at a low cost in the related art.
  • the first aspect provides a login method for an application, wherein the Web application in the method includes a plurality of preset login authentication mode code modules and configuration files, wherein each login authentication mode code module corresponds to a login authentication mode, and the configuration file includes a login authentication mode configuration item, wherein a login authentication mode configuration item corresponds to a login authentication mode, and the login authentication mode configuration item in the configuration file determines the login authentication mode used by the Web application.
  • the login authentication mode of the Web application needs to be changed, it is only necessary to modify the login authentication mode configuration item in the configuration file to the login authentication mode configuration item corresponding to the login authentication mode to be adopted.
  • Such a modification method can avoid modifying a large amount of code, reduce the labor cost of switching the login mode of the Web application, and improve the efficiency of switching the login authentication mode of the Web application.
  • an embodiment of the present application provides a login device for an application, comprising: a receiving unit, configured to receive a An access request for a first Web application, wherein the first Web application includes a first configuration file and a plurality of preset login authentication mode code modules; each login authentication mode code module corresponds to a login authentication mode; the first configuration file includes a first login authentication mode configuration item, and the first login authentication mode configuration item is determined and set according to the first login authentication mode used by the first Web application; a determination unit is used to determine the first login authentication mode code module from the plurality of preset login authentication mode code modules in response to the access request according to the first login authentication mode configuration item in the first configuration file, and the first login authentication mode code module corresponds to the first login authentication mode; a login interface task unit is used to generate a login interface task according to the code in the first login authentication mode code module; a sending unit is used to send the login interface task to a terminal device, so that the terminal device displays a login interface of the first Web application based on the
  • an embodiment of the present application provides a computer-readable storage medium, in which a computer program or instructions are stored.
  • a computer reads and executes the computer program or instructions, the computer executes the steps of the method in any one of the embodiments of the first aspect above.
  • an embodiment of the present application provides a computer program product, which, when executed on a server, enables the server to execute the steps of the method in any one of the implementations in the first aspect above.
  • an embodiment of the present application provides a chip, comprising: a processor, configured to call and run a computer program from a memory, so that a computer device equipped with the chip executes a method as in any one of the embodiments of the first aspect above.
  • FIG. 1 is a flow chart of a method for configuring a login authentication mode of a Web application provided in an embodiment of the present application.
  • FIG. 2 is an interaction diagram of a method for logging into a Web application provided in an embodiment of the present application.
  • FIG. 3 is a schematic diagram of a login interface of a Web application provided in an embodiment of the present application.
  • FIG. 4 is a schematic diagram of a basic protocol process of CAS login used by a Web application in an embodiment of the present application.
  • FIG. 7 is a schematic diagram showing the principle of Shiro login used by a Web application in an embodiment of the present application.
  • FIG8 is a schematic diagram of a login interface of a Web application provided in another embodiment of the present application.
  • FIG. 9 is a schematic diagram showing the principle of OAuth login used by a Web application in an embodiment of the present application.
  • FIG. 10 is a structural block diagram of a login device for a Web application provided in an embodiment of the present application.
  • FIG. 11 is a schematic diagram of the structure of a computer device provided in an embodiment of the present application.
  • FIG. 12 is a schematic diagram of the structure of a computer-readable storage medium provided in an embodiment of the present application.
  • Web application also known as Web application, is an application that can be accessed through the Web. Users do not need to install other software, they only need a browser to access the Web application.
  • Login authentication mode refers to the specific technology used in the application login authentication process, such as CAS (Central Authentication Service) login for single sign-on for multiple application systems, OAuth (Open Authorization) login for flexible switching between this application and third-party applications, Shiro login for identity authentication and permission management, WeChat login for user convenience, etc., or it can be a login authentication mode that combines any two or more of CAS login, Shiro login, OAuth login and WeChat login.
  • CAS Central Authentication Service
  • OAuth Open Authorization
  • Login method refers to the specific operation method based on the user logging into the application, such as account and password login, third-party login (such as WeChat login, QQ login, etc.), scanning QR code login (using the client version application to scan the QR code of the web version application) or SMS verification code login, etc.
  • a login authentication mode can include one or more login methods.
  • different application scenarios may be different subordinate departments of the same group (eg, a corporation), and different application scenarios may also be different customers corresponding to the same Web application program.
  • department X1 in addition to the business data management system X, the users of department X1 also need to use multiple other application systems within the group. Therefore, it is hoped that the business data management system X and other application systems within the group can achieve single sign-on. Therefore, the current login authentication mode of the business data management system X meets the requirements of department X1.
  • department X1 there is no need to modify the business data management system X.
  • business data management system X For department X2, users of department X2 mainly use business data management system X, and do not need to use other application systems within the group. Therefore, users of department X2 hope that business data management system X can realize WeChat login.
  • the current login authentication mode of business data management system X does not meet the requirements of department X2. Therefore, when deploying business data management system X for department X2, in order to meet the requirements of department X2, it is necessary to modify business data management system X, such as redeveloping the login authentication mode part of business data management system X. Such modification involves the modification of a large amount of code content, which is a large workload and therefore requires a lot of manpower costs.
  • database service system Y (a Web application) among different customers is taken as an example to illustrate the situation where a fixed login authentication mode is difficult to meet the needs of different customers.
  • Enterprise A is a large-scale enterprise. In order to facilitate employees to use various applications, Enterprise A hopes that database service system Y can achieve single sign-on with other internal applications. Therefore, the current login authentication mode of database service system Y meets the requirements of Enterprise A.
  • Enterprise B which is a small enterprise, in order to facilitate employees to use database service system Y, Enterprise B hopes that database service system Y can be logged in using WeChat.
  • the current login authentication mode of database service system Y does not meet the requirements of Enterprise B. Therefore, when deploying database service system Y for Enterprise B, in order to meet the requirements of Enterprise B, it is necessary to modify database service system Y, such as redeveloping the login authentication mode of database service system Y. Such modifications involve the modification of a large amount of code content, which is a large workload and therefore requires a lot of manpower costs.
  • the present application provides a login method for an application, in which a Web application includes a plurality of preset login authentication mode code modules (also referred to as login parts) and a configuration file, wherein each login authentication mode code module corresponds to a login authentication mode, and the configuration file includes a login authentication mode configuration item, and one login authentication mode configuration item corresponds to one login authentication mode, and the login authentication mode configuration item in the configuration file determines the login authentication mode used by the Web application.
  • a modification method can avoid modifying a large amount of code, reduce the labor cost of switching the login authentication mode of the Web application, and improve the efficiency of switching the login authentication mode of the Web application.
  • the Web application in addition to multiple preset login authentication mode code modules and configuration files, the Web application also includes a business logic code module (also referred to as a business logic part).
  • a business logic code module also referred to as a business logic part.
  • the business logic code module includes the code corresponding to the business logic of the Web application, that is, it is used to implement the functions of the Web application related to the actual business.
  • the business logic code module can be used to process the business logic of adding, deleting, modifying and checking related to the Web application, abstract the business scenario, and perform operations such as reading data and modifying records according to different actions and steps in the business operation, so as to maintain the normal business operation of the Web application.
  • multiple preset login authentication mode code modules are used to implement functions related to the login process of the Web application.
  • the functions that can be implemented by a certain login authentication mode code module include: generating a login interface task corresponding to the preset login authentication mode, so that the terminal device displays the login interface based on the login interface task; authenticating the user according to the login information entered by the user on the login interface; when the user login authentication passes, calling the business logic code module to generate an application interface task of the Web application, so that the terminal device displays the application interface of the Web application based on the application interface task; when the user login authentication fails, a prompt task can be generated, so that the terminal device displays a login failure prompt message to the user based on the prompt task, so as to remind the user to log in again.
  • a Web application may adopt a microservice architecture, wherein a plurality of preset login authentication mode code modules are the first microservice module, and a business logic code module is the second microservice module. Specifically, after the user login authentication succeeds, the first microservice module calls the second microservice module through a remote procedure call (RPC).
  • RPC remote procedure call
  • the business logic code module can also be integrated with multiple preset login authentication mode code modules, that is, each login authentication mode code module is integrated with the business logic code module, that is, each login authentication mode code module includes all the codes that can implement the login function and business function of a Web application.
  • a login authentication mode configuration item is provided in the configuration file, the login authentication mode configuration item is modifiable content, and the login authentication mode configuration item included in the configuration file corresponds to the login authentication mode used by the Web application.
  • the login authentication mode configuration item in the configuration file matches the login authentication mode code module used; when logging into a Web application, a login authentication mode code module that matches the login authentication mode configuration item is selected, and the Web application is logged in based on the matched login authentication mode code module.
  • the configuration file can be a configuration file specifically used to set the login authentication mode configuration items, or it can be a configuration file shared by the login authentication mode configuration items and other configuration information, and this application does not impose any restrictions on this.
  • the configuration file or the login authentication mode configuration item in the configuration file can be hosted on a cloud platform. It is understandable that when the configuration file is hosted on a cloud platform, the configuration file will be stored on the cloud platform and locally, and the content of the configuration file in the cloud platform and the content in the local configuration file will change synchronously. Therefore, the login authentication mode of the Web application can be switched by modifying the login authentication mode configuration item in the configuration file of the cloud platform. And the configuration file in the cloud platform can be shared, that is, others can be authorized to modify the content of the configuration file through the cloud platform.
  • the cloud platform may be GitHub, Bitbucket, or Gitee (Code Cloud), etc.
  • the embodiments of the present application there is no limitation on the specific form of the cloud platform. As long as the cloud platform can realize synchronous modification of the configuration file content and the local configuration file content, and can realize the sharing of the cloud platform configuration file, the embodiments of the present application are not limited to this.
  • the login method of the corresponding Web application can be modified by modifying the content in the cloud platform configuration file.
  • the customer can be authorized to modify the content of the configuration file, which makes the modification of the login method of the Web application more convenient and quick.
  • FIG1 is a flow chart of a method for configuring a login authentication mode of a Web application provided in an embodiment of the present application.
  • the embodiment shown in FIG1 takes a first Web application as an example to illustrate the method for configuring a login authentication mode, but does not constitute a limitation on the protection scope of the present application.
  • the method may include S101 to S102. Each step is described below.
  • the first Web application includes a plurality of preset login authentication mode code modules and a first configuration file, and each login authentication mode code module corresponds to a login authentication mode.
  • S101 Determine a first login authentication mode used by a first Web application, where the first login authentication mode corresponds to a first login authentication mode code module, and the first login authentication mode code module is any one of a plurality of preset login authentication mode code modules.
  • the first login authentication mode used by the first Web application is determined according to user needs.
  • the first Web application includes three preset login authentication code modules, and since each login authentication code module corresponds to a login authentication mode, it means that the first Web application corresponds to three login authentication modes. Therefore, the first login authentication mode is any one of the three login authentication modes.
  • the first login authentication mode may include one login method or multiple login methods.
  • the first login authentication mode may only include account and password login.
  • the first login authentication mode may include account and password login and mobile phone verification code login. This application does not specifically limit the types of login methods included in the first login authentication mode.
  • the first login authentication mode can be CAS login, Shiro login, OAuth login, WeChat login, or any two or more of CAS login, Shiro login, OAuth login and WeChat login.
  • the first login authentication mode can also be any other available login authentication mode, which will not be repeated here.
  • S102 Setting a first login authentication configuration item in a first configuration file of a first Web application, wherein the first login authentication configuration item matches a first login authentication mode code module.
  • the first login authentication configuration item matches the first login authentication mode code module, specifically, the first login authentication configuration item and the first login authentication mode code module are paired; as long as the first login authentication configuration item is set in the first configuration file, the first Web application can automatically use the first login authentication code module to implement login.
  • a tag may be set in each preset login authentication mode code module, and the tags in different login authentication mode code modules are different. Assuming that the tag in the first login authentication mode code module is the first tag, when the first Web application needs to use the first login authentication mode (the login authentication mode corresponding to the first login authentication mode code module), it is only necessary to set the first login authentication mode configuration item in the first configuration file to the content corresponding to the first tag.
  • the @ConditionalOnExpression annotation may be used as the first marker in the first login authentication mode code module, and the annotation parameter of the @ConditionalOnExpression annotation may be set as the first login authentication mode configuration item in the first configuration file.
  • the first login authentication mode can be configured as the login authentication mode of the first Web application.
  • the configuration process only the content in the configuration file needs to be set (or modified), and the configuration process is very simple and convenient. The above process does not require any modification to the code of the first Web application, so a lot of manpower costs can be saved. Since the configuration process of the login authentication mode is relatively simple, the login authentication mode of the first Web application can be switched at any time, thereby improving user satisfaction with the first Web application.
  • a second login authentication code module can be added to the first Web application as required, and the second login mode corresponding to the second login authentication code module is different from the first login authentication mode. That is, a new login authentication mode can be added to the first Web application as required, thereby increasing the scope of application of the first Web application.
  • a login authentication mode of the first Web application can also be deleted as needed; during the deletion process, only one login authentication mode code module among multiple preset login authentication code modules needs to be deleted to delete the corresponding login authentication mode.
  • the user can use the first login authentication mode to log in to the first Web application.
  • the following describes the login method of the first Web application after configuring the first login authentication mode in conjunction with the accompanying drawings.
  • FIG2 is an interactive diagram of a method for logging into a Web application provided by an embodiment of the present application, in which a first Web application is used as an example for exemplary description. As shown in FIG2 , the method may include steps S201 to S212. Each step is described in detail below in conjunction with FIG2 .
  • Step S201 a terminal device receives a first operation from a user, where the first operation is used to open a first Web application.
  • the user may perform a first operation on the terminal device, and the first operation is used to open the first Web application.
  • the first operation may be the user inputting a URL corresponding to the first Web application in the browser, or the user clicking a client icon corresponding to the first Web application on the terminal device.
  • Step S202 the terminal device sends a first Web application access request to the server according to a first operation of the user.
  • Step S203 In response to the access request, the server determines a first login authentication mode code module from a plurality of preset login authentication mode code modules according to the first login authentication mode configuration item in the first configuration file, and the first login authentication mode code module corresponds to the first login authentication mode.
  • the first login authentication mode configuration item in the first configuration file is modifiable content, and the first login authentication mode configuration item is determined during the login authentication mode configuration process of the first Web application according to the first login authentication mode required by the customer.
  • the process of determining the first login authentication mode code module is the process of searching and matching the first login authentication mode configuration item in multiple preset login authentication mode code modules.
  • the specific method can refer to the content of matching the first login authentication configuration item with the first login authentication mode code module in step S102, which will not be repeated here.
  • a plurality of other Web applications may be deployed in the server, and different Web applications may have different login authentication modes. In this case, it is necessary to set up configuration files in the server for Web applications corresponding to different login authentication modes.
  • the first Web application deployed in the same server may correspond to a plurality of different application scenarios (for example, corresponding to different customers or departments), the same Web application may also correspond to different login authentication modes. In this case, it is also necessary to set up configuration files in the server for customers corresponding to different login authentication modes. Therefore, there may be a plurality of different configuration files in the server. Therefore, after receiving the access request of the Web application, the server needs to determine the required first configuration file from a plurality of configuration files.
  • the first Web application access request carries the identifier of the terminal device used by the user and the identifier of the first Web application; before step S203, the application login method further includes: the server determines the first configuration file from multiple configuration files according to the identifier of the first Web application and the identifier of the terminal device. In this method, the server identifies which Web application the first configuration file to be found belongs to according to the identifier of the first Web application, and identifies the application scenario of the first Web application (i.e., different customers or departments) according to the identifier of the terminal device.
  • the first Web application access request carries the identifier of the terminal device used by the user; before step S203, the application login method further includes: the server determines the first configuration file from multiple configuration files according to the identifier of the terminal device.
  • only the first Web application may be deployed in the server, and the first Web application service has multiple application scenarios (for example, corresponding to multiple customers or departments, etc.). Only one configuration file in the embodiment of the present application exists in the server. In this case, the configuration file in the server is the first configuration file.
  • Step S204 the server generates a login interface task according to the code in the first login authentication mode code module.
  • Step S205 The server sends the login interface task to the terminal device.
  • Step S206 the terminal device displays a login interface of the first Web application to the user based on the login interface task, where the login interface corresponds to the first login authentication mode.
  • the content displayed on the login interface is used to prompt and guide the user to perform the login operation.
  • the login interface may include a user and password input box, a mobile phone number and a verification code input box, or a QR code for scanning login through a third-party software, etc.
  • the content in the login interface is related to the login method included in the first login authentication mode.
  • the login authentication mode configuration item in the first configuration file is modifiable content, and the login authentication mode configuration item is determined in the login authentication mode configuration process of the first Web application according to the type of login authentication mode required by the customer. Therefore, when the login authentication mode of the first Web application needs to be modified, there is no need to modify the code content of the first Web application, and the first login authentication mode configuration item in the first configuration file can be directly modified.
  • the method is simple and easy to operate.
  • the terminal device displays the login interface to the user, which only completes the selection of the login mode of the first Web application.
  • the login method also includes a login operation performed by the user.
  • the login method also includes steps S207 to S213, and each step is described below.
  • Step S207 The terminal device receives the login operation performed by the user on the login interface displayed by the terminal device.
  • the login operation may be inputting a user name and password, or inputting a mobile phone number and a verification code, or scanning a QR code. In the embodiments of the present application, no specific limitation is made to this.
  • Step S208 The terminal device sends a user login authentication request to the server in response to the user's login operation.
  • Step S209 The server performs login authentication on the user based on the user login authentication request and obtains a login authentication result.
  • the user login authentication can be identity authentication or identity authentication and authority determination, wherein identity authentication is used to determine whether the user is a legitimate user of the first Web application, and authority determination refers to determining the functions of the first Web application that the user can use.
  • the login authentication result can be a successful login authentication or a failed login authentication.
  • Step S210 When the login authentication result is successful, the server generates an application interface task based on the code in the business logic code module.
  • Step S211 The server sends the application interface task to the terminal device.
  • Step S212 The terminal device displays the application interface of the first Web application to the user based on the application interface task.
  • the application interface refers to the interface displayed after the user successfully logs in to the first Web application, and the user uses the business functions of the first Web application in this interface.
  • the server when the server determines that the user login authentication fails, the server sends a login failure message to the terminal device and displays the first login interface to the user again to allow the user to perform login authentication again. In the case that the user login authentication fails, the login failure message is displayed to the user through the terminal device to remind the user to log in again, thereby improving the user experience.
  • the server when the server performs login authentication on a user, the server specifically uses the user information stored in the authentication interaction database to perform login authentication on the user and obtains a login authentication result; wherein the authentication interaction database includes multiple preset user information, and the user information in the authentication interaction database is periodically updated according to the user information in the target database, and the target database includes user information using the first login authentication mode.
  • the user information stored in the authentication interaction database is used to perform login authentication on the user, more specifically, by comparing the information input by the user with the user information in the interaction database.
  • the user inputs a user name and a password
  • the server searches and compares the data in the authentication interaction database. If the user name and password can be found, the login authentication is successful. If at least one of the user name and password cannot be found, the login authentication fails.
  • the user information stored in the target database is all user information. Regularly updating the authentication interaction database according to the target database can ensure that all newly added users can successfully log in to the first Web application, thereby improving the user experience; at the same time, it can prevent deleted users from logging in to the first Web application, thereby ensuring data security.
  • the server when the server performs login authentication on the user, it can specifically use the user information stored in the authentication interaction database to perform login authentication on the user and obtain the login authentication result; wherein the authentication interaction database includes the user information using the first login authentication mode, and the user information in the authentication interaction database is regularly updated using ETL (Extract-Transform-Load). Dynamically updating the authentication data in the authentication interaction database in combination with the ETL task can improve the update efficiency.
  • ETL Extract-Transform-Load
  • regular updates can be updating user information after a preset time period.
  • updates can be performed at a fixed time every day, every week, or every month.
  • the specific update frequency and update method can be set according to needs, and will not be described in detail here.
  • a Redis sentinel mode cluster is used to cache user-related session information generated during the login authentication process.
  • the Redis sentinel mode cluster is the Redis Sentinel cluster
  • the session information refers to the Session information.
  • multiple servers are used to cache the user-related Session information generated by the login authentication process.
  • the multiple servers include a master server and at least one slave server. Sentinel obtains whether the working status of the master server is normal through monitoring. When the master server fails, Sentinel will automatically failover and promote the slave server it monitors to the master server, thereby ensuring the high availability of the system and then ensuring the security of the stored Session information.
  • the session information includes the user information entered during the user login process.
  • the server stores the session information.
  • the data can be read through the memory (the Redis sentinel mode cluster stores the data in the memory), which is more convenient than reading from the data.
  • the data in the database can be read faster, which can improve the efficiency of login authentication; and it can realize the sharing of Session data between servers of different Web applications, improving the utilization of data.
  • FIG3 is a schematic diagram of a login interface of a Web application provided in an embodiment of the present application.
  • the login authentication mode corresponding to the login interface is CAS login.
  • the login authentication mode includes two login methods.
  • the login method displayed in the login interface shown in FIG3 is account password login. The user can switch the login method to scanning the QR code login by clicking the QR code icon in FIG3 .
  • CAS is a framework for single sign-on (SSO), and its full name is Central Authentication Service.
  • SSO single sign-on
  • CAS has the following features: (1) It is an open source enterprise-level single sign-on solution. (2)
  • the CAS server i.e., CAS Server
  • the CAS client supports clients in many languages (this client refers to the various Web applications in the single sign-on system), including Java, .Net, PHP, Perl, Apache, uPortal, Ruby, etc.
  • FIG4 is a schematic diagram of the basic protocol process of CAS login used by the Web application in an embodiment of the present application.
  • the framework of CAS login includes two parts: the CAS server (i.e., CAS Server) and the CAS client.
  • the CAS server needs to be deployed independently and is mainly responsible for user authentication; the CAS client is responsible for processing access requests for client-protected resources, and redirects to the CAS server when login is required.
  • the CAS client is deployed together with the protected client application (i.e., Web application) to protect the protected resources in a Filter manner.
  • the Web browser in FIG4 is the entry point for users to request access to the Web application.
  • Step 1 access service: The user sends a request to the CAS client to access the service resources provided by the Web application.
  • the CAS client analyzes whether the user's request contains a Service Ticket; if the request does not contain a Service Ticket, it means that the current user has not logged in (or the user is logging in to the Web application for the first time), so the CAS client executes the next step (i.e., step 2).
  • Step 2 Directed authentication: The CAS client redirects the user request to the CAS server.
  • Step 3 User authentication: i.e. user identity authentication. The user enters authentication information for login authentication. If the login authentication is successful, the next step (i.e. step 4) is executed.
  • Step 4 Issue a ticket: The CAS server will generate a random service ticket (Service Ticket).
  • Step 5 ticket verification: The CAS client and CAS server perform identity verification to ensure the legitimacy of the service ticket. After the verification is passed, the CAS client is allowed to access the service.
  • Step 6 Transmit user information: After the service ticket (Service Ticket) is verified, the CAS server transmits the user authentication result information (User name) to the CAS client.
  • the service ticket Service Ticket
  • the CAS server transmits the user authentication result information (User name) to the CAS client.
  • FIG5 is a flow chart of CAS login used by a Web application in an embodiment of the present application.
  • CAS login mainly includes authorization and authentication processes.
  • user information (such as user account password) stored in the database is used for authentication, and the user information in the database is updated using ETL.
  • the user's account and password are verified by using a database (for example, the user's company database can be integrated), and the user account and password information in the database is regularly updated by a scheduling task (using ETL).
  • a database for example, the user's company database can be integrated
  • ETL electronic book
  • Fig. 6 is a schematic diagram of a login interface of a Web application provided in another embodiment of the present application.
  • the login authentication mode corresponding to the login interface includes only one login method (account and password login), and the login authentication mode is Shiro login. It is known to those skilled in the art that other login methods can be added as needed in this login mode.
  • FIG7 is a schematic diagram of the Shiro login principle used by the Web application in an embodiment of the present application.
  • Shiro is a security framework based on Java that aims to simplify authentication and authorization.
  • the Shiro framework can be used in both JavaEE and JavaSE. It is mainly used to handle identity authentication, authorization, enterprise session management, encryption, etc. The following describes the various functional points numbered 1 to 5 in FIG7.
  • 3Session management each time a user logs in, it is a session. All user information exists in the session until the Web application is exited.
  • Shiro framework can be easily integrated into the Web environment.
  • the embodiment of the present application has made some improvements on the basis of the basic Shiro login authentication authorization.
  • the unimproved contents in FIG7 can be understood by referring to the definitions in the prior art, and will not be described here.
  • the improved contents are described below in conjunction with FIG7 .
  • the embodiment of the present application adds a customizable user filter 701 (Customer Filter) on the basis of the basic Shiro login authentication authorization to ensure the successful routing of the URLs (i.e., URL, Urluniform Resource Locator) of other interfaces after the login authentication in the web application.
  • a customizable user filter 701 Customer Filter
  • the embodiment of the present application can also use a Redis sentinel mode cluster (including a master server and at least one slave server) (implemented by the Redis function box 702 in FIG7 ) to cache the Session information of the logged-in user.
  • Such an operation enables the Session information to be directly obtained from the Redis sentinel mode cluster during login authentication, so that the Session information can be quickly read and written, thereby improving the efficiency of authentication and authorization.
  • the Redis sentinel mode realizes the sharing of user login Session information on the server of the Web application. This transformation can adapt to the vast majority of Web applications and further improve the efficiency of authentication and authorization.
  • FIG8 is a schematic diagram of a login interface of a Web application provided in another embodiment of the present application.
  • the login authentication mode corresponding to the login interface includes only one login method (account and password login), and the login authentication mode is OAuth login. It is known to those skilled in the art that other login methods can be added as needed under this login mode.
  • OAuth authentication is to allow third-party applications to authorize users to access the open platform (mainly the resource interface in the resource server of the platform) without obtaining sensitive user information (such as account password, user PIN, etc.).
  • FIG9 is a schematic diagram of the OAuth login used by the Web application in an embodiment of the present application.
  • the user uses the user agent (User Agent) to interact with the authentication server (Authorization Server) and the third-party application (Client).
  • the user agent User Agent
  • the process of OAuth login includes steps (A) to (E) shown in FIG9 , and each step is briefly described below.
  • the user (Resource Owner) must first remain logged in to the Web application (assuming it is Web application M) described in the implementation of this application, that is, the user has been authenticated in Web application M.
  • the Rediss sentinel mode cluster has stored the session information generated when the user logged in to the Web application M (the session information includes user information), and the authentication server can obtain the user information from the Rediss sentinel mode cluster.
  • the following process is the authentication steps when a user logs in to a third-party application.
  • the third-party application requests user authorization (Auth Code Request) (i.e. an operation interface pops up to ask the user to confirm authorization to the third-party application).
  • Auth Code Request i.e. an operation interface pops up to ask the user to confirm authorization to the third-party application.
  • the third-party application obtains the authorization code (Authorization Code) from the authentication server. After obtaining the authorization code, the authentication server web page where the user is located will jump to the callback address (redirect_uri) (that is, jump to the third-party application).
  • authorization code Authorization Code
  • the authentication server web page where the user is located will jump to the callback address (redirect_uri) (that is, jump to the third-party application).
  • the third-party application carries the "authorization code” and application authentication information (client_id&client_secret) to the authentication server in exchange for an Access token (Authorization Code+URI).
  • a Redis sentinel mode cluster (including a master server and at least one slave server) is introduced to store the user's Session information (mainly the user information (User Info) therein) and cache (Cache) information (i.e. the function implemented by the Redis function box 901 shown in FIG. 9), and the user information of multiple systems can be added (i.e. the function implemented by the function box 902 shown in FIG. 9), and the user information of multiple systems can be shared while using the OAuth login authentication mode.
  • the multiple systems (system A, system B, system C and system D in the function box 902 shown in FIG. 9) refer to multiple Web applications, that is, Redis can store the user information of multiple different Web applications, and the multiple servers of the Redis sentinel mode cluster can share Session data and be compatible with users of multiple systems.
  • the embodiment of the present application also provides a login device for the application, which includes a unit for executing each step performed by the server in the login method of the application in any of the above embodiments.
  • the login device 1000 of the application includes: a receiving unit 1001, a determining unit 1002, a login interface task unit 1003 and a sending unit 1004.
  • the receiving unit 1001 is used to receive an access request for a first Web application sent by a terminal device, where the first Web application includes a first configuration file and multiple preset login authentication mode code modules; each login authentication mode code module corresponds to a login authentication mode; the first configuration file includes a first login authentication mode configuration item, and the first login authentication mode configuration item is determined and set according to the first login authentication mode used by the first Web application.
  • the determination unit 1002 is used to determine, in response to an access request, a first login authentication mode code module from a plurality of preset login authentication mode code modules according to a first login authentication mode configuration item in a first configuration file, the first login authentication mode code module corresponding to the first login authentication mode.
  • the login interface task unit 1003 is used to generate a login interface task according to the code in the first login authentication mode code module.
  • the sending unit 1004 is used to send the login interface task to the terminal device, so that the terminal device displays the login interface of the first Web application based on the login interface task, and the login interface corresponds to the first login authentication mode.
  • the first configuration file is hosted on a cloud platform.
  • the first login authentication mode is CAS login, Shiro login, OAuth login, WeChat login, or a combination of any two or more of CAS login, Shiro login, OAuth login and WeChat login.
  • the first Web application includes a business logic code module
  • the application login device 1000 also includes a login authentication unit and an application interface generation unit.
  • the receiving unit 1001 is used to receive a user login authentication request sent by a terminal device, where the user login authentication request is sent by the terminal device in response to a login operation performed by a user on a login interface.
  • the login authentication unit is used to perform login authentication on the user based on the user login authentication request and obtain the login authentication result.
  • the application interface generation unit is used to generate an application interface task based on the code in the business logic code module when the login authentication result is a successful login authentication.
  • the sending unit 1004 is configured to send the application interface task to the terminal device, so that the terminal device displays the application interface of the first Web application based on the application interface task.
  • a login authentication unit is used to perform login authentication on the user based on the user login authentication request, using the user information stored in the authentication interaction database to obtain a login authentication result;
  • the authentication interaction database includes multiple preset user information
  • the target database includes user information using the first login authentication mode, and the user information in the authentication interaction database is periodically updated according to the user information in the target database.
  • the application login device 1000 further includes a cache unit.
  • the cache unit is used to cache the user-related session information generated during the login authentication process by using the Redis sentinel mode cluster when the login authentication result is a successful login authentication.
  • An embodiment of the present application also provides a computer device 1100.
  • the computer device in this embodiment can be a server in a method embodiment.
  • the computer device 1100 of this embodiment includes: a processor 1101, a memory 1102, and a computer program 1104 stored in the memory 1102 and executable on the processor 1101.
  • the computer program 1104 can be executed by the processor 1101 to generate instructions 1103, and the processor 1101 can implement the steps in the login method embodiments of the above-mentioned various applications according to the instructions 1103.
  • the processor 1101 executes the computer program 1104, the functions of each module/unit in the above-mentioned device embodiments are implemented, such as the functions of the receiving unit 1001 to the sending unit 1004 shown in Figure 10.
  • the computer program 1104 may be divided into one or more modules/units, one or more modules/units are stored in the memory 1102, and executed by the processor 1101 to complete the present application.
  • One or more modules/units may be a series of computer program instruction segments capable of completing specific functions, and the instruction segments are used to describe the execution process of the computer program 1104 in the computer device 1100.
  • FIG11 is merely an example of a computer device 1100 and does not constitute a limitation on the computer device 1100.
  • the computer device 1100 may include more or fewer components than shown in the figure, or a combination of certain components, or different components.
  • the computer device 1100 may also include input and output devices, network access devices, buses, etc.
  • the processor 1101 may be a central processing unit (CPU), or other general-purpose processors, digital signal processors (DSP), application-specific integrated circuits (ASIC), field-programmable gate arrays (FPGA), or other programmable logic devices, discrete gates, or transistor logic devices. Logic devices, discrete hardware components, etc.
  • a general purpose processor may be a microprocessor or the processor may also be any conventional processor, etc.
  • the memory 1102 may be an internal storage unit of the computer device 1100, such as a hard disk or memory of the computer device 1100.
  • the memory 1102 may also be an external storage device of the computer device 1100, such as a plug-in hard disk, a smart media card (SMC), a secure digital (SD) card, a flash card (Flash Card), etc. equipped on the computer device 1100.
  • the memory 1102 may also include both an internal storage unit of the computer device 1100 and an external storage device.
  • the memory 1102 is used to store computer programs and other programs and data required by the computer device 1100.
  • the memory 1102 may also be used to temporarily store data that has been output or is to be output.
  • the technicians in the relevant field can clearly understand that for the convenience and simplicity of description, only the division of the above-mentioned functional units and modules is used as an example for illustration.
  • the above-mentioned function allocation can be completed by different functional units and modules as needed, that is, the internal structure of the device can be divided into different functional units or modules to complete all or part of the functions described above.
  • the functional units and modules in the embodiment can be integrated in a processing unit, or each unit can exist physically separately, or two or more units can be integrated in one unit.
  • the above-mentioned integrated unit can be implemented in the form of hardware or in the form of software functional units.
  • the embodiment of the present application also provides a computer-readable storage medium, as shown in FIG12 , in which a computer program or instruction 1201 is stored.
  • a computer reads and executes the computer program or instruction 1201
  • the computer executes the steps in the above-mentioned various method embodiments.
  • the readable medium may be a read-only memory (ROM) or a random access memory (RAM), which is not limited in the embodiment of the present application.
  • An embodiment of the present application provides a computer program product.
  • the server can implement the steps in the above-mentioned method embodiments when executing the server.
  • the embodiment of the present application also provides a chip, which includes: a processing unit and a communication unit, the processing unit, for example, may be a processor, and the communication unit, for example, may be an input/output interface, a pin or a circuit, etc.
  • the processing unit may execute computer instructions to enable a computer device to execute any of the login methods for the application provided in the embodiment of the present application.
  • the computer instructions are stored in a storage unit.
  • the storage unit is a storage unit within the chip, such as a register, a cache, etc.
  • the storage unit may also be a storage unit located outside the chip within the terminal, such as a ROM or other types of static storage devices that can store static information and instructions, random RAM, etc.
  • the processor mentioned in any of the above may be a CPU, a microprocessor, an ASIC, or one or more integrated circuits for controlling the display of the above-mentioned electronic device and the execution of the program of the control method.
  • the processing unit and the storage unit may be decoupled and respectively arranged on different physical devices, and connected by wire or wireless means to implement the respective functions of the processing unit and the storage unit, so as to support the system chip to implement the various functions in the above-mentioned embodiments.
  • the processing unit and the memory may also be coupled on the same device.
  • the chip provided in the embodiment of the present application can be an integrated circuit for implementing the login method of any of the above-mentioned applications, and the main function of the chip is to execute the steps or processes defined by the login method of the application in the embodiment of the present application, that is, to implement the login method of the application in the embodiment of the present application by hardware.
  • the computer-readable storage medium provided in the embodiment of the present application is mainly used to store a computer program, which, when executed, implements the steps or processes defined by the login method of any of the above-mentioned applications, that is, to implement the login method of the application in the embodiment of the present application in the form of computer software.
  • the disclosed devices/equipment and methods can be implemented in other ways.
  • the device/equipment embodiments described above are merely schematic, for example, the division of the modules or units is only a logical function division, and there may be other division methods in actual implementation, such as multiple units or components can be combined or integrated into another system, or some features can be ignored or not executed.
  • Another point is that the mutual coupling or direct coupling or communication connection shown or discussed can be through some interfaces, indirect coupling or communication connection of devices or units, which can be electrical, mechanical or other forms.
  • the units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place or distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
  • each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
  • the above-mentioned integrated unit may be implemented in the form of hardware or in the form of software functional units.
  • the integrated module/unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer-readable storage medium.
  • the present application implements all or part of the processes in the above-mentioned embodiment method, which can be completed by instructing the relevant hardware through a computer program.
  • the computer program can be stored in a computer-readable storage medium, and the computer program can implement the steps of the above-mentioned various method embodiments when executed by the processor.
  • the computer program includes computer program code, and the computer program code can be in source code form, object code form, executable file or some intermediate form.
  • the computer-readable medium may at least include: any entity or device that can carry the computer program code to the device/server, a recording medium, a computer memory, a read-only memory (ROM), a random access memory (RAM), an electric carrier signal, a telecommunication signal, and a software distribution medium.
  • a recording medium for example, a USB flash drive, a mobile hard disk, a magnetic disk or an optical disk.
  • ROM read-only memory
  • RAM random access memory
  • an electric carrier signal a telecommunication signal
  • a software distribution medium for example, a USB flash drive, a mobile hard disk, a magnetic disk or an optical disk.
  • computer-readable media cannot be electric carrier signals and telecommunication signals.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

一种应用程序的登录方法及装置、计算机设备、存储介质和芯片,该方法包括:接收终端设备发送的针对第一Web应用程序的访问请求;响应于访问请求,根据第一配置文件中的第一登录认证模式配置项,从多个预设的登录认证模式代码模块中,确定出第一登录认证模式代码模块;根据第一登录认证模式代码模块中的代码,生成登录界面任务;将登录界面任务发送至终端设备,以使终端设备基于登录界面任务显示第一Web应用程序的登录界面,登录界面与第一登录认证模式对应。上述方法通过修改配置文件中的登录认证模式配置项,来切换Web应用程序的登录认证模式,可以降低人力成本,提高Web应用程序切换登录认证模式的效率。

Description

应用程序的登录方法及装置、计算机设备、存储介质和芯片 技术领域
本申请属于软件开发技术领域,尤其涉及一种应用程序的登录方法及装置、计算机设备、存储介质和芯片。
发明背景
随着互联网时代的到来,各行各业的数字化转型迫在眉睫,在此趋势之下,各式各样的Web应用如雨后春笋般涌现,而作为使用应用的最先入口,应用的登录环节在产品体验中无疑是最重要的部分之一。
一般来说,一个Web应用程序所对应的登录认证模式是固定的,一种登录认证模式可以包括一种或者多种登录方式。同一Web应用程序的不同应用场景经常会对登录认证模式有不同的需求,固定的登录认证模式难以满足不同的应用场景的需求。为了使得某一个Web应用程序满足不同应用场景对登录认证模式的需求,往往需要对该Web应用程序的代码进行修改,这样的修改往往会耗费大量的人力成本。
因此,如何低成本地实现应用的不同登录认证模式的切换成为亟待解决的技术问题。
发明内容
本申请实施例提供了一种应用程序的登录方法及装置、计算机设备、存储介质和芯片,可以解决相关技术中如何低成本地实现应用的不同登录认证模式的切换的技术问题。
第一方面,本申请实施例提供了一种应用程序的登录方法,应用于服务器,该方法包括:接收终端设备发送的针对第一Web应用程序的访问请求,其中,第一Web应用程序包括第一配置文件和多个预设的登录认证模式代码模块;每个登录认证模式代码模块对应一种登录认证模式;第一配置文件包括第一登录认证模式配置项,第一登录认证模式配置项是根据第一Web应用程序所使用的第一登录认证模式确定和设置的;响应于访问请求,根据第一配置文件中的第一登录认证模式配置项,从多个预设的登录认证模式代码模块中,确定出第一登录认证模式代码模块,第一登录认证模式代码模块与第一登录认证模式对应;根据第一登录认证模式代码模块中的代码,生成登录界面任务;将登录界面任务发送至终端设备,以使终端设备基于登录界面任务显示第一Web应用程序的登录界面,登录界面与第一登录认证模式对应。
第一方面提供的应用程序的登录方法,该方法中的Web应用程序包括多个预设的登录认证模式代码模块和配置文件,其中每种登录认证模式代码模块对应一种登录认证模式,配置文件包括登录认证模式配置项,一个登录认证模式配置项与一个登录认证模式对应,配置文件中的登录认证模式配置项决定了该Web应用程序所使用的登录认证模式。当需要改变Web应用程序的登录认证模式时,只需要将配置文件中的登录认证模式配置项,修改为与想要采用的登录认证模式对应的登录认证模式配置项即可,这样的修改方式可以避免对大量代码进行修改,降低Web应用程序进行登录模式切换的人力成本,提高Web应用程序切换登录认证模式的效率。
第二方面,本申请实施例提供了一种应用程序的登录装置,包括:接收单元,用于接收终端设备发送的 针对第一Web应用程序的访问请求,其中,第一Web应用程序包括第一配置文件和多个预设的登录认证模式代码模块;每个登录认证模式代码模块对应一种登录认证模式;第一配置文件包括第一登录认证模式配置项,第一登录认证模式配置项是根据第一Web应用程序所使用的第一登录认证模式确定和设置的;确定单元,用于响应于访问请求,根据第一配置文件中的第一登录认证模式配置项,从多个预设的登录认证模式代码模块中,确定出第一登录认证模式代码模块,第一登录认证模式代码模块与第一登录认证模式对应;登录界面任务单元,用于根据第一登录认证模式代码模块中的代码,生成登录界面任务;发送单元,用于将登录界面任务发送至终端设备,以使终端设备基于登录界面任务显示第一Web应用程序的登录界面,登录界面与第一登录认证模式对应。
第三方面,本申请实施例提供了一种计算机设备,包括存储器、处理器以及存储在存储器中并可在处理器上运行的计算机程序,处理器执行计算机程序时实现如以上第一方面中任一实施方式中方法的步骤。
第四方面,本申请实施例提供了一种计算机可读存储介质,计算机可读存储介质中存储有计算机程序或指令,当计算机读取并执行计算机程序或指令时,使得计算机执行如以上第一方面中任一实施方式中方法的步骤。
第五方面,本申请实施例提供了一种计算机程序产品,当计算机程序产品在服务器上运行时,使得服务器执行以上第一方面中任一实施方式中方法的步骤。
第六方面,本申请实施例提供了一种芯片,包括:处理器,用于从存储器中调用并运行计算机程序,使得安装有芯片的计算机设备执行如以上第一方面中任一实施方式中的方法。
可以理解的是,上述第二方面至第六方面的有益效果可以参见上述第一方面中的相关描述,在此不再赘述。
附图简要说明
为了更清楚地说明本申请实施例中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。
图1是本申请一实施例提供的Web应用程序的登录认证模式的配置方法的流程示意图。
图2是本申请一实施例提供的一种Web应用程序的登录方法的交互图。
图3是本申请一实施例提供的一种Web应用程序的登录界面的示意图。
图4是本申请一实施例中Web应用程序所使用的CAS登录的基本协议过程示意图。
图5是本申请一实施例中的Web应用程序所使用的CAS登录的流程示意图。
图6是本申请另一实施例提供的一种Web应用程序的登录界面的示意图。
图7是本申请一实施例中的Web应用程序所使用的Shiro登录的原理示意图。
图8是本申请另一实施例提供的一个Web应用程序的登录界面示意图。
图9是本申请一实施例中的Web应用程序所使用的OAuth登录的原理示意图。
图10是本申请一实施例提供的Web应用程序的登录装置的结构框图。
图11是本申请一实施例提供的计算机设备的结构示意图。
图12是本申请一实施例提供的计算机可读存储介质的结构示意图。
实施本发明的方式
为了使得本申请更容易被理解,下面对本申请涉及到的一些名词进行解释说明。
Web应用程序:也称Web应用,是一种可以通过Web访问的应用程序。用户不需要再安装其他软件,只需要有浏览器即可对Web应用程序进行访问。
登录认证模式:指的是应用程序登录认证过程所使用的具体技术,例如可以为用于实现多应用系统的单点登录的CAS(Central Authentication Service,中央认证服务)登录,用于实现本应用程序和第三方应用程序之间的灵活切换的OAuth(Open Authorization,开放授权)登录,同时包括身份认证和权限管理的Shiro登录,方便用户使用的微信登录等,或者也可以是CAS登录、Shiro登录、OAuth登录和微信登录中任意两种或多种相结合的登录认证模式。
登录方式:指的是基于用户登录应用程序的具体操作方法,例如可以为账号密码登录、第三方登录(例如微信登录、QQ登录等)、扫二维码登录(采用客户端版本应用程序扫描网页版本应用程序的二维码)或短信验证码登录等。
随着互联网时代的到来,Web应用程序随处可见,登录环节是用户访问Web应用程序的最先的入口。不用的Web应用程序会有不用的登录认证模式,一般来说一个Web应用程序所对应的登录认证模式是固定的,一种登录认证模式可以包括一种或者多种登录方式。
目前,很多Web应用程序往往需要根据具体的应用场景进行个性化的部署,即同一个Web应用需要满足多个不同应用场景的需求。不同的应用场景对于同一个Web应用功能的登录认证模式的要求经常会有差异,因此固定的登录认证模式使得Web应用程序难以满足不同应用场景的需求。为了满足不同应用场景的需求,往往需要对Web应用程序的代码进行大量的修改,从而导致耗费大量的人力成本。
示例性的,不同的应用场景可以是同一个团体(例如集团)的不同下属部门,不同的应用场景也可以是同一个Web应用程序所对应的不同客户。
为了使得本申请所涉及的技术问题可以被更清楚的理解,下面首先以业务数据管理系统X(一个Web应用程序)在一个集团内部的不同下属部门中的应用为例,对固定的登录认证方式难以满足不同部门需求的情况进行示例性说明。
假设,业务数据管理系统X当前的登录认证模式采用的是CAS登录,使得用户可以实现与集团内部的其他应用系统实现单点登录。两个不同的下属部门分别为部门X1和部门X2,部门X1和部门X2对业务数据管理系统X的登录认证模式的需求有所不同。
具体地,对于部门X1来说,部门X1的用户除了业务数据管理系统X外,也需要使用集团内部的多个其他应用系统,因此希望业务数据管理系统X与集团内部的其他应用系统可以实现单点登录,因此,业务数据管理系统X当前的登录认证模式符合部门X1的要求,在为部门X1部署业务数据管理系统X时,无需对业务数据管理系统X进行修改。
对于部门X2来说,部门X2的用户主要使用业务数据管理系统X,而不需要使用集团内部的其他应用系统,因此部门X2的用户希望业务数据管理系统X可以实现微信登录。业务数据管理系统X当前的登录认证模式不符合部门X2的要求。那么在为部门X2部署业务数据管理系统X时,为了满足部门X2的要求,就需要对业务数据管理系统X进行修改,例如重新对业务数据管理系统X的登录认证模式部分进行开发。这样的修改涉及大量代码内容的修改,工作量较大,因此需要耗费大量的人力成本。
下面再以数据库服务系统Y(一个Web应用程序)在不同客户之间的应用为例,对固定的登录认证模式难以满足不同客户需求的情况进行示例性说明。
假设,数据库服务系统Y当前的登录认证模式采用的是CAS登录,使得客户可以实现数据库服务系统Y与多个其他应用系统的单点登录。两个不同的客户分别为企业A和企业B,企业A和企业B对数据库服务系统Y的登录认证模式的需求有所不同。
具体地,对于企业A来说,企业A属于规模较大的企业,为了方便员工对各种不同的应用程序的使用,企业A希望数据库服务系统Y可以与其内部的其他应用之间可以实现单点登录,因此,数据库服务系统Y当前的登录认证模式符合企业A的要求。
对于企业B来说,企业B为小型企业,为了方便员工对数据库服务系统Y的使用,企业B希望数据库服务系统Y可以采用微信登录。数据库服务系统Y当前的登录认证模式不符合企业B的要求。那么在为企业B部署数据库服务系统Y时,为了满足企业B的要求,需要对数据库服务系统Y进行修改,例如重新对数据库服务系统Y的登录认证模式部分进行开发。这样的修改涉及大量代码内容的修改,工作量较大,因此需要耗费大量的人力成本。
在对技术问题进行清楚的解释之后,下面对本申请基于上述技术问题的技术方案进行说明。
针对上述技术问题,本申请提供一种应用程序的登录方法,在该方法中,Web应用程序包括多个预设的登录认证模式代码模块(也称为登录部分)和配置文件,其中每种登录认证模式代码模块对应一种登录认证模式,配置文件包括登录认证模式配置项,一个登录认证模式配置项与一个登录认证模式对应,配置文件中的登录认证模式配置项决定了该Web应用程序所使用的登录认证模式。当需要改变Web应用程序的登录认证模式时,只需要将配置文件中的登录认证模式配置项,修改为与想要采用的登录认证模式对应的登录认证模式配置项即可,这样的修改方式可以避免对大量代码进行修改,降低Web应用程序切换登录认证模式的人力成本,提高Web应用程序切换登录认证模式的效率。
可以理解的是,在一些实施例中,除了多个预设的登录认证模式代码模块和配置文件之外,Web应用程序还包括业务逻辑代码模块(也称为业务逻辑部分)。通过设置业务逻辑码块,将Web应用程序中的业务逻辑相关的代码与登录认证相关的代码分开,从而更便于Web应用程序的代码的开发和维护。
下面分别对Web应用程序中的多个预设的登录认证模式代码模块、业务逻辑代码模块和配置文件三个部分进行具体的解释说明。
应当理解,业务逻辑代码模块包括与Web应用程序的业务逻辑对应的代码,即用于实现Web应用程序的与实际业务相关的功能。例如,业务逻辑代码模块可以用于处理与Web应用程序相关的增删改查的业务逻辑,对业务场景进行抽象,并根据业务操作中的不同动作、步骤等,进行诸如读数据、记录修改等操作,从而维持Web应用程序的正常业务运转。
还应理解,多个预设的登录认证模式代码模块,用于实现与Web应用程序的登录过程相关的功能。例如,某个登录认证模式代码模块可以实现的功能包括:生成与该预设登录认证模式对应的登录界面任务,以使终端设备基于登录界面任务显示登录界面;根据用户在登录界面输入的登录信息对用户进行身份认证;当用户登录认证通过之后,调用业务逻辑代码模块生成Web应用程序的应用界面任务,以使终端设备基于应用界面任务显示Web应用程序的应用界面;当用户登录认证失败后,可以生成提示任务,以使终端设备基于提示任务向用户显示登录失败提示信息,以提醒用户再次进行登录认证。
示例性的,Web应用程序可以采用微服务架构,其中多个预设的登录认证模式代码模块为第一微服务模块,业务逻辑代码模块为第二微服务模块。具体的,当用户登录认证成功之后,第一微服务模块通过远程过程调用(Remote Producer Call,RPC)来调用第二微服务模块。通过将多个预设的登录认证模式代码模块和业务逻辑代码模块,设置为两个独立且可以相互调用的微服务模块,在Web应用程序的整体的功能没有改变的同时,将Web应用程序分解成可管理的两个微服务模块,单个微服务模块可以更快地进行开发,更简单地进行理解和维护。
应当理解,在另外一些实施例中,也可以将业务逻辑代码模块与多个预设的登录认证模式代码模块融合设置,即每个登录认证模式代码模块均融合有业务逻辑代码模块,即每个登录认证模式代码模块中包括可以实现一个Web应用程序的登录功能和业务功能的所有代码。
在一些实施例中,配置文件中设置有登录认证模式配置项,登录认证模式配置项为可修改内容,配置文件中所包括的登录认证模式配置项与Web应用程序所使用的登录认证模式相对应。
可以理解的是,配置文件中的登录认证模式配置项与所使用的登录认证模式代码模块匹配;在登录Web应用程序时,选择与登录认证模式配置项相匹配的登录认证模式代码模块,基于匹配到的登录认证模式代码模块进行Web应用程序的登录。
可以理解的是,在Web应用程序中,配置文件可以为专门用于设置登录认证模式配置项的配置文件,也可以为登录认证模式配置项与其他配置信息所共用的配置文件,本申请对此不做限制。
在一些实施例中,配置文件或者配置文件中的登录认证模式配置项可以托管于云平台。可以理解的是,在将配置文件托管至某个云平台时,在云平台和本地均会存储有该配置文件,云平台中的配置文件的内容和本地配置文件中的内容会同步发生变化,因此可以通过修改云平台的配置文件中的登录认证模式配置项,来实现Web应用程序的登录认证模式的切换。并且云平台中的配置文件可以共享,即可以授权他人通过云平台对配置文件的内容进行修改。
示例性的,云平台可以为GitHub、Bitbucket或者Gitee(码云)等。
应理解,在本申请实施例中,对于云平台的具体形式不作限制,只要云平台可以实现配置文件内容与本地配置文件内容同步修改,并且可以实现云平台配置文件的共享即可,本申请实施例对此不作限制。
上述实施例中,通过将配置文件托管于云平台,通过修改云平台配置文件中的内容即可实现对应的Web应用程序的登录方式的修改,例如可以授权客户对配置文件内容进行修改,这样使得Web应用程序的登录方式的修改更加方便快捷。
在本申请实施例中,需要先为Web应用程序配置需要的登录认证模式,然后才能基于需要的登录认证模式进行Web应用程序的登录。因此,在介绍Web应用程序的登录方式之前,下面先对Web应用程序的登录认 证模式的配置方法进行说明。
图1为本申请一实施例中提供的Web应用程序的登录认证模式的配置方法的流程示意图,图1所示的实施例以第一Web应用程序为例对登录认证模式的配置方法进行说明,但是并不构成对本申请保护范围的限制。如图1所示,该方法可以包括S101至S102。下面对各个步骤进行说明。
应当理解,第一Web应用程序包括多个预设的登录认证模式代码模块和第一配置文件,每个登录认证模式代码模块对应一种登录认证模式。
S101:确定第一Web应用程序使用的第一登录认证模式,第一登录认证模式与第一登录认证模式代码模块对应,第一登录认证模式代码模块为多个预设的登录认证模式代码模块中的任意一个。
在本申请实施例中,第一Web应用程序所使用的第一登录认证模式是根据用户的需求来确定的。
假设,第一Web应用程序包括三个预设的登录认证代码模块,由于每个登录认证代码模块对应一个登录认证模式,那么说明第一Web应用程序对应三个登录认证模式。因此第一登录认证模式为三种登录认证模式中的任意一个。
应当理解,第一登录认证模式可以包括一种登录方式或多种登录方式,例如,在一些实施例中,第一登录认证模式可以只包括账号密码登录,在另外一些实施例中,第一登录认证模式可以包括账号密码登录和手机验证码登录,本申请对第一登录认证模式所包括的登录方式的种类不做具体限制。
可以理解的是,第一登录认证模式可以为CAS登录,Shiro登录,OAuth登录,微信登录,或者CAS登录、Shiro登录、OAuth登录和微信登录中任意两种或多种的融合登录。当然,第一登录认证模式还可以为其他任何可用的登录认证模式,在此不做赘述。
S102:在第一Web应用程序的第一配置文件中设置第一登录认证配置项,第一登录认证配置项与第一登录认证模式代码模块匹配。
可以理解的是,第一登录认证配置项与第一登录认证模式代码模块匹配,具体来说是第一登录认证配置项与第一登录认证模式代码模块形成配对;只要在第一配置文件中设置第一登录认证配置项,第一Web应用程序就能自动采用第一登录认证代码模块实现登录。
示例性的,可以在每个预设的登录认证模式代码模块中设置一个标记,不同的登录认证模式代码模块中的标记不同。假设第一登录认证模式代码模块中的标记为第一标记,当第一Web应用程序需要使用第一登录认证模式(与第一登录认证模式代码模块对应的登录认证模式)时,只需将第一配置文件中的第一登录认证模式配置项设置为与第一标记相对应的内容即可。
例如,可以采用@ConditionalOnExpression注解作为第一登录认证模式代码模块中的第一标记,将@ConditionalOnExpression注解的注解参数作为第一登录认证模式配置项设置到第一配置文件中。
示例性的,当第一登录认证模式为OAuth登录时,第一登录认证模式代码模块中包括@ConditionalOnExpression("#{'OAuthLogin'.equals('${login.type}')}")(第一标记);若希望第一登录认证模式作为第一Web应用程序的登录认证模式,那么在第一配置文件中写入“login.type=OAuthLogin”。可以理解的是,login.type=OAuthLogin即为第一登录认证模式配置项)。
上述Web应用程序的登录认证模式的配置方法中,通过在第一配置文件中,设置与第一登录认证模式代码模块匹配的第一登录认证模式配置项,即可将第一登录认证模式配置为第一Web应用程序的登录认证模式。 配置过程中仅仅需要对配置文件中的内容进行设置(或者修改),配置过程非常简单方便。上述过程不需要对第一Web应用程序的代码进行任何修改,因此可以节约大量的人力成本。由于登录认证模式的配置过程较为简单,因此使得第一Web应用程序的登录认证模式可以随时切换,提高用户对第一Web应用程序的满意度。
在一些实施例中,可以根据需求,在第一Web应用程序中增加第二登录认证代码模块,第二登录认证代码模块所对应的第二登录模式与第一登录认证模式不同。即可以根据需求为第一Web应用程序增加新的登录认证模式,从而可以提高第一Web应用程序的适用范围。
当然,也可以根据需要删除第一Web应用程序的某个登录认证模式;在删除过程中,只需要删除多个预设的登录认证代码模块中的某个登录认证模式代码模块,即可删除对应的登录认证模式。
可以理解的是,在完成第一Web应用程序的登录认证模式的配置之后,用户可以使用第一登录认证模式来登录第一Web应用程序。下面结合附图对配置完第一登录认证模式之后的第一Web应用程序的登录方法进行说明。
图2为本申请一实施例提供的一种Web应用程序的登录方法的交互图,图2中以第一Web应用程序为例进行示例性说明,如图2所示,该方法可以包括步骤S201至S212。下面结合图2对各个步骤进行详细说明。
步骤S201:终端设备接收用户的第一操作,第一操作用于打开第一Web应用程序。
在一些实施例中,用户可以在终端设备上进行第一操作,第一操作用于打开第一Web应用程序。例如第一操作可以为用户在浏览器输入第一Web应用程序对应的网址,也可以为用户在终端设备点击与第一Web应用程序对应的客户端图标。
应理解,在本申请实施例中,对于第一操作的具体形式不作限制,只要第一操作用于触发打开第一Web应用程序即可,本申请实施例对此不作限制。
步骤S202:终端设备根据用户的第一操作向服务器发送第一Web应用程序访问请求。
步骤S203:服务器响应于访问请求,根据第一配置文件中的第一登录认证模式配置项,从多个预设的登录认证模式代码模块中,确定出第一登录认证模式代码模块,第一登录认证模式代码模块与第一登录认证模式对应。
可以理解的是,第一配置文件中的第一登录认证模式配置项为可修改内容,第一登录认证模式配置项是在第一Web应用程序的登录认证模式配置过程中,根据客户所需要的第一登录认证模式来确定的。
应理解,确定第一登录认证模式代码模块的过程,即为在多个预设的登录认证模式代码模块中,查找和配对第一登录认证模式配置项的过程。具体方法可以参照步骤S102中第一登录认证配置项与第一登录认证模式代码模块匹配的内容,在此不做赘述。
在一些实施例中,服务器中除了第一Web应用程序外,还可以部署有多个其他Web应用程序,不同的Web应用程序会有不同的登录认证模式,此种情况下需要在服务器中为对应不同的登录认证模式的Web应用程序分别设置配置文件。另外,部署在同一个服务器中的第一Web应用程序也可以对应多个不同的应用场景(例如对应不同的客户或部门)时,同一个Web应用程序也会对应不同的登录认证模式,此种情况下在服务器中也需要为对应不同的登录认证模式的客户分别设置配置文件。因此,服务器中可能会存在多个不同的配置文件。因此,服务器在接收到Web应用程序的访问请求之后,需要从多个配置文件中确定出所需要的第一配置文件。
例如,在一些实施例中,第一Web应用程序访问请求中携带有用户所使用的终端设备的标识和第一Web应用程序的标识;在步骤S203之前,应用程序的登录方法还包括:服务器根据第一Web应用程序的标识和终端设备的标识,从多个配置文件中确定出第一配置文件。该方法中,服务器根据第一Web应用程序的标识识别要查找的第一配置文件具体属于哪个Web应用程序,根据终端设备的标识识别第一Web应用程序的应用场景(即不同的客户或部门)。
当然,在服务器中也可以只部署第一Web应用程序,该第一Web应用程序服务具有多个应用场景(例如对应多个客户或部门等)。在这种情况下,第一Web应用程序访问请求中携带有用户所使用的终端设备的标识;在步骤S203之前,应用程序的登录方法还包括:服务器根据终端设备的标识,从多个配置文件中确定出第一配置文件。
在另外一些实施例中,在服务器中也可以只部署第一Web应用程序,该第一Web应用程序服务具有多个应用场景(例如对应多个客户或部门等)。在服务器中只存在一个本申请实施例中的配置文件。在这种情况下,服务器中存在的配置文件即为第一配置文件。
步骤S204:服务器根据第一登录认证模式代码模块中的代码,生成登录界面任务。
步骤S205:服务器将登录界面任务发送至终端设备。
步骤S206:终端设备基于登录界面任务,向用户显示第一Web应用程序的登录界面,登录界面与第一登录认证模式对应。
可理解,在登录界面显示的内容,用于提示和引导用户进行登录操作,例如登录界面可以包括用户和密码的输入框,手机号和验证码的输入框,或者通过第三方软件进行扫描登录的二维码等。登录界面中的内容与第一登录认证模式所包括的登录方式有关。
本申请提供的应用程序的登录方法,由于第一配置文件中的登录认证模式配置项为可修改内容,并且登录认证模式配置项是在第一Web应用程序的登录认证模式配置过程中,根据客户所需要的登录认证模式的类型来确定的。因此,当需要对第一Web应用程序的登录认证模式进行修改时,无需修改第一Web应用程序的代码内容,直接对第一配置文件中的第一登录认证模式配置项进行修改即可,方法简单,便于操作。
可以理解的是,终端设备向用户显示登录界面,只是完成了第一Web应用程序的登录模式的选择。在终端设备向用户显示登录界面之后,登录方法还包括用户进行的登录操作。登录方法还包括步骤S207至S213,下面对各个步骤进行说明。
步骤S207:终端设备接收用户在终端设备显示的登录界面上进行的登录操作。
在一些实施例中,登录操作可以为输入用户名和密码,也可以为输入手机号和验证码,或者也可以为扫描二维码。在本申请实施例,对此不做具体限制。
步骤S208:终端设备响应于用户的登录操作,向服务器发送用户登录认证请求。
步骤S209:服务器基于用户登录认证请求,对用户进行登录认证,获得登录认证结果。
在本申请实施例中,对用户进行登录认证可以为身份验证,也可以为身份验证和权限确定。其中,身份验证用于确定用户是否为第一Web应用程序的合法用户,权限确定是指确定用户具体可以使用的第一Web应用程序的功能。
可以理解,登录认证结果可以为登录认证成功,或者登录认证失败。
步骤S210:服务器在登录认证结果为登录认证成功的情况下,基于业务逻辑代码模块中的代码,生成应用界面任务。
步骤S211:服务器将应用界面任务发送至终端设备。
步骤S212:终端设备基于应用界面任务向用户显示第一Web应用程序的应用界面。
在本申请实施例中,应用界面是指用户成功登录第一Web应用程序后所显示的界面,用户在该界面中使用第一Web应用程序的业务功能。
在一些实施例中,当服务器确定用户登录认证失败时,服务器向终端设备发送登录失败的消息,并再次向用户显示第一登录界面以使用户再次进行登录认证。在用户登录认证失败的情况下,通过终端设备向用户显示登录失败的消息,可以提醒用户再次登录,进而提升用户体验。
在一些实施例中,服务器在对用户进行登录认证时,具体为服务器使用认证交互数据库中存储的用户信息对用户进行登录认证,获得登录认证结果;其中,认证交互数据库包括多个预设的用户信息,认证交互数据库中的用户信息根据目标数据库中的用户信息定期更新,目标数据库包括使用第一登录认证模式的用户信息。
示例性的,使用认证交互数据库中存储的用户信息对用户进行登录认证,更具体来说是通过将用户输入的信息与交互数据库中的用户信息进行比较得到的。例如用户输入的为用户名和密码,服务器从认证交互数据库中进行数据的查找和比对,若能查找到该用户名和密码则登录认证成功,若不能查找到该用户名和密码中的至少一个,则登录认证失败。
应当理解,目标数据库所存储的用户信息为所有用户信息,根据目标数据库对认证交互数据库进行定期更新,可以保证所有新加入的用户可以顺利登录第一Web应用程序,提高用户体验;同时避免已经删除的用户登录第一Web应用程序,保证数据安全。
在另外一些实施例中,服务器在对用户进行登录认证时,具体可以为使用认证交互数据库中存储的用户信息对用户进行登录认证,获得登录认证结果;其中,认证交互数据库包括使用第一登录认证模式的用户信息,认证交互数据库中的用户信息采用ETL(Extract-Transform-Load)定期更新。结合ETL任务对认证交互数据库中的认证数据进行动态更新,可以提高更新效率。
可以理解的是,定期更新可以为间隔预设时间段后,对用户信息进行更新。示例性的,例如可以在每天、每周或每月的固定时间进行更新。具体更新频率和更新方法可以根据需求进行设置,在此不做赘述。
在一些实施例中,在登录认证结果为登录认证成功的情况下,采用Redis哨兵模式集群,缓存登录认证过程中所产生的与用户相关的会话信息。
可以理解的是,Redis哨兵模式集群即为Redis Sentinel集群,会话信息是指Session信息。即采用多个服务器来缓存登录认证过程产生的与用户相关的Session信息,多个服务器包括一个主服务器和至少一个从服务器,Sentinel通过监控的方式获取主服务器的工作状态是否正常,当主服务器发生故障时,Sentinel会自动进行故障转移(Failover),并将其监控的从服务器提升为主服务器,从而保证了系统的高可用性,继而保证所存储的Session信息的安全。
另外,Session信息中包括用户登录过程中所输入的用户信息,服务器对Session信息进行存储,当再次需要对该用户进行登录认证时,可以通过内存(Redis哨兵模式集群将数据存在内存中)来读取数据,比从数据 库中读取数据更快,可以提高登录认证的效率;并且可以实现不同Web应用程序的服务器间的Session数据共享,提高数据的利用率。
为了使得本申请中的登录模式可以被清楚的了解,下面结合附图对不同登录认证模式(Shiro登录,OAuth登录和CAS登录)分别进行示例性说明。
图3为本申请一实施例中提供的一种Web应用程序的登录界面的示意图,该登录界面对应的登录认证模式为CAS登录,如图3所示,该登录认证模式包括两种登录方式。在如图3所示的登录界面中所显示的登录方式为账号密码登录,用户通过点击图3中的二维码图标,可以将登录方式切换为扫描二维码登录。
下面对CAS登录进行介绍,CAS是单点登录(Single Sign On,SSO)的一个框架,全称为Central Authentication Service。CAS具有以下特点:(1)是开源的企业级单点登录解决方案。(2)CAS服务器端(即CAS Server)为需要独立部署的Web应用程序。(3)CAS客户端(CAS Client)支持非常多语言类型的客户端(这个客户端是指单点登录系统中的各个Web应用程序),包括Java,.Net,PHP,Perl,Apache,uPortal,Ruby等。
图4为本申请一实施例中Web应用程序所使用的CAS登录的基本协议过程示意图。如图4所示,从结构上看CAS登录的框架包括2个部分:CAS服务器端(即CAS Server)和CAS客户端。其中CAS服务器端需要独立部署,主要负责对用户的认证工作;CAS客户端负责处理针对客户端受保护资源的访问请求,需要登录时,重定向到CAS服务器端。CAS客户端与受保护的客户端应用(即Web应用程序)部署在一起,以Filter方式保护受保护的资源。图4中的Web浏览器为用户请求访问Web应用程序的入口。
下面对图4中所示的步骤1至6进行说明。
步骤1、访问服务:用户向CAS客户端发送请求,请求访问Web应用程序所提供的服务资源。CAS客户端会分析该用户请求中是否包含Service Ticket;如果请求中不包含Service Ticket,则说明当前用户尚未登录(或者说用户第一次登录该Web应用程序),于是CAS客户端执行下一步骤(即步骤2)。
步骤2、定向认证:CAS客户端会重定向用户请求到CAS服务器端。
步骤3、用户认证:即用户身份认证,用户输入认证信息进行登录认证,如果登录认证成功,则执行下一步骤(即步骤4)。
步骤4、发放票据:CAS服务器端会产生一个随机的服务票据(Service Ticket)。
步骤5、验证票据:CAS客户端与CAS服务器端进行身份核实,以确保服务票据(Service Ticket)的合法性,验证通过后,允许CAS客户端访问服务。
步骤6、传输用户信息:CAS服务器端在服务票据(Service Ticket)验证通过后,传输用户认证结果信息(User name)给CAS客户端。
本申请实施例对CAS登录进行了改进,图5为本申请一实施例中的Web应用程序所使用的CAS登录的流程示意图,如图5所示,在开始CAS登录后,CAS登录主要包括授权和认证的过程,在认证过程中利用数据库中所存储的用户信息(例如用户账号密码)进行认证,其中数据库中的用户信息则利用ETL进行更新。
如图5所示,在登录中的用户认证环节,利用数据库(例如可以集成用户的公司数据库)进行用户的账号密码验证,而数据库中的用户账号密码信息由调度任务(采用ETL)定期的更新,这样不但可以实现大部分公司内部的用户账号密码进行登录,用户的信息也可通过调度任务动态的变化,结合ETL任务对认证交互 数据库中的认证数据进行动态更新,可以提高更新效率。
图6为本申请另一实施例中提供的一种Web应用程序的登录界面示意图,该登录界面对应的登录认证模式只包括一种登录方式(账号密码登录),该登录认证模式为Shiro登录。本领域技术人员可知,在该登录模式下还可以根据需要增加其他登录方式。
图7为本申请一实施例中的Web应用程序所使用的Shiro登录原理示意图,Shiro是基于java实现的一个安全框架,旨在简化认证和授权。Shiro框架在JavaEE和JavaSE中都可以使用,它主要用来处理身份认证、授权、企业会话管理和加密等等。下面对图7中标号为①至⑤的各个功能点进行说明。
①身份验证/登录,验证用户(Subject)是不是有相应身份。
②授权,验证某个已认证(验证通过)的用户是否拥有某个权限。
③会话管理,用户登录一次就是一次会话,在Web应用程序没有退出之前所有用户信息都存在会话里。
④加密,保证数据的安全性,对密码进行加密。
⑤Web支持,Shiro框架可以非常容易的集成到Web环境。
如图7所示,本申请实施例在基础的Shiro登录认证授权的基础上进行了部分改进,图7中未改进的内容可以参照现有技术中的定义来理解,在此不做赘述。下面结合图7对改进部分的内容进行说明。
如图7所示,本申请实施例在基础的Shiro登录认证授权的基础上增加了可以自定义的用户过滤器701(Customer Filter),保证web应用中登录认证结束后其他接口的网址(即URL,Urluniform Resource Locator)的成功路由。另外,如图7所示,本申请实施例还可以使用Redis哨兵模式集群(包括一个主服务器和至少一个从服务器)(由图7中的Redis功能框702来实现)来缓存登录用户的Session信息,这样的操作使得在进行登录认证时可以直接从Redis哨兵模式集群中获取Session信息,这样可以快速读写Session信息,提高认证授权的效率。另外,Redis哨兵模式实现了在Web应用程序的服务器共享用户登录Session信息,这种改造可以适应绝大多数Web应用程序,进一步提高认证授权的效率。
图8为本申请另一实施例中提供的一个Web应用程序的登录界面示意图,该登录界面对应的登录认证模式只包括一种登录方式(账号密码登录),该登录认证模式为OAuth登录。本领域技术人员可知,在该登录模式下还可以根据需要增加其他登录方式。
OAuth认证是为了做到第三方应用程序在未获取到用户敏感信息(如:账号密码、用户PIN等)的情况下,能让用户授权予他来访问开放平台(主要访问平台中的资源服务器(Resource Server)中的资源接口。
图9为本申请一实施例中的Web应用程序所使用的OAuth登录的原理图,在图9中,用户(Resource owner)使用用户代理(User Agent)与认证服务器(Authorization Server)和第三方应用程序(Client)进行交互。为了叙述的方便,下面在对用户与认证服务器和第三方应用程序的交互进行叙述时,省略用户代理(User Agent)。如图9所示,OAuth登录的流程包括图9所示的步骤(A)至(E),下面对各个步骤进行简单的说明。
应当理解,在进行步骤(A)之前,用户(Resource Owner)首先要保持登录本申请实施中所述的Web应用程序(假设为Web应用程序M)的登录,即该用户在Web应用程序M中已经为认证通过的状态。此时Rediss哨兵模式集群中已经存储了用户在登录该Web应用程序M时所产生的Session信息(Session信息中包括用户信息),认证服务器可以从Rediss哨兵模式集群中获取用户信息。
下面的过程是用户登录第三方应用程序时的认证步骤。
(A)第三方应用程序请求用户授权(Auth Code Request)(即弹出一个操作界面让用户确认给第三方应用程序授权)。
(B)进行用户授权(User Authenticates),在授权成功之后第三方应用程序会向认证服务器请求授权码(Authorization Code),请求中还会携带回调地址(redirect_uri)(可以跳转到第三方应用程序的链接)。
(C)第三方应用程序从认证服务器获得授权码(Authorization Code),在获得授权码之后,用户所在的认证服务器网页将跳转到回调地址(redirect_uri)(即跳转到第三方应用程序)。
(D)第三方应用程序携带“授权码”和应用认证信息(client_id&client_secret)到认证服务器换取Access token(Authorization Code+URI)。
(E)第三方应用程序在访问开放平台时带上Access token(Access token+optional refresh token)。
如图9所示,本申请实施例在基础的Shiro登录认证授权的基础上进行了部分改进,图9中未改进的部分可以参照现有技术中的定义来理解,在此不做赘述。下面结合图9对改进部分的内容进行说明。
本申请实施例中,引入Redis哨兵模式集群(包括一个主服务器和至少一个从服务器)来存储用户的Session信息(主要是其中的用户信息(User Info))以及缓存(Cache)信息(即图9中所示的Redis功能框901所实现的功能),并且可以添加多个系统的用户信息(即图9中所示的功能框902所实现的功能),在使用OAuth登录认证模式的同时,实现多系统用户信息共通。其中多个系统(图9中所示的功能框902中的系统A、系统B、系统C和系统D)指的是多个Web应用程序,即Redis可以存储多个不同的Web应用程序的用户信息,Redis哨兵模式集群的多个服务器之间可以共享Session数据,可以兼容多系统用户。
应理解,上述实施例中各步骤的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对本申请实施例的实施过程构成任何限定。
对应于上文实施例的应用程序的登录方法,本申请实施例还提供一种应用程序的登录装置,该装置包括用于执行如上文任一实施例中的应用程序的登录方法中服务器所执行的各个步骤的单元。
下面结合附图对本申请实施例中的应用程序的登录装置进行示例性的说明。
如图10所示,为本申请一实施例提供的应用程序的登录装置的结构框图,为了便于说明,仅示出了与本申请实施例相关的部分。参照图10,该应用程序的登录装置1000包括:接收单元1001、确定单元1002、登录界面任务单元1003和发送单元1004。
接收单元1001,用于接收终端设备发送的针对第一Web应用程序的访问请求,第一Web应用程序包括第一配置文件和多个预设的登录认证模式代码模块;每个登录认证模式代码模块对应一种登录认证模式;第一配置文件包括第一登录认证模式配置项,第一登录认证模式配置项是根据第一Web应用程序所使用的第一登录认证模式确定和设置的。
确定单元1002,用于响应于访问请求,根据第一配置文件中的第一登录认证模式配置项,从多个预设的登录认证模式代码模块中,确定出第一登录认证模式代码模块,第一登录认证模式代码模块与第一登录认证模式对应。
登录界面任务单元1003,用于根据第一登录认证模式代码模块中的代码,生成登录界面任务。
发送单元1004,用于将登录界面任务发送至终端设备,以使终端设备基于登录界面任务显示第一Web应用程序的登录界面,登录界面与第一登录认证模式对应。
可选的,第一配置文件托管于云平台。
可选的,第一登录认证模式为CAS登录,Shiro登录,OAuth登录,微信登录,或者CAS登录、Shiro登录、OAuth登录和微信登录中任意两种或多种的融合登录。
可选的,第一Web应用程序包括业务逻辑代码模块,应用程序的登录装置1000还包括登录认证单元和应用界面生成单元。
接收单元1001,用于接收终端设备发送的用户登录认证请求,用户登录认证请求为终端设备响应于用户在登录界面上进行的登录操作发送的。
登录认证单元,用于基于用户登录认证请求,对用户进行登录认证,获得登录认证结果。
应用界面生成单元,用于在登录认证结果为登录认证成功的情况下,基于业务逻辑代码模块中的代码,生成应用界面任务。
发送单元1004,用于将应用界面任务发送至终端设备,以使终端设备基于应用界面任务显示第一Web应用程序的应用界面。
可选的,登录认证单元,用于基于用户登录认证请求,使用认证交互数据库中存储的用户信息对用户进行登录认证,获得登录认证结果;认证交互数据库包括多个预设的用户信息,目标数据库包括使用第一登录认证模式的用户信息,认证交互数据库中的用户信息根据目标数据库中的用户信息定期更新。
可选的,应用程序的登录装置1000还包括缓存单元。
缓存单元,用于在登录认证结果为登录认证成功的情况下,采用Redis哨兵模式集群,缓存登录认证过程中所产生的与用户相关的会话信息。
应理解,应用程序的登录装置1000中各单元执行上述相应步骤的具体过程请参照前文中应用程序的登录方法相关的描述,为了简洁,这里不加赘述。
本申请一实施例还提供了一种计算机设备1100,可以理解的是该实施例中的计算机设备可以为方法实施例中的服务器。如图11所示,该实施例的计算机设备1100包括:处理器1101、存储器1102以及存储在存储器1102中并可在处理器1101上运行的计算机程序1104。计算机程序1104可被处理器1101运行,生成指令1103,处理器1101可根据指令1103实现上述各个应用程序的登录方法实施例中的步骤。或者,处理器1101执行计算机程序1104时实现上述各装置实施例中各模块/单元的功能,例如图10所示的接收单元1001至发送单元1004的功能。
示例性的,计算机程序1104可以被分割成一个或多个模块/单元,一个或者多个模块/单元被存储在存储器1102中,并由处理器1101执行,以完成本申请。一个或多个模块/单元可以是能够完成特定功能的一系列计算机程序指令段,该指令段用于描述计算机程序1104在计算机设备1100中的执行过程。
本领域技术人员可以理解,图11仅仅是计算机设备1100的示例,并不构成对计算机设备1100的限定,计算机设备1100可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件,例如计算机设备1100还可以包括输入输出设备、网络接入设备、总线等。
处理器1101可以是中央处理单元(Central Processing Unit,CPU),还可以是其它通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现场可编程门阵列(Field-Programmable Gate Array,FPGA)或者其它可编程逻辑器件、分立门或者晶体管逻 辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。
存储器1102可以是计算机设备1100的内部存储单元,例如计算机设备1100的硬盘或内存。存储器1102也可以是计算机设备1100的外部存储设备,例如计算机设备1100上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。进一步地,存储器1102还可以既包括计算机设备1100的内部存储单元也包括外部存储设备。存储器1102用于存储计算机程序以及计算机设备1100所需的其它程序和数据。存储器1102还可以用于暂时地存储已经输出或者将要输出的数据。
所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,仅以上述各功能单元、模块的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能单元、模块完成,即将所述装置的内部结构划分成不同的功能单元或模块,以完成以上描述的全部或者部分功能。实施例中的各功能单元、模块可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中,上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。另外,各功能单元、模块的具体名称也只是为了便于相互区分,并不用于限制本申请的保护范围。上述系统中单元、模块的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。
本申请实施例还提供了一种计算机可读存储介质,如图12所示,该计算机可读存储介质1200中存储有计算机程序或指令1201,当计算机读取并执行计算机程序或指令1201时,使得计算机执行上述各个方法实施例中的步骤。该可读介质可以是只读存储器(Read-Only Memory,ROM)或随机存取存储器(Random Access Memory,RAM),本申请实施例对此不做限制。
本申请实施例提供了一种计算机程序产品,当计算机程序产品在服务器上运行时,使得服务器执行时可实现上述各个方法实施例中的步骤。
本申请实施例还提供了一中的芯片,该芯片包括:处理单元和通信单元,该处理单元,例如可以是处理器,该通信单元例如可以是输入/输出接口、管脚或电路等。该处理单元可执行计算机指令,以使计算机设备执行上述本申请实施例提供的任一种应用程序的登录方法。
可选地,该计算机指令被存储在存储单元中。
可选地,该存储单元为该芯片内的存储单元,如寄存器、缓存等,该存储单元还可以是该终端内的位于该芯片外部的存储单元,如ROM或可存储静态信息和指令的其他类型的静态存储设备,随机RAM等。其中,上述任一处提到的处理器,可以是一个CPU,微处理器,ASIC,或一个或多个用于控制上述的电子设备显示以及控制方法的程序执行的集成电路。该处理单元和该存储单元可以解耦,分别设置在不同的物理设备上,通过有线或者无线的方式连接来实现该处理单元和该存储单元的各自的功能,以支持该系统芯片实现上述实施例中的各种功能。或者,该处理单元和该存储器也可以耦合在同一个设备上。
可以理解的是,本申请实施例提供的芯片可以为用于实现上述任一种应用程序的登录方法的集成电路,该芯片的主要作用是用于执行本申请实施例中的应用程序的登录方法所限定的步骤或者流程,即通过硬件的方式来实现本申请实施例中的应用程序的登录方法。而本申请实施例提供的计算机可读存储介质主要用于存储计算机程序,该计算机程序被执行时实现上述任一种应用程序的登录方法所限定的步骤或者流程,即通过计算机软件的形式来实现本本申请实施例中的应用程序的登录方法。
在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述或记载的部分,可以参见其 它实施例的相关描述。
本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、或者计算机软件和电子硬件的结合来实现。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。
在本申请所提供的实施例中,应该理解到,所揭露的装置/设备和方法,可以通过其它的方式实现。例如,以上所描述的装置/设备实施例仅仅是示意性的,例如,所述模块或单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通讯连接可以是通过一些接口,装置或单元的间接耦合或通讯连接,可以是电性,机械或其它的形式。
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。
另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。
所述集成的模块/单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请实现上述实施例方法中的全部或部分流程,可以通过计算机程序来指令相关的硬件来完成,所述的计算机程序可存储于一计算机可读存储介质中,该计算机程序在被处理器执行时,可实现上述各个方法实施例的步骤。其中,所述计算机程序包括计算机程序代码,所述计算机程序代码可以为源代码形式、对象代码形式、可执行文件或某些中间形式等。所述计算机可读介质至少可以包括:能够将计算机程序代码携带到装置/服务器的任何实体或装置、记录介质、计算机存储器、只读存储器(Read-Only Memory,ROM)、随机存取存储器(Random Access Memory,RAM)、电载波信号、电信信号以及软件分发介质。例如U盘、移动硬盘、磁碟或者光盘等。在某些司法管辖区,根据立法和专利实践,计算机可读介质不可以是电载波信号和电信信号。
以上所述实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的精神和范围,均应包含在本申请的保护范围之内。

Claims (15)

  1. 一种应用程序的登录方法,应用于服务器,其特征在于,包括:
    接收终端设备发送的针对第一Web应用程序的访问请求,其中,所述第一Web应用程序包括第一配置文件和多个预设的登录认证模式代码模块;每个登录认证模式代码模块对应一种登录认证模式;所述第一配置文件包括第一登录认证模式配置项,所述第一登录认证模式配置项是根据第一Web应用程序所使用的第一登录认证模式确定和设置的;
    响应于所述访问请求,根据所述第一配置文件中的所述第一登录认证模式配置项,从所述多个预设的登录认证模式代码模块中,确定出第一登录认证模式代码模块,所述第一登录认证模式代码模块与所述第一登录认证模式对应;
    根据所述第一登录认证模式代码模块中的代码,生成登录界面任务;
    将所述登录界面任务发送至所述终端设备,以使所述终端设备基于所述登录界面任务显示所述第一Web应用程序的登录界面,所述登录界面与所述第一登录认证模式对应。
  2. 根据权利要求1所述的方法,其特征在于,所述第一配置文件托管于云平台。
  3. 根据权利要求1或2所述的方法,其特征在于,所述第一登录认证模式为中央认证服务CAS登录,Shiro登录,开放授权OAuth登录,微信登录,或者CAS登录、Shiro登录、OAuth登录和微信登录中任意两种或多种的融合登录。
  4. 根据权利要求1至3任一项所述的方法,其特征在于,所述第一Web应用程序包括业务逻辑代码模块,所述方法还包括:
    接收所述终端设备发送的用户登录认证请求,所述用户登录认证请求为所述终端设备响应于用户在所述登录界面上进行的登录操作发送的;
    基于所述用户登录认证请求,对所述用户进行登录认证,获得登录认证结果;
    在所述登录认证结果为登录认证成功的情况下,基于所述业务逻辑代码模块中的代码,生成应用界面任务;
    将所述应用界面任务发送至所述终端设备,以使所述终端设备基于所述应用界面任务显示所述第一Web应用程序的应用界面。
  5. 根据权利要求4所述的方法,其特征在于,所述基于所述用户登录认证请求,对所述用户进行登录认证,获得登录认证结果,包括:
    基于所述用户登录认证请求,使用认证交互数据库中存储的用户信息对所述用户进行登录认证,获得所述登录认证结果;其中,所述认证交互数据库包括多个预设的用户信息,目标数据库包括使用所述第一登录认证模式的用户信息,所述认证交互数据库中的用户信息根据所述目标数据库中的用户信息定期更新。
  6. 根据权利要求4所述的方法,其特征在于,在所述登录认证结果为登录认证成功的情况下,采用Redis哨兵模式集群,缓存登录认证过程中所产生的与所述用户相关的会话信息。
  7. 一种应用程序的登录装置,其特征在于,包括:
    接收单元,用于接收终端设备发送的针对第一Web应用程序的访问请求,其中,所述第一Web应用程序包括第一配置文件和多个预设的登录认证模式代码模块;每个登录认证模式代码模块对应一种登录认证模式;所述第一配置文件包括第一登录认证模式配置项,所述第一登录认证模式配置项是根据第一Web应用程序所使用的第一登录认证模式确定和设置的;
    确定单元,用于响应于所述访问请求,根据所述第一配置文件中的所述第一登录认证模式配置项,从所述多个预设的登录认证模式代码模块中,确定出第一登录认证模式代码模块,所述第一登录认证模式代码模块与所述第一登录认证模式对应;
    登录界面任务单元,用于根据所述第一登录认证模式代码模块中的代码,生成登录界面任务;
    发送单元,用于将所述登录界面任务发送至所述终端设备,以使所述终端设备基于所述登录界面任务显示所述第一Web应用程序的登录界面,所述登录界面与所述第一登录认证模式对应。
  8. 根据权利要求7所述的装置,其特征在于,所述第一配置文件托管于云平台。
  9. 根据权利要求7或8所述的装置,其特征在于,所述第一登录认证模式为CAS登录,Shiro登录,OAuth登录,微信登录,或者CAS登录、Shiro登录、OAuth登录和微信登录中任意两种或多种的融合登录。
  10. 根据权利要求7至9中任一项所述的装置,其特征在于,所述第一Web应用程序包括业务逻辑代码模块,所述装置还包括登录认证单元和应用界面生成单元,
    其中,所述接收单元还用于接收所述终端设备发送的用户登录认证请求,所述用户登录认证请求为所述终端设备响应于用户在所述登录界面上进行的登录操作发送的;
    所述登录认证单元,用于基于所述用户登录认证请求,对所述用户进行登录认证,获得登录认证结果;
    所述应用界面生成单元,用于在所述登录认证结果为登录认证成功的情况下,基于所述业务逻辑代码模块中的代码,生成应用界面任务;
    所述发送单元还用于将所述应用界面任务发送至所述终端设备,以使所述终端设备基于所述应用界面任务显示所述第一Web应用程序的应用界面。
  11. 根据权利要求10所述的装置,其特征在于,所述登录认证单元用于基于所述用户登录认证请求,使用认证交互数据库中存储的用户信息对所述用户进行登录认证,获得所述登录认证结果;其中,所述认证交互数据库包括多个预设的用户信息,目标数据库包括使用所述第一登录认证模式的用户信息,所述认证交互数据库中的用户信息根据所述目标数据库中的用户信息定期更新。
  12. 根据权利要求10所述的装置,其特征在于,还包括:
    缓存单元,用于在所述登录认证结果为登录认证成功的情况下,采用Redis哨兵模式集群,缓存登录认证过程中所产生的与所述用户相关的会话信息。
  13. 一种计算机设备,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机程序,其特征在于,所述处理器执行所述计算机程序时实现如权利要求1至6中任一项所述方法的步骤。
  14. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质中存储有计算机程序或指令,当计算机读取并执行所述计算机程序或指令时,使得计算机执行如权利要求1至6中任一项所述的方法。
  15. 一种芯片,其特征在于,包括:处理器,用于从存储器中调用并运行计算机程序,使得安装有所述芯片的计算机设备执行如权利要求1至6中任一项所述的方法。
PCT/CN2023/136541 2022-12-06 2023-12-05 应用程序的登录方法及装置、计算机设备、存储介质和芯片 WO2024120403A1 (zh)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202211556588.X 2022-12-06
CN202211556588.XA CN118157879A (zh) 2022-12-06 2022-12-06 Web应用程序的登录方法及装置

Publications (1)

Publication Number Publication Date
WO2024120403A1 true WO2024120403A1 (zh) 2024-06-13

Family

ID=91287559

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2023/136541 WO2024120403A1 (zh) 2022-12-06 2023-12-05 应用程序的登录方法及装置、计算机设备、存储介质和芯片

Country Status (2)

Country Link
CN (1) CN118157879A (zh)
WO (1) WO2024120403A1 (zh)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104301328A (zh) * 2014-10-29 2015-01-21 北京思特奇信息技术股份有限公司 一种云计算环境下的资源操作安全认证方法及系统
CN107172008A (zh) * 2017-04-01 2017-09-15 北京芯盾时代科技有限公司 一种在移动设备中进行多系统认证及同步的系统和方法
WO2022151974A1 (zh) * 2021-01-15 2022-07-21 华为技术有限公司 网站登录方法、通信系统和电子设备
CN115189891A (zh) * 2022-07-07 2022-10-14 Oppo广东移动通信有限公司 应用程序登录方法、装置、终端及计算机可读存储介质

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104301328A (zh) * 2014-10-29 2015-01-21 北京思特奇信息技术股份有限公司 一种云计算环境下的资源操作安全认证方法及系统
CN107172008A (zh) * 2017-04-01 2017-09-15 北京芯盾时代科技有限公司 一种在移动设备中进行多系统认证及同步的系统和方法
WO2022151974A1 (zh) * 2021-01-15 2022-07-21 华为技术有限公司 网站登录方法、通信系统和电子设备
CN115189891A (zh) * 2022-07-07 2022-10-14 Oppo广东移动通信有限公司 应用程序登录方法、装置、终端及计算机可读存储介质

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
XING XU, ZHU CHAOYANG, LIAO SHUHANG: "Security Upgrade of Campus Network Unified Identity Authentication Platform Based on OAuth2.0", NETWORK SECURITY TECHNOLOGY & APPLICATION, no. 8, 10 August 2022 (2022-08-10), pages 81 - 84, XP093179505 *

Also Published As

Publication number Publication date
CN118157879A (zh) 2024-06-07

Similar Documents

Publication Publication Date Title
US11916911B2 (en) Gateway enrollment for Internet of Things device management
US11658984B2 (en) Authenticating access to computing resources
US9467474B2 (en) Conjuring and providing profiles that manage execution of mobile applications
US11799841B2 (en) Providing intercommunication within a system that uses disparate authentication technologies
CN112039826B (zh) 应用于小程序端的登录方法和装置,电子设备,可读介质
US20170310659A1 (en) Protection of application passwords using a secure proxy
CN111526111B (zh) 登录轻应用的控制方法、装置和设备及计算机存储介质
CN113271296B (zh) 一种登录权限管理的方法和装置
CN110493239B (zh) 鉴权的方法和装置
CN113271311A (zh) 一种跨链网络中的数字身份管理方法及系统
CN107835181A (zh) 服务器集群的权限管理方法、装置、介质和电子设备
CN111814131B (zh) 一种设备注册和配置管理的方法和装置
US11977620B2 (en) Attestation of application identity for inter-app communications
US9027155B2 (en) System for governing the disclosure of restricted data
CN108228280A (zh) 浏览器参数的配置方法及装置、存储介质、电子设备
WO2010012721A1 (en) Propagating information from a trust chain processing
WO2024120403A1 (zh) 应用程序的登录方法及装置、计算机设备、存储介质和芯片
CN113055186B (zh) 一种跨系统的业务处理方法、装置及系统
CN113765876B (zh) 报表处理软件的访问方法和装置
CN110659476A (zh) 用于重置密码的方法和装置
CN115174062B (zh) 云服务认证方法、装置、设备及存储介质
CN111783044B (zh) 一种共享登录态的方法和装置
CN110611656B (zh) 一种基于主身份多重映射的身份管理方法、装置及系统
US8788681B1 (en) Method and apparatus for autonomously managing a computer resource using a security certificate
CN118690400A (zh) 数据处理方法、装置、计算机设备、存储介质及产品

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23899977

Country of ref document: EP

Kind code of ref document: A1