CN114567475A - Multi-system login method and device, electronic equipment and storage medium - Google Patents
Multi-system login method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN114567475A CN114567475A CN202210169227.3A CN202210169227A CN114567475A CN 114567475 A CN114567475 A CN 114567475A CN 202210169227 A CN202210169227 A CN 202210169227A CN 114567475 A CN114567475 A CN 114567475A
- Authority
- CN
- China
- Prior art keywords
- management system
- account
- password
- login
- code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 72
- 230000015654 memory Effects 0.000 claims description 39
- 238000012795 verification Methods 0.000 claims description 24
- 238000004891 communication Methods 0.000 claims description 21
- 238000012545 processing Methods 0.000 claims description 14
- 238000004590 computer program Methods 0.000 claims description 10
- 238000007726 management method Methods 0.000 description 151
- 230000006870 function Effects 0.000 description 11
- 230000008520 organization Effects 0.000 description 9
- 238000010586 diagram Methods 0.000 description 8
- 239000000243 solution Substances 0.000 description 7
- 230000005540 biological transmission Effects 0.000 description 4
- 230000001360 synchronised effect Effects 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000003672 processing method Methods 0.000 description 3
- 238000013475 authorization Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 239000000203 mixture Substances 0.000 description 2
- 235000010627 Phaseolus vulgaris Nutrition 0.000 description 1
- 244000046052 Phaseolus vulgaris Species 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000002427 irreversible effect Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Telephonic Communication Services (AREA)
- Information Transfer Between Computers (AREA)
Abstract
Description
技术领域technical field
本申请实施例涉及计算机技术领域,尤其涉及一种多系统登录的方法、装置、电子设备以及存储介质。The embodiments of the present application relate to the field of computer technologies, and in particular, to a method, apparatus, electronic device, and storage medium for multi-system login.
背景技术Background technique
随着计算机技术的发展,越来越多的业务都可通过计算机设备来实现和完成。对于不同的业务通常需要登录各自对应的业务系统,才能进行相应的操作。而每个业务系统的系统登录、鉴权和认证方法等通常是每个系统独立执行。这样就会导致多个业务系统均需要各自的账号密码实现登录,这就导致操作繁琐,效率过低。而为了避免这种情况,现有技术中,往往通过引入第三方管理系统对多个系统进行统一管理。也就是说,用户使用账号密码登录第三方管理系统后,相当于登录了与第三方管理系统对接了的所有业务系统,也就是子系统。这样可以减少登录多个系统的操作,提高了登录的效率。但是,这就导致了新的问题,若第三方管理系统出现故障,则会导致所有业务系统都无法正常登录使用。因此,提高多系统登录的容灾性是需要解决的问题。With the development of computer technology, more and more business can be realized and completed through computer equipment. For different businesses, it is usually necessary to log in to their respective business systems to perform corresponding operations. The system login, authentication and authentication methods of each business system are usually performed independently by each system. In this way, multiple business systems require their own account and password to log in, which leads to cumbersome operations and low efficiency. In order to avoid this situation, in the prior art, a third-party management system is often introduced to perform unified management of multiple systems. That is to say, after the user logs in to the third-party management system using the account password, it is equivalent to logging in to all the business systems that are connected to the third-party management system, that is, the subsystem. In this way, the operation of logging in to multiple systems can be reduced, and the efficiency of logging in is improved. However, this has led to new problems. If the third-party management system fails, all business systems will not be able to log in and use normally. Therefore, improving the disaster tolerance of multi-system login is a problem that needs to be solved.
发明内容SUMMARY OF THE INVENTION
本申请实施例提供了一种多系统登录的方法、装置、电子设备以及存储介质,可以提高多系统登录的容灾性。The embodiments of the present application provide a method, apparatus, electronic device, and storage medium for multi-system login, which can improve the disaster tolerance of multi-system login.
第一方面,本申请实施例提供了一种多系统登录的方法,所述方法包括以下步骤:In a first aspect, an embodiment of the present application provides a method for logging in to multiple systems, and the method includes the following steps:
接收用户的登录操作;Receive the user's login operation;
向目标管理系统发送请求认证,所述目标管理系统根据所述登录操作确定,所述目标管理系统包括本地管理系统和第三方管理系统;Sending a request for authentication to a target management system, the target management system is determined according to the login operation, and the target management system includes a local management system and a third-party management system;
判断所述目标管理系统是否通过所述请求认证;Judging whether the target management system passes the request authentication;
在所述目标管理系统通过所述请求认证的情况下,获取目标管理系统返回的Code码;When the target management system passes the request authentication, obtain the Code code returned by the target management system;
发送所述Code码至网关服务模块,以获取所述网关服务模块返回的Token;Send the Code to the gateway service module to obtain the Token returned by the gateway service module;
根据所述Token获取子系统列表。Obtain the subsystem list according to the Token.
第一方面,本申请实施例提供了一种多系统登录的装置,所述装置包括:In a first aspect, an embodiment of the present application provides an apparatus for logging in to multiple systems, and the apparatus includes:
通信模块,用于接收用户的登录操作;向目标管理系统发送请求认证,所述目标管理系统根据所述登录操作确定,所述目标管理系统包括本地管理系统和第三方管理系统;a communication module for receiving a user's login operation; sending a request for authentication to a target management system, the target management system is determined according to the login operation, and the target management system includes a local management system and a third-party management system;
处理模块,用于判断所述目标管理系统是否通过所述请求认证;a processing module for judging whether the target management system passes the request authentication;
所述通信模块,还用于在所述目标管理系统通过所述请求认证的情况下,获取目标管理系统返回的Code码;发送所述Code码至网关服务模块,以获取所述网关服务模块返回的Token;根据所述Token获取子系统列表。The communication module is further configured to obtain the code code returned by the target management system when the target management system passes the request authentication; send the code code to the gateway service module to obtain the return code from the gateway service module Token; obtain the subsystem list according to the Token.
第三方面,本申请实施例提供了一种电子设备,包括处理器和存储器,所述处理器和存储器相互连接,其中,所述存储器用于存储计算机程序,所述计算机程序包括程序指令,所述处理器被配置用于调用所述程序指令,执行如第一方面所述的方法。In a third aspect, an embodiment of the present application provides an electronic device, including a processor and a memory, wherein the processor and the memory are connected to each other, wherein the memory is used to store a computer program, and the computer program includes program instructions, the The processor is configured to invoke the program instructions to perform the method of the first aspect.
第四方面,本申请实施例提供了一种计算机可读存储介质,其特征在于,所述计算机可读存储介质存储有计算机程序,所述计算机程序包括程序指令,所述程序指令当被处理器执行时使所述处理器执行如第一方面所述的方法。In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium, wherein the computer-readable storage medium stores a computer program, and the computer program includes program instructions, and the program instructions are executed by a processor. When executed, the processor is caused to perform the method of the first aspect.
实施本申请实施例,将具有如下有益效果:Implementing the embodiments of the present application will have the following beneficial effects:
采用上述的多系统登录的方法、装置、计算机设备以及存储介质,接收用户的登录操作之后,根据用户的登录操作向目标管理系统发送请求认证,其中,目标管理系统根据用户的登录操作确定。目标管理系统包括本地管理系统和第三方管理系统。然后,判断目标管理系统是否通过所述请求认证。在目标管理系统通过请求认证的情况下,获取目标管理系统返回的Code码。再发送Code码至网关服务模块,以获取网关服务模块返回的Token。然后根据所述Token获取子系统列表。如此,通过多种方式也即可以通过不同的目标管理系统登录多系统,从而可以提高多系统登录的容灾性。Using the above-mentioned multi-system login method, device, computer equipment and storage medium, after receiving the user's login operation, a request for authentication is sent to the target management system according to the user's login operation, wherein the target management system is determined according to the user's login operation. Target management systems include local management systems and third-party management systems. Then, it is judged whether the target management system has passed the request authentication. In the case that the target management system passes the request authentication, obtain the Code code returned by the target management system. Then send the code to the gateway service module to obtain the Token returned by the gateway service module. Then obtain the subsystem list according to the Token. In this way, it is possible to log in to multiple systems through different target management systems in a variety of ways, thereby improving the disaster tolerance of multi-system login.
附图说明Description of drawings
为了更清楚地说明本申请实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍。显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以基于这些附图获得其他的附图。其中:In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the following briefly introduces the accompanying drawings that are required to be used in the description of the embodiments or the prior art. Obviously, the drawings in the following description are only some embodiments of the present application, and for those of ordinary skill in the art, other drawings can also be obtained based on these drawings without creative effort. in:
图1为本申请实施例提供的一种系统架构示意图;FIG. 1 is a schematic diagram of a system architecture provided by an embodiment of the present application;
图2为本申请实施例提供的一种多系统登录的方法的流程示意图;2 is a schematic flowchart of a method for logging in to multiple systems provided by an embodiment of the present application;
图3为本申请实施例提供的一种登录界面示意图;3 is a schematic diagram of a login interface provided by an embodiment of the present application;
图4为本申请实施例提供的一种多系统登录的装置的结构示意图;4 is a schematic structural diagram of a device for multi-system login provided by an embodiment of the present application;
图5为本申请实施例提供的一种电子设备的组成示意图。FIG. 5 is a schematic diagram of the composition of an electronic device according to an embodiment of the present application.
具体实施方式Detailed ways
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application. Obviously, the described embodiments are part of the embodiments of the present application, not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by those of ordinary skill in the art without creative work fall within the protection scope of the present application.
本申请的说明书和权利要求书及所述附图中的术语“第一”、“第二”、“第三”和“第四”等是用于区别不同对象,而不是用于描述特定顺序。此外,术语“包括”和“具有”以及它们任何变形,意图在于覆盖不排他的包含。例如包含了一系列步骤或单元的过程、方法、系统、产品或设备没有限定于已列出的步骤或单元,而是可选地还包括没有列出的步骤或单元,或可选地还包括对于这些过程、方法、产品或设备固有的其它步骤或单元。The terms "first", "second", "third" and "fourth" in the description and claims of the present application and the drawings are used to distinguish different objects, rather than to describe a specific order . Furthermore, the terms "comprising" and "having", and any variations thereof, are intended to cover non-exclusive inclusion. For example, a process, method, system, product or device comprising a series of steps or units is not limited to the listed steps or units, but optionally also includes unlisted steps or units, or optionally also includes For other steps or units inherent to these processes, methods, products or devices.
在本文中提及“实施例”意味着,结合实施例描述的特定特征、结果或特性可以包含在本申请的至少一个实施例中。在说明书中的各个位置出现该短语并不一定均是指相同的实施例,也不是与其它实施例互斥的独立的或备选的实施例。本领域技术人员显式地和隐式地理解的是,本文所描述的实施例可以与其它实施例相结合。Reference herein to an "embodiment" means that a particular feature, result, or characteristic described in connection with the embodiment can be included in at least one embodiment of the present application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor a separate or alternative embodiment that is mutually exclusive of other embodiments. It is explicitly and implicitly understood by those skilled in the art that the embodiments described herein may be combined with other embodiments.
首先,介绍本申请实施例涉及的专业术语和概念。First, the technical terms and concepts involved in the embodiments of the present application are introduced.
(1)Token(1)Token
Token,是服务端生成的一串字符串,以作为向客户端(电子设备)进行请求的一个令牌。令牌是一种能够控制站点占有媒体的特殊帧,以区别数据帧及其他控制帧。也就是说,Token可以被理解为暗号,在一些数据传输之前,要先进行暗号的核对,不同的暗号被授权不同的数据操作。Token is a string of strings generated by the server as a token for requesting the client (electronic device). A token is a special frame that controls the station's possession of the media, distinguishing data frames from other control frames. That is to say, Token can be understood as a secret code. Before some data is transmitted, the secret code must be checked first, and different secret codes are authorized for different data operations.
(2)Code(2)Code
Code是用户授权从而得到的用户凭证,用于服务器进行交换得到资源访问凭证(Token)。Code is the user credential obtained by user authorization, which is used by the server to exchange the resource access credential (Token).
(3)Springsecurity(3) Spring security
Spring Security是一个能够为基于Spring的企业应用系统提供声明式的安全访问控制解决方案的安全框架。它提供了一组可以在Spring应用上下文中配置的Bean,充分利用了Spring IoC,DI(控制反转Inversion of Control,DI:Dependency Injection依赖注入)和AOP(面向切面编程)功能,为应用系统提供声明式的安全访问控制功能,减少了为企业系统安全控制编写大量重复代码的工作。Spring Security is a security framework that can provide declarative security access control solutions for Spring-based enterprise application systems. It provides a set of beans that can be configured in the Spring application context, making full use of Spring IoC, DI (Inversion of Control, DI: Dependency Injection) and AOP (Aspect Oriented Programming) functions to provide application systems with Declarative security access control capabilities reduce the effort of writing a lot of repetitive code for enterprise system security controls.
(4)对称加密(4) Symmetric encryption
对称加密是指采用单钥密码系统的加密方法,同一个密钥可以同时用作信息的加密和解密,也称为单密钥加密。密钥是控制加密及解密过程的指令。算法是一组规则,规定如何进行加密和解密。Symmetric encryption refers to an encryption method using a single-key cryptosystem, and the same key can be used for both encryption and decryption of information, also known as single-key encryption. A key is an instruction that controls the encryption and decryption process. An algorithm is a set of rules that dictate how encryption and decryption are performed.
其工作过程为:数据发送方将明文(原始数据)和加密密钥一起经过特殊加密算法处理后,使其变成复杂的加密密文发送出去。接收方收到密文后,若想解读原文,则需要使用加密密钥及相同算法(即上述特殊加密算法)的逆算法对密文进行解密,才能使其恢复成可读明文。The working process is as follows: the data sender processes the plaintext (original data) and the encryption key together with a special encryption algorithm, and then turns it into a complex encrypted ciphertext and sends it out. After the receiver receives the ciphertext, if he wants to interpret the original text, he needs to use the encryption key and the inverse algorithm of the same algorithm (that is, the special encryption algorithm above) to decrypt the ciphertext to restore it to readable plaintext.
(5)非对称加密(5) Asymmetric encryption
非对称加密算法需要两个密钥来进行加密和解密,这两个密钥是公开密钥,简称公钥和私有密钥,简称私钥。公开密钥与私有密钥是一对,如果用公开密钥对数据进行加密,只有用对应的私有密钥才能解密;如果用私有密钥对数据进行加密,那么只有用对应的公开密钥才能解密。Asymmetric encryption algorithms require two keys for encryption and decryption. These two keys are public keys, referred to as public keys, and private keys, referred to as private keys. The public key and the private key are a pair. If the data is encrypted with the public key, only the corresponding private key can be used to decrypt it; if the data is encrypted with the private key, only the corresponding public key can be used to decrypt the data. decrypt.
其工作过程为:乙方生成一对密钥(公钥和私钥),并将公钥向其它方公开。得到该公钥的甲方使用该公钥对机密信息进行加密后再发送给乙方。乙方再用自己保存的另一把专用密钥(私钥)对加密后的信息进行解密。乙方只能用其专用密钥(私钥)解密由对应的公钥加密后的信息。The working process is as follows: Party B generates a pair of keys (public key and private key), and discloses the public key to other parties. Party A who has obtained the public key uses the public key to encrypt the confidential information before sending it to Party B. Party B then decrypts the encrypted information with another private key (private key) kept by itself. Party B can only use its private key (private key) to decrypt the information encrypted by the corresponding public key.
(6)MD5(6)MD5
MD5信息摘要算法(MD5 Message-Digest Algorithm),一种被广泛使用的密码散列函数,可以产生出一个128位(16字节)的散列值(hash value),用于确保信息传输完整一致。MD5 Message-Digest Algorithm, a widely used cryptographic hash function, can generate a 128-bit (16-byte) hash value to ensure complete and consistent information transmission .
为了更好地理解本申请实施例的技术方案,在此对本申请实施例可能涉及的系统架构进行介绍。请参见图1,为本申请实施例提供的一种系统架构示意图。该系统架构可以包括:电子设备101和服务器102。其中,电子设备101和服务器102之间可以通过网络通信。网络通信可以基于任何有线和无线网络,包括但不限于因特网、广域网、城域网、局域网、虚拟专用网络(virtual private network,VPN)和无线通信网络等等。In order to better understand the technical solutions of the embodiments of the present application, the system architectures that may be involved in the embodiments of the present application are introduced here. Please refer to FIG. 1 , which is a schematic diagram of a system architecture provided by an embodiment of the present application. The system architecture may include: an
本申请实施例不限定电子设备和服务器的数量,服务器可同时为多个电子设备提供服务。在本申请实施例中,电子设备主要是用户用于进行多系统登录所使用的设备,可以用于与服务器进行通信从而获取子系统列表完成多系统登录。电子设备可以是个人计算机(personal computer,PC)、笔记本电脑或智能手机,还可以是一体机、掌上电脑、平板电脑(pad)、智能电视播放终端、车载终端或便捷式设备等。PC端的电子设备,例如一体机等,其操作系统可以包括但不限于Linux系统、Unix系统、Windows系列系统(例如Windows xp、Windows7等)、Mac OS X系统(苹果电脑的操作系统)等操作系统。移动端的电子设备,例如智能手机等,其操作系统可以包括但不限于安卓系统、IOS(苹果手机的操作系统)、Window系统等操作系统。The embodiments of the present application do not limit the number of electronic devices and servers, and the server can provide services for multiple electronic devices at the same time. In this embodiment of the present application, the electronic device is mainly a device used by a user to perform multi-system login, and can be used to communicate with a server to obtain a list of subsystems to complete multi-system login. The electronic device may be a personal computer (PC), a notebook computer, or a smart phone, and may also be an all-in-one computer, a palmtop computer, a tablet computer (pad), a smart TV player terminal, a vehicle-mounted terminal, or a portable device. Electronic equipment on the PC side, such as an all-in-one computer, etc., its operating system may include but not limited to Linux system, Unix system, Windows series system (such as Windows xp, Windows7, etc.), Mac OS X system (Apple Computer's operating system) and other operating systems . The operating system of a mobile electronic device, such as a smart phone, may include, but is not limited to, an Android system, an IOS (an operating system of an Apple mobile phone), a Windows system, and other operating systems.
服务器可以是独立的服务器,也可以是提供云服务、云数据库、云计算、云函数、云存储、网络服务、云通信、中间件服务、域名服务、安全服务、内容分发网络(contentdelivery network,CDN)、以及大数据和人工智能平台等基础云计算服务的云服务器。服务器或者可以通过多个服务器组成的服务器集群来实现。The server can be an independent server, or can provide cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communications, middleware services, domain name services, security services, content delivery network (CDN) ), as well as cloud servers for basic cloud computing services such as big data and artificial intelligence platforms. The server or can be implemented by a server cluster composed of multiple servers.
随着计算机技术的发展,越来越多的业务都可通过计算机设备来实现和完成。对于不同的业务通常需要登录各自对应的业务系统,才能进行相应的操作。而每个业务系统的系统登录、鉴权和认证方法等通常是每个系统独立执行。这样就会导致多个业务系统均需要各自的账号密码实现登录,这就导致操作繁琐,效率过低。而为了避免这种情况,现有技术中,往往通过引入第三方管理系统对多个系统进行统一管理。也就是说,用户使用账号密码登录第三方管理系统后,相当于登录了与第三方管理系统对接了的所有业务系统。这样可以减少登录多个系统的操作,提高了登录的效率。但是,这就导致了新的问题,若第三方管理系统出现故障,则会导致所有业务系统都无法正常登录使用。因此,提高多系统登录的容灾性是需要解决的问题。With the development of computer technology, more and more business can be realized and completed through computer equipment. For different businesses, it is usually necessary to log in to their respective business systems to perform corresponding operations. The system login, authentication and authentication methods of each business system are usually performed independently by each system. In this way, multiple business systems require their own account and password to log in, which leads to cumbersome operations and low efficiency. In order to avoid this situation, in the prior art, a third-party management system is often introduced to perform unified management of multiple systems. That is to say, after the user logs in to the third-party management system with the account and password, it is equivalent to logging in to all business systems connected to the third-party management system. In this way, the operation of logging in to multiple systems can be reduced, and the efficiency of logging in is improved. However, this has led to new problems. If the third-party management system fails, all business systems will not be able to log in and use normally. Therefore, improving the disaster tolerance of multi-system login is a problem that needs to be solved.
为了解决上述问题,本申请实施例提供了一种多系统登录的方法,该方法可以应用于如图1所示的电子设备或服务器上。通过实施该方法,可以提高多系统登录的容灾性。In order to solve the above problem, an embodiment of the present application provides a multi-system login method, which can be applied to an electronic device or a server as shown in FIG. 1 . By implementing this method, the disaster tolerance of multi-system login can be improved.
本申请实施例基于公共支撑平台(Common Service Platform,CSP)实现。CSP是支撑上层应用的服务平台,包括网关服务模块、SDK模块以及用户管理系统。其中,网关服务模块负责授权与鉴权。SDK模块是指可以被各个子系统(应用系统)所引用的SDK包,通过SpringSecurity中的拦截器对每个应用进行权限管理,同时各子系统可以通过该模块获取当前用户拥有的菜单列表信息。用户管理系统,用于用户的登录管理、权限管理等。The embodiments of the present application are implemented based on a common support platform (Common Service Platform, CSP). CSP is a service platform that supports upper-layer applications, including gateway service module, SDK module and user management system. Among them, the gateway service module is responsible for authorization and authentication. The SDK module refers to the SDK package that can be referenced by each subsystem (application system). Each application is authorized by the interceptor in Spring Security. At the same time, each subsystem can obtain the menu list information owned by the current user through this module. User management system, used for user login management, authority management, etc.
请参见图2,为本申请实施例提供的一种多系统登录的方法的流程示意图。可以包括以下步骤S201-步骤S206。其中:Please refer to FIG. 2 , which is a schematic flowchart of a multi-system login method provided by an embodiment of the present application. The following steps S201-S206 may be included. in:
步骤S201:接收用户的登录操作。Step S201: Receive a user's login operation.
步骤S202:向目标管理系统发送请求认证,目标管理系统根据登录操作确定。Step S202: Send a request for authentication to the target management system, and the target management system determines according to the login operation.
请求认证是指请求认证用户身份,根据用户身份确定该用户是否具有操作权限以及具有哪些操作权限。Requesting authentication refers to requesting authentication of the user's identity, and determining whether the user has operation rights and what operation rights it has according to the user's identity.
在一种可能的实现方式中,登录操作包括第一登录操作,目标管理系统根据用户的第一登录操作确定,目标管理系统包括本地管理系统和第三方管理系统。其中,本地管理系统即CSP中的用户管理系统,第三方管理系统为除CSP中的用户管理系统之外的其他用户管理系统。如图3所示,为本申请实施例提供的一种登录界面示意图。按钮301表示使用第三方管理系统登录,按钮302表示使用本地管理系统登录。用户可通过点击按钮301或者点击按钮302快速的选择第三方管理系统进行登录或者本地管理系统来进行此次登录。可以理解的是,在图3中,用户的第一登录操作为点击按钮301或者点击按钮302。用户点击按钮301选择使用第三方管理系统登录时,目标管理系统为第三方管理系统;用户选点击按钮302选择使用本地管理系统进行登录时,目标管理系统为本地管理系统。通过让用户在一个界面上点击按钮来选择本地管理系统或者第三方管理系统进行登录,可以使得用户无须通过记住并输入各个系统的地址来进行登录,简化了用户的操作,提高了用户的体验度。In a possible implementation manner, the login operation includes a first login operation, the target management system is determined according to the user's first login operation, and the target management system includes a local management system and a third-party management system. The local management system is the user management system in the CSP, and the third-party management system is other user management systems except the user management system in the CSP. As shown in FIG. 3 , a schematic diagram of a login interface provided by an embodiment of the present application is shown.
在一种可能的实现方式中,登录操作包括第二登录操作,第二登录操作用于确定登录方式,登录方式包括第一登录方式和第二登录方式。如图3所示,第一登录方式是指如304所示的输入账号密码进行登录的登录方式,第二登录方式是指如303所示的扫码登录的登录方式。在用户使用第一登录方式进行登录的情况下,如304所示,当用户输入了账号、密码且点击了登录按钮后,将接收到用户的登录操作,此时将向目标管理系统发送请求认证。在用户使用第二登录方式进行登录的情况下,如303所示,当用户使用另一设备进行扫码并点击了用于提示用户确认登录的按钮后,将接收到用户的登录操作,此时将向目标管理系统发送请求认证。In a possible implementation manner, the login operation includes a second login operation, the second login operation is used to determine a login mode, and the login mode includes a first login mode and a second login mode. As shown in FIG. 3 , the first login method refers to the login method of inputting an account password as shown in 304 to log in, and the second login method refers to the login method of scan code login as shown in 303 . In the case where the user logs in using the first login method, as shown in 304, when the user enters the account number and password and clicks the login button, the user's login operation will be received, and a request for authentication will be sent to the target management system at this time. . In the case where the user logs in using the second login method, as shown in 303, when the user scans the code with another device and clicks the button for prompting the user to confirm the login, the user's login operation will be received. A request for authentication will be sent to the target management system.
步骤S203:判断目标管理系统是否通过请求认证。Step S203: Determine whether the target management system has passed the request authentication.
在一种可能的实现方式中,在登录方式为第一登录方式的情况下,判断所述目标管理系统是否通过所述请求认证可以包括如下所示的步骤A1-步骤A6:In a possible implementation, when the login mode is the first login mode, judging whether the target management system passes the request authentication may include the following steps A1-A6:
步骤A1.根据所述第一登录方式获取第一输入账号和第一输入密码。Step A1. Acquire a first input account and a first input password according to the first login method.
需要说明的是,第一输入账号和第一输入密码不是用户输入的账号和密码,而是指对用户输入的账号和密码进行了一次加密后的账号和密码。这是因为,若前端以明文方式进行传输,账号和密码会存在泄漏的风险。因此,前端在传输的时候会对账号和密码进行加密处理。因此,获取到的是加密后的第一输入账号和第一输入密码,而不是用户输入的账号和密码。加密处理的方式可以是对称加密,也可以是非对称加密。对账号和密码的加密处理的方式可以相同也可以不同。例如,可以对用户输入的账号使用对称加密的处理方式进行加密,而对用户输入的密码使用非对称加密的处理方式进行加密。It should be noted that the first input account and the first input password are not the account and password input by the user, but refer to the account and password after the account and password input by the user are encrypted once. This is because if the front-end is transmitted in clear text, the account and password will be at risk of leakage. Therefore, the front end encrypts the account and password during transmission. Therefore, what is obtained is the encrypted first input account number and the first input password, not the account number and password input by the user. The encryption processing method can be symmetric encryption or asymmetric encryption. The way of encrypting the account and password can be the same or different. For example, the account number input by the user may be encrypted by using a symmetric encryption process, and the password input by the user may be encrypted by asymmetric encryption process.
步骤A2.发送所述第一输入账号和所述第一输入密码至Springsecurity框架,所述Springsecurity框架用于解密所述第一输入账号得到原始输入账号以及加密所述第一输入密码得到第二输入密码。Step A2. Send the first input account and the first input password to the Springsecurity framework, and the Springsecurity framework is used to decrypt the first input account to obtain the original input account and encrypt the first input password to obtain the second input password.
其中,原始输入账号即为用户输入的账号,第二输入密码不是用户输入的密码,而是对用户输入的密码进行二次加密后的密码(第一次加密发生在上述所提到的前端传输时)。Wherein, the original input account is the account input by the user, and the second input password is not the password input by the user, but a password after secondary encryption of the password input by the user (the first encryption occurs in the above-mentioned front-end transmission Time).
步骤A3.获取数据库中的原始账号和加密密码。Step A3. Obtain the original account number and encrypted password in the database.
需要说明的是,为了保障数据的安全性,存储在数据库中的为原始账号和加密密码。原始账号是指用户注册时生成或者用户设置的账号。加密密码不是用户设置的密码,而是对用户设置的密码进行了二次加密后的密码。It should be noted that, in order to ensure data security, the original account number and encrypted password are stored in the database. The original account refers to the account generated when the user registers or set by the user. The encrypted password is not a password set by the user, but a password that is encrypted twice for the password set by the user.
在一种可能的实现方式中,加密密码通过MD5算法得到。当我们需要保存某些密码信息以用于身份确认时,如果直接将密码信息以明码方式保存在数据库中,不使用任何保密措施,系统管理员就很容易能得到原来的密码信息,这些信息一旦泄露,密码也很容易被破译。为了增加安全性,有必要对数据库中需要保密的信息进行加密,这样,即使有人得到了整个数据库,如果没有解密算法,也不能得到原来的密码信息。MD5算法可以很好地解决这个问题,因为它可以将任意长度的输入串经过计算得到固定长度的输出,而且只有在明文相同的情况下,才能等到相同的密文,并且这个算法是不可逆的,即便得到了加密以后的密文,也不可能通过解密算法反算出明文。这样就可以把用户的密码以MD5值(或类似的其它算法)的方式保存起来,用户注册的时候,系统是把用户输入的密码计算成MD5值,然后再去和系统中保存的MD5值进行比较,如果密文相同,就可以认定密码是正确的,否则密码错误。通过这样的步骤,系统在并不知道用户密码明码的情况下就可以确定用户登录系统的合法性。这样不但可以避免用户的密码被具有系统管理员权限的用户知道,而且还在一定程度上增加了密码被破解的难度。In a possible implementation manner, the encrypted password is obtained through the MD5 algorithm. When we need to save some password information for identity confirmation, if the password information is directly stored in the database in clear code without any confidentiality measures, the system administrator can easily obtain the original password information. Leaked, the password is also easily deciphered. In order to increase security, it is necessary to encrypt the information that needs to be kept secret in the database, so that even if someone gets the whole database, if there is no decryption algorithm, the original password information cannot be obtained. The MD5 algorithm can solve this problem very well, because it can calculate the input string of any length to obtain a fixed-length output, and only when the plaintext is the same, can it wait for the same ciphertext, and this algorithm is irreversible, Even if the encrypted ciphertext is obtained, it is impossible to calculate the plaintext through the decryption algorithm. In this way, the user's password can be saved in the form of MD5 value (or similar other algorithms). When the user registers, the system calculates the password entered by the user into an MD5 value, and then goes to the MD5 value saved in the system. By comparison, if the ciphertexts are the same, it can be determined that the password is correct, otherwise the password is wrong. Through such steps, the system can determine the legitimacy of the user's login to the system without knowing the clear code of the user's password. This not only prevents the user's password from being known by users with system administrator rights, but also increases the difficulty of password cracking to a certain extent.
步骤A4.加密所述原始账号得到加密账号。Step A4. Encrypt the original account to obtain an encrypted account.
加密账号是指对原始账号进行一次加密后的账号。An encrypted account is an account that has been encrypted once for the original account.
步骤A5.发送所述加密账号以及所述加密密码至所述Springsecurity框架,所述Springsecurity框架用于解密所述加密账号得到所述原始账号,以及得到原始输入账号与原始账号、第二输入密码与加密密码的验证结果。Step A5. Send the encrypted account number and the encrypted password to the Springsecurity framework, and the Springsecurity framework is used to decrypt the encrypted account number to obtain the original account number, and to obtain the original input account number and the original account number, the second input password and The verification result of the encrypted password.
验证结果是指原始输入账号与原始账号是否匹配成功,以及第二输入密码与所述加密密码是否匹配成功。在原始输入账号与原始账号匹配成功,且第二输入密码与所述加密密码匹配成功的情况下,则验证结果为匹配成功。否则验证结果为匹配不成功。The verification result refers to whether the original input account and the original account are successfully matched, and whether the second input password and the encrypted password are successfully matched. If the original input account and the original account are successfully matched, and the second input password is successfully matched with the encrypted password, the verification result is that the matching is successful. Otherwise, the verification result is that the matching is unsuccessful.
步骤A6.根据验证结果确定是否通过请求认证。Step A6. Determine whether the request authentication is passed according to the verification result.
在验证结果为匹配成功的情况下,则确定通过请求认证。在验证结果为匹配不成功的情况下,则确定不通过请求认证。If the verification result is that the matching is successful, it is determined that the request authentication is passed. If the verification result is that the matching is unsuccessful, it is determined that the request authentication is not passed.
示例性的,一方面用户输入的账号为A,密码为B。而获取到的由前端传输的账号为A1(账号A1是对账号A进行了一次加密后的结果),密码为B1(密码B1是对密码B进行了一次加密后的结果)。然后将账号A1和密码B1传入SpringSecurity框架。SpringSecurity框架对账号A1进行解密重新得到账号A,对密码B1再次进行加密得到B2(密码B2相当于是对密码B进行二次加密的结果)。另一方面,数据库中对应于用户输入的账号A所存储的账号为a、密码为b2。在传入SpringSecurity之前,对账号a进行加密得到账号a1,对密码b2不作任何处理。将账号a1和密码b2传入SpringSecurity框架后,SpringSecurity框架对账号a1进行解密得到账号a,然后判断账号A是否与账号a匹配,以及判断密码B2是否与密码b2匹配。在账号A与账号a匹配,并且密码B2与密码b2匹配的情况下,则得到的验证结果为匹配成功,从而通过该请求认证。在账号A与账号a不匹配,或者,密码B2与密码b2不匹配的情况下,则得到的验证结果为匹配不成功,从而不通过该请求认证。Exemplarily, on the one hand, the account entered by the user is A, and the password is B. The acquired account transmitted by the front end is A1 (account A1 is the result of encrypting account A once), and the password is B1 (password B1 is the result of encrypting password B once). Then pass the account A1 and password B1 into the SpringSecurity framework. The SpringSecurity framework decrypts account A1 to obtain account A again, and encrypts password B1 again to obtain B2 (password B2 is equivalent to the result of secondary encryption of password B). On the other hand, the account stored in the database corresponding to the account A input by the user is a and the password is b2. Before entering Spring Security, the account a is encrypted to obtain the account a1, and the password b2 is not processed. After passing the account a1 and password b2 into the SpringSecurity framework, the SpringSecurity framework decrypts the account a1 to obtain the account a, and then judges whether the account A matches the account a, and whether the password B2 matches the password b2. If the account A matches the account a, and the password B2 matches the password b2, the obtained verification result is that the matching is successful, so that the request is authenticated. In the case that the account A does not match the account a, or the password B2 does not match the password b2, the obtained verification result is that the matching is unsuccessful, so that the request authentication is not passed.
在一种可能的实现方式中,在登录方式为第二登录方式的情况下,判断所述目标管理系统是否通过所述请求认证可以包括如下所示的步骤B1-步骤B7:In a possible implementation, when the login mode is the second login mode, judging whether the target management system passes the request authentication may include the following steps B1-B7:
步骤B1.根据所述第二登录方式获取Code码。Step B1. Acquire the Code code according to the second login method.
Code码在扫码成功时由第三方管理系统生成。每次扫码生成的Code码都可能不同,但Code码与用户之间存在映射关系,因此,根据Code码可以在第三方管理系统中确定对应的此次扫码的用户。The code code is generated by the third-party management system when the code is scanned successfully. The code code generated by each code scan may be different, but there is a mapping relationship between the code code and the user. Therefore, the corresponding user who scans the code can be determined in the third-party management system according to the code code.
步骤B2.发送所述Code码至第三方管理系统,以获取对应的用户信息。Step B2. Send the Code to a third-party management system to obtain corresponding user information.
网关服务模块将Code码发送至第三方管理系统,第三方管理系统可以根据该Code码查询到对应用户的第三方管理系统中的用户信息。The gateway service module sends the code code to the third-party management system, and the third-party management system can query the user information in the third-party management system of the corresponding user according to the code code.
步骤B3.根据用户信息查询得到数据库中的第一账号和第一密码。Step B3. Obtain the first account number and the first password in the database according to the user information query.
网关服务模块从第三方管理系统获取到第三方管理系统中的用户信息后,根据第三方管理系统中的用户信息到本地管理系统中查询得到用户的本地管理系统中的用户信息。根据用户的本地管理系统中的用户信息到数据库中进行查询得到第一账号和第一密码。After acquiring the user information in the third-party management system from the third-party management system, the gateway service module queries the local management system according to the user information in the third-party management system to obtain the user information in the user's local management system. The first account number and the first password are obtained by querying the database according to the user information in the user's local management system.
需要说明的是,由于无法直接通过第三方管理系统中的用户信息获取数据库中的账号和密码,因此需要以本地管理系统作为媒介,间接获取数据库中的账号和密码。因此,第三方管理系统中的用户信息应当在本地管理系统中有部分或全部对应的用户信息。也就是说,本地管理系统中需要添加用户在第三方管理系统中的部分或全部的用户信息,从而能够根据第三方管理系统中的用户信息查询到在本地管理系统中对应的用户信息。It should be noted that, since the account number and password in the database cannot be obtained directly through the user information in the third-party management system, the account number and password in the database need to be obtained indirectly by using the local management system as a medium. Therefore, the user information in the third-party management system should have some or all of the corresponding user information in the local management system. That is, the local management system needs to add some or all of the user information of the user in the third-party management system, so that the corresponding user information in the local management system can be queried according to the user information in the third-party management system.
在一种可能的实现方式中,在第三方管理系统无法直接提供用户信息给本地管理系统进行用户信息的添加的情况下,也就是说第三方管理系统无法通过接口提供第三方管理系统的用户信息,可以通过获取用户提供的用户特征信息,即可用于标识唯一用户的用户信息,使用该用户特征信息在第三方管理系统中查询得到该用户的其他信息,然后将该用户在第三方管理系统中的信息填充至该用户在本地管理系统中的信息中并进行保存。通过获取用户特征信息,根据用户特征信息自动填充用户其他信息,可以减少用户操作,提高用户体验感。In a possible implementation, when the third-party management system cannot directly provide user information to the local management system for adding user information, that is to say, the third-party management system cannot provide user information of the third-party management system through the interface , you can obtain the user feature information provided by the user, that is, the user information that can be used to identify the unique user, use the user feature information to query the third-party management system to obtain other information of the user, and then use the user feature information to query the third-party management system. Fill in the information of the user in the local management system and save it. By acquiring user feature information and automatically filling in other user information according to the user feature information, user operations can be reduced and user experience can be improved.
在一种可能的实现方式中,在第三方可以提供第三方管理系统中的用户信息的情况下,根据预先设置的参数配置获取第三方管理系统提供的部分或全部用户信息,(例如,第三方管理系统包括集团A整个的机构的用户信息,集团A下包括机构A1、机构A2、机构A3和机构A4,各个机构下均包含各自机构下用户的用户信息,但是与本地管理系统相关的只是机构A1,因此,可以通过参数预先配置成本地管理系统仅获取机构A1下面包括的用户信息),将获取到的第三方管理系统中的用户信息添加至本地管理系统中。其中,用户信息经过加密处理,可以提高信息安全性。In a possible implementation manner, in the case that a third party can provide user information in the third-party management system, part or all of the user information provided by the third-party management system is obtained according to a preset parameter configuration, (for example, a third-party management system The management system includes the user information of the entire organization of group A. The group A includes organization A1, organization A2, organization A3, and organization A4. Each organization contains the user information of users under its own organization, but only the organization is related to the local management system. A1, therefore, the local management system can be pre-configured with parameters to acquire only the user information included in the organization A1), and the acquired user information in the third-party management system can be added to the local management system. Among them, the user information is encrypted, which can improve information security.
步骤B4.发送第一账号和第一密码至Springsecurity框架。Step B4. Send the first account and the first password to the Springsecurity framework.
在一种可能的实现方式中,将第一账号发送至Springsecurity框架之前对第一账号进行加密,然后Springsecurity框架在接收到加密后的第一账号后对其进行解密重新得到第一账号。In a possible implementation manner, the first account is encrypted before the first account is sent to the Springsecurity framework, and then the Springsecurity framework decrypts the encrypted first account after receiving it to obtain the first account again.
步骤B5.获取数据库中的第二账号和第二密码。Step B5. Obtain the second account number and the second password in the database.
可以理解的是,数据库中的第二账号和第二密码根据本地管理系统中的用户信息得到。It can be understood that the second account number and the second password in the database are obtained according to user information in the local management system.
步骤B6.发送第二账号和第二密码至所述Springsecurity框架。Step B6. Send the second account and the second password to the Springsecurity framework.
在一种可能的实现方式中,将第二账号发送至Springsecurity框架之前对第二账号进行加密,然后Springsecurity框架在接收到加密后的第二账号后对其进行解密重新得到第二账号。In a possible implementation manner, the second account is encrypted before the second account is sent to the Springsecurity framework, and then the Springsecurity framework decrypts the encrypted second account after receiving it to obtain the second account again.
所述Springsecurity框架用于得到第一账号与第二账号、第一密码与第二密码的验证结果。验证结果是指第一账号与第二账号是否匹配成功,以及第一密码与第二密码是否匹配成功。在第一账号与第二账号匹配成功,且第一密码与第二密码匹配成功的情况下,则验证结果为匹配成功。否则验证结果为匹配不成功。The Springsecurity framework is used to obtain the verification results of the first account and the second account, and the first password and the second password. The verification result refers to whether the first account and the second account are successfully matched, and whether the first password and the second password are successfully matched. If the first account and the second account are successfully matched, and the first password and the second password are successfully matched, the verification result is that the matching is successful. Otherwise, the verification result is that the matching is unsuccessful.
步骤B7.根据验证结果确定是否通过请求认证。Step B7. Determine whether the request authentication is passed according to the verification result.
在验证结果为匹配成功的情况下,则确定通过请求认证。在验证结果为匹配不成功的情况下,则确定不通过请求认证。If the verification result is that the matching is successful, it is determined that the request authentication is passed. If the verification result is that the matching is unsuccessful, it is determined that the request authentication is not passed.
可以理解的是,两次都是从数据库中取出账号和密码进行匹配,因此通常情况下都可以匹配成功。此次匹配相当于模拟登录的流程。It is understandable that the account and password are retrieved from the database for matching both times, so the matching is usually successful. This match is equivalent to the process of simulating login.
步骤S204:在目标管理系统通过请求认证的情况下,获取目标管理系统返回的Code码。Step S204: in the case that the target management system passes the request authentication, obtain the Code code returned by the target management system.
也就是说,Code码是由目标管理系统生成的。That is to say, the Code code is generated by the target management system.
步骤S205:发送Code码至网关服务模块,以获取网关服务模块返回的Token。Step S205: Send the Code to the gateway service module to obtain the Token returned by the gateway service module.
Code码的有效时间相较于Token而言更短。Code码用于获取Token,Token用于确定用户身份,从而确定用户具有的操作权限。The validity period of the Code code is shorter than that of the Token. The code code is used to obtain the Token, and the Token is used to determine the user's identity, thereby determining the operation authority that the user has.
在一种可能的实现方式中,使用本地管理系统登录或者使用第三方管理系统登录时所使用到的网关服务模块为同一网关服务模块,即CSP中的网关服务模块,从而可以节省服务器资源。在网关服务模块中对使用本地管理系统进行登录以及使用第三方管理系统进行登录的差异化处理通过特征数据“redirectType”确定。也就是说,根据选择的目标管理系统不同,在获取Token时所携带的数据也存在区别。若使用本地管理系统进行登录,则在获取Token时所携带的数据包括Code码和特征数据“redirectType”;若使用第三方管理系统进行登录,则在获取Token时所携带的数据包括Code码,但不包括特征数据“redirectType”。在网关服务模块中对使用本地管理系统进行登录以及使用第三方管理系统进行登录的差异化处理可体现为以下步骤C1-C2和步骤D1-D2。其中步骤C1-步骤C2为针对于目标管理系统为本地管理系统时的处理方法,步骤D1-步骤D2为针对于目标管理系统为第三方管理系统时的处理方法。In a possible implementation manner, the gateway service module used when logging in with the local management system or logging in with the third-party management system is the same gateway service module, that is, the gateway service module in the CSP, so that server resources can be saved. In the gateway service module, the differentiated processing of logging in using the local management system and logging in using a third-party management system is determined by the characteristic data "redirectType". That is to say, according to the selected target management system, the data carried when obtaining the Token is also different. If the local management system is used to log in, the data carried when obtaining the Token includes the Code code and the characteristic data "redirectType"; if the third-party management system is used for logging in, the data carried when obtaining the Token includes the Code code, but The feature data "redirectType" is not included. The differentiated processing of logging in using the local management system and logging in using a third-party management system in the gateway service module may be embodied in the following steps C1-C2 and D1-D2. Wherein, steps C1-step C2 are processing methods when the target management system is a local management system, and steps D1-step D2 are processing methods when the target management system is a third-party management system.
在一种可能的实现方式中,在所述目标管理系统为所述本地管理系统的情况下,发送所述Code码至网关服务模块,以获取所述网关服务模块返回的Token包括步骤C1-步骤C2:In a possible implementation manner, in the case that the target management system is the local management system, sending the Code to the gateway service module to obtain the Token returned by the gateway service module includes step C1-step C2:
步骤C1:发送Code码至网关服务模块,网关服务模块用于将Code码发送至本地管理系统。Step C1: Send the code to the gateway service module, and the gateway service module is used for sending the code to the local management system.
步骤C2:接收网关服务模块发送的Token,Token由本地管理系统发送至网关服务模块。Step C2: Receive the Token sent by the gateway service module, and the Token is sent by the local management system to the gateway service module.
可以理解的是,由于本地管理系统与网关服务模块同属于CSP,因此,在目标管理系统为本地管理系统的情况下,此时网关服务模块起到的作用为转发Code码。It can be understood that since the local management system and the gateway service module both belong to the CSP, when the target management system is the local management system, the role of the gateway service module at this time is to forward code codes.
在一种可能的实现方式中,在所述目标管理系统为第三方管理系统的情况下,发送Code码至网关服务模块,以获取网关服务模块返回的Token包括步骤D1-步骤D2:In a possible implementation, when the target management system is a third-party management system, sending the Code code to the gateway service module to obtain the Token returned by the gateway service module includes steps D1-step D2:
步骤D1:发送Code码至网关服务模块,网关服务模块用于将Code码发送至第三方管理系统,第三方管理系统用于根据接收到的Code码返回相应的用户信息至网关服务模块。Step D1: Send the code code to the gateway service module, the gateway service module is used for sending the code code to the third-party management system, and the third-party management system is used for returning corresponding user information to the gateway service module according to the received code code.
也就是说,网关服务模块接收到Code码之后,使用该Code码到第三方管理系统中获取该Code码对应的用户的第三方管理系统中的用户信息。That is to say, after receiving the code, the gateway service module uses the code to obtain the user information in the third-party management system of the user corresponding to the code from the third-party management system.
步骤D2:接收网关服务模块发送的Token,Token由网关服务模块根据接收到的用户信息生成。Step D2: Receive the Token sent by the gateway service module, and the Token is generated by the gateway service module according to the received user information.
具体的,网关服务模块在获取到用户的第三方管理系统中的用户信息之后,根据用户的第三方管理系统中的用户信息在本地管理系统中查找并获取到对应于该用户的本地管理系统中的用户信息。然后,根据获取到的本地管理系统中的用户信息生成Token。Specifically, after acquiring the user information in the user's third-party management system, the gateway service module searches the local management system according to the user information in the user's third-party management system and acquires the local management system corresponding to the user user information. Then, a Token is generated according to the obtained user information in the local management system.
步骤S206:根据Token获取子系统列表。Step S206: Acquire a list of subsystems according to the Token.
其中,子系统是指各个集成了SDK的应用系统。Among them, the subsystem refers to each application system integrated with the SDK.
在一种可能的实现方式中,根据Token获取子系统列表的方式为:向网关服务模块发送获取子系统列表这一请求,网关服务模块接收到该请求后对Token的有效性进行检验,在检验成功后,网关服务模块访问子系统获取菜单,子系统上的SDK模块根据Token确定当前用户的权限,从而返回当前用户拥有的子系统列表以及子系统列表中各个子系统的菜单列表。从而实现了多种方式登录多系统的方法。In a possible implementation manner, the method of obtaining the list of subsystems according to the Token is: sending a request for obtaining the list of subsystems to the gateway service module, and the gateway service module checks the validity of the Token after receiving the request. After success, the gateway service module accesses the subsystem to obtain the menu, and the SDK module on the subsystem determines the authority of the current user according to the Token, thereby returning the list of subsystems owned by the current user and the menu list of each subsystem in the subsystem list. Thus, a method for logging in to multiple systems in multiple ways is realized.
上述详细阐述了本申请实施例涉及的方法,下面介绍本申请实施例涉及的装置。The methods involved in the embodiments of the present application are described in detail above, and the devices involved in the embodiments of the present application are introduced below.
请参见图4,图4为本申请实施例提供的一种多系统登录的装置的结构示意图。如图4所示,该多系统登录的装置400包括:Referring to FIG. 4 , FIG. 4 is a schematic structural diagram of an apparatus for multi-system login provided by an embodiment of the present application. As shown in FIG. 4, the apparatus 400 for multi-system login includes:
通信模块401,用于接收用户的登录操作;用于向目标管理系统发送请求认证,所述目标管理系统根据所述登录操作确定;The communication module 401 is used for receiving a user's login operation; for sending a request for authentication to a target management system, the target management system determines according to the login operation;
处理模块402,用于判断所述目标管理系统是否通过所述请求认证;A processing module 402, configured to judge whether the target management system passes the request authentication;
通信模块401,还用于在所述目标管理系统通过所述请求认证的情况下,获取目标管理系统返回的Code码;发送所述Code码至网关服务模块,以获取所述网关服务模块返回的Token;根据所述Token获取子系统列表。The communication module 401 is further configured to obtain the code code returned by the target management system when the target management system passes the request authentication; send the code code to the gateway service module to obtain the code returned by the gateway service module Token; obtain the subsystem list according to the Token.
在一种可能的实现方式中,所述登陆操作包括第一登录操作,所述目标管理系统根据所述第一登录操作确定,所述目标管理系统包括本地管理系统和第三方管理系统。In a possible implementation manner, the login operation includes a first login operation, the target management system is determined according to the first login operation, and the target management system includes a local management system and a third-party management system.
在一种可能的实现方式中,所述登录操作包括第二登录操作,所述第二登录操作用于确定登录方式,所述登录方式包括第一登录方式和第二登录方式。In a possible implementation manner, the login operation includes a second login operation, the second login operation is used to determine a login mode, and the login mode includes a first login mode and a second login mode.
在一种可能的实现方式中,通信模块401具体用于:发送所述Code码至网关服务模块,所述网关服务模块用于将所述Code码发送至所述本地管理系统;接收所述网关服务模块发送的Token,所述Token由所述本地管理系统发送至所述网关服务模块。In a possible implementation manner, the communication module 401 is specifically configured to: send the code to a gateway service module, and the gateway service module is configured to send the code to the local management system; receive the gateway The Token sent by the service module, the Token is sent by the local management system to the gateway service module.
在一种可能的实现方式中,通信模块401具体用于发送所述Code码至网关服务模块,所述网关服务模块用于将所述Code码发送至所述第三方管理系统,所述第三方管理系统用于根据接收到的所述Code码返回相应的用户信息至所述网关服务模块;接收所述网关服务模块发送的Token,所述Token由所述网关服务模块根据接收到的所述用户信息生成。In a possible implementation manner, the communication module 401 is specifically configured to send the code to a gateway service module, and the gateway service module is configured to send the code to the third-party management system, and the third-party The management system is used to return the corresponding user information to the gateway service module according to the received code; receive the Token sent by the gateway service module, and the Token is sent by the gateway service module according to the received user information. information generation.
在一种可能的实现方式中,通信模块401具体用于根据所述第一登录方式获取第一输入账号和第一输入密码;发送所述第一输入账号和所述第一输入密码至Springsecurity框架,所述Spring security框架用于解密所述第一输入账号得到原始输入账号以及加密所述第一输入密码得到第二输入密码;获取数据库中的原始账号和加密密码。处理模块402具体用于加密所述原始账号得到加密账号。通信模块401还用于发送所述加密账号以及所述加密密码至所述Springsecurity框架,所述Springsecurity框架用于解密所述加密账号得到所述原始账号,以及得到所述原始输入账号与所述原始账号、所述第二输入密码与所述加密密码的验证结果。处理模块还用于根据所述验证结果确定是否通过所述请求认证。In a possible implementation manner, the communication module 401 is specifically configured to obtain the first input account and the first input password according to the first login method; send the first input account and the first input password to the Springsecurity framework , the Spring security framework is used to decrypt the first input account to obtain the original input account and encrypt the first input password to obtain the second input password; obtain the original account and encrypted password in the database. The processing module 402 is specifically configured to encrypt the original account to obtain an encrypted account. The communication module 401 is further configured to send the encrypted account and the encrypted password to the Springsecurity framework, and the Springsecurity framework is used to decrypt the encrypted account to obtain the original account, and to obtain the original input account and the original account. The verification result of the account number, the second input password and the encrypted password. The processing module is further configured to determine whether to pass the request authentication according to the verification result.
在一种可能的实现方式中,通信模块401用于根据所述第二登录方式获取Code码;发送所述Code码至所述第三方管理系统,以获取对应的用户信息;根据所述用户信息查询得到数据库中的第一账号和第一密码;发送所述第一账号和第一密码至Springsecurity框架;获取所述数据库中的第二账号和第二密码;发送所述第二账号和所述第二密码至所述Springsecurity框架;所述Springsecurity框架用于得到所述第一账号与所述第二账号、所述第一密码与所述第二密码的验证结果。处理模块402用于根据所述验证结果确定是否通过所述请求认证。In a possible implementation manner, the communication module 401 is configured to obtain the code code according to the second login method; send the code code to the third-party management system to obtain corresponding user information; according to the user information Query to obtain the first account number and the first password in the database; send the first account number and the first password to the Springsecurity framework; obtain the second account number and the second password in the database; send the second account number and the The second password is sent to the Springsecurity framework; the Springsecurity framework is used to obtain the verification results of the first account and the second account, the first password and the second password. The processing module 402 is configured to determine whether to pass the request authentication according to the verification result.
关于多系统登录的装置400的具体功能实现请参见图2对应的方法步骤,此处不再进行赘述。For the specific function implementation of the apparatus 400 for multi-system login, please refer to the method steps corresponding to FIG. 2 , which will not be repeated here.
请参见图5,为本申请实施例提供的一种电子设备的组成示意图。可包括:处理器110、存储器120;其中,处理器110、存储器120和通信接口130通过总线140连接,该存储器120用于存储指令,该处理器110用于执行该存储器120存储的指令,以实现如上图2对应的方法步骤。Please refer to FIG. 5 , which is a schematic diagram of the composition of an electronic device according to an embodiment of the present application. It may include: a processor 110 and a memory 120; wherein, the processor 110, the memory 120 and the
处理器110用于执行该存储器120存储的指令,以控制通信接口130接收和发送信号,完成上述方法中的步骤。其中,所述存储器120可以集成在所述处理器110中,也可以与所述处理器110分开设置。The processor 110 is configured to execute the instructions stored in the memory 120 to control the
作为一种实现方式,通信接口130的功能可以考虑通过收发电路或者收发的专用芯片实现。处理器110可以考虑通过专用处理芯片、处理电路、处理器或者通用芯片实现。As an implementation manner, the function of the
作为另一种实现方式,可以考虑使用通用计算机的方式来实现本申请实施例提供的计算机设备。即将实现处理器110,通信接口130功能的程序代码存储在存储器120中,通用处理器通过执行存储器120中的代码来实现处理器110,通信接口130的功能。As another implementation manner, a general-purpose computer may be used to implement the computer device provided in the embodiments of the present application. The program codes that will implement the functions of the processor 110 and the
该计算机设备所涉及的与本申请实施例提供的技术方案相关的概念,解释和详细说明及其他步骤请参见前述方法或其他实施例中关于装置执行的方法步骤的内容的描述,此处不做赘述。For the concepts related to the technical solutions provided by the embodiments of the present application, the explanations and detailed descriptions and other steps involved in the computer equipment, please refer to the description of the content of the method steps performed by the apparatus in the foregoing methods or other embodiments, which are not described here. Repeat.
作为本实施例的另一种实现方式,提供一种计算机可读存储介质,其上存储有指令,该指令被执行时执行上述方法实施例中的方法。As another implementation manner of this embodiment, a computer-readable storage medium is provided, on which an instruction is stored, and when the instruction is executed, the method in the foregoing method embodiment is performed.
作为本实施例的另一种实现方式,提供一种包含指令的计算机程序产品,该指令被执行时执行上述方法实施例中的方法。As another implementation manner of this embodiment, a computer program product including an instruction is provided, and the method in the foregoing method embodiment is executed when the instruction is executed.
本领域技术人员可以理解,为了便于说明,图5中仅示出了一个存储器和处理器。在实际的电子设备或服务器中,可以存在多个处理器和存储器。存储器也可以称为存储介质或者存储设备等,本申请实施例对此不做限制。Those skilled in the art can understand that, for the convenience of description, only one memory and a processor are shown in FIG. 5 . In an actual electronic device or server, there may be multiple processors and memories. The memory may also be referred to as a storage medium or a storage device, etc., which is not limited in this embodiment of the present application.
应理解,在本申请实施例中,处理器可以是中央处理单元(Central ProcessingUnit,简称CPU),该处理器还可以是其他通用处理器、数字信号处理器(Digital SignalProcessing,简称DSP)、专用集成电路(Application Specific Integrated Circuit,简称ASIC)、现成可编程门阵列(Field-Programmable Gate Array,简称FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。It should be understood that in this embodiment of the present application, the processor may be a central processing unit (Central Processing Unit, CPU for short), and the processor may also be other general-purpose processors, digital signal processors (Digital Signal Processing, DSP for short), dedicated integrated Circuit (Application Specific Integrated Circuit, ASIC for short), Field-Programmable Gate Array (Field-Programmable Gate Array, FPGA for short) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, and the like.
还应理解,本申请实施例中提及的存储器可以是易失性存储器或非易失性存储器,或可包括易失性和非易失性存储器两者。其中,非易失性存储器可以是只读存储器(Read-Only Memory,简称ROM)、可编程只读存储器(Programmable ROM,简称PROM)、可擦除可编程只读存储器(Erasable PROM,简称EPROM)、电可擦除可编程只读存储器(Electrically EPROM,简称EEPROM)或闪存。易失性存储器可以是随机存取存储器(RandomAccess Memory,简称RAM),其用作外部高速缓存。通过示例性但不是限制性说明,许多形式的RAM可用,例如静态随机存取存储器(Static RAM,简称SRAM)、动态随机存取存储器(Dynamic RAM,简称DRAM)、同步动态随机存取存储器(Synchronous DRAM,简称SDRAM)、双倍数据速率同步动态随机存取存储器(Double Data Rate SDRAM,简称DDR SDRAM)、增强型同步动态随机存取存储器(Enhanced SDRAM,简称ESDRAM)、同步连接动态随机存取存储器(Synchlink DRAM,简称SLDRAM)和直接内存总线随机存取存储器(Direct Rambus RAM,简称DR RAM)。It should also be understood that the memory mentioned in the embodiments of the present application may be volatile memory or non-volatile memory, or may include both volatile and non-volatile memory. Among them, the non-volatile memory may be a read-only memory (Read-Only Memory, referred to as ROM), a programmable read-only memory (Programmable ROM, referred to as PROM), an erasable programmable read-only memory (Erasable PROM, referred to as EPROM) , Electrically Erasable Programmable Read-Only Memory (Electrically EPROM, EEPROM for short) or flash memory. The volatile memory may be a random access memory (Random Access Memory, RAM for short), which is used as an external cache. By way of example and not limitation, many forms of RAM are available, such as Static Random Access Memory (SRAM), Dynamic RAM (DRAM), Synchronous DRAM, referred to as SDRAM), double data rate synchronous dynamic random access memory (Double Data Rate SDRAM, referred to as DDR SDRAM), enhanced synchronous dynamic random access memory (Enhanced SDRAM, referred to as ESDRAM), synchronous connection dynamic random access memory (Synchlink DRAM, referred to as SLDRAM) and direct memory bus random access memory (Direct Rambus RAM, referred to as DR RAM).
需要说明的是,当处理器为通用处理器、DSP、ASIC、FPGA或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件时,存储器(存储模块)集成在处理器中。It should be noted that when the processor is a general-purpose processor, DSP, ASIC, FPGA or other programmable logic devices, discrete gate or transistor logic devices, or discrete hardware components, the memory (storage module) is integrated in the processor.
应注意,本文描述的存储器旨在包括但不限于这些和任意其它适合类型的存储器。It should be noted that the memory described herein is intended to include, but not be limited to, these and any other suitable types of memory.
该总线除包括数据总线之外,还可以包括电源总线、控制总线和状态信号总线等。但是为了清楚说明起见,在图中将各种总线都标为总线。In addition to the data bus, the bus may also include a power bus, a control bus, a status signal bus, and the like. However, for the sake of clarity, the various buses are labeled as buses in the figure.
还应理解,本文中涉及的第一、第二、第三、第四以及各种数字编号仅为描述方便进行的区分,并不用来限制本申请的范围。It should also be understood that the first, second, third, fourth and various numeral numbers mentioned herein are only for the convenience of description, and are not used to limit the scope of the present application.
应理解,本文中术语“和/或”,仅仅是一种描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B这三种情况。另外,本文中字符“/”,一般表示前后关联对象是一种“或”的关系。It should be understood that the term "and/or" in this document is only an association relationship to describe associated objects, indicating that there can be three kinds of relationships, for example, A and/or B, which can mean that A exists alone, and A and B exist at the same time , there are three cases of B alone. In addition, the character "/" in this document generally indicates that the related objects are an "or" relationship.
在实现过程中,上述方法的各步骤可以通过处理器中的硬件的集成逻辑电路或者软件形式的指令完成。结合本申请实施例所公开的方法的步骤可以直接体现为硬件处理器执行完成,或者用处理器中的硬件及软件模块组合执行完成。软件模块可以位于随机存储器,闪存、只读存储器,可编程只读存储器或者电可擦写可编程存储器、寄存器等本领域成熟的存储介质中。该存储介质位于存储器,处理器读取存储器中的信息,结合其硬件完成上述方法的步骤。为避免重复,这里不再详细描述。In the implementation process, each step of the above-mentioned method can be completed by a hardware integrated logic circuit in a processor or an instruction in the form of software. The steps of the methods disclosed in conjunction with the embodiments of the present application may be directly embodied as executed by a hardware processor, or executed by a combination of hardware and software modules in the processor. The software modules may be located in random access memory, flash memory, read-only memory, programmable read-only memory or electrically erasable programmable memory, registers and other storage media mature in the art. The storage medium is located in the memory, and the processor reads the information in the memory, and completes the steps of the above method in combination with its hardware. To avoid repetition, detailed description is omitted here.
在本申请的各种实施例中,上述各过程的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对本申请实施例的实施过程构成任何限定。In various embodiments of the present application, the size of the sequence numbers of the above-mentioned processes does not mean the sequence of execution, and the execution sequence of each process should be determined by its functions and internal logic, rather than the implementation process of the embodiments of the present application. constitute any limitation.
本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各种说明性逻辑块(illustrative logical block,简称ILB)和步骤,能够以电子硬件、或者计算机软件和电子硬件的结合来实现。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。Those of ordinary skill in the art can realize that various illustrative logical blocks (ILBs) and steps described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, or a combination of computer software and electronic hardware. accomplish. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the technical solution. Skilled artisans may implement the described functionality using different methods for each particular application, but such implementations should not be considered beyond the scope of this application.
在本申请所提供的几个实施例中,应该理解到,所揭露的系统、装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the apparatus embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored, or not implemented. On the other hand, the shown or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, indirect coupling or communication connection of devices or units, and may be in electrical, mechanical or other forms.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution in this embodiment.
另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically alone, or two or more units may be integrated into one unit.
在上述实施例中,可以全部或部分地通过软件、硬件、固件或者其任意组合来实现。当使用软件实现时,可以全部或部分地以计算机程序产品的形式实现。所述计算机程序产品包括一个或多个计算机指令。在计算机上加载和执行所述计算机程序指令时,全部或部分地产生按照本申请实施例所述的流程或功能。所述计算机可以是通用计算机、专用计算机、计算机网络、或者其他可编程装置。所述计算机指令可以存储在计算机可读存储介质中,或者从一个计算机可读存储介质向另一个计算机可读存储介质传输,例如,所述计算机指令可以从一个网站站点、计算机、服务器或数据中心通过有线(例如同轴电缆、光纤、数字用户线)或无线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或数据中心进行传输。所述计算机可读存储介质可以是计算机能够存取的任何可用介质或者是包含一个或多个可用介质集成的服务器、数据中心等数据存储设备。所述可用介质可以是磁性介质,(例如,软盘、硬盘、磁带)、光介质(例如,DVD)、或者半导体介质(例如固态硬盘)等。In the above-mentioned embodiments, it may be implemented in whole or in part by software, hardware, firmware or any combination thereof. When implemented in software, it can be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, all or part of the processes or functions described in the embodiments of the present application are generated. The computer may be a general purpose computer, special purpose computer, computer network, or other programmable device. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be downloaded from a website site, computer, server, or data center Transmission to another website site, computer, server, or data center by wire (eg, coaxial cable, optical fiber, digital subscriber line) or wireless (eg, infrared, wireless, microwave, etc.). The computer-readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that includes an integration of one or more available media. The usable media may be magnetic media (eg, floppy disks, hard disks, magnetic tapes), optical media (eg, DVDs), or semiconductor media (eg, solid state drives), and the like.
以上所述,仅为本申请的具体实施方式,但本申请的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应以所述权利要求的保护范围为准。The above are only specific embodiments of the present application, but the protection scope of the present application is not limited to this. should be covered within the scope of protection of this application. Therefore, the protection scope of the present application should be subject to the protection scope of the claims.
Claims (10)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210169227.3A CN114567475B (en) | 2022-02-23 | 2022-02-23 | Multi-system login method, device, electronic device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210169227.3A CN114567475B (en) | 2022-02-23 | 2022-02-23 | Multi-system login method, device, electronic device and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114567475A true CN114567475A (en) | 2022-05-31 |
| CN114567475B CN114567475B (en) | 2024-11-08 |
Family
ID=81714355
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210169227.3A Active CN114567475B (en) | 2022-02-23 | 2022-02-23 | Multi-system login method, device, electronic device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114567475B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115883237A (en) * | 2022-12-09 | 2023-03-31 | 海尔数字科技(上海)有限公司 | User security authentication method and device and electronic equipment |
| CN116108424A (en) * | 2022-12-27 | 2023-05-12 | 深圳红途科技有限公司 | User access account identification method, device, computer equipment and storage medium |
Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102420836A (en) * | 2012-01-12 | 2012-04-18 | 中国电子科技集团公司第十五研究所 | Sign-on method and sign-on management system for service information system |
| WO2013065037A1 (en) * | 2011-09-26 | 2013-05-10 | Elta Systems Ltd. | A mobile communication system implementing integration of multiple logins of mobile device applications |
| CN105491050A (en) * | 2015-12-14 | 2016-04-13 | 苏州天平先进数字科技有限公司 | System and method for controlling third-party account to register screen-locking APP |
| CN105721412A (en) * | 2015-06-24 | 2016-06-29 | 乐视云计算有限公司 | Method and device for authenticating identity between multiple systems |
| CN106055967A (en) * | 2016-05-24 | 2016-10-26 | 福建星海通信科技有限公司 | SAAS platform user organization permission management method and system |
| CN108040090A (en) * | 2017-11-27 | 2018-05-15 | 上海上实龙创智慧能源科技股份有限公司 | A kind of system combination method of more Web |
| CN109286633A (en) * | 2018-10-26 | 2019-01-29 | 深圳市华云中盛科技有限公司 | Single sign-on method, device, computer equipment and storage medium |
| CN110032842A (en) * | 2019-03-03 | 2019-07-19 | 北京立思辰安科技术有限公司 | The method for supporting single-sign-on and third party login simultaneously |
| CN110120952A (en) * | 2019-05-16 | 2019-08-13 | 极智(上海)企业管理咨询有限公司 | A kind of total management system single-point logging method, device, computer equipment and storage medium |
| CN110175439A (en) * | 2019-05-29 | 2019-08-27 | 深圳前海微众银行股份有限公司 | User management method, device, equipment and computer readable storage medium |
| CN110311899A (en) * | 2019-06-17 | 2019-10-08 | 平安医疗健康管理股份有限公司 | Multiservice system access method, device and server |
| WO2020087778A1 (en) * | 2018-11-02 | 2020-05-07 | 深圳壹账通智能科技有限公司 | Multiple system login method, apparatus, computer device and storage medium |
| CN111885080A (en) * | 2020-07-31 | 2020-11-03 | 成都新潮传媒集团有限公司 | Login service architecture, server and client |
| CN112613010A (en) * | 2020-12-28 | 2021-04-06 | 北京世纪互联宽带数据中心有限公司 | Authentication service method, device, server and authentication service system |
| CN112995131A (en) * | 2021-02-01 | 2021-06-18 | 北京拉勾网络技术有限公司 | Page login method, system and computing device |
| CN113037741A (en) * | 2021-03-04 | 2021-06-25 | 腾讯科技(深圳)有限公司 | Authentication method and related device |
-
2022
- 2022-02-23 CN CN202210169227.3A patent/CN114567475B/en active Active
Patent Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2013065037A1 (en) * | 2011-09-26 | 2013-05-10 | Elta Systems Ltd. | A mobile communication system implementing integration of multiple logins of mobile device applications |
| CN102420836A (en) * | 2012-01-12 | 2012-04-18 | 中国电子科技集团公司第十五研究所 | Sign-on method and sign-on management system for service information system |
| CN105721412A (en) * | 2015-06-24 | 2016-06-29 | 乐视云计算有限公司 | Method and device for authenticating identity between multiple systems |
| CN105491050A (en) * | 2015-12-14 | 2016-04-13 | 苏州天平先进数字科技有限公司 | System and method for controlling third-party account to register screen-locking APP |
| CN106055967A (en) * | 2016-05-24 | 2016-10-26 | 福建星海通信科技有限公司 | SAAS platform user organization permission management method and system |
| CN108040090A (en) * | 2017-11-27 | 2018-05-15 | 上海上实龙创智慧能源科技股份有限公司 | A kind of system combination method of more Web |
| CN109286633A (en) * | 2018-10-26 | 2019-01-29 | 深圳市华云中盛科技有限公司 | Single sign-on method, device, computer equipment and storage medium |
| WO2020087778A1 (en) * | 2018-11-02 | 2020-05-07 | 深圳壹账通智能科技有限公司 | Multiple system login method, apparatus, computer device and storage medium |
| CN110032842A (en) * | 2019-03-03 | 2019-07-19 | 北京立思辰安科技术有限公司 | The method for supporting single-sign-on and third party login simultaneously |
| CN110120952A (en) * | 2019-05-16 | 2019-08-13 | 极智(上海)企业管理咨询有限公司 | A kind of total management system single-point logging method, device, computer equipment and storage medium |
| CN110175439A (en) * | 2019-05-29 | 2019-08-27 | 深圳前海微众银行股份有限公司 | User management method, device, equipment and computer readable storage medium |
| CN110311899A (en) * | 2019-06-17 | 2019-10-08 | 平安医疗健康管理股份有限公司 | Multiservice system access method, device and server |
| CN111885080A (en) * | 2020-07-31 | 2020-11-03 | 成都新潮传媒集团有限公司 | Login service architecture, server and client |
| CN112613010A (en) * | 2020-12-28 | 2021-04-06 | 北京世纪互联宽带数据中心有限公司 | Authentication service method, device, server and authentication service system |
| CN112995131A (en) * | 2021-02-01 | 2021-06-18 | 北京拉勾网络技术有限公司 | Page login method, system and computing device |
| CN113037741A (en) * | 2021-03-04 | 2021-06-25 | 腾讯科技(深圳)有限公司 | Authentication method and related device |
Non-Patent Citations (2)
| Title |
|---|
| 伍孟轩;李伟;易叔海;程蒙;刘川;: ""跨域单点登录解决方案研究"", 《网络安全技术与应用》, no. 02 * |
| 李庆林: ""基于WEB的单点登录和权限管理技术研究与实现"", 《中国优秀硕士学位论文全文数据库》, no. 03, pages 6 - 19 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115883237A (en) * | 2022-12-09 | 2023-03-31 | 海尔数字科技(上海)有限公司 | User security authentication method and device and electronic equipment |
| CN116108424A (en) * | 2022-12-27 | 2023-05-12 | 深圳红途科技有限公司 | User access account identification method, device, computer equipment and storage medium |
| CN116108424B (en) * | 2022-12-27 | 2025-11-07 | 深圳红途科技有限公司 | User access account identification method and device, computer equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114567475B (en) | 2024-11-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109347835B (en) | Information transmission method, client, server, and computer-readable storage medium | |
| CN108512846B (en) | Bidirectional authentication method and device between terminal and server | |
| US11811739B2 (en) | Web encryption for web messages and application programming interfaces | |
| CN113225352B (en) | Data transmission method and device, electronic equipment and storage medium | |
| US20230283475A1 (en) | Identity authentication system, method, apparatus, and device, and computer-readable storage medium | |
| CN112566119B (en) | Terminal authentication method, device, computer equipment and storage medium | |
| US9838870B2 (en) | Apparatus and method for authenticating network devices | |
| CN116233832A (en) | Verification information sending method and device | |
| DK2414983T3 (en) | Secure computer system | |
| CN115361683B (en) | A service access method, SIM card, server and service platform | |
| CN112601218B (en) | Wireless network configuration method and device | |
| CN116346341A (en) | Private key protection and server access method, system, device and storage medium | |
| WO2025185627A1 (en) | Secure communication method, key distribution center, device, medium, and product | |
| CN119363418A (en) | Confidential communication methods, terminals, devices, platforms, storage media and products | |
| CN114567475B (en) | Multi-system login method, device, electronic device and storage medium | |
| KR102171377B1 (en) | Method of login control | |
| CN108966214B (en) | Authentication method of wireless network, and secure communication method and system of wireless network | |
| CN108737087B (en) | Email account password protection method and computer-readable storage medium | |
| CN106714158B (en) | A kind of WiFi access method and device | |
| CN116709325B (en) | Mobile equipment security authentication method based on high-speed encryption algorithm | |
| CN118802143A (en) | Data transmission method, device and electronic equipment | |
| CN114051244B (en) | Authentication method and system between terminal side equipment and network side equipment | |
| CN116647410A (en) | VPN remote login method, device, equipment and medium | |
| CN114007218A (en) | Authentication method, system, terminal and digital identity authentication functional entity | |
| CN118802297B (en) | Authentication processing methods, devices and related equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |