WO2021068569A1 - Authentication method and apparatus, and computer system and readable storage medium - Google Patents
Authentication method and apparatus, and computer system and readable storage medium Download PDFInfo
- Publication number
- WO2021068569A1 WO2021068569A1 PCT/CN2020/099447 CN2020099447W WO2021068569A1 WO 2021068569 A1 WO2021068569 A1 WO 2021068569A1 CN 2020099447 W CN2020099447 W CN 2020099447W WO 2021068569 A1 WO2021068569 A1 WO 2021068569A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- information
- authority
- role
- url request
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
Definitions
- This application relates to the field of communication technology, and in particular to an authentication method, device, computer system, and readable storage medium, which can be applied in the field of big data database clusters.
- the login authority is that the client can only access the A system; when the client needs to access the A system, it can be based on the login authority Successful access.
- the customer needs to access the B system, he needs to return to the database again to confirm whether the client has the access permission. If not, then generate a page without permission and output it to the client; the inventor realizes this This method allows the client to return to the database to confirm the authority every time it accesses a different system, which leads to frequent interactions between the client and the database, which greatly increases the amount of system calculations, and reduces the system's calculation speed and efficiency. .
- the purpose of this application is to provide an authentication method, device, computer system, and readable storage medium, which are used to solve the problem that each time the client accesses a different system, it must return to the database to confirm the authority once, resulting in frequent client and database Interaction, causing the problem of reduced system operation speed and operation efficiency.
- this application provides an authentication method, including the following steps: S1: Create an authentication node with framework rules based on a preset operating framework, the authentication node includes a permission database, and generates a creation success signal and sends it Output to the client; S2: receive the login information sent by the client through the authentication node, and obtain permission information matching the login information in the permission database; S3: pass the authentication node according to the framework The rules store the authority information, generate a cache success signal and send it to the client; S4: receive the access information and URL request sent by the client through the authentication node, and use the framework rules to transfer the access The information and URL request are respectively compared with the authority information in the authentication node to obtain the authority result, and the authority result is loaded into the URL request to obtain a new URL request; S5: according to the authentication node The new URL requests to obtain system information, or generates a failure prompt box; and outputs the system information or failure prompt box to the client.
- the present application also provides an authentication device, including: a creation module, used to create an authentication node with framework rules based on a preset operating framework, the authentication node includes a permission database, and generates and outputs it To the client; an authority management module, used to receive the login information sent by the client through the authentication node, and obtain the authority information matching the login information in the authority database; a cache module, used to pass the The authentication node stores the authority information according to the framework rules, generates a cache success signal and sends it to the client; a request judgment module is used to receive the access information and URL request sent by the client through the authentication node , Using the framework rules to compare the access information and the URL request with the authorization information in the authentication node to obtain the authorization result, and load the authorization result into the URL request to obtain a new URL Request; a feedback module for obtaining system information according to the new URL request through the authentication node, or generating a failure prompt box; outputting the system information or failure prompt box to the client.
- a creation module used to create
- the present application also provides a computer system, which includes multiple computer devices, each computer device includes a memory, a processor, and a computer program stored in the memory and running on the processor, wherein the multiple A processor of a computer device executes an authentication method, wherein the authentication method includes the following steps: S1: Create an authentication node with framework rules based on a preset operating framework, the authentication node includes a permission database, and generates the creation Success signal and output it to the client; S2: receive the login information sent by the client through the authentication node, and obtain permission information matching the login information in the permission database; S3: pass the authentication The node stores the authority information according to the framework rules, generates a cache success signal and sends it to the client; S4: receives the access information and URL request sent by the client through the authentication node, and uses the framework The rule compares the access information and URL request with the authority information in the authentication node to obtain the authority result, and loads the authority result into the URL request to obtain a new URL request; S5:
- the present application also provides a computer-readable storage medium, which includes a plurality of storage media, and each storage medium stores a computer program, wherein the computer program stored in the plurality of storage media is stored by a processor
- An authentication method is implemented during execution, wherein the authentication method includes the following steps: S1: Create an authentication node with framework rules based on a preset operating framework, the authentication node includes a permission database, and generates a creation success signal and It is output to the client; S2: receiving the login information sent by the client through the authentication node, and obtaining permission information matching the login information in the permission database; S3: passing the authentication node according to the The framework rules store the authority information, generate a cache success signal and send it to the client; S4: receive the access information and URL request sent by the client through the authentication node, and use the framework rules to transfer the The access information and the URL request are respectively compared with the authority information in the authentication node to obtain the authority result, and the authority result is loaded into the URL request to obtain
- the authentication method, device, computer system, and readable storage medium provided by the present application create a permission database and create an operation framework through a creation module, obtain permission information matching the login information through the permission management module, and the cache module for the permission Information is stored;
- the request judgment module calculates the login information to obtain the authority result, and loads the authority result into the URL request;
- the client accesses different system servers, it only needs to obtain the permission result by requesting the judgment module, and then access the corresponding system server or generate a failure prompt box through the permission result;
- FIG. 1 is a flowchart of Embodiment 1 of the authentication method of this application.
- FIG. 2 is a schematic diagram of program modules of Embodiment 2 of the authentication device of this application;
- FIG. 3 is a schematic diagram of the hardware structure of the computer equipment in the third embodiment of the computer system of this application.
- the authentication method, device, computer system, and readable storage medium provided in this application are suitable for the communication field, and provide an authentication method based on a creation module, a rights management module, a cache module, a request judgment module, and a feedback module.
- a permission database is created through a creation module and an operating framework is created, permission information matching the login information is obtained through the permission management module, and the cache module stores the permission information; and then the login information is processed through the request judgment module Operate to obtain the authority result, and load the authority result into the URL request; finally, use the feedback module to access the system server and obtain system information according to the authority result, or generate a failure prompt box; and then load the system information or failure
- the prompt box is output to the client; so that when the client accesses different system servers, it only needs to obtain the permission result by requesting the judgment module, and then access the corresponding system server through the permission result or generate a failure prompt box.
- an authentication method of this embodiment, using the authentication device 1, includes the following steps:
- S1 Create an authentication node with framework rules based on a preset operating framework, the authentication node includes a permission database, and generates a creation success signal and outputs it to the client;
- S2 receiving the login information sent by the client through the authentication node, and obtaining permission information matching the login information in the permission database;
- S3 Store the authority information according to the framework rules through the authentication node, generate a cache success signal, and send it to the client;
- S4 Receive the access information and URL request sent by the client through the authentication node, and use the framework rules to compare the access information and URL request with the authority information in the authentication node to obtain authority results , And load the authority result into the URL request to obtain a new URL request;
- S5 Obtain system information according to the new URL request through the authentication node, or generate a failure prompt box; output the system information or the failure prompt box to the client.
- the operating framework is a technical implementation framework for the determined requirements, using a complete set of tools, and components that complete tasks under planning steps;
- the framework rules are for the access information and URL
- the rules for requesting calculations to obtain permission results can be written in JAVA language or C language; since the framework rules are set in the running framework, authentication nodes based on the framework rules can be created based on the running framework;
- the login information includes at least a login account number and a login password.
- the login information may also include a login device IMEI code, and/or a mobile phone number, and/or a mobile phone verification code;
- the authority information includes at least role information corresponding to the login information , And the role authority corresponding to the role information, the role information of the client is determined through the login information, and the corresponding role authority is obtained according to the role information;
- the running framework can also be used to store data, so the permission information of the client is stored in the running framework according to the framework rules, so that the permission information of the client currently being accessed can be quickly obtained;
- the access information is used to describe the identity of the client. Since it is necessary to ensure the uniqueness of the client and the convenience of the client to generate and output access information, the access information in this embodiment can be set as the IMEI code of the login device , And/or mobile phone number, and/or mobile phone verification code; a new URL request is obtained by loading the permission result in the URL request, so as to mark the URL request so that the authentication node only passes the mark, that is, the permission result, that is The URL request can be judged, and based on the judgment, system information can be obtained according to the new URL request, or a failure prompt box can be generated.
- the authentication node in this application is equivalent to a virtualized proxy server or a proxy node that performs authentication tasks, and can be installed in the system server as a component of the server. Therefore, the system server includes storage Server A and server B for web page information, and proxy server C for installing the authentication node.
- URL Uniform Resource Locator
- URL request is a concise representation of the location and access method of resources available on the Internet, and is the address of a standard resource on the Internet; each file on the Internet has a unique URL, it contains information that indicates the location of the file and how the browser should handle it.
- the URL request is the address of a standard resource used to obtain information from the system server. Therefore, the authorization result is loaded into the URL request. This technical solution will first determine whether the URL request has the authorization result.
- the system server is a service system for storing Internet information.
- the system server includes server A and server B for storing web pages. This application provides a method for judging the access information output by the client. And the method of URL request whether it has the authority to access server A or server B.
- the S1 includes the following steps:
- Spring is an open-source design-level framework that is used to solve the problem of loose coupling between the business logic layer and other layers, so it will interface-oriented programming ideas throughout the entire system applications.
- Spring is a lightweight Java development framework.
- the framework rules are rules for obtaining permission results by performing operations on the access information and URL requests, and for storing permission information in the running framework, which can be written in JAVA language or C language.
- the authority database includes first-level data, second-level data, and third-level data
- the first-level data includes a first-level information set and a first-level access set, the first-level information set has at least one registration information, and the first-level access set has at least one standard resource address of a system server;
- the second-level data includes a second-level information set and a second-level access set, the second-level information set has at least one registration information, and the second-level access set has at least one standard resource address of a system server;
- the three-level data includes a three-level access set, and the three-level access set has at least one standard resource address of a system server.
- S14 Generate a creation success signal according to the creation authority database and output it to the client;
- the creation success signal can be displayed on the client in the form of a dialog box.
- the S2 includes the following steps:
- S21 Receive, through the authentication node, the login information output by the client according to the creation success signal
- S22 Compare the login information with the first-level information set and the second-level information set in sequence, and generate authority information
- the authority information includes role information and role authority
- the generated role information is the login information
- the role authority is the authority information of the first-level access set
- the generated role information is the login information
- the role authority is the authority information of the secondary access set
- the generated role information is the login information
- the role authority is the authority information of the third-level access set
- the login information includes a login account, a login password, and a login device IMEI code.
- IMEI International The Mobile Equipment Identity, commonly known as "mobile phone serial number”
- EEPROM commonly known as chip
- Each mobile device has a unique IMEI.
- the login device IMEI code Is the IMEI code of the client.
- the S3 includes the following steps:
- S32 Generate a cache success signal through the authentication node, and output the cache success signal to the client.
- the S4 includes the following steps:
- S41 Receive, through the authentication node, the URL request and access information output by the client according to the cache success signal;
- the URL (Uniform Resource Locator) request is a concise representation of the location and access method of resources available on the Internet, and is the address of a standard resource on the Internet; in this embodiment, the URL request is The address of the standard resource used to obtain information from the system server;
- the access information includes the IMEI code of the login device, that is, the IEMI code of the client.
- S42 Use the framework rules to compare the access information with the role information of the permission information in the running framework through the authentication node to obtain permission information that matches the access information;
- the access information is compared with the role information in the running framework.
- the access information includes the IEMI code of the login device, and the role information includes the login account, the login password, and the IMEI code of the login device.
- the IMEI code of the login device in the role information determines that the access information matches the authority information corresponding to the role information.
- the above scheme can be used to determine whether the client sending the access information and URL request is in the logged-in state. ;
- the URL request Compare with the standard resource address in the role authority of the authority information, because the content of the URL request includes the requested resource address for requesting information, therefore, if the requested resource address is consistent with a certain standard resource address, the URL request is determined With or without the right to access the standard resource address, in a specific scenario, the above scheme can be used to determine whether the client sending the access information and URL request has the right to access the resource address requested in the URL request.
- Step S42 realizes the shunting of the access information and the URL request, and avoids the confusion of the URL request and the permission result caused by the input of a large amount of access information and the URL request.
- the framework rules in S4 may be admission rules, or may be exclusion rules.
- using the access rules to calculate the access information and the URL request to obtain the permission result includes the following steps:
- S4-01 sequentially compare the access information with the role information of the permission information stored in the running framework, and obtain the permission information having the role information consistent with the access information;
- the generated content is an unauthorized permission result, and the permission result is loaded into the URL request;
- S4-02 Extract the role authority of the authority information, and sequentially compare the URL request with the standard resource address of the system server in the role authority;
- the generated content is an unauthorized authority result, and the authority result is loaded into the URL request to form a new URL request.
- using the exclusion rule to calculate the access information and the URL request to obtain the authority result includes the following steps:
- the access information is sequentially compared with the role information of the permission information stored in the running framework to obtain the permission information having the role information consistent with the access information;
- the generated content is an unauthorized permission result, and the permission result is loaded into the URL request;
- S4-12 Extract the role authority of the authority information, and sequentially compare the URL request with the standard resource address of the system server in the role authority;
- the generated content is the authority result of the authority, and the authority result is loaded into the URL request to form a new URL request;
- the S5 includes the following steps:
- S52 Output the system information or failure prompt box to the client through the authentication node.
- An authentication device 1 of this embodiment includes:
- the creation module 11 is used to create an authentication node with framework rules based on a preset operating framework, the authentication node includes a permission database, and generates and outputs it to the client;
- the authority management module 12 is configured to receive the login information sent by the client through the authentication node, and obtain the authority information matching the login information in the authority database;
- the cache module 13 is configured to store the authority information according to the framework rules through the authentication node, generate a cache success signal, and send it to the client;
- the request judgment module 14 is configured to receive the access information and URL request sent by the client through the authentication node, and compare the access information and URL request with the authority information in the authentication node by using the framework rules. Obtain the permission result, and load the permission result into the URL request to obtain a new URL request;
- the feedback module 15 is configured to obtain system information according to the new URL request through the authentication node, or generate a failure prompt box; and output the system information or failure prompt box to the client.
- This technical solution is based on the cloud security field of cloud technology, creates a permission database and creates an operating framework through a creation module, obtains permission information matching the login information through the permission management module, and stores the permission information through the cache module;
- the request judgment module calculates the login information to obtain the authorization result, and loads the authorization result into the URL request;
- the feedback module accesses the system server according to the authorization result and obtains system information, or generates a failure prompt box ; Then output the system information or failure prompt box to the client; realize the technical effect of ensuring the security of the virtual layer based on virtualized user authentication.
- the present application also provides a computer system that includes a plurality of computer devices 2.
- the components of the authentication device 1 of the second embodiment can be dispersed in different computer devices, and the computer devices can execute programs. Smartphones, tablet computers, notebook computers, desktop computers, rack servers, blade servers, tower servers or cabinet servers (including independent servers, or server clusters composed of multiple servers), etc.
- the computer equipment of this embodiment at least includes but is not limited to: a memory 21 and a processor 22 that can be communicatively connected to each other through a system bus, as shown in FIG. 3. It should be pointed out that FIG. 3 only shows a computer device with components, but it should be understood that it is not required to implement all the illustrated components, and more or fewer components may be implemented instead.
- the memory 21 (ie, readable storage medium) includes flash memory, hard disk, multimedia card, card-type memory (for example, SD or DX memory, etc.), random access memory (RAM), static random access memory (SRAM), Read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), programmable read-only memory (PROM), magnetic memory, magnetic disks, optical disks, etc.
- the memory 21 may be an internal storage unit of a computer device, such as a hard disk or memory of the computer device.
- the memory 21 may also be an external storage device of the computer device, such as a plug-in hard disk, a smart memory card (Smart Media Card, SMC), and a secure digital (Secure Digital, SD) equipped on the computer device. Flash card Card) and so on.
- the memory 21 may also include both the internal storage unit of the computer device and its external storage device.
- the memory 21 is generally used to store an operating system and various application software installed in a computer device, such as the program code of the authentication device in the first embodiment.
- the memory 21 can also be used to temporarily store various types of data that have been output or will be output.
- the processor 22 may be a central processing unit (Central Processing Unit, CPU), a controller, a microcontroller, a microprocessor, or other data processing chips.
- the processor 22 is generally used to control the overall operation of the computer equipment.
- the processor 22 is used to run the program code or process data stored in the memory 21, for example, to run an authentication device, so as to implement the authentication method of the first embodiment.
- the computer-readable storage medium may be non-volatile or volatile, and includes multiple storage media, such as flash memory, hard disk, and multimedia.
- Card, card-type memory for example, SD or DX memory, etc.
- RAM random access memory
- SRAM static random access memory
- ROM read-only memory
- EEPROM electrically erasable programmable read-only memory
- PROM Programmable read-only memory
- magnetic memory magnetic disks, optical disks, servers, App application malls, etc.
- the computer-readable storage medium of this embodiment is used to store an authentication device, and when executed by the processor 22, the authentication method of the first embodiment is implemented.
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- Power Engineering (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Computational Linguistics (AREA)
- Storage Device Security (AREA)
Abstract
Description
本申请要求2019年10月12日提交中国专利局、申请号为CN201910969165.2,发明名称为“一种认证方法、装置、计算机系统及可读存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of a Chinese patent application filed with the Chinese Patent Office on October 12, 2019, the application number is CN201910969165.2, and the invention title is "a certification method, device, computer system and readable storage medium", all of which The content is incorporated in this application by reference.
本申请涉及通信技术领域,尤其涉及一种认证方法、装置、计算机系统及可读存储介质,其可应用在大数据的数据库集群领域。This application relates to the field of communication technology, and in particular to an authentication method, device, computer system, and readable storage medium, which can be applied in the field of big data database clusters.
传统虚拟用户认证通过以下方式实现:Traditional virtual user authentication is implemented in the following ways:
首先判定客户端的登录信息是否在数据库中注册,再从数据库中获取该客户端的登陆权限,如登陆权限为该客户端只能访问A系统;当客户端需要访问A系统时,则可以根据登陆权限顺利访问,然而当客户需要访问B系统时,则需要再度返回数据库,以确认该客户端是否具有访问权限,若不具有,则生成无权访问的页面并输出至客户端;发明人意识到这种方式使得客户端在每次访问不同的系统时,都要返回数据库中确认一次权限,导致客户端与数据库频繁交互,极大的提升了系统运算量,造成系统运算速度和运算效率降低的情况。First determine whether the client's login information is registered in the database, and then obtain the client's login authority from the database. For example, the login authority is that the client can only access the A system; when the client needs to access the A system, it can be based on the login authority Successful access. However, when the customer needs to access the B system, he needs to return to the database again to confirm whether the client has the access permission. If not, then generate a page without permission and output it to the client; the inventor realizes this This method allows the client to return to the database to confirm the authority every time it accesses a different system, which leads to frequent interactions between the client and the database, which greatly increases the amount of system calculations, and reduces the system's calculation speed and efficiency. .
发明内容Summary of the invention
本申请的目的是提供一种认证方法、装置、计算机系统及可读存储介质,用于解决客户端在每次访问不同的系统时,都要返回数据库中确认一次权限,导致客户端与数据库频繁交互,造成系统运算速度和运算效率降低的情况的问题。The purpose of this application is to provide an authentication method, device, computer system, and readable storage medium, which are used to solve the problem that each time the client accesses a different system, it must return to the database to confirm the authority once, resulting in frequent client and database Interaction, causing the problem of reduced system operation speed and operation efficiency.
为实现上述目的,本申请提供一种认证方法,包括以下步骤:S1:基于预设的运行框架创设具有框架规则的认证节点,所述认证节点包含有权限数据库,并生成创设成功信号并将其输出至客户端;S2:通过所述认证节点接收所述客户端发送的登陆信息,在所述权限数据库中获取与所述登陆信息匹配的权限信息;S3:通过所述认证节点依据所述框架规则对所述权限信息进行储存,生成缓存成功信号并将其发送至客户端;S4:通过所述认证节点接收所述客户端发送的访问信息和URL请求,利用所述框架规则将所述访问信息和URL请求分别与所述认证节点中的权限信息进行比对以获得权限结果,并将所述权限结果载入至所述URL请求,得到新的URL请求;S5:通过所述认证节点根据所述新的URL请求获取系统信息,或生成失败提示框;将所述系统信息或失败提示框输出至所述客户端。In order to achieve the above objective, this application provides an authentication method, including the following steps: S1: Create an authentication node with framework rules based on a preset operating framework, the authentication node includes a permission database, and generates a creation success signal and sends it Output to the client; S2: receive the login information sent by the client through the authentication node, and obtain permission information matching the login information in the permission database; S3: pass the authentication node according to the framework The rules store the authority information, generate a cache success signal and send it to the client; S4: receive the access information and URL request sent by the client through the authentication node, and use the framework rules to transfer the access The information and URL request are respectively compared with the authority information in the authentication node to obtain the authority result, and the authority result is loaded into the URL request to obtain a new URL request; S5: according to the authentication node The new URL requests to obtain system information, or generates a failure prompt box; and outputs the system information or failure prompt box to the client.
为实现上述目的,本申请还提供一种认证装置,包括:创设模块,用于基于预设的运行框架创设具有框架规则的认证节点,所述认证节点包含有权限数据库,并生成并将其输出至客户端;权限管理模块,用于通过所述认证节点接收所述客户端发送的登陆信息,在所述权限数据库中获取与所述登陆信息匹配的权限信息;缓存模块,用于通过所述认证节点依据所述框架规则对所述权限信息进行储存,生成缓存成功信号并将其发送至客户端;请求判断模块,用于通过所述认证节点接收所述客户端发送的访问信息和URL请求,利用所述框架规则将所述访问信息和URL请求分别与所述认证节点中的权限信息进行比对以获得权限结果,并将所述权限结果载入至所述URL请求,得到新的URL请求;反馈模块,用于通过所述认证节点根据所述新的URL请求获取系统信息,或生成失败提示框;将所述系统信息或失败提示框输出至所述客户端。In order to achieve the above object, the present application also provides an authentication device, including: a creation module, used to create an authentication node with framework rules based on a preset operating framework, the authentication node includes a permission database, and generates and outputs it To the client; an authority management module, used to receive the login information sent by the client through the authentication node, and obtain the authority information matching the login information in the authority database; a cache module, used to pass the The authentication node stores the authority information according to the framework rules, generates a cache success signal and sends it to the client; a request judgment module is used to receive the access information and URL request sent by the client through the authentication node , Using the framework rules to compare the access information and the URL request with the authorization information in the authentication node to obtain the authorization result, and load the authorization result into the URL request to obtain a new URL Request; a feedback module for obtaining system information according to the new URL request through the authentication node, or generating a failure prompt box; outputting the system information or failure prompt box to the client.
为实现上述目的,本申请还提供一种计算机系统,其包括多个计算机设备,各计算机设备包括存储器、处理器以及存储在存储器上并可在处理器上运行的计算机程序,其中,所述多个计算机设备的处理器执行一种认证方法,其中,所述认证方法包括以下步骤:S1:基于预设的运行框架创设具有框架规则的认证节点,所述认证节点包含有权限数据库,并生成创设成功信号并将其输出至客户端;S2:通过所述认证节点接收所述客户端发送的登陆信息,在所述权限数据库中获取与所述登陆信息匹配的权限信息;S3:通过所述认证节点依据所述框架规则对所述权限信息进行储存,生成缓存成功信号并将其发送至客户端;S4:通过所述认证节点接收所述客户端发送的访问信息和URL请求,利用所述框架规则将所述访问信息和URL请求分别与所述认证节点中的权限信息进行比对以获得权限结果,并将所述权限结果载入至所述URL请求,得到新的URL请求;S5:通过所述认证节点根据所述新的URL请求获取系统信息,或生成失败提示框;将所述系统信息或失败提示框输出至所述客户端。To achieve the above objective, the present application also provides a computer system, which includes multiple computer devices, each computer device includes a memory, a processor, and a computer program stored in the memory and running on the processor, wherein the multiple A processor of a computer device executes an authentication method, wherein the authentication method includes the following steps: S1: Create an authentication node with framework rules based on a preset operating framework, the authentication node includes a permission database, and generates the creation Success signal and output it to the client; S2: receive the login information sent by the client through the authentication node, and obtain permission information matching the login information in the permission database; S3: pass the authentication The node stores the authority information according to the framework rules, generates a cache success signal and sends it to the client; S4: receives the access information and URL request sent by the client through the authentication node, and uses the framework The rule compares the access information and URL request with the authority information in the authentication node to obtain the authority result, and loads the authority result into the URL request to obtain a new URL request; S5: pass The authentication node requests to obtain system information according to the new URL, or generates a failure prompt box; and outputs the system information or failure prompt box to the client.
为实现上述目的,本申请还提供一种计算机可读存储介质,其包括多个存储介质,各存储介质上存储有计算机程序,其中,所述多个存储介质存储的所述计算机程序被处理器执行时实现一种认证方法,其中,所述认证方法包括以下步骤:S1:基于预设的运行框架创设具有框架规则的认证节点,所述认证节点包含有权限数据库,并生成创设成功信号并将其输出至客户端;S2:通过所述认证节点接收所述客户端发送的登陆信息,在所述权限数据库中获取与所述登陆信息匹配的权限信息;S3:通过所述认证节点依据所述框架规则对所述权限信息进行储存,生成缓存成功信号并将其发送至客户端;S4:通过所述认证节点接收所述客户端发送的访问信息和URL请求,利用所述框架规则将所述访问信息和URL请求分别与所述认证节点中的权限信息进行比对以获得权限结果,并将所述权限结果载入至所述URL请求,得到新的URL请求;S5:通过所述认证节点根据所述新的URL请求获取系统信息,或生成失败提示框;将所述系统信息或失败提示框输出至所述客户端。In order to achieve the above object, the present application also provides a computer-readable storage medium, which includes a plurality of storage media, and each storage medium stores a computer program, wherein the computer program stored in the plurality of storage media is stored by a processor An authentication method is implemented during execution, wherein the authentication method includes the following steps: S1: Create an authentication node with framework rules based on a preset operating framework, the authentication node includes a permission database, and generates a creation success signal and It is output to the client; S2: receiving the login information sent by the client through the authentication node, and obtaining permission information matching the login information in the permission database; S3: passing the authentication node according to the The framework rules store the authority information, generate a cache success signal and send it to the client; S4: receive the access information and URL request sent by the client through the authentication node, and use the framework rules to transfer the The access information and the URL request are respectively compared with the authority information in the authentication node to obtain the authority result, and the authority result is loaded into the URL request to obtain a new URL request; S5: pass the authentication node According to the new URL request to obtain system information, or generate a failure prompt box; output the system information or the failure prompt box to the client.
本申请提供的认证方法、装置、计算机系统及可读存储介质,通过创设模块创设权限数据库并创建运行框架,通过权限管理模块获取与所述登陆信息匹配的权限信息,以及缓存模块对所述权限信息进行储存;The authentication method, device, computer system, and readable storage medium provided by the present application create a permission database and create an operation framework through a creation module, obtain permission information matching the login information through the permission management module, and the cache module for the permission Information is stored;
再通过请求判断模块对所述登陆信息进行运算获得权限结果,并将所述权限结果载入至所述URL请求;Then, the request judgment module calculates the login information to obtain the authority result, and loads the authority result into the URL request;
最后通过反馈模块根据所述权限结果访问系统服务器并获取系统信息,或生成失败提示框;再将所述系统信息或失败提示框输出至所述客户端;Finally, through the feedback module, access the system server and obtain system information according to the authority result, or generate a failure prompt box; then output the system information or failure prompt box to the client;
因此,客户端在访问不同的系统服务器时,只需要通过请求判断模块获得权限结果,再通过该权限结果访问相应的系统服务器或生成失败提示框;Therefore, when the client accesses different system servers, it only needs to obtain the permission result by requesting the judgment module, and then access the corresponding system server or generate a failure prompt box through the permission result;
这种方式使得客户端在频繁访问不同的系统时,只需通过权限结果即可实现有权访问和无权访问,极大的降低了系统运算量,进而提高了系统运算速度和运算效率。In this way, when the client frequently accesses different systems, it only needs to use the permission result to realize the right and unauthorized access, which greatly reduces the amount of system calculations, and further improves the system's calculation speed and calculation efficiency.
图1为本申请认证方法实施例一的流程图;FIG. 1 is a flowchart of Embodiment 1 of the authentication method of this application;
图2为本申请认证装置实施例二的程序模块示意图;2 is a schematic diagram of program modules of Embodiment 2 of the authentication device of this application;
图3为本申请计算机系统实施例三中计算机设备的硬件结构示意图。FIG. 3 is a schematic diagram of the hardware structure of the computer equipment in the third embodiment of the computer system of this application.
附图标记:Reference signs:
1、认证装置 2、计算机设备 11、创设模块 12、权限管理模块1. Authentication device 2. Computer equipment 11. Create module 12. Authority management module
13、缓存模块 14、请求判断模块 15、反馈模块 21、存储器13. Cache module 14. Request judgment module 15. Feedback module 21, memory
22、处理器22, processor
具体实施方式Detailed ways
为了使本申请的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本申请进行进一步详细说明。应当理解,此处所描述的具体实施例仅用以解释本申请,并不用于限定本申请。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。In order to make the purpose, technical solutions, and advantages of this application clearer, the following further describes this application in detail with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present application, and are not used to limit the present application. Based on the embodiments in this application, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of this application.
本申请提供的认证方法、装置、计算机系统及可读存储介质,适用于通信领域,为提供一种基于创设模块、权限管理模块、缓存模块、请求判断模块和反馈模块的认证方法。本申请通过创设模块创设权限数据库并创建运行框架,通过权限管理模块获取与所述登陆信息匹配的权限信息,以及缓存模块对所述权限信息进行储存;再通过请求判断模块对所述登陆信息进行运算获得权限结果,并将所述权限结果载入至所述URL请求;最后通过反馈模块根据所述权限结果访问系统服务器并获取系统信息,或生成失败提示框;再将所述系统信息或失败提示框输出至所述客户端;使得客户端在访问不同的系统服务器时,只需要通过请求判断模块获得权限结果,再通过该权限结果访问相应的系统服务器或生成失败提示框。The authentication method, device, computer system, and readable storage medium provided in this application are suitable for the communication field, and provide an authentication method based on a creation module, a rights management module, a cache module, a request judgment module, and a feedback module. In this application, a permission database is created through a creation module and an operating framework is created, permission information matching the login information is obtained through the permission management module, and the cache module stores the permission information; and then the login information is processed through the request judgment module Operate to obtain the authority result, and load the authority result into the URL request; finally, use the feedback module to access the system server and obtain system information according to the authority result, or generate a failure prompt box; and then load the system information or failure The prompt box is output to the client; so that when the client accesses different system servers, it only needs to obtain the permission result by requesting the judgment module, and then access the corresponding system server through the permission result or generate a failure prompt box.
实施例一Example one
请参阅图1,本实施例的一种认证方法,利用认证装置1,包括以下步骤:Please refer to Fig. 1, an authentication method of this embodiment, using the authentication device 1, includes the following steps:
S1:基于预设的运行框架创设具有框架规则的认证节点,所述认证节点包含有权限数据库,并生成创设成功信号并将其输出至客户端;S1: Create an authentication node with framework rules based on a preset operating framework, the authentication node includes a permission database, and generates a creation success signal and outputs it to the client;
S2:通过所述认证节点接收所述客户端发送的登陆信息,在所述权限数据库中获取与所述登陆信息匹配的权限信息;S2: receiving the login information sent by the client through the authentication node, and obtaining permission information matching the login information in the permission database;
S3:通过所述认证节点依据所述框架规则对所述权限信息进行储存,生成缓存成功信号并将其发送至客户端;S3: Store the authority information according to the framework rules through the authentication node, generate a cache success signal, and send it to the client;
S4:通过所述认证节点接收所述客户端发送的访问信息和URL请求,利用所述框架规则将所述访问信息和URL请求分别与所述认证节点中的权限信息进行比对以获得权限结果,并将所述权限结果载入至所述URL请求,得到新的URL请求;S4: Receive the access information and URL request sent by the client through the authentication node, and use the framework rules to compare the access information and URL request with the authority information in the authentication node to obtain authority results , And load the authority result into the URL request to obtain a new URL request;
S5:通过所述认证节点根据所述新的URL请求获取系统信息,或生成失败提示框;将所述系统信息或失败提示框输出至所述客户端。S5: Obtain system information according to the new URL request through the authentication node, or generate a failure prompt box; output the system information or the failure prompt box to the client.
于本实施例中,所述运行框架是对已确定的需求的技术实现构架、运用成套、完整的工具并在规划的步骤下完成任务的组件;所述框架规则为对所述访问信息和URL请求进行运算获得权限结果的规则,其可通过JAVA语言或C语言编写而成;由于在所述运行框架中设置了框架规则,因此可基于运行框架创设基于框架规则的认证节点;所述权限数据库用于储存标准资源地址,可通过对权限数据库中的标准资源地址进行多级管理,使各标准资源地址能够具有不同级别的权限;In this embodiment, the operating framework is a technical implementation framework for the determined requirements, using a complete set of tools, and components that complete tasks under planning steps; the framework rules are for the access information and URL The rules for requesting calculations to obtain permission results can be written in JAVA language or C language; since the framework rules are set in the running framework, authentication nodes based on the framework rules can be created based on the running framework; the permission database Used to store standard resource addresses, multi-level management can be performed on the standard resource addresses in the authority database, so that each standard resource address can have different levels of authority;
所述登陆信息至少包括登陆账号和登陆密码,所述登陆信息还可包括登陆设备IMEI码、和/或手机号码、和/或手机验证码;所述权限信息至少包括与登陆信息对应的角色信息,以及与所述角色信息对应的角色权限,通过登陆信息确定所述客户端的角色信息,在根据该角色信息获得与其对应的角色权限;The login information includes at least a login account number and a login password. The login information may also include a login device IMEI code, and/or a mobile phone number, and/or a mobile phone verification code; the authority information includes at least role information corresponding to the login information , And the role authority corresponding to the role information, the role information of the client is determined through the login information, and the corresponding role authority is obtained according to the role information;
所述运行框架还可用于储存数据,因此将所述客户端的权限信息依据所述框架规则储存在运行框架内,以便于快速获得当前正在访问的客户端的权限信息;The running framework can also be used to store data, so the permission information of the client is stored in the running framework according to the framework rules, so that the permission information of the client currently being accessed can be quickly obtained;
所述访问信息为用于描述客户端的身份,由于既需要确保客户端的唯一性同时又需要保证客户端生成并输出访问信息的便利度,因此本实施例中的访问信息可设为登陆设备IMEI码、和/或手机号码、和/或手机验证码;通过在URL请求中载入权限结果获得新的URL请求,以实现对URL请求进行标记,使认证节点仅通过该标记,即权限结果,即可对URL请求进行判断,进而基于该判断根据所述新的URL请求获取系统信息,或生成失败提示框。The access information is used to describe the identity of the client. Since it is necessary to ensure the uniqueness of the client and the convenience of the client to generate and output access information, the access information in this embodiment can be set as the IMEI code of the login device , And/or mobile phone number, and/or mobile phone verification code; a new URL request is obtained by loading the permission result in the URL request, so as to mark the URL request so that the authentication node only passes the mark, that is, the permission result, that is The URL request can be judged, and based on the judgment, system information can be obtained according to the new URL request, or a failure prompt box can be generated.
需要说明的是,在本申请中所述认证节点相当于一个虚拟化的代理服务器或者是执行认证任务的代理节点,可作为服务器的组件安装在系统服务器中,因此所述系统服务器包括用于储存网页信息的服务器A和服务器B,以及用于安装所述认证节点的代理服务器C。It should be noted that the authentication node in this application is equivalent to a virtualized proxy server or a proxy node that performs authentication tasks, and can be installed in the system server as a component of the server. Therefore, the system server includes storage Server A and server B for web page information, and proxy server C for installing the authentication node.
同时,URL(统一资源定位符)请求是对可以从互联网上得到的资源的位置和访问方法的一种简洁的表示,是互联网上标准资源的地址;互联网上的每个文件都有一个唯一的URL,它包含的信息指出文件的位置以及浏览器应该怎么处理它。在本实施例中,URL请求为用于从系统服务器获取信息获取信息的标准资源的地址,因此,将权限结果载入URL请求中,本技术方案会首先判断URL请求中是否具有权限结果,若是则判断权限结果是否有权,若有权则通过URL请求获取系统服务器中的信息并将其返回至客户端;提取所述URL请求中的权限结果,并判断所述权限结果的内容;若所述权限结果为有权,则访问所述URL请求指定的系统服务器,并获取所述系统服务器的系统信息;若所述权限结果为无权,则生成失败提示框;将所述系统信息或失败提示框输出至所述客户端。需要说明的是,系统服务器是用于储存互联网信息的服务系统,例如,系统服务器包括用于储存网页的A服务器和B服务器,本申请则是提供一种用于判断客户端所输出的访问信息和URL请求是否具有访问A服务器或B服务器的权限的方法。At the same time, URL (Uniform Resource Locator) request is a concise representation of the location and access method of resources available on the Internet, and is the address of a standard resource on the Internet; each file on the Internet has a unique URL, it contains information that indicates the location of the file and how the browser should handle it. In this embodiment, the URL request is the address of a standard resource used to obtain information from the system server. Therefore, the authorization result is loaded into the URL request. This technical solution will first determine whether the URL request has the authorization result. Then it is judged whether the permission result is right, if it is right, the information in the system server is obtained through the URL request and returned to the client; the permission result in the URL request is extracted, and the content of the permission result is judged; If the permission result is right, access the system server specified by the URL request and obtain the system information of the system server; if the permission result is no right, a failure prompt box is generated; and the system information or failed The prompt box is output to the client. It should be noted that the system server is a service system for storing Internet information. For example, the system server includes server A and server B for storing web pages. This application provides a method for judging the access information output by the client. And the method of URL request whether it has the authority to access server A or server B.
具体的,所述S1包括以下步骤:Specifically, the S1 includes the following steps:
S11:创建运行框架并在所述运行框架中设置框架规则;S11: Create a running framework and set framework rules in the running framework;
需要说明的是,所述运行框架为Spring安全框架;Spring是一个开放源代码的设计层面框架,用于解决业务逻辑层和其他各层的松耦合问题,因此它将面向接口的编程思想贯穿整个系统应用。Spring是一种轻量级的Java 开发框架。It should be noted that the operating framework is the Spring security framework; Spring is an open-source design-level framework that is used to solve the problem of loose coupling between the business logic layer and other layers, so it will interface-oriented programming ideas throughout the entire system applications. Spring is a lightweight Java development framework.
S12:基于所述运行框架创设具有所述框架规则的认证节点;S12: Create an authentication node with the framework rules based on the operating framework;
本步骤中,所述框架规则为对所述访问信息和URL请求进行运算获得权限结果的规则,以及用于将权限信息储存在运行框架内,其可通过JAVA语言或C语言编写而成。In this step, the framework rules are rules for obtaining permission results by performing operations on the access information and URL requests, and for storing permission information in the running framework, which can be written in JAVA language or C language.
S13:在所述认证节点中创建权限数据库;S13: Create an authority database in the authentication node;
本步骤中,所述权限数据库包括一级数据、二级数据和三级数据;In this step, the authority database includes first-level data, second-level data, and third-level data;
所述一级数据包括一级信息集和一级访问集,所述一级信息集中具有至少一个注册信息,所述一级访问集中至少具有一个系统服务器的标准资源地址;The first-level data includes a first-level information set and a first-level access set, the first-level information set has at least one registration information, and the first-level access set has at least one standard resource address of a system server;
所述二级数据包括二级信息集和二级访问集,所述二级信息集中具有至少一个注册信息,所述二级访问集中至少具有一个系统服务器的标准资源地址;The second-level data includes a second-level information set and a second-level access set, the second-level information set has at least one registration information, and the second-level access set has at least one standard resource address of a system server;
所述三级数据包括三级访问集,所述三级访问集中至少具有一个系统服务器的标准资源地址。The three-level data includes a three-level access set, and the three-level access set has at least one standard resource address of a system server.
S14:根据所述创建权限数据库生成创设成功信号并将其输出至客户端;S14: Generate a creation success signal according to the creation authority database and output it to the client;
本步骤中,所述创设成功信号可以对话框的形式在所述客户端展示。In this step, the creation success signal can be displayed on the client in the form of a dialog box.
具体的,所述S2包括以下步骤:Specifically, the S2 includes the following steps:
S21:通过所述认证节点接收由客户端根据所述创设成功信号输出的登陆信息;S21: Receive, through the authentication node, the login information output by the client according to the creation success signal;
S22:将所述登陆信息依次与所述一级信息集和二级信息集进行比对,并生成权限信息;S22: Compare the login information with the first-level information set and the second-level information set in sequence, and generate authority information;
其中,所述权限信息包括角色信息和角色权限;Wherein, the authority information includes role information and role authority;
具体的,若所述登陆信息与所述一级信息集中某一注册信息一致,则生成角色信息为所述登陆信息,角色权限为所述一级访问集的权限信息;Specifically, if the login information is consistent with certain registration information in the first-level information set, the generated role information is the login information, and the role authority is the authority information of the first-level access set;
若所述登陆信息与所述二级信息集中某一注册信息一致,则生成角色信息为所述登陆信息,角色权限为所述二级访问集的权限信息;If the login information is consistent with certain registration information in the secondary information set, the generated role information is the login information, and the role authority is the authority information of the secondary access set;
若所述登陆信息与所述一级信息集和二级信息集中所有注册信息均不一致,则生成角色信息为所述登陆信息,角色权限为所述三级访问集的权限信息;If the login information is inconsistent with all registration information in the first-level information set and the second-level information set, the generated role information is the login information, and the role authority is the authority information of the third-level access set;
S23:通过所述认证节点将所述权限信息输出至运行框架;S23: Output the authority information to the running framework through the authentication node;
需要说明的是,所述登陆信息包括登陆账号,登陆密码和登陆设备IMEI码,其中,IMEI(International Mobile Equipment Identity,国际移动身份识别)码俗称“手机串号”存储在手机的EEPROM(俗称码片)里,每一个移动设备都对一个唯一的IMEI,本实施例中,所述登陆设备IMEI码为所述客户端的IMEI码。It should be noted that the login information includes a login account, a login password, and a login device IMEI code. Among them, IMEI (International The Mobile Equipment Identity, commonly known as "mobile phone serial number", is stored in the EEPROM (commonly known as chip) of the mobile phone. Each mobile device has a unique IMEI. In this embodiment, the login device IMEI code Is the IMEI code of the client.
具体的,所述S3包括以下步骤:Specifically, the S3 includes the following steps:
S31:通过所述认证节点将所述权限信息储存在所述运行框架中;S31: Store the authority information in the operating framework through the authentication node;
S32:通过所述认证节点生成缓存成功信号,并将所述缓存成功信号输出至客户端。S32: Generate a cache success signal through the authentication node, and output the cache success signal to the client.
具体的,所述S4包括以下步骤:Specifically, the S4 includes the following steps:
S41:通过所述认证节点接收由所述客户端根据缓存成功信号输出的URL请求和访问信息;S41: Receive, through the authentication node, the URL request and access information output by the client according to the cache success signal;
本步骤中,URL(统一资源定位符)请求是对可以从互联网上得到的资源的位置和访问方法的一种简洁的表示,是互联网上标准资源的地址;在本实施例中,URL请求为用于从系统服务器获取信息的标准资源的地址;In this step, the URL (Uniform Resource Locator) request is a concise representation of the location and access method of resources available on the Internet, and is the address of a standard resource on the Internet; in this embodiment, the URL request is The address of the standard resource used to obtain information from the system server;
访问信息包括登陆设备IMEI码,即所述客户端的IEMI码。The access information includes the IMEI code of the login device, that is, the IEMI code of the client.
S42:通过所述认证节点利用所述框架规则将所述访问信息与所述运行框架中权限信息的角色信息进行比对,以获得与所述访问信息匹配的权限信息;S42: Use the framework rules to compare the access information with the role information of the permission information in the running framework through the authentication node to obtain permission information that matches the access information;
于本实施例中,将访问信息与运行框架中的角色信息比对,其中,访问信息中包括登陆设备IEMI码,角色信息包括登陆账户、登陆密码和登录设备IMEI码,若访问信息与所述角色信息中的登陆设备IMEI码,则判定访问信息与该角色信息所对应的权限信息匹配,在一个具体的应用场景中,可通过上述方案判断发送访问信息和URL请求的客户端是否为登陆状态;In this embodiment, the access information is compared with the role information in the running framework. The access information includes the IEMI code of the login device, and the role information includes the login account, the login password, and the IMEI code of the login device. The IMEI code of the login device in the role information determines that the access information matches the authority information corresponding to the role information. In a specific application scenario, the above scheme can be used to determine whether the client sending the access information and URL request is in the logged-in state. ;
提取所述与访问信息匹配的权限信息的角色权限,利用所述框架规则比对所述URL请求与所述角色权限中的标准资源地址,并生成权限结果;于本实施例中,将URL请求与所述权限信息的角色权限中的标准资源地址进行比对,由于URL请求其内容包括有用于请求信息的请求资源地址,因此,若请求资源地址与某一标准资源地址一致,则判定URL请求有权访问或无权访问该标准资源地址,在一个具体的场景中,可通过上述方案判断发送访问信息和URL请求的客户端是否有权访问URL请求中请求资源地址的权限。Extract the role permissions of the permission information matching the access information, use the framework rules to compare the URL request with the standard resource address in the role permissions, and generate the permission result; in this embodiment, the URL request Compare with the standard resource address in the role authority of the authority information, because the content of the URL request includes the requested resource address for requesting information, therefore, if the requested resource address is consistent with a certain standard resource address, the URL request is determined With or without the right to access the standard resource address, in a specific scenario, the above scheme can be used to determine whether the client sending the access information and URL request has the right to access the resource address requested in the URL request.
S43:通过所述认证节点将所述权限结果载入至所述URL请求形成新的URL请求;S43: Load the authority result into the URL request through the authentication node to form a new URL request;
本步骤中,由于将权限结果载入至URL请求,使得在接收到大量访问信息和URL请求时,认证节点仅会对具有权限结果的URL请求执行步骤S5,对不具有权限结果的URL请求执行步骤S42,实现了对所述访问信息和URL请求进行分流,避免了因大量访问信息和URL请求的输入所造成URL请求与权限结果匹配混乱的情况出现。进一步的,所述S4中的框架规则可为准入规则,或可为排除规则。In this step, because the authorization result is loaded into the URL request, when a large amount of access information and URL requests are received, the authentication node will only perform step S5 on the URL request with the authorization result, and execute the URL request for the URL without the authorization result. Step S42 realizes the shunting of the access information and the URL request, and avoids the confusion of the URL request and the permission result caused by the input of a large amount of access information and the URL request. Further, the framework rules in S4 may be admission rules, or may be exclusion rules.
所述S4中利用准入规则对所述访问信息和URL请求进行运算获得权限结果,包括以下步骤:In the S4, using the access rules to calculate the access information and the URL request to obtain the permission result includes the following steps:
S4-01:将所述访问信息与运行框架中储存的权限信息的角色信息依次进行比对,获得具有与所述访问信息一致的角色信息的权限信息;S4-01: sequentially compare the access information with the role information of the permission information stored in the running framework, and obtain the permission information having the role information consistent with the access information;
若所述访问信息与所述运行框架中储存的所有权限信息的角色信息均不一致,则生成内容为无权的权限结果,并将所述权限结果载入至URL请求;If the access information is inconsistent with the role information of all permission information stored in the running framework, the generated content is an unauthorized permission result, and the permission result is loaded into the URL request;
S4-02:提取所述权限信息的角色权限,将所述URL请求与所述角色权限中的系统服务器的标准资源地址依次进行比对;S4-02: Extract the role authority of the authority information, and sequentially compare the URL request with the standard resource address of the system server in the role authority;
S4-03:若所述角色权限中具有与所述URL请求一致的系统服务器的标准资源地址,则生成内容为有权的权限结果,并将所述权限结果载入至URL请求形成新的URL请求;S4-03: If the role authority has the standard resource address of the system server consistent with the URL request, the generated content is the authority result of the authority, and the authority result is loaded into the URL request to form a new URL request;
若所述角色权限中不具有与所述URL请求一致的系统服务器的标准资源地址,则生成内容为无权的权限结果,并将所述权限结果载入至URL请求形成新的URL请求。If the role authority does not have the standard resource address of the system server consistent with the URL request, the generated content is an unauthorized authority result, and the authority result is loaded into the URL request to form a new URL request.
所述S4-03中,通过JAVA对象赋值的方式生成内容为有权或无权的权限结果,并将该权限结果载入至相应的URL请求。In S4-03, a permission result whose content is right or not is generated by way of JAVA object assignment, and the permission result is loaded into the corresponding URL request.
所述S4中利用排除规则对所述访问信息和URL请求进行运算获得权限结果,包括以下步骤:In the S4, using the exclusion rule to calculate the access information and the URL request to obtain the authority result includes the following steps:
S4-11:将所述访问信息与运行框架中储存的权限信息的角色信息依次进行比对,获得具有与所述访问信息一致的角色信息的权限信息;S4-11: The access information is sequentially compared with the role information of the permission information stored in the running framework to obtain the permission information having the role information consistent with the access information;
若所述访问信息与所述运行框架中储存的所有权限信息的角色信息均不一致,则生成内容为无权的权限结果,并将所述权限结果载入至URL请求;If the access information is inconsistent with the role information of all permission information stored in the running framework, the generated content is an unauthorized permission result, and the permission result is loaded into the URL request;
S4-12:提取所述权限信息的角色权限,将所述URL请求与所述角色权限中的系统服务器的标准资源地址依次进行比对;S4-12: Extract the role authority of the authority information, and sequentially compare the URL request with the standard resource address of the system server in the role authority;
S4-13:若所述角色权限中具有与所述URL请求一致的系统服务器的标准资源地址,则生成内容为无权的权限结果,并将所述权限结果载入至URL请求形成新的URL请求;S4-13: If the role authority has the standard resource address of the system server consistent with the URL request, the generated content is an unauthorized authority result, and the authority result is loaded into the URL request to form a new URL request;
若所述角色权限中不具有与所述URL请求一致的系统服务器的标准资源地址,则生成内容为有权的权限结果,并将所述权限结果载入至URL请求形成新的URL请求;If the role authority does not have the standard resource address of the system server consistent with the URL request, the generated content is the authority result of the authority, and the authority result is loaded into the URL request to form a new URL request;
所述S4-13中,通过JAVA对象赋值的方式生成内容为有权或无权的权限结果,并将该权限结果载入至相应的URL请求。In S4-13, a permission result whose content is right or not is generated by way of JAVA object assignment, and the permission result is loaded into the corresponding URL request.
具体的,所述S5包括以下步骤:Specifically, the S5 includes the following steps:
S51:通过所述认证节点提取所述新的URL请求中的权限结果,并判断所述权限结果的内容;S51: Extract the authority result in the new URL request through the authentication node, and determine the content of the authority result;
S52:若所述权限结果为有权,则访问所述URL请求指定的系统服务器,并获取所述系统服务器的系统信息;S52: If the authorization result is authorization, access the system server specified by the URL request, and obtain system information of the system server;
若所述权限结果为无权,则生成失败提示框;If the permission result is no permission, a failure prompt box is generated;
S52:通过所述认证节点将所述系统信息或失败提示框输出至所述客户端。S52: Output the system information or failure prompt box to the client through the authentication node.
实施例二Example two
请参阅图2,本实施例的一种认证装置1,包括:Please refer to FIG. 2. An authentication device 1 of this embodiment includes:
创设模块11,用于基于预设的运行框架创设具有框架规则的认证节点,所述认证节点包含有权限数据库,并生成并将其输出至客户端;The creation module 11 is used to create an authentication node with framework rules based on a preset operating framework, the authentication node includes a permission database, and generates and outputs it to the client;
权限管理模块12,用于通过所述认证节点接收所述客户端发送的登陆信息,在所述权限数据库中获取与所述登陆信息匹配的权限信息;The authority management module 12 is configured to receive the login information sent by the client through the authentication node, and obtain the authority information matching the login information in the authority database;
缓存模块13,用于通过所述认证节点依据所述框架规则对所述权限信息进行储存,生成缓存成功信号并将其发送至客户端;The cache module 13 is configured to store the authority information according to the framework rules through the authentication node, generate a cache success signal, and send it to the client;
请求判断模块14,用于通过所述认证节点接收所述客户端发送的访问信息和URL请求,利用所述框架规则将所述访问信息和URL请求分别与所述认证节点中的权限信息进行比对以获得权限结果,并将所述权限结果载入至所述URL请求,得到新的URL请求;The request judgment module 14 is configured to receive the access information and URL request sent by the client through the authentication node, and compare the access information and URL request with the authority information in the authentication node by using the framework rules. Obtain the permission result, and load the permission result into the URL request to obtain a new URL request;
反馈模块15,用于通过所述认证节点根据所述新的URL请求获取系统信息,或生成失败提示框;将所述系统信息或失败提示框输出至所述客户端。The feedback module 15 is configured to obtain system information according to the new URL request through the authentication node, or generate a failure prompt box; and output the system information or failure prompt box to the client.
本技术方案基于云技术的云安全领域,通过创设模块创设权限数据库并创建运行框架,通过权限管理模块获取与所述登陆信息匹配的权限信息,以及缓存模块对所述权限信息进行储存;再通过请求判断模块对所述登陆信息进行运算获得权限结果,并将所述权限结果载入至所述URL请求;最后通过反馈模块根据所述权限结果访问系统服务器并获取系统信息,或生成失败提示框;再将所述系统信息或失败提示框输出至所述客户端;实现了基于虚拟化用户认证保证虚拟层安全的技术效果。This technical solution is based on the cloud security field of cloud technology, creates a permission database and creates an operating framework through a creation module, obtains permission information matching the login information through the permission management module, and stores the permission information through the cache module; The request judgment module calculates the login information to obtain the authorization result, and loads the authorization result into the URL request; finally, the feedback module accesses the system server according to the authorization result and obtains system information, or generates a failure prompt box ; Then output the system information or failure prompt box to the client; realize the technical effect of ensuring the security of the virtual layer based on virtualized user authentication.
实施例三Example three
为实现上述目的,本申请还提供一种计算机系统,该计算机系统包括多个计算机设备2,实施例二的认证装置1的组成部分可分散于不同的计算机设备中,计算机设备可以是执行程序的智能手机、平板电脑、笔记本电脑、台式计算机、机架式服务器、刀片式服务器、塔式服务器或机柜式服务器(包括独立的服务器,或者多个服务器所组成的服务器集群)等。本实施例的计算机设备至少包括但不限于:可通过系统总线相互通信连接的存储器21、处理器22,如图3所示。需要指出的是,图3仅示出了具有组件-的计算机设备,但是应理解的是,并不要求实施所有示出的组件,可以替代的实施更多或者更少的组件。In order to achieve the above objective, the present application also provides a computer system that includes a plurality of computer devices 2. The components of the authentication device 1 of the second embodiment can be dispersed in different computer devices, and the computer devices can execute programs. Smartphones, tablet computers, notebook computers, desktop computers, rack servers, blade servers, tower servers or cabinet servers (including independent servers, or server clusters composed of multiple servers), etc. The computer equipment of this embodiment at least includes but is not limited to: a memory 21 and a processor 22 that can be communicatively connected to each other through a system bus, as shown in FIG. 3. It should be pointed out that FIG. 3 only shows a computer device with components, but it should be understood that it is not required to implement all the illustrated components, and more or fewer components may be implemented instead.
本实施例中,存储器21(即可读存储介质)包括闪存、硬盘、多媒体卡、卡型存储器(例如,SD或DX存储器等)、随机访问存储器(RAM)、静态随机访问存储器(SRAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、可编程只读存储器(PROM)、磁性存储器、磁盘、光盘等。在一些实施例中,存储器21可以是计算机设备的内部存储单元,例如该计算机设备的硬盘或内存。在另一些实施例中,存储器21也可以是计算机设备的外部存储设备,例如该计算机设备上配备的插接式硬盘,智能存储卡(Smart Media Card, SMC),安全数字(Secure Digital, SD)卡,闪存卡(Flash Card)等。当然,存储器21还可以既包括计算机设备的内部存储单元也包括其外部存储设备。本实施例中,存储器21通常用于存储安装于计算机设备的操作系统和各类应用软件,例如实施例一的认证装置的程序代码等。此外,存储器21还可以用于暂时地存储已经输出或者将要输出的各类数据。In this embodiment, the memory 21 (ie, readable storage medium) includes flash memory, hard disk, multimedia card, card-type memory (for example, SD or DX memory, etc.), random access memory (RAM), static random access memory (SRAM), Read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), programmable read-only memory (PROM), magnetic memory, magnetic disks, optical disks, etc. In some embodiments, the memory 21 may be an internal storage unit of a computer device, such as a hard disk or memory of the computer device. In other embodiments, the memory 21 may also be an external storage device of the computer device, such as a plug-in hard disk, a smart memory card (Smart Media Card, SMC), and a secure digital (Secure Digital, SD) equipped on the computer device. Flash card Card) and so on. Of course, the memory 21 may also include both the internal storage unit of the computer device and its external storage device. In this embodiment, the memory 21 is generally used to store an operating system and various application software installed in a computer device, such as the program code of the authentication device in the first embodiment. In addition, the memory 21 can also be used to temporarily store various types of data that have been output or will be output.
处理器22在一些实施例中可以是中央处理器(Central Processing Unit,CPU)、控制器、微控制器、微处理器、或其他数据处理芯片。该处理器22通常用于控制计算机设备的总体操作。本实施例中,处理器22用于运行存储器21中存储的程序代码或者处理数据,例如运行认证装置,以实现实施例一的认证方法。In some embodiments, the processor 22 may be a central processing unit (Central Processing Unit, CPU), a controller, a microcontroller, a microprocessor, or other data processing chips. The processor 22 is generally used to control the overall operation of the computer equipment. In this embodiment, the processor 22 is used to run the program code or process data stored in the memory 21, for example, to run an authentication device, so as to implement the authentication method of the first embodiment.
实施例四Example four
为实现上述目的,本申请还提供一种计算机可读存储系统,所述计算机可读存储介质可以是非易失性,也可以是易失性,其包括多个存储介质,如闪存、硬盘、多媒体卡、卡型存储器(例如,SD或DX存储器等)、随机访问存储器(RAM)、静态随机访问存储器(SRAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、可编程只读存储器(PROM)、磁性存储器、磁盘、光盘、服务器、App应用商城等等,其上存储有计算机程序,程序被处理器22执行时实现相应功能。本实施例的计算机可读存储介质用于存储认证装置,被处理器22执行时实现实施例一的认证方法。To achieve the above objective, this application also provides a computer-readable storage system. The computer-readable storage medium may be non-volatile or volatile, and includes multiple storage media, such as flash memory, hard disk, and multimedia. Card, card-type memory (for example, SD or DX memory, etc.), random access memory (RAM), static random access memory (SRAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), Programmable read-only memory (PROM), magnetic memory, magnetic disks, optical disks, servers, App application malls, etc., have computer programs stored thereon, and corresponding functions are realized when the programs are executed by the processor 22. The computer-readable storage medium of this embodiment is used to store an authentication device, and when executed by the processor 22, the authentication method of the first embodiment is implemented.
上述本申请实施例序号仅仅为了描述,不代表实施例的优劣。The serial numbers of the foregoing embodiments of the present application are only for description, and do not represent the superiority of the embodiments.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。Through the description of the above implementation manners, those skilled in the art can clearly understand that the above-mentioned embodiment method can be implemented by means of software plus the necessary general hardware platform, of course, it can also be implemented by hardware, but in many cases the former is better.的实施方式。
以上仅为本申请的优选实施例,并非因此限制本申请的专利范围,凡是利用本申请说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本申请的专利保护范围内。The above are only the preferred embodiments of the application, and do not limit the scope of the patent for this application. Any equivalent structure or equivalent process transformation made using the content of the description and drawings of the application, or directly or indirectly applied to other related technical fields , The same reason is included in the scope of patent protection of this application.
Claims (20)
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910969165.2 | 2019-10-12 | ||
| CN201910969165.2A CN110839014B (en) | 2019-10-12 | 2019-10-12 | Authentication method, authentication device, computer equipment and readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| WO2021068569A1 true WO2021068569A1 (en) | 2021-04-15 |
Family
ID=69575292
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/CN2020/099447 Ceased WO2021068569A1 (en) | 2019-10-12 | 2020-06-30 | Authentication method and apparatus, and computer system and readable storage medium |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN110839014B (en) |
| WO (1) | WO2021068569A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117640262A (en) * | 2024-01-26 | 2024-03-01 | 杭州美创科技股份有限公司 | Data asset isolation method, device, computer equipment and storage medium |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110839014B (en) * | 2019-10-12 | 2022-03-01 | 平安科技(深圳)有限公司 | Authentication method, authentication device, computer equipment and readable storage medium |
| CN111488598B (en) * | 2020-04-09 | 2023-04-07 | 腾讯科技(深圳)有限公司 | Access control method, device, computer equipment and storage medium |
| CN112463171A (en) * | 2020-10-29 | 2021-03-09 | 苏州浪潮智能科技有限公司 | Client installation method based on big data platform and electronic equipment |
| CN113806724B (en) * | 2021-09-29 | 2024-02-09 | 杭州迪普科技股份有限公司 | User login request processing method and device |
| CN115017547B (en) * | 2022-07-21 | 2025-09-19 | 北京字跳网络技术有限公司 | Permission determination method, permission determination device, permission determination equipment and permission determination medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN202737911U (en) * | 2012-06-12 | 2013-02-13 | 中国人民解放军91655部队 | Authority control system |
| WO2014194721A1 (en) * | 2013-06-07 | 2014-12-11 | Tencent Technology (Shenzhen) Company Limited | System and method for centralizedly controlling server user rights |
| CN105808990A (en) * | 2016-02-23 | 2016-07-27 | 平安科技(深圳)有限公司 | Method and device for controlling URL access on basis of IOS system |
| CN107566356A (en) * | 2017-08-24 | 2018-01-09 | 郑州云海信息技术有限公司 | A kind of cloud platform browser URL authority filter methods |
| CN109886038A (en) * | 2019-01-22 | 2019-06-14 | 北京文香信息技术有限公司 | A kind of authentication method, device, storage medium and server accessing e-sourcing |
| CN110839014A (en) * | 2019-10-12 | 2020-02-25 | 平安科技(深圳)有限公司 | Authentication method, device, computer system and readable storage medium |
Family Cites Families (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040010710A1 (en) * | 2002-07-10 | 2004-01-15 | Wen-Hao Hsu | Method and system for filtering requests to a web site |
| CN101453398A (en) * | 2007-12-06 | 2009-06-10 | 怀特威盛软件公司 | Novel distributed grid super computer system and method |
| CN101546261B (en) * | 2008-10-10 | 2011-07-20 | 华中科技大学 | Secure web page tag library system supported by multiple strategies |
| CN101645021B (en) * | 2009-06-18 | 2012-12-12 | 广东金宇恒科技有限公司 | Integrating method for multisystem single-spot logging under Java application server |
| US9356845B1 (en) * | 2010-03-05 | 2016-05-31 | Forbes Media Llc | System and method for audience segment profiling and targeting |
| CN102427480B (en) * | 2011-12-31 | 2015-01-14 | 北京新媒传信科技有限公司 | Application access method in a plurality of application service platform systems |
| US9378065B2 (en) * | 2013-03-15 | 2016-06-28 | Advanced Elemental Technologies, Inc. | Purposeful computing |
| CN106815005A (en) * | 2015-12-01 | 2017-06-09 | 北京奇虎科技有限公司 | The method and device of data processing model and data processing is built based on framework |
| CN106713271B (en) * | 2016-11-25 | 2020-05-22 | 国云科技股份有限公司 | Web system login constraint method based on single sign-on |
| CN109657429A (en) * | 2018-09-27 | 2019-04-19 | 深圳壹账通智能科技有限公司 | Video resource management method, equipment, system and computer readable storage medium |
| CN109218329A (en) * | 2018-10-16 | 2019-01-15 | 量子云未来(北京)信息科技有限公司 | A kind of method and system authenticated using NetData-Auth user authentication frame |
| CN109688120B (en) * | 2018-12-14 | 2020-11-03 | 浙江大学 | Dynamic Rights Management System Based on Improved RBAC Model and Spring Security Framework |
| CN109981561B (en) * | 2019-01-17 | 2020-05-22 | 华南理工大学 | User authentication method for migrating single-body architecture system to micro-service architecture |
| CN110232292A (en) * | 2019-05-06 | 2019-09-13 | 平安科技(深圳)有限公司 | Data access authority authentication method, server and storage medium |
-
2019
- 2019-10-12 CN CN201910969165.2A patent/CN110839014B/en active Active
-
2020
- 2020-06-30 WO PCT/CN2020/099447 patent/WO2021068569A1/en not_active Ceased
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN202737911U (en) * | 2012-06-12 | 2013-02-13 | 中国人民解放军91655部队 | Authority control system |
| WO2014194721A1 (en) * | 2013-06-07 | 2014-12-11 | Tencent Technology (Shenzhen) Company Limited | System and method for centralizedly controlling server user rights |
| CN105808990A (en) * | 2016-02-23 | 2016-07-27 | 平安科技(深圳)有限公司 | Method and device for controlling URL access on basis of IOS system |
| CN107566356A (en) * | 2017-08-24 | 2018-01-09 | 郑州云海信息技术有限公司 | A kind of cloud platform browser URL authority filter methods |
| CN109886038A (en) * | 2019-01-22 | 2019-06-14 | 北京文香信息技术有限公司 | A kind of authentication method, device, storage medium and server accessing e-sourcing |
| CN110839014A (en) * | 2019-10-12 | 2020-02-25 | 平安科技(深圳)有限公司 | Authentication method, device, computer system and readable storage medium |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117640262A (en) * | 2024-01-26 | 2024-03-01 | 杭州美创科技股份有限公司 | Data asset isolation method, device, computer equipment and storage medium |
| CN117640262B (en) * | 2024-01-26 | 2024-04-09 | 杭州美创科技股份有限公司 | Data asset isolation method, device, computer equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110839014B (en) | 2022-03-01 |
| CN110839014A (en) | 2020-02-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2021068569A1 (en) | Authentication method and apparatus, and computer system and readable storage medium | |
| US8473585B1 (en) | Multi-threaded optimization for data upload | |
| US10379891B2 (en) | Apparatus and method for in-memory-based virtual desktop service | |
| US11334661B1 (en) | Security credential revocations in a cloud provider network | |
| US9998455B2 (en) | Protection of application passwords using a secure proxy | |
| CN111181975B (en) | An account management method, device, equipment and storage medium | |
| CN107948203A (en) | A kind of container login method, application server, system and storage medium | |
| US9270703B1 (en) | Enhanced control-plane security for network-accessible services | |
| US8935756B2 (en) | Providing multiple authentications to authenticate users with respect to a system and file systems offered through the system | |
| US8918862B2 (en) | Managing access to storage media | |
| CN110784433A (en) | User access processing method, device and equipment | |
| US10831915B2 (en) | Method and system for isolating application data access | |
| US9189643B2 (en) | Client based resource isolation with domains | |
| US10162952B2 (en) | Security model for network information service | |
| US10021111B2 (en) | Location based authentication of users to a virtual machine in a computer system | |
| US11356382B1 (en) | Protecting integration between resources of different services using service-generated dependency tags | |
| US20150373011A1 (en) | Credential collection in an authentication server employing diverse authentication schemes | |
| US11861409B2 (en) | Distributed decomposition of string-automated reasoning using predicates | |
| US10701108B2 (en) | System and method for determining a policy in virtual desktop infrastructure (VDI) | |
| CN115525880A (en) | Method, device, equipment and medium for providing SAAS service facing multi-tenant | |
| US9160705B2 (en) | Identifier management | |
| US12132735B1 (en) | Specification language for generating graph reachability-based analyses for cloud-based system resources | |
| US8806589B2 (en) | Credential collection in an authentication server employing diverse authentication schemes | |
| US12204668B1 (en) | User-configurable request-based policies for a data storage system | |
| US11792201B2 (en) | System and method to manage multiple-account access using a master key |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| 121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 20874486 Country of ref document: EP Kind code of ref document: A1 |
|
| NENP | Non-entry into the national phase |
Ref country code: DE |
|
| 122 | Ep: pct application non-entry in european phase |
Ref document number: 20874486 Country of ref document: EP Kind code of ref document: A1 |