Embodiment
For above-mentioned purpose of the present invention, feature and advantage can more be become apparent, the specific embodiment of the present invention is described in detail below in conjunction with accompanying drawing.
Set forth detail in the following description so that fully understand the present invention.But the present invention can be different from alternate manner described here and implements with multiple, and those skilled in the art can do similar popularization under the situation of intension of the present invention.Therefore the present invention is not subjected to the restriction of following public embodiment.
Among the present invention, when the user orders application service, be to carry out, such as steel plant or exchange intermediary etc. with the name of certain mechanism.According to the function that this application service provides, the user is free to define the role's (being called tissue again) in this mechanism, and the corresponding relation between role and the function.
Fig. 1 is the schematic diagram that concerns between user among the present invention, user application service, the role in the application service and the function ordered.The user has ordered application service with the name of mechanism 502, the application service 501 that obtains ordering.The application service 501 of ordering comprises first function 503, second function, the 3rd function ... with the N function.Wherein corresponding second role of first function and third angle look, promptly the in-house user of first role and third angle look correspondence has authority to use first function of this application service.Corresponding first role of second function and second role, the corresponding third angle look of the 3rd function, the corresponding M role of N function.
The user defines the tissue of mechanism 502 after ordering the application service success, each tissue comprises user property and role attribute, and the role attribute of tissue is to the operable function of the user member that should organize.Comprise first tissue, 504, second tissue, the 3rd tissue ... organize with Y.By the user is added in the user property of described tissue, thereby make this user have corresponding role, can use the function of this role's correspondence.
It should be noted that, user's service subscription information is not user's information of ordering operation (uses, defined which role of mechanism, defined the corresponding relation of which role and function such as which has been ordered), but the mechanism information of user in each application service of having ordered, the subordinate's of mechanism organizational information, the Role Information that tissue comprises, the operable function information of role's correspondence.
Fig. 2 is the schematic diagram of service subscription information among the present invention, and service subscription information 600 comprises user name 601; Also comprise and order name 651, apply names 602, mechanism's name 603, organization name 606, role name 604 and function name 605, the title, the organization name at user place of mechanism of representing title, the user place of title, the application service in this order of an order respectively, the title of the role under the user and the function title of role's correspondence.Described service subscription information comprises a user name 601, at least one order.Comprise one during each is ordered and order sequence number 651, apply names 602, mechanism's name 603, an organization name 606, at least one role name 604 and at least one function name.
Fig. 3 is the schematic diagram of the service subscription information in the one embodiment of the invention.Service subscription information 610 comprises the service subscription information that user's first 611 is correlated with, and comprises that first orders 661, second order the 662, the 3rd order the 663 and the 4th order 664.Described first order 661 is the orders to using 1; User's first belongs to the A of mechanism and organizes A role A, role A corresponding function 1 and the function 2 of organizing A to comprise under user's first, and promptly user's first can be used in this first order 661 and use 1 function 1 and function 2.Compare with first order 661, order in 662 second, user's first belongs to identical mechanism (A of mechanism), different tissue (tissue B), organize B to comprise different role attribute (role D), user's first can be used and use 1 function 1, can not use and use 1 function 2.Order in 663 the 3rd, user's first belongs to different mechanisms (C of mechanism), the function 1 of operable application 1 and function 4.Order in 664 the 4th, user's first belongs to the B of mechanism and organizes B, can use and use 2 function 3, compares with above-mentioned three orders, and the 4th orders the application service difference in 664.
The user who orders operation can add oneself the tissue of corresponding mechanism, also can not add any tissue.A user can exist in a plurality of orders that comprise the different application service, also can have corresponding different role attribute and user right in comprising the different order of same application service with different tissues.
Fig. 4 is a service system schematic diagram among the present invention, and described service system comprises login system 401 and unified user management device 404, and unified user management device 404 is preserved service subscription information.Local terminal 402 is connected with service system with local application server, and remote terminal 403 is connected with service system by network with remote application server.
Each terminal equipment obtains finishing register behind the service call token by unified login system, utilize the service call token afterwards, both can finish the operation of access application service by login system, also can directly send the operation that access request is finished the access application service to application server.
The login process of described service system comprises step as shown in Figure 5:
S301: login system receives the logging request of sending from terminal equipment;
S302: login system is carried out the log-on message checking;
S303: if the verification passes, login system sends login to terminal equipment and replys; Otherwise, send login failure and reply;
S304: login system sends the service subscription information request to unified user management device;
S305: unified user management device sends service subscription information to login system and replys;
S306: login system is fed back service subscription information to terminal equipment;
S307: login system receives from the service order of terminal equipment and selects request;
S308: login system is transmitted service order and is selected to ask unified user management device;
S309: the login system reception is selected the corresponding service call token of request from unified user management device with described service order;
S310: the service call token that login system is received to the terminal equipment feedback, the user finishes register.
By above-mentioned steps, login process expands to login and orders selection course.After user's login, service subscription information be can obtain, all and this user-dependent application service comprised; The user selects an order to carry out follow-up work, when other application of needs, in the time of perhaps need using same application service with other role, do not need to login again, only need from service subscription information, to reselect to get final product, saved user's time, be user-friendly to.
After above-mentioned steps was finished, terminal equipment can send access request and service call token to application server by login system, also can directly send access request and service call token to application server.When terminal equipment sent access request and service call token to application server by login system, the visit of application server was replied and can be fed back to terminal equipment by login system, also can directly feed back to terminal equipment.
At least comprise mechanism, role and access rights that the user is affiliated in the described service call token.After the application service that application server provides receives the access request and service call token of that terminal equipment sends or login system forwarding, at first relatively whether the access rights in the service call token mate the authority of (covering) access request, if authority coupling, carry out the instruction in the access request, otherwise, return error message.
It should be noted that above-mentioned service call token both can send separately, also can be carried in the access request; Terminal equipment and login system/service system both can adopt the C/S mode to realize, also can adopt the B/S mode to realize.
Fig. 6 is the structural representation that identity more than first kind provided by the invention is selected entering device.Wherein, terminal equipment comprises terminal equipment 100a, terminal equipment 100b, terminal equipment 100c and terminal equipment 100n, wherein terminal equipment 100a and terminal equipment 100b are local terminal equipments, and terminal equipment 100c and terminal equipment 100n are RTU (remote terminal unit).
Many identity select entering device 200 to comprise logging request processing unit 201, service subscription information acquiring unit 202 and service call token acquiring unit 203.Unified user management device 301 selects entering device 200 to couple with many identity.Application service comprises application service 302a, application service 302b, application service 302c and application service 302n, and wherein application service 302c and application service 302n are positioned on the remote application server.Unified user management device 301 is preserved service subscription information.
Logging request processing unit 201 is connected with terminal equipment 100a, terminal equipment 100b, terminal equipment 100c and terminal equipment 100n, receive the logging request that each terminal equipment sends, after checking user's the log-on message success, send the login successful respond to terminal equipment, reply otherwise send login failure.
Service subscription information acquiring unit 202 is connected with described logging request processing unit 201, and after the user logined success, logging request processing unit 201 sent activation data to the service subscription information acquiring unit, activated service subscription information acquiring unit 202.Service subscription information acquiring unit 202 couples with unified user management device 301, sends the service subscription information request to unified user management device 301, and the service subscription information that the unified user management device 301 of reception returns is replied.
Service call token acquiring unit 203 couples with terminal equipment and unified user management device 301, receives from terminal equipment and selects request based on the service order of described service subscription information, obtains the service call token and feeds back to described terminal equipment.
Terminal equipment sends access request and service call token to required application service, application service verify described access request requested permissions whether with the service call token in the user right coupling, after checking is passed through, send visit and reply to terminal equipment.
Provide identity more than second kind to select entering device in the another embodiment of the present invention, as shown in Figure 7.Many identity are selected entering device 200 also to comprise and are called pretreatment unit 206 and temporary storage cell 204.
Temporary storage cell 204 couples with described service call token acquiring unit 203, and stores service is called the service call token that token acquiring unit 203 obtains; When service call token acquiring unit 203 receives new service order selection request, inquire about at first whether desired data has been kept in the temporary storage cell 204, if preserve, directly obtain the service call token and feed back to described terminal equipment from temporary storage cell 204.
Calling pretreatment unit 206 couples with described terminal equipment.Reception is from the access request and the service call token of described terminal equipment, verify described access request requested permissions whether with the service call token in the user right coupling, after checking is passed through, transmit described access request to application service.
Application service on the application server receives after the access request, and directly backward reference is replied to described terminal equipment.
Select entering device in conjunction with above-mentioned many identity, the present invention also provides a kind of many identity to select login method, as shown in Figure 8, comprises step:
S401: many identity are selected the send logging request of entering device reception from terminal equipment;
S402: many identity select entering device to carry out the log-on message checking;
S403: if the verification passes, many identity select entering device to reply to terminal equipment transmission login; Otherwise, send login failure and reply;
S404: many identity select entering device to send the service subscription information request to unified user management device;
S405: unified user management device selects entering device transmission service subscription information to reply to many identity;
S406: many identity select entering device to feed back service subscription information to terminal equipment;
S407: many identity are selected entering device to receive from the service order of terminal equipment and are selected request;
S408: many identity are selected entering device to transmit service order and are selected to ask unified user management device;
S409: many identity selection entering devices receptions and storage select to ask corresponding service call token from unified user management device with described service order;
S410: the service call token that many identity select entering device to receive to the terminal equipment feedback;
S411: many identity are selected access request and the service call token of entering device reception from terminal equipment;
S412: many identity select entering devices verify described access request requested permissions whether with the service call token in the user right coupling, after checking is passed through, transmit described access request to application service;
S413: application service sends visit to terminal equipment and replys.
Provide the third many identity to select entering device in the another embodiment of the present invention, as shown in Figure 9.Select the difference of entering device to be with identity more than first kind, also comprise temporary storage cell 204 and call processing unit 207.
Temporary storage cell 204 couples with described service call token acquiring unit 203, and stores service is called the service call token that token acquiring unit 203 obtains; When service call token acquiring unit 203 receives new service order selection request, inquire about at first whether desired data has been kept in the temporary storage cell 204, if preserve, directly obtain the service call token and feed back to described terminal equipment from temporary storage cell 204.
Calling processing unit 207 couples with described terminal equipment.Reception is from the access request and the service call token of terminal equipment, verify described access request requested permissions whether with the service call token in the user right coupling, after checking is passed through, transmit described access request to application service.
Application service on the application server receives after the access request, and backward reference is replied to calling processing unit 207.At last, reply described terminal equipment by calling processing unit 207 feedback visits.
Select entering device in conjunction with above-mentioned many identity, the present invention also provides a kind of many identity to select login method, as shown in figure 10, comprises step:
S501: many identity are selected the send logging request of entering device reception from terminal equipment;
S502: many identity select entering device to carry out the log-on message checking;
S503: if the verification passes, many identity select entering device to reply to terminal equipment transmission login; Otherwise, send login failure and reply;
S504: many identity select entering device to send the service subscription information request to unified user management device;
S505: unified user management device selects entering device transmission service subscription information to reply to many identity;
S506: many identity select entering device to feed back service subscription information to terminal equipment;
S507: many identity are selected entering device to receive from the service order of terminal equipment and are selected request;
S508: many identity are selected entering device to transmit service order and are selected to ask unified user management device;
S509: many identity selection entering devices receptions and storage select to ask corresponding service call token from unified user management device with described service order;
S510: the service call token that many identity select entering device to receive to the terminal equipment feedback;
S511: many identity are selected access request and the service call token of entering device reception from terminal equipment;
S512: many identity select entering devices verify described access request requested permissions whether with the service call token in the user right coupling, after checking is passed through, transmit described access request to application service;
S513: application service selects entering device transmission visit to reply to many identity;
S514: many identity select entering device to reply to terminal equipment transmission visit.
Further, in order to improve the fail safe of communicating by letter between user and the system, in another embodiment of the present invention, the logging request processing unit comprises initial registration request processing unit and session logging request processing unit.
Initial registration request processing unit and terminal equipment couple, and receive the logging request that the user utilizes encrypted private key, after the checking private key, utilize PKI to return session key to the user.Afterwards, the user uses session key and many identity to select entering device to communicate.
Session logging request processing unit is connected with the initial registration request processing unit, receives described session key.Session logging request processing unit and terminal equipment couple, the logging request that receiving terminal apparatus utilizes session key to send, and utilize session key to send to terminal equipment and reply.
Further, the invention provides a kind of electronic trade platform service switch method.Described electronic trade platform comprises many identity selection entering devices, unified user management device and at least one application server, and described many identity select entering devices to be suitable for coupling described unified user management device and terminal equipment.
Described transaction platform can be the cloud transaction platform, adopts modes such as cloud computing and cloud storage to come to provide service for terminal equipment.
As shown in figure 11, service switch method comprises the steps:
S600: described many identity are selected entering device to receive from the service order of described terminal equipment and are selected to ask and send to described unified user management device;
S700: described unified user management device receives described service order and selects request, generate the service call token and feed back to described many identity and select entering device, comprise user affiliated mechanism, role and access rights in the described service call token at least;
S800: described many identity select entering device that described service call token is fed back to described terminal equipment;
S900: described application server receives from the access request of described terminal equipment and service call token and verifies whether service call token wherein mates with the access rights of access request.
Wherein, S600 further comprises the steps: S601: many identity select entering device to send the service subscription information request to unified user management device; S602: unified user management device obtains service subscription information and sends to many identity selection entering devices; S603: unified user management device feeds back service subscription information to terminal equipment.
Use above-mentioned service switch method, the service call token will be finished the function that service is switched, and client did not need to login again when service was switched.
Further, the invention provides a kind of electronic trade platform service switch method:
S600: described many identity are selected entering device to receive from the service order of described terminal equipment and are selected to ask and send to described unified user management device;
S700: described unified user management device receives described service order and selects request, generate the service call token and feed back to described many identity and select entering device, comprise user affiliated mechanism, role and access rights in the described service call token at least;
S800: described many identity select entering device that described service call token is fed back to described terminal equipment;
S1000: described many identity are selected entering device to receive from the access request and the service call token of described terminal equipment and are verified also whether service call token wherein mates with the access rights of access request;
S1100: described many identity select entering device that the access request of access rights coupling is forwarded to described application server.
Use above-mentioned service switch method, the service call token will be finished the function that service is switched, and service is switched the service of using transparent fully.
In order to further describe login system provided by the invention and login method, describe below in conjunction with the bulk supply tariff transaction platform.In specific implementation, described bulk supply tariff transaction platform can be the cloud transaction platform.
By the bulk supply tariff transaction platform, the addressable application service of terminal equipment comprises the Transaction Information issue, the issue of transaction contract, and the transaction contract is bought bank loan service, mortgage service, logistics distribution service etc.Each application service can realize on different application servers, also can be developed by different service providers.
Described terminal equipment can be handheld terminal, desktop computer and other electronic service equipment.
Terminal equipment and login system/service system both can adopt the C/S mode to realize, also can adopt the B/S mode to realize.
Using standard contract to be issued as example explanation user with the user below uses many identity to select the process of entering device.
Shown in Figure 12,13, the user wishes to issue a plurality of standard contracts with different roles on transaction platform.Select login method according to aforesaid many identity, the user at first carries out terminal equipment login subprocess 701, comprises the steps: that terminal equipment sends logging request 7011, many identity are selected entering device checking logging request 7012 and send login to reply 7013.
Select login method according to aforesaid many identity, after the user successfully logins, carry out terminal equipment and obtain service subscription information subprocess 702, comprise the steps: that many identity select entering devices to send service subscription information request 7021, unified user management device feedback service subscription information 7022, terminal equipment and send service order and select request 7023, many identity to select entering device to obtain with described service order to select the corresponding service call token of information and feed back to terminal equipment 7024.The user obtains service subscription information as shown in Figure 2, wherein detailed record with this user-dependent order, mechanism, role and function.The user selects one of them to order, and the application service of this order is the issue standard contract, and the mechanism of order is steel plant, and the role is the salesman of steel plant, and corresponding function comprises the partial function (futures contract) of issuing standard contract.
Select login method according to aforesaid many identity, the user selects after the order, carry out terminal equipment and call application service subprocess 703, comprise the steps: that client sends access request and service call token 7031, many identity and selects operating right in the request of entering device authentication-access whether to mate service call token 7032, calls pretreatment module and transmit and call application request 7033, application module is carried out subprocess 7034.
The user uses the process of standard contract issue to be: check whether contract price is passed through, contract price template in the application service invocation database and user's contract price compare at this moment, if contract price is passed through, whether member's credit of checking the user is enough, user credit data in this moment application service invocation database, if member's credit of user is not enough then can not issue contract, if member's credit is enough, can issue contract, and the generation standard contract takies (the member's credit that takies the user), member's credit of this user simultaneously, generate standard contract then, and the result that will generate standard contract feeds back to the service user, finishes the service request of standard contract issue.
If the user has finished after the issue of above-mentioned standard contract, wish to issue another standard contract (prompt contracts) with the sales manager's of steel plant identity, the user re-executes terminal equipment and obtains service subscription information subprocess 702, and reselects order and get final product.
Those skilled in the art will appreciate that the method that embodiment of the present invention provides can carry out with hardware mode, also can with computer code or similarly software mode cooperate hardware system carry out.When adopting software mode to realize, relevant code (source code and/or object code) and document can be stored in (as CD, disk etc.) or read-write medium on the computer-readable recording medium.
Though the present invention with specific embodiment openly as above; but it is not to be used for limiting the present invention; any those skilled in the art without departing from the spirit and scope of the present invention; can utilize the method and the technology contents of above-mentioned announcement that technical solution of the present invention is made possible change and modification; therefore; every content that does not break away from technical solution of the present invention; to any simple modification, equivalent variations and modification that above embodiment did, all belong to the protection range of technical solution of the present invention according to technical spirit of the present invention.