CN102404349A - Single sign-on method - Google Patents
Single sign-on method Download PDFInfo
- Publication number
- CN102404349A CN102404349A CN2011104601899A CN201110460189A CN102404349A CN 102404349 A CN102404349 A CN 102404349A CN 2011104601899 A CN2011104601899 A CN 2011104601899A CN 201110460189 A CN201110460189 A CN 201110460189A CN 102404349 A CN102404349 A CN 102404349A
- Authority
- CN
- China
- Prior art keywords
- user
- url
- login
- client
- checking
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The invention provides a single sign-on method, comprising the steps of setting a reading mode of all modules of an accessed platform in advance, wherein the reading mode comprises an interception mode for all items in the corresponding module; and performing interception checking to a user login URL (Uniform Resource Locator) and a user certificate checking URL according to the reading mode. In the invention, interception checking can be performed to the user login URL and the user certificate checking URL according to the different items of different modules, so as to solve the problem that all simple URL interception checking can not meet the practical requirements.
Description
Technical field
The present invention relates to the Message Processing technical field, more particularly, relate to the single sign-on method.
Background technology
System that some are bigger and platform generally all are made up of a lot of modules.For example the Trustie platform just is made up of modules such as collaborative platform, door, project door, dimension visitor, defect management, mail tabulation, forums.The shared identical database user table of these modules, but the login of each module but is separate, has for example logined mail tabulation, also needs login again if advance the words of forum.So the user is when using these application modules, and inconvenient.
Single sign-on (SSO) can let the user once login, and repeatedly uses.But because the Trustie platform is made up of a plurality of modules, it is technological different that each module adopts, and the work that each module needs the SSO single-sign-on to do is also inequality.We use the SSO single-sign-on just need expand according to the actual conditions of different module under these circumstances.
For example: SSO has three service for checking credentials interfaces: the user logins URL, user's voucher verification URL, user and publishes URL.But the interception checking that existing SSO can only be all URL to these three kinds of address validations, but in bigger systems/platforms, the situation of the URL address that possible each module need be verified is different.For example for project door module, only need tackle mail tabulation and these two projects of forum, remaining does not need interception.This moment, the interception checking of simple all URL can not be satisfied actual demand.
Summary of the invention
In view of this, the object of the invention is to provide the single sign-on method, to solve above-mentioned a series of problem.
For realizing above-mentioned purpose, the present invention provides following technical scheme:
A kind of single sign-on method, based on the http agreement, said method comprises:
In advance to being read mode, saidly read the interception mode that mode comprises each project in the corresponding module by each module settings of access platform;
Read according to said that mode is logined URL to the user and user's voucher verification URL tackles checking.
It is thus clear that, in the present invention, can be according to the disparity items of disparate modules, the user is logined URL and user's voucher verification URL tackles checking, thereby the interception checking that has solved simple all URL can not be satisfied the problem of actual demand.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art; To do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below; Obviously, the accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills; Under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the single sign-on method flow diagram that the embodiment of the invention provided.
Embodiment
For quote and know for the purpose of, the technical term that hereinafter uses, write a Chinese character in simplified form or abridge and sum up as follows:
AJAX:, be meant a kind of webpage development technology that interaction network page is used of creating by the noun that Jesse James Gaiiett creates;
HTTPS:Hypertext Transfer Protocol Secure, ultra literal TRANSEC transmission security agreement;
HTTP:Hyper Text Transfer Protocol, HTTP;
SQL:Structured Query Language, SQL.
To combine the accompanying drawing in the embodiment of the invention below, the technical scheme in the embodiment of the invention is carried out clear, intactly description, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills are not making the every other embodiment that is obtained under the creative work prerequisite, all belong to the scope of the present invention's protection.
SSO generally uses the https agreement.Use the https agreement to generate corresponding safety certificate in service end; If client and service end be not on same station server; So also must the certificate that service end generates be copied on the machine of client and set up trust, whole layoutprocedure is cumbersome.
In addition, SSO has three service for checking credentials interfaces: the user logins URL, user's voucher verification URL, user and publishes URL.But the interception checking that existing SSO can only be all URL to these three kinds of address validations, but in bigger systems/platforms, the situation of the URL address that possible each module need be verified is different.For example for project door module, only need tackle mail tabulation and these two projects of forum, remaining does not need interception.This moment, the interception checking of simple all URL can not be satisfied actual demand.
In view of this, the embodiment of the invention discloses a kind of single sign-on method based on the http agreement, referring to Fig. 1, this method comprises:
S1, in advance to being read mode by each module settings of access platform, saidly read the interception mode that mode comprises each project in the corresponding module;
With project door module is example, if its needs are tackled mail tabulation and these two projects of forum, remaining does not need interception.So, the corresponding interception mode of two projects of the mail tabulation of project door module and forum is set to " being " in advance, and the interception mode of sundry item is set to " denying " in the project door module.
S2, read according to said that mode is logined URL to the user and user's voucher verification URL tackles checking.
Still specifically to be set at example among the step S1, when project door module is conducted interviews, when user capture mail tabulation and two projects of forum, need login URL and user's voucher verification URL tackles checking to the user.
Concrete, login URL for the user, can (the xml file be used to dispose the user that needs verify and logins URL, user's voucher verification URL to the xml file of client application through the expansion login validation method.) in the parameter (this parameter is logined URL, user's voucher verification URL for the user) that is provided with judge the mode that reads URL; Filter the configuration of the xml of corresponding simultaneously change application client again according to the mode that reads of URL through the extension verification method.
The processing mode of family voucher verification URL is similar with entry address.The user publishes URL then not to be needed to handle.
Existing single-sign-on only provides the simple user name checking identical with password, but some platform, and username and password all leaves in the database, needs to solve the problem that SSO is linked to database this moment.
Be linked to the problem of database to SSO, in other embodiment of the present invention, said method also can comprise the steps:
Add MD5 algorithm for encryption deciphering class in client, and the dependence of in the xml of client file, injecting database.
The password that existing single-sign-on, some platform are deposited the database of username and password is to encrypt through the MD5 algorithm, and in view of this, in other embodiment of the present invention, said method also can comprise the steps:
In the xml of client file, inject the dependence of MD5 algorithm for encryption class.Also, in SSO client xml file, inject the dependence of encrypting class promptly in the client interpolation MD5 of SSO algorithm for encryption deciphering class.
Existing single-sign-on can only get access to the user name of login user, but can not obtain other specifying informations of login user, such as mailbox, telephone number etc.
In view of this, in other embodiment of the present invention, said method also can comprise the steps: to provide the dependence of querying attributes, and storage SQL query conditional attribute and Query Result attribute are provided.Querying condition attribute and Query Result attribute can be used for obtaining the user profile of login.
Concrete, SSO provides the dependence of querying attributes, and storage SQL query conditional attribute and Query Result attribute are provided.When needs obtain other information of login user, revise storage SQL query conditional attribute and the map corresponding with the Query Result attribute, interpolation needs the attribute of inquiry in map.Through the AttributePrincipal of SSO, obtain other information of the user profile of login, the deployerConfigContext.xml file of cas service end is revised in corresponding simultaneously change.
Http protocol is considered to stateless protocol, can't learn user's browse state, when it after service end is accomplished response, server has just lost and the getting in touch of this browser.
The limitation of http protocol has been filled up in the invention of Session: through the SESSION recording user for information about, confirm when with this identity the web server being mentioned request once more for the user.Session can be used for authenticating user identification, program state record, parameter transmission etc. between the page.The invention of Session (session) makes a user can preserve this user's information when between a plurality of pages, switching.
The duration of each Session object is the time of user capture to add inactive time.
Following sight possibly take place: when a user opens a page, automatically during login, session is expired with the post request, and server can't be obtained data like this.
To this situation, the present invention utilizes Spring Security that a kind of SavedRequest of being called function is provided, and crosses after date at seesion, and the post request is preserved.
The part of module of some platform, for example " general introduction " in the Trustie platform and " download " need not logined interception, only need the checking interception in order to show the user name of login.
To this situation, in other embodiment of the present invention, said method also can comprise the steps:
The filtration of configure user login URL, user's voucher verification URL in the web.xml file;
Succession user rs credentials checking class, and in the corresponding session of user, preserve the user profile problem of logining;
Change the configuration parameter in the xml file of corresponding client.
In existing SSO, there is the problem that ajax can not be cross-domain.For this reason, said method provided by the invention also can comprise the steps:
Whether login service end checking user,, the information of login user is preserved with JSONObject if login.
Further:
If the biography of client ginseng be a sky, the information of the login user that will preserve with JSONObject returns to client.
In addition, in other embodiment of the present invention, said method also can comprise:
Adding identifying code at login page selects;
Receive identifying code, user name and the password of user's input;
Identifying code, user name and password according to said user's input are verified.
Each embodiment adopts the mode of going forward one by one to describe in this specification, and what each embodiment stressed all is and the difference of other embodiment that identical similar part is mutually referring to getting final product between each embodiment.For disclosed system of embodiment and device, because it is corresponding with the embodiment disclosed method, so description is fairly simple, relevant part is partly explained referring to method and is got final product.
One of ordinary skill in the art will appreciate that all or part of flow process that realizes in the foregoing description method; Be to instruct relevant hardware to accomplish through computer program; Described program can be stored in the computer read/write memory medium; Said program can comprise the flow process like the embodiment of above-mentioned each side method when carrying out.Wherein, described storage medium can be magnetic disc, CD, read-only storage memory body (Read-Only Memory, ROM) or at random store memory body (Random Access Memory, RAM) etc.
To the above-mentioned explanation of the disclosed embodiments, make this area professional and technical personnel can realize or use the present invention.Multiple modification to these embodiment will be conspicuous concerning those skilled in the art, and defined General Principle can realize under the situation that does not break away from the spirit or scope of the present invention in other embodiments among this paper.Therefore, the present invention will can not be restricted to these embodiment shown in this paper, but will meet and principle disclosed herein and features of novelty the wideest corresponding to scope.
Claims (9)
1. a single sign-on method is characterized in that, based on the http agreement, said method comprises:
In advance to being read mode, saidly read the interception mode that mode comprises each project in the corresponding module by each module settings of access platform;
Read according to said that mode is logined URL to the user and user's voucher verification URL tackles checking.
2. the method for claim 1 is characterized in that: also comprise:
In the xml of client file, inject the dependence of database, said database storage has username and password.
3. method as claimed in claim 2 is characterized in that, also comprises:
Add MD5 algorithm for encryption deciphering class in client, and the dependence of in the xml of client file, injecting MD5 algorithm for encryption class.
4. method as claimed in claim 3 is characterized in that, also comprises: the dependence of querying attributes is provided, and storage sql querying condition attribute and Query Result attribute are provided.
5. method as claimed in claim 4 is characterized in that, also comprises: cross after date at session, preserve the post request.
6. method as claimed in claim 5 is characterized in that, also comprises:
The filtration of configure user login URL, user's voucher verification URL in the web.xml file;
Succession user rs credentials checking class, and in the corresponding session of user, preserve the user profile problem of logining;
Change the configuration parameter in the xml file of corresponding client.
7. method as claimed in claim 6 is characterized in that,
Whether login service end checking user,, the information of login user is preserved with JSONObject if login.
8. method as claimed in claim 7 is characterized in that,
If the biography of client ginseng be a sky, the information of the login user that will preserve with JSONObject returns to client.
9. method as claimed in claim 8 is characterized in that,
Adding identifying code at login page selects;
Receive identifying code, user name and the password of user's input;
Identifying code, user name and password according to said user's input are verified.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110460189.9A CN102404349B (en) | 2011-12-31 | 2011-12-31 | Single sign-on method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110460189.9A CN102404349B (en) | 2011-12-31 | 2011-12-31 | Single sign-on method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102404349A true CN102404349A (en) | 2012-04-04 |
| CN102404349B CN102404349B (en) | 2014-05-21 |
Family
ID=45886135
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110460189.9A Active CN102404349B (en) | 2011-12-31 | 2011-12-31 | Single sign-on method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102404349B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102801808A (en) * | 2012-07-30 | 2012-11-28 | 武汉理工大学 | WebLogic-oriented Form identification single sign on integration method |
| CN108664778A (en) * | 2018-03-26 | 2018-10-16 | 苏州科达科技股份有限公司 | Method for authenticating user identity, device and electronic equipment |
| CN108881130A (en) * | 2017-05-16 | 2018-11-23 | ***通信集团重庆有限公司 | The method of controlling security and device of session control information |
| CN109218389A (en) * | 2018-07-05 | 2019-01-15 | 东软集团股份有限公司 | The method, apparatus and storage medium and electronic equipment of processing business request |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102065147A (en) * | 2011-01-07 | 2011-05-18 | 深圳市易聆科信息技术有限公司 | Method and device for obtaining user login information based on enterprise application system |
-
2011
- 2011-12-31 CN CN201110460189.9A patent/CN102404349B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102065147A (en) * | 2011-01-07 | 2011-05-18 | 深圳市易聆科信息技术有限公司 | Method and device for obtaining user login information based on enterprise application system |
Non-Patent Citations (3)
| Title |
|---|
| 卢清平 等: "一种基于Yale-CAS的单点登录解决方案", 《合肥学院学报》 * |
| 杨普 等: "基于JOSSO的WEB单点登录的设计与实现", 《电脑知识与技术》 * |
| 金斌: "统一的身份认证和访问控制之单点登录***设计与实现", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102801808A (en) * | 2012-07-30 | 2012-11-28 | 武汉理工大学 | WebLogic-oriented Form identification single sign on integration method |
| CN102801808B (en) * | 2012-07-30 | 2014-11-05 | 武汉理工大学 | WebLogic-oriented Form identification single sign on integration method |
| CN108881130A (en) * | 2017-05-16 | 2018-11-23 | ***通信集团重庆有限公司 | The method of controlling security and device of session control information |
| CN108664778A (en) * | 2018-03-26 | 2018-10-16 | 苏州科达科技股份有限公司 | Method for authenticating user identity, device and electronic equipment |
| CN108664778B (en) * | 2018-03-26 | 2021-03-30 | 苏州科达科技股份有限公司 | User identity authentication method and device and electronic equipment |
| CN109218389A (en) * | 2018-07-05 | 2019-01-15 | 东软集团股份有限公司 | The method, apparatus and storage medium and electronic equipment of processing business request |
| CN109218389B (en) * | 2018-07-05 | 2021-08-27 | 东软集团股份有限公司 | Method, device and storage medium for processing service request and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102404349B (en) | 2014-05-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10708252B2 (en) | Configuring credentials to faciltate sharing data in a secure manner | |
| US20230370464A1 (en) | Systems and methods for controlling sign-on to web applications | |
| CN102843311B (en) | Based on information fusion method and the server of SNS | |
| Chandra et al. | Python requests essentials | |
| DE102018121306A1 (en) | Identity verification while respecting privacy | |
| US20160021097A1 (en) | Facilitating network authentication | |
| US9438659B2 (en) | Systems for serving website content according to user status | |
| CN101355527A (en) | Method for implementing single-point LOG striding domain name | |
| JP2011530740A (en) | Form entry and automatic password generation using digital ID | |
| US9479533B2 (en) | Time based authentication codes | |
| Ferry et al. | Security evaluation of the OAuth 2.0 framework | |
| CN109165500A (en) | A kind of single sign-on authentication system and method based on cross-domain technology | |
| US10601809B2 (en) | System and method for providing a certificate by way of a browser extension | |
| CN103229479A (en) | Website identification method and device and network system | |
| CN104394133A (en) | Login method and login system | |
| CN103414745A (en) | Mobile terminal cross-browser login method and device | |
| CN111818088A (en) | Authorization mode management method and device, computer equipment and readable storage medium | |
| CN101656609A (en) | Single sign-on method, system and device thereof | |
| CN103220307B (en) | Method for subscribing, subscription authorization method and Feeds generation servers | |
| CN102801713A (en) | Website logging-in method and system as well as accessing management platform | |
| US9449195B2 (en) | Method and apparatus to perform online credential reporting | |
| CN102404349B (en) | Single sign-on method | |
| Spasovski | OAuth 2.0 Identity and Access Management Patterns | |
| CN105656856A (en) | Resource management method and device | |
| CA2868753C (en) | Methods and software for web document specific messaging |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20211213 Address after: 250014 No. 41-1 Qianfo Shandong Road, Lixia District, Jinan City, Shandong Province Patentee after: SHANDONG CIVIC SE COMMERCIAL MIDDLEWARE Co.,Ltd. Address before: 250014 No. 41-1 Qianfo Shandong Road, Jinan City, Shandong Province Patentee before: SHANDONG CVIC SOFTWARE ENGINEERING Co.,Ltd. Patentee before: Shandong Zhongchuang software commercial middleware Co., Ltd |