CN102739405A - Authentication method for service-orientated architecture service costumer - Google Patents
Authentication method for service-orientated architecture service costumer Download PDFInfo
- Publication number
- CN102739405A CN102739405A CN2012102338403A CN201210233840A CN102739405A CN 102739405 A CN102739405 A CN 102739405A CN 2012102338403 A CN2012102338403 A CN 2012102338403A CN 201210233840 A CN201210233840 A CN 201210233840A CN 102739405 A CN102739405 A CN 102739405A
- Authority
- CN
- China
- Prior art keywords
- service
- authentication token
- consumer
- distribution person
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Telephonic Communication Services (AREA)
Abstract
The invention provides an authentication method for a service-orientated architecture service costumer. The authentication method comprises the steps as follows: a first step: the service costumer submits an authentication request to acquire an authentication token; and a second step: the service costumer carries the authentication token to call a service according to the acquired authentication token. According to the authentication method for the service-orientated architecture service costumer, provided by the invention, the service costumer monitors the practical using conditions of the service in a united manner by carrying the authentication token, enhances the service safety consumption and the controllability, and rationally controls the calling of the service.
Description
Technical field
The present invention relates to a kind of computer realm, particularly relate to a kind of Service-Oriented Architecture Based (Service-Oriented Architecture, SOA) authentication method of service consumer.
Background technology
The present invention relates to Service-Oriented Architecture Based (Service-Oriented Architecture; SOA) and Enterprise Resources Plan (Enterprise Resource Planning; ERP) e-commerce suite field; Specifically, the authentification of user mandate of service consumption is carried out in the request that the present invention relates to the service of calling in the SOA security fields through the mode of carrying authentication token (Token).
In general, be to be divided into four levels based on SOA safety: authentification of user mandate, Transport Layer Security, message layer safety, integrality.In authentification of user mandate aspect, currently service consumption is carried out the authentification of user mandate realize by WS-Security technology.
When the WS-Security technology realizes; Authenticating user identification mechanism token safe in utilization (Security Token) the checking user that WS-Security provides also judges whether client is legal in specific context; Wherein, client can be terminal use, machine, application or service.
In the authentication process, security token (Token) is inserted in the request message of client.According to the difference of security token type, the security token of some type also can be inserted in the response message of server end.
But when adopting above-mentioned WS-Security technology to realize, have following deficiency:
1, token upgrades and uses real-time not strong, and the token of server end and client does not upgrade synchronously to be realized;
2, the safety certification controllability is not strong, can not effective application to the control of reality to the service consumer request;
3, certain limitation is arranged; WS-Security adds SOAP (Simple Object Access Protocol through signing and encrypt head; Simple Object Access Protocol) in the header; Some SOA middleware product encapsulates the SOAP header, is difficult to get access to this information and does relevant miscellaneous function.
So, be necessary to provide a kind of authentication method of new Service-Oriented Architecture Based service consumer, with the technical problem that exists more than solving.
Summary of the invention
The object of the present invention is to provide a kind of authentication method of Service-Oriented Architecture Based service consumer; Service consumer is through carrying the mode of authentication token; The actual operating position of unified monitoring service can enhancement service safe consumption and controllability, and rationally the control service calls.
For solving above technical problem, the present invention provides a kind of authentication method of Service-Oriented Architecture Based service consumer, comprising:
Step 1, service consumer are submitted authentication application to, obtain authentication token;
Step 2, service consumer carry authentication token and call service according to the authentication token that obtains.
Further, in the said step 1, specifically comprise:
Step 1.1) service consumer is submitted the consumption authentication application to according to service distribution person's standard;
Step 1.2) service distribution person examines the authentication application of service consumer, and generation also distributes authentication token to give service consumer.
Further, in the said step 1.1, specifically comprise:
Step 1.1.1) service consumer is submitted the consumption authentication application to;
Step 1.1.2) service consumer receives service distribution person and examines the reception authentication token service regulation exploitation reception authentication token service of sending behind the authentication application, and offers service distribution person.
Further, in the said step 1.2, specifically comprise:
Step 1.2.1) service distribution person examines the authentication application that service consumer is submitted to, provides to receive the authentication token service regulation to service consumer;
Step 1.2.2) service distribution person calls and receives the authentication token service and test, and test provides the reception service consumer that authentication token is served to tabulate to service consumer through the back registration;
Step 1.2.3) service distribution person generates authentication token, and distributes said authentication token to give service consumer.
Further, in the said step 1.2, further comprise:
Step 1.2.4) service distribution person's pushing certification token is given service consumer, follows the tracks of and calls the result;
Step 1.2.5) after service distribution person calls successfully according to the situation of the calling judgement of service consumer, confirms that authentication token comes into force;
Step 1.2.6) service distribution person's message informing service consumer that authentication token is come into force.
Further, said step 2 specifically comprises:
Step 2.1) service consumer carries authentication token and calls service according to the authentication token that obtains;
Step 2.2) service distribution person's interception service consumer calls services request, obtains authentication token;
Step 2.3) service distribution person carries out verification to the authentication token that obtains, verification succeeds, and the clearance service invocation request, the consumer successfully calls service; Otherwise, directly return request, the message informing service consumer.
Further, said method further comprises: step 3, service distribution person regularly upgrade the authentication token with the service consumer coupling.
Further, said step 3 specifically comprises:
Step 3.1) service distribution person regularly upgrades authentication token;
Step 3.2) service distribution person pushes new authentication token and gives service consumer, pushes successfully, and then new authentication token comes into force; Otherwise push failure, new authentication token upgrades failure.
Further, said method further comprises: step 4, service distribution person cancel the authentication token that matches after receiving the notice that service consumer stops consumption service.
Further, said step 4 specifically comprises:
Step 4.1) notice that rolls off the production line of service consumer proposition stopping consumption service being given service distribution person;
Step 4.2) after service distribution person receives the notice that service consumer stops consumption service, stops the pushing certification token;
Step 4.3) service distribution person cancels the record of said service consumer from the service consumer tabulation, cancels the authentication token that matches.
Compared with prior art; The present invention provides a kind of authentication method of Service-Oriented Architecture Based service consumer; Service consumer is through carrying the authentication token access services, and the message of sending service call according to service distribution person's rule is through calling service after the verification.So, technological merit of the present invention have following some:
1, service consumer is through carrying the mode of authentication token, the actual operating position of unified monitoring service, and enhancement service safe consumption and controllability, rationally the control service calls.
2, authentication token is taked automatic propelling movement, need not artificial the participation.
3, support dynamic token, by service distribution person's regular update token, service consumption is safer.
4, support the storage mode of self-defined formulation token in service request information, obtain token and reality and dynamically control to service call.WS-Security provides can be used as a kind of mode that is used for storing token.
Description of drawings
Accompanying drawing described herein is used to provide further understanding of the present invention, constitutes a part of the present invention, and illustrative examples of the present invention and explanation thereof are used to explain the present invention, does not constitute improper qualification of the present invention.In the accompanying drawings:
Fig. 1 is the service architecture topological diagram of SOA service consumer certificate scheme.
Fig. 2 is the flow chart of the authentication method of a kind of SOA service consumer provided by the invention.
Embodiment
In order to make technical problem to be solved by this invention, technical scheme and beneficial effect clearer, clear,, the present invention is further elaborated below in conjunction with accompanying drawing and embodiment.Should be appreciated that specific embodiment described herein only in order to explanation the present invention, and be not used in qualification the present invention.
Technical scheme of the present invention is: service consumer is through carrying the mode of authentication token, the actual operating position of unified monitoring service, with enhancement service safe consumption and controllability, the calling of control service rationally, provide can reference the service call situation analysis.
As shown in Figure 1, Fig. 1 is the service architecture topological diagram of SOA service consumer certificate scheme.Can be known that by Fig. 1 the service architecture of SOA service consumer certificate scheme is divided into three layers: ground floor is the consumption layer, and is relevant with service consumer; The second layer is an authentication layers, and the authentication mechanism of service consumer consumption service is provided; The 3rd layer is the service infrastructure layer, has adopted SOA to administer theory by service bus unified management service interface, unified issue.Technology of the present invention is in the second layer, in the process of service consumer access services bus, has carried out authentication check.
As shown in Figure 2, the present invention provides a kind of authentication method of SOA service consumer, comprising:
Step 1, authentication token generate, and service consumer is submitted authentication application to, obtains the authentication initialization token; Specifically comprise:
1) service consumer is submitted the consumption authentication application to;
2) service distribution person examines the authentication application that service consumer is submitted to, provides reception authentication token service regulation to do service implementing to service consumer;
3) service consumer receives authentication token service wsdl according to the reception authentication token service regulation exploitation that receives, and offers service distribution person;
4) service distribution person calls the wsdl service and does test, and whether inspection wsdl service is normally used, and this provides the service consumer of wsdl service to tabulate to service consumer to test successfully back registration;
5) service distribution person generates the authentication initialization token; And distribute this authentication initialization token to give service consumer; Wherein, the authentication token create-rule is: service consumer numbering _ password rise time _ 8 random number, as: WW_ERP_PCCW_20120101083030_53674578.Authentication token after the generation can be encrypted through various cipher modes, records the service consumer tabulation, the authentication token that service consumer is corresponding unique.
6) service distribution person calls and receives service pushing certification token to service consumer, follows the tracks of and calls the result;
7) after service distribution person calls successfully according to the situation of the calling judgement of service consumer, confirm that authentication token comes into force;
8) service distribution person's message informing service consumer that authentication token is come into force.
Step 2, authentication token use, and service consumer carries authentication token and calls service according to the authentication token that obtains; Specifically comprise:
1) service consumer carries this authentication token and calls service according to the authentication token that obtains; Wherein, the storage mode of authentication token in service invocation request message can be stored through the security token that WS-Security carries, also can be self-defined in service interface.
2) service distribution person's interception service consumer's call request is obtained the authentication token of call request.
3) service distribution person carries out the authentication token verification to the authentication token that gets access to, if verification succeeds, the clearance service invocation request, the consumer successfully calls service; If request is directly return in the verification failure, service prompts such as prompting malloc failure malloc or authentification failure, and message informing service consumer.Wherein, The mode that interception service acquisition request token is done verification has multiple; Can encapsulate one deck filter through the interface that the SOA middleware provides, also can in the service of issue, add the function of one deck verification, also can be based on self-defined again encapsulation one deck filter on the SOA middleware.
Step 3, authentication token upgrade, and service distribution person regularly upgrades the authentication token with the service consumer coupling, and is pushed to service consumer, launches new authentication token, makes waste and old authentication token; Specifically comprise:
1) service distribution person regularly upgrades authentication token, can self-defined update rule, preserve following data:
A) authentication initialization token: be used as the operation of resetting.
B) last authentication token: be used for remedying the time difference that causes owing to reasons such as time-delays, allow within a certain period of time, carry last authentication token, new authentication token can be through the consumption authentication.
C) new authentication token: after this new authentication token comes into force, will cancel last authentication token.
2) service distribution person calls and receives service pushing certification token to service consumer, if push successfully, then new authentication token comes into force; If push failure, then new authentication token upgrades failure;
3) service distribution person will push results messages notification service consumer.
Step 4, authentication token lost efficacy, and service distribution person cancels the authentication token that matches after receiving the notice that service consumer stops consumption service; Specifically comprise:
1) notice that rolls off the production line of service consumer proposition stopping consumption service being given service distribution person;
2) after service distribution person receives the notice that service consumer stops consumption service, stop the pushing certification token;
3) service distribution person cancels the record of this service consumer from the service consumer tabulation, cancels the authentication token that matches, and the service consumer that carries this authentication token can not be through the consumption authentication, and refusal calls service;
4) service distribution person will cancel the message informing service consumer of authentication token.
The present invention provides a kind of authentication method of Service-Oriented Architecture Based service consumer, and service consumer is through carrying the authentication token access services, and the message of sending service call according to service distribution person's rule is through calling service after the verification.Through technology of the present invention, service consumer is through carrying the mode of authentication token, the actual operating position of unified monitoring service, and enhancement service safe consumption and controllability, rationally the control service calls; Authentication token is taked automatic propelling movement, need not artificial the participation, and supports dynamic token, and by service distribution person's regular update token, service consumption is safer.
Above-mentioned explanation illustrates and has described a preferred embodiment of the present invention; But as previously mentioned; Be to be understood that the present invention is not limited to the form that this paper discloses, should do not regard eliminating as, and can be used for various other combinations, modification and environment other embodiment; And can in invention contemplated scope described herein, change through the technology or the knowledge of above-mentioned instruction or association area.And change that those skilled in the art carried out and variation do not break away from the spirit and scope of the present invention, then all should be in the protection range of accompanying claims of the present invention.
Claims (10)
1. the authentication method of a Service-Oriented Architecture Based service consumer is characterized in that, comprising:
Step 1, service consumer are submitted authentication application to, obtain authentication token;
Step 2, service consumer carry authentication token and call service according to the authentication token that obtains.
2. the method for claim 1 is characterized in that, in the said step 1, specifically comprises:
Step 1.1) service consumer is submitted the consumption authentication application to according to service distribution person's standard;
Step 1.2) service distribution person examines the authentication application of service consumer, and generation also distributes authentication token to give service consumer.
3. method as claimed in claim 2 is characterized in that, in the said step 1.1, specifically comprises:
Step 1.1.1) service consumer is submitted the consumption authentication application to;
Step 1.1.2) service consumer receives service distribution person and examines the reception authentication token service regulation exploitation reception authentication token service of sending behind the authentication application, and offers service distribution person.
4. method as claimed in claim 2 is characterized in that, in the said step 1.2, specifically comprises:
Step 1.2.1) service distribution person examines the authentication application that service consumer is submitted to, provides to receive the authentication token service regulation to service consumer;
Step 1.2.2) service distribution person calls and receives the authentication token service and test, and test provides the reception service consumer that authentication token is served to tabulate to service consumer through the back registration;
Step 1.2.3) service distribution person generates authentication token, and distributes said authentication token to give service consumer.
5. method as claimed in claim 2 is characterized in that, in the said step 1.2, further comprises:
Step 1.2.4) service distribution person's pushing certification token is given service consumer, follows the tracks of and calls the result;
Step 1.2.5) after service distribution person calls successfully according to the situation of the calling judgement of service consumer, confirms that authentication token comes into force;
Step 1.2.6) service distribution person's message informing service consumer that authentication token is come into force.
6. the method for claim 1 is characterized in that, said step 2 specifically comprises:
Step 2.1) service consumer carries authentication token and calls service according to the authentication token that obtains;
Step 2.2) service distribution person's interception service consumer calls services request, obtains authentication token;
Step 2.3) service distribution person carries out verification to the authentication token that obtains, verification succeeds, and the clearance service invocation request, the consumer successfully calls service; Otherwise, directly return request, the message informing service consumer.
7. the method for claim 1 is characterized in that, said method further comprises: step 3, service distribution person regularly upgrade the authentication token with the service consumer coupling.
8. method as claimed in claim 7 is characterized in that, said step 3 specifically comprises:
Step 3.1) service distribution person regularly upgrades authentication token;
Step 3.2) service distribution person pushes new authentication token and gives service consumer, pushes successfully, and then new authentication token comes into force; Otherwise push failure, new authentication token upgrades failure.
9. the method for claim 1 is characterized in that, said method further comprises: step 4, service distribution person cancel the authentication token that matches after receiving the notice that service consumer stops consumption service.
10. method as claimed in claim 9 is characterized in that, said step 4 specifically comprises:
Step 4.1) notice that rolls off the production line of service consumer proposition stopping consumption service being given service distribution person;
Step 4.2) after service distribution person receives the notice that service consumer stops consumption service, stops the pushing certification token;
Step 4.3) service distribution person cancels the record of said service consumer from the service consumer tabulation, cancels the authentication token that matches.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012102338403A CN102739405A (en) | 2012-07-06 | 2012-07-06 | Authentication method for service-orientated architecture service costumer |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012102338403A CN102739405A (en) | 2012-07-06 | 2012-07-06 | Authentication method for service-orientated architecture service costumer |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102739405A true CN102739405A (en) | 2012-10-17 |
Family
ID=46994249
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012102338403A Pending CN102739405A (en) | 2012-07-06 | 2012-07-06 | Authentication method for service-orientated architecture service costumer |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102739405A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104754009A (en) * | 2013-12-31 | 2015-07-01 | ***通信集团广东有限公司 | Service acquisition and invocation method, device, client-side and server |
| CN105991463A (en) * | 2015-02-13 | 2016-10-05 | 阿里巴巴集团控股有限公司 | Method and system for realizing flow control, message main node, and token server |
| CN108268472A (en) * | 2016-12-30 | 2018-07-10 | 航天信息股份有限公司 | A kind of SaaS softwares mall system and its implementation |
| CN110008691A (en) * | 2019-04-16 | 2019-07-12 | 苏州浪潮智能科技有限公司 | A kind of method, system and the equipment of open interface service call |
| CN110225050A (en) * | 2019-06-20 | 2019-09-10 | 四川长虹电器股份有限公司 | The management method of JWT token |
| CN111435932A (en) * | 2019-01-14 | 2020-07-21 | 华为技术有限公司 | Token processing method and device |
| CN114567460A (en) * | 2022-01-30 | 2022-05-31 | 上海浦东发展银行股份有限公司 | Identity authentication method of ESB port to access system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101754190A (en) * | 2008-12-19 | 2010-06-23 | Tcl集团股份有限公司 | Method for establishing equipment secure access |
| CN102263809A (en) * | 2010-05-31 | 2011-11-30 | ***通信集团贵州有限公司 | Method for realizing service safety control based on enterprise service bus and apparatus thereof |
| CN102457376A (en) * | 2010-10-29 | 2012-05-16 | 中兴通讯股份有限公司 | Method and system for uniformly authenticating cloud computing services |
| CN102546648A (en) * | 2012-01-18 | 2012-07-04 | Ut斯达康通讯有限公司 | Resource access authorization method |
-
2012
- 2012-07-06 CN CN2012102338403A patent/CN102739405A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101754190A (en) * | 2008-12-19 | 2010-06-23 | Tcl集团股份有限公司 | Method for establishing equipment secure access |
| CN102263809A (en) * | 2010-05-31 | 2011-11-30 | ***通信集团贵州有限公司 | Method for realizing service safety control based on enterprise service bus and apparatus thereof |
| CN102457376A (en) * | 2010-10-29 | 2012-05-16 | 中兴通讯股份有限公司 | Method and system for uniformly authenticating cloud computing services |
| CN102546648A (en) * | 2012-01-18 | 2012-07-04 | Ut斯达康通讯有限公司 | Resource access authorization method |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104754009A (en) * | 2013-12-31 | 2015-07-01 | ***通信集团广东有限公司 | Service acquisition and invocation method, device, client-side and server |
| CN105991463A (en) * | 2015-02-13 | 2016-10-05 | 阿里巴巴集团控股有限公司 | Method and system for realizing flow control, message main node, and token server |
| CN105991463B (en) * | 2015-02-13 | 2020-12-25 | 创新先进技术有限公司 | Method, message main node, token server and system for realizing flow control |
| CN108268472A (en) * | 2016-12-30 | 2018-07-10 | 航天信息股份有限公司 | A kind of SaaS softwares mall system and its implementation |
| CN111435932A (en) * | 2019-01-14 | 2020-07-21 | 华为技术有限公司 | Token processing method and device |
| CN111435932B (en) * | 2019-01-14 | 2021-10-01 | 华为技术有限公司 | Token processing method and device |
| CN110008691A (en) * | 2019-04-16 | 2019-07-12 | 苏州浪潮智能科技有限公司 | A kind of method, system and the equipment of open interface service call |
| CN110225050A (en) * | 2019-06-20 | 2019-09-10 | 四川长虹电器股份有限公司 | The management method of JWT token |
| CN110225050B (en) * | 2019-06-20 | 2022-05-03 | 四川长虹电器股份有限公司 | JWT token management method |
| CN114567460A (en) * | 2022-01-30 | 2022-05-31 | 上海浦东发展银行股份有限公司 | Identity authentication method of ESB port to access system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102739405A (en) | Authentication method for service-orientated architecture service costumer | |
| CN101529412B (en) | Data file access control | |
| CN108197913B (en) | Payment method, system and computer readable storage medium based on block chain | |
| CN107124431B (en) | Authentication method, device, computer readable storage medium and authentication system | |
| CN109379369A (en) | Single-point logging method, device, server and storage medium | |
| CN104378342B (en) | Many accounts verification method, Apparatus and system | |
| CN112583802A (en) | Data sharing platform system and equipment based on block chain and data sharing method | |
| CN110225050B (en) | JWT token management method | |
| CN105407097B (en) | Based on third-party data furnishing method and device | |
| US11122108B2 (en) | End-to-end file transmission method and system thereof | |
| CN109150800A (en) | Login access method, system and storage medium | |
| CN104168333A (en) | Working method of PROXZONE service platform | |
| CN112187931A (en) | Session management method, device, computer equipment and storage medium | |
| CN103107994A (en) | Vitualization environment data security partition method and system | |
| CN103179176B (en) | The call method that web applies under cloud/cluster environment, device and system | |
| CN103475624A (en) | Internet of Things key management center system, key distribution system and method | |
| CN101291221B (en) | Privacy protecting method for identity of customer, and communication system, device | |
| CN105337967A (en) | Method and system for achieving target server logging by user and central server | |
| CN104579681A (en) | Identity authentication system for mutual-trust application systems | |
| CN105792095A (en) | Secret key negotiation method and system for MTC (Machine Type Communication) packet communication and network entity | |
| CN113141404B (en) | Intelligent gateway and data sharing system | |
| CN112751800B (en) | Authentication method and device | |
| CN101145912A (en) | An electronic order secure transmission method based on ebMS | |
| CN102523335B (en) | Mobile terminal middleware system oriented to virtual community application | |
| CN113869901B (en) | Key generation method, key generation device, computer-readable storage medium and computer equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C53 | Correction of patent of invention or patent application | ||
| CB02 | Change of applicant information |
Address after: 518057 Guangdong city of Shenzhen province Nanshan District South Road seven No. 002 Shenzhen Digital Technology Park B1 building 6 floor A District No. 1 Applicant after: Shenzhen Vispractice Technology Corporation Address before: 518057, Guangdong Province, Nanshan District hi tech Zone, North Road, Lang Lang, No. 13 Thunis building, C,, C302 Applicant before: Shenzhen Vispractice Technology Corporation |
|
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20121017 |