Log in the method and device of application server
Technical field
The present invention relates to information security field, more particularly to a kind of method and device logging in application server.
Background technology
APP, also referred to as application program or client refer to the program that various application services are provided for terminal user.Terminal
User can be mobile phone user, can also be tablet user, can also be enterprise terminal.In general, an APP only gives terminal user
A type of application service being provided, such as shopping client only provides shopping service, game client only provides game services,
Books read the reading service that client only provides electronic data.Therefore, if terminal user needs a variety of services, it is necessary to more
A client.
A part of APP can provide service without the corresponding application server of end user logs, but more APP are needed
It wants user's registration and could provide service after logging in corresponding application server or expansion service is provided.Such as shopping client needs
It wants user to log in shopping website, confirm that ship-to and payment method could do shopping, game client is in user's registration
And the value-added service of game role, game article, game item etc. is provided after logging in, books read client after the user logs
The purchase service of e-book is provided.As it can be seen that logging in after application server, offer service or offer expansion service can be to terminals
User provides the main direction of development of preferably service and APP profits.
It needs to send account and password to corresponding application service by client when end user logs application server
Device, application server are authenticated the permission of terminal user, and certification provides corresponding service after passing through.In the prior art, such as
The service that fruit terminal user is needed while being provided using multiple client needs to log in multiple clothes using different clients respectively
Business device, operation is extremely cumbersome, also adds the burden of network communication, meanwhile, multiple application servers are also required to terminal user
Permission carry out multiple certification, waste the resource of application server, and when terminal user logs in every time is required for the input phase to answer
Account and password, increase the security risk of system.
In addition, if terminal user needs the service that a variety of APP are provided, it is necessary to multiple APP are installed in terminal, for
Terminal resource is also a kind of waste.Particularly, for enterprise terminal, used client may be enterprise-level client, need
It wants special network management personnel to install and safeguard, can be considerably increased in each enterprise terminal installation multiple client
The workload and maintenance of network management personnel.
Invention content
A kind of method and device logging in application server is provided in the embodiment of the present invention, can solve terminal user simultaneously
Log in cumbersome when multiple application servers, and installation multiple client is to the occupation problem of terminal resource.
In order to solve the above-mentioned technical problem, the embodiment of the invention discloses following technical solutions:
On the one hand, a kind of method logging in application server is provided, the method includes:
Client has been installed in publication, and setting accesses parameter, and the access parameter includes:Client name, client correspond to
The IP address of application server, end user logs application server login account and login password;
The access request of terminal user is received, and the access request is authenticated, if the certification passes through, is allowed
Terminal user selects the client logged in from the client of publication;
According to the client that the terminal user selects to log in, it is corresponding from the access parameter to obtain the client
The login account and login password of application server described in the IP address and end user logs of application server;
According to the IP address of the application server, the login account of the terminal user and login password are sent to pair
The client-server answered;
The login confirmation message for receiving the client-server feedback, makes application service described in the end user logs
Device.
Optionally, before client has been installed in the publication, the method further includes:
User group is created, the group policy of the user group is set, and the group policy includes the grouping of terminal user, Mei Geyong
The application server that the access rights of family group, each terminal user can log in;
It is described that the access request is authenticated, including:
The access request is authenticated according to the group policy.
Optionally, described that the access request is authenticated according to the group policy, including:
Obtain the user group where the terminal user;
Whether the user group where judging the terminal user has access rights;
If user group where the terminal user has access rights, judge the terminal user access account and
Whether correct password is accessed, if the access account of the terminal user and access password are correct, it is determined that the terminal user is logical
Cross certification.
Optionally, if after the certification of the access request passes through, the method further includes:
The application server that the terminal user can log in is obtained according to the group policy;
Application server list that the terminal user can log in is fed back to the terminal user, so that the terminal user
The client logged in is selected from the client side list.
On the other hand, a kind of device logging in application server is provided, described device includes:
Delivery platform unit has installed client for issuing, and setting accesses parameter, and the access parameter includes:Client
Hold title, the IP address of the corresponding application server of client, the login account of end user logs application server and login
Password;
Authentication unit, the access request for receiving terminal user, and the access request is authenticated, if described recognize
Card passes through, then terminal user is allowed to select the client logged in from the client of publication;
Acquiring unit, the client for selecting to log according to the terminal user, institute is obtained from the access parameter
State the corresponding application server of client IP address and end user logs described in application server login account and step on
Record password;
Telnet unit, for the IP address according to the application server, by the client account of the terminal user
Number and client password be sent to corresponding client-server;
Receiving unit, the login confirmation message for receiving the client-server feedback, makes the terminal user step on
Record the application server.
Optionally, described device further includes:
For creating user group the group policy of the user group is arranged, the group policy includes eventually in user group creating unit
The application server that being grouped of end subscriber, the access rights of each user group, each terminal user can log in;
The authentication unit is additionally operable to be authenticated the access request according to the group policy.
Optionally, the authentication unit is additionally operable to:
Obtain the user group where the terminal user;
Whether the user group where judging the terminal user has access rights;
If user group where the terminal user has access rights, judge the terminal user access account and
Whether correct password is accessed, if the access account of the terminal user and access password are correct, it is determined that the terminal user is logical
Cross certification.
Optionally, described device further includes display unit, can be stepped on for obtaining the terminal user according to the group policy
The application server of record;
The display unit, which is additionally operable to feed back application server list to the terminal that the terminal user can log in, to be used
Family, so that the terminal user selects the client logged in from the client side list.
The third aspect, provides a kind of device logging in application server, and described device includes:
Delivery platform has installed client for issuing, and setting accesses parameter, and the access parameter includes:Client name
Claim, the login account and login password of the IP address of the corresponding application server of client, end user logs application server;
Server, the access request for receiving terminal user are controlled in domain, and are authenticated to the access request, if described
Certification passes through, then terminal user is allowed to select the client logged in from the client of publication;
Receiver, the client for selecting to log according to the terminal user, from the access parameter described in acquisition
The login account of application server and login described in the IP address and end user logs of the corresponding application server of client
Password;
Telnet server, for the IP address according to the application server, by the login account of the terminal user
Number and login password be sent to corresponding client-server;
Telnet server is additionally operable to receive the login confirmation message of the client-server feedback, makes the terminal
User logs in the application server.
Optionally, described device further includes concentrating assets authentication platform, for obtaining the terminal according to the group policy
The application server that user can log in;
It is described that assets authentication platform is concentrated to be additionally operable to feed back application server list that the terminal user can log in institute
Terminal user is stated, so that the terminal user selects the client logged in from the client side list.
A kind of method logging in application server is disclosed in the embodiment of the present invention, client has been installed in publication, is arranged
Parameter is accessed, the access request of terminal user is verified, allows terminal user to select to step on from the client of publication after being verified
The client of record, and the client for selecting to log according to terminal user, the client pair is obtained from the access parameter
The IP address for the application server answered and user log in the account and password of the application server, make end user logs institute
State application server.Method using the present invention, when terminal user needs to log in multiple application servers, it is only necessary to be selected
Corresponding client simplifies operation, improves efficiency without inputting multiple accounts and password;Meanwhile using the present invention
Method, terminal user reduces the occupancy to terminal resource without installing client.
Description of the drawings
It in order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, below will be to institute in embodiment
Attached drawing to be used is needed to be briefly described, it should be apparent that, the accompanying drawings in the following description is only some implementations of the present invention
Example, for those of ordinary skill in the art, without creative efforts, can also obtain according to these attached drawings
Obtain other attached drawings.
Fig. 1 show a kind of flow chart of the method for login application server of the embodiment of the present invention;
Fig. 2 show a kind of flow chart of the method for login application server of another embodiment of the present invention;
Fig. 3 show a kind of structural schematic diagram of the device of login application server of the embodiment of the present invention;
Fig. 4 show the schematic diagram of the application scenarios of the prior art;
Fig. 5 show the schematic diagram of the application scenarios of the embodiment of the present invention.
Specific implementation mode
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Whole description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, those of ordinary skill in the art are obtained every other without creative efforts
Embodiment shall fall within the protection scope of the present invention.
Following examples of the present invention provide a kind of method and apparatus logging in application server, simplify terminal user and step on
The step of recording application server avoids occupancy of the installation client to terminal resource.
The method and apparatus that Fig. 1 show a kind of login application server of the embodiment of the present invention are applied to log in application
Server unit, as shown in Figure 1, the method includes:
Step 101, it logs in the publication of application server device and client has been installed, setting accesses parameter.
The access parameter includes:The IP address of the corresponding application server of client name, client, terminal user step on
Record the login account and login password of application server.
In the embodiment of the present invention, mounted client have it is multiple, therefore issue client also have it is multiple.The visitor of publication
The form that list may be used in family end shows user, for selection by the user.Batch setting can be carried out to having installed client,
In order to which subsequent batch logs in.
In the embodiment of the present invention, client, which is installed in, to be logged on application server device, and terminal user is more without installing
A client can save the resource of terminal;When client upgrades or optimizes, also only need logging in application server device
On be updated, terminal user is without update.
Step 102, the access request that application server device receives terminal user is logged in, and the access request is carried out
Certification allows terminal user to select the client logged in from the client of publication if the certification passes through.
It logs in application server device to be authenticated the access request of user, the security performance of system can be improved.
Step 103, the client that application server device selects to log according to terminal user is logged in, from the access parameter
The login of application server described in the middle IP address for obtaining the corresponding application server of the client and end user logs
Account and login password;
Step 104, IP address of the application server device according to the application server is logged in, by the terminal user's
Account logs in account number and login password is sent to corresponding client-server.
Client-server receive log in application server device send login account and login password after, and
The login account and login password of preservation are matched, if successful match, the login account are allowed to log in, and send and step on
Confirmation message is recorded to login application server device.
Step 105, the login confirmation message that application server device receives the client-server feedback is logged in, institute is made
It states user and logs in the application server.
If it is multiple that user selects the client-server logged in have, can be logged in batches using the method for the present embodiment.
Batch, which logs in, may be used the progress of the communication modes such as " a key CRT modes " and " a key FTP modes ".
Client has been installed in the method for the embodiment of the present invention, publication, and setting accesses parameter, verifies the access of terminal user
Request allows terminal user to select the client logged in from the client of publication after being verified, and according to terminal user
The client logged in is selected, the IP address and use of the corresponding application server of the client are obtained from the access parameter
Family logs in the account and password of the application server, makes application server described in end user logs.Side using the present invention
Method, when terminal user needs to log in multiple application servers, it is only necessary to it carries out selecting corresponding client, it is more without inputting
A account and password simplify operation, improve efficiency;Meanwhile method using the present invention, terminal user is without installing client
End, reduces the occupancy to terminal resource.
Optionally, before step 101, i.e., described before issuing multiple client in another embodiment of the present invention
Method further includes:
User group is created, the group policy of the user group is set.The group policy includes the grouping of terminal user, Mei Geyong
The application server that the access rights of family group, each terminal user can log in.
Optionally, described that access request is authenticated in step 102, including:
According to the group policy, the access request is authenticated.
Optionally, described that the access request is authenticated according to group policy, including:
Obtain the user group where the terminal user;
Whether the user group where judging the terminal user has access rights;
If user group where the terminal user has access rights, judge the terminal user access account and
Whether correct password is accessed, if the access account of the terminal user and access password are correct, it is determined that the terminal user is logical
Cross certification.
In the present embodiment, if logging in application server device is positioned to allow for the end-user access in this domain, terminal
It can include the domain information residing for terminal user in the access request of user.
User group is created, the group policy of the user group is set, the access request is authenticated according to group policy, it can
To increase the security performance of system.
Optionally, after step 102, after the certification of the even described access request passes through, the method further includes:
The application server that the terminal user can log in is obtained according to the group policy;
Application server list that the terminal user can log in is fed back to the terminal user, so that the terminal user
The client logged in is selected from the client side list.
Fig. 2 show a kind of flow chart of the method for login application server of the embodiment of the present invention, the method includes:
Step 201, it logs in application server device and creates user group, the group policy of the user group is set.
The group policy, which includes being grouped of terminal user, the access rights of each user group, each terminal user, to be logged in
Application server.
Step 202, it logs in the publication of application server device and client has been installed, setting accesses parameter.
The access parameter includes:The IP address of the corresponding application server of client name, client, terminal user step on
Record the login account and login password of application server;
Step 203, the access request that application server device receives terminal user is logged in, and the access request is carried out
Certification goes to step 204 if certification does not pass through, if certification passes through, goes to step 205.
Step 204, it logs in application server device and refuses end-user access, and warning terminal user is without access rights.
Step 205, it logs in application server device and the application that the terminal user can log in is obtained according to the group policy
Server;
Step 206, it logs in application server device and feeds back application server list that the terminal user can log in institute
Terminal user is stated, so that the terminal user selects the client logged in from the client side list.
Step 207, the client that application server device selects to log according to terminal user is logged in, from the access parameter
The login of application server described in the middle IP address for obtaining the corresponding application server of the client and end user logs
Account and login password.
Step 208, IP address of the application server device according to the application server is logged in, by the terminal user's
Login account and login password are sent to corresponding client-server.
Step 209, the login confirmation message that application server device receives the client-server feedback is logged in, institute is made
State application server described in end user logs.
Method using the present invention, when user needs to log in multiple application servers, it is only necessary to carry out selecting corresponding visitor
Family end simplifies operation, improves efficiency without inputting multiple accounts and password;Meanwhile method using the present invention,
Terminal user reduces the occupancy to terminal resource without installing client.
Corresponding with above method embodiment, the present invention also provides a kind of dresses of the login application server of embodiment
It sets, as shown in figure 3, described device includes:
Delivery platform unit 301 has installed client for issuing, and setting accesses parameter, and the access parameter includes:Visitor
Family end title, the IP address of the corresponding application server of client, end user logs application server login account and step on
Record password;
Authentication unit 302, the access request for receiving terminal user, and the access request is authenticated, if institute
It states certification to pass through, then terminal user is allowed to select the client logged in from the client of publication;
Acquiring unit 303, the client for selecting to log according to terminal user, from the access parameter described in acquisition
The login account of application server and login described in the IP address and end user logs of the corresponding application server of client
Password;
Telnet unit 304, for the IP address according to the application server, by the login account of the terminal user
Number and login password be sent to corresponding client-server;
Receiving unit 305, the login confirmation message for receiving the client-server feedback, makes the terminal user
Log in the application server.
Optionally, described device further includes:
For creating user group the group policy of the user group is arranged, the group policy includes eventually in user group creating unit
The application server that being grouped of end subscriber, the access rights of each user group, each terminal user can log in.
The authentication unit 302 is additionally operable to, according to the group policy, be authenticated the access request.
Optionally, the authentication unit 302 is additionally operable to:
Obtain the user group where the terminal user;
Whether the user group where judging the terminal user has access rights;
If user group where the terminal user has access rights, judge the terminal user access account and
Whether correct password is accessed, if the access account of the terminal user and access password are correct, it is determined that the terminal user is logical
Cross certification.
Optionally, described device further includes display unit, can be stepped on for obtaining the terminal user according to the group policy
The application server of record;
The display unit, which is additionally operable to feed back application server list to the terminal that the terminal user can log in, to be used
Family, so that the terminal user selects the client logged in from the client side list.
Using the device of the embodiment of the present invention, when user needs to log in multiple application servers, it is only necessary to carry out selection pair
The client answered simplifies operation, improves efficiency without inputting multiple accounts and password;Meanwhile it is using the present invention
Method, terminal user reduce the occupancy to terminal resource without installing client.
The embodiment of the present invention additionally provides a kind of device logging in application server, and described device includes:
Delivery platform has installed client for issuing, and setting accesses parameter, and the access parameter includes:Client name
Claim, the login account and login password of the IP address of the corresponding application server of client, end user logs application server;
Server, the access request for receiving terminal user are controlled in domain, and are authenticated to the access request, if described
Certification passes through, then terminal user is allowed to select the client logged in from the client of publication;
Receiver, the client for selecting to log according to terminal user, the client is obtained from the access parameter
Hold corresponding application server IP address and end user logs described in application server login account and login password;
Telnet server, for the IP address according to the application server, by the login account of the terminal user
Number and login password be sent to corresponding client-server;
Telnet server is additionally operable to receive the login confirmation message of the client-server feedback, makes the terminal
User logs in the application server.
Optionally, described device further includes concentrating assets authentication platform, for obtaining the terminal according to the group policy
The application server that user can log in;
It is described that assets authentication platform is concentrated to be additionally operable to feed back application server list that the terminal user can log in institute
Terminal user is stated, so that the terminal user selects the client logged in from the client side list.
Using the device of the embodiment of the present invention, when user needs to log in multiple application servers, it is only necessary to carry out selection pair
The client answered simplifies operation, improves efficiency without inputting multiple accounts and password;Meanwhile it is using the present invention
Method, terminal user reduce the occupancy to terminal resource without installing client.
Fig. 4 show the schematic diagram of a scenario in the prior art for logging in application server, as shown in figure 4, terminal user
401, be separately installed with multiple client on 402,403, it is assumed that the client installed in each client is identical, be all a, b, c,
D, the corresponding application server of client is respectively A, B, C, D.
In the prior art, terminal user 401,402,403 needs the service that client a, b, c, d are provided, a, b, c, d to provide
It is respectively necessary for logging in application server A, B, C, D before service.
As shown in figure 4, each terminal user is assembled with multiple client, each terminal user passes through multiple client
Corresponding application server is logged in, operation is extremely cumbersome, also adds the burden of network communication.
Fig. 5 show the schematic diagram of the application scenarios of the embodiment of the present invention, as shown in fig. 5, it is assumed that terminal user 501,
502,503 need client a, b, c, d provide service, the corresponding application server of client a, b, c, d be respectively A, B, C,
D。
In application scenarios shown in fig. 5, terminal user is mounted on the present invention without installing client, client a, b, c, d
Device 510 on.Terminal user 501,502,503 accesses the device of the invention 510, selects the client to be opened.The present invention
Device 510 according to the selection of terminal user, it is automatic to obtain account and password and log in corresponding application server.
As it can be seen that in the present embodiment, terminal user reduces the occupancy to terminal resource without installing multiple client;This
Outside, when user needs to log in multiple application servers, it is only necessary to carry out selecting corresponding client, without inputting multiple accounts
Number and password, simplify operation, improve efficiency.
A kind of method and apparatus logging in application server are disclosed in the embodiment of the present invention, client has been installed in publication
End, setting access parameter, verify the access request of terminal user, allow terminal user from the client of publication after being verified
The client logged in, and the client for selecting to log according to terminal user are selected, the visitor is obtained from the access parameter
The account and password of application server, make terminal described in the IP address and end user logs of the corresponding application server in family end
User logs in the application server.Method using the present invention when terminal user needs to log in multiple application servers, only needs
It carries out selecting corresponding client, without inputting multiple accounts and password, simplifies operation, improve efficiency;Meanwhile
Method using the present invention, terminal user reduce the occupancy to terminal resource without installing client.
It is required that those skilled in the art can be understood that the technology in the embodiment of the present invention can add by software
The mode of common hardware realize that common hardware includes universal integrated circuit, universal cpu, general-purpose storage, universal elements
Deng, naturally it is also possible to by specialized hardware include application-specific integrated circuit, dedicated cpu, private memory, special components and parts etc. come real
It is existing, but the former is more preferably embodiment in many cases.Based on this understanding, the technical solution sheet in the embodiment of the present invention
The part that contributes to existing technology can be expressed in the form of software products in other words in matter, computer software production
Product can be stored in a storage medium, as read-only memory (ROM, Read-Only Memory), random access memory (RAM,
Random Access Memory), magnetic disc, CD etc., including some instructions are used so that a computer equipment (can be
People's computer, server either network equipment etc.) it executes described in certain parts of each embodiment of the present invention or embodiment
Method.
Each embodiment in this specification is described in a progressive manner, identical similar portion between each embodiment
Point just to refer each other, and each embodiment focuses on the differences from other embodiments.Especially for system reality
For applying example, since it is substantially similar to the method embodiment, so description is fairly simple, related place is referring to embodiment of the method
Part explanation.
The embodiments of the present invention described above are not intended to limit the scope of the present invention.It is any in the present invention
Spirit and principle within made by modifications, equivalent substitutions and improvements etc., should all be included in the protection scope of the present invention.