CN106209913A - Data access method and device - Google Patents

Data access method and device Download PDF

Info

Publication number
CN106209913A
CN106209913A CN201610790320.0A CN201610790320A CN106209913A CN 106209913 A CN106209913 A CN 106209913A CN 201610790320 A CN201610790320 A CN 201610790320A CN 106209913 A CN106209913 A CN 106209913A
Authority
CN
China
Prior art keywords
user
authorization
data
authorization data
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610790320.0A
Other languages
Chinese (zh)
Other versions
CN106209913B (en
Inventor
夏金龙
朱金华
顾庆荣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
JIANGSU TIANLIAN INFORMATION TECHNOLOGY DEVELOPMENT Co Ltd
Original Assignee
JIANGSU TIANLIAN INFORMATION TECHNOLOGY DEVELOPMENT Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by JIANGSU TIANLIAN INFORMATION TECHNOLOGY DEVELOPMENT Co Ltd filed Critical JIANGSU TIANLIAN INFORMATION TECHNOLOGY DEVELOPMENT Co Ltd
Priority to CN201610790320.0A priority Critical patent/CN106209913B/en
Publication of CN106209913A publication Critical patent/CN106209913A/en
Application granted granted Critical
Publication of CN106209913B publication Critical patent/CN106209913B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Telephonic Communication Services (AREA)

Abstract

Data access method and device, described method includes: when receiving the resource access request of user, it is judged that whether described user is logged-in user;When determining described user for logged-in user, obtain, from corresponding authorization center, the authorization data that described user is corresponding;Based on acquired authorization data, it is judged that described resource access request is the most legal;When determining that described resource access request is legal, corresponding data are returned to described user.Above-mentioned scheme, can improve the motility of the resources accessing control of application system when single-sign-on.

Description

Data access method and device
Technical field
The present invention relates to areas of information technology, particularly relate to a kind of data access method and device.
Background technology
Single-sign-on (Single Sign On, SSO) be the solution integrated of the most popular business event it One, the current log-on message of user can be mapped in other application systems by it so that user has only to log in the most just may be used Access multiple application systems of all mutual trusts.
Unified authentication center is one of premise of single-sign-on.Authentication is centrally through stepping on of user being inputted Record information and user information database compare, and user is carried out login authentication.When to user authentication success, authentication center Generate unified authentication marks (ticket) and return to user.The application system of mutual trust is by extracting and identifying certification mark Whether will information, just can have logged on automatic decision active user, thus complete the function of single-sign-on.
But, existing single-point logging method, the problem that there is very flexible in terms of resources accessing control.
Summary of the invention
The problem that the embodiment of the present invention solves is how to improve the resources accessing control of application system when single-sign-on Motility.
For solving the problems referred to above, embodiments provide a kind of data access method, including: when receiving user's During resource access request, it is judged that whether described user is logged-in user;When determining described user for logged-in user, from right The authorization center answered obtains the authorization data that described user is corresponding;Based on acquired authorization data, it is judged that described resource accesses It is the most legal to ask;When determining that described resource access request is legal, corresponding data are returned to described user.
Alternatively, described authorization data includes the information of the role of the user resource corresponding with role.
Alternatively, the described authorization data corresponding from the corresponding authorization center described user of acquisition, including: to authentication Center sends corresponding authorization data query interface and obtains request, so that described authentication center is based on described authorization data Query interface obtains request, determines the information of mandates system of correspondence, and based on determined by authorize system, determine corresponding awarding Weigh the information of data-query interfaces and send;Receive the authorization data query interface of the correspondence that described authentication center sends Information, and by the authorization data query interface of described correspondence, obtain, from corresponding authorization center, the mandate that described user is corresponding Data.
Alternatively, described authorization center includes concentrating authorization center and more than one independent authentication centre;Wherein, described Authorization center is concentrated to include the authorization data using the application system of public mandate system;Described independent authentication centre includes using The authorization data of the application system of independent authorization system.
Alternatively, the described authorization data query interface by described correspondence, obtain described use from corresponding authorization center The authorization data that family is corresponding, including: by the corresponding common authentication query interface arranged in cas system service end, from right The concentration authorization center answered obtains the authorization data that described user is corresponding;Independently recognizing of correspondence is obtained from cas system service end The information of card query interface, and by acquired independent authentication query interface, obtain described from corresponding independent authentication centre The authorization data that user is corresponding.
The embodiment of the present invention additionally provides a kind of DAA, including: the first judging unit, be suitable to when receiving use During the resource access request at family, it is judged that whether described user is logged-in user;Data capture unit, is suitable to when determining described use When family is logged-in user, obtain, from corresponding authorization center, the authorization data that described user is corresponding;Second judging unit, is suitable to Based on acquired authorization data, it is judged that described resource access request is the most legal;Data providing unit, is suitable to when determining described When resource access request is legal, corresponding data are returned to described user.
Alternatively, described authorization data includes the information of the role of the user resource corresponding with role.
Alternatively, described data capture unit, be suitable to send corresponding authorization data query interface to authentication center Obtain request, so that described authentication center obtains request based on described authorization data query interface, determine awarding of correspondence The information of power system, and based on determined by authorize system, determine the information of authorization data query interface of correspondence and send;Connect Receive the information of the corresponding authorization data query interface that described authentication center sends, and by the authorization data of described correspondence Query interface, obtains, from corresponding authorization center, the authorization data that described user is corresponding.
Alternatively, described authorization center includes concentrating authorization center and more than one independent authentication centre;Wherein, described Authorization center is concentrated to include the authorization data using the application system of public mandate system;Described independent authentication centre includes using The authorization data of the application system of independent authorization system.
Alternatively, described authorization data acquiring unit, be suitable to corresponding public by arrange in cas system service end Authentication challenge interface, obtains, from corresponding concentration authorization center, the authorization data that described user is corresponding;From cas system service end Obtain the information of corresponding independent authentication query interface, and by acquired independent authentication query interface, from corresponding independence Authorization center obtains the authorization data that described user is corresponding.
Compared with prior art, technical scheme has the advantage that
Above-mentioned scheme, by increasing in the heart the authorization data of correspondence in authentication for user, can visit user When asking the resource of application system, according to the mandate system of application system at the resource place that user accesses, obtain user corresponding Authorization data, the most legal to determine the resource access request of user, by the authorization data different for different user setups, The resource of the application system that user accesses can be controlled, thus the spirit of the resources accessing control of application system can be improved Activity, adapts to the requirements for access to different user of different application systems.
Accompanying drawing explanation
Fig. 1 is the flow chart of a kind of data access method in the embodiment of the present invention;
Fig. 2 is the structural representation of a kind of authentication authoring system in the embodiment of the present invention;
Fig. 3 is the interaction flow schematic diagram between authentication authoring system and user in the embodiment of the present invention;
Fig. 4 is the body structure schematic diagram of a kind of DAA in the embodiment of the present invention.
Detailed description of the invention
For solving the above-mentioned problems in the prior art, the technical scheme that the embodiment of the present invention uses is by recognizing in identity Card increases for user in the heart the authorization data of correspondence, can access according to user when user accesses the resource of application system The mandate system of application system at resource place, obtain the authorization data that user is corresponding, with determine that the resource of user accesses please Seeking Truth is no legal, by the authorization data different for different user setups, and can be to the resource of the application system that user accesses Be controlled, thus the motility of the resources accessing control of application system can be improved, adapt to different application systems to difference The requirements for access of user.
Understandable, below in conjunction with the accompanying drawings to the present invention for enabling the above-mentioned purpose of the present invention, feature and advantage to become apparent from Specific embodiment be described in detail.
Fig. 1 shows the flow chart of a kind of data access method in the embodiment of the present invention.Seeing Fig. 1, the present invention implements Data access method in example can comprise the following steps that
Step S101: when receiving the resource access request of user, it is judged that whether described user is logged-in user;When When judged result is no, step S102 can be performed;Otherwise, then step S103 can be performed.
In being embodied as, can be by the information extracted with identify corresponding certification mark, it is judged that whether user is Login user.
Step S102: jump to authentication login interface, guides described user to re-start login.
In being embodied as, when determine user corresponding certification mark do not exist or be incorrect time, determine described user For being not fully complete authentication.At this point it is possible to transcription interface is stepped in the authentication skipping to authentication center, guide user the most defeated Enter authentication information, so that authentication center carries out authentication to user.
Step S103: obtain the authorization data that described user is corresponding from corresponding authorization center.
In being embodied as, the mandate system that application system is used can be configured according to the actual needs.At this Inventing in an embodiment, application system can use concentration mandate system and independent authorization system.Wherein, concentration is used to authorize body The authorization data that the application system of system is corresponding leaves concentration authorization center in, uses the mandate of the application system of independent authorization system Data leave the independent authentication centre of correspondence in.The application system that user currently logs in is obtaining the authorization data that user is corresponding Time, the mandate system difference that can be used according to application system, obtain, from corresponding authorization center, the mandate number that user is corresponding According to.
Step S104: based on acquired authorization data, it is judged that the resource access request of described user is the most legal;When sentencing When disconnected result is for being, step S105 can be performed;Otherwise, then step S106 can be performed.
In being embodied as, based on acquired authorization data, it may be determined that whether the resource access request that user sends Legal, i.e. user's access rights to being asked the data accessed whether to have correspondence.
Step S105: corresponding data are returned to described user.
In being embodied as, when the resource access request determining user's application system to currently logging in is legal, permissible Corresponding data are returned to user, so that user can get the data of correspondence.
Step S106: return the unallowed information of resource access request to described user.
In being embodied as, when the resource access request determining user is illegal, show that user is to being asked access Data do not have corresponding access rights.At this point it is possible to return the unallowed information of resource access request to user, so that Obtain user and know that oneself corresponding resource is not had access rights, thus stop current resource and access behavior.
Below in conjunction with Fig. 2 and Fig. 3, the data access method in the embodiment of the present invention is described in detail.
In order to make it easy to understand, will first the authentication authoring system in the embodiment of the present invention be introduced below.
Seeing Fig. 2, a kind of authentication authoring system in the embodiment of the present invention may include that authentication authorization center 21 and multiple application system, i.e. application system 1~application system M.Authentication authorization center 21 includes authentication center 211 With authorization center 212, authorization center 212 includes that one is concentrated authorization center 2121 and multiple independent authentication centre 2122, the most solely Vertical authorization center 1~independent authentication centre N.
Wherein, concentrate authorization center 2121 for storing the mandate number of the user using the application system concentrating mandate system According to;The user that multiple independent authentication centre 2022 are respectively used to the application system using independent authorization system corresponding to storage is corresponding Authorization data.
The operation principle of the authentication authoring system described in Fig. 2 will be described in detail below.
Seeing Fig. 3, user, when accessing the data in application system, can comprise the following steps that
Step S301: authentication center receives the authentication information of user's input.
In being embodied as, authentication center can provide a user with corresponding authentication login interface, Yong Hutong Cross authentication login interface fill in and submit authentication information to.
Step S302: the authentication information that user is inputted by authentication center is authenticated;When the authentication fails, may be used To perform step S303, until the authentication success to user;Otherwise, then step S304 can be performed.
In being embodied as, in the authentication information that user is inputted by authentication center and the authentication database of self Authentication information compare, to determine whether there is the authentication information matched, may thereby determine that user Authentication success or not.
Step S303: authentication center jumps to authentication login interface, guides user to re-start login.
In being embodied as, authentication center is in determining the authentication information and authentication database that user submits to Authentication failure when authentication information is not mated, to user.
Now, authentication center can jump to authentication login interface again, so that user re-enters body Part authentication information, re-starts certification with the authentication information re-entered based on user to the authentication information of user.
Step S304: authentication center sends the successful information of certification of correspondence to user.
In being embodied as, when authentication center is to authenticating user identification success, can be to the success of user's return authentication Information so that user can continue follow-up operation.
Step S305: user sends corresponding resource access request.
In being embodied as, when receiving the successful information of certification of correspondence, user can be according to actual need Want, the resource in the application system of mutual trust is conducted interviews.
Step S306: corresponding application system judges whether described user is logged-in user;When judged result is for being, Step S307 can be performed;Otherwise, then step S303 can be performed.
In being embodied as, authentication center is when to the authentication of described user and certification success, raw for user Become corresponding authentication marks, and be associated with user.The application system of mutual trust by extracting and can identify recognizing of user Card mark, it is judged that whether user is logged-in user.
In being embodied as, when authentication center is to the authentication success of user, user becomes with login user. Logged-in user can be according to the actual needs by sending resource access request, to obtain to multiple application systems of mutual trust Take the data of correspondence.The resource of user, when receiving the resource access request of user, can be accessed by corresponding application system Request intercepts, and by extracting and identifying that the certification of user identifies, it is determined that whether described user is logged-in user.
Step S307: corresponding application system sends corresponding authorization data query interface acquisition to authentication center please Ask.
In being embodied as, corresponding application system is determining that the user sending resource access request is logged-in user Time, corresponding authorization data query interface can be sent to authentication center and obtain request, with the authorization data by obtaining Query interface obtains, from corresponding authorization center inquiry, the authorization data that logged-in user is corresponding.
Step S308: the information of corresponding authorization data query interface is sent to corresponding application system by authentication center System.
In being embodied as, authentication center obtains at the authorization data query interface receiving application system transmission please When asking, first can obtain the information of the application system mark that obtain correspondence request from the authorization data that received, and based on Accessed application system mark determines the information of the mandate system that the application system that user currently logs in used, and according to The information of the mandate system that the application system that user currently logs in is used, sends out the information of corresponding authorization data query interface Deliver to application system.
In an embodiment of the present invention, authorization center includes that one is concentrated authorization center and multiple independent authentication centre, collection Middle authorization center and independent authentication centre can arrange different query interfaces.Correspondingly, application system is in inquiry difference Authorization center in authorization data time, need by different authentication challenge interface polls obtain correspondence authorization data.
In an embodiment of the present invention, authentication center is condition visitation system (CAS).In cas system service end It is provided with common authentication query interface and multiple independent authentication query interface.Wherein, common authentication query interface is used for query set Authorization data in middle authorization center, multiple independent authentication query interfaces are respectively used in the independent authentication centre that inquiry is corresponding Authorization data.
Authentication center is determining that the mandate system that the application system that user currently logs in is used authorizes body for concentrating When being, the information of the common authentication query interface arranged in cas system service end can be sent to the application system of correspondence;? Determine when the mandate system that the application system of correspondence is used is independent authorization system, only by what cas system service end was arranged The information of vertical authentication challenge interface is sent to the application system of correspondence.
Step S309: corresponding application system inquires about described logged-in user pair by corresponding authorization data query interface The authorization data answered.
In being embodied as, the application system that user currently logs in is getting the authorization data that authentication center sends The information of query interface, can be corresponding by the user of corresponding authorization data query interface acquisition transmission resource access request Authorization data.
In an embodiment of the present invention, the mandate system that the application system that user currently logs in uses is public mandate system Time, can obtain sending money from concentrating authorization center inquiry by the common authentication query interface arranged in cas system service end The information of the authorization data that the user of source access request is corresponding;The mandate system that the application system that user currently logs in is used is During independent authorization system, can be by the corresponding independent authentication query interface arranged in cas system service end, from corresponding only Vertical authorization center obtains the information sending authorization data corresponding to the user of resource access request.
Step S310: corresponding application system is based on acquired authorization data, it is judged that the resource of described user accesses please Seeking Truth is no legal;When judged result is for being, step S311 can be performed;Otherwise, then step S312 can be performed.
In being embodied as, the application system that user currently logs in is when inquiry obtains the authorization data of correspondence, the most permissible Know the information of role that logged-in user the is corresponding resource corresponding with role, and the resource that will send from logged-in user accesses Request resolves the information of the corresponding data obtained, the resource corresponding with the role in the authorization data that inquiry obtains and role Mate, the most legal to judge the resource access request of logged-in user.
In an embodiment of the present invention, the role that the authorization data acquired in application system is user that user currently logs in The information of the resource ID list corresponding with role.The application system that user currently logs in is accessed by the resource sent from user please The letter of the mark of URL (URL) that the data of asking middle parsing to obtain are corresponding and the application system that user currently logs in Breath, determines that user is asked the information of the mark (ID) of the data accessed, and user asks ID and the mandate of the data of access ID in the resource ID list that role in data is corresponding mates, and when determine the resource that the role in authorization data is corresponding When ID list exists the ID of the data determining that user is asked to be accessed, determine that the resource access request of user is legal;Otherwise, then Determine that the resource access request of user is illegal.
Step S311: corresponding data are returned to described user by corresponding application system.
In being embodied as, the application system that logged-in user currently logs in is legal in the resource access request determining user Time, corresponding data can be returned to described user.
Step S312: corresponding application system returns the unallowed information of resource access request to described user.
In being embodied as, the application system that user currently logs in when the resource access request determining user is illegal, The unallowed information of resource access request can be returned, so that user knows that corresponding resource is not had by oneself to user There are access rights, thus stop current resource and access behavior.
Above-mentioned method in the embodiment of the present invention is described in detail, below by the dress corresponding to above-mentioned method Put and be described further.
Fig. 4 shows the structure of a kind of DAA in the embodiment of the present invention.See Fig. 4, the embodiment of the present invention In a kind of DAA 400, the first judging unit 401, data capture unit the 402, second judging unit can be included 403 and data providing unit 404, wherein:
First judging unit 401, is suitable to when receiving the resource access request of user, it is judged that whether described user is Login user.
Data capture unit 402, is suitable to, when determining described user for logged-in user, obtain from corresponding authorization center The authorization data that described user is corresponding.
Second judging unit 403, is suitable to based on acquired authorization data, it is judged that whether described resource access request closes Method.
Data providing unit 404, is suitable to, when determining that described resource access request is legal, corresponding data be returned to institute State user.
In an embodiment of the present invention, described authorization data includes the information of the role of the user resource corresponding with role.
In an embodiment of the present invention, described data capture unit 402, be suitable to send corresponding awarding to authentication center Power data-query interfaces obtains request, asks so that described authentication center obtains based on described authorization data query interface Ask, determine the information of mandates system of correspondence, and based on determined by authorize system, determine corresponding authorization data query interface Information and send;Receive the information of the corresponding authorization data query interface that described authentication center sends, and pass through institute State the authorization data query interface of correspondence, obtain, from corresponding authorization center, the authorization data that described user is corresponding.
In an embodiment of the present invention, described authorization center includes concentrating in authorization center and more than one independent authorization The heart;Wherein, described concentration authorization center includes the authorization data using the application system of public mandate system;Described independent authorization Center includes the authorization data using the application system of independent authorization system.
In an embodiment of the present invention, described authorization data acquiring unit 402, be suitable to by cas system service end The corresponding common authentication query interface arranged, obtains, from corresponding concentration authorization center, the authorization data that described user is corresponding; From cas system service end, obtain the information of the independent authentication query interface of correspondence, and inquired about by acquired independent authentication Interface, obtains, from corresponding independent authentication centre, the authorization data that described user is corresponding.
Use the such scheme in the embodiment of the present invention, by increasing in the heart the mandate of correspondence in authentication for user Data, can obtain, when user accesses the resource of application system, the authorization data that user is corresponding, to determine that the resource of user is visited The request of asking is the most legal, by the authorization data different for different user setups, and can be to the application system that user accesses Resource is controlled, thus can improve the motility of the resources accessing control of application system, adapts to the right of different application systems The requirements for access of different user.
One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment is can Completing instructing relevant hardware by program, this program can be stored in computer-readable recording medium, and storage is situated between Matter may include that ROM, RAM, disk or CD etc..
Having been described in detail the method and system of the embodiment of the present invention above, the present invention is not limited to this.Any Skilled person, without departing from the spirit and scope of the present invention, all can make various changes or modifications, therefore the guarantor of the present invention The scope of protecting should be as the criterion with claim limited range.

Claims (10)

1. a data access method, it is characterised in that including:
When receiving the resource access request of user, it is judged that whether described user is logged-in user;
When determining described user for logged-in user, obtain, from corresponding authorization center, the authorization data that described user is corresponding;
Based on acquired authorization data, it is judged that described resource access request is the most legal;
When determining that described resource access request is legal, corresponding data are returned to described user.
Data access method the most according to claim 1, it is characterised in that described authorization data include user role and The information of the resource that role is corresponding.
Data access method the most according to claim 1, it is characterised in that described described from corresponding authorization center acquisition The authorization data that user is corresponding, including:
Send corresponding authorization data query interface to authentication center and obtain request, so that described authentication center base Obtain request in described authorization data query interface, determine the information of mandates system of correspondence, and based on determined by mandate body System, determines the information of the authorization data query interface of correspondence and sends;
Receive the information of the corresponding authorization data query interface that described authentication center sends, and awarding by described correspondence Power data-query interfaces, obtains, from corresponding authorization center, the authorization data that described user is corresponding.
Data access method the most according to claim 3, it is characterised in that described authorization center includes concentrating authorization center With more than one independent authentication centre;Wherein, described concentration authorization center includes the application system using public mandate system Authorization data;Described independent authentication centre includes the authorization data using the application system of independent authorization system.
Data access method the most according to claim 4, it is characterised in that the described authorization data by described correspondence is looked into Ask interface, obtain, from corresponding authorization center, the authorization data that described user is corresponding, including:
By the corresponding common authentication query interface arranged in cas system service end, obtain from corresponding concentration authorization center Take the authorization data that described user is corresponding;
The information of the independent authentication query interface of correspondence is obtained from cas system service end, and by acquired independent authentication Query interface, obtains, from corresponding independent authentication centre, the authorization data that described user is corresponding.
6. a DAA, it is characterised in that including:
First judging unit, is suitable to when receiving the resource access request of user, it is judged that whether described user is to have logged in use Family;
Data capture unit, is suitable to, when determining described user for logged-in user, obtain described use from corresponding authorization center The authorization data that family is corresponding;
Second judging unit, is suitable to based on acquired authorization data, it is judged that described resource access request is the most legal;
Data providing unit, is suitable to, when determining that described resource access request is legal, corresponding data be returned to described user.
DAA the most according to claim 6, it is characterised in that described authorization data include user role and The information of the resource that role is corresponding.
DAA the most according to claim 6, it is characterised in that described data capture unit, is suitable to identity Authentication center sends corresponding authorization data query interface and obtains request, so that described authentication center is based on described mandate Data-query interfaces obtains request, determines the information of mandates system of correspondence, and based on determined by mandate system, determine correspondence The information of authorization data query interface and send;The authorization data inquiry receiving the correspondence that described authentication center sends connects The information of mouth, and by the authorization data query interface of described correspondence, obtain described user from corresponding authorization center corresponding Authorization data.
DAA the most according to claim 8, it is characterised in that described authorization center includes concentrating authorization center With more than one independent authentication centre;Wherein, described concentration authorization center includes the application system using public mandate system Authorization data;Described independent authentication centre includes the authorization data using the application system of independent authorization system.
DAA the most according to claim 9, it is characterised in that described authorization data acquiring unit, is suitable to lead to Cross the corresponding common authentication query interface arranged in cas system service end, obtain from corresponding concentration authorization center described The authorization data that user is corresponding;From cas system service end, obtain the information of the independent authentication query interface of correspondence, and pass through institute The independent authentication query interface obtained, obtains, from corresponding independent authentication centre, the authorization data that described user is corresponding.
CN201610790320.0A 2016-08-30 2016-08-30 Data access method and device Expired - Fee Related CN106209913B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610790320.0A CN106209913B (en) 2016-08-30 2016-08-30 Data access method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610790320.0A CN106209913B (en) 2016-08-30 2016-08-30 Data access method and device

Publications (2)

Publication Number Publication Date
CN106209913A true CN106209913A (en) 2016-12-07
CN106209913B CN106209913B (en) 2019-07-23

Family

ID=58085815

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610790320.0A Expired - Fee Related CN106209913B (en) 2016-08-30 2016-08-30 Data access method and device

Country Status (1)

Country Link
CN (1) CN106209913B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018126381A1 (en) * 2017-01-05 2018-07-12 深圳市前海中康汇融信息技术有限公司 Database access control method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1547343A (en) * 2003-12-17 2004-11-17 上海市高级人民法院 A Single Sign On method based on digital certificate
US20070288634A1 (en) * 2006-06-12 2007-12-13 Fuji Xerox Co., Ltd. Computer readable recording medium storing control program, communication system and computer data signal embedded in carrier wave
CN102262751A (en) * 2010-05-31 2011-11-30 ***通信集团贵州有限公司 Method and system for acquiring service application based on SOA (service-oriented architecture)
CN103701801A (en) * 2013-12-26 2014-04-02 四川九洲电器集团有限责任公司 Resource access control method
CN105225072A (en) * 2015-11-05 2016-01-06 浪潮(北京)电子信息产业有限公司 A kind of access management method of multi-application system and system
CN105577665A (en) * 2015-12-24 2016-05-11 西安电子科技大学 Identity and access control and management system and method in cloud environment

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1547343A (en) * 2003-12-17 2004-11-17 上海市高级人民法院 A Single Sign On method based on digital certificate
US20070288634A1 (en) * 2006-06-12 2007-12-13 Fuji Xerox Co., Ltd. Computer readable recording medium storing control program, communication system and computer data signal embedded in carrier wave
CN101090319A (en) * 2006-06-12 2007-12-19 富士施乐株式会社 Computer readable recording medium storing control program, communication system and computer data signal embedded in carrier wave
CN102262751A (en) * 2010-05-31 2011-11-30 ***通信集团贵州有限公司 Method and system for acquiring service application based on SOA (service-oriented architecture)
CN103701801A (en) * 2013-12-26 2014-04-02 四川九洲电器集团有限责任公司 Resource access control method
CN105225072A (en) * 2015-11-05 2016-01-06 浪潮(北京)电子信息产业有限公司 A kind of access management method of multi-application system and system
CN105577665A (en) * 2015-12-24 2016-05-11 西安电子科技大学 Identity and access control and management system and method in cloud environment

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018126381A1 (en) * 2017-01-05 2018-07-12 深圳市前海中康汇融信息技术有限公司 Database access control method

Also Published As

Publication number Publication date
CN106209913B (en) 2019-07-23

Similar Documents

Publication Publication Date Title
US8584219B1 (en) Risk adjusted, multifactor authentication
EP2913777B1 (en) Methods of authenticating users to a site
US9021570B2 (en) System, control method therefor, service providing apparatus, relay apparatus and computer-readable medium
US7930264B2 (en) Multi-module authentication platform
US20170170963A1 (en) Step-up authentication for single sign-on
CN106302308B (en) Trust login method and device
US8938789B2 (en) Information processing system, method for controlling information processing system, and storage medium
CN110381031A (en) Single-point logging method, device, equipment and computer readable storage medium
CN107172054A (en) A kind of purview certification method based on CAS, apparatus and system
US9787678B2 (en) Multifactor authentication for mail server access
CN107896226B (en) Network identity authentication system based on iris recognition
CN107484152B (en) Management method and device for terminal application
CN106453396A (en) Double token account login method and login verification device
CN105337974A (en) Account authorization method, account login method, account authorization device and client end
CN112800411A (en) Multi-protocol and multi-mode supporting safe and reliable identity authentication method and device
CN106161475A (en) The implementation method of subscription authentication and device
CN109388937A (en) A kind of single-point logging method and login system of multiple-factor authentication
CN106713315A (en) Login method and device for plug-in application
US11816231B2 (en) Using machine-learning models to determine graduated levels of access to secured data for remote devices
CN111010375A (en) Distributed authentication and authorization method for allowing third-party application to access resources
CN110113346A (en) A kind of network verification method, user terminal and server
US20190222582A1 (en) Decentralized method of tracking user login status
CN106209913A (en) Data access method and device
CN105656856A (en) Resource management method and device
US9565183B2 (en) Location and device based student access control

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20190723

Termination date: 20210830