CN106209913B - Data access method and device - Google Patents

Data access method and device Download PDF

Info

Publication number
CN106209913B
CN106209913B CN201610790320.0A CN201610790320A CN106209913B CN 106209913 B CN106209913 B CN 106209913B CN 201610790320 A CN201610790320 A CN 201610790320A CN 106209913 B CN106209913 B CN 106209913B
Authority
CN
China
Prior art keywords
authorization
user
data
authentication
center
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201610790320.0A
Other languages
Chinese (zh)
Other versions
CN106209913A (en
Inventor
夏金龙
朱金华
顾庆荣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
JIANGSU TIANLIAN INFORMATION TECHNOLOGY DEVELOPMENT Co Ltd
Original Assignee
JIANGSU TIANLIAN INFORMATION TECHNOLOGY DEVELOPMENT Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by JIANGSU TIANLIAN INFORMATION TECHNOLOGY DEVELOPMENT Co Ltd filed Critical JIANGSU TIANLIAN INFORMATION TECHNOLOGY DEVELOPMENT Co Ltd
Priority to CN201610790320.0A priority Critical patent/CN106209913B/en
Publication of CN106209913A publication Critical patent/CN106209913A/en
Application granted granted Critical
Publication of CN106209913B publication Critical patent/CN106209913B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Telephonic Communication Services (AREA)

Abstract

Data access method and device, which comprises when receiving the resource access request of user, judge whether the user is logged-in user;When determining the user is logged-in user, the corresponding authorization data of the user is obtained from corresponding authorization center;Based on acquired authorization data, judge whether the resource access request is legal;When determining that the resource access request is legal, corresponding data are returned into the user.Above-mentioned scheme can improve the flexibility of the resources accessing control of application system in single-sign-on.

Description

Data access method and device
Technical field
The present invention relates to information technology fields, more particularly to a kind of data access method and device.
Background technique
Single-sign-on (Single Sign On, SSO) be popular business event integration at present solution it One, the current log-on message of user can be mapped in other application system, so that user only needs to log in once Access multiple application systems of all mutual trusts.
Unified authentication center is one of premise of single-sign-on.Authentication center is stepped on by input user Record information and user information database are compared, and carry out login authentication to user.When to user authentication success, authentication center It generates unified authentication marks (ticket) and returns to user.The application system of mutual trust is by extracting and identifying certification mark Will information, can judge automatically whether active user had logged on, to complete the function of single-sign-on.
But existing single-point logging method, it there is flexibility difference in terms of resources accessing control.
Summary of the invention
The embodiment of the present invention solves the problems, such as it is that the resources accessing control of application system how is improved in single-sign-on Flexibility.
To solve the above problems, the embodiment of the invention provides a kind of data access methods, comprising: when receiving user's When resource access request, judge whether the user is logged-in user;When determining the user is logged-in user, from right The authorization center answered obtains the corresponding authorization data of the user;Based on acquired authorization data, the resource access is judged Whether request legal;When determining that the resource access request is legal, corresponding data are returned into the user.
Optionally, the authorization data includes the role of user and the information of the corresponding resource of role.
Optionally, described to obtain the corresponding authorization data of the user from corresponding authorization center, comprising: to authentication Center sends corresponding authorization data query interface acquisition request, so that the authentication center is based on the authorization data Query interface acquisition request determines the information of corresponding authorization system, and based on identified authorization system, determines corresponding award Weigh the information of data-query interfaces and transmission;Receive the corresponding authorization data query interface that the authentication center is sent Information, and by the corresponding authorization data query interface, the corresponding authorization of the user is obtained from corresponding authorization center Data.
Optionally, the authorization center includes concentrating authorization center and more than one independent authentication centre;Wherein, described Concentrating authorization center includes the authorization data using the application system of public authorization system;The independent authentication centre includes using The authorization data of the application system of independent authorization system.
Optionally, described by the corresponding authorization data query interface, the use is obtained from corresponding authorization center The corresponding authorization data in family, comprising: by the corresponding common authentication query interface being arranged in cas system server-side, from right The concentration authorization center answered obtains the corresponding authorization data of the user;It obtains and corresponding independently recognizes from cas system server-side The information of query interface is demonstrate,proved, and by acquired independent authentication query interface, described in the acquisition of corresponding independent authentication centre The corresponding authorization data of user.
The embodiment of the invention also provides a kind of data access devices, comprising: the first judging unit receives use suitable for working as When the resource access request at family, judge whether the user is logged-in user;Data capture unit is suitable for when the determining use When family is logged-in user, the corresponding authorization data of the user is obtained from corresponding authorization center;Second judgment unit is suitable for Based on acquired authorization data, judge whether the resource access request is legal;Data providing unit, suitable for it ought determine described in When resource access request is legal, corresponding data are returned into the user.
Optionally, the authorization data includes the role of user and the information of the corresponding resource of role.
Optionally, the data capture unit is suitable for sending corresponding authorization data query interface to authentication center Acquisition request determines corresponding award so that the authentication center is based on the authorization data query interface acquisition request The information of power system, and based on identified authorization system, determine the information of corresponding authorization data query interface and transmission;It connects The information for the corresponding authorization data query interface that the authentication center is sent is received, and passes through the corresponding authorization data Query interface obtains the corresponding authorization data of the user from corresponding authorization center.
Optionally, the authorization center includes concentrating authorization center and more than one independent authentication centre;Wherein, described Concentrating authorization center includes the authorization data using the application system of public authorization system;The independent authentication centre includes using The authorization data of the application system of independent authorization system.
Optionally, the authorization data acquiring unit, suitable for corresponding public by what is be arranged in cas system server-side Authentication challenge interface obtains the corresponding authorization data of the user from corresponding concentration authorization center;From cas system server-side The information of corresponding independent authentication query interface is obtained, and by acquired independent authentication query interface, from corresponding independence Authorization center obtains the corresponding authorization data of the user.
Compared with prior art, technical solution of the present invention has the advantage that
Above-mentioned scheme can be visited by being that user increases corresponding authorization data in authentication center in user When asking the resource of application system, it is corresponding to obtain user for the authorization system of the application system where the resource of user's access Authorization data, whether the resource access request to determine user is legal, by the authorization data different for different user settings, The resource for the application system that can be accessed user controls, thus the spirit of the resources accessing control of application system can be improved Activity adapts to the requirements for access to different user of different application systems.
Detailed description of the invention
Fig. 1 is the flow chart of one of embodiment of the present invention data access method;
Fig. 2 is the structural schematic diagram of one of embodiment of the present invention authentication authoring system;
Fig. 3 is the authentication authoring system in the embodiment of the present invention and the interaction flow schematic diagram between user;
Fig. 4 is the body structure schematic diagram of one of embodiment of the present invention data access device.
Specific embodiment
To solve the above-mentioned problems in the prior art, technical solution used in the embodiment of the present invention in identity by recognizing Increase corresponding authorization data in card center for user, can be accessed when user accesses the resource of application system according to user Resource where application system authorization system, the corresponding authorization data of user is obtained, to determine that the resource access of user is asked Seeking Truth is no legal, by the authorization data different for different user settings, the resource for the application system that user can be accessed Controlled, thus the flexibility of the resources accessing control of application system can be improved, adapt to different application systems to difference The requirements for access of user.
To make the above purposes, features and advantages of the invention more obvious and understandable, with reference to the accompanying drawing to the present invention Specific embodiment be described in detail.
Fig. 1 shows the flow chart of one of embodiment of the present invention data access method.Referring to Fig. 1, the present invention is implemented Data access method in example may include following step:
Step S101: when receiving the resource access request of user, judge whether the user is logged-in user;When When judging result is no, step S102 can be executed;Conversely, can then execute step S103.
In specific implementation, the information that can be identified by extracting and identifying corresponding certification, judges whether user is Login user.
Step S102: jumping to authentication login interface, and the user is guided to re-start login.
In specific implementation, when determining that the corresponding certification mark of user is not present or is incorrect, the user is determined Not complete authentication.At this point it is possible to which transcription interface is stepped in the authentication for skipping to authentication center, guidance user is again defeated Enter authentication information, so that authentication center carries out authentication to user.
Step S103: the corresponding authorization data of the user is obtained from corresponding authorization center.
In specific implementation, authorization system used by application system can be configured according to the actual needs.At this It invents in an embodiment, application system can be using concentration authorization system and independent authorization system.Wherein, body is authorized using concentration The corresponding authorization data of the application system of system is stored in concentration authorization center, using the authorization of the application system of independent authorization system Data are stored in corresponding independent authentication centre.The application system that user currently logs in is obtaining the corresponding authorization data of user When, it can be authorized system different according to used by application system, obtain the corresponding authorization number of user from corresponding authorization center According to.
Step S104: based on acquired authorization data, judge whether the resource access request of the user is legal;When sentencing Disconnected result is that when being, can execute step S105;Conversely, can then execute step S106.
In specific implementation, based on acquired authorization data, can determine whether is resource access request that user sends Legal, i.e., whether user has corresponding access authority to the data requested access to.
Step S105: corresponding data are returned into the user.
It in specific implementation, can be with when determining that user is legal to the resource access request of the application system currently logged in Corresponding data are returned into user, so that user is available to arrive corresponding data.
S106: Xiang Suoshu user of step returns to the prompt information that resource access request does not allow.
In specific implementation, when the resource access request for determining user is illegal, show user to being requested access to Data do not have corresponding access authority.At this point it is possible to the prompt information that resource access request does not allow is returned to user, so that It obtains user and knows that oneself does not have access authority to corresponding resource, to stop current resource access behavior.
The data access method in the embodiment of the present invention is described in detail below in conjunction with Fig. 2 and Fig. 3.
In order to make it easy to understand, the authentication authoring system in the embodiment of the present invention will be introduced first below.
Referring to fig. 2, one of embodiment of the present invention authentication authoring system may include: authentication authorization center 21 and multiple application systems, i.e. 1~application system of application system M.Authentication authorization center 21 includes authentication center 211 With authorization center 212, authorization center 212 includes a concentration authorization center 2121 and multiple independent authentication centres 2122, i.e., solely Vertical 1~independent authentication centre of authorization center N.
Wherein, authorization center 2121 is concentrated to be used to store the authorization number of the user using the application system for concentrating authorization system According to;Multiple independent authentication centres 2122 are respectively used to store the user couple of the corresponding application system using independent authorization system The authorization data answered.
The working principle of the authentication authoring system described in Fig. 2 is described in detail below.
Referring to Fig. 3, user may include following step when accessing the data in application system:
Step S301: authentication center receives the authentication information of user's input.
In specific implementation, authentication center can provide a user corresponding authentication login interface, Yong Hutong Authentication login interface is crossed to fill in and submit authentication information.
Step S302: the authentication information that authentication center inputs user authenticates;When the authentication fails, may be used To execute step S303, until the authentication success to user;Conversely, can then execute step S304.
In specific implementation, in the authentication information and the authentication database of itself that authentication center inputs user Authentication information be compared, to determine whether there is the authentication information to match, may thereby determine that user Authentication success or not.
Step S303: authentication center jumps to authentication login interface, and guidance user re-starts login.
In specific implementation, authentication center is in determining the authentication information and authentication database that user submits When authentication information mismatches, fail to the authentication of user.
At this point, authentication center can jump to authentication login interface again, so that user re-enters body Part authentication information, re-starts certification to the authentication information of user with the authentication information re-entered based on user.
Step S304: authentication center sends the corresponding successful prompt information of certification to user.
It in specific implementation, can be to the success of user's return authentication when authentication center is to user identity authentication success Prompt information so that user can continue subsequent operation.
Step S305: user sends corresponding resource access request.
In specific implementation, when receiving the successful prompt information of corresponding certification, user can be according to actual need It wants, accesses to the resource in the application system of mutual trust.
Step S306: corresponding application system judges whether the user is logged-in user;When the judgment result is yes, Step S307 can be executed;Conversely, can then execute step S303.
In specific implementation, authentication center is raw for user in the authentication to the user and when authenticating successfully At corresponding authentication marks, and it is associated with user.The application system of mutual trust can be by extracting and identifying recognizing for user Card mark, judges whether user is logged-in user.
In specific implementation, when authentication success of the authentication center to user, user becomes with login user. Logged-in user can be according to the actual needs by sending resource access request to multiple application systems of mutual trust, to obtain Take corresponding data.Corresponding application system can access the resource of user in the resource access request for receiving user Request is intercepted, and the certification mark by extracting and identifying user, determines whether the user is logged-in user.
Step S307: corresponding application system sends corresponding authorization data query interface acquisition to authentication center and asks It asks.
In specific implementation, corresponding application system is determining that the user for sending resource access request is logged-in user When, corresponding authorization data query interface acquisition request can be sent to authentication center, to pass through the authorization data obtained Query interface is inquired to obtain the corresponding authorization data of logged-in user from corresponding authorization center.
Step S308: the information of corresponding authorization data query interface is sent to corresponding application system by authentication center System.
In specific implementation, authentication center is asked in the authorization data query interface acquisition for receiving application system transmission When asking, can first from the information that corresponding application system identifies is obtained in received authorization data acquisition request, and be based on The information of authorization system used by the application system that the accessed determining user of application system mark currently logs in, and according to The information of authorization system used by the application system that user currently logs in sends out the information of corresponding authorization data query interface It send to application system.
In an embodiment of the present invention, authorization center includes a concentration authorization center and multiple independent authentication centres, collection Different query interfaces can be set in middle authorization center and independent authentication centre.Correspondingly, application system is different in inquiry Authorization center in authorization data when, need to obtain corresponding authorization data by different authentication challenge interface polls.
In an embodiment of the present invention, authentication center is condition visitation system (CAS).In cas system server-side It is provided with common authentication query interface and multiple independent authentication query interfaces.Wherein, common authentication query interface is used for query set Authorization data in middle authorization center, multiple independent authentication query interfaces are respectively used to inquire in corresponding independent authentication centre Authorization data.
Authentication center authorizes body in the authorization system used by the application system that user currently logs in that determines to concentrate When being, the information for the common authentication query interface being arranged in cas system server-side can be sent to corresponding application system;? It is only by what is be arranged in cas system server-side when determining that authorization system used by corresponding application system is independent authorization system The information of vertical authentication challenge interface is sent to corresponding application system.
Step S309: corresponding application system inquires the logged-in user pair by corresponding authorization data query interface The authorization data answered.
In specific implementation, the application system that user currently logs in is in the authorization data for getting the transmission of authentication center The information of query interface, the user that transmission resource access request can be obtained by corresponding authorization data query interface are corresponding Authorization data.
In an embodiment of the present invention, the authorization system that the application system that user currently logs in uses is public authorization system When, money can be sent from concentrating authorization center to inquire to obtain by the common authentication query interface being arranged in cas system server-side The information of the corresponding authorization data of the user of source access request;Authorization system used by the application system that user currently logs in is When independent authorization system, can by the corresponding independent authentication query interface that is arranged in cas system server-side, from it is corresponding solely Vertical authorization center obtains the information for sending the corresponding authorization data of user of resource access request.
Step S310: corresponding application system judges that the resource access of the user is asked based on acquired authorization data Seeking Truth is no legal;When the judgment result is yes, step S311 can be executed;Conversely, can then execute step S312.
In specific implementation, the application system that user currently logs in, can when inquiry obtains corresponding authorization data Know the information of the corresponding role of logged-in user and the corresponding resource of role, and the resource sent from logged-in user is accessed The information of the corresponding data parsed in request, resource corresponding with the role inquired in obtained authorization data and role It is matched, whether the resource access request to judge logged-in user is legal.
In an embodiment of the present invention, authorization data acquired in the application system that user currently logs in is the role of user The information of resource ID list corresponding with role.The application system that user currently logs in is asked by the resource access sent from user The mark for the application system that the corresponding uniform resource locator of data (URL) and user for asking middle parsing to obtain currently log in Information, determines the information of the mark (ID) for the data that user is requested access to, and by the ID for the data that user requests access to award ID of the flexible strategy in the corresponding resource ID list of role in is matched, and when the corresponding money of role in determining authorization data When there is the ID for the data for determining that user is requested access in the ID list of source, determine that the resource access request of user is legal;Conversely, Then determine that the resource access request of user is illegal.
Step S311: corresponding data are returned to the user by corresponding application system.
In specific implementation, the application system that logged-in user currently logs in is legal in the resource access request for determining user When, corresponding data can be returned into the user.
Step S312: corresponding application system returns to the prompt information that resource access request does not allow to the user.
In specific implementation, the application system that user currently logs in when the resource access request for determining user is illegal, The prompt information that resource access request does not allow can be returned to user, so that user knows that oneself does not have corresponding resource There is access authority, to stop current resource access behavior.
The above-mentioned method in the embodiment of the present invention is described in detail, below will be to the above-mentioned corresponding dress of method It sets and is described further.
Fig. 4 shows the structure of one of embodiment of the present invention data access device.Referring to fig. 4, the embodiment of the present invention One of data access device 400, may include the first judging unit 401, data capture unit 402, second judgment unit 403 and data providing unit 404, in which:
First judging unit 401, suitable for when receiving the resource access request of user, judging whether the user is Login user.
Data capture unit 402, suitable for being obtained from corresponding authorization center when determining the user is logged-in user The corresponding authorization data of the user.
Second judgment unit 403, suitable for judging whether the resource access request closes based on acquired authorization data Method.
Data providing unit 404, suitable for when determining that the resource access request is legal, corresponding data are returned to institute State user.
In an embodiment of the present invention, the authorization data includes the role of user and the information of the corresponding resource of role.
In an embodiment of the present invention, the data capture unit 402, suitable for sending corresponding award to authentication center Data-query interfaces acquisition request is weighed, is asked so that the authentication center is based on authorization data query interface acquisition It asks, determines the information of corresponding authorization system, and based on identified authorization system, determine corresponding authorization data query interface Information and transmission;The information for the corresponding authorization data query interface that the authentication center is sent is received, and passes through institute Corresponding authorization data query interface is stated, obtains the corresponding authorization data of the user from corresponding authorization center.
In an embodiment of the present invention, the authorization center includes concentrating in authorization center and more than one independent authorization The heart;Wherein, the concentration authorization center includes the authorization data using the application system of public authorization system;The independent authorization Center includes the authorization data using the application system of independent authorization system.
In an embodiment of the present invention, the authorization data acquiring unit 402 is suitable for by cas system server-side The corresponding common authentication query interface being arranged obtains the corresponding authorization data of the user from corresponding concentration authorization center; The information of corresponding independent authentication query interface is obtained from cas system server-side, and is inquired by acquired independent authentication Interface obtains the corresponding authorization data of the user from corresponding independent authentication centre.
Using the above scheme in the embodiment of the present invention, by being that user increases corresponding authorization in authentication center Data can obtain the corresponding authorization data of user when user accesses the resource of application system, to determine that the resource of user is visited Ask whether request is legal, it, can be to the application system that user accesses by the authorization data different for different user settings Resource is controlled, thus the flexibility of the resources accessing control of application system can be improved, and adapts to pair of different application systems The requirements for access of different user.
Those of ordinary skill in the art will appreciate that all or part of the steps in the various methods of above-described embodiment is can It is completed with instructing relevant hardware by program, which can store in computer readable storage medium, and storage is situated between Matter may include: ROM, RAM, disk or CD etc..
The method and system of the embodiment of the present invention are had been described in detail above, the present invention is not limited thereto.Any Field technical staff can make various changes or modifications without departing from the spirit and scope of the present invention, therefore guarantor of the invention Shield range should be defined by the scope defined by the claims..

Claims (10)

1. a kind of data access method characterized by comprising
Authorization center, which has, concentrates authorization center and multiple independent authentication centres;
Authentication center uses cas system, and cas system server-side has common authentication query interface,
Cas system server-side also has multiple independent authentication query interfaces, and independent authentication query interface can be inquired corresponding only Data in vertical authorization center;
When receiving the resource access request of user, corresponding application system judges whether the user is logged-in user;
When determining the user is logged-in user, corresponding application system sends corresponding authorization number to authentication center According to query interface acquisition request;
Corresponding application system inquires the corresponding authorization data of the logged-in user by corresponding authorization data query interface, The corresponding authorization data of the user is obtained from corresponding authorization center;
Based on acquired authorization data, judge whether the resource access request is legal;
When determining that the resource access request is legal, corresponding data are returned into the user.
2. data access method according to claim 1, which is characterized in that the authorization data include user role and The information of the corresponding resource of role.
3. data access method according to claim 1, which is characterized in that described from described in the acquisition of corresponding authorization center The corresponding authorization data of user, comprising:
Corresponding authorization data query interface acquisition request is sent to authentication center, so that authentication center base In the authorization data query interface acquisition request, the information of corresponding authorization system is determined, and based on identified authorization body System, determines the information of corresponding authorization data query interface and transmission;
It receives the information for the corresponding authorization data query interface that the authentication center is sent, and corresponding is awarded by described Data-query interfaces are weighed, obtain the corresponding authorization data of the user from corresponding authorization center.
4. data access method according to claim 3, which is characterized in that the concentration authorization center includes using public The authorization data of the application system of authorization system;The independent authentication centre includes the application system using independent authorization system Authorization data.
5. data access method according to claim 4, which is characterized in that described to be looked by the corresponding authorization data Interface is ask, obtains the corresponding authorization data of the user from corresponding authorization center, comprising:
By the corresponding common authentication query interface being arranged in cas system server-side, obtained from corresponding concentration authorization center Take the corresponding authorization data of the user;
The information of corresponding independent authentication query interface is obtained from cas system server-side, and passes through acquired independent authentication Query interface obtains the corresponding authorization data of the user from corresponding independent authentication centre.
6. a kind of data access device characterized by comprising
Authorization center, which has, concentrates authorization center and multiple independent authentication centres;
Authentication center uses cas system, and cas system server-side has common authentication query interface,
Cas system server-side also has multiple independent authentication query interfaces, and independent authentication query interface can be inquired corresponding only Data in vertical authorization center;
First judging unit, suitable for when receiving the resource access request of user, corresponding application system judges the user It whether is logged-in user;
Data capture unit, suitable for when determining the user is logged-in user, corresponding application system is into authentication The heart sends corresponding authorization data query interface acquisition request, and corresponding application system passes through corresponding authorization data query interface The corresponding authorization data of the logged-in user is inquired, obtains the corresponding authorization data of the user from corresponding authorization center;
Second judgment unit, suitable for judging whether the resource access request is legal based on acquired authorization data;
Data providing unit, suitable for when determining that the resource access request is legal, corresponding data are returned to the user.
7. data access device according to claim 6, which is characterized in that the authorization data include user role and The information of the corresponding resource of role.
8. data access device according to claim 6, which is characterized in that the data capture unit is suitable for identity Authentication center sends corresponding authorization data query interface acquisition request, so that the authentication center is based on the authorization Data-query interfaces acquisition request determines the information of corresponding authorization system, and based on identified authorization system, determines and correspond to Authorization data query interface information and transmission;The corresponding authorization data inquiry that the authentication center is sent is received to connect The information of mouth, and by the corresponding authorization data query interface, it is corresponding that the user is obtained from corresponding authorization center Authorization data.
9. data access device according to claim 8, which is characterized in that the concentration authorization center includes using public The authorization data of the application system of authorization system;The independent authentication centre includes the application system using independent authorization system Authorization data.
10. data access device according to claim 9, which is characterized in that the authorization data acquiring unit is suitable for logical The corresponding common authentication query interface being arranged in cas system server-side is crossed, described in the acquisition of corresponding concentration authorization center The corresponding authorization data of user;The information of corresponding independent authentication query interface is obtained from cas system server-side, and passes through institute The independent authentication query interface of acquisition obtains the corresponding authorization data of the user from corresponding independent authentication centre.
CN201610790320.0A 2016-08-30 2016-08-30 Data access method and device Expired - Fee Related CN106209913B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610790320.0A CN106209913B (en) 2016-08-30 2016-08-30 Data access method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610790320.0A CN106209913B (en) 2016-08-30 2016-08-30 Data access method and device

Publications (2)

Publication Number Publication Date
CN106209913A CN106209913A (en) 2016-12-07
CN106209913B true CN106209913B (en) 2019-07-23

Family

ID=58085815

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610790320.0A Expired - Fee Related CN106209913B (en) 2016-08-30 2016-08-30 Data access method and device

Country Status (1)

Country Link
CN (1) CN106209913B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018126381A1 (en) * 2017-01-05 2018-07-12 深圳市前海中康汇融信息技术有限公司 Database access control method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1547343A (en) * 2003-12-17 2004-11-17 上海市高级人民法院 A Single Sign On method based on digital certificate
CN101090319A (en) * 2006-06-12 2007-12-19 富士施乐株式会社 Computer readable recording medium storing control program, communication system and computer data signal embedded in carrier wave
CN102262751A (en) * 2010-05-31 2011-11-30 ***通信集团贵州有限公司 Method and system for acquiring service application based on SOA (service-oriented architecture)
CN103701801A (en) * 2013-12-26 2014-04-02 四川九洲电器集团有限责任公司 Resource access control method
CN105225072A (en) * 2015-11-05 2016-01-06 浪潮(北京)电子信息产业有限公司 A kind of access management method of multi-application system and system
CN105577665A (en) * 2015-12-24 2016-05-11 西安电子科技大学 Identity and access control and management system and method in cloud environment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1547343A (en) * 2003-12-17 2004-11-17 上海市高级人民法院 A Single Sign On method based on digital certificate
CN101090319A (en) * 2006-06-12 2007-12-19 富士施乐株式会社 Computer readable recording medium storing control program, communication system and computer data signal embedded in carrier wave
CN102262751A (en) * 2010-05-31 2011-11-30 ***通信集团贵州有限公司 Method and system for acquiring service application based on SOA (service-oriented architecture)
CN103701801A (en) * 2013-12-26 2014-04-02 四川九洲电器集团有限责任公司 Resource access control method
CN105225072A (en) * 2015-11-05 2016-01-06 浪潮(北京)电子信息产业有限公司 A kind of access management method of multi-application system and system
CN105577665A (en) * 2015-12-24 2016-05-11 西安电子科技大学 Identity and access control and management system and method in cloud environment

Also Published As

Publication number Publication date
CN106209913A (en) 2016-12-07

Similar Documents

Publication Publication Date Title
WO2021003751A1 (en) Single-account multi-identity login method and apparatus, server, and storage medium
CN108243183B (en) Integrated control method and system for portal system and computer equipment
US9021570B2 (en) System, control method therefor, service providing apparatus, relay apparatus and computer-readable medium
US10887313B2 (en) Systems and methods for controlling sign-on to web applications
JP6006533B2 (en) Authorization server and client device, server linkage system, and token management method
US20090292927A1 (en) Methods and systems for single sign on with dynamic authentication levels
CN105763514B (en) A kind of method, apparatus and system of processing authorization
US8938789B2 (en) Information processing system, method for controlling information processing system, and storage medium
CN106302308B (en) Trust login method and device
CN111510461B (en) System and method for managing WEB application centralized release authority
CN106453396A (en) Double token account login method and login verification device
CN105337974A (en) Account authorization method, account login method, account authorization device and client end
CN109388937A (en) A kind of single-point logging method and login system of multiple-factor authentication
CN106161475A (en) The implementation method of subscription authentication and device
CN111010375A (en) Distributed authentication and authorization method for allowing third-party application to access resources
CN106209913B (en) Data access method and device
KR20020083481A (en) System for Authenticating Registered User of Cooperation Sites and Method therefor
US11075922B2 (en) Decentralized method of tracking user login status
CN110113346A (en) A kind of network verification method, user terminal and server
CN105656856A (en) Resource management method and device
JP2005267529A (en) Login authentication method, login authentication system, authentication program, communication program, and storage medium
CN107911379B (en) CAS server
CN116170234A (en) Single sign-on method and system based on virtual account authentication
CN108924132A (en) A kind of public platform login method, system, equipment and computer readable storage medium
JP2005346571A (en) Authentication system and authentication method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20190723

Termination date: 20210830

CF01 Termination of patent right due to non-payment of annual fee