CN106302490A - Token-based Web session construction and service calling method - Google Patents
Token-based Web session construction and service calling method Download PDFInfo
- Publication number
- CN106302490A CN106302490A CN201610705994.6A CN201610705994A CN106302490A CN 106302490 A CN106302490 A CN 106302490A CN 201610705994 A CN201610705994 A CN 201610705994A CN 106302490 A CN106302490 A CN 106302490A
- Authority
- CN
- China
- Prior art keywords
- token
- information
- token information
- client
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 18
- 238000010276 construction Methods 0.000 title abstract description 4
- 235000014510 cooky Nutrition 0.000 claims abstract description 22
- 230000002688 persistence Effects 0.000 claims description 3
- 238000012423 maintenance Methods 0.000 abstract description 6
- 230000002085 persistent effect Effects 0.000 abstract 1
- 238000005516 engineering process Methods 0.000 description 4
- 230000007423 decrease Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000002372 labelling Methods 0.000 description 1
- 230000000877 morphologic effect Effects 0.000 description 1
- 238000004321 preservation Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/547—Remote procedure calls [RPC]; Web services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a method for Web session construction and service calling based on Token, belonging to the field of Web application, and aiming at solving the technical problems that one set of application and two sets of authentication logic are adopted in the existing Web session construction and service calling, so that the development and later maintenance workload is large, and the adopted technical scheme is as follows: the method comprises the following steps: (1) the client sends account and password information through an HTTP POST request, and the account and password information are packaged in a Body of the POST request; (2) if the account number and the password information are valid, the server generates Token information, and each Token information has a unique identifier, namely Token ID; meanwhile, the Token information is stored in a data table in a persistent mode; (3) and writing the Token information into the Cookie of the client, returning the Cookie to the client through the Body responding to the Cookie, and simultaneously writing the Token information into the thread variable.
Description
Technical field
The present invention relates to web application, a kind of Web session structure based on Token and service call
Method.
Background technology
Token is the meaning of token (temporarily) in computer identity certification, is the meaning of labelling in morphological analysis.
Existing Web application, mostly uses primary session session to maintain recognizing alternately of client and server
After card, i.e. login authentication success, authentication information is put into session session, for subsequent request, directly check session meeting
Whether words exist authentication information.
Along with the development of Internet technology, numerous web application is no longer traditional closed application, between each Web application
Needs interconnect, and this just requires that Web application needs open portion Rest API for other application call, the tune of Rest API
With, the most employing Token mechanism, rough flow is: exchange Token for by effective account number cipher, successfully obtains Token
After, Rest API can be called by this Token, so will cause a set of application, there is two set authentication logics, internal use
Session session, the outside Token that uses, increase the workload of exploitation and later maintenance undoubtedly.
Summary of the invention
The technical assignment of the present invention is to provide a kind of Web session structure based on Token and service calling method, solves
A set of application in existing Web session structure and service call, two set authentication logics, cause exploitation and later maintenance workload
Big problem.
The technical assignment of the present invention realizes in the following manner, and a kind of Web session based on Token builds and service is adjusted
By method, the method comprises the steps:
(1), client sends account by HTTP POST request and encrypted message, account and encrypted message are encapsulated in POST and ask
In the Body body asked;
(2) if account and encrypted message are effective, then service end generates Token information, and each Token information has a unique mark
Knowledge i.e. Token ID;Token information persistence is saved in tables of data simultaneously;
(3), by Token information write client Cookie, and return to client by the Body body of response, will simultaneously
Token information-write-wire journey variable;
(4), for Web application internal request, when client browser sends request, Web application internal request can pass through client
End Cookie carries Token information automatically;
(5), calling for external service, third-party application parses Token information from the Body body of response, then by being somebody's turn to do
Token information calls Rest service;
(6), Web application place filter foremost, be responsible for intercept all requests, after intercepting each request, first attempt from please
Seek lookup Token information in client Cookie carried, and judge whether to find Token information:
If 1. finding Token information from client Cookie, performing step (7);
If 2. searching from client Cookie less than Token information, then further attempt to search from the Header of request,
If still search less than, then it represents that authentication information is not carried in this request;
(7), find Token information after, verify the effectiveness of this Token information the most further, if Token information is effective,
Then obtain the account information of Token association, and put into thread variable, then continue to transmit to the back-end by this request;
(8), asking to arrive System Back-end, rear end program then directly can obtain authentication information from thread variable, and performs relevant
Business operation.
As preferably, in described step (2), Token information uses 32 UUID as Token ID.
As preferably, the Token information preserved in described step (2) includes that Token ID, Token create time, Token
Expired time, Token current state and the account information of Token association.
As preferably, after in described step (6), Web application receives client browser requests, first from client
In Cookie obtain Token information, if obtain less than, then from request Header obtain.
The Web session structure based on Token of the present invention and service calling method have the advantage that
1, the present invention realizes the structure of self-defined session and calling of Rest API simultaneously, it is not necessary to exploitation simultaneously safeguards that two sets are recognized
Card logic, can effectively reduce the workload of exploitation and later maintenance;For web application and development aspect, developer has only to exploitation
A set of authentication logic, decreases development amount;For later maintenance aspect, also have only to safeguard a set of authentication logic, reduce
Later maintenance workload;
2, the Web application of the present invention has only to develop a set of authentication logic based on Token, can support the inside that web applies
Request and external service are called;
3, the client of the present invention sends POST request, obtains Token information by effective account and password, and service end generates
After Token information, Token information can be write if client is browser by Token information response to client the most simultaneously
Enter in client browser Cookie, convenient and swift, easy to use;Wherein, Token information uses 32 UUID as Token
The effect duration of ID, Token information is 2 hours, and Token information also has state simultaneously, creates time, out-of-service time, associated account number
Deng attribute information.
The present invention has the features such as reasonable in design, simple in construction, easy to use, one-object-many-purposes, thus, have and well push away
Wide use value.
Accompanying drawing explanation
The present invention is further described below in conjunction with the accompanying drawings.
Accompanying drawing 1 is Web session structure based on Token and the FB(flow block) of service calling method.
Detailed description of the invention
With reference to Figure of description and specific embodiment to the Web session structure based on Token of the present invention and service call
Method is described in detail below.
Embodiment:
As shown in Figure 1, the Web session structure based on Token of the present invention and service calling method, the method includes walking as follows
Rapid:
(1), client sends account by HTTP POST request and encrypted message, account and encrypted message are encapsulated in POST and ask
In the Body body asked;
(2) if account and encrypted message are effective, then service end generates Token information, and each Token information has a unique mark
Knowledge i.e. Token ID;Token information persistence is saved in tables of data simultaneously;Token information uses 32 UUID conducts
Token ID;
Wherein, the Token information of preservation includes that Token ID, Token create time, Token expired time, the current shape of Token
State and the account information of Token association;
(3), by Token information write client Cookie, and return to client by the Body body of response, will simultaneously
Token information-write-wire journey variable;
(4), for Web application internal request, when client browser sends request, Web application internal request can pass through client
End Cookie carries Token information automatically;
(5), calling for external service, third-party application parses Token information from the Body body of response, then by being somebody's turn to do
Token information calls Rest service;
(6), Web application place filter foremost, be responsible for intercept all requests, after intercepting each request, first attempt from please
Seek lookup Token information in client Cookie carried, and judge whether to find Token information:
If 1. finding Token information from client Cookie, performing step (7);
If 2. searching from client Cookie less than Token information, then further attempt to search from the Header of request,
If still search less than, then it represents that authentication information is not carried in this request;
Wherein, after Web application receives client browser requests, from client Cookie, first obtain Token information, if obtaining
Take less than, then from request Header obtain;
(7), find Token information after, verify the effectiveness of this Token information the most further, if Token information is effective,
Then obtain the account information of Token association, and put into thread variable, then continue to transmit to the back-end by this request;
(8), asking to arrive System Back-end, rear end program then directly can obtain authentication information from thread variable, and performs relevant
Business operation.
By detailed description of the invention above, described those skilled in the art can readily realize the present invention.But should
Working as understanding, the present invention is not limited to above-mentioned a kind of detailed description of the invention.On the basis of disclosed embodiment, described technology
The technical staff in field can the different technical characteristic of combination in any, thus realize different technical schemes.
In addition to the technical characteristic described in description, it is the known technology of those skilled in the art.
Claims (4)
1. a Web session structure based on Token and service calling method, it is characterised in that the method comprises the steps:
(1), client sends account by HTTP POST request and encrypted message, account and encrypted message are encapsulated in POST and ask
In the Body body asked;
(2) if account and encrypted message are effective, then service end generates Token information, and each Token information has a unique mark
Knowledge i.e. Token ID;Token information persistence is saved in tables of data simultaneously;
(3), by Token information write client Cookie, and return to client by the Body body of response, will simultaneously
Token information-write-wire journey variable;
(4), for Web application internal request, when client browser sends request, Web application internal request can pass through client
End Cookie carries Token information automatically;
(5), calling for external service, third-party application parses Token information from the Body body of response, then by being somebody's turn to do
Token information calls Rest service;
(6), Web application place filter foremost, be responsible for intercept all requests, after intercepting each request, first attempt from please
Seek lookup Token information in client Cookie carried, and judge whether to find Token information:
If 1. finding Token information from client Cookie, performing step (7);
If 2. searching from client Cookie less than Token information, then further attempt to search from the Header of request,
If still search less than, then it represents that authentication information is not carried in this request;
(7), find Token information after, verify the effectiveness of this Token information the most further, if Token information is effective,
Then obtain the account information of Token association, and put into thread variable, then continue to transmit to the back-end by this request;
(8), asking to arrive System Back-end, rear end program then directly can obtain authentication information from thread variable, and performs relevant
Business operation.
Web session structure based on Token the most according to claim 1 and service calling method, it is characterised in that described
In step (2), Token information uses 32 UUID as Token ID.
Web session structure based on Token the most according to claim 1 and service calling method, it is characterised in that described
The Token information preserved in step (2) includes that Token ID, Token create time, Token expired time, the current shape of Token
State and the account information of Token association.
Web session structure based on Token the most according to claim 1 and service calling method, it is characterised in that described
After Web application receives client browser requests in step (6), from client Cookie, first obtain Token information, if obtaining
Take less than, then from request Header obtain.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610705994.6A CN106302490A (en) | 2016-08-23 | 2016-08-23 | Token-based Web session construction and service calling method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610705994.6A CN106302490A (en) | 2016-08-23 | 2016-08-23 | Token-based Web session construction and service calling method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106302490A true CN106302490A (en) | 2017-01-04 |
Family
ID=57615577
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610705994.6A Pending CN106302490A (en) | 2016-08-23 | 2016-08-23 | Token-based Web session construction and service calling method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106302490A (en) |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107239308A (en) * | 2017-06-05 | 2017-10-10 | 广东西奥物联网科技股份有限公司 | A kind of calling function realization method and system of browser |
CN108306877A (en) * | 2018-01-30 | 2018-07-20 | 泰康保险集团股份有限公司 | Verification method, device and the storage medium of subscriber identity information based on NODE JS |
CN108566360A (en) * | 2018-01-03 | 2018-09-21 | 北京首钢自动化信息技术有限公司 | A kind of information processing method and device |
CN108989332A (en) * | 2018-08-14 | 2018-12-11 | 安徽云才信息技术有限公司 | A kind of user authen method based on Redis |
CN108989334A (en) * | 2018-08-16 | 2018-12-11 | 北京中科梧桐网络科技有限公司 | A kind of SSO single-point logging method based on JAVA |
CN109474669A (en) * | 2018-10-19 | 2019-03-15 | 杭州安恒信息技术股份有限公司 | A kind of correlating method of the Internet application system of high-accuracy |
CN109522139A (en) * | 2018-11-23 | 2019-03-26 | 杭州数梦工场科技有限公司 | A kind of tables of data service creation call method, device, equipment and storage medium |
CN109962892A (en) * | 2017-12-25 | 2019-07-02 | 航天信息股份有限公司 | A kind of authentication method and client, server logging in application |
CN110086802A (en) * | 2019-04-24 | 2019-08-02 | 上海易点时空网络有限公司 | Method for authenticating and device for session |
CN110995672A (en) * | 2019-11-20 | 2020-04-10 | 天津大学 | Network security authentication method for software development |
CN111766814A (en) * | 2020-07-08 | 2020-10-13 | 王善举 | Forest resource information acquisition terminal |
CN113098977A (en) * | 2021-04-20 | 2021-07-09 | 深圳华南城网科技有限公司 | Method and device for preventing form from being repeatedly submitted |
CN115529303A (en) * | 2022-11-07 | 2022-12-27 | 北京智象信息技术有限公司 | Method, system and medium for adapting Cobalt interface request |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101635707A (en) * | 2008-07-25 | 2010-01-27 | 国际商业机器公司 | Method for providing identity management for user in Web environment and device thereof |
CN102611709A (en) * | 2012-03-31 | 2012-07-25 | 奇智软件(北京)有限公司 | Access control method and system for third party resources |
CN102624926A (en) * | 2012-04-11 | 2012-08-01 | 中兴通讯股份有限公司 | Method and system for fusion and openness of abilities |
CN102710640A (en) * | 2012-05-31 | 2012-10-03 | 中国联合网络通信集团有限公司 | Authorization requesting method, device and system |
CN103188248A (en) * | 2011-12-31 | 2013-07-03 | 卓望数码技术(深圳)有限公司 | Identity authentication system and method based on single sign-on |
CN104378376A (en) * | 2014-11-18 | 2015-02-25 | 深圳中兴网信科技有限公司 | SOA-based single-point login method, authentication server and browser |
CN104869102A (en) * | 2014-02-24 | 2015-08-26 | 腾讯科技(北京)有限公司 | Authorization method, device and system based on xAuth protocols |
-
2016
- 2016-08-23 CN CN201610705994.6A patent/CN106302490A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101635707A (en) * | 2008-07-25 | 2010-01-27 | 国际商业机器公司 | Method for providing identity management for user in Web environment and device thereof |
CN103188248A (en) * | 2011-12-31 | 2013-07-03 | 卓望数码技术(深圳)有限公司 | Identity authentication system and method based on single sign-on |
CN102611709A (en) * | 2012-03-31 | 2012-07-25 | 奇智软件(北京)有限公司 | Access control method and system for third party resources |
CN102624926A (en) * | 2012-04-11 | 2012-08-01 | 中兴通讯股份有限公司 | Method and system for fusion and openness of abilities |
CN102710640A (en) * | 2012-05-31 | 2012-10-03 | 中国联合网络通信集团有限公司 | Authorization requesting method, device and system |
CN104869102A (en) * | 2014-02-24 | 2015-08-26 | 腾讯科技(北京)有限公司 | Authorization method, device and system based on xAuth protocols |
CN104378376A (en) * | 2014-11-18 | 2015-02-25 | 深圳中兴网信科技有限公司 | SOA-based single-point login method, authentication server and browser |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107239308A (en) * | 2017-06-05 | 2017-10-10 | 广东西奥物联网科技股份有限公司 | A kind of calling function realization method and system of browser |
CN109962892A (en) * | 2017-12-25 | 2019-07-02 | 航天信息股份有限公司 | A kind of authentication method and client, server logging in application |
CN108566360A (en) * | 2018-01-03 | 2018-09-21 | 北京首钢自动化信息技术有限公司 | A kind of information processing method and device |
CN108306877B (en) * | 2018-01-30 | 2020-11-10 | 泰康保险集团股份有限公司 | NODE JS-based user identity information verification method and device and storage medium |
CN108306877A (en) * | 2018-01-30 | 2018-07-20 | 泰康保险集团股份有限公司 | Verification method, device and the storage medium of subscriber identity information based on NODE JS |
CN108989332A (en) * | 2018-08-14 | 2018-12-11 | 安徽云才信息技术有限公司 | A kind of user authen method based on Redis |
CN108989334A (en) * | 2018-08-16 | 2018-12-11 | 北京中科梧桐网络科技有限公司 | A kind of SSO single-point logging method based on JAVA |
CN109474669A (en) * | 2018-10-19 | 2019-03-15 | 杭州安恒信息技术股份有限公司 | A kind of correlating method of the Internet application system of high-accuracy |
CN109522139A (en) * | 2018-11-23 | 2019-03-26 | 杭州数梦工场科技有限公司 | A kind of tables of data service creation call method, device, equipment and storage medium |
CN110086802A (en) * | 2019-04-24 | 2019-08-02 | 上海易点时空网络有限公司 | Method for authenticating and device for session |
CN110086802B (en) * | 2019-04-24 | 2021-11-23 | 上海易点时空网络有限公司 | Authentication method and device for session |
CN110995672A (en) * | 2019-11-20 | 2020-04-10 | 天津大学 | Network security authentication method for software development |
CN110995672B (en) * | 2019-11-20 | 2023-09-01 | 天津大学 | Network security authentication method for software development |
CN111766814A (en) * | 2020-07-08 | 2020-10-13 | 王善举 | Forest resource information acquisition terminal |
CN113098977A (en) * | 2021-04-20 | 2021-07-09 | 深圳华南城网科技有限公司 | Method and device for preventing form from being repeatedly submitted |
CN115529303A (en) * | 2022-11-07 | 2022-12-27 | 北京智象信息技术有限公司 | Method, system and medium for adapting Cobalt interface request |
CN115529303B (en) * | 2022-11-07 | 2023-03-07 | 北京智象信息技术有限公司 | Method, system and medium for adapting Cobalt interface request |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106302490A (en) | Token-based Web session construction and service calling method | |
US11863547B2 (en) | Systems and methods for providing authentication in a microservice system | |
CN108306877B (en) | NODE JS-based user identity information verification method and device and storage medium | |
CN107948203B (en) | A kind of container login method, application server, system and storage medium | |
US20150121503A1 (en) | Method, system and storage medium for user account to maintain login state | |
US8881247B2 (en) | Federated mobile authentication using a network operator infrastructure | |
CN103001974B (en) | Log-in control method based on Quick Response Code, system and device | |
CN105337949B (en) | A kind of SSO authentication method, web server, authentication center and token verify center | |
CN108712426B (en) | Crawler identification method and system based on user behavior buried points | |
US20140201813A1 (en) | Enhancing directory service authentication and authorization using contextual information | |
CN105072123B (en) | A kind of single sign-on under cluster environment exits method and system | |
CN113783695A (en) | Client information authentication method and system of micro-service architecture | |
US20040078604A1 (en) | Device independent authentication system and method | |
CN109639730A (en) | Information system data interface authentication method under HTTP stateless protocol based on token | |
WO2009064623A1 (en) | A network device and method for monitoring of backend transactions in data centers | |
US20130117451A1 (en) | Method, device and system for controlling web page access | |
CN109635550B (en) | Permission verification method, gateway and system for cluster data | |
US10972481B2 (en) | Web application session security | |
US8701163B2 (en) | Method and system for automatic generation of cache directives for security policy | |
CN108123932B (en) | The method of database terminal identification under three-tier architecture | |
WO2018024176A1 (en) | Device and method preventing repeated logins of same user | |
CN105871853A (en) | Portal authenticating method and system | |
CN109889511A (en) | Process DNS activity monitoring method, equipment and medium | |
US20120246215A1 (en) | Identying users of remote sessions | |
JP2021039585A (en) | Method for controlling connection with client or server |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170104 |
|
RJ01 | Rejection of invention patent application after publication |