CN106302490A - Token-based Web session construction and service calling method - Google Patents

Token-based Web session construction and service calling method Download PDF

Info

Publication number
CN106302490A
CN106302490A CN201610705994.6A CN201610705994A CN106302490A CN 106302490 A CN106302490 A CN 106302490A CN 201610705994 A CN201610705994 A CN 201610705994A CN 106302490 A CN106302490 A CN 106302490A
Authority
CN
China
Prior art keywords
token
information
token information
client
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610705994.6A
Other languages
Chinese (zh)
Inventor
黄启庆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inspur Electronic Information Industry Co Ltd
Original Assignee
Inspur Electronic Information Industry Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inspur Electronic Information Industry Co Ltd filed Critical Inspur Electronic Information Industry Co Ltd
Priority to CN201610705994.6A priority Critical patent/CN106302490A/en
Publication of CN106302490A publication Critical patent/CN106302490A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/547Remote procedure calls [RPC]; Web services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a method for Web session construction and service calling based on Token, belonging to the field of Web application, and aiming at solving the technical problems that one set of application and two sets of authentication logic are adopted in the existing Web session construction and service calling, so that the development and later maintenance workload is large, and the adopted technical scheme is as follows: the method comprises the following steps: (1) the client sends account and password information through an HTTP POST request, and the account and password information are packaged in a Body of the POST request; (2) if the account number and the password information are valid, the server generates Token information, and each Token information has a unique identifier, namely Token ID; meanwhile, the Token information is stored in a data table in a persistent mode; (3) and writing the Token information into the Cookie of the client, returning the Cookie to the client through the Body responding to the Cookie, and simultaneously writing the Token information into the thread variable.

Description

A kind of Web session structure based on Token and service calling method
Technical field
The present invention relates to web application, a kind of Web session structure based on Token and service call Method.
Background technology
Token is the meaning of token (temporarily) in computer identity certification, is the meaning of labelling in morphological analysis.
Existing Web application, mostly uses primary session session to maintain recognizing alternately of client and server After card, i.e. login authentication success, authentication information is put into session session, for subsequent request, directly check session meeting Whether words exist authentication information.
Along with the development of Internet technology, numerous web application is no longer traditional closed application, between each Web application Needs interconnect, and this just requires that Web application needs open portion Rest API for other application call, the tune of Rest API With, the most employing Token mechanism, rough flow is: exchange Token for by effective account number cipher, successfully obtains Token After, Rest API can be called by this Token, so will cause a set of application, there is two set authentication logics, internal use Session session, the outside Token that uses, increase the workload of exploitation and later maintenance undoubtedly.
Summary of the invention
The technical assignment of the present invention is to provide a kind of Web session structure based on Token and service calling method, solves A set of application in existing Web session structure and service call, two set authentication logics, cause exploitation and later maintenance workload Big problem.
The technical assignment of the present invention realizes in the following manner, and a kind of Web session based on Token builds and service is adjusted By method, the method comprises the steps:
(1), client sends account by HTTP POST request and encrypted message, account and encrypted message are encapsulated in POST and ask In the Body body asked;
(2) if account and encrypted message are effective, then service end generates Token information, and each Token information has a unique mark Knowledge i.e. Token ID;Token information persistence is saved in tables of data simultaneously;
(3), by Token information write client Cookie, and return to client by the Body body of response, will simultaneously Token information-write-wire journey variable;
(4), for Web application internal request, when client browser sends request, Web application internal request can pass through client End Cookie carries Token information automatically;
(5), calling for external service, third-party application parses Token information from the Body body of response, then by being somebody's turn to do Token information calls Rest service;
(6), Web application place filter foremost, be responsible for intercept all requests, after intercepting each request, first attempt from please Seek lookup Token information in client Cookie carried, and judge whether to find Token information:
If 1. finding Token information from client Cookie, performing step (7);
If 2. searching from client Cookie less than Token information, then further attempt to search from the Header of request, If still search less than, then it represents that authentication information is not carried in this request;
(7), find Token information after, verify the effectiveness of this Token information the most further, if Token information is effective, Then obtain the account information of Token association, and put into thread variable, then continue to transmit to the back-end by this request;
(8), asking to arrive System Back-end, rear end program then directly can obtain authentication information from thread variable, and performs relevant Business operation.
As preferably, in described step (2), Token information uses 32 UUID as Token ID.
As preferably, the Token information preserved in described step (2) includes that Token ID, Token create time, Token Expired time, Token current state and the account information of Token association.
As preferably, after in described step (6), Web application receives client browser requests, first from client In Cookie obtain Token information, if obtain less than, then from request Header obtain.
The Web session structure based on Token of the present invention and service calling method have the advantage that
1, the present invention realizes the structure of self-defined session and calling of Rest API simultaneously, it is not necessary to exploitation simultaneously safeguards that two sets are recognized Card logic, can effectively reduce the workload of exploitation and later maintenance;For web application and development aspect, developer has only to exploitation A set of authentication logic, decreases development amount;For later maintenance aspect, also have only to safeguard a set of authentication logic, reduce Later maintenance workload;
2, the Web application of the present invention has only to develop a set of authentication logic based on Token, can support the inside that web applies Request and external service are called;
3, the client of the present invention sends POST request, obtains Token information by effective account and password, and service end generates After Token information, Token information can be write if client is browser by Token information response to client the most simultaneously Enter in client browser Cookie, convenient and swift, easy to use;Wherein, Token information uses 32 UUID as Token The effect duration of ID, Token information is 2 hours, and Token information also has state simultaneously, creates time, out-of-service time, associated account number Deng attribute information.
The present invention has the features such as reasonable in design, simple in construction, easy to use, one-object-many-purposes, thus, have and well push away Wide use value.
Accompanying drawing explanation
The present invention is further described below in conjunction with the accompanying drawings.
Accompanying drawing 1 is Web session structure based on Token and the FB(flow block) of service calling method.
Detailed description of the invention
With reference to Figure of description and specific embodiment to the Web session structure based on Token of the present invention and service call Method is described in detail below.
Embodiment:
As shown in Figure 1, the Web session structure based on Token of the present invention and service calling method, the method includes walking as follows Rapid:
(1), client sends account by HTTP POST request and encrypted message, account and encrypted message are encapsulated in POST and ask In the Body body asked;
(2) if account and encrypted message are effective, then service end generates Token information, and each Token information has a unique mark Knowledge i.e. Token ID;Token information persistence is saved in tables of data simultaneously;Token information uses 32 UUID conducts Token ID;
Wherein, the Token information of preservation includes that Token ID, Token create time, Token expired time, the current shape of Token State and the account information of Token association;
(3), by Token information write client Cookie, and return to client by the Body body of response, will simultaneously Token information-write-wire journey variable;
(4), for Web application internal request, when client browser sends request, Web application internal request can pass through client End Cookie carries Token information automatically;
(5), calling for external service, third-party application parses Token information from the Body body of response, then by being somebody's turn to do Token information calls Rest service;
(6), Web application place filter foremost, be responsible for intercept all requests, after intercepting each request, first attempt from please Seek lookup Token information in client Cookie carried, and judge whether to find Token information:
If 1. finding Token information from client Cookie, performing step (7);
If 2. searching from client Cookie less than Token information, then further attempt to search from the Header of request, If still search less than, then it represents that authentication information is not carried in this request;
Wherein, after Web application receives client browser requests, from client Cookie, first obtain Token information, if obtaining Take less than, then from request Header obtain;
(7), find Token information after, verify the effectiveness of this Token information the most further, if Token information is effective, Then obtain the account information of Token association, and put into thread variable, then continue to transmit to the back-end by this request;
(8), asking to arrive System Back-end, rear end program then directly can obtain authentication information from thread variable, and performs relevant Business operation.
By detailed description of the invention above, described those skilled in the art can readily realize the present invention.But should Working as understanding, the present invention is not limited to above-mentioned a kind of detailed description of the invention.On the basis of disclosed embodiment, described technology The technical staff in field can the different technical characteristic of combination in any, thus realize different technical schemes.
In addition to the technical characteristic described in description, it is the known technology of those skilled in the art.

Claims (4)

1. a Web session structure based on Token and service calling method, it is characterised in that the method comprises the steps:
(1), client sends account by HTTP POST request and encrypted message, account and encrypted message are encapsulated in POST and ask In the Body body asked;
(2) if account and encrypted message are effective, then service end generates Token information, and each Token information has a unique mark Knowledge i.e. Token ID;Token information persistence is saved in tables of data simultaneously;
(3), by Token information write client Cookie, and return to client by the Body body of response, will simultaneously Token information-write-wire journey variable;
(4), for Web application internal request, when client browser sends request, Web application internal request can pass through client End Cookie carries Token information automatically;
(5), calling for external service, third-party application parses Token information from the Body body of response, then by being somebody's turn to do Token information calls Rest service;
(6), Web application place filter foremost, be responsible for intercept all requests, after intercepting each request, first attempt from please Seek lookup Token information in client Cookie carried, and judge whether to find Token information:
If 1. finding Token information from client Cookie, performing step (7);
If 2. searching from client Cookie less than Token information, then further attempt to search from the Header of request, If still search less than, then it represents that authentication information is not carried in this request;
(7), find Token information after, verify the effectiveness of this Token information the most further, if Token information is effective, Then obtain the account information of Token association, and put into thread variable, then continue to transmit to the back-end by this request;
(8), asking to arrive System Back-end, rear end program then directly can obtain authentication information from thread variable, and performs relevant Business operation.
Web session structure based on Token the most according to claim 1 and service calling method, it is characterised in that described In step (2), Token information uses 32 UUID as Token ID.
Web session structure based on Token the most according to claim 1 and service calling method, it is characterised in that described The Token information preserved in step (2) includes that Token ID, Token create time, Token expired time, the current shape of Token State and the account information of Token association.
Web session structure based on Token the most according to claim 1 and service calling method, it is characterised in that described After Web application receives client browser requests in step (6), from client Cookie, first obtain Token information, if obtaining Take less than, then from request Header obtain.
CN201610705994.6A 2016-08-23 2016-08-23 Token-based Web session construction and service calling method Pending CN106302490A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610705994.6A CN106302490A (en) 2016-08-23 2016-08-23 Token-based Web session construction and service calling method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610705994.6A CN106302490A (en) 2016-08-23 2016-08-23 Token-based Web session construction and service calling method

Publications (1)

Publication Number Publication Date
CN106302490A true CN106302490A (en) 2017-01-04

Family

ID=57615577

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610705994.6A Pending CN106302490A (en) 2016-08-23 2016-08-23 Token-based Web session construction and service calling method

Country Status (1)

Country Link
CN (1) CN106302490A (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107239308A (en) * 2017-06-05 2017-10-10 广东西奥物联网科技股份有限公司 A kind of calling function realization method and system of browser
CN108306877A (en) * 2018-01-30 2018-07-20 泰康保险集团股份有限公司 Verification method, device and the storage medium of subscriber identity information based on NODE JS
CN108566360A (en) * 2018-01-03 2018-09-21 北京首钢自动化信息技术有限公司 A kind of information processing method and device
CN108989332A (en) * 2018-08-14 2018-12-11 安徽云才信息技术有限公司 A kind of user authen method based on Redis
CN108989334A (en) * 2018-08-16 2018-12-11 北京中科梧桐网络科技有限公司 A kind of SSO single-point logging method based on JAVA
CN109474669A (en) * 2018-10-19 2019-03-15 杭州安恒信息技术股份有限公司 A kind of correlating method of the Internet application system of high-accuracy
CN109522139A (en) * 2018-11-23 2019-03-26 杭州数梦工场科技有限公司 A kind of tables of data service creation call method, device, equipment and storage medium
CN109962892A (en) * 2017-12-25 2019-07-02 航天信息股份有限公司 A kind of authentication method and client, server logging in application
CN110086802A (en) * 2019-04-24 2019-08-02 上海易点时空网络有限公司 Method for authenticating and device for session
CN110995672A (en) * 2019-11-20 2020-04-10 天津大学 Network security authentication method for software development
CN111766814A (en) * 2020-07-08 2020-10-13 王善举 Forest resource information acquisition terminal
CN113098977A (en) * 2021-04-20 2021-07-09 深圳华南城网科技有限公司 Method and device for preventing form from being repeatedly submitted
CN115529303A (en) * 2022-11-07 2022-12-27 北京智象信息技术有限公司 Method, system and medium for adapting Cobalt interface request

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101635707A (en) * 2008-07-25 2010-01-27 国际商业机器公司 Method for providing identity management for user in Web environment and device thereof
CN102611709A (en) * 2012-03-31 2012-07-25 奇智软件(北京)有限公司 Access control method and system for third party resources
CN102624926A (en) * 2012-04-11 2012-08-01 中兴通讯股份有限公司 Method and system for fusion and openness of abilities
CN102710640A (en) * 2012-05-31 2012-10-03 中国联合网络通信集团有限公司 Authorization requesting method, device and system
CN103188248A (en) * 2011-12-31 2013-07-03 卓望数码技术(深圳)有限公司 Identity authentication system and method based on single sign-on
CN104378376A (en) * 2014-11-18 2015-02-25 深圳中兴网信科技有限公司 SOA-based single-point login method, authentication server and browser
CN104869102A (en) * 2014-02-24 2015-08-26 腾讯科技(北京)有限公司 Authorization method, device and system based on xAuth protocols

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101635707A (en) * 2008-07-25 2010-01-27 国际商业机器公司 Method for providing identity management for user in Web environment and device thereof
CN103188248A (en) * 2011-12-31 2013-07-03 卓望数码技术(深圳)有限公司 Identity authentication system and method based on single sign-on
CN102611709A (en) * 2012-03-31 2012-07-25 奇智软件(北京)有限公司 Access control method and system for third party resources
CN102624926A (en) * 2012-04-11 2012-08-01 中兴通讯股份有限公司 Method and system for fusion and openness of abilities
CN102710640A (en) * 2012-05-31 2012-10-03 中国联合网络通信集团有限公司 Authorization requesting method, device and system
CN104869102A (en) * 2014-02-24 2015-08-26 腾讯科技(北京)有限公司 Authorization method, device and system based on xAuth protocols
CN104378376A (en) * 2014-11-18 2015-02-25 深圳中兴网信科技有限公司 SOA-based single-point login method, authentication server and browser

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107239308A (en) * 2017-06-05 2017-10-10 广东西奥物联网科技股份有限公司 A kind of calling function realization method and system of browser
CN109962892A (en) * 2017-12-25 2019-07-02 航天信息股份有限公司 A kind of authentication method and client, server logging in application
CN108566360A (en) * 2018-01-03 2018-09-21 北京首钢自动化信息技术有限公司 A kind of information processing method and device
CN108306877B (en) * 2018-01-30 2020-11-10 泰康保险集团股份有限公司 NODE JS-based user identity information verification method and device and storage medium
CN108306877A (en) * 2018-01-30 2018-07-20 泰康保险集团股份有限公司 Verification method, device and the storage medium of subscriber identity information based on NODE JS
CN108989332A (en) * 2018-08-14 2018-12-11 安徽云才信息技术有限公司 A kind of user authen method based on Redis
CN108989334A (en) * 2018-08-16 2018-12-11 北京中科梧桐网络科技有限公司 A kind of SSO single-point logging method based on JAVA
CN109474669A (en) * 2018-10-19 2019-03-15 杭州安恒信息技术股份有限公司 A kind of correlating method of the Internet application system of high-accuracy
CN109522139A (en) * 2018-11-23 2019-03-26 杭州数梦工场科技有限公司 A kind of tables of data service creation call method, device, equipment and storage medium
CN110086802A (en) * 2019-04-24 2019-08-02 上海易点时空网络有限公司 Method for authenticating and device for session
CN110086802B (en) * 2019-04-24 2021-11-23 上海易点时空网络有限公司 Authentication method and device for session
CN110995672A (en) * 2019-11-20 2020-04-10 天津大学 Network security authentication method for software development
CN110995672B (en) * 2019-11-20 2023-09-01 天津大学 Network security authentication method for software development
CN111766814A (en) * 2020-07-08 2020-10-13 王善举 Forest resource information acquisition terminal
CN113098977A (en) * 2021-04-20 2021-07-09 深圳华南城网科技有限公司 Method and device for preventing form from being repeatedly submitted
CN115529303A (en) * 2022-11-07 2022-12-27 北京智象信息技术有限公司 Method, system and medium for adapting Cobalt interface request
CN115529303B (en) * 2022-11-07 2023-03-07 北京智象信息技术有限公司 Method, system and medium for adapting Cobalt interface request

Similar Documents

Publication Publication Date Title
CN106302490A (en) Token-based Web session construction and service calling method
US11863547B2 (en) Systems and methods for providing authentication in a microservice system
CN108306877B (en) NODE JS-based user identity information verification method and device and storage medium
CN107948203B (en) A kind of container login method, application server, system and storage medium
US20150121503A1 (en) Method, system and storage medium for user account to maintain login state
US8881247B2 (en) Federated mobile authentication using a network operator infrastructure
CN103001974B (en) Log-in control method based on Quick Response Code, system and device
CN105337949B (en) A kind of SSO authentication method, web server, authentication center and token verify center
CN108712426B (en) Crawler identification method and system based on user behavior buried points
US20140201813A1 (en) Enhancing directory service authentication and authorization using contextual information
CN105072123B (en) A kind of single sign-on under cluster environment exits method and system
CN113783695A (en) Client information authentication method and system of micro-service architecture
US20040078604A1 (en) Device independent authentication system and method
CN109639730A (en) Information system data interface authentication method under HTTP stateless protocol based on token
WO2009064623A1 (en) A network device and method for monitoring of backend transactions in data centers
US20130117451A1 (en) Method, device and system for controlling web page access
CN109635550B (en) Permission verification method, gateway and system for cluster data
US10972481B2 (en) Web application session security
US8701163B2 (en) Method and system for automatic generation of cache directives for security policy
CN108123932B (en) The method of database terminal identification under three-tier architecture
WO2018024176A1 (en) Device and method preventing repeated logins of same user
CN105871853A (en) Portal authenticating method and system
CN109889511A (en) Process DNS activity monitoring method, equipment and medium
US20120246215A1 (en) Identying users of remote sessions
JP2021039585A (en) Method for controlling connection with client or server

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170104

RJ01 Rejection of invention patent application after publication