CN106375334A - Authentication method for distributed system - Google Patents
Authentication method for distributed system Download PDFInfo
- Publication number
- CN106375334A CN106375334A CN201610857808.0A CN201610857808A CN106375334A CN 106375334 A CN106375334 A CN 106375334A CN 201610857808 A CN201610857808 A CN 201610857808A CN 106375334 A CN106375334 A CN 106375334A
- Authority
- CN
- China
- Prior art keywords
- authentication
- distributed system
- client
- token
- service node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses an authentication method for a distributed system, belonging to the technical field of computer software application. The authentication method for the distributed system disclosed by the invention comprises: a client side sends an operation request to a service node in the distributed system; after obtaining the operation request sent by the client side, the service node sends the address of the authentication system to the client side; after obtaining the address of the authentication system, the client side carries self user information, and sends an authentication request of the operation to the authentication system; the authentication system performs authentication of the operation request, and returns the token of an authentication result to the client side; the client side initiates the operation request to the service node again by using the token; and the service node in the distributed system performs verification after receiving the token. By means of the authentication method for the distributed system disclosed by the invention, unified authentication of the whole distributed system is managed; therefore, the working efficiencies of developers and managers are effectively increased; and thus, the authentication method has good popularization and application value.
Description
Technical field
The present invention relates to computer software application technical field, specifically provide a kind of authentication method of distributed system.
Background technology
Computer has the advantages that information memory capacity is big, user's acquisition information is convenient and swift, it is effective to obtain information truth, is subject to
Favor to increasingly people.With the development further of social economy, the requirement of the properties to computer for the user is more next
Higher, the calculating performance requirement of computer is consequently increased.With the development of internet technology and IT application in enterprise,
Cloud computing is received much concern based on network calculations service mode as a kind of.With the rise of cloud computing, computer realm is just sent out
Give birth to deep change.Cloud computing has the features such as ultra-large, virtualization, high reliability, versatility, on-demand service, meanwhile,
The development of the big data technology based on cloud computing, the processing speed of single computer and function cannot meet people to information
The ageing requirement processing, distributed parallel computing is imperative.Distributed system is important in cloud computing counting system
Part, before communicating, carries out effective safety certification and general warranty distributed system is pacified between the server in distributed system
Full stable operation is significant.But backstage node is numerous and association each other is crisscross multiple in distributed system
Miscellaneous, unified certification management (user management and control of authority) of wherein whole distributed system is a major challenge that we face.
Authentication administrative system of the prior art can not manage the unified certification of whole distributed system get up, for entirely distributed system
The management of system brings very big inconvenience.And reduce the coupling of each service node, reduce the maintenance of each service node
Difficulty, reduces the work efficiency of developer and management personnel, has some limitations.
Content of the invention
The technical assignment of the present invention is for above-mentioned problem, provide a kind of can be by the unification of whole distributed system
Authentication management is got up, and effectively reduces the coupling of each service node, reduces the maintenance difficulties of each service node, effectively carries
The authentication method of the distributed system of high developer and management personnel's work efficiency.
For achieving the above object, the technical scheme is that
A kind of authentication method of distributed system, client sends operation requests, service to the service node in distributed system
The address of Verification System, client access authentication system after node obtains the operation requests that client sends, is sent to client
Address after carry the user profile of oneself to Verification System send this operation certification request, Verification System to described operation please
Ask and be authenticated, to client, client uses this token to initiate behaviour to service node again to the token of return authentication result
Asking, distribution system services node is verified after receiving token, if being verified, carrying out this operation, otherwise
Return no this operating right;The concretely comprising the following steps of the authentication method of this distributed system:
S1: client initiates operation requests to the service node in distributed system;
S2: after service node receives operation requests, to client return authentication system address;
After s3: client receives Verification System address, carry the user profile of oneself and initiate recognizing of this operation to Verification System
Card request;
S4: Verification System is authenticated after receiving the certification request of this operation, and to client return authentication result
token;
After s5: client receives the token of authentication result, using this token again to the service section in distributed system
Point initiates operation requests;
The service node of s6: distributed system is verified after receiving token, if being verified, carries out this operation, no
Then return no this operating right.
The authentication method of this distributed system, numerous and association each other is crisscross in distributed system backstage node
It is uniformly controlled management user and user right in the case of complexity, the unified certification of whole distributed system is managed,
Management for whole distributed system brings very big convenience, reduces the maintenance difficulties of service node, improves exploit person
Member and the work efficiency of management personnel.
Preferably, weighing to user validation certification and associative operation after in step s4, Verification System receives certification request
Limit is authenticated.
Preferably, all service nodes all configure the authentication information of Verification System and correlation.
Preferably, all service nodes are unified uses a set of user's system and purview certification system, it is easy to distributed
The management of system.
Compared with prior art, the authentication method of the distributed system of the present invention has beneficial effect following outstanding: should
The authentication method of distributed system solves the problems, such as the user management of many service nodes and control of authority in distributed system, is suitable for
In the distributed system that can not have relatedness in many service nodes and between node, whole distributed system shares one simultaneously
Set user platform, easy to use, reduce configuration difficulty, reduce the difficulty of operation management, and can effectively be uniformly controlled pipe
Reason user and user right.
Brief description
Fig. 1 is the systematic schematic diagram of the authentication method of distributed system of the present invention.
Specific embodiment
Below in conjunction with drawings and Examples, the authentication method of the distributed system of the present invention is made further specifically
Bright.
Embodiment
As shown in figure 1, the authentication method of the distributed system of the present invention, client is to the service node in distributed system
Send operation requests, after service node obtains the operation requests that client sends, send the address of Verification System, visitor to client
The certification request that the user profile of oneself sends this operation to Verification System, certification is carried behind the address of family end access authentication system
System is authenticated to described operation requests, and to client, client uses this token again to the token of return authentication result
Initiate operation requests to service node, distribution system services node is verified after receiving token, if being verified,
Then carry out this operation, otherwise return no this operating right;The concretely comprising the following steps of the authentication method of this distributed system:
S1: client initiates operation requests to the service node in distributed system.
All service nodes all configure the authentication information of Verification System and correlation, and the unified use of all service nodes
A set of user's system and purview certification system, are easy to the management to distributed system.
S2: after service node receives operation requests, to client return authentication system address.
After s3: client receives Verification System address, carry the user profile of oneself and initiate this operation to Verification System
Certification request.
S4: Verification System is authenticated after receiving the certification request that this operates, and to client return authentication result
token.
After s5: client receives the token of authentication result, using this token again to the clothes in distributed system
Business node initiates operation requests.
The service node of s6: distributed system is verified after receiving token, if being verified, is operated,
Otherwise return no this operating right.
Embodiment described above, the simply present invention more preferably specific embodiment, those skilled in the art is at this
The usual variations and alternatives carrying out in the range of inventive technique scheme all should comprise within the scope of the present invention.
Claims (4)
1. a kind of authentication method of distributed system it is characterised in that: client in distributed system service node send
Operation requests, after service node obtains the operation requests that client sends, send the address of Verification System, client to client
The certification request that the user profile of oneself sends this operation to Verification System, Verification System is carried behind the address of access authentication system
Described operation requests are authenticated, to client, client uses this token again to clothes to the token of return authentication result
Business node initiates operation requests, and distribution system services node is verified after receiving token, if being verified, enters
This operation of row, otherwise returns no this operating right;The concretely comprising the following steps of the authentication method of this distributed system:
S1: client initiates operation requests to the service node in distributed system;
S2: after service node receives operation requests, to client return authentication system address;
After s3: client receives Verification System address, carry the user profile of oneself and initiate recognizing of this operation to Verification System
Card request;
S4: Verification System is authenticated after receiving the certification request that this operates, and to client return authentication result
token;
After s5: client receives the token of authentication result, using this token again to the service section in distributed system
Point initiates operation requests;
The service node of s6: distributed system is verified after receiving token, if being verified, carries out this operation, no
Then return no this operating right.
2. distributed system according to claim 1 authentication method it is characterised in that: in step s4 Verification System receive
After the certification request operating to this, user validation certification and associative operation authority are authenticated.
3. distributed system according to claim 1 and 2 authentication method it is characterised in that: all service nodes are all joined
Put the authentication information of Verification System and correlation.
4. distributed system according to claim 3 authentication method it is characterised in that: all service nodes are unified to be used
A set of user's system and purview certification system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610857808.0A CN106375334A (en) | 2016-09-28 | 2016-09-28 | Authentication method for distributed system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610857808.0A CN106375334A (en) | 2016-09-28 | 2016-09-28 | Authentication method for distributed system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106375334A true CN106375334A (en) | 2017-02-01 |
Family
ID=57898525
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610857808.0A Pending CN106375334A (en) | 2016-09-28 | 2016-09-28 | Authentication method for distributed system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106375334A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107196957A (en) * | 2017-06-20 | 2017-09-22 | 北京明朝万达科技股份有限公司 | A kind of distributed identity authentication method and system |
| CN107659574A (en) * | 2017-10-10 | 2018-02-02 | 郑州云海信息技术有限公司 | A kind of data access control system |
| CN110022333A (en) * | 2018-01-09 | 2019-07-16 | 阿里巴巴集团控股有限公司 | The communication means and device of distributed system |
| CN112187835A (en) * | 2019-07-01 | 2021-01-05 | 成都秦川物联网科技股份有限公司 | Smart city network supervision method and system based on user platform |
| CN113672884A (en) * | 2021-08-23 | 2021-11-19 | 浙江大华技术股份有限公司 | Identity authentication method, identity authentication device, storage medium and identity authentication equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103152336A (en) * | 2013-02-22 | 2013-06-12 | 浪潮电子信息产业股份有限公司 | Distributed authorization and authentication method in cloud computing environment |
| CN103490899A (en) * | 2013-09-27 | 2014-01-01 | 浪潮齐鲁软件产业有限公司 | Application cloud safety certification method based on third-party service |
| CN104158879A (en) * | 2014-08-18 | 2014-11-19 | 浪潮(北京)电子信息产业有限公司 | Cloud management platform architecture system and method for distributed data center |
| CN104394141A (en) * | 2014-11-21 | 2015-03-04 | 南京邮电大学 | Unified authentication method based on distributed file system |
-
2016
- 2016-09-28 CN CN201610857808.0A patent/CN106375334A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103152336A (en) * | 2013-02-22 | 2013-06-12 | 浪潮电子信息产业股份有限公司 | Distributed authorization and authentication method in cloud computing environment |
| CN103490899A (en) * | 2013-09-27 | 2014-01-01 | 浪潮齐鲁软件产业有限公司 | Application cloud safety certification method based on third-party service |
| CN104158879A (en) * | 2014-08-18 | 2014-11-19 | 浪潮(北京)电子信息产业有限公司 | Cloud management platform architecture system and method for distributed data center |
| CN104394141A (en) * | 2014-11-21 | 2015-03-04 | 南京邮电大学 | Unified authentication method based on distributed file system |
Non-Patent Citations (1)
| Title |
|---|
| MARK MINASI等: "《精通WINDOWS SERVER 2008组网技术》", 31 October 2009 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107196957A (en) * | 2017-06-20 | 2017-09-22 | 北京明朝万达科技股份有限公司 | A kind of distributed identity authentication method and system |
| CN107659574A (en) * | 2017-10-10 | 2018-02-02 | 郑州云海信息技术有限公司 | A kind of data access control system |
| CN110022333A (en) * | 2018-01-09 | 2019-07-16 | 阿里巴巴集团控股有限公司 | The communication means and device of distributed system |
| CN110022333B (en) * | 2018-01-09 | 2022-07-05 | 阿里巴巴集团控股有限公司 | Communication method and device of distributed system |
| CN112187835A (en) * | 2019-07-01 | 2021-01-05 | 成都秦川物联网科技股份有限公司 | Smart city network supervision method and system based on user platform |
| CN113672884A (en) * | 2021-08-23 | 2021-11-19 | 浙江大华技术股份有限公司 | Identity authentication method, identity authentication device, storage medium and identity authentication equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106375334A (en) | Authentication method for distributed system | |
| US9507949B2 (en) | Device and methods for management and access of distributed data sources | |
| US10282366B2 (en) | Multi-dimensional decomposition computing method and system | |
| US20220311607A1 (en) | Key generation method and apparatus, device, and medium | |
| CN103259663A (en) | User unified authentication method in cloud computing environment | |
| CN105556919B (en) | Dual factor anthentication is carried out using service request bill | |
| US10621651B2 (en) | Automatic recharge system and method, and server | |
| CN105247529A (en) | Synchronizing credential hashes between directory services | |
| CN108769186B (en) | Service authority control method and device | |
| CN105141580B (en) | A kind of resource access control method based on the domain AD | |
| CN110417863A (en) | Generate method and apparatus, identity authentication method and the device of identity code | |
| WO2019118459A1 (en) | Decentralized name verification using recursive attestation | |
| CN109413203A (en) | A kind of transaction data acquisition methods and device | |
| CN110737425B (en) | Method and device for establishing application program of charging platform system | |
| CN110225039A (en) | Authority models acquisition, method for authenticating, gateway, server and storage medium | |
| CN104639546A (en) | Multi-biometric feature comprehensive authentication method, device and system | |
| CN104580210A (en) | Hotlinking prevention method, hotlinking prevention assembly and cloud platform under cloud platform environment | |
| CN113935070B (en) | Data processing method, device and equipment based on block chain and storage medium | |
| CN108170510A (en) | A kind of managing computing resources system based on virtualization technology | |
| CN106209735A (en) | A kind of information processing method, device and Electronic Health Record system | |
| CN110189440A (en) | A kind of smart lock monitoring equipment and its method based on block chain | |
| CN105357239A (en) | Method and device for providing service, and method and device for acquiring service | |
| CN106874371A (en) | A kind of data processing method and device | |
| CN113011960A (en) | Block chain-based data access method, device, medium and electronic equipment | |
| CN113420050B (en) | Data query management method, device, computer equipment and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170201 |