CN110365680A - Batch based on single-sign-on publishes method and device - Google Patents
Batch based on single-sign-on publishes method and device Download PDFInfo
- Publication number
- CN110365680A CN110365680A CN201910641997.1A CN201910641997A CN110365680A CN 110365680 A CN110365680 A CN 110365680A CN 201910641997 A CN201910641997 A CN 201910641997A CN 110365680 A CN110365680 A CN 110365680A
- Authority
- CN
- China
- Prior art keywords
- client
- server
- publishes
- request
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 68
- 238000012790 confirmation Methods 0.000 claims abstract description 46
- 230000005540 biological transmission Effects 0.000 claims description 29
- 230000015654 memory Effects 0.000 claims description 23
- 230000005055 memory storage Effects 0.000 claims description 5
- 238000013461 design Methods 0.000 description 19
- 238000010586 diagram Methods 0.000 description 10
- 230000006870 function Effects 0.000 description 6
- 241000282326 Felis catus Species 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 230000002452 interceptive effect Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000002159 abnormal effect Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 230000008878 coupling Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000000977 initiatory effect Effects 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L1/00—Arrangements for detecting or preventing errors in the information received
- H04L1/12—Arrangements for detecting or preventing errors in the information received by using return channel
- H04L1/16—Arrangements for detecting or preventing errors in the information received by using return channel in which the return channel carries supervisory signals, e.g. repetition request signals
- H04L1/1607—Details of the supervisory signal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The embodiment of the present invention provides a kind of batch based on single-sign-on and publishes method and device, this method comprises: server-side receive that the first client in multiple client sends publish message, publish message and be used to indicate user terminal and published.Server-side sends respectively to multiple client according to message is published and publishes request, publishes request and is used to indicate each client and exits login in server-side.What client reception server-side was sent publishes request.Client deletes the local session of client and user terminal according to request is published.Client sends ACK confirmation message to server-side.Server-side receives the ACK confirmation message of the return of the second client in multiple client, and the second client of confirmation publishes success.ACK confirmation message is sent to server-side by client, so that server-side can determine whether client publishes success, state is published so as to avoid what server-side can not determine client, improves the safety of system.
Description
Technical field
The present embodiments relate to computer technologies more particularly to a kind of batch based on single-sign-on to publish method and dress
It sets.
Background technique
Single Sign Out is concept corresponding with single-sign-on, and wherein single-sign-on refers to that user only needs once to be stepped on
Record operation, it will be able to access the corresponding user terminal of operation system of all mutual trusts, corresponding Single Sign Out refers to user only
It need to publish primary, it will be able to exit the user terminal of all listed operation systems.
The prior art is when realizing Single Sign Out, usually by way of poll, accesses the operation system trusted each other
Each of the corresponding user terminal of subsystem, and publish request to all client transmissions, next client is according to publishing
Request empties local session control, to realize publishing for client.
However, it is possible to the case where part client is published unsuccessfully occur, server-side is can not to determine whether client is published
Successfully, then the safety of system is caused not can guarantee.
Summary of the invention
The embodiment of the present invention provides a kind of batch based on single-sign-on and publishes method and device, to overcome server-side can not
Determine whether client publishes success.
In a first aspect, the embodiment of the present invention, which provides a kind of batch based on single-sign-on, publishes method, it is applied to server-side,
Multiple client is logined successfully by single-sign-on in the server-side;This method comprises:
The server-side receives the message of publishing of the transmission of the first client in the multiple client, described to publish message
User terminal is used to indicate to have published;
The server-side publishes message according to, sends respectively to the multiple client and publishes request, described to publish
Request is used to indicate each client and exits login in the server-side;
If the server-side receives the ACK confirmation message of the return of the second client in the multiple client, really
Recognize second client and publishes success.
In a kind of possible design, if the server-side does not receive the third client in the multiple client and returns
The ACK confirmation message returned, the method also includes:
The server-side publishes request to third client transmission again, and records the number for sending and publishing request;
If the server-side determines that the number is more than preset times, it is determined that the third client publishes failure.
In a kind of possible design, if the third client publishes failure, the method also includes:
The server-side sends alert message to the third client, and the alert message is used to indicate the third visitor
Publish failure in family end.
In a kind of possible design, the server-side publishes message according to, sends out respectively to the multiple client
It send before publishing request, the method also includes:
The server-side obtains client chained list according to the token of first client, stores in the client chained list
There is the corresponding the multiple client of same token;
After the server-side confirms that second client is published successfully, the method also includes:
The server-side deletes second client from the client chained list.
In a kind of possible design, the server-side publishes message according to, sends out respectively to the multiple client
It send and publishes request, comprising:
The server-side publishes message according to, carries out asynchronous traversal to the client chained list, and pass through multiple lines
Cheng Binghang publishes request to described in the transmission of the multiple client.
Second aspect, the embodiment of the present invention provide a kind of batch based on single-sign-on and publish method, are applied to client,
The client is logined successfully by single-sign-on in same server-side with other clients;This method comprises:
What the client received that the server-side sends publishes request;
The client publishes request according to, deletes the local session of the client and user terminal;
The client sends ACK confirmation message to the server-side.
In a kind of possible design, before what the client received that the server-side sends publishes request, the side
Method further include:
What the client received that the user terminal sends exits request.
The third aspect, the embodiment of the present invention provide a kind of batch based on single-sign-on and publish device, are applied to server-side,
Multiple client is logined successfully by single-sign-on in the server-side;The device includes:
Receiving module receives publishing for the transmission of the first client in the multiple client for the server-side and disappears
Breath, it is described publish message and be used to indicate user terminal published;
Sending module publishes message for the server-side according to, sends and publish respectively to the multiple client
Request, it is described publish request and be used to indicate each client exit login in the server-side;
Confirmation module, if receiving the ACK of the return of the second client in the multiple client for the server-side
Confirmation message then confirms that second client publishes success.
In a kind of possible design, the sending module is also used to:
If the server-side does not receive the ACK confirmation message of the return of the third client in the multiple client,
The server-side publishes request to third client transmission again, and records the number for sending and publishing request;
If the server-side determines that the number is more than preset times, it is determined that the third client publishes failure.
In a kind of possible design, the sending module is also used to:
If the third client publishes failure, the server-side sends alert message, institute to the third client
It states alert message and is used to indicate the third client and publish failure.
In a kind of possible design, further includes: obtain module;
The acquisition module is sent out for publishing message according in the server-side to the multiple client respectively
It send before publishing request, the server-side obtains client chained list, the client chain according to the token of first client
The corresponding the multiple client of same token is stored in table;
The confirmation module is also used to:
After the server-side confirms that second client is published successfully, the server-side is by second client
It is deleted from the client chained list.
In a kind of possible design, the sending module is specifically used for:
The server-side publishes message according to, carries out asynchronous traversal to the client chained list, and pass through multiple lines
Cheng Binghang publishes request to described in the transmission of the multiple client.
Fourth aspect, the embodiment of the present invention provide a kind of batch based on single-sign-on and publish device, are applied to client,
The client is logined successfully by single-sign-on in same server-side with other clients;The device includes:
Receiving module publishes request for what the client received that the server-side sends;
Removing module publishes request for the client according to, deletes the part of the client and user terminal
Session;
Sending module sends ACK confirmation message to the server-side for the client.
In a kind of possible design, the receiving module is also used to:
The client receive that the server-side sends publish request before, the client receives the user terminal
What is sent exits request.
5th aspect, the embodiment of the present invention provide a kind of batch based on single-sign-on and publish equipment, comprising:
Memory, for storing program;
Processor, for executing the described program of memory storage, when described program is performed, the processor
For executing any method in the various possible designs of first aspect and first aspect as above.
6th aspect, the embodiment of the present invention provide a kind of batch based on single-sign-on and publish equipment, comprising:
Memory, for storing program;
Processor, for executing the described program of memory storage, when described program is performed, the processor
For executing any method in the various possible designs of second aspect and second aspect as above.
7th aspect, the embodiment of the present invention provides a kind of computer readable storage medium, including instruction, when it is in computer
When upper operation, so that computer executes any side in the various possible designs of first aspect and first aspect as above
Method.
Eighth aspect, the embodiment of the present invention provides a kind of computer readable storage medium, including instruction, when it is in computer
When upper operation, so that computer executes any side in the various possible designs of second aspect and second aspect as above
Method.
The embodiment of the present invention provides a kind of batch based on single-sign-on and publishes method and device, this method comprises: service
What end received that the first client in multiple client sends publishes message, publishes message and is used to indicate user terminal and has published.Clothes
End be engaged according to message is published, is sent respectively to multiple client and publishes request, publishes request and is used to indicate each client and exit
The login of server-side.What client reception server-side was sent publishes request.Client is deleted client and is used according to request is published
The local session at family end.Client sends ACK confirmation message to server-side.If server-side receives second in multiple client
The ACK confirmation message that client returns, then confirm that the second client publishes success.It is true to server-side transmission ACK by client
Recognize message, so that server-side can determine whether client publishes success, can not determine client so as to avoid server-side
Publish state, improve the safety of system.
Detailed description of the invention
Fig. 1 is the system schematic that the batch provided in an embodiment of the present invention based on single-sign-on publishes method;
Fig. 2 is the flow chart one that the batch provided in an embodiment of the present invention based on single-sign-on publishes method;
Fig. 3 is the flowchart 2 that the batch provided in an embodiment of the present invention based on single-sign-on publishes method;
Fig. 4 is the structural schematic diagram one that the batch provided in an embodiment of the present invention based on single-sign-on publishes device;
Fig. 5 is the structural schematic diagram two that the batch provided in an embodiment of the present invention based on single-sign-on publishes device;
Fig. 6 is the structural schematic diagram three that the batch provided in an embodiment of the present invention based on single-sign-on publishes device;
Fig. 7 is the hardware structural diagram one that the batch provided in an embodiment of the present invention based on single-sign-on publishes equipment;
Fig. 8 is the hardware structural diagram two that the batch provided in an embodiment of the present invention based on single-sign-on publishes equipment.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art
Every other embodiment obtained without creative efforts, shall fall within the protection scope of the present invention.
Fig. 1 is the system schematic that the batch provided in an embodiment of the present invention based on single-sign-on publishes method, such as Fig. 1 institute
Show, which includes: multiple client 101 and server-side 102.
Wherein, client 101 is normally operated on the terminal device that user possesses, and wherein client 101 for example can be
Browser, or can also be the application program etc. for being integrated with single-sign-on and (publishing) function, the present embodiment is to client 101
With no restrictions, as long as its function of can be realized Single Sign Out, wherein terminal device for example can be calculating to implementation
Machine equipment, tablet computer or mobile phone (or being " honeycomb " phone) etc., terminal device can also be portable, pocket,
The mobile device or equipment of hand-held, built-in computer, as long as terminal device can be interacted with server-side, herein not
It is particularly limited.
In the present embodiment, client 101 can run user terminal, and wherein user terminal is in the operation system trusted each other
Each subsystem, if client 101 is browser, wherein user terminal can be for example the nets such as Taobao, day cat, Alipay
It stands, such as client 101 has logged in Taobao according to the username and password that user inputs, then the corresponding subsystems of Taobao are equal
Single-sign-on is carried out, when user runs the user terminal of day cat, the user terminal of day cat without being logged in again.
The specific implementation of single-sign-on is introduced below, one is provided in server-side 102 and independent is recognized
Card center, wherein only authentication center can receive the verification informations such as the user name password of the transmission of client 101, work as client
After 101 login successfully, other corresponding subsystems no longer provide logentry, it is only necessary to receive the indirect authorization of authentication center
Login service end can be realized.
Specifically, when user terminal 1 need to access to server-side shielded resource (by taking Taobao as an example, ability after login
Enough check shopping cart data, history purchaser record etc.), then client 101 sends access request to server-side, if server-side 102
It was found that client 101 is not landed, then server-side 102 controls client 101 and jumps to authentication center, and authentication center is by user terminal 1
Guidance is to login page, the username and password that secondly the reception user of client 101 inputs in the login page of user terminal 1, and
It is committed to authentication center.
Authentication center is verified according to username and password, created when verifying successfully user terminal 1 and authentication center it
Between global session, while controlling 1 login service end of user terminal, user terminal 1 is needed the resource accessed to be sent to visitor by server-side
Family end 101, the secondly local session between the creation of client 101 and user terminal 1, by the required resource of user terminal 1 (as done shopping
Car data, web data etc.) return to user terminal 1.
When user terminal 2 needs to access shielded resource to server-side, above-mentioned same operation is executed, so that service
102 control client 101 of end jumps to authentication center, and the user terminal 2 of authentication center's discovery at this time has had logged on (because being single-point
Log in), then user terminal 2 is needed the resource accessed to be sent to client 101 by server-side, secondly the creation of client 101 and user
Local session between end 2, returns to user terminal for the required resource of user terminal 2 (such as shopping cart data, web data)
2。
Without limitation to the quantity of the client 101 at login service end 102, those skilled in the art can manage the present embodiment
Solution, specific quantity are determined according to the load of server-side 102 and operation system, in the present embodiment, client 101
It will do it interaction with server-side 102, wherein interactive mode for example can be by cable network, which for example be can wrap
Coaxial cable, twisted pair and optical fiber etc. are included, wherein interactive mode can also be, for example, wireless network, which be can be
2G network, 3G network, 4G network or 5G network, Wireless Fidelity (Wireless Fidelity, abbreviation WIFI) network etc..This
Inventive embodiments to interactive concrete type or concrete form and without limitation, as long as it can be realized server-side and terminal is handed over
Mutual function.
Further, for the prior art when carrying out Single Sign Out operation, user terminal publishes data to the initiation of client 101,
Client 101 initiates de-registration request to authentication center according to the data of publishing of user terminal, and authentication center deletes first and client
Global session between 101, while publishing request to all initiations of clients 101 in logging state, each client according to
Authentication center publishes request, and operation is published in execution.
However, each client publishes whether operation runs succeeded, authentication center not can guarantee, then net is occurring
When the abnormal problems such as network time-out, it may appear that the case where part client is published unsuccessfully causes the validity of Single Sign Out to be difficult to protect
Card.
Based on the above issues, the present invention provides a kind of batches based on single-sign-on to publish method, below with reference to specific
Embodiment be introduced, be illustrated first in conjunction with Fig. 2, Fig. 2 be it is provided in an embodiment of the present invention based on single-sign-on batch
Amount publishes the flow chart one of method, as shown in Fig. 2, this method comprises:
S201, the first client publish message to server-side transmission.
What the first client in S202, server-side reception multiple client was sent publishes message, publishes message for referring to
Show that user terminal has been published.
Specifically, what the first client reception user terminal was sent exits request when user terminal needs to log off state,
It, can be with the first visitor because publishing for user terminal is actively to carry out at this time and according to request is exited so that user terminal is published
Publishing for family end can guarantee, it will be understood by those skilled in the art that wherein the first client refers to currently transmitted exit
Client corresponding to the user terminal of request.
First client publishes message after receiving and exiting request, to server-side transmission, is used for wherein publishing message
Instruction user terminal has been published.
S203, server-side send respectively to multiple client according to message is published and publish request, publish request and be used to indicate
Each client exits the login in server-side.
After server-side receives and publishes message, server-side determines that the corresponding user terminal of current first client has been stepped on
Out, then it to guarantee that Single Sign Out being normally carried out, is also needed with client corresponding to its sub-systems for trusting each other at this time
It wants corresponding to carry out publishing operation.
Specifically, server-side issues respectively to multiple client publishes request, serviced with indicating that each client exits
The login at end.
What S204, client reception server-side were sent publishes request.
S205, client delete the local session of client and user terminal according to request is published.
It is illustrated by taking the second client as an example, wherein the second client, which is understood that receive, publishes any one of request
A client, wherein the second client and the first client for example can be same client, such as the second client and the first visitor
Family end is the browser 1 for being currently at opening state, has logged in user terminal 1 (such as Taobao) and user terminal 2 (such as day simultaneously
Cat), then server-side is handling user terminal 1 and when publishing operation of user terminal 2 respectively, actually server-side with the same visitor
Family end interacts.
Alternatively, the second client and the first client also for example can be different clients, as user is first turned on the
One client (the corresponding application program of user terminal 1) carries out single-sign-on and accesses server-side, wherein the second client (user terminal 2
Corresponding application program) it is the client trusted each other in the first client, then corresponding second client has also carried out single-point
Login can access to server-side.
Alternatively, user can also be again turned on clear while opening browser 1 (the first client) access user terminal 1
Look at device 1 (the second client) access user terminal 2, although the first client and the second client are browser 1 at this time, because
To open twice, interacting with server-side is to carry out respectively, therefore it can consider and is different client.
It will be understood by those skilled in the art that each user terminal is corresponding with respective client, two of them user terminal can
With the same client of correspondence, the present embodiment is not construed as limiting the first client and the second client.
Second client receive server-side transmission publish request after, carry out publishing operation according to request is published,
Specifically, above-described embodiment has been described that establishing between client and user terminal has local dialogue, then when user terminal logs in
When user terminal is published, the second client is deleted the part between user terminal and is talked with, to guarantee that user terminal is being stepped on
Shielded resource cannot be accessed when doing well.
S206, client send ACK confirmation message to server-side.
S207, server-side receive the ACK confirmation message of the return of the second client in multiple client, the second visitor of confirmation
Publish success in family end.
After the second client is according to request deletion and the local session of user terminal is published, then user terminal can be guaranteed
Through publishing, the second client sends ACK confirmation message to server-side at this time, so that server-side is returned according to the second client
ACK confirmation message, the second client of confirmation publishes success, publishes feelings so as to avoid what server-side can not determine client
Condition.
Wherein, above-described embodiment is the introduction carried out by taking the second client as an example, is practically in single-sign-on state
Each client be required to execute aforesaid operations, i.e. server-side can receive the ACK confirmation message that all server-sides are sent,
To determine whether that each client is published.
Batch provided in an embodiment of the present invention based on single-sign-on publishes method, comprising: server-side receives multiple clients
What the first client in end was sent publishes message, publishes message and is used to indicate user terminal and has published.Server-side disappears according to publishing
Breath, sends respectively to multiple client and publishes request, publishes and requests to be used to indicate each client and exit login in server-side.Visitor
What family end reception server-side was sent publishes request.Client deletes the local session of client and user terminal according to request is published.
Client sends ACK confirmation message to server-side.If server-side receives the ACK of the return of the second client in multiple client
Confirmation message then confirms that the second client publishes success.ACK confirmation message is sent to server-side by client, so that clothes
Business end can determine whether client publishes success, and the state of publishing of client can not be determined so as to avoid server-side, be promoted
The safety of system.
On the basis of the above embodiments, it is criticized to provided in an embodiment of the present invention based on single-sign-on below with reference to Fig. 3
Amount is published method and is further discussed in detail, and Fig. 3 is that the batch provided in an embodiment of the present invention based on single-sign-on is published
The flowchart 2 of method, as shown in figure 3, this method comprises:
S301, the first client publish message to server-side transmission.
What the first client in S302, server-side reception multiple client was sent publishes message, publishes message for referring to
Show that user terminal has been published.
Wherein, the implementation of S301, S302 are similar with S201, S202, and details are not described herein again.
S303, server-side obtain client chained list according to the token of the first client, are stored in client chained list same
The corresponding multiple client of token.
Specifically, when carrying out single-sign-on, the authentication center of server-side when being verified successfully according to username and password,
The global session between user terminal 1 and authentication center is created, while creating token for the first client, wherein token is used to indicate
First client possesses logon rights, and the first client uses the local session of the token creation and user terminal 1, to return to
The shielded resource of user terminal 1.
Secondly, authentication center can find that user terminal 2 has logged on when the second client needs to access shielded resource
, then token identical with the first client can be sent to the second client by authentication center, and the second client uses the token
The local session of creation and user terminal 2, returns to the shielded resource of user terminal 2.
Secondly, all clients for possessing the same token are each user trusted each other in the system of single-sign-on
The corresponding client in end, which constitute client chained lists, and the corresponding multiple visitors of same token are stored in client chained list
Family end.
S304, server-side carry out asynchronous traversal to client chained list according to message is published.
S305, server-side publish request to multiple client transmission by multiple thread parallels, are used for wherein publishing request
Indicate that each client exits the login in server-side.
What server-side the first client of reception was sent publishes message, wherein publishing message includes token, server-side is according to order
Board obtains client chained list, and carries out asynchronous traversal to client chained list, and send out to multiple client by multiple thread parallels
It send and publishes request.
Wherein asynchronous traversal and transmitted in parallel, which publish request, can effectively promote the operating efficiency of Single Sign Out.
What S306, client reception server-side were sent publishes request.
S307, client delete the local session of client and user terminal according to request is published.
S308, client send ACK confirmation message to server-side.
S309, server-side receive the ACK confirmation message of the return of the second client in multiple client, the second visitor of confirmation
Publish success in family end.
S310, server-side delete the second client from client chained list.
If server-side confirms that the second client publishes success, the second client is deleted from client chained list.
Batch provided in an embodiment of the present invention based on single-sign-on publishes method, comprising: server-side receives multiple clients
What the first client in end was sent publishes message, publishes message and is used to indicate user terminal and has published.Server-side is according to the first visitor
The token at family end obtains client chained list, is stored with the corresponding multiple client of same token in client chained list.Server-side root
According to message is published, asynchronous traversal is carried out to client chained list, and publish and ask to multiple client transmission by multiple thread parallels
It asks, exits login in server-side wherein publishing request and being used to indicate each client.Client receives publishing for server-side transmission
Request.Client deletes the local session of client and user terminal according to request is published.Client is true to server-side transmission ACK
Recognize message.If server-side receives the ACK confirmation message of the return of the second client in multiple client, the second client is confirmed
Publish success in end.Server-side deletes the second client from client chained list.By way of asynchronous traversal client chained list
Request is published to multiple client transmitted in parallel, to effectively improve the efficiency for sending to client and publishing request, is improved
The speed of Single Sign Out.
On the basis of the above embodiments, the batch provided by the invention based on single-sign-on publishes method, if server-side
The ACK confirmation message that the third client in multiple client returns is not received, then method provided by the invention further include:
Server-side publishes request to the transmission of third client again, and records the number for sending and publishing request;
If server-side determined number is more than preset times, it is determined that third client publishes failure.
If then server-side not can determine that specifically, server-side does not receive the ACK confirmation message of third client return
Whether third client publishes success, and server-side publishes request to the sending of third client again at this time.
In an optional implementation manner, third client has been published successfully, is lost for no other reason than that ACK message is sent
Lose, lose, caused server-side do not receive third client return ACK confirmation message, then third client again to
Server-side sends ACK confirmation message.
In another optional implementation, third client is because Network Abnormal etc. occurs publishing failure really
Situation, then third client publishes request according to what server-side retransmitted at this time, carries out publishing operation again, is publishing success
When to server-side send ACK confirmation message.
Meanwhile server-side record sends the number for publishing request, if server-side sends the number for publishing request more than pre-
If number does not receive the ACK confirmation message of third client transmission also, it is determined that third client publishes failure, wherein default time
Number can be set according to actual needs.
Batch provided in an embodiment of the present invention based on single-sign-on publishes method, by not receiving client return
When ACK confirmation message, request is published to client transmission again, to remind client singly to publish, to effectively promote client list
The success rate that point is published, and the number by publishing request to transmission record and be compared with preset times, when
When determining that transmission times is more than preset times, determine that third client publishes failure, just so as to avoid because message sink mentions
Caused erroneous judgement is advocated, and in client in the case where publishing failure, the trial of publishing again within preset times can
Effectively promote the success rate published.
On the basis of the above embodiments, if third client publishes failure, method provided by the invention further include:
Server-side sends alert message to third client, and alert message is used to indicate third client and publishes failure.
Wherein the specific implementation of alert message can be set according to actual needs, as long as third client can be allowed
End receives the instruction message for publishing failure.
By to publish failure third client send alert message so that third client can determine publish mistake
The state lost, to carry out subsequent processing.
Fig. 4 is the structural schematic diagram one that the batch provided in an embodiment of the present invention based on single-sign-on publishes device.Such as Fig. 4
Shown, which includes: receiving module 401, sending module 402 and confirmation module 403.
Receiving module 401 receives publishing for the transmission of the first client in the multiple client for the server-side
Message, it is described publish message and be used to indicate user terminal published;
Sending module 402 publishes message for the server-side according to, sends and step on respectively to the multiple client
Request out, it is described publish request and be used to indicate each client exit login in the server-side;
Confirmation module 403, if receiving the return of the second client in the multiple client for the server-side
ACK confirmation message then confirms that second client publishes success.
In a kind of possible design, the sending module 402 is also used to:
If the server-side does not receive the ACK confirmation message of the return of the third client in the multiple client,
The server-side publishes request to third client transmission again, and records the number for sending and publishing request;
If the server-side determines that the number is more than preset times, it is determined that the third client publishes failure.
In a kind of possible design, the sending module 402 is also used to:
If the third client publishes failure, the server-side sends alert message, institute to the third client
It states alert message and is used to indicate the third client and publish failure.
Device provided in this embodiment can be used for executing the technical solution of above method embodiment, realization principle and skill
Art effect is similar, and details are not described herein again for the present embodiment.
Fig. 5 is the structural schematic diagram two that the batch provided in an embodiment of the present invention based on single-sign-on publishes device.Such as Fig. 5
Shown, the present embodiment is on the basis of Fig. 4 embodiment, further includes: obtains module 504.
In a kind of possible design, the acquisition module 504, for publishing message according in the server-side,
It is sent respectively to the multiple client before publishing request, the server-side obtains visitor according to the token of first client
Family end chained list is stored with the corresponding the multiple client of same token in the client chained list;
The confirmation module 503 is also used to:
After the server-side confirms that second client is published successfully, the server-side is by second client
It is deleted from the client chained list.
In a kind of possible design, the sending module 502 is specifically used for:
The server-side publishes message according to, carries out asynchronous traversal to the client chained list, and pass through multiple lines
Cheng Binghang publishes request to described in the transmission of the multiple client.
Device provided in this embodiment can be used for executing the technical solution of above method embodiment, realization principle and skill
Art effect is similar, and details are not described herein again for the present embodiment.
Fig. 6 is the structural schematic diagram three that the batch provided in an embodiment of the present invention based on single-sign-on publishes device.Such as Fig. 6
Shown, which includes: receiving module 601, removing module 602 and sending module 603.
Receiving module 601 publishes request for what the client received that the server-side sends;
Removing module 602 publishes request for the client according to, deletes the office of the client and user terminal
Portion's session;
Sending module 603 sends ACK confirmation message to the server-side for the client.
In a kind of possible design, the receiving module 601 is also used to:
The client receive that the server-side sends publish request before, the client receives the user terminal
What is sent exits request.
Device provided in this embodiment can be used for executing the technical solution of above method embodiment, realization principle and skill
Art effect is similar, and details are not described herein again for the present embodiment.
Fig. 7 is the hardware structural diagram one that the batch provided in an embodiment of the present invention based on single-sign-on publishes equipment,
As shown in fig. 7, it includes: processor 701 and memory 702 that the batch based on single-sign-on of the present embodiment, which publishes equipment 70,;
Wherein
Memory 702, for storing computer executed instructions;
Processor 701, for executing the computer executed instructions of memory storage, to realize in above-described embodiment based on single
The batch that point logs in publishes each step performed by method.It specifically may refer to the associated description in preceding method embodiment.
Optionally, memory 702 can also be integrated with processor 701 either independent.
When memory 702 is independently arranged, it further includes bus 703 which, which publishes equipment, is used for
Connect the memory 702 and processor 701.
Fig. 8 is the hardware structural diagram two that the batch provided in an embodiment of the present invention based on single-sign-on publishes equipment,
As shown in figure 8, it includes: processor 801 and memory 802 that the batch based on single-sign-on of the present embodiment, which publishes equipment 80,;
Wherein
Memory 802, for storing computer executed instructions;
Processor 801, for executing the computer executed instructions of memory storage, to realize in above-described embodiment based on single
The batch that point logs in publishes each step performed by method.It specifically may refer to the associated description in preceding method embodiment.
Optionally, memory 802 can also be integrated with processor 801 either independent.
When memory 802 is independently arranged, it further includes bus 803 which, which publishes equipment, is used for
Connect the memory 802 and processor 801.
The embodiment of the present invention also provides a kind of computer readable storage medium, stores in the computer readable storage medium
There are computer executed instructions, when processor executes the computer executed instructions, realizes as above based on the batch of single-sign-on
It publishes the batch performed by equipment based on single-sign-on and publishes method.
The embodiment of the present invention also provides a kind of computer readable storage medium, stores in the computer readable storage medium
There are computer executed instructions, when processor executes the computer executed instructions, realizes as above based on the batch of single-sign-on
It publishes the batch performed by equipment based on single-sign-on and publishes method.
In several embodiments provided by the present invention, it should be understood that disclosed device and method can pass through it
Its mode is realized.For example, apparatus embodiments described above are merely indicative, for example, the division of the module, only
Only a kind of logical function partition, there may be another division manner in actual implementation, for example, multiple modules can combine or
It is desirably integrated into another system, or some features can be ignored or not executed.Another point, it is shown or discussed it is mutual it
Between coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING or communication link of device or module
It connects, can be electrical property, mechanical or other forms.
The above-mentioned integrated module realized in the form of software function module, can store and computer-readable deposit at one
In storage media.Above-mentioned software function module is stored in a storage medium, including some instructions are used so that a computer
Equipment (can be personal computer, server-side or the network equipment etc.) or processor (English: processor) execute this Shen
Please each embodiment the method part steps.
It should be understood that above-mentioned processor can be central processing unit (English: Central Processing Unit, letter
Claim: CPU), can also be other general processors, digital signal processor (English: Digital Signal Processor,
Referred to as: DSP), specific integrated circuit (English: Application Specific Integrated Circuit, referred to as:
ASIC) etc..General processor can be microprocessor or the processor is also possible to any conventional processor etc..In conjunction with hair
The step of bright disclosed method, can be embodied directly in hardware processor and execute completion, or with hardware in processor and soft
Part block combiner executes completion.
Memory may include high speed RAM memory, it is also possible to and it further include non-volatile memories NVM, for example, at least one
Magnetic disk storage can also be USB flash disk, mobile hard disk, read-only memory, disk or CD etc..
Bus can be industry standard architecture (Industry Standard Architecture, ISA) bus, outer
Portion's apparatus interconnection (Peripheral Component, PCI) bus or extended industry-standard architecture (Extended
Industry Standard Architecture, EISA) bus etc..Bus can be divided into address bus, data/address bus, control
Bus etc..For convenient for indicating, the bus in illustrations does not limit only a bus or a type of bus.
Above-mentioned storage medium can be by any kind of volatibility or non-volatile memory device or their combination
It realizes, such as static random access memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable
Read-only memory (EPROM), programmable read only memory (PROM), read-only memory (ROM), magnetic memory, flash memory,
Disk or CD.Storage medium can be any usable medium that general or specialized computer can access.
Those of ordinary skill in the art will appreciate that: realize that all or part of the steps of above-mentioned each method embodiment can lead to
The relevant hardware of program instruction is crossed to complete.Program above-mentioned can be stored in a computer readable storage medium.The journey
When being executed, execution includes the steps that above-mentioned each method embodiment to sequence;And storage medium above-mentioned include: ROM, RAM, magnetic disk or
The various media that can store program code such as person's CD.
Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present invention., rather than its limitations;To the greatest extent
Pipe present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: its according to
So be possible to modify the technical solutions described in the foregoing embodiments, or to some or all of the technical features into
Row equivalent replacement;And these are modified or replaceed, various embodiments of the present invention technology that it does not separate the essence of the corresponding technical solution
The range of scheme.
Claims (10)
1. a kind of batch based on single-sign-on publishes method, which is characterized in that be applied to server-side, multiple client passes through list
Point logs in the server-side and logins successfully;The described method includes:
The server-side receive the first client in the multiple client transmission publish message, the message of publishing is used for
Instruction user terminal has been published;
The server-side publishes message according to, sends respectively to the multiple client and publishes request, described to publish request
It is used to indicate each client and exits login in the server-side;
If the server-side receives the ACK confirmation message of the return of the second client in the multiple client, institute is confirmed
It states the second client and publishes success.
2. the method according to claim 1, wherein if the server-side does not receive in the multiple client
Third client return ACK confirmation message, the method also includes:
The server-side publishes request to third client transmission again, and records the number for sending and publishing request;
If the server-side determines that the number is more than preset times, it is determined that the third client publishes failure.
3. according to the method described in claim 2, it is characterized in that, the method is also if the third client publishes failure
Include:
The server-side sends alert message to the third client, and the alert message is used to indicate the third client
Publish failure.
4. the method according to claim 1, wherein the server-side publishes message according to, to described more
A client is sent respectively publish request before, the method also includes:
The server-side obtains client chained list according to the token of first client, is stored in the client chained list same
The corresponding the multiple client of one token;
After the server-side confirms that second client is published successfully, the method also includes:
The server-side deletes second client from the client chained list.
5. according to the method described in claim 4, it is characterized in that, the server-side publishes message according to, to described more
A client sends publish request respectively, comprising:
The server-side publishes message according to, carries out asynchronous traversal to the client chained list, and simultaneously by multiple threads
Row publishes request to described in the transmission of the multiple client.
6. a kind of batch based on single-sign-on publishes method, which is characterized in that be applied to client, the client with it is other
Client is logined successfully by single-sign-on in same server-side;The described method includes:
What the client received that the server-side sends publishes request;
The client publishes request according to, deletes the local session of the client and user terminal;
The client sends ACK confirmation message to the server-side.
7. according to the method described in claim 6, it is characterized in that, the client publishing of receiving that the server-side sends is asked
Before asking, the method also includes:
What the client received that the user terminal sends exits request.
8. a kind of batch based on single-sign-on publishes device, which is characterized in that be applied to server-side, multiple client passes through list
Point logs in the server-side and logins successfully;Described device includes:
Receiving module, for the server-side receive the first client in the multiple client transmission publish message, institute
It states to publish message and be used to indicate user terminal and publish;
Sending module publishes message for the server-side according to, sends respectively to the multiple client and publish request,
It is described publish request and be used to indicate each client exit login in the server-side;
Confirmation module, if receiving the ACK confirmation of the return of the second client in the multiple client for the server-side
Message then confirms that second client publishes success.
9. a kind of batch based on single-sign-on publishes equipment characterized by comprising
Memory, for storing program;
Processor, for executing the described program of the memory storage, when described program is performed, the processor is used for
Execute the method as described in any in claim 1 to 5.
10. a kind of computer readable storage medium, which is characterized in that including instruction, when run on a computer, make to succeed in one's scheme
Calculation machine executes method as claimed in claim 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910641997.1A CN110365680B (en) | 2019-07-16 | 2019-07-16 | Batch logout method and device based on single sign-on |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910641997.1A CN110365680B (en) | 2019-07-16 | 2019-07-16 | Batch logout method and device based on single sign-on |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110365680A true CN110365680A (en) | 2019-10-22 |
| CN110365680B CN110365680B (en) | 2022-04-15 |
Family
ID=68220236
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910641997.1A Active CN110365680B (en) | 2019-07-16 | 2019-07-16 | Batch logout method and device based on single sign-on |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110365680B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112272204A (en) * | 2020-09-18 | 2021-01-26 | 苏州浪潮智能科技有限公司 | Method, system, terminal and storage medium for automatically logging out web page overtime |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006065004A1 (en) * | 2004-12-15 | 2006-06-22 | Electronics And Telecommunications Research Institute | System and method for performing service logout in single-sign-on service using identity |
| CN103560884A (en) * | 2013-10-28 | 2014-02-05 | 上海浦东物流云计算有限公司 | Method and system for user identity information logout, authentication server and client terminal |
| CN103618612A (en) * | 2013-12-04 | 2014-03-05 | 中国联合网络通信集团有限公司 | Method and device for achieving single sign on of applications in terminal |
| CN104320423A (en) * | 2014-11-19 | 2015-01-28 | 重庆邮电大学 | Single sign-on light weight implementation method based on Cookie |
| CN105072123A (en) * | 2015-08-21 | 2015-11-18 | 广州博鳌纵横网络科技有限公司 | Single sign on log-out method and system under cluster environment |
| US20170153856A1 (en) * | 2015-11-27 | 2017-06-01 | Kyocera Document Solutions Inc. | Electronic device, session continuity determining method, and data transmission/reception system |
| CN107911376A (en) * | 2017-11-29 | 2018-04-13 | 南京莱斯信息技术股份有限公司 | The WEB systems single-sign-on and access control implementation method of a kind of non-invasive |
| CN108134806A (en) * | 2018-03-13 | 2018-06-08 | 北京信安世纪科技股份有限公司 | A kind of method and system of Single Sign Out |
| CN109165500A (en) * | 2018-09-04 | 2019-01-08 | 山东浪潮云投信息科技有限公司 | A kind of single sign-on authentication system and method based on cross-domain technology |
| CN109495473A (en) * | 2018-11-19 | 2019-03-19 | 杭州数梦工场科技有限公司 | Realize method, apparatus, equipment and storage medium that application system single-point is nullified |
| CN109688114A (en) * | 2018-12-10 | 2019-04-26 | 迈普通信技术股份有限公司 | Single-point logging method, certificate server and application server |
| CN109815687A (en) * | 2019-03-18 | 2019-05-28 | 北京智明星通科技股份有限公司 | Account management method and device |
| CN109831408A (en) * | 2018-12-13 | 2019-05-31 | 平安万家医疗投资管理有限责任公司 | Single-sign-on subsystem publishes method and system |
-
2019
- 2019-07-16 CN CN201910641997.1A patent/CN110365680B/en active Active
Patent Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006065004A1 (en) * | 2004-12-15 | 2006-06-22 | Electronics And Telecommunications Research Institute | System and method for performing service logout in single-sign-on service using identity |
| CN103560884A (en) * | 2013-10-28 | 2014-02-05 | 上海浦东物流云计算有限公司 | Method and system for user identity information logout, authentication server and client terminal |
| CN103618612A (en) * | 2013-12-04 | 2014-03-05 | 中国联合网络通信集团有限公司 | Method and device for achieving single sign on of applications in terminal |
| CN104320423A (en) * | 2014-11-19 | 2015-01-28 | 重庆邮电大学 | Single sign-on light weight implementation method based on Cookie |
| CN105072123A (en) * | 2015-08-21 | 2015-11-18 | 广州博鳌纵横网络科技有限公司 | Single sign on log-out method and system under cluster environment |
| US20170153856A1 (en) * | 2015-11-27 | 2017-06-01 | Kyocera Document Solutions Inc. | Electronic device, session continuity determining method, and data transmission/reception system |
| CN107911376A (en) * | 2017-11-29 | 2018-04-13 | 南京莱斯信息技术股份有限公司 | The WEB systems single-sign-on and access control implementation method of a kind of non-invasive |
| CN108134806A (en) * | 2018-03-13 | 2018-06-08 | 北京信安世纪科技股份有限公司 | A kind of method and system of Single Sign Out |
| CN109165500A (en) * | 2018-09-04 | 2019-01-08 | 山东浪潮云投信息科技有限公司 | A kind of single sign-on authentication system and method based on cross-domain technology |
| CN109495473A (en) * | 2018-11-19 | 2019-03-19 | 杭州数梦工场科技有限公司 | Realize method, apparatus, equipment and storage medium that application system single-point is nullified |
| CN109688114A (en) * | 2018-12-10 | 2019-04-26 | 迈普通信技术股份有限公司 | Single-point logging method, certificate server and application server |
| CN109831408A (en) * | 2018-12-13 | 2019-05-31 | 平安万家医疗投资管理有限责任公司 | Single-sign-on subsystem publishes method and system |
| CN109815687A (en) * | 2019-03-18 | 2019-05-28 | 北京智明星通科技股份有限公司 | Account management method and device |
Non-Patent Citations (1)
| Title |
|---|
| 李兆罚: "基于CAS的跨域网络应用单点登录技术研究与实现", 《中国优秀硕士学位论文全文数据库(电子期刊)》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112272204A (en) * | 2020-09-18 | 2021-01-26 | 苏州浪潮智能科技有限公司 | Method, system, terminal and storage medium for automatically logging out web page overtime |
| CN112272204B (en) * | 2020-09-18 | 2022-06-21 | 苏州浪潮智能科技有限公司 | Method, system, terminal and storage medium for automatically logging out web page overtime |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110365680B (en) | 2022-04-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107135218B (en) | Login state obtaining and sending method, credential configuration method, client and server | |
| CN108173938A (en) | Server load shunt method and device | |
| CN110083465A (en) | A kind of data transferring method between applying of lodging | |
| CN108683679A (en) | More account login methods, device, equipment and the storage medium of Web APP | |
| CN109787959B (en) | Account information processing method and related device | |
| CN106529952A (en) | Verification realizing method and system in data transfer | |
| CN113132402A (en) | Single sign-on method and system | |
| CN112448956B (en) | Authority processing method and device of short message verification code and computer equipment | |
| CN111669351B (en) | Authentication method, service server, client and computer readable storage medium | |
| KR102091349B1 (en) | Method for processing transaction via exchange system | |
| CN114938288B (en) | Data access method, device, equipment and storage medium | |
| CN114513350A (en) | Identity verification method, system and storage medium | |
| CN112187453A (en) | Digital certificate updating method and system, electronic equipment and readable storage medium | |
| CN114124556B (en) | Network access control method, device, equipment and storage medium | |
| KR20140109565A (en) | push service system and method | |
| CN110365680A (en) | Batch based on single-sign-on publishes method and device | |
| CN110932860A (en) | Channel switching method, device, equipment and storage medium based on multiple CA | |
| CN111104653B (en) | User operation processing method and device, electronic equipment and readable storage medium | |
| WO2024016634A1 (en) | Smart routing-based remote payment method and apparatus, terminal, system, and medium | |
| US8954720B2 (en) | IC chip, information processing apparatus, software module control method, information processing system, information processing method, and program | |
| CN105577621B (en) | Business operation verification method, device and system | |
| CN115174162A (en) | Authorization method, device, system and storage medium based on OAuth protocol | |
| CN114500091A (en) | Login method and device | |
| CN114745185A (en) | Cluster access method and device | |
| CN115310958A (en) | Payment method, device, equipment, system and medium based on 5G message application |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |