CN110661782A - Public basic service system based on single sign-on and micro-service architecture and implementation method thereof - Google Patents
Public basic service system based on single sign-on and micro-service architecture and implementation method thereof Download PDFInfo
- Publication number
- CN110661782A CN110661782A CN201910795601.9A CN201910795601A CN110661782A CN 110661782 A CN110661782 A CN 110661782A CN 201910795601 A CN201910795601 A CN 201910795601A CN 110661782 A CN110661782 A CN 110661782A
- Authority
- CN
- China
- Prior art keywords
- service
- user
- application
- single sign
- micro
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention belongs to the technical field of internet, in particular to a public basic service system based on single sign-on and micro-service architecture, which comprises single sign-on service, API gateway service and user authority management service; the invention also discloses a public basic service implementation method based on single sign-on and micro-service architecture, which comprises the following steps: a user accessing a first application; verifying the first application; verifying by a server side; a user inputs a user name and a password to log in on a login interface; the server side stores the user information; the user accesses the second application; second application verification; the login verification is passed; the single sign-on service improves the efficiency of the user, the user is not disturbed by multiple sign-on, and a plurality of IDs and passwords do not need to be remembered; the efficiency of developers is improved, the API gateway unifies service inlets, and management and control on a plurality of service interfaces of the platform can be conveniently realized; the user authority management service manages users of all systems or applications in a unified mode and is responsible for the authority of all systems or applications.
Description
Technical Field
The invention belongs to the technical field of internet, and particularly relates to a public basic service system based on single sign-on and micro-service architecture and an implementation method thereof.
Background
There are countless systems or applications that operate independently on the internet to provide various services. Each system or application has its own identity authentication mechanism, so that each user needs to register on each system or application, and after the authentication is passed, the user can access the system or application. Although the user may register each system or application with the same username and password, confusion between usernames and passwords is avoided. However, when a user accesses a plurality of sites at a certain time or jumps among the sites, the user still needs to log in for accessing the sites for a plurality of times. Based on the above description, single sign-on is introduced to complete the sharing of users in the whole network. Single sign on (single signon), abbreviated as SSO, is one of the solutions for enterprise business integration that is popular at present. SSO is defined as the fact that in multiple applications, a user only needs to log in once to access all mutually trusted applications.
For a traditional service architecture, all services of the whole system are in one project, requirements and choices of different customers for different service modules are different, and each service module cannot be independently reused, so that one project is changed into a plurality of versions, and management is very troublesome. Since all services are in one system, once a problem occurs in a service, the system operation may be affected. Based on the above description, a microservice architecture is introduced. A microservice is an architectural style, with a large complex software application consisting of one or more microservices. Each microservice in the system can be deployed independently, with loose coupling between each microservice. Each microservice is only concerned with completing one task and well completing the task. In all cases, each task represents a small business capability.
In the face of countless systems or applications, the conventional method is to develop a set of user right management based on each system or application, so as to avoid user right confusion, but increase development and maintenance costs.
Disclosure of Invention
In order to solve the problems in the prior art, the invention provides a public basic service system based on single sign-on and micro-service architecture and an implementation method thereof, and the public basic service system has the characteristics of improving the efficiency of users and conveniently realizing management and control of a plurality of service interfaces of a platform.
In order to achieve the purpose, the invention provides the following technical scheme: a public basic service system based on single sign-on and micro-service architecture comprises a single sign-on service, an API gateway service and a user authority management service, wherein,
the single sign-on service comprises a first application, a server, a browser and a second application;
the API gateway service is used for building a unified gateway system, receiving a request of a user for accessing the unified gateway and verifying access authority;
user authority management service, managing user information, user authority, and stripping out independent user service.
As a preferred technical solution of the present invention, the micro service architecture further includes a service registration and discovery service to manage each stripped-out independent user service.
As a preferred technical solution of the present invention, the user right management service further includes user management, right management, menu and resource management, and service management.
The invention also discloses a public basic service implementation method based on single sign-on and micro-service architecture, which comprises the following steps:
s1, the user accesses the first application;
s2, the first application verifies whether a session is established with the browser, if so, the browser accesses normally, and if not, the original access address is used as a parameter of a redirection address, so that the browser is redirected to a server;
s3, the server side verifies whether the browser logs in, if so, the browser obtains normal access of the original address from the redirection address parameter, and if not, the browser jumps to a login interface;
s4, the user inputs a user name and a password to log in the login interface;
s5, the server side stores the user name and password information of the user;
s6, the user accesses the second application;
s7, a synchronization step S2, the second application verifies the user information;
and S8, passing login verification.
As a preferred technical solution of the present invention, the first application and the second application are disposed on a desktop of the mobile terminal.
As a preferred embodiment of the present invention, the step S2 further includes the first application sending the user information to the single sign-on mobile terminal.
As a preferred embodiment of the present invention, the step S7 further includes the second application sending the user information to the single sign-on mobile terminal.
Compared with the prior art, the invention has the beneficial effects that:
1. the single sign-on service improves the efficiency of the user, the user is not disturbed by multiple sign-on, and a plurality of IDs and passwords do not need to be remembered; in addition, the situation that the user forgets the password and turns to the support personnel is reduced; the efficiency of developers is improved, and the SSO provides a universal identity verification framework for the developers;
the unified service entrance of the API gateway can conveniently realize the management and control of a plurality of service interfaces of the platform, and can realize the identity authentication of access service, the prevention of message replay and data tampering, the service authentication of function call, the desensitization of response data, the flow and concurrency control, and even the metering or charging based on the API call;
3. the user authority management service manages users of all systems or applications in a unified mode, is responsible for authority of all systems or applications, configures roles, allocates resources, endows corresponding roles to the users, configures menus and resources of all systems or applications, manages all services in the micro-services, and calls and authorizes among the services.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:
FIG. 1 is a schematic diagram of the system of the present invention;
FIG. 2 is a flow chart of single sign-on in the present invention;
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Examples
Referring to fig. 1-2, the present invention provides the following technical solutions: a public basic service system based on single sign-on and micro-service architecture comprises a single sign-on service, an API gateway service and a user authority management service, wherein,
the single sign-on service comprises a first application, a server, a browser and a second application;
the method comprises the steps that a first application and a second application are arranged on a desktop of the mobile terminal to form login ends of the first application and the second application, wherein the login end of the first application is used for a user to login the first application through a first account and a password, and similarly, the login end of the second application is used for the user to login the second application through a second account and a password;
the server is used for recording the login state of the user, namely verifying whether the first application establishes a session with the browser or not, and transmitting the information to the login end of the second application;
the above description is understood that, when a user logs in a first application through a login end of the first application and establishes a session with a browser, that is, after a correct account and password are input and the user logs in, a server of the single sign-on service transfers user information to a login end of a second application, the login end of the trusted second application stores the account and the password input by the user at the login end of the first application, and the user can log in the second application through the login end of the second application without repeatedly inputting the account and the password when logging in the second application.
The method comprises the following steps that API gateway service is used for building a unified gateway system, receiving a request of a user for accessing the unified gateway and verifying access authority to achieve unified authentication, and the patent with the application number of CN201810689051.8, namely 'a micro-service unified authentication method and a gateway', discloses micro-service authentication for realizing multiple service types;
user authority management service, managing user information, user authority, and stripping out independent user service.
Specifically, in this embodiment, the micro service architecture further includes a service registration and discovery service to manage each stripped independent user service.
Specifically, in this embodiment, the user right management service further includes user management, right management, menu and resource management, and service management, wherein,
user management: users of each system or application are managed in a unified manner;
and (3) authority management: the system is responsible for the authority of each system or application, configures roles, allocates resources and finally gives corresponding roles to the users;
menu and resource management: configuring menus and resources of each system or application;
service management: managing individual services in the microservice, and inter-service invocation and authorization.
A public basic service implementation method based on single sign-on and micro-service architecture comprises the following steps:
s1, the user accesses the first application;
s2, the first application verifies whether a session is established with the browser, if so, the browser accesses normally, and if not, the original access address is used as a parameter of a redirection address, so that the browser is redirected to a server;
s3, the server side verifies whether the browser logs in, if so, the browser obtains normal access of the original address from the redirection address parameter, and if not, the browser jumps to a login interface;
s4, the user inputs a user name and a password to log in the login interface;
s5, the server side stores the user name and password information of the user;
s6, the user accesses the second application;
s7, a synchronization step S2, the second application verifies the user information;
and S8, passing login verification.
Specifically, in this embodiment, the step S2 further includes that the first application sends the user information to the single sign-on mobile terminal.
Specifically, in this embodiment, the step S7 further includes that the second application sends the user information to the single sign-on mobile terminal.
Finally, it should be noted that: although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that changes may be made in the embodiments and/or equivalents thereof without departing from the spirit and scope of the invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (7)
1. A public basic service system based on single sign-on and micro-service architecture is characterized in that: including single sign-on services, API gateway services, and user rights management services, wherein,
the single sign-on service comprises a first application, a server, a browser and a second application;
the API gateway service is used for building a unified gateway system, receiving a request of a user for accessing the unified gateway and verifying access authority;
user authority management service, managing user information, user authority, and stripping out independent user service.
2. The common basic service system based on single sign-on and micro-service architecture as claimed in claim 1, wherein: the microservice architecture further includes service registration and discovery services to manage each stripped out individual user service.
3. The common basic service system based on single sign-on and micro-service architecture as claimed in claim 1, wherein: the user authority management service further comprises user management, authority management, menu and resource management and service management.
4. A method for realizing common basic service based on single sign-on and micro-service architecture according to any one of claims 1-3, characterized in that: comprises the following steps:
s1, the user accesses the first application;
s2, the first application verifies whether a session is established with the browser, if so, the browser accesses normally, and if not, the original access address is used as a parameter of a redirection address, so that the browser is redirected to a server;
s3, the server side verifies whether the browser logs in, if so, the browser obtains normal access of the original address from the redirection address parameter, and if not, the browser jumps to a login interface;
s4, the user inputs a user name and a password to log in the login interface;
s5, the server side stores the user name and password information of the user;
s6, the user accesses the second application;
s7, a synchronization step S2, the second application verifies the user information;
and S8, passing login verification.
5. The method of claim 4, wherein the method comprises: the first application and the second application are arranged on a desktop of the mobile terminal.
6. The method of claim 5, wherein the method comprises: the step S2 further includes the first application sending the user information to the single sign-on mobile terminal.
7. The public basic service system based on single sign-on and micro-service architecture and the realization method thereof according to claim 5, characterized in that: the step S7 further includes the second application sending the user information to the single sign-on mobile terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910795601.9A CN110661782A (en) | 2019-08-27 | 2019-08-27 | Public basic service system based on single sign-on and micro-service architecture and implementation method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910795601.9A CN110661782A (en) | 2019-08-27 | 2019-08-27 | Public basic service system based on single sign-on and micro-service architecture and implementation method thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110661782A true CN110661782A (en) | 2020-01-07 |
Family
ID=69036773
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910795601.9A Pending CN110661782A (en) | 2019-08-27 | 2019-08-27 | Public basic service system based on single sign-on and micro-service architecture and implementation method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110661782A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111859419A (en) * | 2020-06-29 | 2020-10-30 | 远光软件股份有限公司 | Method for configuring resource authority to main body based on micro service |
| CN112465322A (en) * | 2020-11-19 | 2021-03-09 | 许继集团有限公司 | User management device applied to substation automation system |
| CN112487390A (en) * | 2020-11-27 | 2021-03-12 | 网宿科技股份有限公司 | Micro-service switching method and system |
| CN113542238A (en) * | 2021-06-29 | 2021-10-22 | 上海派拉软件股份有限公司 | Risk judgment method and system based on zero trust |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030200465A1 (en) * | 2001-08-06 | 2003-10-23 | Shivaram Bhat | Web based applications single sign on system and method |
| CN101159557A (en) * | 2007-11-21 | 2008-04-09 | 华为技术有限公司 | Single point logging method, device and system |
| CN103237019A (en) * | 2013-04-03 | 2013-08-07 | 中国科学院合肥物质科学研究院 | Cloud service accessing gateway system and cloud service accessing method |
| CN106101160A (en) * | 2016-08-26 | 2016-11-09 | 北京恒华伟业科技股份有限公司 | A kind of system login method and device |
| CN106713271A (en) * | 2016-11-25 | 2017-05-24 | 国云科技股份有限公司 | Web system log in constraint method based on single sign-on |
| CN108959902A (en) * | 2018-06-07 | 2018-12-07 | 北京百悟科技有限公司 | A kind of mutli-system integration platform and method, computer readable storage medium |
| CN109150913A (en) * | 2018-10-17 | 2019-01-04 | 东软集团股份有限公司 | Access method, apparatus, storage medium and the server of the application under micro services framework |
| CN109271776A (en) * | 2018-10-22 | 2019-01-25 | 努比亚技术有限公司 | Micro services system single-point logging method, server and computer readable storage medium |
| CN110086822A (en) * | 2019-05-07 | 2019-08-02 | 北京智芯微电子科技有限公司 | The realization method and system of unified identity authentication strategy towards micro services framework |
-
2019
- 2019-08-27 CN CN201910795601.9A patent/CN110661782A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030200465A1 (en) * | 2001-08-06 | 2003-10-23 | Shivaram Bhat | Web based applications single sign on system and method |
| CN101159557A (en) * | 2007-11-21 | 2008-04-09 | 华为技术有限公司 | Single point logging method, device and system |
| CN103237019A (en) * | 2013-04-03 | 2013-08-07 | 中国科学院合肥物质科学研究院 | Cloud service accessing gateway system and cloud service accessing method |
| CN106101160A (en) * | 2016-08-26 | 2016-11-09 | 北京恒华伟业科技股份有限公司 | A kind of system login method and device |
| CN106713271A (en) * | 2016-11-25 | 2017-05-24 | 国云科技股份有限公司 | Web system log in constraint method based on single sign-on |
| CN108959902A (en) * | 2018-06-07 | 2018-12-07 | 北京百悟科技有限公司 | A kind of mutli-system integration platform and method, computer readable storage medium |
| CN109150913A (en) * | 2018-10-17 | 2019-01-04 | 东软集团股份有限公司 | Access method, apparatus, storage medium and the server of the application under micro services framework |
| CN109271776A (en) * | 2018-10-22 | 2019-01-25 | 努比亚技术有限公司 | Micro services system single-point logging method, server and computer readable storage medium |
| CN110086822A (en) * | 2019-05-07 | 2019-08-02 | 北京智芯微电子科技有限公司 | The realization method and system of unified identity authentication strategy towards micro services framework |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111859419A (en) * | 2020-06-29 | 2020-10-30 | 远光软件股份有限公司 | Method for configuring resource authority to main body based on micro service |
| CN111859419B (en) * | 2020-06-29 | 2023-10-10 | 远光软件股份有限公司 | Method for configuring resource permission to main body based on micro-service |
| CN112465322A (en) * | 2020-11-19 | 2021-03-09 | 许继集团有限公司 | User management device applied to substation automation system |
| CN112487390A (en) * | 2020-11-27 | 2021-03-12 | 网宿科技股份有限公司 | Micro-service switching method and system |
| CN113542238A (en) * | 2021-06-29 | 2021-10-22 | 上海派拉软件股份有限公司 | Risk judgment method and system based on zero trust |
| CN113542238B (en) * | 2021-06-29 | 2023-06-16 | 上海派拉软件股份有限公司 | Zero trust-based risk judging method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11411944B2 (en) | Session synchronization across multiple devices in an identity cloud service | |
| US20200296143A1 (en) | Dynamic Client Registration for an Identity Cloud Service | |
| US11012444B2 (en) | Declarative third party identity provider integration for a multi-tenant identity cloud service | |
| CN110661782A (en) | Public basic service system based on single sign-on and micro-service architecture and implementation method thereof | |
| US10834137B2 (en) | Rest-based declarative policy management | |
| US10261836B2 (en) | Dynamic dispatching of workloads spanning heterogeneous services | |
| US11870770B2 (en) | Multi-tenant identity cloud service with on-premise authentication integration | |
| US6728884B1 (en) | Integrating heterogeneous authentication and authorization mechanisms into an application access control system | |
| US11271969B2 (en) | Rest-based declarative policy management | |
| US8397273B2 (en) | Policy based provisioning in a computing environment | |
| US11687378B2 (en) | Multi-tenant identity cloud service with on-premise authentication integration and bridge high availability | |
| US8418238B2 (en) | System, method, and apparatus for managing access to resources across a network | |
| US9111086B2 (en) | Secure management of user rights during accessing of external systems | |
| US7324473B2 (en) | Connector gateway | |
| CN113630377B (en) | Single sign-on for hosted mobile devices | |
| US11770372B2 (en) | Unified identity and access management (IAM) control plane for services associated with a hybrid cloud | |
| US11611548B2 (en) | Bulk multifactor authentication enrollment | |
| CN103581143A (en) | User authority authentication method, system, client side and server side | |
| CN114205112B (en) | Cloud MQTT access authority control method | |
| CN105704154B (en) | A kind of service processing method based on RESTful, apparatus and system | |
| Wu et al. | Design and implementation of cloud API access control based on OAuth | |
| CN112291244A (en) | Multi-tenant method for industrial production data real-time processing platform system | |
| JP2007206851A (en) | Authentication linkage system, method and program | |
| CN114448668B (en) | Method and device for realizing cloud platform docking security service | |
| US20220038422A1 (en) | Authentication and firewall enforcement for internet of things (iot) devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200107 |
|
| RJ01 | Rejection of invention patent application after publication |