+

CN118368135A - Authentication login method, device, electronic equipment and computer readable storage medium - Google Patents

Authentication login method, device, electronic equipment and computer readable storage medium Download PDF

Info

Publication number
CN118368135A
CN118368135A CN202410624090.5A CN202410624090A CN118368135A CN 118368135 A CN118368135 A CN 118368135A CN 202410624090 A CN202410624090 A CN 202410624090A CN 118368135 A CN118368135 A CN 118368135A
Authority
CN
China
Prior art keywords
target
user
login
authentication
target user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410624090.5A
Other languages
Chinese (zh)
Inventor
吴竑兴
鲁晓兵
邬青
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Good Diagnosis Shanghai Information Technology Co ltd
Original Assignee
Good Diagnosis Shanghai Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Good Diagnosis Shanghai Information Technology Co ltd filed Critical Good Diagnosis Shanghai Information Technology Co ltd
Priority to CN202410624090.5A priority Critical patent/CN118368135A/en
Publication of CN118368135A publication Critical patent/CN118368135A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides an authentication login method, an authentication login device, electronic equipment and a computer readable storage medium, and relates to the field of network management. The authentication login method is applied to an application system and a first authentication system in a target server; the authentication login method comprises the following steps: judging whether the first authentication system works normally or not based on a user request of a target user requesting to log in a target application system; if the first authentication system is judged to work normally, judging whether the target user logs in any application system according to the user login information of the target user; if the target user is judged not to log in any application system, a target login path is determined based on the user login information, and the target application system is logged in. The authentication login method provided by the embodiment of the application can improve the reliability and stability of user login and solve the login problem of a single user under a scene of multiple authority identities on the premise of ensuring the safety of the user.

Description

Authentication login method, device, electronic equipment and computer readable storage medium
Technical Field
The present application relates to the field of network management, and in particular, to an authentication login method, an authentication login device, an electronic device, and a computer readable storage medium.
Background
In, for example, an enterprise SaaS (Software AS A SERVICE, a Software service model based on cloud computing technology) cloud platform, a user needs to log in from a client to log in to access multiple systems. Typically, a user is required to log into each system one by one to gain access to each system. However, for the user, logging in each system one by one is very tedious, which can greatly waste time of the user, resulting in reduced user experience; at the same time, security risks are also increased.
At present, aiming at the situation that a user needs to log in a plurality of independent application systems of a specific server one by one, a single sign-on method is used for solving the problems of complex user login, time waste of the user and the like. However, the current single sign-on method is too dependent on an authentication system, and has limitation on application scenes; the stability and the safety of the system are at risk, and the user experience is still to be improved.
Disclosure of Invention
An object of an embodiment of the present application is to provide an authentication login method, an apparatus, an electronic device, and a computer readable storage medium, which determine a specific authentication channel of a target user by determining whether a user has logged in an application system when a first authentication system is determined to work normally, and performing corresponding specific authentication on the user when the user has not logged in the application system; after the authentication is passed, a designated access token is issued, and when a subsequent user accesses other application systems in the platform, the designated access token can be carried to realize login authentication of any application system in the platform. Therefore, the reliability and stability of user login are improved, and the login problem of a single user under a scene of multiple authority identities is solved.
In a first aspect, an embodiment of the present application provides an authentication login method, where the authentication login method is applied to an application system and a first authentication system in a target server; the authentication login method comprises the following steps: judging whether the first authentication system works normally or not based on a user request of a target user requesting to log in a target application system; if the first authentication system is judged to work normally, judging whether the target user logs in any application system according to the user login information of the target user; if the target user is judged not to log in any application system, a target login path is determined based on the user login information, and the target application system is logged in.
In the implementation process, the authentication login method provided by the embodiment of the application performs corresponding specific authentication on the user under the condition that the first authentication system is determined to work normally and the user does not log in the application system, and determines a specific authentication channel of the target user; after the authentication is passed, a designated access token is issued, and when a subsequent user accesses other application systems in the platform, the designated access token can be carried to realize login authentication of any application system in the platform. The authentication login method provided by the embodiment of the application can improve the reliability and stability of user login on the premise of ensuring the safety of the user; and as the target users with different identities correspond to different authentication channels, the login problem of a single user under a scene of multiple authority identities is solved.
Optionally, in an embodiment of the present application, the target application system includes a second authentication system; based on a user request of a target user requesting to log in a target application system, judging whether the first authentication system works normally or not, including: judging whether a first authentication system generates a system fault identifier after receiving a user login request; if the first authentication system is judged to generate the system fault identification, the first authentication system is judged to work abnormally; after determining that the first authentication system is abnormal in operation, the authentication login method further includes: and calling a second authentication system to log in the target application system.
In the implementation process, the authentication login method provided by the embodiment of the application judges the working state of the first authentication system, and when the first authentication system is found to be abnormal, the target application system can timely identify and call the second authentication system to carry out identity authentication. According to the authentication login method provided by the embodiment of the application, the target application system is used as a standby authentication login scheme, so that the fault tolerance and usability of a target user in logging in a target application are improved, and the user experience is improved.
Optionally, in an embodiment of the present application, the user login information of the target user includes a history access token, a target user name, and a target user role; judging whether the target user logs in any application system according to the user login information of the target user, comprising: calling an interception and filtration mechanism of the first authentication system according to a user request; based on the interception filtering mechanism, using the history access token to find out whether a target user name corresponding to the history access token and a target user role corresponding to the target user name are stored in a database corresponding to the interception filtering mechanism; and if the target user name corresponding to the history access token and the target user role corresponding to the target user name are stored in the database corresponding to the interception filtering mechanism, the target user is judged to be logged in any application system.
In the implementation process, the authentication login method system provided by the embodiment of the application can rapidly and efficiently judge whether the user has logged in any one of a plurality of application systems, thereby realizing repeated login-free; therefore, the user experience can be improved, and the repeated login operation of the user is reduced.
Optionally, in the embodiment of the present application, an interception filtering mechanism is used to extract and verify the role and the authority of the user; the interception filtering mechanism includes normal user interception filtering, special user interception filtering, and/or administrator interception filtering.
In the implementation process, the authentication login method provided by the embodiment of the application carries out accurate access control on different types of users according to the roles and the authorities of the users, thereby ensuring the safety and the functionality of the system. The common users, the special users, the manager users and the like can respectively access the authorized functions of the common users, the special users and the manager users, so that targeted and differential services can be provided for different user groups, and the flexibility and maintainability of the system are improved.
Optionally, in the embodiment of the present application, the user login information of the target user further includes a target access entry and target user login verification information; determining a target login path based on the user login information, logging in the target application system, including: judging a target user source of the target user according to the target user name and the target access entry; determining a target data connector corresponding to the target login type based on the target user source, the target user name and the target user role; the target data connector compares the target user name and the target user login check information with the user name and the user login check information in the user database; and allowing the target user to log in the target application system under the condition that the target user name and the target user login verification information are consistent in comparison.
In the implementation process, the authentication login method provided by the embodiment of the application uses the Shiro framework and the custom Realm to manage the identity authentication and the authority verification of the user, dynamically selects the corresponding Realm according to the authority type requested by the user, and then performs the user identity authentication and the authority verification through the Realm. Under the condition that the same user has multiple authorities, the first authentication system invokes a corresponding authentication process according to the authorities requested when the current user logs in, so that the login problem of a single user under the condition of multiple authorities is solved, and more convenient access experience is provided for the user.
Optionally, in an embodiment of the present application, after allowing the target user to log on to the target application system, the method further includes: generating a target access token of a target user, and storing the target access token in a database corresponding to the interception and filtration mechanism; wherein the existence of the target access token is valid.
In the implementation process, the authentication login method provided by the embodiment of the application can realize the persistent login and single-point access of the user by generating and managing the target access token, and simultaneously ensures the security of the system and the privacy of the user. The effective time limit of the token can be flexibly set according to actual requirements so as to balance user experience and security.
Optionally, in an embodiment of the present application, the method further includes: if the target user is judged to be logged in any application system, verifying whether a history access token carried by the target user is consistent with the access token stored in the database corresponding to the interception and filtration mechanism of the first authentication system; and if the historical access token carried by the target client is consistent with the access token stored in the database corresponding to the interception and filtration mechanism of the first authentication system, allowing the target client to log in the target application system.
In the implementation process, if the target user logs in any application system, the user identity can be confirmed and whether the user passes authentication can be rapidly judged by verifying the history access token carried by the user, so that the user can access the target application system without logging in again. The user does not need to frequently input passwords or verification codes, and meanwhile, the system can quickly respond to the access request of the user, so that the satisfaction degree of the user is enhanced, and the overall performance and the safety level of the system are improved.
In a second aspect, an embodiment of the present application provides an authentication login apparatus, where the authentication login apparatus is used for an application system and an authentication system in a target server, and the authentication system includes a first authentication system; the authentication login device includes: the system comprises a first authentication system working condition detection module, a history login condition determination module and an authentication login module;
the first authentication system working condition detection module is used for judging whether the first authentication system works normally or not based on a user request of a target user requesting to log in a target application system;
The historical login condition determining module judges whether the target user logs in any application system according to the user login information of the target user under the condition that the first authentication system works normally;
the authentication login module is used for determining a target login path and logging in the target application system based on the user login information under the condition that the target user does not log in any application system.
In a third aspect, an embodiment of the present application provides an electronic device, where the electronic device includes a memory and a processor, where the memory stores program instructions, and when the processor reads and executes the program instructions, the processor executes steps in any implementation manner of the authentication login method.
In a fourth aspect, an embodiment of the present application further provides a computer readable storage medium, where a computer program instruction is stored, where the computer program instruction, when read and executed by a processor, performs the steps in any implementation manner of the authentication login method.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and should not be considered as limiting the scope, and other related drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of an authentication login method according to an embodiment of the present application;
Fig. 2 is a flowchart illustrating a first authentication system according to an embodiment of the present application;
FIG. 3 is a flowchart of a login-free determination according to an embodiment of the present application;
FIG. 4 is a flow chart of a primary login according to an embodiment of the present application;
Fig. 5 is a schematic block diagram of an authentication login device according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the accompanying drawings in the embodiments of the present application. For example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions. In addition, functional modules in the embodiments of the present application may be integrated together to form a single part, or each module may exist alone, or two or more modules may be integrated to form a single part.
In, for example, an enterprise SaaS (Software AS A SERVICE, a Software service model based on cloud computing technology) cloud platform, multiple different systems within an enterprise (e.g., enterprise mailbox, human resources management system, financial management system, etc.), medical information systems of healthcare systems, and electronic case systems, etc., these scenarios typically require login access to multiple systems from a client login.
Typically, a user is required to log into each system one by one to gain access to each system. For example, enterprise employee A would like to log into system a, system b, and system c; then the employee A needs to log in the system a, the system b and the system c respectively, and input verification information such as the three-time account passwords and the like to carry out identity verification. However, the login state duration of each system is inconsistent for the user in such a way, so that the login is inconvenient for a certain user if a plurality of systems are used simultaneously, the user needs to log in for a plurality of times, and the user needs to carry out authentication for a plurality of times to realize the login; in addition, if the user logs in a plurality of systems and needs to log out of the login state, each platform needs to log in, and the user password is stored independently among the plurality of systems, so that the overall safety is affected.
At present, in order to solve the problems of complex operation and higher safety risk of logging in each system one by one, user login modules scattered in a plurality of application systems are extracted to form an independent authentication system. When a user accesses an application system through a browser, an APP or an applet, if the user does not log in the application system yet, the user needs to access an authentication system to perform identity authentication; after authentication passes, the authentication system will issue an authentication code. The client can access a specific application system by carrying the authentication code, and the specific application system can verify the user requesting login according to the authentication code.
The inventor researches and discovers that in the process of extracting login modules of a plurality of application systems to establish one authentication system, the login of all the application systems depends on the authentication system, and if the authentication system is attacked or fails, the login of all the application systems is affected. And the method is not suitable for application scenes in which one user has multiple rights.
Based on the above, the application provides an authentication login method, an authentication login device, an electronic device and a computer readable storage medium. The authentication login method is applied to a plurality of application systems in a server and a first authentication system in the server, and is used for confirming whether a user logs in the application system or not under the condition that the first authentication system is determined to work normally, and carrying out corresponding specific authentication on the user under the condition that the user does not log in the application system, so as to confirm a specific authentication channel of a target user; after the authentication is passed, a designated access token is issued, and when a subsequent user accesses other application systems in the platform, the designated access token can be carried to realize login authentication of any application system in the platform. The authentication login method provided by the embodiment of the application can improve the reliability and stability of user login and solve the login problem of a single user under a scene of multiple authority identities on the premise of ensuring the safety of the user.
Referring to fig. 1, fig. 1 is a flowchart of an authentication login method according to an embodiment of the present application; the present application provides an authentication login method that can be performed by the electronic device of fig. 6.
Before describing the specific content of the authentication login method provided by the application, it should be noted that the authentication login method is applied to a plurality of application systems in a server and a first authentication system in the server, that is, the application system in the server and the first authentication system can be understood as two independent systems, and communication links exist between the two independent systems. In addition, the application system in the server refers to a plurality of systems of the same platform, such as a background management system, a WeChat public number management system, a data acquisition system and the like in the SaaS platform; such as human resources systems, financial systems, etc., in enterprise management systems.
The authentication login method comprises the following steps:
step S100: and judging whether the first authentication system works normally or not based on a user request of the target user requesting to log in the target application system.
In the above step S100, it is determined whether the first authentication system is in a normal operation state according to the user request of the target user requesting to log in the target application system.
The target user sends a user request to the target application system, and judges whether the first authentication system works normally or not according to feedback information obtained by the user request.
Regarding whether the first authentication system operates normally, the normal operation referred to in the embodiment of the present application includes: normal system network connection, whether service is started, whether the authentication flow is correct, and the like.
Step S200: if the first authentication system is judged to work normally, judging whether the target user logs in the application system according to the user login information of the target user.
In the above step S200, if the first authentication system is in the normal operation state, it is determined whether the target user has logged in to the target application system or other application systems (at least one of the application systems) other than the target application system based on the user login information of the target user.
Judging whether the target user logs in the application system or not, wherein two possible situations exist, one is that the target user never logs in any application system in the platform; another situation is that the target user has logged on to one or several application systems in the platform, but the validity period of the login information of the target user has expired. Both of these cases will be determined as the target user is not logged into the application system.
Step S300: if the target user is judged not to log in any application system, a target login path is determined based on the user login information, and the target application system is logged in.
In the above step S300, if it is determined that the target user does not log in all the application systems, the target login path of the target user is determined based on the user login information, and the target application system requested to be logged in by the initial user is logged in through the corresponding target login path.
Illustratively, assume that a platform includes a system a, b, and c; if the target user sends a user request to the a system, the a system requests the first authentication system to carry out identity authentication on the target user; if the first authentication system has a fault, the first authentication system can feed back the user request after receiving the user request; further, the fault type of the first authentication system is judged according to user feedback. If the first authentication system has no fault, judging whether the target user has logged in one of the a system, the b system and the c system according to the user login information, such as logging in any one or more of the a system, the b system and the c system; if the target user never logs in any one of the a system, the b system and the c system, the target login path of the target user needs to be determined according to the user login information of the target user, so that the login of the target application system is realized.
As can be seen from fig. 1, in the authentication login method provided by the embodiment of the present application, when it is determined that the first authentication system works normally and the user does not login the application system, corresponding specific authentication is performed on the user, and a specific authentication channel of the target user is determined; after the authentication is passed, a designated access token is issued, and when a subsequent user accesses other application systems in the platform, the designated access token can be carried to realize login authentication of any application system in the platform. The authentication login method provided by the embodiment of the application can improve the reliability and stability of user login on the premise of ensuring the safety of the user; and as the target users with different identities correspond to different authentication channels, the login problem of a single user under a scene of multiple authority identities is solved.
Referring to fig. 2, fig. 2 is a flowchart illustrating a first authentication system operating state determination according to an embodiment of the present application; the step S100 is implemented by determining whether the first authentication system works normally based on the user request of the target user requesting to log in the target application system, and the steps are as follows:
Step S110: and judging whether the first authentication system generates a system fault identifier after receiving the user login request.
Step S120: and if the first authentication system is judged to generate the system fault identification, judging that the first authentication system works abnormally.
In the step S110 and the step S120, to determine whether the operation state of the first authentication system is normal, it is necessary to generate corresponding abnormal feedback information, such as the system fault identifier, according to whether the first authentication system generates the corresponding abnormal feedback information after receiving the user login request.
The system fault identification comprises an abnormal type code sent to a target application system after a first authentication system receives a user login request, wherein the working state of the first authentication system is abnormal; the system fault identifier also comprises an abnormal identifier which is output after the first authentication system receives the user login request, and the identifier indicates that the working state of the first authentication system is abnormal.
The first authentication system receives a user login request, and then the first authentication system is abnormal in working state and sends an abnormal type code to the target application system.
Setting a plurality of error codes for checking whether the working state of the first authentication system is normal or not when the first authentication system is configured; when the target user accesses the target application system through the client, the target application system requests the first authentication system to complete the identity authentication of the target user. If the first authentication system fails, the abnormality type code is returned after receiving the user login request. The set plurality of error codes for checking whether the working state of the first authentication system is normal at least comprise: network connection errors (Network Connection Error), service non-enablement errors (Service Not Active Error), authentication flow errors (Authentication Process Error). Wherein Network Connection Error indicates that the first authentication system cannot connect to the related network, possibly due to network failure, DNS resolution problem, or firewall setting, etc. (this problem may be thrown by any system requiring network connection); service Not Active Error indicates that the service port of the first authentication system is not started or occupied by other services, so that the target application system cannot communicate and authenticate with the service port; authentication Process Error indicates that the first authentication system may have an error in performing the authentication process, which may be caused by a code logic error, a configuration problem, or an abnormality of the third party library, so that the authentication process may not be completed normally.
In addition to the network connection errors, service non-enablement errors, authentication flow errors described above, include Timeout errors (Timeout errors), invalid response errors (Invalid Response Error), security errors (Security errors), and the like.
When the abnormal type codes are configured, firstly, defining the abnormal types in a first authentication system, wherein each abnormal type represents a specific abnormal fault condition; and when the target application system receives the abnormal type code, corresponding processing measures are taken according to the abnormal code, such as error information display, log recording, retry or appropriate error prompt return to a user. Optionally, in the target application system, the abnormal type code is mapped to corresponding error prompt information or operation, so that different types of abnormal situations can be accurately identified and processed in the user login process.
It should be noted that, the above-mentioned abnormal feedback information includes error analysis, solution proposal, and the like, in addition to the system fault identification. Illustratively, a dataset of historical anomaly feedback information is collected and consolidated, including anomaly category codes, error analysis, solution suggestions, and the like. After preprocessing the collected abnormal feedback data set, a proper deep learning architecture such as a Recurrent Neural Network (RNN), a long-short-term memory network (LSTM), a Transformer, etc. can be selected, and the collected abnormal feedback information can be marked and classified into different categories such as abnormal category codes, error analysis, solution suggestions, etc. And then training the deep learning model by using the marked data set, and adjusting model parameters to improve the performance. Further, the trained deep learning model is deployed into an actual system and used for automatically analyzing abnormal feedback information and providing a solution or suggestion, so that the processing efficiency and accuracy can be improved, and the labor and time cost can be saved.
In an alternative embodiment, the target application system further includes a second authentication system, where the second authentication system is an authentication system of the target application system itself, and may be a part of an authentication login module in the target application system, unlike the first authentication system, and the second authentication system is only specific to the corresponding target application system; that is, for a plurality of application systems in the server in the present application, each application system has a respective second authentication system. In general, the authentication information of the second authentication system corresponding to each application system is independently managed, and there is a difference.
After determining that the first authentication system is abnormal in operation, the authentication login method further includes: and calling a second authentication system to log in the target application system.
That is, after receiving the user login request, the target application system first detects whether the working state of the first authentication system is normal. If the first authentication system is found to be abnormal, the logic for calling the second authentication system can be triggered, and the login interface or the identity authentication service of the second authentication system is called for authentication login. And the second authentication system verifies the received user identity information and returns an authentication result to the target application system.
Therefore, the authentication login method provided by the embodiment of the application judges the working state of the first authentication system, and when the first authentication system is found to be abnormal, the target application system can timely identify and call the second authentication system to perform identity authentication. According to the authentication login method provided by the embodiment of the application, the target application system is used as a standby authentication login scheme, so that the fault tolerance and usability of a target user in logging in a target application are improved, and the user experience is improved.
Referring to fig. 3, fig. 3 is a flowchart of a login-free determination method according to an embodiment of the application.
In an optional implementation manner of the embodiment of the present application, the user login information of the target user in the above process includes a target user name and a target user role, and if the history access token is not included, the target user is directly judged to never log in any application system in the platform.
In an alternative implementation of the embodiment of the present application, the user login information of the target user in the above process includes a history access token, a target user name, and a target user role. The step S200 is implemented by determining whether the target user has logged in any application system according to the user login information of the target user, and the steps are as follows:
Step S210: and calling an interception and filtration mechanism of the first authentication system according to the user request.
In the above step S210, the target application system invokes an interception filtering mechanism of the first authentication system, such as an interceptor, a filter. The interception filtering mechanism intercepts a user's request and performs preprocessing, such as identity authentication, rights verification, etc., before the user accesses the application system.
Step S220: based on the interception filtering mechanism, the history access token is used for searching whether a target user name corresponding to the history access token and a target user role corresponding to the target user name are stored in a database corresponding to the interception filtering mechanism.
In the above step S220, the target application system uses the history access token in the user request to find out whether the target user name and role information corresponding to the token have been stored in the corresponding database.
Specifically, a historical access token carried in a user request is used for inquiring in a database to find out whether a record corresponding to the historical access token exists. In the database, there is typically a table storing the login information of the user, including fields for the user name, role, and access token. Illustratively, it is assumed that the database table name is ser_login_info, which contains login information of the user, including fields such as a user name, a role, and an access token. Queries may be made using SQL statements that will look up a record in the user_login_info table of the access token field (assuming access_token) equal to the history access token in the user request. If a matched record exists, detailed information of the record is returned, wherein the detailed information comprises fields such as a user name, a role and the like; if there is no matching record, no result is returned.
If the user name can be inquired and the user role is consistent with the user designated identity in the login, directly judging that the user is logged in; if the corresponding user name cannot be queried or the login identity is inconsistent with the user role, judging that the user is not logged in.
If a record corresponding to the historical access token is found, it indicates that the user has logged into the system and access can continue. Otherwise, if no corresponding record is found, the user is not logged in the system, and authentication is needed.
Step S230: and if the target user name corresponding to the history access token and the target user role corresponding to the target user name are stored in the database corresponding to the interception filtering mechanism, the target user is judged to be logged in the target application system.
In the above step S230, if the target user name and role information corresponding to the history access token exist in the database, it is determined that the target user has logged into the application system, and the access to the target application system may be continued. Otherwise, if the corresponding information cannot be found, the target user is required to be authenticated because the target user is not logged in any application system.
It should be noted that the access token may be an encrypted string containing the user identity information and other necessary information, and typically includes a header, a payload, a signature, and the like. Taking the access Token as an example, using JSON Web Token (JWT) format, it comprises three parts: header, payload, and signature.
Header (header): metadata information of the token is included, such as algorithm (alg) and token type (yp).
Payload (payload): including the actual user identity information and other necessary information. In the embodiment of the application, the payload comprises a user name (username) and a role (role), and the expiration time (exp) and the issuing time (iat) of the token and the like. This information is encoded in JSON format and Base64 encoded.
Signature (signature): for verifying the integrity and origin of the token. In embodiments of the present application, the signature may be generated by encrypting the header and payload using a private key.
When the user is judged to have logged in a certain system, the first authentication system analyzes the historical access token, verifies the validity of the signature and reads the user identity information in the historical access token. By comparing whether the user name and role information in the token are consistent with the records in the database, whether the user has logged into the system can be confirmed. If there is a matching record and the token has not expired, the login user may be prevented from entering the system directly.
For example, suppose user A has logged in to any one of a plurality of application systems and has generated a history access token at login, user A now accesses the system again, carrying the history access token. The first authentication system acquires the token through an interception and filtration mechanism, searches in a database, and discovers that the user name corresponding to the token is A and the role is a common user. Therefore, the user A is judged to be logged in the system, and the login-free access can be directly performed.
As can be seen from fig. 3, the authentication login method system provided by the embodiment of the present application can quickly and efficiently determine whether a user has logged in any one of a plurality of application systems, thereby implementing a login-free operation; therefore, the user experience can be improved, and the repeated login operation of the user is reduced.
In an alternative embodiment, the interception filtering mechanism in step S220 is used to extract and verify the user roles and permissions.
The interception filtering mechanism comprises a common user interception filtering, a special user interception filtering, an administrator interception filtering and the like.
For the general user, the special user (common VIP user, SVIP user, etc.) and the administrative user, in the filter or interceptor, whether the user is the general user, the special user and the administrative user is judged by acquiring login information of the user, such as a user name, a role, etc. If the user is the corresponding user, releasing the request; otherwise, access is denied or other processing is performed.
Illustratively, in an Apache Shiro-based Java application, the filter of the information presentation function is configured as authc in Shiro, the filter that is only open to special users is configured as role, and the filter that modifies the background property function is configured as permas.
In Java applications, apache Shiro is generally integrated into the architecture of the application as a security framework for handling security related functions such as user identity authentication and rights control.
Authc (identity authentication filter) for authenticating a user, ensuring that the user has passed authentication when accessing a protected resource. If the user does not log in or the login is invalid, the login page is jumped to for login operation. role (role authorization filter) is used to check whether a user has a specified role. If the user does not have the designated role, access to the protected resource will be denied. permas (rights authorization filter) is used to check whether a user has a specified right. If the user does not have the specified rights, access to the protected resource will be denied. So that different filters can be configured and used to control access to the protected resources according to different requirements.
That is, by using different filters, different levels of rights control for the protected resource may be achieved, providing more flexibility and finer rights management. authc filters ensure that the user has logged in, and role and permas filters are used to ensure that the user has the designated roles and rights, thereby ensuring security of access. On the other hand, the filter mechanism based on Apache Shiro can realize various authority control functions through simple configuration, thereby simplifying the development process and improving the development efficiency.
Therefore, the authentication login method provided by the embodiment of the application can accurately control the access of different types of users according to the roles and the authorities of the users, and ensures the safety and the functionality of the system. The common users, the special users, the manager users and the like can respectively access the authorized functions of the common users, the special users and the manager users, so that targeted and differential services can be provided for different user groups, and the flexibility and maintainability of the system are improved.
Referring to fig. 4, fig. 4 is a flowchart of a first login according to an embodiment of the present application; in an optional implementation manner of the embodiment of the present application, the user login information of the target user further includes a target access entry and target user login verification information.
Wherein the target accesses an entry, such as an entry point or web site of a system, platform or application used by the user when logging in. The target user logs in to verification information such as user passwords, verification codes, and the like.
In the step S300, a target login path is determined based on the user login information, and the login to the target application system may be achieved by the following steps:
step S310: and judging the source of the target user according to the target user name and the target access entry.
In the above step S310, the first authentication system determines the source of the target user according to the target user name and the target access portal provided by the user. Therefore, a system, a platform or an application program to which the user belongs can be determined, and differentiated services can be provided for the user after the channel corresponding to the target user is identified.
Step S320: and determining the target data connector corresponding to the target login type based on the target user source, the target user name and the target user role.
In the step S320, the first authentication system determines the target data connector corresponding to the target login type according to the source of the target user, the target user name and the target user role. It should be noted that the data connector generally corresponds to Realm in Shiro, and is used to obtain user information from a user database and perform verification.
Step S330: the target data connector compares the target user name and the target user login check information with the user name and the user login check information in the user database.
In step S330, the target data connector (Realm) compares the target user name and the target user login check information with the corresponding information in the user database. Illustratively, the corresponding Realm is selected according to the identity type of the user, and login information provided by the user is compared, so that the legitimacy of the identity of the user is ensured.
For example, corresponding custom Realm is implemented in Shiro for different user identity rights types. For general guests Visitor Realm, for paying users, for members, VIP Realm, for system supervisors, super ADMIN REALM, for system administrators, ADMIN REALM.
For Visitor Realm (general visitor), the Realm is used for authenticating an unregistered user or general visitor, and complex authentication is not required, and only whether the user exists or not is required to be authenticated. I.e. to verify if the user is present in the system, and if so, to allow access, otherwise to deny access.
For Customer Realm, which is used for authentication and rights control of paid users, it is often necessary to verify the user's payment status and specific rights. I.e. to verify the identity and payment status of the user while checking whether the user has a specific right.
For VIPRealm (membership), the Realm is used for authentication and rights control of member users, and it is generally necessary to authenticate the user's membership grade and special membership rights. I.e. to verify the identity and membership grade of the user, while checking if the user has a specific right for membership.
For SuperAdminRealm (System super Administrator), the Realm is used to authenticate and control rights for System super Administrator, typically having the highest level of rights in the system.
For ADMINREALM (system administrator), the Realm is used to authenticate and control the rights of the system administrator, and typically has the next highest level of rights in the system.
Verification and authorization of different user identity authority types are realized through different Realm, personalized security authentication and access control can be provided according to the identity and authority requirements of the user, and therefore the security of the system and the use experience of the user are effectively ensured.
Step S340: and allowing the target user to log in the target application system under the condition that the target user name and the target user login verification information are consistent in comparison.
In step S340, if the target user name and the target user login check information are aligned to be identical, the first authentication system allows the target user to login to the target application system. I.e. the authentication information provided by the target user is verified by the first authentication system, the user can access the target application system.
As can be seen from fig. 4, the authentication login method provided by the embodiment of the present application uses Shiro framework and custom Realm to manage user identity authentication and authority verification, dynamically selects corresponding Realm according to the authority type requested by the user, and then performs user identity authentication and authority verification through the Realm. Under the condition that the same user has multiple authorities, the first authentication system invokes a corresponding authentication process according to the authorities requested when the current user logs in, so that the login problem of a single user under the condition of multiple authorities is solved, and more convenient access experience is provided for the user.
In an alternative embodiment, after allowing the target user to log into the target application system, the method further comprises:
and generating a target access token of the target user, and storing the target access token in a database corresponding to the interception and filtration mechanism. The target access token in embodiments of the present application may be a randomly generated string or other form of unique identifier that is used to identify and verify the identity of the user during subsequent accesses.
It should be noted in particular that there is a valid time limit for the existence of the target access token. Illustratively, the effective duration may be set to 30 minutes, 15 minutes, etc. Upon expiration of the token, the target access token will be deleted or set to an invalid state. If the target user wants to log in to an application system again after the target access token is invalid, the target user needs to be authenticated again through the first authentication system.
For example, security-critical operations, such as sensitive operations by the user or scenarios involving account funds transactions, are used. These operations require timely authentication and authorization to ensure the security of the operation. Such as account transfers, modifying important personal information, etc., where the validity period of the access token is short.
For general user login and normal operation, the user experience can be improved and frequent login operation can be reduced by keeping a certain validity period under the condition that the user does not frequently operate. Such as normal website login, browsing content, and moderate validity period of access tokens in such situations.
Illustratively, it is applicable to a scenario in which a user keeps a login state for a long time, such as remembering a login state function. In this case, the validity period of the token can be set longer, so that frequent login operations of the user can be reduced, and convenience of the user can be improved.
The shorter validity period is usually set to be several minutes to several hours, so as to ensure the safety, and the higher the safety requirement is, the shorter the time is. The moderate validity period is usually set to a few hours to a few days, and is suitable for general user login and normal operation, so that user experience is improved, and frequent login operation is reduced. The longer validity period is usually set to a few days to a few months, and is suitable for a scenario in which a user keeps a login state for a long time, such as remembering a login state function.
Therefore, the authentication login method provided by the embodiment of the application can realize the persistent login and single-point access of the user by generating and managing the target access token, and simultaneously ensures the security of the system and the privacy of the user. The effective time limit of the token can be flexibly set according to actual requirements so as to balance user experience and security.
In an optional implementation manner of the embodiment of the present application, if it is determined that the target user has logged in to any application system, it is verified whether the historical access token carried by the target client is consistent with the access token stored in the database corresponding to the interception filtering mechanism of the first authentication system.
And if the historical access token carried by the target client is consistent with the access token stored in the database corresponding to the interception and filtration mechanism of the first authentication system, allowing the target client to log in the target application system.
Illustratively, a record corresponding to a historical access token carried by the target client is first retrieved from a database. The record retrieved from the database will contain a number of parameters including at least the access Token (Token) and the user identity information, and the computer will compare the historical access Token carried by the target client with the access tokens retrieved from the database to determine if they are consistent. The specific judging mode comprises the following steps:
token matching: it is checked whether the token carried by the target client is consistent with the tokens stored in the database.
User authentication: checking whether the user identity information stored in the database is consistent with the identity information provided by the target user.
If the historical access token carried by the target client is consistent with the access token stored in the database and the corresponding user identity information also matches, the first authentication system will allow the target user to log into the target application first authentication system. If there is a mismatch in either of the parameters, the first authentication system will reject the target user from logging in or require the target user to re-authenticate.
That is, if the first authentication system determines that the target user has logged into any one of the application systems, the first authentication system verifies whether the historical access token carried by the target user is consistent with the access token stored in the database corresponding to the interception filtering mechanism of the first authentication system. And if the historical access token carried by the target user is found to be consistent with the access token stored in the database through verification, allowing the target user to log in the target application system. That is, the identity of the target user is confirmed, and the user is authenticated and can enter the target application system without re-login.
Therefore, if the target user logs in any application system, the user identity can be confirmed by verifying the historical access token carried by the user, and whether the user passes authentication can be rapidly judged, so that the user can be allowed to access the target application system without logging in again. The user does not need to frequently input passwords or verification codes, and meanwhile, the system can quickly respond to the access request of the user, so that the satisfaction degree of the user is enhanced, and the overall performance and the safety level of the system are improved.
In an alternative embodiment, the user password and the access token involved in the embodiment of the application need to be transmitted in an encrypted manner. The user password or the access token can be converted into a section of ciphertext with fixed length through MD5 encryption; the MD5 encrypted user password or access token may still be at risk of tampering, so the MD5 encrypted user password or access token is further encrypted using the RSA encryption algorithm. It should be noted that RSA is an asymmetric encryption algorithm, and uses a mechanism of public key encryption and private key decryption to provide a higher level of data protection.
The encrypted user password or the access token can be stored in a database of the authentication system or can be transmitted to the system needing identity authentication in the network. Whether stored or transmitted, the user password or access token is in the form of ciphertext, and only the system with the decryption private key can decrypt and obtain the information therein.
When other systems receive the encrypted user password or access token, the encrypted user password or access token of the MD5 is firstly decrypted by using the corresponding RSA private key. And then, the same MD5 algorithm is used for recalculating the hash value of the user password or the access token, and the hash value is compared with the decrypted MD5 encryption result to verify the integrity and the authenticity of the user password or the access token.
Therefore, the invention can effectively improve the security of the system, prevent the user password or the access token from being tampered or stolen, and ensure the security of the user identity and data. Meanwhile, the encryption mode combining MD5 and RSA is adopted, so that confidentiality and integrity of data are guaranteed, the anti-attack capability of the system is improved, and more reliable protection is provided for users and the system.
Referring to fig. 5, fig. 5 is a schematic block diagram of an authentication login device according to an embodiment of the present application; the application also provides an authentication login device which is used for an application system and an authentication system in the target server, wherein the authentication system comprises a first authentication system.
The authentication login apparatus 100 includes: a first authentication system operating condition detection module 110, a historical login condition determination module 120, and an authentication login module 130.
The first authentication system working condition detection module 110 is configured to determine whether the first authentication system works normally based on a user request that the target user requests to log in to the target application system.
The historical login condition determining module 120 determines whether the target user has logged into any application system according to the user login information of the target user under the condition that the first authentication system is operating normally.
The authentication login module 130 is configured to determine a target login path based on user login information and login to a target application system when the target user does not login to any application system.
In an alternative embodiment, wherein the target application system comprises a second authentication system; in the process of judging whether the first authentication system works normally based on the user request of the target user requesting to log in the target application system, the first authentication system working condition detection module 110 is used for judging whether the first authentication system generates a system fault identifier after receiving the user login request; if the first authentication system is judged to generate the system fault identification, the first authentication system is judged to work abnormally; after determining that the first authentication system is abnormal in operation, the authentication login method further includes: and calling a second authentication system to log in the target application system.
In an alternative embodiment, wherein the user login information of the target user includes a historical access token, a target user name, and a target user role;
in determining whether the target user has logged into any application system according to the user login information of the target user, the historical login condition determining module 120 is configured to: calling an interception and filtration mechanism of the first authentication system according to a user request; based on the interception filtering mechanism, using the history access token to find out whether a target user name corresponding to the history access token and a target user role corresponding to the target user name are stored in a database corresponding to the interception filtering mechanism; and if the target user name corresponding to the history access token and the target user role corresponding to the target user name are stored in the database corresponding to the interception filtering mechanism, the target user is judged to be logged in any application system.
In an alternative embodiment, the interception and filtering mechanism is used to extract and verify user roles and permissions; the interception filtering mechanism includes normal user interception filtering, special user interception filtering, and/or administrator interception filtering.
In an alternative embodiment, the user login information of the target user further includes a target access entry and target user login verification information. In the process of determining the target login path and logging in the target application system based on the user login information, the authentication login module 130 is specifically configured to: judging a target user source of the target user according to the target user name and the target access entry; determining a target data connector corresponding to the target login type based on the target user source, the target user name and the target user role; the target data connector compares the target user name and the target user login check information with the user name and the user login check information in the user database; and allowing the target user to log in the target application system under the condition that the target user name and the target user login verification information are consistent in comparison.
In an optional embodiment, after allowing the target user to log in the target application system, the authentication login device 100 is further configured to generate a target access token of the target user, and store the target access token in a database corresponding to the interception filtering mechanism; wherein the existence of the target access token is valid.
In an optional embodiment, the authentication login device 100 is further configured to verify whether a history access token carried by the target client is consistent with an access token stored in a database corresponding to an interception filtering mechanism of the first authentication system if it is determined that the target user has logged into any application system; and if the historical access token carried by the target client is consistent with the access token stored in the database corresponding to the interception and filtration mechanism of the first authentication system, allowing the target client to log in the target application system.
Referring to fig. 6, fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application. An electronic device 200 provided in an embodiment of the present application includes: a processor 201 and a memory 202, the memory 202 storing machine-readable instructions executable by the processor 201, which when executed by the processor 201 perform the method as described above.
Based on the same inventive concept, the embodiments of the present application further provide a computer readable storage medium, where a computer program instruction is stored, and when the computer program instruction is read and executed by a processor, the steps in any implementation manner of the authentication login method are executed.
The computer readable storage medium may be random access Memory (Random Access Memory, RAM), read Only Memory (ROM), programmable Read Only Memory (Programmable Read-Only Memory, PROM), erasable programmable Read Only Memory (Erasable Programmable Read-Only Memory, EPROM), electrically erasable programmable Read Only Memory (Electric Erasable Programmable Read-Only Memory, EEPROM), or the like, which may store the program code.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. The above-described apparatus embodiments are merely illustrative, for example, the division of the units is merely a logical function division, and there may be other manners of division in actual implementation, and for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some communication interface, device or unit indirect coupling or communication connection, which may be in electrical, mechanical or other form.
Furthermore, functional modules in various embodiments of the present application may be integrated together to form a single portion, or each module may exist alone, or two or more modules may be integrated to form a single portion.
Alternatively, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, produces a flow or function in accordance with embodiments of the present invention, in whole or in part.
The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another, for example, by wired (e.g., coaxial cable, optical fiber, digital Subscriber Line (DSL)), or wireless (e.g., infrared, wireless, microwave, etc.).
In this document, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and variations will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the protection scope of the present application.

Claims (9)

1. An authentication login method is characterized in that the authentication login method is applied to an application system and a first authentication system in a target server; the authentication login method comprises the following steps:
judging whether the first authentication system works normally or not based on a user request of a target user requesting to log in a target application system;
If the first authentication system is judged to work normally, judging whether the target user logs in any application system according to the user login information of the target user; the user login information of the target user comprises a target user name, a target access entry, target user login verification information and a target user role;
if the target user is judged not to log in any application system, determining a target login path based on the user login information, and logging in the target application system;
Determining a target login path based on the user login information, and logging in the target application system, wherein the method comprises the following steps: judging a target user source of the target user according to the target user name and the target access entry; determining a target data connector corresponding to a target login type based on the target user source, the target user name and the target user role; the target data connector compares the target user name and the target user login check information with the user name and the user login check information in a user database; and allowing the target user to log in the target application system under the condition that the target user name and the target user login verification information are consistent in comparison.
2. The method of claim 1, wherein the target application system comprises a second authentication system;
The determining whether the first authentication system works normally based on the user request of the target user requesting to log in the target application system includes:
judging whether the first authentication system generates a system fault identifier after receiving the user login request;
if the first authentication system is judged to generate the system fault identification, judging that the first authentication system works abnormally;
After determining that the first authentication system is abnormal in operation, the authentication login method further includes: and calling the second authentication system to log in the target application system.
3. The method of claim 1, wherein the user login information of the target user further comprises a historical access token;
The step of judging whether the target user is logged in any application system according to the user login information of the target user comprises the following steps:
calling an interception and filtration mechanism of the first authentication system according to the user request;
Based on the interception filtering mechanism, searching whether a target user name corresponding to the historical access token and a target user role corresponding to the target user name are stored in a database corresponding to the interception filtering mechanism by using the historical access token;
And if the fact that the target user name corresponding to the historical access token and the target user role corresponding to the target user name are stored in the database corresponding to the interception filtering mechanism is judged, the fact that the target user logs in any application system is judged.
4. A method according to claim 3, wherein the interception filtering mechanism is used to extract and verify user roles and permissions; the interception filtering mechanism comprises a common user interception filtering, a special user interception filtering and/or an administrator interception filtering.
5. The method of claim 4, wherein after said allowing the target user to log onto the target application system, the method further comprises:
Generating a target access token of the target user, and storing the target access token in a database corresponding to the interception and filtration mechanism; wherein the existence of the target access token is valid.
6. The method according to claim 1, wherein the method further comprises:
If the target user is judged to be logged in any application system, verifying whether a history access token carried by the target client is consistent with an access token stored in a database corresponding to an interception and filtration mechanism of the first authentication system;
And if the historical access token carried by the target client is consistent with the access token stored in the database corresponding to the interception and filtration mechanism of the first authentication system, allowing the target user to log in the target application system.
7. An authentication login device, wherein the authentication login device is used for an application system and an authentication system in a target server, and the authentication system comprises a first authentication system; the authentication login device includes: the system comprises a first authentication system working condition detection module, a history login condition determination module and an authentication login module;
the first authentication system working condition detection module is used for judging whether the first authentication system works normally or not based on a user request of a target user requesting to log in a target application system;
The historical login condition determining module judges whether the target user is logged in any application system according to the user login information of the target user under the condition that the first authentication system works normally; the user login information of the target user comprises a target user name, a target access entry, target user login verification information and a target user role;
the authentication login module is used for determining a target login path based on the user login information and logging in the target application system under the condition that the target user does not log in any application system;
The authentication login module is specifically configured to, in the process of determining a target login path based on the user login information and logging in the target application system: judging a target user source of the target user according to the target user name and the target access entry; determining a target data connector corresponding to a target login type based on the target user source, the target user name and the target user role; the target data connector compares the target user name and the target user login check information with the user name and the user login check information in a user database; and allowing the target user to log in the target application system under the condition that the target user name and the target user login verification information are consistent in comparison.
8. An electronic device comprising a memory and a processor, the memory having stored therein program instructions which, when executed by the processor, perform the steps of the method of any of claims 1-6.
9. A computer readable storage medium, characterized in that the computer readable storage medium has stored therein computer program instructions which, when executed by a processor, perform the steps of the method according to any of claims 1-6.
CN202410624090.5A 2024-05-20 2024-05-20 Authentication login method, device, electronic equipment and computer readable storage medium Pending CN118368135A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410624090.5A CN118368135A (en) 2024-05-20 2024-05-20 Authentication login method, device, electronic equipment and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410624090.5A CN118368135A (en) 2024-05-20 2024-05-20 Authentication login method, device, electronic equipment and computer readable storage medium

Publications (1)

Publication Number Publication Date
CN118368135A true CN118368135A (en) 2024-07-19

Family

ID=91876861

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410624090.5A Pending CN118368135A (en) 2024-05-20 2024-05-20 Authentication login method, device, electronic equipment and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN118368135A (en)

Similar Documents

Publication Publication Date Title
JP2686218B2 (en) Alias detection method on computer system, distributed computer system and method of operating the same, and distributed computer system performing alias detection
US10608816B2 (en) Authentication system for enhancing network security
US9166966B2 (en) Apparatus and method for handling transaction tokens
US8572689B2 (en) Apparatus and method for making access decision using exceptions
US8572686B2 (en) Method and apparatus for object transaction session validation
US8726339B2 (en) Method and apparatus for emergency session validation
US8752124B2 (en) Apparatus and method for performing real-time authentication using subject token combinations
US8806602B2 (en) Apparatus and method for performing end-to-end encryption
US8752157B2 (en) Method and apparatus for third party session validation
JP2004185623A (en) Method and system for authenticating user associated with sub-location in network location
JP7554197B2 (en) One-click login procedure
US20130047204A1 (en) Apparatus and Method for Determining Resource Trust Levels
US8572690B2 (en) Apparatus and method for performing session validation to access confidential resources
US8572724B2 (en) Method and apparatus for network session validation
KR20060032888A (en) Identity information management device through internet and service providing method using same
CN119155129B (en) Method and system for rapidly authenticating multiple services in coal mine
US11736481B2 (en) Friction-less identity proofing during employee self-service registration
US8584202B2 (en) Apparatus and method for determining environment integrity levels
CN115695023A (en) A Remote Terminal Service Container Access System
EP3407241B1 (en) User authentication and authorization system for a mobile application
US9159065B2 (en) Method and apparatus for object security session validation
US8726340B2 (en) Apparatus and method for expert decisioning
US8584201B2 (en) Method and apparatus for session validation to access from uncontrolled devices
US8572688B2 (en) Method and apparatus for session validation to access third party resources
CN118368135A (en) Authentication login method, device, electronic equipment and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载