A kind of self-adapted service system single-sign-on accessory system and single-point logging methodTechnical field
The present invention relates to Single Sign-On Technology Used, more particularly, to a kind of self-adapted service system single-sign-on accessory system andSingle-point logging method.
Background technology
Single-sign-on SSO (Single Sign-On) is a kind of unified certification and licensing scheme, refers to and accesses same serverThe same user of locked resource in different application, it is only necessary to log in once, i.e., by the safety verification in an application after,When visiting again the locked resource in other application, it is no longer necessary to login authentication again.SSO, which solves user, only needs login oneSecondary can accesses the application system of all mutual trusts, and does not have to repeat logon.
Along with the rapid development of internet, enterprise has introduced multiple information systems to promote informatization.It is eachApplication system has oneself independent authentication system, and with being continuously increased for application system, one side enterprise staff is accessing industryDuring business system, it has to remember substantial amounts of account password, and these passwords are easily forgotten or revealed again, are enterprise's bandCarry out security risk or even bring loss;On the other hand, the issue approach of company information is on the increase, but is a lack of to these informationThe platform of overview display is carried out, can also reduce the efficiency of enterprise.
In order to meet the requirements for access of the ever-increasing operation system of enterprise, the account management work of employee is reduced, is avoidedRepetition logs in, and the single-sign-on requirement realized the multiple systems of an account while logged in, the IT solutions of most of enterprise are allContain single-sign-on SSO mechanism.
Existing single-point logging method is:When user accesses application system 1 for the first time, because being also not logged on,It can be directed into Verification System and be logged in;The log-on message provided according to user, Verification System carry out proof of identity, ifPass through verification, it should return to the authority of one certification of user -- ticket;User will when visiting again other applicationThis ticket is taken, as the authority of oneself certification, ticket can be sent to certification by application system after receiving requestSystem is verified, and checks ticket legitimacy.If by verification, user's can is in the case of without logging onAccess application system 2 and application system 3.
SSO is realized, it is necessary to following main function:
System is shared:Unified Verification System is one of SSO premise.The major function of Verification System is stepping on userRecord information is compared with user information database, and login authentication is carried out to user;After certification success, Verification System should generate unifiedAuthentication marks (ticket), return to user.In addition, Verification System should also verify to ticket, its validity is judged.
Information identifies:SSO function is realized, allows user only to log in once, just application system must be allowed to identifyThrough logged user.Application system should be able to be identified and extract to ticket, can be certainly by the communication with Verification SystemIt is dynamic to judge whether active user is logged, so as to complete the function of single-sign-on.
In addition:(1) single User Information Database it is not necessary to, there are many systems to believe all userBreath is all centrally stored, it should be allowed user profile is placed in different storages, as long as in fact, Centralized Authentication System, unifiedTicket generation and verification, no matter user profile storage somewhere, can realize single-sign-on.(2) unified certificationSystem is not to say that only single certificate server:When user is accessing application system 1, entered by first certificate serverAfter row certification, ticket caused by thus server is obtained.When he accesses application system 2, certificate server 2 can be knownThis other ticket be as caused by first server, by the communications protocol (such as SAML) of standard between certificate server comeExchange authentication information, remain able to complete SSO function.
Enterprise is fitted to it if necessary to realize SSO effects in existing system, it is necessary to transform existing systemIn SSO Verification System.Also, the premise of transformation is that enterprise still also possesses system control (developer's still offer supportService, or the systematic source code of enterprise can realize transformation), but in a practical situation, enterprise is possible to because a variety of causes,Lose to both systematic controls, so that the system that this part loses control can not be integrated into SSO solutions.
The content of the invention
It is an object of the present invention to overcome the above-mentioned drawbacks of the prior art and provide a kind of self-adapted service systemSingle-sign-on accessory system of uniting and single-point logging method.
The purpose of the present invention can be achieved through the following technical solutions:
A kind of self-adapted service system single-sign-on accessory system, the single-sign-on accessory system are used to realize operation systemSingle-sign-on, described single-sign-on accessory system includes:
Log-on message memory module:The module storage service system login information;
Single-sign-on injection code generation memory module:The module is used to generate steps on for the single-point of operation system automated log onRecord injection code simultaneously stores;
Single-sign-on injects code load and execution module:In registering service system, single-sign-on injection code load and execution mouldBlock obtains single-sign-on injection code, and obtains log-on message from log-on message memory module and complete to log in.
The log-on message of log-on message memory module storage includes login username and login password.
Described single-sign-on injection code generation memory module includes:
Operation system login page identifies submodule:The submodule obtains operation system login page source code and from describedSource code in obtain login feature information, described login feature information includes:Login username input frame, user cipher are defeatedEnter frame and the crucial object ID for logging in object of login button three;
Inject code generation submodule:The submodule generates single-sign-on injection code, institute according to the login feature information of acquisitionThe single-sign-on injecting codes stated are used to obtain login username and login password from log-on message memory module and filled automaticallyTo login username input frame and user cipher input frame, and then trigger login button and complete to log in;
Inject code sub-module stored:The submodule corresponds to the single-sign-on injection code for injecting code generation submodule generationCorresponding operation system is stored.
Described single-sign-on injection code load and execution module includes:
Operation system logs in loading submodule:The submodule is used to load operation system to be logged in;
Inject code loading submodule:The submodule according to operation system log in loading submodule load operation system obtain fromSingle-sign-on injection code generation memory module obtains the single-sign-on injection code of operation system to be logged in;
Inject code implementation sub-module:The single-sign-on injection code that submodule operation obtains, specifically:Deposited from log-on messageStorage module obtains login username and login password and filled automatically to login username input frame and user cipher input frame, entersAnd trigger login button and complete to log in.
A kind of method that single-sign-on is carried out using above-mentioned self-adapted service system single-sign-on accessory system, this method bagInclude following steps:
(1) before registering service system, the single-sign-on injection code generation memory module of single-sign-on accessory system is according to certainlyAdapt to operation system login feature information generation single-sign-on injection code and store;
(2) during each registering service system, the single-sign-on of single-sign-on accessory system is utilized to inject code load and execution mouldBlock opens operation system, list corresponding to the operation system stored in single-sign-on injection code load and execution module loading step (1)Point logs in injection code and performs finishing service system login.
Step (1) is specially:
(11) operation system login page is loaded, obtains operation system login page source code;
(12) login feature information is obtained according to login page source code, described login feature information includes:Log in and useName in an account book input frame, user cipher input frame and the crucial object ID for logging in object of login button three;
(13) single-sign-on injection code is generated according to login feature information, described single-sign-on injection code is used for from loginInformation storage module obtains login username and login password and filled automatically defeated to login username input frame and user cipherEnter frame, and then trigger login button and complete to log in;
(14) single-sign-on injection code is stored into background data base.
Step (2) is specially:
(21) single-sign-on accessory system loads operation system to be logged in;
(22) single-sign-on corresponding to the operation system is obtained according to operation system to be logged in and injects code;
(23) single-sign-on injection code and finishing service system login are run, specifically:Obtained from log-on message memory moduleTake login username and login password and fill automatically to login username input frame and user cipher input frame, and then trigger and step onButton is recorded to complete to log in.
Compared with prior art, the invention has the advantages that:
(1) accessory system of the invention provides the platform of operation system single-sign-on, wherein single-sign-on injection code lifeThe generation of single-sign-on injection code is realized according to the specific log-on message of business information into memory module, and then single-sign-on is injectedCode load and execution module performs single-sign-on injection code and realizes login, for popular, that is, completes operation system log-on messageObtain in advance, and the program (being single-sign-on injection code) of one section of automated log on has been write according to log-on message, therefore enteringSingle-sign-on injection code can be directly performed during industry business system login just can realize automated log on, without to existing business systemSystem does any change, including provides any api interface without existing operation system and support, without the generation to existing operation systemCode logic is made any adjustment and changed, and existing operation system continues to run with the case of no any influence, realizes that single-point is stepped onRecord;
(2) single-sign-on accessory system of the present invention does not have any influence to existing business system, to existing business systemThere is no any transformation, in this case, enterprise realizes that the cost of single-sign-on is low, risk zero, and controllable degree is high, to enterpriseFor industry IT reform strengthenings, belong to optimal solution;
(3) single-point logging method of the invention is simple and convenient, safe and reliable.
Brief description of the drawings
Fig. 1 is the structured flowchart of self-adapted service system single-sign-on accessory system of the present invention;
Fig. 2 is that single-sign-on of the present invention injects the workflow diagram that code generates memory module;
Fig. 3 is the workflow diagram that single-sign-on of the present invention injects code load and execution module.
In figure, 0 is log-on message memory module, and 1 is that single-sign-on injects code generation memory module, and 2 be that single-sign-on is notedEnter a yard load and execution module, 11 be that operation system login page identifies submodule, and 12 generate submodule for injection code, and 13 be injectionCode sub-module stored, 21 be that operation system logs in loading submodule, and 22 load submodule for injection code, and 23 perform son for injection codeModule.
Embodiment
The present invention is described in detail with specific embodiment below in conjunction with the accompanying drawings.
Embodiment
As shown in figure 1, a kind of self-adapted service system single-sign-on accessory system, the single-sign-on accessory system is used for realThe single-sign-on of existing operation system, described single-sign-on accessory system include:
Log-on message memory module 0:The module storage service system login information, log-on message include login username andLogin password, in general, when the accessory system of the enterprise application present invention carries out operation system login, the login of each operation systemInformation realizes unified and consistent with the accessory system log-on message of the present invention, i.e., the login that log-on message memory module 0 storesUser name and login password are both the login username and login password of accessory system of the present invention, and the login of operation system is usedName in an account book and login password;
Single-sign-on injection code generation memory module 1:The module is used to generate the single-point for operation system automated log onLog in injection code and store;
Single-sign-on injection code load and execution module 2:In registering service system, single-sign-on injection code load and execution mouldBlock 2 obtains single-sign-on injection code, and obtains log-on message from log-on message memory module 0 and complete to log in.
Wherein, single-sign-on injection code generation memory module 1 includes:
Operation system login page identifies submodule 11:The submodule obtains operation system login page source code and from instituteLogin feature information is obtained in the source code stated, described login feature information includes:Login username input frame, user cipherInput frame and the crucial object ID for logging in object of login button three, and then can be in the injection code of generation by object IDIn navigate to control object, so as to inject log-on message and trigger register;
Inject code generation submodule 12:The submodule generates single-sign-on injection code according to the login feature information of acquisition,Described single-sign-on injecting codes are used to obtain login username and login password from log-on message memory module 0 and filled out automaticallyLogin username input frame and user cipher input frame are charged to, and then triggers login button and completes to log in;
Inject code sub-module stored 13:The single-sign-on injection code that the submodule generates injection code generation submodule 12 is rightIt should be stored in corresponding operation system.
Single-sign-on injection code load and execution module 2 includes:
Operation system logs in loading submodule 21:The submodule is used to load operation system to be logged in;
Inject code loading submodule 22:The submodule logs in the operation system of the loading loading of submodule 21 according to operation systemObtain the single-sign-on injection code that operation system to be logged in is obtained from single-sign-on injection code generation memory module 1;
Inject code implementation sub-module 23:The single-sign-on injection code that submodule operation obtains, specifically:From log-on messageMemory module 0 obtains login username and login password and filled automatically to login username input frame and user cipher inputFrame, and then trigger login button and complete to log in.
A kind of method this method that single-sign-on is carried out using self-adapted service system single-sign-on accessory system is included such asLower step:
(1) before registering service system, the single-sign-on injection code generation memory module 1 of single-sign-on accessory system is according to certainlyAdapt to operation system login feature information generation single-sign-on injection code and store;
(2) during each registering service system, the single-sign-on of single-sign-on accessory system is utilized to inject code load and execution mouldBlock 2 opens operation system, and single-sign-on is injected in the load step (1) of code load and execution module 2 corresponding to the operation system of storageSingle-sign-on injects code and performs finishing service system login.
Specifically, as shown in Fig. 2 step (1) is specially:
S11:Operation system login page is loaded, obtains operation system login page source code;
S12:Login feature information is obtained according to login page source code, described login feature information includes:Log in and useName in an account book input frame, login user Password Input frame and the crucial object ID for logging in object of login button three, can by object IDTo navigate to control object in the injection code of generation, so as to injecting data and triggering register;
S13:Single-sign-on injection code is generated according to login feature information, described single-sign-on injection code is used for from loginInformation storage module 0 obtains login username and login password and filled automatically defeated to login username input frame and user cipherEnter frame, and then trigger login button and complete to log in;
S14:Single-sign-on injection code is stored into background data base.
As shown in figure 3, step (2) is specially:
S21:Single-sign-on accessory system loads operation system to be logged in;
S22:Single-sign-on injects code according to corresponding to operation system to be logged in obtains the operation system;
S23:Single-sign-on injection code and finishing service system login are run, specifically:Obtained from log-on message memory module 0Take login username and login password and fill automatically to login username input frame and user cipher input frame, and then trigger and step onButton is recorded to complete to log in.
The operation principle of the present invention:Use for the first time during operation system, it is necessary to carry out the production of single-point injection code, single-point is stepped onRecord injection code generation memory module 1 realizes the generation of single-sign-on injection code according to the specific log-on message of business information.And thenFollowed by operation system in use, needing to carry out the login of operation system, now, single-sign-on injection code load and execution module2, which perform single-sign-on injection code, realizes login, for popular, that is, completes the advance acquisition of operation system log-on message, and rootThe program (being single-sign-on injection code) of one section of automated log on has been write according to log-on message, therefore has carried out operation system loginWhen can directly perform single-sign-on injection code just can realize automated log on.There is no any influence on existing system, to existing systemSystem is also without any transformation, and in this case, enterprise realizes that the cost of SSO schemes is low, risk zero, and controllable degree is high,For enterprise's IT reform strengthenings, belong to optimal solution.