Summary of the invention
The embodiment of the present invention provides a kind of method and device for exempting from close login third party system, with to avoid third party systemWhen performance is poor, the logging request of multiple users cannot be handled in time after being sent to the first method, system, be made to the first method, systemThe problem of at pressure.
A kind of method for exempting from close login third party system provided in an embodiment of the present invention, comprising:
User resources system receives the first request that the first method, system is sent;First request is first method, systemIt is sent after verifying client logins successfully;
After the user resources system passes through first requests verification, the first sound that record has the first token is generatedIt answers;And first response is sent to the client by first method, system;First response is used to indicateThe client logs in the third party system according to first token;
The user resources system receives the second request that the third party system is sent;Second request is described theWhat three method, systems generated and sent after the access request for receiving the client;Record has the second order in second requestBoard;
The user resources system generates third token after passing through to first token and second token authenticationAnd it is sent to the third party system;The third token is obtained from the user resources system for the third party systemUser information is to complete user's registration.
In above-mentioned technical proposal, user resources system generates first and responds and pass through after passing through to the first requests verificationFirst method, system is sent to client, and client logs in third party system according to the first token, during being somebody's turn to do, multiple first party systemsSystem and user resources system docking, multiple third party systems and user resources system docking, the first method, system is not necessarily to and third partySystem docking, the first method, system are not necessarily to develop corresponding interface for each third party system, reduce opening for the first method, systemSend out workload.And first token be to be generated by user resources system, it is low to the performance requirement of third party system, when third party beThe performance of system is poor, and request log in user it is more when, user resources system can generate the first token faster and feed backTo client, the pressure of first party system not will cause.Third party system is obtained from user resources system according to third tokenUser information completes user's registration, after realizing that user exempts from close login, can also according to the user information in user resources system,It timely updates to the user information in third party system.
Optionally, first request is the information after the first party system encryption;
The user resources system is to first requests verification, comprising:
If the user resources system is to the first request successful decryption, it is determined that first requests verification passes through.
In above-mentioned technical proposal, user resources system and the first method, system can use symmetric cryptography mode, first party systemIt unites and the first request is encrypted, user resources system decrypts the first request, completes the coded communication of the two, ensures information safety.
Optionally, first request includes IP (the Internet Protocol, between network of first method, systemThe agreement of interconnection) address;
The user resources system is before determining that first requests verification passes through, further includes:
The user resources system determines the IP address of first method, system in default IP white list.
In above-mentioned technical proposal, user resources system can also preset IP white list, for carrying out the to the first method, systemSecondary verifying improves information security.
Correspondingly, a kind of method for exempting from close login third party system that the embodiment of the present invention also provides, comprising:
Third party system receives the access request that client is sent;The access request is that client receives user resourcesIt is generated after the first response that system is sent by the first method, system, the access request record has the first token;Described firstResponse is generated after the user resources system passes through the first requests verification;First request is first method, systemIt is sent after verifying the client and logining successfully;
The third party system generates the second request that record has the second token according to the access request, by described secondRequest is sent to the user resources system;
The third party system receives the third token that the user resources system is sent;The third token is the useWhat family resource system generated after passing through to first token and second token authentication;
The third party system obtains user information according to the third token and is completed from the user resources systemUser's registration;
The third party system sends access success response to the client.
In above-mentioned technical proposal, third party system generates the second request, and be sent to user according to the access request of userResource system obtains the third token that user resources system is sent, and third party system is according to third token from user resources systemMiddle acquisition user information completes user's registration, can also be according to the user in user resources system after realizing that user exempts from close loginInformation timely updates to the user information in third party system.In the technical program, third party system is without generating firstToken, it is low to the performance requirement of third party system, when the performance of third party system is poor, and requests the user logged in more,User resources system can generate the first token faster and feed back to client, not will cause the pressure of first party system.
Correspondingly, exempting from the close device for logging in third party system the embodiment of the invention also provides a kind of, comprising:
Transmit-Receive Unit, for receiving the first request of the first method, system transmission;First request is the first party systemWhat system was sent after verifying client logins successfully;
Processing unit generates the first response that record has the first token after passing through to first requests verification;WithAnd first response is sent to the client by first method, system by the control Transmit-Receive Unit;First soundThe third party system is logged according to first token applied to the instruction client;
The Transmit-Receive Unit is also used to receive the second request that the third party system is sent;Second request is instituteState what third party system generated and sent after the access request for receiving the client;Record has the in second requestTwo tokens;
The processing unit is also used to after passing through to first token and second token authentication, generates thirdToken simultaneously controls the Transmit-Receive Unit and is sent to the third party system;The third token for the third party system fromUser information is obtained in the resource system of family to complete user's registration.
Optionally, first request is the information after the first party system encryption;
The processing unit, is specifically used for:
If to the first request successful decryption, it is determined that first requests verification passes through.
Optionally, first request includes the IP address of first method, system;
The processing unit, is specifically used for:
Before determining that first requests verification passes through, determine the IP address of first method, system in the default white name of IPDan Zhong.
Correspondingly, exempting from the close device for logging in third party system the embodiment of the invention also provides a kind of, comprising:
Transmit-Receive Unit, for receiving the access request of client transmission;The access request is that client receives userIt is generated after the first response that resource system is sent by the first method, system, the access request record has the first token;It is describedThe first response user resources system generates after passing through to the first requests verification;First request is the first partyWhat system was sent after verifying the client and logining successfully;
Processing unit controls the receipts for generating the second request that record has the second token according to the access requestSecond request is sent to the user resources system by bill member;
The Transmit-Receive Unit is also used to receive the third token that the user resources system is sent;The third token isWhat the user resources system generated after passing through to first token and second token authentication;
The processing unit is also used to obtain user information simultaneously from the user resources system according to the third tokenComplete user's registration;
The Transmit-Receive Unit is also used to send access success response to the client.
Correspondingly, the embodiment of the invention also provides a kind of calculating equipment, comprising:
Memory, for storing program instruction;
Processor, for calling the program instruction stored in the memory, according to acquisition program execute it is above-mentioned exempt from it is closeThe method for logging in third party system.
Correspondingly, the embodiment of the invention also provides a kind of computer-readable non-volatile memory medium, including computerReadable instruction, when computer is read and executes the computer-readable instruction, so that computer executes and above-mentioned exempts from close to log in theThe method of three method, systems.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with attached drawing to the present invention make intoIt is described in detail to one step, it is clear that described embodiments are only a part of the embodiments of the present invention, rather than whole implementationExample.Based on the embodiments of the present invention, obtained by those of ordinary skill in the art without making creative effortsAll other embodiment, shall fall within the protection scope of the present invention.
Fig. 1 illustratively show it is provided in an embodiment of the present invention exempt from it is close log in third party system method be applicable in beSystem framework, which may include client 100, the first method, system 200, user resources system 300 and third party system400。
Client 100: the website or APP (Application, application program) that user logs in;
First method, system 200: user needs the information system platform of sign-on access, usually the corresponding clothes of user's Website loginBusiness device or the corresponding server of APP;
User resources system 300: user resources information management side, including user's basic document and other user data.
Third party system 400: client 100 passes through the goal systems that the first method, system 200 jumps, it is desirable that after jumping successfullyIt is logging state;
User resources system 300 is connect with multiple first method, systems 200, and is connect with multiple third party systems 400.WithFamily resource system 300 and the first method, system 200 can use symmetric cryptography mode, so that the first method, system 200 is provided with userSource system 300 carries out coded communication;Similarly, it is logical can also can to carry out encryption with user resources system 300 for third party system 400Letter.User resources system 300 provides service end interface to the first method, system 200 and third party system 400 respectively, services end interfaceIt may include authorization interface 301, acquisition of information interface 302 etc., wherein authorization interface 301 is used for the first method, system 200 or theThe identity of three method, systems 400 is verified, and corresponding token is issued after being verified;Acquisition of information interface 302 is for theOne method, system 200 or third party system 400 obtain user information from user resources system 300.User resources system 300 is also wrappedConfiguration storage module 303 is included, for storing user basic information or other users information etc..
First method, system 200 is connect with multiple client 100, and the first method, system 200 includes a third party system entrance,Client 100 is exempted from close to log on to third party system 400 by accessing the third party system entrance.
First method, system 200 does use by unified user resources system 300 without directly docking third party system 400Directly exempt to log in after the access mandate of family to jump to third party system 400;Client 100 is exempted from without accessing user resources system 300Register is completed with the first method, system 200, user resources system 300 and third party system 400, wherein user resources systemSystem 300 is intermediate system, invisible to user.
Based on foregoing description, Fig. 2 illustratively shows one kind provided in an embodiment of the present invention and exempts from close login third party systemThe process of the method for system, the process can be executed by exempting from the close device for logging in third party system, and the executing subject being related to has clientEnd, the first method, system, user resources system and third party system.
As shown in Fig. 2, the process specifically includes:
Step 201, client sends log-on message to the first method, system.
User can input username and password to client, so that client sends log-on message to the first method, system,The first method, system is logged on to for client.
Step 202, the first method, system verifies log-on message, determines that client logins successfully.
Step 203, client exempts from sign-on access request to the transmission of the first method, system.
First method, system can will login successfully response and feed back to client, client after determining that client logins successfullyEnd logins successfully response according to the first method, system, and the request for exempting from sign-on access third party system is sent to the first method, system.
Step 204, the first method, system sends the first request to user resources system.
First method, system generates the first request and is sent to user resources system, certainly after receiving the request of client.
First request can recorde the access address of the third party system for needing to be logged in, user identifier, the first method, systemIP address etc..
Step 205, user resources system verifies the first request.
The authorization interface of user resources system may include interim token interface and long-term token interface, and interim token interface is usedIt is verified in the identity to the first method, system, and after being verified, issues interim token to the first method, system;Long-term tokenInterface after being verified, issues long-term token to third party system for verifying to the identity of third party system.WhenSo, it after the authentication to the first method, system or third party system does not pass through, is then returned to the first method, system or third party systemReturn the information of verification failure.
In the embodiment of the present invention, user resources system can be by the first request of verifying, to complete to the first method, systemAuthentication, optionally, the first method, system can encrypt the first request, i.e., the first request when transmission first is requestedFor the information after first party system encryption, user resources system judges whether that successful decryption can be requested to first, if so,The first request is determined by verifying, i.e. the identity of the first method, system passes through verifying.
In addition, user resources system before determining that the first requests verification passes through, can also determine in the first requestWhether the IP address of one method, system is in default IP white list, if so, determine that the first requests verification passes through, otherwise, it determines theOne requests verification does not pass through.Default IP white list is staff pre-stored accessible user in user resources systemThe list of the IP address of resource system.
Step 206, after user resources system passes through the first requests verification, the first response is generated.
Record has the redirect address of the first token and third party system to be logged in first response.First token is usedThe interim token that family resource system is issued to the first method, system, when can set use to the first token according to system network environmentLimit, if the first token is not used by within its pot life, ceases to be in force automatically.
Step 207, user resources system sends the first response to client.
First response is sent to client by the first method, system by user resources system, is equivalent to, user resources systemFirst response is sent to the first method, system, first party system forwards first response to client.
Step 208, client generates access request.
Step 209, access request is sent to third party system by client.
Client can generate access request according to the first response, for exempting from close log on to after receiving the first responseThird party system, specifically, client accesses the redirect address of third party system according to the first token.
Step 210, third party system generates the second request.
Third party system generates after the access request for receiving client generation according to the first token in access requestSecond request, wherein record has the second token in second request.
Step 211, third party system sends the second request to user resources system.
Step 212, user resources system verifies the first token and the second token.
User resources system judge second request in the second token and the first token it is whether consistent, if unanimously, it is determined thatSecond token is by verifying, otherwise, it determines the second token is unverified.
User resources system can also be optional to complete the authentication to third party system by the second request of verifying, third party system can encrypt the second request, i.e., the second request is through third party system when transmission second is requestedEncrypted information, user resources system judges whether can be to the second request successful decryption, if so, determining that the second request is logicalVerifying is crossed, i.e. the identity of third party system passes through verifying.
Step 213, user resources system generates third token after passing through to the first token and the second token authentication.
User resources system issues third token to third party system, the third token, that is, long-term token, the long-term tokenUser information is obtained from user resources system for third party system.
Step 214, user resources system sends third token to third party system.
Step 215, user resources system sends user information to third party system.
Third party system can send the request for obtaining user information, Yong Huzi according to third token to user resources systemSource system sends user information to third party system according to third token, which may include the user name of user, surnameName, address, contact method etc..
Step 216, third party system completes user's registration.
Third party system is according to the user information got, in internal system initialising subscriber information, to complete userRegistration, and user is set for logging state.
Step 217, third party system sends access success response to client.
Third party system sends access success response to client, i.e. notice client jumps to the requested page of userFace.Certainly, third party system may be not different by the authentication of user resources system or the second token and the first tokenThe movement etc. of user's registration is caused or cannot successfully complete, third party system all can notify client to jump to faulty page, and prompt is recognizedDemonstrate,prove failure information.
It, can also be according to third token from user resources system after third party system sends access success response to clientThe updated information of middle acquisition user, and the user information in third party system is carried out in time according to user's updated informationIt updates.
The embodiment of the present invention, beneficial effect are analyzed as follows:
1, user only needs to log in the first method, system, can jump multiple third party systems, and the first method, system is without straightDocking third party system is connect, directly exempts to log in jump to third party after doing user's access mandate by unified user resources systemSystem;User exempts from register by the first method, system, user resources system and third party system without accessing user resources systemCooperation is completed, and wherein user resources system is intermediate system, invisible to user.
2, multiple first method, systems and user resources system docking, multiple third party systems and user resources system docking,Without docking with third party system, the first method, system is not necessarily to connect for the exploitation of each third party system is corresponding first method, systemMouthful, reduce the development amount of the first method, system.And when accessing new third party system, the first method, system is without individually realThe service logic now docked can be realized client simply by configuration relevant information and exempt from close log on to newly by the first method, systemThird party system.
3, the first token is generated by user resources system, low to the performance requirement of third party system, when third party isThe performance of system is poor, and request log in user it is more when, user resources system can generate the first token faster and feed backTo client, the pressure of first party system not will cause.
4, third party system obtains user information according to third token from user resources system, completes user's registration, realIt, can also be according to the user information in user resources system, to the user information in third party system after close login is exempted from current familyIt timely updates.
Based on the same inventive concept, Fig. 3 illustratively shows one kind provided in an embodiment of the present invention and exempts from close login thirdThe structure of the device of method, system, the device can execute the process for exempting from the close method for logging in third party system.
Transmit-Receive Unit 301, for receiving the first request of the first method, system transmission;First request is the first partyWhat system was sent after verifying client logins successfully;
Processing unit 302 generates the first sound that record has the first token after passing through to first requests verificationIt answers;And first response is sent to the client by first method, system by the control Transmit-Receive Unit 301;InstituteIt states the first response and is used to indicate the client according to first token login third party system;
The Transmit-Receive Unit 301 is also used to receive the second request that the third party system is sent;It is described second request beWhat the third party system generated and sent after the access request for receiving the client;Recording in second request hasSecond token;
The processing unit 302 is also used to after passing through to first token and second token authentication, generates theThree tokens simultaneously control the Transmit-Receive Unit 301 and are sent to the third party system;The third token is for third party systemSystem obtains user information from user resources system to complete user's registration.
Optionally, first request is the information after the first party system encryption;
The processing unit 302, is specifically used for:
If to the first request successful decryption, it is determined that first requests verification passes through.
Optionally, first request includes the IP address of first method, system;
The processing unit 302, is specifically used for:
Before determining that first requests verification passes through, determine the IP address of first method, system in the default white name of IPDan Zhong.
Based on the same inventive concept, one kind that Fig. 4 illustratively shows that the embodiment of the present invention also provides is exempted from close to log in theThe structure of the device of three method, systems.
Transmit-Receive Unit 401, for receiving the access request of client transmission;The access request is that client receives useIt is generated after the first response that family resource system is sent by the first method, system, the access request record has the first token;InstituteStating the first response is generated after the user resources system passes through the first requests verification;First request is described firstWhat method, system was sent after verifying the client and logining successfully;
Processing unit 402 records the second request for having the second token for generating according to the access request, described in controlSecond request is sent to the user resources system by Transmit-Receive Unit 401;
The Transmit-Receive Unit 401 is also used to receive the third token that the user resources system is sent;The third tokenThe user resources system generates after passing through to first token and second token authentication;
The processing unit 402 is also used to obtain user's letter from the user resources system according to the third tokenIt ceases and completes user's registration;
The Transmit-Receive Unit 401 is also used to send access success response to the client.
Based on the same inventive concept, the embodiment of the invention also provides a kind of calculating equipment, comprising:
Memory, for storing program instruction;
Processor, for calling the program instruction stored in the memory, according to acquisition program execute it is above-mentioned exempt from it is closeThe method for logging in third party system.
Based on the same inventive concept, the embodiment of the invention also provides a kind of computer-readable non-volatile memory medium,Including computer-readable instruction, when computer is read and executes the computer-readable instruction, so that computer execution is above-mentionedExempt from the close method for logging in third party system.
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program productFigure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructionsThe combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programsInstruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produceA raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for realThe device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spyDetermine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram orThe function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that countingSeries of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer orThe instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram oneThe step of function of being specified in a box or multiple boxes.
Although preferred embodiments of the present invention have been described, it is created once a person skilled in the art knows basicProperty concept, then additional changes and modifications may be made to these embodiments.So it includes excellent that the following claims are intended to be interpreted asIt selects embodiment and falls into all change and modification of the scope of the invention.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the artMind and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technologiesWithin, then the present invention is also intended to include these modifications and variations.