CN111241523B - Authentication processing method, apparatus, device and storage medium - Google Patents

Abstract

The invention provides an authentication processing method, an authentication processing device, authentication processing equipment and a storage medium, wherein the method comprises the following steps: receiving an access request sent by terminal equipment, wherein the access request comprises user information and a system identifier of a target system; determining a verification object corresponding to the system identifier of the target system; determining configuration information corresponding to a system identifier of a target system, wherein the configuration information comprises address information of an authentication server; adopting a check object corresponding to the system identification of the target system, and sending an authentication request to an authentication server corresponding to address information in configuration information corresponding to the system identification of the target system, wherein the authentication request comprises user information so that the authentication server completes authentication with the terminal equipment; receiving an authentication result sent by an authentication server; and when the authentication result represents that the authentication is passed, transmitting data required by the access request to the terminal equipment. The present case can reduce the task volume of development, realizes integrated processing, and then promotes user experience.

Description

Translated fromChinese

认证处理方法、装置、设备和存储介质Authentication processing method, apparatus, device and storage medium

技术领域technical field

本发明涉及终端技术领域，尤其涉及一种认证处理方法、装置、设备和存储介质。The present invention relates to the technical field of terminals, and in particular, to an authentication processing method, apparatus, device and storage medium.

背景技术Background technique

目前，运营商提供有订单归集系统，该订单归集系统通过收集、处理等过程生成有很多订单数据。用户在认证相应的外围系统后，可以通过该外围系统从该订单归集系统中获取所需的订单数据。举例来说，用户在成功登录系统A后，可通过浏览器向该订单归集系统发送请求，然后该订单归集系统通过系统A的认证服务器确定该用户是否为认证系统A后的用户，若是，在该用户所请求的数据提供给该用户。At present, operators provide an order collection system, which generates a lot of order data through collection, processing and other processes. After authenticating the corresponding peripheral system, the user can obtain the required order data from the order collection system through the peripheral system. For example, after a user successfully logs in to system A, he can send a request to the order collection system through a browser, and then the order collection system determines through the authentication server of system A whether the user is a user after authentication system A, and if so. , where the data requested by the user is provided to the user.

现有技术中，不同的集群对应不同的认证服务器，如系统A和系统B属于同一个集群，系统C属于另外一个集群，由于不同的集群其认证方法不同，因而若想要所有集群中的用户都能从该订单归集系统中获取数据，则需要针对每一个集群，开发一套对接代码，从而基于每一套对接代码对相应集群中的用户进行认证，从而在认证通过时，使得相应集群中的用户都能从该订单归集系统中获取数据。In the prior art, different clusters correspond to different authentication servers. For example, system A and system B belong to the same cluster, and system C belongs to another cluster. Since different clusters have different authentication methods, if you want users in all clusters If you can obtain data from the order collection system, you need to develop a set of docking codes for each cluster, so as to authenticate users in the corresponding cluster based on each set of docking codes, so that when the authentication passes, the corresponding cluster Users in can obtain data from the order collection system.

然而现有技术中，由于集群的数量较多，因而若针对每一个集群都开发一套代码才能实现数据的获取，则开发的任务量巨大，而且无法做到集成处理，且维护困难，进而造成用户体验较差。However, in the prior art, due to the large number of clusters, if a set of codes can be developed for each cluster to realize data acquisition, the amount of development tasks is huge, and integrated processing cannot be achieved, and maintenance is difficult, resulting in Poor user experience.

发明内容SUMMARY OF THE INVENTION

本发明提供一种认证处理方法、装置、设备和存储介质，能够减少开发的任务量，实现集成处理，进而提升用户体验。The present invention provides an authentication processing method, device, equipment and storage medium, which can reduce the amount of development tasks, realize integrated processing, and further improve user experience.

第一方面，本发明提供一种认证处理方法，包括：In a first aspect, the present invention provides an authentication processing method, including:

接收终端设备发送的访问请求，其中，所述访问请求中包括用户信息和目标系统的系统标识；receiving an access request sent by a terminal device, wherein the access request includes user information and a system identifier of the target system;

根据预设的校验对象与系统标识之间的对应关系，确定与所述目标系统的系统标识对应的校验对象，其中，所述校验对象用于指示终端设备与认证服务器之间的认证方式；并根据预设的配置信息与系统标识之间的对应关系，确定与所述目标系统的系统标识对应的配置信息，其中，配置信息中包括认证服务器的地址信息；According to the preset correspondence between the verification object and the system identifier, the verification object corresponding to the system identifier of the target system is determined, wherein the verification object is used to indicate the authentication between the terminal device and the authentication server and determine the configuration information corresponding to the system identification of the target system according to the corresponding relationship between the preset configuration information and the system identification, wherein the configuration information includes the address information of the authentication server;

采用与所述目标系统的系统标识对应的校验对象，向与所述目标系统的系统标识对应的配置信息中的地址信息所对应的认证服务器发送认证请求，其中，所述认证请求中包括所述用户信息，以使与地址信息所对应的认证服务器根据所述用户信息完成与所述终端设备之间的认证；Using the verification object corresponding to the system identifier of the target system, an authentication request is sent to the authentication server corresponding to the address information in the configuration information corresponding to the system identifier of the target system, wherein the authentication request includes all the user information, so that the authentication server corresponding to the address information completes the authentication with the terminal device according to the user information;

接收与地址信息所对应的认证服务器发送的认证结果；Receive the authentication result sent by the authentication server corresponding to the address information;

在所述认证结果表征认证通过时，将所述访问请求所要求的数据发送给所述终端设备。When the authentication result indicates that the authentication is passed, the data required by the access request is sent to the terminal device.

进一步地，所述方法，还包括：Further, the method also includes:

接收用户发送的触发指令，并根据所述触发指令显示可视化界面；Receive a trigger instruction sent by the user, and display a visual interface according to the trigger instruction;

获取所述用户在所述可视化界面上输入的与每一个系统标识对应的配置信息，并存储与每一个系统标识对应的配置信息。The configuration information corresponding to each system identifier input by the user on the visual interface is acquired, and the configuration information corresponding to each system identifier is stored.

进一步地，所述方法，还包括：Further, the method also includes:

在所述认证结果表征认证不通过时，向所述终端设备发送认证失败消息，以使所述终端设备根据所述认证失败消息显示重新认证页面。When the authentication result indicates that the authentication fails, an authentication failure message is sent to the terminal device, so that the terminal device displays a re-authentication page according to the authentication failure message.

进一步地，所述认证失败消息中包括所述重新认证页面的地址；向所述终端设备发送认证失败消息，以使所述终端设备根据所述认证失败消息显示重新认证页面，包括：Further, the authentication failure message includes the address of the re-authentication page; sending an authentication failure message to the terminal device, so that the terminal device displays the re-authentication page according to the authentication failure message, including:

向所述终端设备发送认证失败消息，以使所述终端设备根据所述重新认证页面的地址显示重新认证页面。An authentication failure message is sent to the terminal device, so that the terminal device displays a re-authentication page according to the address of the re-authentication page.

进一步地，所述配置信息中还包括以下一种或多种：系统服务认证前缀、系统服务认证类型、系统代理认证地址、访问路径列表。Further, the configuration information also includes one or more of the following: system service authentication prefix, system service authentication type, system proxy authentication address, and access path list.

第二方面，本发明提供一种认证处理装置，包括：In a second aspect, the present invention provides an authentication processing device, comprising:

第一接收单元，用于接收终端设备发送的访问请求，其中，所述访问请求中包括用户信息和目标系统的系统标识；a first receiving unit, configured to receive an access request sent by a terminal device, wherein the access request includes user information and a system identifier of the target system;

确定单元，用于根据预设的校验对象与系统标识之间的对应关系，确定与所述目标系统的系统标识对应的校验对象，其中，所述校验对象用于指示终端设备与认证服务器之间的认证方式；并根据预设的配置信息与系统标识之间的对应关系，确定与所述目标系统的系统标识对应的配置信息，其中，配置信息中包括认证服务器的地址信息；a determining unit, configured to determine the verification object corresponding to the system identification of the target system according to the preset correspondence between the verification object and the system identification, wherein the verification object is used to indicate the terminal equipment and the authentication The authentication method between servers; and according to the corresponding relationship between the preset configuration information and the system identifier, determine the configuration information corresponding to the system identifier of the target system, wherein the configuration information includes the address information of the authentication server;

第一发送单元，用于采用与所述目标系统的系统标识对应的校验对象，向与所述目标系统的系统标识对应的配置信息中的地址信息所对应的认证服务器发送认证请求，其中，所述认证请求中包括所述用户信息，以使与地址信息所对应的认证服务器根据所述用户信息完成与所述终端设备之间的认证；The first sending unit is configured to use the verification object corresponding to the system identifier of the target system to send an authentication request to the authentication server corresponding to the address information in the configuration information corresponding to the system identifier of the target system, wherein, The authentication request includes the user information, so that the authentication server corresponding to the address information completes authentication with the terminal device according to the user information;

第二接收单元，用于接收与地址信息所对应的认证服务器发送的认证结果；a second receiving unit, configured to receive the authentication result sent by the authentication server corresponding to the address information;

第二发送单元，用于在所述认证结果表征认证通过时，将所述访问请求所要求的数据发送给所述终端设备。The second sending unit is configured to send the data required by the access request to the terminal device when the authentication result indicates that the authentication has passed.

进一步地，所述装置，还包括；Further, the device also includes;

配置单元，用于接收用户发送的触发指令，并根据所述触发指令显示可视化界面；获取所述用户在所述可视化界面上输入的与每一个系统标识对应的配置信息，并存储与每一个系统标识对应的配置信息。a configuration unit, configured to receive a trigger instruction sent by the user, and display a visual interface according to the trigger instruction; obtain the configuration information corresponding to each system identifier input by the user on the visual interface, and store the configuration information corresponding to each system identifier Identifies the corresponding configuration information.

进一步地，所述装置，还包括：Further, the device also includes:

第二发送单元，用于在所述认证结果表征认证不通过时，向所述终端设备发送认证失败消息，以使所述终端设备根据所述认证失败消息显示重新认证页面。A second sending unit, configured to send an authentication failure message to the terminal device when the authentication result indicates that the authentication fails, so that the terminal device displays a re-authentication page according to the authentication failure message.

进一步地，所述认证失败消息中包括所述重新认证页面的地址；Further, the authentication failure message includes the address of the re-authentication page;

所述第二发送单元，具体用于向所述终端设备发送认证失败消息，以使所述终端设备根据所述重新认证页面的地址显示重新认证页面。The second sending unit is specifically configured to send an authentication failure message to the terminal device, so that the terminal device displays the re-authentication page according to the address of the re-authentication page.

进一步地，所述配置信息中还包括以下一种或多种：系统服务认证前缀、系统服务认证类型、系统代理认证地址、访问路径列表。Further, the configuration information also includes one or more of the following: system service authentication prefix, system service authentication type, system proxy authentication address, and access path list.

第三方面，本发明提供一种认证处理设备，包括：存储器和处理器；In a third aspect, the present invention provides an authentication processing device, comprising: a memory and a processor;

所述存储器，用于存储计算机程序；the memory for storing computer programs;

其中，所述处理器执行所述存储器中的计算机程序，以实现第一方面任一任一实施方式中的方法。Wherein, the processor executes the computer program in the memory to implement the method in any one of the embodiments of the first aspect.

第四方面，本发明提供一种计算机可读存储介质，其上存储有计算机程序，所述计算机程序被处理器执行以实现如第一方面任一实施方式中的方法。In a fourth aspect, the present invention provides a computer-readable storage medium on which a computer program is stored, the computer program being executed by a processor to implement the method in any one of the embodiments of the first aspect.

本发明提供一种认证处理方法、装置、设备和存储介质，当接收到终端设备发送的访问请求后，根据预设的校验对象与系统标识之间的对应关系，确定与目标系统的系统标识所对应的校验对象；以及根据预设的配置信息与系统标识之间的对应关系，确定与目标系统的系统标识所对应的配置信息，采用与目标系统的系统标识对应的校验对象，向与目标系统的系统标识对应的配置信息中的地址信息所对应的认证服务器发送认证请求，通过所确定的校验对象和配置信息，当前可以作为目标系统所对应的集群的客户端，也即作为集群所对应的认证服务器的客户端，从而通过该认证服务器进行用户合法性认证，以在认证通过后在向用户提供相应的数据。本案通过配置信息与系统标识之间的对应关系，以及校验对象与系统标识之间的对应关系，可以作为不同集群的客户端，即可以作为多个集群分别对应的认证服务器的客户端，实现客户端与认证服务器之间一对多的关系，从而无需针对每一个集群开发相应的对接代码，因此开发工作量较小、维护简单，进而提升用户体验。The present invention provides an authentication processing method, device, device and storage medium. After receiving an access request sent by a terminal device, the system identifier of the target system is determined according to the preset correspondence between the verification object and the system identifier. The corresponding verification object; and according to the corresponding relationship between the preset configuration information and the system identification, determine the configuration information corresponding to the system identification of the target system, and use the verification object corresponding to the system identification of the target system to The authentication server corresponding to the address information in the configuration information corresponding to the system identifier of the target system sends an authentication request, and through the determined verification object and configuration information, it can currently be used as a client of the cluster corresponding to the target system, that is, as a client of the cluster corresponding to the target system. The client of the authentication server corresponding to the cluster, thereby performing user legality authentication through the authentication server, so as to provide corresponding data to the user after the authentication is passed. In this case, through the correspondence between the configuration information and the system ID, as well as the correspondence between the verification object and the system ID, it can be used as a client of different clusters, that is, it can be used as a client of authentication servers corresponding to multiple clusters. There is a one-to-many relationship between the client and the authentication server, so there is no need to develop corresponding docking code for each cluster, so the development workload is small, the maintenance is simple, and the user experience is improved.

附图说明Description of drawings

此处的附图被并入说明书中并构成本说明书的一部分，示出了符合本公开的实施例，并与说明书一起用于解释本公开的原理。The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description serve to explain the principles of the disclosure.

图1为本申请实施例一提供的认证处理方法的流程图；FIG. 1 is a flowchart of an authentication processing method provided in Embodiment 1 of the present application;

图2为本申请实施例二提供的认证处理方法的流程图；2 is a flowchart of an authentication processing method provided in Embodiment 2 of the present application;

图3为本申请实施例二提供的认证对应关系图；FIG. 3 is an authentication correspondence diagram provided by Embodiment 2 of the present application;

图4为本申请实施例三提供的认证处理装置的结构示意图；4 is a schematic structural diagram of an authentication processing apparatus provided in Embodiment 3 of the present application;

图5为本申请实施例四提供的认证处理装置的结构示意图；5 is a schematic structural diagram of an authentication processing apparatus provided in Embodiment 4 of the present application;

图6为本申请实施例五提供的认证处理设备的结构示意图。FIG. 6 is a schematic structural diagram of an authentication processing device provided in Embodiment 5 of the present application.

通过上述附图，已示出本公开明确的实施例，后文中将有更详细的描述。这些附图和文字描述并不是为了通过任何方式限制本公开构思的范围，而是通过参考特定实施例为本领域技术人员说明本公开的概念。The above-mentioned drawings have shown clear embodiments of the present disclosure, and will be described in more detail hereinafter. These drawings and written descriptions are not intended to limit the scope of the disclosed concepts in any way, but rather to illustrate the disclosed concepts to those skilled in the art by referring to specific embodiments.

具体实施方式Detailed ways

这里将详细地对示例性实施例进行说明，其示例表示在附图中。下面的描述涉及附图时，除非另有表示，不同附图中的相同数字表示相同或相似的要素。以下示例性实施例中所描述的实施方式并不代表与本公开相一致的所有实施方式。相反，它们仅是与如所附权利要求书中所详述的、本公开的一些方面相一致的装置和方法的例子。Exemplary embodiments will be described in detail herein, examples of which are illustrated in the accompanying drawings. When the following description refers to the drawings, the same numerals in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the illustrative examples below are not intended to represent all implementations consistent with this disclosure. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present disclosure as recited in the appended claims.

目前，运营商提供有订单归集系统，其对接的外围系统非常之多，这些外围系统都希望通过其自身的认证方式从订单归集系统中获取相应的订单数据等功能，但是每个外围系统都有其对应的权限及认证方法。现有技术中，每个系统的单点登录都需要进行开发，并且需要将许多彼此的用户及权限信息进行同步，需要投入大量的人力资源和时间。而且在对接不同的认证方式时，没有办法统一处理，只能分别进行单独的处理，导致应用分别部署，代码版本多，维护困难。因此，为了能够更加节省开发时间，优化代码结构，节省维护开支，降低各个对接系统的改造量和研发成本，提高系统的对接效率，本案提供一种基于单点登录的整合不同认证方式和不同认证服务器的认证处理装置(或者称为集成客户端)，完成不用认证方式以及不同认证服务器的认证对接。At present, the operator provides an order collection system, which is connected to a large number of peripheral systems. These peripheral systems all hope to obtain the corresponding order data and other functions from the order collection system through their own authentication methods, but each peripheral system Each has its corresponding permissions and authentication methods. In the prior art, the single sign-on of each system needs to be developed, and many users and permission information need to be synchronized with each other, and a lot of human resources and time need to be invested. Moreover, when connecting with different authentication methods, there is no way to deal with them in a unified manner, and can only deal with them separately, resulting in separate deployment of applications, many code versions, and difficulty in maintenance. Therefore, in order to save development time, optimize the code structure, save maintenance expenses, reduce the amount of transformation and R&D cost of each docking system, and improve the docking efficiency of the system, this case provides a single sign-on-based integration of different authentication methods and different authentication methods. The authentication processing device of the server (or referred to as an integrated client) completes the authentication docking without an authentication method and different authentication servers.

下面首先解释一下本案所基于的单点登录技术和cas认证框架。The following first explains the single sign-on technology and cas authentication framework on which this case is based.

单点登录(Single Sign On，简称SSO)，指的是在多个应用系统之间，用户只需要登录一次，就可以对其他所有相互信任的系统进行访问。在目前纷繁复杂的应用系统中，单点登录的场景应用是非常广泛的。举例来说，应用系统A和应用系统B为相互信任的系统，用户通过浏览器访问应用系统A，登录应用系统A后，再访问应用系统B时，就不需要再一次进行登录了。Single Sign On (Single Sign On, SSO for short) refers to that between multiple application systems, users only need to log in once to access all other mutually trusted systems. In the current complex application system, the scenario application of single sign-on is very extensive. For example, application system A and application system B are mutually trusted systems. Users access application system A through a browser. After logging in to application system A, they do not need to log in again when accessing application system B again.

cas认证框架，该框架开始是耶鲁大学的人员开发的，然后由Jasig社区维护，目前已经逐渐成为影响力大、使用广泛、并且是基于Java实现的、开源单点登录解决方案。该框架的认证过程可包括如下步骤：The cas authentication framework, which was originally developed by Yale University personnel and then maintained by the Jasig community, has gradually become an influential, widely used, and Java-based, open source single sign-on solution. The framework's certification process may include the following steps:

第一步：用户浏览器端发出未经认证的统一资源定位符(Uniform ResourceLocator，简称URL)。Step 1: The user's browser sends out an unauthenticated Uniform ResourceLocator (URL for short).

第二步：应用客户端识别URL请求未经过认证，则将请求重定向到CAS Server端(认证服务器)，并将请求地址加入URL参数中。Step 2: The application client recognizes that the URL request has not been authenticated, redirects the request to the CAS Server (authentication server), and adds the request address to the URL parameter.

第三步：CAS Server端返回浏览器端认证界面。Step 3: The CAS server returns to the browser-side authentication interface.

第四步：用户浏览器端录入认证信息，并请求CAS Server端进行认证。Step 4: The user browser enters the authentication information and requests the CAS Server for authentication.

第五步：CAS Server端进行认证，认证成功后，将请求URL加入认证票据信息，然后重定向给应用客户端。Step 5: The CAS server performs authentication. After the authentication is successful, the request URL is added to the authentication ticket information, and then redirected to the application client.

第六步：客户端收到带有认证票据的请求后，向CAS Server端发起票据认证。Step 6: After the client receives the request with the authentication ticket, it initiates ticket authentication to the CAS Server.

第七步：CAS Server端收到应用客户端的票据认证请求后，进行验证，并返回给应用客户端认证成功后的信息。Step 7: After receiving the ticket authentication request from the application client, the CAS server performs verification and returns the information after the successful authentication to the application client.

第八步：应用客户端根据CAS Server端返回的认证信息，再给用户浏览器返回相应的数据或者页面。Step 8: The application client returns the corresponding data or page to the user's browser according to the authentication information returned by the CAS Server.

现有技术中，每一个应用客户端只能作为一个认证服务器的客户端，其中，应用客户端和认证服务器之间是多对一的关系。In the prior art, each application client can only serve as a client of one authentication server, and there is a many-to-one relationship between the application client and the authentication server.

图1为本发明实施例一提供的认证处理方法的流程图，如图1所示，该方法包括：FIG. 1 is a flowchart of an authentication processing method provided in Embodiment 1 of the present invention. As shown in FIG. 1 , the method includes:

步骤101：接收终端设备发送的访问请求，其中，访问请求中包括用户信息和目标系统的系统标识。Step 101: Receive an access request sent by a terminal device, wherein the access request includes user information and a system identifier of the target system.

其中，在一个示例中，当用户想要获取订单数据等时，用户可通过终端设备访问浏览器，然后通过浏览器发送访问请求，从而会接收到终端设备发送的访问请求，其中，该访问请求中包括用户信息和目标系统的系统标识，示例性，用户信息可与目标系统所对应认证服务器的的认证方式有关，举例来说，目标系统所对应的认证方式为用户名和密码，则该访问请求中的用户信息则可为当前用户的用户名和密码。Wherein, in an example, when a user wants to obtain order data, etc., the user can access a browser through a terminal device, and then send an access request through the browser, so as to receive an access request sent by the terminal device, wherein the access request It includes user information and the system identification of the target system. Exemplarily, the user information may be related to the authentication mode of the authentication server corresponding to the target system. For example, if the authentication mode corresponding to the target system is the user name and password, then the access request The user information in can be the username and password of the current user.

步骤102：根据预设的校验对象与系统标识之间的对应关系，确定与目标系统的系统标识对应的校验对象，其中，校验对象用于指示终端设备与认证服务器之间的认证方式；并根据预设的配置信息与系统标识之间的对应关系，确定与目标系统的系统标识对应的配置信息，其中，配置信息中包括认证服务器的地址信息。Step 102: According to the preset correspondence between the verification object and the system identification, determine the verification object corresponding to the system identification of the target system, wherein the verification object is used to indicate the authentication method between the terminal device and the authentication server and determine the configuration information corresponding to the system identification of the target system according to the corresponding relationship between the preset configuration information and the system identification, wherein the configuration information includes the address information of the authentication server.

在本实施例中，预先设置有校验对象Verifier和系统标识之间的对应关系，那么在接收到终端设备发送的访问请求后，便可根据预设校验对象Verifier和系统标识之间的对应关系，确定与目标系统的系统标识所对应的Verifier，动态加载Verifier；另外，针对每个需要对接的系统，预先可设置各系统的系统标识与配置信息之间的对应关系，从而可基于系统标识与配置信息之间的对应关系，确定与目标系统的系统标识所对应的配置信息。配置信息中包括系统所对应的认证服务器的地址信息，以便后续根据配置信息中的地址信息，向地址信息所对应的认证服务器发送认证请求。In this embodiment, the correspondence between the verification object Verifier and the system identifier is preset, so after receiving the access request sent by the terminal device, the correspondence between the verification object Verifier and the system identifier can be verified according to the preset relationship, determine the Verifier corresponding to the system identifier of the target system, and dynamically load the Verifier; in addition, for each system that needs to be connected, the corresponding relationship between the system identifier and configuration information of each system can be set in advance, so that the system identifier can be based on the system identifier. The corresponding relationship with the configuration information determines the configuration information corresponding to the system identifier of the target system. The configuration information includes address information of the authentication server corresponding to the system, so that an authentication request is subsequently sent to the authentication server corresponding to the address information according to the address information in the configuration information.

另外，在认证处理装置刚启动时，可将默认的Verifier加载到系统内存中，在默认状态下，通过默认的Verifier进行认证判断，那么在认证处理装置运行过程中，可根据访问请求中的目标系统的系统标识，动态加载相应的Verifier，以实现和不同认证服务器的交互认证。In addition, when the authentication processing device is just started, the default Verifier can be loaded into the system memory, and in the default state, the authentication judgment is performed by the default Verifier, then during the running process of the authentication processing device, the target in the access request can be The system identifier of the system, and the corresponding Verifier is dynamically loaded to realize the mutual authentication with different authentication servers.

步骤103：采用与目标系统的系统标识对应的校验对象，向与目标系统的系统标识对应的配置信息中的地址信息所对应的认证服务器发送认证请求，其中，认证请求中包括用户信息，以使与地址信息所对应的认证服务器根据用户信息完成与终端设备之间的认证。Step 103: Using the verification object corresponding to the system identifier of the target system, send an authentication request to the authentication server corresponding to the address information in the configuration information corresponding to the system identifier of the target system, wherein the authentication request includes user information to The authentication server corresponding to the address information completes the authentication with the terminal device according to the user information.

在本实施例中，在接收到终端设备发送的访问请求后，可根据访问请求中的用户信息生成认证请求，该认证请求中包括该用户信息，以便采用目标系统的系统标识对应的校验对象Verifier，向目标系统的系统标识对应的配置信息中的地址信息所对应的认证服务器发送该认证请求，以使得地址信息所对应的认证服务器根据认证请求中所携带的用户信息完成对终端设备的认证，也即对终端设备对应的用户进行认证。举例来说，用户信息为用户名和密码，则将用户名和密码携带在认证请求中发送给该目标系统所对应的认证服务器，以便该认证服务器根据预存的该目标系统所对应的合法用户信息，对当前的用户进行身份认证。In this embodiment, after receiving the access request sent by the terminal device, an authentication request can be generated according to the user information in the access request, and the authentication request includes the user information, so as to adopt the verification object corresponding to the system identifier of the target system Verifier, sending the authentication request to the authentication server corresponding to the address information in the configuration information corresponding to the system identifier of the target system, so that the authentication server corresponding to the address information completes the authentication of the terminal device according to the user information carried in the authentication request , that is, to authenticate the user corresponding to the terminal device. For example, if the user information is a user name and a password, then the user name and password are carried in the authentication request and sent to the authentication server corresponding to the target system, so that the authentication server can verify the authentication server according to the pre-stored legal user information corresponding to the target system. The current user is authenticated.

步骤104：接收与地址信息所对应的认证服务器发送的认证结果。Step 104: Receive the authentication result sent by the authentication server corresponding to the address information.

在本实施例中，认证服务器会得到终端设备所对应的认证结果，并发送给认证处理装置，从而认证处理装置将会接收到该认证服务器所发送的认证结果。In this embodiment, the authentication server will obtain the authentication result corresponding to the terminal device and send it to the authentication processing apparatus, so that the authentication processing apparatus will receive the authentication result sent by the authentication server.

步骤105：在认证结果表征认证通过时，将访问请求所要求的数据发送给终端设备。Step 105: When the authentication result indicates that the authentication is passed, send the data required by the access request to the terminal device.

在本实施例中，当认证结果表征认证通过时，说明当前用户为合法用户，此时将访问请求所要求的数据发送给终端设备。In this embodiment, when the authentication result indicates that the authentication is passed, it indicates that the current user is a legitimate user, and at this time, the data required by the access request is sent to the terminal device.

本发明提供一种认证方法，当接收到终端设备发送的访问请求后，根据预设的校验对象与系统标识之间的对应关系，确定与目标系统的系统标识所对应的校验对象；以及根据预设的配置信息与系统标识之间的对应关系，确定与目标系统的系统标识所对应的配置信息，采用与目标系统的系统标识对应的校验对象，向与目标系统的系统标识对应的配置信息中的地址信息所对应的认证服务器发送认证请求，通过所确定的校验对象和配置信息，当前可以作为目标系统所对应的集群的客户端，也即作为集群所对应的认证服务器的客户端，从而通过该认证服务器进行用户合法性认证，以在认证通过后在向用户提供相应的数据。本案通过配置信息与系统标识之间的对应关系，以及校验对象与系统标识之间的对应关系，可以作为不同集群的客户端，即可以作为多个集群分别对应的认证服务器的客户端，实现客户端与认证服务器之间一对多的关系，从而无需针对每一个集群开发相应的对接代码，因此开发工作量较小、维护简单，进而提升用户体验。The present invention provides an authentication method. After receiving an access request sent by a terminal device, the verification object corresponding to the system identification of the target system is determined according to the preset correspondence between the verification object and the system identification; and According to the corresponding relationship between the preset configuration information and the system identifier, the configuration information corresponding to the system identifier of the target system is determined, and the verification object corresponding to the system identifier of the target system is used to send the verification object corresponding to the system identifier of the target system to the system identifier of the target system. The authentication server corresponding to the address information in the configuration information sends an authentication request. Through the determined verification object and configuration information, it can currently be used as the client of the cluster corresponding to the target system, that is, as the client of the authentication server corresponding to the cluster. end, so as to perform user legality authentication through the authentication server, so as to provide corresponding data to the user after the authentication is passed. In this case, through the correspondence between the configuration information and the system ID, as well as the correspondence between the verification object and the system ID, it can be used as a client of different clusters, that is, it can be used as a client of authentication servers corresponding to multiple clusters. There is a one-to-many relationship between the client and the authentication server, so there is no need to develop corresponding docking code for each cluster, so the development workload is small, the maintenance is simple, and the user experience is improved.

图2为本发明实施例二提供的基站建设评估方法的流程图，如图2所示，该方法可以包括：FIG. 2 is a flowchart of a base station construction evaluation method provided in Embodiment 2 of the present invention. As shown in FIG. 2 , the method may include:

步骤201：接收用户发送的触发指令，并根据触发指令显示可视化界面。Step 201: Receive a trigger instruction sent by a user, and display a visual interface according to the trigger instruction.

在本实施例中，提供一种可视化配置的方式，具体的，针对需要对接的系统，接收用户(如管理人员)发送的触发指令，然后根据触发指令向用户展示可视化配置界面，之后用户可在可视化配置界面上输入相应的配置信息。In this embodiment, a visual configuration method is provided. Specifically, for the system that needs to be connected, a trigger instruction sent by a user (such as an administrator) is received, and then a visual configuration interface is displayed to the user according to the trigger instruction. Enter the corresponding configuration information on the visual configuration interface.

步骤202：获取用户在可视化界面上输入的与每一个系统标识对应的配置信息，并存储与每一个系统标识对应的配置信息。Step 202: Acquire the configuration information corresponding to each system identifier input by the user on the visual interface, and store the configuration information corresponding to each system identifier.

在本实施例中，系统标识对应的配置信息中包括认证服务器的地址信息，另外，配置信息中还包括以下一种或多种：系统服务认证前缀、系统服务认证类型、重新认证页面的地址、系统代理认证地址、访问路径列表，其中，当认证服务器的地址不完善时，还可根据系统服务认证前缀与认证服务器的地址信息得到准确的认证服务器地址，以便后续根据该认证服务器地址进行认证；系统服务认证类型指的是认证服务器对系统的认证类型，例如，认证类型为采用用户名和密码的方式进行认证；再如，采用手机号和动态码的方式进行认证等等；当认证服务器不直接对用户信息进行认证时，还可通过系统代理认证地址对用户信息进行认证；访问路径列表中可设置黑名单和白名单，其中，黑名单和白名单中存储有系统的标识。In this embodiment, the configuration information corresponding to the system identification includes address information of the authentication server, and in addition, the configuration information also includes one or more of the following: system service authentication prefix, system service authentication type, address of the re-authentication page, A list of system proxy authentication addresses and access paths, in which, when the address of the authentication server is incomplete, an accurate authentication server address can also be obtained according to the system service authentication prefix and the address information of the authentication server, so that subsequent authentication can be performed according to the authentication server address; The system service authentication type refers to the authentication type of the authentication server to the system. For example, the authentication type is to use the user name and password for authentication; another example is to use the mobile phone number and dynamic code for authentication, etc.; when the authentication server does not directly When authenticating user information, the user information can also be authenticated through the system proxy authentication address; a blacklist and a whitelist can be set in the access path list, wherein the blacklist and the whitelist store the system identifier.

举例来说，有三个系统，分别是系统A、系统B和系统C，其中，系统A和系统C属于同一个集群，即系统A和系统C为能够实现单点登录的系统，也即当用户登录系统A后，可直接访问系统C，无需在登录一次，系统B属于另外一个集群，那么若当前需要对接这三个系统，则可向用户展示可配置化界面，用户可通过可配置化界面，输入系统A、系统B和系统C分别对应的配置信息，其中，该用户可为订单归集系统的相关管理人员、对接人员等等。通过界面操作，可以将对接系统的相关信息进行记录，从而可以实现系统操作的友好性，同时也降低了对系统对接人员的技术要求。For example, there are three systems, namely system A, system B, and system C. Among them, system A and system C belong to the same cluster, that is, system A and system C are systems that can realize single sign-on, that is, when a user After logging in to system A, you can directly access system C without logging in once. System B belongs to another cluster. If you need to connect these three systems, you can display a configurable interface to the user. , and input the configuration information corresponding to system A, system B, and system C respectively, where the user may be the relevant management personnel, docking personnel, etc. of the order collection system. Through the interface operation, the relevant information of the docking system can be recorded, thereby realizing the friendliness of the system operation and reducing the technical requirements for the system docking personnel.

步骤203：接收终端设备发送的访问请求，其中，访问请求中包括用户信息和目标系统的系统标识。Step 203: Receive an access request sent by the terminal device, where the access request includes user information and a system identifier of the target system.

步骤204：根据预设的校验对象与系统标识之间的对应关系，确定与目标系统的系统标识对应的校验对象，其中，校验对象用于指示终端设备与认证服务器之间的认证方式；并根据预设的配置信息与系统标识之间的对应关系，确定与目标系统的系统标识对应的配置信息，其中，配置信息中包括认证服务器的地址信息。Step 204: According to the preset correspondence between the verification object and the system identifier, determine the verification object corresponding to the system identifier of the target system, wherein the verification object is used to indicate the authentication method between the terminal device and the authentication server and determine the configuration information corresponding to the system identification of the target system according to the corresponding relationship between the preset configuration information and the system identification, wherein the configuration information includes the address information of the authentication server.

步骤205：采用与目标系统的系统标识对应的校验对象，向与目标系统的系统标识对应的配置信息中的地址信息所对应的认证服务器发送认证请求，其中，认证请求中包括用户信息，以使与地址信息所对应的认证服务器根据用户信息完成与终端设备之间的认证。Step 205: Using the verification object corresponding to the system identifier of the target system, send an authentication request to the authentication server corresponding to the address information in the configuration information corresponding to the system identifier of the target system, wherein the authentication request includes user information to The authentication server corresponding to the address information completes the authentication with the terminal device according to the user information.

步骤206：接收与地址信息所对应的认证服务器发送的认证结果。Step 206: Receive the authentication result sent by the authentication server corresponding to the address information.

步骤207：在认证结果表征认证通过时，将访问请求所要求的数据发送给终端设备。Step 207: When the authentication result indicates that the authentication is passed, send the data required by the access request to the terminal device.

在本实施例中，上述步骤203-207具体可参照实施例一中的相关解释，此处不再赘述。In this embodiment, the above-mentioned steps 203-207 may refer to the relevant explanations in Embodiment 1 for details, which will not be repeated here.

步骤208：在认证结果表征认证不通过时，向终端设备发送认证失败消息，以使终端设备根据认证失败消息显示重新认证页面。Step 208: When the authentication result indicates that the authentication fails, send an authentication failure message to the terminal device, so that the terminal device displays a re-authentication page according to the authentication failure message.

在本实施例中，当未认证通过时，还可向终端设备发送认证失败消息，以使得终端设备根据该认证失败消息显示重新认证页面，并重新进行认证。具体的，认证失败消息中包括重新认证页面的地址；则步骤207可具体包括：向终端设备发送认证失败消息，以使终端设备根据重新认证页面的地址显示重新认证页面。In this embodiment, when the authentication fails, an authentication failure message may also be sent to the terminal device, so that the terminal device displays a re-authentication page according to the authentication failure message, and performs authentication again. Specifically, the authentication failure message includes the address of the re-authentication page; then step 207 may specifically include: sending an authentication failure message to the terminal device, so that the terminal device displays the re-authentication page according to the address of the re-authentication page.

通过本案实现的认证对应关系可如图3所示，图3为本申请实施例二提供的认证对应关系图，其中，认证处理装置也可称为集成客户端、或者是订单归集系统。如图3所示，终端设备1、终端设备2、终端设备3、终端设备4、终端设备5可以是位于不同域的终端设备；认证服务器1、认证服务器2、认证服务器3、认证服务器4可以是位于不同域的认证服务器。其中，认证服务器1可采用token认证方式，认证服务器2可采用CAS20认证方式等等，即通过本案可实现一个集成客户端对应多个认证服务器的集成模式；而且，通过校验对象与系统标识之间的对应关系，可基于目标系统的系统标识，实现路由认证的动态加载。The authentication corresponding relationship realized by this case can be shown in FIG. 3 , which is an authentication corresponding relationship diagram provided in Embodiment 2 of the present application, wherein the authentication processing device may also be called an integrated client or an order collection system. As shown in FIG. 3 , terminal device 1, terminal device 2, terminal device 3, terminal device 4, and terminal device 5 may be terminal devices located in different domains; authentication server 1, authentication server 2, authentication server 3, and authentication server 4 may be are authentication servers located in different domains. Among them, the authentication server 1 can use the token authentication method, the authentication server 2 can use the CAS20 authentication method, etc., that is, through this case, an integrated mode in which one integrated client corresponds to multiple authentication servers can be realized; The corresponding relationship between the routing authentication can be dynamically loaded based on the system identification of the target system.

本实施例通过接收用户发送的触发指令，并根据触发指令显示可视化界面；获取用户在可视化界面上输入的与每一个系统标识对应的配置信息，并存储与每一个系统标识对应的配置信息，即通过界面操作可以将对接系统的相关信息进行记录，从而可以实现系统操作的友好性，同时也降低了对系统对接人员的技术要求。In this embodiment, the trigger instruction sent by the user is received, and the visual interface is displayed according to the trigger instruction; the configuration information corresponding to each system identifier input by the user on the visual interface is obtained, and the configuration information corresponding to each system identifier is stored, that is, Through the interface operation, the relevant information of the docking system can be recorded, so that the friendliness of the system operation can be realized, and the technical requirements for the system docking personnel are also reduced.

图4为本发明实施例三提供的基站建设评估装置的结构示意图，包括：4 is a schematic structural diagram of a base station construction evaluation device provided in Embodiment 3 of the present invention, including:

第一接收单元401，用于接收终端设备发送的访问请求，其中，访问请求中包括用户信息和目标系统的系统标识；Thefirst receiving unit 401 is configured to receive an access request sent by a terminal device, wherein the access request includes user information and a system identifier of the target system;

确定单元402，用于根据预设的校验对象与系统标识之间的对应关系，确定与目标系统的系统标识对应的校验对象，其中，校验对象用于指示终端设备与认证服务器之间的认证方式；并根据预设的配置信息与系统标识之间的对应关系，确定与目标系统的系统标识对应的配置信息，其中，配置信息中包括认证服务器的地址信息；The determiningunit 402 is configured to determine the verification object corresponding to the system identification of the target system according to the preset correspondence between the verification object and the system identification, wherein the verification object is used to indicate the relationship between the terminal device and the authentication server. and determine the configuration information corresponding to the system identification of the target system according to the corresponding relationship between the preset configuration information and the system identification, wherein the configuration information includes the address information of the authentication server;

第一发送单元403，用于采用与目标系统的系统标识对应的校验对象，向与目标系统的系统标识对应的配置信息中的地址信息所对应的认证服务器发送认证请求，其中，认证请求中包括用户信息，以使与地址信息所对应的认证服务器根据用户信息完成与终端设备之间的认证；Thefirst sending unit 403 is configured to use the verification object corresponding to the system identifier of the target system to send an authentication request to the authentication server corresponding to the address information in the configuration information corresponding to the system identifier of the target system, wherein the authentication request Including user information, so that the authentication server corresponding to the address information completes the authentication with the terminal device according to the user information;

第二接收单元404，用于接收与地址信息所对应的认证服务器发送的认证结果；Thesecond receiving unit 404 is configured to receive the authentication result sent by the authentication server corresponding to the address information;

第二发送单元405，用于在认证结果表征认证通过时，将访问请求所要求的数据发送给终端设备。Thesecond sending unit 405 is configured to send the data required by the access request to the terminal device when the authentication result indicates that the authentication has passed.

本实施例提供的认证处理装置，同于实现前述任一实施例提供的认证处理方法中的技术方案，其实现原理和技术效果类似，不再赘述。The authentication processing apparatus provided in this embodiment is the same as the technical solution in implementing the authentication processing method provided by any of the foregoing embodiments, and its implementation principle and technical effect are similar, and will not be repeated here.

图5为本发明实施例四提供的认证处理装置的结构示意图，包括：5 is a schematic structural diagram of an authentication processing apparatus provided in Embodiment 4 of the present invention, including:

配置单元501，用于接收用户发送的触发指令，并根据触发指令显示可视化界面；获取用户在可视化界面上输入的与每一个系统标识对应的配置信息，并存储与每一个系统标识对应的配置信息。Theconfiguration unit 501 is used to receive the trigger instruction sent by the user, and display the visual interface according to the trigger instruction; obtain the configuration information corresponding to each system identifier input by the user on the visual interface, and store the configuration information corresponding to each system identifier .

所述装置，还包括：The device also includes:

第三发送单元502，用于在认证结果表征认证不通过时，向终端设备发送认证失败消息，以使终端设备根据认证失败消息显示重新认证页面。Thethird sending unit 502 is configured to send an authentication failure message to the terminal device when the authentication result indicates that the authentication fails, so that the terminal device displays a re-authentication page according to the authentication failure message.

进一步地，认证失败消息中包括重新认证页面的地址；第二发送单元，具体用于向终端设备发送认证失败消息，以使终端设备根据重新认证页面的地址显示重新认证页面。Further, the authentication failure message includes the address of the re-authentication page; the second sending unit is specifically configured to send the authentication failure message to the terminal device, so that the terminal device displays the re-authentication page according to the address of the re-authentication page.

进一步地，配置信息中还包括以下一种或多种：系统服务认证前缀、系统服务认证类型、系统代理认证地址、访问路径列表。Further, the configuration information also includes one or more of the following: system service authentication prefix, system service authentication type, system proxy authentication address, and access path list.

本实施例提供的认证处理装置，同于实现前述任一实施例提供的认证处理方法中的技术方案，其实现原理和技术效果类似，不再赘述。The authentication processing apparatus provided in this embodiment is the same as the technical solution in implementing the authentication processing method provided by any of the foregoing embodiments, and its implementation principle and technical effect are similar, and will not be repeated here.

图6为本申请实施例五提供的认证处理设备的结构示意图，如图6所示，包括：存储器601和处理器602；FIG. 6 is a schematic structural diagram of an authentication processing device provided in Embodiment 5 of the present application, as shown in FIG. 6 , including: amemory 601 and aprocessor 602;

存储器601，用于存储计算机程序；memory 601 for storing computer programs;

其中，处理器602执行存储器601中的计算机程序，以实现任一实施例的方法。Theprocessor 602 executes the computer program in thememory 601 to implement the method of any embodiment.

本申请提供一种计算机可读存储介质，其上存储有计算机程序，计算机程序被处理器执行以实现任一实施例的方法。The present application provides a computer-readable storage medium having a computer program stored thereon, the computer program being executed by a processor to implement the method of any one of the embodiments.

本领域技术人员在考虑说明书及实践这里公开的发明后，将容易想到本公开的其它实施方案。本发明旨在涵盖本公开的任何变型、用途或者适应性变化，这些变型、用途或者适应性变化遵循本公开的一般性原理并包括本公开未公开的本技术领域中的公知常识或惯用技术手段。说明书和实施例仅被视为示例性的，本公开的真正范围和精神由下面的权利要求书指出。Other embodiments of the present disclosure will readily occur to those skilled in the art upon consideration of the specification and practice of the invention disclosed herein. The present invention is intended to cover any variations, uses, or adaptations of the present disclosure that follow the general principles of the present disclosure and include common knowledge or conventional techniques in the art not disclosed by the present disclosure . The specification and examples are to be regarded as exemplary only, with the true scope and spirit of the disclosure being indicated by the following claims.

应当理解的是，本公开并不局限于上面已经描述并在附图中示出的精确结构，并且可以在不脱离其范围进行各种修改和改变。本公开的范围仅由所附的权利要求书来限制。It is to be understood that the present disclosure is not limited to the precise structures described above and illustrated in the accompanying drawings, and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.

Claims (12)

1. An authentication processing method, characterized in that the method comprises:

receiving an access request sent by terminal equipment, wherein the access request comprises user information and a system identifier of a target system;

determining a verification object corresponding to the system identifier of the target system according to a corresponding relation between a preset verification object and the system identifier, wherein the verification object is used for indicating an authentication mode between the terminal equipment and the authentication server; determining configuration information corresponding to the system identifier of the target system according to a corresponding relation between preset configuration information and the system identifier, wherein the configuration information comprises address information of an authentication server;

sending an authentication request to an authentication server corresponding to address information in configuration information corresponding to the system identifier of the target system by adopting a verification object corresponding to the system identifier of the target system, wherein the authentication request comprises the user information, so that the authentication server corresponding to the address information completes authentication with the terminal equipment according to the user information;

receiving an authentication result sent by an authentication server corresponding to the address information;

and when the authentication result represents that the authentication is passed, sending the data required by the access request to the terminal equipment.

2. The method of claim 1, further comprising:

receiving a trigger instruction sent by a user, and displaying a visual interface according to the trigger instruction;

and acquiring the configuration information corresponding to each system identification input on the visual interface by the user, and storing the configuration information corresponding to each system identification.

3. The method of claim 1, further comprising:

and when the authentication result represents that the authentication fails, sending an authentication failure message to the terminal equipment so that the terminal equipment displays a re-authentication page according to the authentication failure message.

4. The method of claim 3, wherein the authentication failure message includes an address of the re-authentication page; sending an authentication failure message to the terminal device to enable the terminal device to display a re-authentication page according to the authentication failure message, wherein the authentication failure message comprises:

and sending an authentication failure message to the terminal equipment so that the terminal equipment displays a re-authentication page according to the address of the re-authentication page.

5. The method according to any one of claims 1 to 4, wherein the configuration information further comprises one or more of the following: system service authentication prefix, system service authentication type, system agent authentication address and access path list.

6. An authentication processing apparatus, comprising:

the terminal equipment comprises a first receiving unit, a second receiving unit and a third receiving unit, wherein the first receiving unit is used for receiving an access request sent by the terminal equipment, and the access request comprises user information and a system identifier of a target system;

the system comprises a determining unit, a verification unit and a verification unit, wherein the determining unit is used for determining a verification object corresponding to a system identifier of the target system according to a corresponding relation between a preset verification object and the system identifier, and the verification object is used for indicating an authentication mode between terminal equipment and an authentication server; determining configuration information corresponding to the system identifier of the target system according to a corresponding relation between preset configuration information and the system identifier, wherein the configuration information comprises address information of an authentication server;

a first sending unit, configured to send, by using a verification object corresponding to a system identifier of the target system, an authentication request to an authentication server corresponding to address information in configuration information corresponding to the system identifier of the target system, where the authentication request includes the user information, so that the authentication server corresponding to the address information completes authentication with the terminal device according to the user information;

a second receiving unit, configured to receive an authentication result sent by an authentication server corresponding to the address information;

and the second sending unit is used for sending the data required by the access request to the terminal equipment when the authentication result represents that the authentication passes.

7. The apparatus of claim 6, further comprising;

the configuration unit is used for receiving a trigger instruction sent by a user and displaying a visual interface according to the trigger instruction; and acquiring the configuration information corresponding to each system identification input on the visual interface by the user, and storing the configuration information corresponding to each system identification.

8. The apparatus of claim 7, further comprising:

and the second sending unit is used for sending an authentication failure message to the terminal equipment when the authentication result represents that the authentication fails, so that the terminal equipment displays a re-authentication page according to the authentication failure message.

9. The apparatus of claim 8, wherein the authentication failure message includes an address of the re-authentication page;

the second sending unit is specifically configured to send an authentication failure message to the terminal device, so that the terminal device displays a re-authentication page according to the address of the re-authentication page.

10. The apparatus according to any one of claims 6-9, wherein the configuration information further comprises one or more of: system service authentication prefix, system service authentication type, system agent authentication address and access path list.

11. An authentication processing apparatus characterized by comprising: a memory and a processor;

the memory for storing a computer program;

wherein the processor executes the computer program in the memory to implement the method of any one of claims 1-5.

12. A computer-readable storage medium, on which a computer program is stored which is executed by a processor to implement the method according to any of claims 1-5.

Images