Movatterモバイル変換

[0]ホーム
URL:

CN113765869A - Login method, device, server and storage medium - Google Patents

Login method, device, server and storage mediumDownload PDF

Info

Publication number
CN113765869A
CN113765869ACN202010832195.1ACN202010832195ACN113765869ACN 113765869 ACN113765869 ACN 113765869ACN 202010832195 ACN202010832195 ACN 202010832195ACN 113765869 ACN113765869 ACN 113765869A
Authority
CN
China
Prior art keywords
login
logged
server
request
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010832195.1A
Other languages
Chinese (zh)
Other versions
CN113765869B (en
Inventor
马喜鹏
白圣培
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jingdong Century Trading Co Ltd
Beijing Wodong Tianjun Information Technology Co Ltd
Original Assignee
Beijing Jingdong Century Trading Co Ltd
Beijing Wodong Tianjun Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jingdong Century Trading Co Ltd, Beijing Wodong Tianjun Information Technology Co LtdfiledCriticalBeijing Jingdong Century Trading Co Ltd
Priority to CN202010832195.1ApriorityCriticalpatent/CN113765869B/en
Publication of CN113765869ApublicationCriticalpatent/CN113765869A/en
Application grantedgrantedCritical
Publication of CN113765869BpublicationCriticalpatent/CN113765869B/en
Activelegal-statusCriticalCurrent
Anticipated expirationlegal-statusCritical

Links

Images

Classifications

Landscapes

Abstract

The embodiment of the invention discloses a login method, a login device, a server and a storage medium. The method is applied to a unified login server and comprises the following steps: when a system login request is received, acquiring a system to be logged in corresponding to the system login request and signature information of a user to be logged in; determining login information of a user to be logged in relative to a system to be logged in according to the signature information, and determining a login execution command according to the login information; and returning the login execution command to the system server so that the system server forwards the login execution command to the system client to execute the login operation. According to the technical scheme of the embodiment of the invention, the login logic only needs to be developed at the unified login server, and the login logic does not need to be developed at the system server corresponding to each system to be logged in, so that the problem that the development pressure of developers is increased due to repeated development of the login logic is solved.

Description

Login method, device, server and storage medium
Technical Field
The embodiment of the invention relates to the technical field of computer application, in particular to a login method, a login device, a server and a storage medium.
Background
With the rapid development of internet technology and the gradual complexity of business, many business systems start to be divided vertically, and at this time, the login service of each business system is very important.
Generally, each business system develops a set of login logic, and a user needs to log in the business system based on the login logic before operating the business system.
In the process of implementing the invention, the inventor finds that the following technical problems exist in the prior art: repeated development of login logic of multiple sets of business systems increases development pressure of developers.
Disclosure of Invention
The embodiment of the invention provides a login method, a login device, a server and a storage medium, and solves the problem that development pressure of developers is increased due to repeated development of login logic.
In a first aspect, an embodiment of the present invention provides a login method, which is applied to a unified login server, where the method may include:
when a system login request is received, acquiring a system to be logged in corresponding to the system login request and signature information of a user to be logged in, wherein the system login request is a request forwarded by a system server of the system to be logged in after receiving a system login request sent by a system client of the system to be logged in;
determining login information of a user to be logged in relative to a system to be logged in according to the signature information, and determining a login execution command according to the login information;
and returning the login execution command to the system server so that the system server forwards the login execution command to the system client to execute the login operation.
In a second aspect, an embodiment of the present invention further provides a login method, which is applied to a system server, where the method may include:
receiving a system login request, wherein the system login request is a request sent by a system client of a system to be logged in when monitoring that a user to be logged in pre-starts the system to be logged in;
sending a system login request to a unified login server, and receiving a login execution command, wherein the login execution command is a command sent by the unified login server according to the system login request;
and forwarding the login execution command to the system client so that the system client executes login operation according to the login execution command.
In a third aspect, an embodiment of the present invention further provides a login device configured at a unified login server, where the login device may include:
the system comprises a first request receiving module, a second request receiving module and a third request receiving module, wherein the first request receiving module is used for acquiring a system to be logged and signature information of a user to be logged, which corresponds to a system login request, when the system login request is received, and the system login request is a request forwarded by a system server of the system to be logged after receiving the system login request sent by a system client of the system to be logged;
the command determining module is used for determining login information of the user to be logged in relative to the system to be logged in according to the signature information and determining a login execution command according to the login information;
the first login module is used for returning the login execution command to the system server so that the system server forwards the login execution command to the system client to execute the login operation.
In a fourth aspect, an embodiment of the present invention further provides a login device configured at a system server, where the login device may include:
the second request receiving module is used for receiving a system login request, wherein the system login request is a request sent by a system client of the system to be logged in when monitoring that a user to be logged in pre-starts the system to be logged in;
the command receiving module is used for sending the system login request to the unified login server and receiving a login execution command, wherein the login execution command is a command sent by the unified login server according to the system login request;
and the second login module is used for forwarding the login execution command to the system client so that the system client executes login operation according to the login execution command.
In a fifth aspect, an embodiment of the present invention further provides a unified login server, where the unified login server may include:
one or more processors;
a memory for storing one or more programs;
when the one or more programs are executed by the one or more processors, the one or more processors are caused to implement the login method provided by any embodiment of the present invention.
In a sixth aspect, an embodiment of the present invention further provides a system server, which may include:
one or more processors;
a memory for storing one or more programs;
when the one or more programs are executed by the one or more processors, the one or more processors are caused to implement the login method provided by any embodiment of the present invention.
In a seventh aspect, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the login method provided in any embodiment of the present invention.
According to the technical scheme of the embodiment of the invention, when the unified login server receives the system login request forwarded by the system server, the login information of the user to be logged in relative to the system to be logged in can be determined according to the system login request, and the login execution command is determined according to the login information; therefore, the unified login server sends the login execution command to the system client through the system server, so that the system client determines whether the user to be logged in can log in the system to be logged in according to the login execution command. According to the technical scheme, the login logic only needs to be developed at the unified login server, the login logic does not need to be developed on the system server corresponding to each system to be logged in, the problem that the development pressure of developers is increased due to repeated development of the login logic is solved, and the effect of controlling the login conditions of a plurality of systems to be logged in interacting with the unified login server based on the unified login server is achieved.
Drawings
Fig. 1 is a flowchart of a login method according to a first embodiment of the present invention;
fig. 2 is an application diagram of a unified login server in a login method according to a first embodiment of the present invention;
fig. 3 is a flowchart of a login method in the second embodiment of the present invention;
fig. 4 is a schematic diagram of an application of the SDK mode in a login method according to a second embodiment of the present invention;
fig. 5 is a schematic structural diagram of an overall system in a login method according to a second embodiment of the present invention;
fig. 6 is a schematic application diagram of the overall system in a login method in the second embodiment of the present invention;
fig. 7 is a block diagram of a login apparatus in a third embodiment of the present invention;
fig. 8 is a block diagram of a login apparatus in a fourth embodiment of the present invention;
fig. 9 is a schematic structural diagram of a unified login server according to a fifth embodiment of the present invention;
fig. 10 is a schematic structural diagram of a system server according to a sixth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Before the embodiment of the present invention is described, an application scenario of the embodiment of the present invention is exemplarily described: the login method in the embodiment of the invention is a passive login method, which can be applied to login of an internal system of a certain company, taking an Enterprise Resource Planning (ERP) system as an example, when a certain user wants to open the ERP system, a client (namely, the ERP system client where the ERP system is located) operated by the user sends a corresponding system login request to the ERP system server where the ERP system is located, so that the ERP system server forwards the system login request to a uniform login server, and the uniform login server is a server interacting with a plurality of system servers; at this moment, the unified login server judges whether the user can log in the ERP system or not according to the system login request, and returns a judgment result to the ERP system client by taking the ERP system server as a medium, so that the user can enter the ERP system when the ERP system client determines that the user can log in the ERP system according to the judgment result, namely the user can see related contents in the ERP system.
Example one
Fig. 1 is a flowchart of a login method applied to a unified login server according to an embodiment of the present invention. The embodiment can be applied to the condition that the login condition of each system to be logged in is controlled based on the unified login service end. The method can be executed by the login device provided by the embodiment of the invention, the device can be realized by software and/or hardware, and the device can be integrated on the unified login server.
Referring to fig. 1, the method of the embodiment of the present invention specifically includes the following steps:
s110, when a system login request is received, acquiring a system to be logged in corresponding to the system login request and signature information of a user to be logged in, wherein the system login request is a request forwarded by a system server of the system to be logged in after receiving a system login request sent by a system client of the system to be logged in.
For convenience of description, a server where the system to be logged in is located is referred to as a system server, and a client where the system to be logged in is located is referred to as a system client. On this basis, when receiving the system login request sent by the system client, the system server may forward the system login request to the unified login server, so that the unified login server receives the system login request. In practical applications, the system login request may be a request sent by a user to be logged in through a system client to pre-log in a system to be logged in, the system to be logged in is a system to which the user to be logged in is pre-logged in, the user to be logged in is a user pre-logged in the system to be logged in, and the signature information is information preset by the user to be logged in for the system to be logged in, and may be, for example, a user name and a password.
It should be noted that, first, the number of the system servers interacting with the unified login server may be one, two, or more, and each system server corresponds to a respective system to be logged in, that is, the unified login server may control the login condition of at least one system to be logged in. Secondly, taking a certain system to be logged in as an example, the number of the corresponding system servers is one, and the number of the corresponding system clients can be one, two or more, because the system to be logged in can be installed on different system clients, and each system client interacts with the same system server, that is, the system server can receive system login requests sent by different system clients. And thirdly, the system client can send out the system login request through different login sources, because the user to be logged in can start the system to be logged in through different login sources, for example, the user to be logged in starts the system to be logged in through WeChat, Payment treasure, dong or Single Sign On (SSO).
And S120, determining login information of the user to be logged in relative to the system to be logged in according to the signature information, and determining a login execution command according to the login information.
The login information may be a login state, a login authority, and the like, that is, it may be determined whether the user to be logged in has logged in to the system to be logged in, whether the user to be logged in has the authority to log in to the system to be logged in, and the like according to the signature information. Further, a login execution command may be determined according to the login information, where the login execution command is a command that is pre-sent to the system server to enable the system server to determine whether the user to be logged in can log on the system to be logged in, and the login execution command may be, for example, a login permission command, a login rejection command, a login inquiry command, or the like.
Further, optionally, when the login execution command is a login permission command, attribute information of the user to be logged in, such as sex, age, identification number and the like, may be determined according to the signature information and/or the login information, and the unified login server may also return the attribute information to the system server, so that the system server forwards the attribute information to the system client, so that the system client displays the attribute information. Optionally, operation information of the user to be logged in relative to the system to be logged in may also be determined, and the operation information is returned to the system server, so that the system server determines the executable operation of the user to be logged in according to the operation information. The operation information is information related to whether the user to be logged in can perform certain operations on the system to be logged in, such as whether the user to be logged in can see certain data on the system to be logged in, whether the data can be modified, and the like. Therefore, the system server can determine the executable operation of the user to be logged in relative to the system to be logged in according to the operation information, and the executable operation is the operation which can be executed by the user to be logged in on the system to be logged in.
S130, returning the login execution command to the system server, so that the system server forwards the login execution command to the system client to execute the login operation.
The unified login server side can send the login execution command to the system server side, so that the system server side forwards the received login execution command to the system client side, and the system client side can determine whether a user to be logged in logs in the system to be logged in, whether the user to be logged in can log in the system to be logged in and the like according to the received login execution command.
According to the technical scheme of the embodiment of the invention, when the unified login server receives the system login request forwarded by the system server, the login information of the user to be logged in relative to the system to be logged in can be determined according to the system login request, and the login execution command is determined according to the login information; therefore, the unified login server sends the login execution command to the system client through the system server, so that the system client determines whether the user to be logged in can log in the system to be logged in according to the login execution command. According to the technical scheme, the login logic only needs to be developed at the unified login server, the login logic does not need to be developed on the system server corresponding to each system to be logged in, the problem that the development pressure of developers is increased due to repeated development of the login logic is solved, and the effect of controlling the login conditions of a plurality of systems to be logged in interacting with the unified login server based on the unified login server is achieved.
A selectable technical solution, where login information of a user to be logged in with respect to a system to be logged in is determined according to signature information, may specifically include: and screening out a target mapping relation corresponding to the signature information and the system to be logged from a plurality of pre-stored mapping relations, and determining login information of the user to be logged relative to the system to be logged according to the target mapping relation. The mapping relationship can be pre-stored in various ways, and can be the signature information of a loggable user under the system to be logged in and the mapping relationship between the system to be logged in, wherein the loggable user is a user allowed to log in to the system to be logged in; the system login method can be used for determining the mapping relationship between the signature information of a login-prohibited user under the system to be logged in and the system to be logged in, wherein the login-prohibited user is a user who is prohibited from logging in the system to be logged in; the mapping relationship between the signature information and the login information of the user to be logged in under the system to be logged in can be obtained; the system to be logged in, the signature information and the login information can be mapped; and so on. Therefore, after the signature information and the system to be logged are obtained, a target mapping relation matched with the signature information and the system to be logged can be screened from each pre-stored mapping relation, and the target mapping relation can be directly screened from each mapping relation according to the signature information and the system to be logged; or screening out a mapping relation related to the system to be logged from all mapping relations, and then screening out a target mapping relation related to the signature information from the mapping relation related to the system to be logged; and so on.
The advantage of such an arrangement is that, in the prior art, each system server develops a set of login logic, which means that each system server corresponds to a respective system database, and the system database stores data that needs to be maintained by the corresponding system server, where the data may be mapping relationships, user information, and the like, and the user information is information related to a user to be logged in, such as signature information, operation information, attribute information, and the like. However, many users to be logged in can log in to multiple systems to be logged in, which means that there is overlapping content in data stored in multiple system databases, and resources are wasted. In addition, in order to ensure the validity, real-time performance and consistency of data, the data in each system database needs to be synchronized periodically, which increases the working pressure of operation and maintenance personnel. In addition, if a user to be logged in leaves the job and the user information of the user to be logged in is stored in a plurality of system databases, the processing process of the user information is complicated.
Correspondingly, in the application, the data in each system database is fused into the unified login database corresponding to the unified login server, so that even if a plurality of systems to be logged in have the same user to be logged in, the user information of the user to be logged in is only one piece of user information in the unified login database, and the effects of saving resources, omitting a data synchronization process and simplifying a data processing process are achieved. Particularly, in consideration of the actual application scenario of the embodiment of the invention, the users to be logged in can log in the same system to be logged in through different login sources, and the application of the unified login server is beneficial to unified management and unified distribution of authority of the multi-source users.
An optional technical solution is that the login execution command includes a login query command, and the login method may further include: when an address acquisition request is received, determining identification information in signature information corresponding to the address acquisition request, and determining a login address of a login source in a system client according to the identification information, wherein the address acquisition request is a request for acquiring the login address returned by a system server after receiving a login inquiry command; and determining a login interface to be presented to the user to be logged in according to the login address, and returning the login interface to the system server, so that the system server forwards the login interface to the system client to execute display operation.
When the signature information acquired by the unified login server from the system login request is not valid information, the login execution command determined according to the signature information is a login inquiry command, namely, the login execution command is a command sent by the unified login server when the unified login server cannot determine whether the user to be logged in can log in the system to be logged in. In view of the application scenario of the embodiment of the present invention, the reason for the above situation may be that when a user to be logged in logs in a system to be logged in via a certain login address for the first time, the system client cannot acquire valid signature information according to the login address, and thus when the unified login server indirectly receives a system login request sent by the system client, the unified login server cannot acquire valid signature information from the system login request.
Therefore, when the login execution command is a login inquiry command, the unified login server, upon receiving an address acquisition request for acquiring a login address returned by the system server, may determine, according to the address acquisition request, identification information in signature information corresponding to the system login request, where the signature information is signature information corresponding to the system login request, and the tag information may be a part of the signature information, which is related to a specific login source. Therefore, the login address of the login source in the corresponding system client can be determined according to the identification information. For example, when a user to be logged in starts a system to be logged in through different login sources, identification information carried by signature information is different, for example, the identification information when the user to be logged in starts through WeChat is wx, and the identification information when the user to be logged in starts through Kyoto SSO is jd, so that a specific login address can be determined by combining the identification information and a specific system client, and the effects of determining a corresponding login address according to the login source and automatically classifying the user to be logged in according to each login source are achieved. Illustratively, the signature information may be represented by keys and tokens.
Further, considering that different login sources correspond to different login interfaces, the login interface to be presented to the user to be logged in can be determined according to the login address, and the login interface is returned to the system server, so that the system server forwards the login interface to the system client, and the system client displays the login interface. At this time, the user to be logged in can input own signature information in the displayed login interface, and then, after receiving the signature information input by the user, the system client can send a system login request corresponding to the signature information to the system server, so that the system server forwards the system login request to the unified login server to execute subsequent login operation. When the subsequent user to be logged in starts the system to be logged in through the login address, the system client can directly acquire effective signature information.
In consideration of application scenarios that may be involved in the embodiments of the present invention, as shown in fig. 2, for example, the unified login server may be divided into four modules: the system comprises a management module, an OpenAPI, a large visual screen and a customization module. The management module can provide management functions for the user to be logged in, such as token management, role management, authority management, timing tasks, detection and synchronization of staff leaving, and the like; the customized module is mainly used for multi-source maintenance and can be divided into multi-source login management, special token management, newly added source configuration, user authority management and the like; the OpenAPI provides restful interface service so as to facilitate secondary packaging of developers and call of http service; the large visual screen is used for analyzing the distribution condition, the use condition and the like of a user to be logged in, is a set of visual solution aiming at large screen display, and is backed by a set of data link, a big data solution and server resource support.
On the basis, when the unified login server determines that the user to be logged in can log in the system to be logged in, the user information of the user to be logged in can be stored in MySQL; on the basis, the analysis data of the user to be logged in can be stored in the ES, so that the search and analysis in the future are facilitated; similarly, the data of the head portrait, the file and the like of the user to be logged in can also be stored in the CFS, wherein the CFS is a set of storage services specially used for compressing and storing the file and the picture, which helps to improve the response speed of the file and the adaptivity of the picture. Meanwhile, the unified login service system also uses UMP and logbook to timely discover and eliminate the abnormal state of the user to be logged in. In addition, the unified login server provides a Software Development Kit (SDK) mode for the system server to perform an application, and a specific implementation process of the application will be described in the following embodiments.
Namely, the unified login server flexibly realizes multi-source pluggable through tools such as jimDB, MySQL and the like, namely when a login mode corresponding to a certain login source is added or deleted in advance, a switch corresponding to the login source is only required to be opened or closed, and at the moment, code modification and login configuration do not need to be carried out on each system to be logged in, and the login source is easily replaced. Illustratively, after a switch corresponding to the WeChat is turned on, the WeChat login of each system to be logged in can be applied; otherwise, the WeChat login of each system to be logged in cannot be applied. In addition, abundant login components are provided for the system server through the call of the SDK and the OpenAPI, at the moment, the system server can realize complicated login services only through configuration, and all the system servers can realize login without paying attention to the cache condition of a user to be logged in, so that the production efficiency is improved.
Example two
Fig. 3 is a flowchart of a login method applied to a system server according to a second embodiment of the present invention. The embodiment can be applied to the condition that the login condition of each system to be logged in is controlled based on the unified login service end. The method can be executed by a login device provided by the embodiment of the invention, the device can be realized by software and/or hardware, and the device can be integrated on a system server. The same or corresponding terms as those in the above embodiments are not explained in detail herein.
Referring to fig. 3, the method of the embodiment of the present invention specifically includes the following steps:
s210, receiving a system login request, wherein the system login request is a request sent by a system client of the system to be logged in when monitoring that a user to be logged in pre-starts the system to be logged in.
When monitoring that a user to be logged in pre-starts a system to be logged in, the system client sends a system login request to the system server, so that the system server receives the system login request.
S220, sending the system login request to the unified login server, and receiving a login execution command, wherein the login execution command is a command sent by the unified login server according to the system login request.
The system server side forwards the received system login request to the unified login server side so that the unified login server side determines a login execution command according to the system login request and returns the login execution command to the system server side so that the system server side receives the login execution command.
And S230, forwarding the login execution command to the system client so that the system client executes login operation according to the login execution command.
The system server side transmits the received login execution command to the system client side, so that the system client side executes login operation according to the login execution command.
According to the technical scheme of the embodiment of the invention, the system server forwards the system login request sent by the system client when monitoring that the user to be logged in pre-starts the system to be logged in to the unified login server, so that the unified login server determines the login execution command according to the system login request; and then, the system server returns the login execution command returned by the unified login server to the system client so that the system client executes the login operation according to the login execution command. According to the technical scheme, the determining process of the login executing command of each system to be logged in is executed by the unified login server, so that the login logic only needs to be developed at the unified login server, the login logic does not need to be developed at each system server, and the problem that the development pressure of developers is increased due to repeated development of the login logic is solved.
On this basis, an optional technical solution is to send the system login request to the unified login server, and may specifically include: acquiring a programming language of a system client, and determining a login mode according to the programming language; and sending a system login request to the unified login server by calling a login mode. The system server side can determine the service scene where the system client side is located from the system login request sent by the system client side, and can determine the programming language of the system client side according to the service scene. For example, the system server determines whether the system client is a PC or a mobile terminal according to the identification information in the system login request, and then determines the programming language according to the specific type of the PC or the mobile terminal, for example, the programming language of the apple-mobile phone is Objective-C and the programming language of the android-mobile phone is Java. Furthermore, the login modes can be determined according to the programming language, and the processing processes of the system login requests by the login modes are different, so that the system login requests can be sent to the unified login server by calling the login modes. Optionally, the login mode may be an SDK mode or an http mode.
In consideration of application scenarios that may be involved in embodiments of the present invention, for example, the specific login mode may be determined by a login mode provided by the unified login server, for example, when the unified login server provides an SDK mode of some programming languages, as shown in fig. 2, the unified login server provides SDK modes of java, python, Go, and Node, and the login mode determined according to these programming languages is an SDK mode. In the SDK mode, a getuiser interface in the SDK can be called to forward a system login request to a uniform login service terminal, wherein the getuiser interface comprises an isredis parameter which can be used for marking whether a back-end cache is used, and if not, the system service terminal is required to inquire the cache record service of the system service terminal to ensure the timeliness and the accuracy of login. For another example, for those programming languages or web page formats that are not provided by the unified login server, the login mode at this time may be an http mode, which requires the system server to perform some intercepting operations, login operations, and the like by calling an openAPI in the unified login server. When the SDK mode and the http mode exist simultaneously, the unified login server and the system server are matched with each other, and login service under any scene can be executed.
On this basis, sending the system login request to the unified login server by calling the login mode, which may specifically include: acquiring cookie information of a user to be logged in according to the system login request, decrypting the cookie information, and updating the cookie information according to a decryption result; and checking the cookie information, and if the cookie information is determined not to be fake information according to the checking result, sending a system login request to the unified login server. The cookie information is encrypted information related to the user to be logged in, such as encrypted signature information. The system server side can directly decrypt the cookie information without calling a remote authentication interface, so that the requests among services are reduced, and the software service performance is improved; further, the system server checks the decrypted cookie information to judge whether the cookie information is fake information or not, thereby preventing malicious attack of the fake information. Particularly, in the SDK mode, these decryption check operations can be directly provided by the SDK, and the system service end only needs to configure the corresponding SDK component in advance, and does not need to perform other operations.
Exemplarily, as shown in fig. 4, the system server performs decryption processing and verification processing on each received system login request, intercepts illegal system login requests, and sends legal system login requests to the unified login server; the unified login server stores the login information determined according to the system login request into the cache and returns the login execution command determined according to the login information to the system server, and at the moment, the system server does not need to pay attention to the cache problem.
On this basis, optionally, the login method may further include: acquiring cookie information of a user to be logged in according to a system login request, and determining a first domain name where the cookie information is located and a second domain name corresponding to a system server; and if the first domain name and the second domain name belong to different domains, writing the cookie information into the second domain name. After the user to be logged in logs in the system to be logged in, if the user is logged in the same domain, cookie information does not need to be written into the second domain name; if the login is a foreign domain login, cookie information can be written into the second domain name to realize cross-domain login, and the cookie information can include non-sensitive information such as name, gender, department, state and the like of the user to be logged in. Illustratively, taking the first domain name www.jd.com and the second domain name www.jdcloud.com as examples, the two are different domains, that is, the cookie information is originally in the first domain name, and is now rewritten in the second domain name, and cross-domain login is realized by rewriting the domain names.
In order to better understand the login method in the above embodiments, an exemplary description is given below with reference to fig. 5 and 6. For example, an architecture diagram of an overall system composed of a system client, a unified login server and a system server is shown in fig. 5, where the system client may be a PC end or a mobile end, which is a multi-end; the unified login server provides an SDK mode and an http mode; system login requests for login through different login sources are all sent to a system server, such as SSO in a mall, cloud login, WeChat, Dong and the like, which are multiple sources. Fig. 6 shows an application diagram of the overall system, in the PC, a cache service may be requested from the unified login service terminal by invoking the SDK mode to obtain a login execution command; in the mobile terminal, besides the SDK mode, a cache service can be directly and remotely requested from the unified login service terminal by calling an http model so as to obtain a login execution command. According to the technical scheme, the effect of multi-source multi-terminal multi-domain unified login is achieved, each system server does not need to care about the specific implementation process of login service, and the login effect can be achieved only by calling the SDK mode or the http mode.
EXAMPLE III
Fig. 7 is a block diagram of a login apparatus according to a third embodiment of the present invention, where the apparatus is configured on a unified login server, and the apparatus is configured to execute the login method according to the first embodiment of the present invention. The device and the login method provided by the first embodiment belong to the same inventive concept, and details which are not described in detail in the embodiment of the login device can refer to the embodiment of the login method. Referring to fig. 7, the apparatus may specifically include: a firstrequest receiving module 310, acommand determining module 320, and afirst logging module 330.
The firstrequest receiving module 310 is configured to, when receiving a system login request, obtain a system to be logged in corresponding to the system login request and signature information of a user to be logged in, where the system login request is a request forwarded by a system server of the system to be logged in after receiving a system login request sent by a system client of the system to be logged in;
thecommand determining module 320 is configured to determine login information of the user to be logged in relative to the system to be logged in according to the signature information, and determine a login execution command according to the login information;
thefirst login module 330 is configured to return a login execution command to the system server, so that the system server forwards the login execution command to the system client to execute a login operation.
Optionally, thecommand determining module 320 may specifically include:
and the login information determining unit is used for screening out a target mapping relation corresponding to the signature information and the system to be logged from a plurality of pre-stored mapping relations and determining login information of the user to be logged relative to the system to be logged according to the target mapping relation.
Optionally, the login execution command includes a login query command, and the apparatus may further include:
the system comprises a login address determining module, a login address determining module and a login request sending module, wherein the login address determining module is used for determining identification information in signature information corresponding to an address acquisition request when the address acquisition request is received, and determining a login address of a login source in a system client according to the identification information, and the address acquisition request is a request which is returned by a system server after a login inquiry command is received and is used for acquiring the login address;
and the login interface determining module is used for determining a login interface to be presented to a user to be logged in according to the login address and returning the login interface to the system server so that the system server forwards the login interface to the system client to execute display operation.
Optionally, the login execution command includes a login permission command, and the apparatus may further include:
the operation information determining module is used for determining the operation information of the user to be logged relative to the system to be logged;
and the executable operation determining module is used for returning the operation information to the system server so that the system server determines the executable operation of the user to be logged in according to the operation information.
According to the login device provided by the third embodiment of the invention, through the mutual cooperation of the first request receiving module and the command determining module, when the unified login server receives the system login request forwarded by the system server, the login information of the user to be logged in relative to the system to be logged in can be determined according to the system login request, and the login execution command is determined according to the login information; therefore, the first login module sends the login execution command to the system client through the system server, so that the system client determines whether the user to be logged in can log in the system to be logged in according to the login execution command. According to the device, the login logic only needs to be developed at the unified login server, and the login logic does not need to be developed on the system server corresponding to each system to be logged in, so that the problem that the development pressure of developers is increased due to repeated development of the login logic is solved, and the effect of controlling the login conditions of a plurality of systems to be logged in interacting with the unified login server based on the unified login server is realized.
The login device provided by the embodiment of the invention can execute the login method provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.
It should be noted that, in the embodiment of the above login device, the included units and modules are merely divided according to functional logic, but are not limited to the above division as long as the corresponding functions can be implemented; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention.
Example four
Fig. 8 is a block diagram of a login device according to a fourth embodiment of the present invention, where the login device is configured on a system server and is configured to execute the login method according to the second embodiment of the present invention. The device and the login method provided by the second embodiment belong to the same inventive concept, and details which are not described in detail in the embodiment of the login device can refer to the embodiment of the login method. Referring to fig. 8, the apparatus may specifically include: a secondrequest receiving module 410, acommand receiving module 420, and asecond login module 430.
The secondrequest receiving module 410 is configured to receive a system login request, where the system login request is a request sent by a system client of a system to be logged in when it is monitored that a user to be logged in starts the system to be logged in advance;
thecommand receiving module 420 is configured to send a system login request to the unified login server, and receive a login execution command, where the login execution command is a command sent by the unified login server according to the system login request;
thesecond login module 430 is configured to forward the login execution command to the system client, so that the system client executes a login operation according to the login execution command.
Optionally, thecommand receiving module 420 may specifically include:
and the system login request sending unit is used for acquiring the programming language of the system client, determining a login mode according to the programming language and sending the system login request to the unified login server by calling the login mode.
Optionally, the login mode may include an SDK mode or an http mode.
Optionally, the system login request sending unit may specifically include:
the decryption subunit is used for acquiring cookie information of the user to be logged in according to the system login request, decrypting the cookie information and updating the cookie information according to a decryption result;
and the verification subunit is used for verifying the cookie information, and if the cookie information is determined not to be fake information according to the verification result, sending the system login request to the unified login server.
Optionally, the system login request sending unit may further include:
and the interception subunit is used for intercepting the system login request if the cookie information is determined to be fake information according to the verification result.
Optionally, on the basis of the above apparatus, the apparatus may further include:
the domain name determining module is used for acquiring cookie information of a user to be logged in according to the system login request, and determining a first domain name where the cookie information is located and a second domain name corresponding to the system server;
and the domain name rewriting module is used for writing the cookie information into the second domain name if the first domain name and the second domain name belong to different domains.
In the login device provided by the fourth embodiment of the present invention, the second request receiving module and the command receiving module are matched with each other, and the system server forwards the system login request sent by the system client when monitoring that the user to be logged in pre-starts the system to be logged in to the unified login server, so that the unified login server determines the login execution command according to the system login request; and further, the second login module returns a login execution command returned by the unified login server to the system client so that the system client executes login operation according to the login execution command. According to the device, the determination process of the login execution command of each system to be logged in is executed by the unified login server, which means that only the login logic needs to be developed at the unified login server, the login logic does not need to be developed at each system server, and the problem that the development pressure of developers is increased due to repeated development of the login logic is solved.
The login device provided by the embodiment of the invention can execute the login method provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.
It should be noted that, in the embodiment of the above login device, the included units and modules are merely divided according to functional logic, but are not limited to the above division as long as the corresponding functions can be implemented; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention.
EXAMPLE five
Fig. 9 is a schematic structural diagram of a unified login server according to a fifth embodiment of the present invention, as shown in fig. 9, the unified login server may include amemory 510, aprocessor 520, aninput device 530, and anoutput device 540. The number of theprocessors 520 in the unified login server may be one or more, and oneprocessor 520 is taken as an example in fig. 9; thememory 510, theprocessor 520, theinput device 530, and theoutput device 540 in the unified login server may be connected by a bus or other means, and are exemplified by abus 550 in fig. 9.
Thememory 510 is used as a computer-readable storage medium for storing software programs, computer-executable programs, and modules, such as program instructions/modules corresponding to the login method in the embodiment of the present invention (e.g., the firstrequest receiving module 310, thecommand determining module 320, and thefirst login module 330 in the login apparatus). Theprocessor 520 executes various functional applications and data processing of the unified login server by executing software programs, instructions and modules stored in thememory 510, so as to implement the login method described above.
Thememory 510 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the unified login server, and the like. Further, thememory 510 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some examples,memory 510 may further include memory located remotely fromprocessor 520, which may be connected to devices through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
Theinput device 530 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the device. Theoutput device 540 may include a display device such as a display screen.
EXAMPLE six
Fig. 10 is a schematic structural diagram of a system server according to a sixth embodiment of the present invention, as shown in fig. 10, the system server includes amemory 610, aprocessor 620, aninput device 630, and anoutput device 640. The number of theprocessors 620 in the system server may be one or more, and oneprocessor 620 is taken as an example in fig. 10; thememory 610,processor 620,input device 630, andoutput device 640 in the system server may be connected by a bus or other means, such asbus 650 in fig. 10.
Thememory 610, which is a computer-readable storage medium, may be used to store software programs, computer-executable programs, and modules, such as program instructions/modules corresponding to the login method in the embodiment of the present invention (e.g., the secondrequest receiving module 410, thecommand receiving module 420, and thesecond login module 430 in the login apparatus). Theprocessor 620 executes various functional applications and data processing of the system server by executing software programs, instructions and modules stored in thememory 610, so as to implement the above-mentioned login method.
Thememory 610 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required for at least one function; the storage data area may store data created according to use of a system server, and the like. Further, thememory 610 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some examples,memory 610 may further include memory located remotely fromprocessor 620, which may be connected to devices through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
Theinput device 630 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function controls of the device. Theoutput device 640 may include a display device such as a display screen.
EXAMPLE seven
A seventh embodiment of the present invention provides a storage medium containing computer-executable instructions, which when executed by a computer processor, are configured to perform a login method, the method including:
when a system login request is received, acquiring a system to be logged in corresponding to the system login request and signature information of a user to be logged in, wherein the system login request is a request forwarded by a system server of the system to be logged in after receiving a system login request sent by a system client of the system to be logged in;
determining login information of a user to be logged in relative to a system to be logged in according to the signature information, and determining a login execution command according to the login information;
and returning the login execution command to the system server so that the system server forwards the login execution command to the system client to execute the login operation.
Of course, the storage medium provided by the embodiment of the present invention contains computer-executable instructions, and the computer-executable instructions are not limited to the operations of the method described above, and may also perform related operations in the login method provided by any embodiment of the present invention.
Example eight
An eighth embodiment of the present invention provides a storage medium containing computer-executable instructions, which when executed by a computer processor, are configured to perform a login method, the method including:
receiving a system login request, wherein the system login request is a request sent by a system client of a system to be logged in when monitoring that a user to be logged in pre-starts the system to be logged in;
sending a system login request to a unified login server, and receiving a login execution command, wherein the login execution command is a command sent by the unified login server according to the system login request;
and forwarding the login execution command to the system client so that the system client executes login operation according to the login execution command.
Of course, the storage medium provided by the embodiment of the present invention contains computer-executable instructions, and the computer-executable instructions are not limited to the operations of the method described above, and may also perform related operations in the login method provided by any embodiment of the present invention.
From the above description of the embodiments, it is obvious for those skilled in the art that the present invention can be implemented by software and necessary general hardware, and certainly, can also be implemented by hardware, but the former is a better embodiment in many cases. With this understanding, the technical solutions of the present invention may be embodied in the form of a software product, which can be stored in a computer-readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, and includes instructions for enabling a computer device (which may be a personal computer, a server, or a network device) to execute the methods according to the embodiments of the present invention.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.

Claims (15)

CN202010832195.1A2020-08-182020-08-18Login method, login device, server side and storage mediumActiveCN113765869B (en)

Priority Applications (1)

Application NumberPriority DateFiling DateTitle
CN202010832195.1ACN113765869B (en)2020-08-182020-08-18Login method, login device, server side and storage medium

Applications Claiming Priority (1)

Application NumberPriority DateFiling DateTitle
CN202010832195.1ACN113765869B (en)2020-08-182020-08-18Login method, login device, server side and storage medium

Publications (2)

Publication NumberPublication Date
CN113765869Atrue CN113765869A (en)2021-12-07
CN113765869B CN113765869B (en)2023-06-30

Family

ID=78785590

Family Applications (1)

Application NumberTitlePriority DateFiling Date
CN202010832195.1AActiveCN113765869B (en)2020-08-182020-08-18Login method, login device, server side and storage medium

Country Status (1)

CountryLink
CN (1)CN113765869B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
CN116827930A (en)*2023-03-272023-09-29盘锦千寻信息技术有限公司 portable computer
CN119728259A (en)*2024-12-242025-03-28杭州三六零亿方智能有限公司 User login method, device, equipment, storage medium and computer program product

Citations (12)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
CN101136915A (en)*2007-10-162008-03-05中兴通讯股份有限公司Method and system for implementing multi-service united safety authentication
CN102682009A (en)*2011-03-112012-09-19腾讯科技(北京)有限公司Method and system for logging in webpage
CN104518876A (en)*2013-09-292015-04-15腾讯科技(深圳)有限公司Service login method and device
CN105959276A (en)*2016-04-272016-09-21青岛海信传媒网络技术有限公司Application control method, device, and terminal device based on third party account login
CN106130881A (en)*2016-07-072016-11-16腾讯科技(深圳)有限公司A kind of account number login method and device
US20170048252A1 (en)*2015-08-142017-02-16Oracle International CorporationDiscovery of federated logins
CN107819722A (en)*2016-09-102018-03-20长沙有干货网络技术有限公司A kind of design method of the Centralized Authentication System based on Cookie
CN107948210A (en)*2018-01-082018-04-20武汉斗鱼网络科技有限公司A kind of login method, device, client, server and medium
CN108712372A (en)*2018-04-032018-10-26福建天泉教育科技有限公司A kind of method and system of client access WEB third party logins
US20190097996A1 (en)*2016-05-092019-03-28Alibaba Group Holding LimitedAutomatic login method and device between multiple websites
CN110830463A (en)*2019-10-302020-02-21腾讯科技(深圳)有限公司Third party authorized login method and device
CN111404921A (en)*2020-03-122020-07-10广州市百果园信息技术有限公司Webpage application access method, device, equipment, system and storage medium

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
CN101136915A (en)*2007-10-162008-03-05中兴通讯股份有限公司Method and system for implementing multi-service united safety authentication
CN102682009A (en)*2011-03-112012-09-19腾讯科技(北京)有限公司Method and system for logging in webpage
CN104518876A (en)*2013-09-292015-04-15腾讯科技(深圳)有限公司Service login method and device
US20170048252A1 (en)*2015-08-142017-02-16Oracle International CorporationDiscovery of federated logins
CN105959276A (en)*2016-04-272016-09-21青岛海信传媒网络技术有限公司Application control method, device, and terminal device based on third party account login
US20190097996A1 (en)*2016-05-092019-03-28Alibaba Group Holding LimitedAutomatic login method and device between multiple websites
CN106130881A (en)*2016-07-072016-11-16腾讯科技(深圳)有限公司A kind of account number login method and device
CN107819722A (en)*2016-09-102018-03-20长沙有干货网络技术有限公司A kind of design method of the Centralized Authentication System based on Cookie
CN107948210A (en)*2018-01-082018-04-20武汉斗鱼网络科技有限公司A kind of login method, device, client, server and medium
CN108712372A (en)*2018-04-032018-10-26福建天泉教育科技有限公司A kind of method and system of client access WEB third party logins
CN110830463A (en)*2019-10-302020-02-21腾讯科技(深圳)有限公司Third party authorized login method and device
CN111404921A (en)*2020-03-122020-07-10广州市百果园信息技术有限公司Webpage application access method, device, equipment, system and storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
CN116827930A (en)*2023-03-272023-09-29盘锦千寻信息技术有限公司 portable computer
CN119728259A (en)*2024-12-242025-03-28杭州三六零亿方智能有限公司 User login method, device, equipment, storage medium and computer program product

Also Published As

Publication numberPublication date
CN113765869B (en)2023-06-30

Similar Documents

PublicationPublication DateTitle
US11582040B2 (en)Permissions from entities to access information
CN108923908B (en)Authorization processing method, device, equipment and storage medium
AU2015267387B2 (en)Method and apparatus for automating the building of threat models for the public cloud
US9930103B2 (en)Endpoint management system providing an application programming interface proxy service
US8793359B1 (en)Systems and/or methods for intelligently detecting API key domains
CN111488598A (en)Access control method, device, computer equipment and storage medium
JP2022529967A (en) Extracting data from the blockchain network
CN108121918B (en)Bidirectional cooperation system and method for internal and external services of bank
US11481508B2 (en)Data access monitoring and control
CN103049684A (en)Data authority control method and data authority control system based on RBAC (role-based access control) model extension
CN113612740A (en)Authority management method and device, computer readable medium and electronic equipment
US20150089626A1 (en)System and method providing marketplace for big data applications
CN106452815B (en) An information management method, device and system
CN115801472B (en)Authority management method and system based on authentication gateway
CN114207615A (en) System and method for maintaining immutable data access logs with privacy
WO2022257226A1 (en)Cyberspace mapping-based honeypot recognition method and apparatus, device, and medium
US20210200595A1 (en)Autonomous Determination of Characteristic(s) and/or Configuration(s) of a Remote Computing Resource to Inform Operation of an Autonomous System Used to Evaluate Preparedness of an Organization to Attacks or Reconnaissance Effort by Antagonistic Third Parties
US11379416B1 (en)Systems and methods for common data ingestion
CN113765869B (en)Login method, login device, server side and storage medium
CN111385293B (en)Network risk detection method and device
CN112651041A (en)Authority control method, device, equipment and storage medium
US20240103939A1 (en)System And Method for Implementing Micro-Application Environments
CN118626056A (en) A method and device for generating business services
US20250007709A1 (en)System and method for secret rotation using contextual management of machine identities
US12388806B2 (en)Enterprise governance inventory and automation tool

Legal Events

DateCodeTitleDescription
PB01Publication
PB01Publication
SE01Entry into force of request for substantive examination
SE01Entry into force of request for substantive examination
GR01Patent grant
GR01Patent grant
[8]ページ先頭
©2009-2025 Movatter.jp