CN118368143B - A memory-sharing single sign-on method and system - Google Patents
A memory-sharing single sign-on method and system Download PDFInfo
- Publication number
- CN118368143B CN118368143B CN202410775178.7A CN202410775178A CN118368143B CN 118368143 B CN118368143 B CN 118368143B CN 202410775178 A CN202410775178 A CN 202410775178A CN 118368143 B CN118368143 B CN 118368143B
- Authority
- CN
- China
- Prior art keywords
- authorization
- memory
- data
- single sign
- code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/41—User authentication where a single sign-on provides access to a plurality of computers
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/544—Buffers; Shared memory; Pipes
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/547—Remote procedure calls [RPC]; Web services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a memory sharing type single sign-on method and a memory sharing type single sign-on system, wherein authorization information is configured in a portal, the authorization information comprises a system code, an authorization level, authorization data and sign-on timeliness, the portal loads the configured authorization information and stores the authorization information in a memory when initialized, when a third party system needs to conduct single sign-on, an authentication module in the memory is called, user identification in the system code and the authorization data is transferred to the authentication module, the authentication module carries out data query according to the user identification in the system code and the authorization data, an authentication result is returned, the third party system is controlled to carry out corresponding processing according to the authentication result, the third party system is controlled to carry out single sign-on according to the authorization information, particularly, a memory sharing mode is adopted, the single sign-on system is involved, the data sharing in the memory area is only needed to carry out one hand-shake, and the data can be opened after the authentication.
Description
Technical Field
The invention belongs to the technical field of memory sharing type single sign-on, and particularly relates to a memory sharing type single sign-on method and system.
Background
Single sign On (SINGLE SIGN On), abbreviated SSO, is one of the more popular solutions for enterprise business integration. SSO is defined as the ability of a user to access all mutually trusted applications by logging in only once in multiple applications.
In the prior art, the single sign-on mode is a mode of calling an interface, so that the single sign-on interface needs to be docked by different systems, and the single sign-on interface is complex and has a plurality of problems, for example, if the system security is insufficient, user information is easy to leak in the transmission process, and moreover, different docking functions need to be developed due to different system login modes, so that time and labor are consumed.
Disclosure of Invention
Based on this, the embodiment of the invention provides a memory sharing single sign-on method and a system for solving the above problems.
The first aspect of the embodiment of the present invention provides a memory sharing single sign-on method, which is applied to a scenario that a third party system needs to perform single sign-on at a portal, and the method includes:
Step one, configuring authorization information in a portal, wherein the authorization information comprises a system code, an authorization level, authorization data and sign-in timeliness;
Step two, loading configured authorization information and storing the authorization information in a memory when the portal is initialized;
Calling an authentication module in the memory when a third party system needs single sign-on, transmitting a system code and a user identification in authorization data to the authentication module, and inquiring data according to the system code and the user identification in the authorization data by the authentication module to return an authentication result;
And step four, controlling a third party system to perform corresponding processing according to an authentication result returned by the authentication module so as to open authorization information, wherein the method specifically comprises the following steps:
when the returned authentication result is failure, checking whether authorization configuration is carried out;
If not, executing the third step after carrying out authorization configuration;
if yes, retrying the third step;
when the authentication result is successful, opening authorization data corresponding to the designated area in the memory according to the sign-in code;
According to the check-in timeliness, an authentication module in a control portal regularly refreshes the authorization data, wherein a user with expired non-check-in can empty the corresponding authorization data from the memory;
Controlling the third party system to use the authorization information, which specifically comprises the following steps:
According to the check-in timeliness and the check-in code, the third party system is controlled to regularly call a check-in module in the memory to check in so as to prolong the service time of the authorization data;
According to the sign-in code, controlling a third party system to call an acquisition module in a memory to acquire required data;
The authentication module performs data query according to the system code and the user identification in the authorization data, and the step of returning an authentication result comprises the following steps:
Searching a user identifier in a memory, and judging whether a corresponding user identifier exists or not;
if yes, searching the system code in the memory, and judging whether the corresponding system code exists;
If so, acquiring corresponding authorization level and authorization data, searching corresponding authorization dictionary data, and if the authorization dictionary data is found, returning authentication success, wherein a string of globally unique check-in codes are sent to a third party system, each check-in code corresponds to a preset area in a memory, and the corresponding authorization dictionary data is placed in the corresponding preset area according to the check-in codes.
Further, the check-in code is generated through a GUID algorithm.
Further, the authentication module performs data query according to the system code and the user identifier in the authorization data, and performs data query by adopting an authentication method AuthenticationMethod in the step of returning the authentication result.
Further, in the step of controlling the third party system to call the acquisition module in the memory to acquire the required data according to the sign-in code, the GetInfo method is adopted to acquire the required data.
A second aspect of an embodiment of the present invention provides a memory sharing single sign-on system, configured to implement a memory sharing single sign-on method as described in the first aspect, where the system includes:
The configuration module is used for configuring authorization information in the portal, wherein the authorization information comprises system codes, authorization levels, authorization data and check-in timeliness;
The loading module is used for loading the configured authorization information and storing the authorization information in the memory when the portal is initialized;
The data query module is used for calling the authentication module in the memory and transmitting the user identification in the system code and the authorization data to the authentication module when the third party system needs to perform single sign-on, and the authentication module performs data query according to the user identification in the system code and the authorization data and returns an authentication result;
The first control module is used for controlling the third party system to perform corresponding processing according to the authentication result returned by the authentication module so as to open the authorization information;
And the second control module is used for controlling the third party system to use the authorization information.
A third aspect of an embodiment of the present invention provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the memory sharing single sign-on method provided in the first aspect.
A fourth aspect of an embodiment of the present invention provides an electronic device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor implements the memory sharing single sign-on method provided in the first aspect when executing the program.
The memory sharing type single sign-on method and system provided by the embodiment of the invention are characterized in that authorization information is configured in a portal, the authorization information comprises system codes, authorization levels, authorization data and sign-on timeliness, the portal loads the configured authorization information and stores the authorization information in a memory when initialized, when a third party system needs to conduct single sign-on, an authentication module in the memory is called, user identifications in the system codes and the authorization data are transferred to the authentication module, the authentication module carries out data query according to the user identifications in the system codes and the authorization data, an authentication result is returned, the third party system is controlled to carry out corresponding processing according to the authentication result returned by the authentication module, the authorization information is opened, the third party system is controlled to use the authorization information, particularly, the single sign-on is carried out in a memory sharing mode, the single sign-on system is involved, the data sharing in the memory area is carried out, and only one handshake is needed when the data is shared, the user satisfaction degree can be effectively improved after the authentication.
Drawings
FIG. 1 is a flowchart of a method for implementing a memory sharing type single sign-on according to a first embodiment of the present invention;
FIG. 2 is a schematic diagram of configuration content;
FIG. 3 is a block diagram illustrating a memory sharing single sign-on system according to a second embodiment of the present invention;
fig. 4 is a block diagram of an electronic device according to a third embodiment of the present invention.
Detailed Description
In order that the invention may be readily understood, a more complete description of the invention will be rendered by reference to the appended drawings. Several embodiments of the invention are presented in the figures. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete.
It will be understood that when an element is referred to as being "mounted" on another element, it can be directly on the other element or intervening elements may also be present. When an element is referred to as being "connected" to another element, it can be directly connected to the other element or intervening elements may also be present. The terms "vertical," "horizontal," "left," "right," and the like are used herein for illustrative purposes only.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used herein in the description of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. The term "and/or" as used herein includes any and all combinations of one or more of the associated listed items.
Example 1
Referring to fig. 1, fig. 1 shows a memory sharing single sign-on method according to an embodiment of the invention, which specifically includes steps S01 to S05.
In step S01, authorization information is configured in the portal, where the authorization information includes a system code, an authorization level, authorization data, and a check-in time.
Specifically, when a third party system needs to perform single sign-on at a portal, configuration of single sign-on related information is required to be performed at the portal, configuration content is shown in fig. 2, wherein system codes are the built-in coding information distributed by each authorization system, authorization levels are divided into a first level, a second level and a third level, each level corresponds to different authorization data, the authorization data are corresponding to the authorization levels in terms of corresponding data authority which can be acquired by the authorization related system, sign-in time is required to be performed at an irregular period after the authorization of the system, and users which do not sign-in on time calculate failure processing, namely single sign-in failure and data acquisition failure.
Step S02, when the portal is initialized, loading the configured authorization information, and storing the authorization information in the memory.
In this embodiment, the format stored in the memory is exemplary:
user rights data format:
{
[
{
“SystemId”:“001”,
"Level": "first Level",
“FailureTime”:“5”,
“Desc”:“”,
},
{
“SystemId”:“002”,
"Level": second Level ",
“FailureTime”:“10”,
“Desc”:“”,
},
{
“SystemId”:“003”,
"Level": three-Level ",
“FailureTime”:“5”,
“Desc”:“”,
},
{
“SystemId”:“004”,
"Level": "first Level",
“FailureTime”:“5”,
“Desc”:“”,
}
]
}
User information:
{
[
{
“UserCode”:“1001”,
"UserName": "Zhang san",
“Age”:“25”,
“Tel”:“12345678900”,
“Pwd”:“123456”
......
},
{
“UserCode”:“1002”,
"UserName": "litetra",
“Age”:“25”,
“Tel”:“12345678900”,
“Pwd”:“123456”
......
},
{
“UserCode”:“1003”,
"UserName": "wangwu",
“Age”:“25”,
“Tel”:“12345678900”,
“Pwd”:“123456”
......
},
{
“UserCode”:“1004”,
"UserName": "Zhao Liu",
“Age”:“25”,
“Tel”:“12345678900”,
“Pwd”:“123456”
......
}
]
}
Dictionary data information:
{
[
{
“type”:“ICD10”,
[
{
"A00.000": classical biological cholera ",
"A00.100": "Eltolt cholera",
"A00.900": "cholera",
......
}
]
“type”:“ICD9”,
[
{
00.01001 "Head vascular therapeutic ultrasound",
"00.01002" Neck vascular therapeutic ultrasound ",
......
}
]
}
]
}。
Step S03, when the third party system needs to perform single sign-on, calling an authentication module in the memory, transmitting the system code and the user identification in the authorization data to the authentication module, and performing data query according to the system code and the user identification in the authorization data by the authentication module to return an authentication result.
Specifically, the step of the authentication module performing data query according to the system code and the user identifier in the authorization data and returning an authentication result includes:
Searching a user identifier in a memory, and judging whether a corresponding user identifier exists or not;
if yes, searching the system code in the memory, and judging whether the corresponding system code exists;
If so, acquiring corresponding authorization level and authorization data, searching corresponding authorization dictionary data, and if the authorization dictionary data is found, returning authentication success, wherein a string of globally unique check-in codes are sent to a third party system, each check-in code corresponds to a preset area in a memory, and the corresponding authorization dictionary data is placed in the corresponding preset area according to the check-in codes.
In this embodiment, according to the user identifier, the data of user identifier= UserCode is searched in the memory user information:
a) If the user information of the related data is not found, returning authentication failure, wherein the description information is that the information of the appointed user is not found;
b) If the user information is found, the next judgment is carried out;
judging SystemId = system code according to the user right data of the system code to the memory;
a) If the related user authority data is not found, returning authentication failure, wherein the description information is that the related user authority data is not found;
b) If the user related authority data is found, the next judgment is carried out;
Searching the data dictionary content which is authorized by the corresponding Level according to the corresponding authority Level and the authorization data (type), wherein the dictionary type=type in the authorization data;
a) If the related authorization dictionary data is not found, the authentication is successfully returned, and the description information is that the related authorization dictionary data is not found;
b) If the related authorization dictionary data is found, the authentication is successful, and the description information is a string of sign-in codes such as 6F 9629 FF-8B86-D011-B42D-00C04FC964FF for the third party system, the globally unique sign-in codes are globally unique, then the authorization dictionary data is put into a specific memory area, the third party system can directly access the memory area to acquire the related data, and the sign-in codes are generated through GUID algorithm, in particular, GUID (Global unique identifier) globally unique identifiers, which are 16-byte binary values generated by identification numbers on network cards (each network card has a unique identification number) and unique numbers of CPU clocks.
The GUID is in the format "xxxxx-xxxx-xxxx-xxxxx-xxxxxxx", wherein each x is a hexadecimal number in the range 0-9 or a-f. For example 76895133-839E-4E 89-BAFC-B253BFF3173F. No duplicate GUID values are generated by any two computers in the world. GUIDs are mainly used for assigning identifiers that must be unique in a network or system having multiple nodes and multiple computers. On Windows platforms, GUID applications are very wide ranging from registries, class and interface identifications, databases, even automatically generated machine names, directory names, etc.
By way of example, the following are GUID generation methods under different operating environments:
SQL Server database
Previously, SQL SERVER databases were developed to assign a column type to an uniqueidentifier in the table definition, and the value of the column was the GUID type.
2. Producing a GUID using T-SQL
Insert into table1 (id, name,) values (NewID (),' Zhang Sany,)
3. Creating a GUID in C #
Guid guid = Guid.NewGuid();
Console.Writeln(guid.ToString());
4. Creating UUIDs in Java
In Java, UUID is changed;
The creation mode is system.out.printin (java.util.uuid.randomuuid ()).
And step S04, controlling a third party system to perform corresponding processing according to the authentication result returned by the authentication module so as to open the authorization information.
Specifically, when the returned authentication result is failure, checking whether authorization configuration is performed;
If not, executing step S03 after carrying out authorization configuration;
If yes, retry step S03;
when the authentication result is successful, opening authorization data corresponding to the designated area in the memory according to the sign-in code;
According to the check-in timeliness, the authentication module in the control portal regularly refreshes the authorization data, wherein the corresponding authorization data can be emptied from the memory by the users with expired and non-check-in, and the third party system cannot be called again.
And step S05, using the authorization information according to the control third party system.
Specifically, according to the Sign-in timeliness and the Sign-in code, a third party system is controlled to regularly call a Sign-in module in a memory to Sign in order to prolong the service time of the authorized data, wherein Sign-in is performed by adopting a Sign-in method Sign, and Sign signature can be realized by using a Sign function in Python;
And according to the sign-in code, controlling the third party system to call an acquisition module in the memory to acquire the required data, wherein a GetInfo method is adopted to acquire the required data, namely a GetInfo function.
In summary, the method for sharing a single sign on in a memory in the above embodiment of the present invention configures authorization information in a portal, where the authorization information includes a system code, an authorization level, authorization data and a sign-in time, loads the configured authorization information and stores the authorization information in the memory when the portal is initialized, invokes an authentication module in the memory when the third party system needs to perform single sign on, and transmits a user identifier in the system code and the authorization data to the authentication module, where the authentication module performs data query according to the user identifier in the system code and the authorization data, returns an authentication result, controls the third party system to perform corresponding processing according to the authentication result returned by the authentication module, so as to open the authorization information, and specifically, performs single sign-on in a memory sharing manner according to controlling the third party system to use the authorization information, where the data sharing in the single sign-on system is involved, and only one time of "handshake" is required when the data sharing is performed, so that the data can be opened after authentication.
Example two
Referring to fig. 3, fig. 3 is a block diagram of a memory sharing single sign-on system 200 according to a second embodiment of the present invention, where the memory sharing single sign-on system 200 includes a configuration module 21, a loading module 22, a data query module 23, a first control module 24, and a second control module 25, where:
A configuration module 21, configured to configure authorization information in the portal, where the authorization information includes a system code, an authorization level, authorization data, and a check-in time;
The loading module 22 is configured to load the configured authorization information and store the authorization information in the memory when the portal is initialized;
The data query module 23 is configured to invoke the authentication module in the memory and transmit the user identifier in the system code and the authorization data to the authentication module when the third party system needs to perform single sign-on, where the authentication module performs data query according to the user identifier in the system code and the authorization data and returns an authentication result, and the authentication method AuthenticationMethod is used to perform data query;
The first control module 24 is configured to control the third party system to perform corresponding processing according to the authentication result returned by the authentication module, so as to open authorization information;
A second control module 25, configured to control the third party system to use the authorization information.
Further, in some alternative embodiments of the present invention, the data query module 23 includes:
The first judging unit is used for searching the user identifier in the memory and judging whether the corresponding user identifier exists or not;
The second judging unit is used for searching the system code in the memory and judging whether the corresponding system code exists or not when judging that the corresponding user identification exists;
The searching unit is used for acquiring corresponding authorization level and authorization data when judging that corresponding system codes exist, searching corresponding authorization dictionary data, and returning authentication success if the authorization dictionary data are found, wherein a string of globally unique check-in codes are sent to a third party system, each check-in code corresponds to a preset area in a memory, the corresponding authorization dictionary data are placed in the corresponding preset area according to the check-in codes, and the check-in codes are generated through a GUID algorithm.
Further, in some alternative embodiments of the present invention, the first control module 24 includes:
A third judging unit, configured to check whether authorization configuration is performed when the returned authentication result is failure;
The execution unit is used for executing the data query module 23 after performing authorized configuration when checking that the authorized configuration is not performed;
a retry unit for retrying the data inquiry module 23 when checking that the authorized configuration has been made;
The open unit is used for opening the authorization data corresponding to the appointed area in the memory according to the sign-in code when the authentication result is returned to be successful;
And the refreshing unit is used for controlling the authentication module in the portal to refresh the authorization data periodically according to the check-in timeliness, wherein the user with the expired and non-checked-in can empty the corresponding authorization data from the memory.
Further, in some alternative embodiments of the present invention, the second control module 25 includes:
The check-in unit is used for controlling the third party system to regularly call a check-in module in the memory to check in according to check-in timeliness and check-in codes so as to prolong the service time of the authorization data;
And the control unit is used for controlling the third party system to call an acquisition module in the memory to acquire the required data according to the sign-in code, wherein the required data is acquired by adopting a GetInfo method.
Example III
In another aspect, referring to fig. 4, an electronic device according to a third embodiment of the present invention includes a memory 20, a processor 10, and a computer program 30 stored in the memory and capable of running on the processor, where the processor 10 implements the memory sharing single sign-on method as described above when executing the computer program 30.
The processor 10 may be, among other things, a central processing unit (Central Processing Unit, CPU), a controller, a microcontroller, a microprocessor or other data processing chip in some embodiments for running program code or processing data stored in the memory 20, e.g. executing an access restriction program or the like.
The memory 20 includes at least one type of readable storage medium including flash memory, a hard disk, a multimedia card, a card memory (e.g., SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, etc. The memory 20 may in some embodiments be an internal storage unit of the electronic device, such as a hard disk of the electronic device. The memory 20 may also be an external storage device of the electronic device in other embodiments, such as a plug-in hard disk provided on the electronic device, a smart memory card (SMART MEDIA CARD, SMC), a Secure Digital (SD) card, a flash memory card (FLASH CARD), etc. Further, the memory 20 may also include both internal storage units and external storage devices of the electronic device. The memory 20 may be used not only for storing application software of an electronic device and various types of data, but also for temporarily storing data that has been output or is to be output.
It should be noted that the structure shown in fig. 4 does not constitute a limitation of the electronic device, and in other embodiments the electronic device may comprise fewer or more components than shown, or may combine certain components, or may have a different arrangement of components.
The embodiment of the invention also provides a computer readable storage medium, on which a computer program is stored, which when executed by a processor, implements the memory sharing single sign-on method as described above.
Those of skill in the art will appreciate that the logic and/or steps represented in the flow diagrams or otherwise described herein, e.g., a ordered listing of executable instructions for implementing logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
More specific examples (a non-exhaustive list) of the computer-readable medium would include an electrical connection (an electronic device) having one or more wires, a portable computer diskette (a magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). In addition, the computer readable medium may even be paper or other suitable medium on which the program is printed, as the program may be electronically captured, via, for instance, optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner, if necessary, and then stored in a computer memory.
It is to be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above-described embodiments, the various steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, may be implemented using any one or combination of techniques known in the art, discrete logic circuits with logic gates for implementing logic functions on data signals, application specific integrated circuits with appropriate combinational logic gates, programmable Gate Arrays (PGAs), field Programmable Gate Arrays (FPGAs), and the like.
In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present invention. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiments or examples. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
The foregoing examples illustrate only a few embodiments of the invention, which are described in detail and are not to be construed as limiting the scope of the invention. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the invention, which are all within the scope of the invention. Accordingly, the scope of protection of the present invention is to be determined by the appended claims.
Claims (7)
1. The memory sharing type single sign-on method is characterized by being applied to a scene that a third party system needs to conduct single sign-on at a portal, and comprises the following steps:
Step one, configuring authorization information in a portal, wherein the authorization information comprises a system code, an authorization level, authorization data and sign-in timeliness;
Step two, loading configured authorization information and storing the authorization information in a memory when the portal is initialized;
Calling an authentication module in the memory when a third party system needs single sign-on, transmitting a system code and a user identification in authorization data to the authentication module, and inquiring data according to the system code and the user identification in the authorization data by the authentication module to return an authentication result;
And step four, controlling a third party system to perform corresponding processing according to an authentication result returned by the authentication module so as to open authorization information, wherein the method specifically comprises the following steps:
when the returned authentication result is failure, checking whether authorization configuration is carried out;
If not, executing the third step after carrying out authorization configuration;
if yes, retrying the third step;
when the authentication result is successful, opening authorization data corresponding to the designated area in the memory according to the sign-in code;
According to the check-in timeliness, an authentication module in a control portal regularly refreshes the authorization data, wherein a user with expired non-check-in can empty the corresponding authorization data from the memory;
Controlling the third party system to use the authorization information, which specifically comprises the following steps:
According to the check-in timeliness and the check-in code, the third party system is controlled to regularly call a check-in module in the memory to check in so as to prolong the service time of the authorization data;
According to the sign-in code, controlling a third party system to call an acquisition module in a memory to acquire required data;
The authentication module performs data query according to the system code and the user identification in the authorization data, and the step of returning an authentication result comprises the following steps:
Searching a user identifier in a memory, and judging whether a corresponding user identifier exists or not;
if yes, searching the system code in the memory, and judging whether the corresponding system code exists;
If so, acquiring corresponding authorization level and authorization data, searching corresponding authorization dictionary data, and if the authorization dictionary data is found, returning authentication success, wherein a string of globally unique check-in codes are sent to a third party system, each check-in code corresponds to a preset area in a memory, and the corresponding authorization dictionary data is placed in the corresponding preset area according to the check-in codes.
2. The memory sharing type single sign-on method according to claim 1, wherein the sign-in code is generated through a GUID algorithm.
3. The memory sharing type single sign-on method according to claim 1, wherein the authentication module performs data query according to the system code and the user identifier in the authorization data, and in the step of returning the authentication result, performs data query by using an authentication method AuthenticationMethod.
4. The memory sharing type single sign-on method according to claim 1, wherein in the step of controlling the third party system to call the acquisition module in the memory to acquire the required data according to the sign-in code, the GetInfo method is adopted to acquire the required data.
5. A memory-sharing single sign-on system for implementing a memory-sharing single sign-on method as claimed in any one of claims 1-4, said system comprising:
The configuration module is used for configuring authorization information in the portal, wherein the authorization information comprises system codes, authorization levels, authorization data and check-in timeliness;
The loading module is used for loading the configured authorization information and storing the authorization information in the memory when the portal is initialized;
The data query module is used for calling the authentication module in the memory and transmitting the user identification in the system code and the authorization data to the authentication module when the third party system needs to perform single sign-on, and the authentication module performs data query according to the user identification in the system code and the authorization data and returns an authentication result;
The first control module is used for controlling the third party system to perform corresponding processing according to the authentication result returned by the authentication module so as to open the authorization information;
And the second control module is used for controlling the third party system to use the authorization information.
6. A computer readable storage medium having stored thereon a computer program, which when executed by a processor implements the memory sharing single sign-on method of any of claims 1-4.
7. An electronic device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the memory sharing single sign-on method of any of claims 1-4 when the program is executed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410775178.7A CN118368143B (en) | 2024-06-17 | 2024-06-17 | A memory-sharing single sign-on method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410775178.7A CN118368143B (en) | 2024-06-17 | 2024-06-17 | A memory-sharing single sign-on method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN118368143A CN118368143A (en) | 2024-07-19 |
| CN118368143B true CN118368143B (en) | 2024-12-06 |
Family
ID=91885603
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410775178.7A Active CN118368143B (en) | 2024-06-17 | 2024-06-17 | A memory-sharing single sign-on method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118368143B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113271308A (en) * | 2021-05-20 | 2021-08-17 | 中国建设银行股份有限公司 | System login authentication method and device, computer equipment and readable storage medium |
| CN114301717A (en) * | 2022-03-08 | 2022-04-08 | 苏州万店掌网络科技有限公司 | Single sign-on method, device, equipment and storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114726590B (en) * | 2022-03-18 | 2024-05-17 | 重庆米帕斯科技有限公司 | Method for implementing login authentication by decentralization in distributed system |
-
2024
- 2024-06-17 CN CN202410775178.7A patent/CN118368143B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113271308A (en) * | 2021-05-20 | 2021-08-17 | 中国建设银行股份有限公司 | System login authentication method and device, computer equipment and readable storage medium |
| CN114301717A (en) * | 2022-03-08 | 2022-04-08 | 苏州万店掌网络科技有限公司 | Single sign-on method, device, equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN118368143A (en) | 2024-07-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7305658B1 (en) | Method and system for application partitions | |
| US7146635B2 (en) | Apparatus and method for using a directory service for authentication and authorization to access resources outside of the directory service | |
| US8667578B2 (en) | Web management authorization and delegation framework | |
| US8291088B2 (en) | Method and system for providing single sign-on user names for web cookies in a multiple user information directory environment | |
| CA2508928C (en) | Method, system, and apparatus for discovering and connecting to data sources | |
| US7031967B2 (en) | Method and system for implementing policies, resources and privileges for using services in LDAP | |
| US20040254934A1 (en) | High run-time performance method and system for setting ACL rule for content management security | |
| US20120131646A1 (en) | Role-based access control limited by application and hostname | |
| CN108289098B (en) | Authority management method and device of distributed file system, server and medium | |
| EP2605177B1 (en) | Extensible and/or distributed authorization system and/or methods of providing the same | |
| US20040267749A1 (en) | Resource name interface for managing policy resources | |
| US20040236760A1 (en) | Systems and methods for extending a management console across applications | |
| US8589569B2 (en) | Method and apparatus for invoking a plug-in on a server | |
| WO1999044137A2 (en) | Stack-based access control | |
| JPH0934838A (en) | Method and apparatus for search of user's credentials in distributed computer environment | |
| EP2366164A1 (en) | Method and system for impersonating a user | |
| US8521875B2 (en) | Identity for data sources | |
| US20030236979A1 (en) | Group security objects and concurrent multi-user security objects | |
| US20030088678A1 (en) | Virtual attribute service in a directory server | |
| US20040015499A1 (en) | System and method for transaction access control | |
| US7260831B1 (en) | Method and system for authorization and access to protected resources | |
| US20020087718A1 (en) | Authentication referral search for LDAP | |
| US9870263B2 (en) | System virtualization instance management for terminal sessions | |
| US20040064724A1 (en) | Knowledge-based control of security objects | |
| CN118368143B (en) | A memory-sharing single sign-on method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |