CN109936565A - Log in the method, apparatus, computer equipment and storage medium of multiple service clusters - Google Patents
Log in the method, apparatus, computer equipment and storage medium of multiple service clusters Download PDFInfo
- Publication number
- CN109936565A CN109936565A CN201910080752.6A CN201910080752A CN109936565A CN 109936565 A CN109936565 A CN 109936565A CN 201910080752 A CN201910080752 A CN 201910080752A CN 109936565 A CN109936565 A CN 109936565A
- Authority
- CN
- China
- Prior art keywords
- account
- terminal
- service cluster
- service
- authorization token
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 238000013475 authorization Methods 0.000 claims abstract description 92
- 238000012795 verification Methods 0.000 claims abstract description 53
- 238000012937 correction Methods 0.000 claims description 12
- 238000004590 computer program Methods 0.000 claims description 6
- 238000012790 confirmation Methods 0.000 claims 1
- 238000010586 diagram Methods 0.000 description 22
- 230000008569 process Effects 0.000 description 6
- 238000012545 processing Methods 0.000 description 6
- 238000004891 communication Methods 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 230000004044 response Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000002776 aggregation Effects 0.000 description 1
- 238000004220 aggregation Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 238000009738 saturating Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 230000001755 vocal effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/40—Support for services or applications
Landscapes
- Engineering & Computer Science (AREA)
- Multimedia (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The application belongs to cloud field, is related to logging in the method, apparatus, computer equipment and storage medium of multiple service clusters.This method comprises: interlock account set is created in the relevant database of Account Logon server, the account information of at least one account in the interlock account set comprising same user's registration;When receiving the logging request for the terminal that first service cluster redirection comes, judge whether the terminal logs in any service cluster;The first authorization token is created when the terminal has logged in any service cluster;The terminal is redirected to the first service cluster, and sends first authorization token to the first service cluster;Verify the second authorization token that the first service cluster provides;When second authorization token passes through verification, confirm that the terminal is successfully logged in the first service cluster.This method can be convenient and safely logs in multiple service clusters.
Description
Technical field
The application belongs to cloud field, is related to logging in the method, apparatus of multiple service clusters, computer equipment and deposit
Storage media.
Background technique
Along with the extension of software product business, the software product/service derived can also be accordingly increased, general logical
Multiple service clusters are crossed to realize multiple software product/service operation.It is independently opened with a scattered manner by multiple service clusters
What hair and deployment multiple software product/service were constituted is an open architecture, and open port is more, and user logs in and access
Process become increasingly complex.
Under existing technical conditions, for user by terminal log in different service clusters often respectively authorization and
Management, all there is certain deficiency in safety and failure rate.For example, being attacked since open port is more by network
A possibility that hitting can be bigger.In addition, if there are problems that network problem or service itself be easy cause service call failure or
Person's delay can excessively cause to service snowslide when serious because service is overstock.
Summary of the invention
The embodiment of the present application discloses method, apparatus, computer equipment and the storage medium for logging in multiple service clusters,
Purport is convenient and safely logs in multiple service clusters.
Some embodiments of the present application disclose a kind of method for logging in multiple service clusters.
The method for logging in multiple service clusters includes: to create in the relevant database of Account Logon server
Interlock account set, the account information of at least one account in the interlock account set comprising same user's registration;When connecing
When receiving the logging request for the terminal that first service cluster redirection comes, judge whether the terminal logs in any services set
Group;The first authorization token is created when the terminal has logged in any service cluster;The terminal is redirected to described
First service cluster, and send first authorization token to the first service cluster;Verify the first service cluster
The second authorization token provided;When second authorization token passes through verification, confirm the terminal in the first service collection
Group successfully logs in.
It is described that association is created in the relevant database of Account Logon server in some embodiments of the present application
The step of account aggregation includes: to obtain characteristic information in the account information of each account from least one dimension;It will be with one-dimensional
Degree is included into the same interlock account set comprising the account of the identical characteristic information.
In some embodiments of the present application, the dimension includes: User ID dimension, finger print information dimension, face information
Dimension, voiceprint dimension and iris information dimension.
It is described to judge whether the terminal logs in any service cluster in some embodiments of the present application further include: when
When the terminal is not logged on any service cluster, Xiang Suoshu terminal sends login page;It receives the terminal and is based on institute
State the logon form of login page return;In conjunction with the relevant database to the first account information in the logon form
It is verified;When first account information passes through verification, the terminal is redirected to the first service cluster.
In some embodiments of the present application, relevant database described in the combination is in the logon form
The step of one account information is verified includes: by each account in first account information and the interlock account set
Second account information is compared one by one;When the institute of any account in first account information and the interlock account set
State the second account information it is consistent when, first account information passes through verification.
In some embodiments of the present application, third authorization token is created when first account information passes through verification,
And the third authorization token is sent to the first service when the terminal is redirected to the first service cluster
Cluster.
In some embodiments of the present application, the second authorization token of the verification first service cluster offer
Step includes: that second authorization token is compared with first authorization token;When second authorization token and institute
State the first authorization token it is consistent when, second authorization token passes through verification.
The embodiment of the application discloses a kind of device for logging in multiple service clusters.
The device for logging in multiple service clusters includes: interlock account set creation module, in login service device
Relevant database in create interlock account set, include at least the one of same user's registration in the interlock account set
The account information of a account;Judgment module is logged in, for when the login for receiving the terminal that first service cluster redirection comes
When request, judge whether the terminal logs in any service cluster;Token creation module, for having logged in institute when the terminal
The first authorization token is created when stating any service cluster;First redirection module, for the terminal to be redirected to described
One service cluster, and send first authorization token to the first service cluster;Token correction verification module, for verifying
The second authorization token that the first service cluster provides;Token check results feedback module, for working as second warrant
When board passes through verification, confirm that the terminal is successfully logged in the first service cluster.
In some embodiments of the present application, the interlock account set creation module includes: that characteristic information obtains submodule
Block, for obtaining characteristic information in the account information of each account from least one dimension;Account is included into submodule, will be same
Dimension includes that the account of the identical characteristic information is included into the same interlock account set.
In some embodiments of the present application, the device for logging in multiple service clusters further include: the page sends mould
Block, for when the terminal is not logged on any service cluster, Xiang Suoshu terminal to send login page;List receives
Module, the logon form returned for receiving the terminal based on the login page;Account information correction verification module, in conjunction with institute
Relevant database is stated to verify the first account information in the logon form;Second redirection module, for working as institute
When stating the first account information and passing through verification, the terminal is redirected to the first service cluster.
In some embodiments of the present application, the token creation module is also used to pass through when first account information
Third authorization token is created when verification.The device for logging in multiple service clusters is by second redirection module in handle
The third authorization token is sent to the first service cluster when terminal is redirected to the first service cluster.
In some embodiments of the present application, the account information correction verification module includes: that account information compares submodule,
For first account information to be compared one by one with the second account information of each account in the interlock account set;
Account information check results judging submodule, for when any account in first account information and the interlock account set
When second account information at family is consistent, judgement show that first account information passes through verification.
In some embodiments of the present application, the token correction verification module includes: that token compares submodule, is used for institute
The second authorization token is stated to be compared with first authorization token;Token comparison result judging submodule, for when described the
When two authorization token are consistent with first authorization token, judgement show that second authorization token passes through verification.
In some embodiments of the present application, the device for logging in multiple service clusters further includes global session creation
Module;The global session creation module be used for when first account information in the logon form passes through verification and
Global session is created when first account information in the logon form is not over verification.
Some embodiments of the present application disclose a kind of computer equipment, including memory and processor, the memory
In be stored with computer program, the processor realizes that any of the above-described kind logs in multiple services when executing the computer program
The step of method of cluster.
Some embodiments of the present application disclose a kind of computer readable storage medium, the computer-readable storage medium
Computer program is stored in matter, the computer program realizes that any of the above-described kind logs in multiple services when being executed by processor
The step of method of cluster.
Compared with prior art, technical solution disclosed in the present application mainly have it is following the utility model has the advantages that
In embodiments herein, which the method for logging in multiple service clusters logs in regardless of the terminal request
One service cluster is redirected to the Account Logon server.Judge that the terminal is by the Account Logon server
It is no to log in any service cluster.So that the Account Logon server is managed concentratedly to multiple service clusters are logged in, union
Middle authorization.Therefore the port by the method opening for logging in multiple service clusters is less, a possibility that by network attack
It is lower.Since any service cluster is not verified in the account individually provided the terminal, but by the account
The centralized processing of login service device, it is ensured that the response speed of any service cluster, so that any service cluster
It is not easy to overstock service.When the terminal has logged in any service cluster, the Account Logon server is by the terminal
It is redirected to the service cluster that request logs in.Therefore reduce unnecessary log-on message verification under the premise of ensuring safety
Link, the process for being conducive to that the terminal request is allowed to log in multiple service clusters are more convenient.
Detailed description of the invention
Technical solution in ord to more clearly illustrate embodiments of the present application, below will be to needed in the embodiment
Attached drawing is briefly described, it should be apparent that, the drawings in the following description are only some examples of the present application, for this
For the those of ordinary skill of field, without any creative labor, it can also be obtained according to these attached drawings other
Attached drawing.
Fig. 1 is the schematic diagram that the method for multiple service clusters is logged in described in the embodiment of the application;
Fig. 2 is the schematic diagram for creating interlock account set in the embodiment of the application in the relevant database.
Fig. 3 be the application an embodiment in 6 accounts are included into the schematic diagrames of 3 interlock account set;
Fig. 4 be the application an embodiment in verify the schematic diagram of the second authorization token that the service cluster provides;
Fig. 5 is the schematic diagram that the method for multiple service clusters is logged in described in another embodiment of the application;
Fig. 6 is marriage relation type database described in the embodiment of the application to the first account in the logon form
The schematic diagram that family information is verified;
Fig. 7 is terminal a, service cluster A, service cluster B and Account Logon server se in the embodiment of the application
Between interaction schematic diagram;
Fig. 8 is the schematic diagram that the device of multiple service clusters is logged in described in the embodiment of the application;
Fig. 9 is the schematic diagram of interlock account set creation module 10 described in the embodiment of the application;
Figure 10 is the schematic diagram of token correction verification module 50 described in the embodiment of the application;
Figure 11 is the schematic diagram that the device of multiple service clusters is logged in described in another embodiment of the application;
Figure 12 is the schematic diagram of account information correction verification module 90 described in the another embodiment of the application.
Description of symbols:
Specific embodiment
The application in order to facilitate understanding is described more fully the application below with reference to relevant drawings.In attached drawing
Give the preferred embodiment of the application.But the application can realize in many different forms, however it is not limited to herein
Described embodiment.On the contrary, purpose of providing these embodiments is keeps the understanding to disclosure of this application more saturating
It is thorough comprehensive.
Unless otherwise defined, all technical and scientific terms used herein and the technical field for belonging to the application
The normally understood meaning of technical staff it is identical.The term used in the description of the present application is intended merely to retouch herein
State the purpose of specific embodiment, it is not intended that in limitation the application.
The embodiment of the application discloses a kind of method for logging in multiple service clusters.
One service cluster usually runs an individual software product.The terminal accesses the service first
Cluster, and when the service cluster receives the access of the terminal, the terminal is redirected to Account Logon server.
The terminal is redirected to Account Logon server by the service cluster to be sent to the account for the address parameter of oneself
Login service device.
It is the schematic diagram that the method for multiple service clusters is logged in described in the embodiment of the application with reference to Fig. 1.
It anticipates as shown in fig. 1, the terminal logs in multiple service clusters by Account Logon server request,
The Account Logon server execute the step of include:
S1: interlock account set, the interlock account set are created in the relevant database of Account Logon server
In comprising same user's registration at least one account account information.
With reference to Fig. 2, to create showing for interlock account set in the relevant database in the embodiment of the application
It is intended to.
It anticipates as shown in Figure 2, it is described to be created in the relevant database in some embodiments of the application
The step of building interlock account set include:
S11: characteristic information is obtained in the account information of each account from least one dimension.
S12: the same interlock account set will be included into the account for including the identical characteristic information with dimension.
The dimension includes: User ID dimension, finger print information dimension, face information dimension, voiceprint dimension and rainbow
Film information dimension.The User ID dimension generates with uniqueness when mainly including the ID card No. of user, registration
ID, phone number etc..The finger print information dimension is usually user by believing when account typing as the fingerprint of login password
Breath.The face information dimension is usually that user passes through face information when account typing as login password.The vocal print letter
Breath dimension is usually that user passes through voiceprint when account typing as login password.The iris information dimension is usually
Iris information when user passes through account typing as login password.
When characteristic information can be obtained in the account information of all accounts from multiple dimensions, to the multiple dimension
It is ranked up.Specifically, counting the quantity for the account that each dimension is related in all accounts.When a dimension relates to
And account quantity it is more when, characteristic information is preferentially obtained in the account information of all accounts according to the dimension, will be at this
Dimension includes that the account of same characteristic features information is included into same interlock account set.
Citing is illustrated S11 and S12 below:
With reference to Fig. 3, for the schematic diagram that 6 accounts are included into 3 interlock account set in the embodiment of the application.Fig. 3
In the account informations of 6 accounts be intended only as schematically illustrating.
It anticipates as shown in Figure 3, account NO1 and account NO4 contains same characteristic features information in the voiceprint dimension
Swmm58974 (code name as voiceprint, identical code name are shown to be all voiceprints of the same person), therefore institute
Interlock account set j1 can be included by stating account NO1 and the account NO4.Account NO2 and account NO3 are tieed up in the User ID
Degree contains same characteristic features information 154236, therefore the account NO2 and the account NO3 can be included into interlock account set
j2.Account NO3 and account NO5 contains same characteristic features information zwmm00265811 in the finger print information dimension and (uses fingerprint
The code name of information, identical code name are shown to be all finger print informations of the same person), therefore the account NO5 can also be included into
Interlock account set j2.Account NO6 and account NO1 to account NO5 do not include same characteristic features information, therefore the account NO6
Individually it is included into interlock account set j3.
S2: when receiving the logging request for the terminal that first service cluster redirection comes, whether judge the terminal
Log in any service cluster.
When the terminal logs in any service cluster to the Account Logon server successful request, the clothes
Business cluster can generate global session.The global session record has Account Logon server described in the terminal access to generate
Data.By parsing the global session, just can judge to show whether the terminal logs in any service cluster.
S3: the first authorization token is created when the terminal has logged in any service cluster.
S4: the terminal is redirected to the first service cluster, and sends the authorization token to described first
Service cluster.
Due to the terminal is redirected to the Account Logon server by the first service cluster can be by the ground of oneself
Location parameter is sent to the Account Logon server, therefore the Account Logon server can pass through the first service collection
The address parameter of group, is redirected to the first service cluster for the terminal.
S5: the second authorization token that the first service cluster provides is verified.
Second authorization token is supplied to the Account Logon server, the account by the first service cluster
Login service device verifies second authorization token that the service cluster provides.By verifying the service cluster
Second authorization token provided can prevent the terminal from providing the authorization token forged and realize in the service cluster
Login, be conducive to the security performance for improving the service cluster.
With reference to Fig. 4, for the signal for verifying the second authorization token that the service cluster provides in the embodiment of the application
Figure.
As schematically shown in figure 4, in some embodiments of the application, what the verification service cluster provided
The step of authorization token includes:
S51: second authorization token is compared with first authorization token.
S52: when second authorization token is consistent with first authorization token, second authorization token passes through
Verification.
S6: when second authorization token passes through verification, confirm that the terminal is successfully stepped in the first service cluster
Record.
For the first service cluster, when the first service cluster passes through Account Logon server school
Test to obtain second authorization token it is effective when, the terminal is logined successfully in the first service cluster.The Account Logon
Server can generate global session when confirming the service cluster that the terminal success logging request logs in.
It is the schematic diagram that the method for multiple service clusters is logged in described in another embodiment of the application with reference to Fig. 5.
It anticipates as shown in Figure 5, the terminal logs in multiple service clusters by Account Logon server request
When, the Account Logon server also executes following steps other than executing S1 to S5:
S7: when the terminal is not logged on any service cluster, Xiang Suoshu terminal sends login page.
S8: the logon form that the terminal is returned based on the login page is received.
S9: the first account information in the logon form is verified in conjunction with the relevant database.
S7 to S9 it is described judge the step of whether terminal logs in any service cluster after.
It is marriage relation type database described in the embodiment of the application to the in the logon form with reference to Fig. 6
The schematic diagram that one account information is verified.
As schematically represented in fig. 6, relevant database described in the combination believes the first account in the logon form
Ceasing the step of being verified includes:
S91: by the second account information of each account in first account information and the interlock account set one by one into
Row compares.
S92: when second account information of any account in first account information and the interlock account set
When consistent, first account information passes through verification.
In some embodiments of the present application, third authorization token is created when first account information passes through verification,
And the third authorization token is sent to the first service when the terminal is redirected to the first service cluster
Cluster.
S10: when first account information passes through verification, the terminal is redirected to the first service cluster.
It is that terminal a, service cluster A, service cluster B and Account Logon take in the embodiment of the application with reference to Fig. 7
Interaction schematic diagram between business device se.
The process of terminal a request login service device se login service cluster A and service cluster B is summarized below, with into one
The step explanation method for logging in multiple service clusters.
Anticipate as shown in Figure 7, the terminal a respectively with the service cluster A, the service cluster B and the account
Family login service device se communication connection, the service cluster A and the service cluster B also with the Account Logon server se
Communication connection.
The terminal a request logs in the service cluster A, to access certain resources of the service cluster A.The clothes
Cluster A be engaged in when receiving the logging request of the terminal a, the terminal a is redirected to the Account Logon server se,
And the address parameter of the service cluster A is attached in the logging request of the terminal a and is sent to the Account Logon server
se。
The Account Logon server se parses the logging request of the terminal a, and institute is inquired in the global session of storage
State whether terminal a logs in the service cluster A or service cluster B.The service had both been not logged in the terminal a
Cluster A, and when being not logged on the service cluster B, Xiang Suoshu terminal a sends login page.It can be by the terminal a
The login page inserts the first account information, can also be registered.
The Account Logon server se receives the logon form that the terminal a is returned based on the login page, then
Marriage relation type database verifies first account information in the logon form.Specifically, the account
Login service device se is by second of each account in first account information of the logon form and the interlock account set
Account information is compared one by one.The Account Logon server se compares first account for obtaining the logon form
When information is consistent with second account information of any account in the interlock account set, first account information
Pass through verification.When first account information in the logon form passes through verification, the Account Logon server se will
The terminal a is redirected to the service cluster A.
When the Account Logon server se show that the terminal a has logged in any service cluster, the account
Login service device se can log in the service cluster A for this time request of the terminal a and generate the first authorization token and global meeting
First authorization token, is then attached in the logging request of the terminal a by words.It is incited somebody to action in the Account Logon server se
When the terminal a is redirected to the service cluster A, first authorization token can be supplied to the service cluster A.
Second authorization token is sent the Account Logon server se and verified by the service cluster A.Described
When two authorization token are not forged, first authorization token of second authorization token and service cluster A acquisition
It is identical.When second authorization token is forged, second authorization token be will be unable to through the Account Logon server
The verification of se.By verifying second authorization token in the Account Logon server se, the end can be prevented
End a is held as a hostage and logs in the service cluster A with second authorization token of forgery, illegally obtains the service cluster A's
Data resource.
When verification of second authorization token by the Account Logon server se, the terminal a is in the clothes
Business cluster A is logined successfully.The terminal a is generated at the rear service cluster A in service cluster A login and is stored local
Session records the logon data of the terminal a.When second authorization token is not over the Account Logon server se
Verification when, the service cluster A to the terminal a feed back login failure.Specifically, second authorization token is often
With certain time-bounded, the second authorization token described in the time limit more than setting will fail.So if in the time limit of setting
The interior terminal a could not enough success service cluster A will to will cause second authorization token expired so that described second
Authorization token can not pass through the verification of the Account Logon server se.In addition, the terminal a can be to forge when being held as a hostage
The second authorization token log in the service cluster A, the terminal a is provided by the Account Logon server se at this time
Second authorization token verified, be beneficial to prevent the data resource for illegally obtaining the service cluster A.
When the terminal a requests to log in the service cluster B, the terminal a is redirected to by the service cluster B
The Account Logon server se.The Account Logon server se is being stored according to the account information in the logging request
Global session in inquire whether the terminal a logs in the service cluster A or service cluster B.
Since the terminal a has successfully logged in the service cluster A, the Account Logon server se can
Inquiry obtains the record that the terminal a logs in the service cluster A in the global session.At this time due to the terminal a
Through logging in the service cluster A, therefore the terminal a logs in the process of the service cluster B, can exist with reference to the terminal a
Request logs in the process of the service cluster A when having logged on any service cluster.
In embodiments herein, which the method for logging in multiple service clusters logs in regardless of the terminal request
One service cluster is redirected to the Account Logon server.Judge that the terminal is by the Account Logon server
It is no to log in any service cluster.So that the Account Logon server is managed concentratedly to multiple service clusters are logged in, union
Middle authorization.Therefore the port by the method opening for logging in multiple service clusters is less, a possibility that by network attack
It is lower.When Account Logon server judgement show that the terminal is not logged on any service cluster, by the account
Family login service device sends login page to the terminal, receives the log form that the terminal is returned based on the login page
It is single, and marriage relation type database verifies the first account information in the logon form, it is ensured that the terminal
Logging request is safe request.Since the account that any service cluster no longer individually provides the terminal is tested
Card, but handled by the Account Logon server centered, it is ensured that the response speed of any service cluster, makes
Any service cluster is obtained to be not easy to overstock service.When the terminal has logged in any service cluster, the account is stepped on
The terminal is redirected to the service cluster that request logs in by record server.Therefore reduce not under the premise of ensuring safety
Necessary log-on message calibration link, the process for being conducive to that the terminal request is allowed to log in multiple service clusters are more convenient.
The embodiment of the application discloses a kind of device for logging in multiple service clusters.
It is the schematic diagram that the device of multiple service clusters is logged in described in the embodiment of the application with reference to Fig. 8.
It anticipates as shown in Figure 8, the device for logging in multiple service clusters includes:
Interlock account set creation module 10, for creating interlock account in the relevant database of login service device
Gather, the account information of at least one account in the interlock account set comprising same user's registration.
Log in judgment module 20, for when receive first service cluster redirect come terminal logging request when,
Judge whether the terminal logs in any service cluster.
Token creation module 30, for creating the first warrant when the terminal has logged in any service cluster
Board.
First redirection module 40, for the terminal to be redirected to the first service cluster, and by described first
Authorization token sends the first service cluster to.
Token correction verification module 50, the second authorization token provided for verifying the first service cluster.
Token check results feedback module 60, for confirming the terminal when second authorization token passes through verification
It is successfully logged in the first service cluster.
It is the schematic diagram of interlock account set creation module 10 described in the embodiment of the application with reference to Fig. 9.Such as Fig. 9
Shown in meaning, in some embodiments of the present application, the interlock account set creation module 10 includes: that characteristic information obtains
Submodule 11 is taken, for obtaining characteristic information in the account information of each account from least one dimension.Account is included into submodule
12, the same interlock account set will be included into the account for including the identical characteristic information with dimension.
It is the schematic diagram of token correction verification module 50 described in the embodiment of the application with reference to Figure 10.As shown in Figure 10
Meaning, in some embodiments of the present application, the token correction verification module 50 includes: that token compares submodule 51, is used for institute
The second authorization token is stated to be compared with first authorization token.Token comparison result judging submodule 52, for when described
When second authorization token is consistent with first authorization token, judgement show that second authorization token passes through verification.
It is the schematic diagram that the device of multiple service clusters is logged in described in another embodiment of the application with reference to Figure 11.Such as
Meaning shown in Figure 11, in some embodiments of the present application, the device for logging in multiple service clusters further include: the page
Sending module 70, for when the terminal is not logged on any service cluster, Xiang Suoshu terminal to send login page.
List receiving module 80, the logon form returned for receiving the terminal based on the login page.Account information calibration mode
Block 90, for being verified in conjunction with the relevant database to the first account information in the logon form.Second resets
To module 100, for when the account information in the logon form passes through verification, the terminal to be redirected to described
One service cluster.
It is the schematic diagram of account information correction verification module 90 described in the embodiment of the application with reference to Figure 12.
It anticipates as shown in Figure 12, in some embodiments of the present application, the account information correction verification module 90 includes:
Account information compares submodule 91, for by second of each account in first account information and the interlock account set
Account information is compared one by one.Account information check results judging submodule 92, for working as first account information and institute
State any account in interlock account set second account information it is consistent when, judgement show that first account information is logical
Cross verification.
In some embodiments of the present application, the token creation module 30 is also used to when first account information is logical
Third authorization token is created when crossing verification.The device for logging in multiple service clusters passes through second redirection module 100
The third authorization token is sent to the first service collection when the terminal is redirected to the first service cluster
Group.
In some embodiments of the present application, the device for logging in multiple service clusters further includes global session creation
Module.The global session creation module be used for when first account information in the logon form passes through verification and
Global session is created when first account information in the logon form is not over verification.
The embodiment of the application discloses a kind of computer equipment.
The computer equipment includes that connection memory, processor, network interface are in communication with each other by system bus.This
Technical field it will be appreciated by the skilled person that computer equipment here be it is a kind of can according to the instruction for being previously set or storing,
The automatic equipment for carrying out numerical value calculating and/or information processing, hardware includes but is not limited to microprocessor, specific integrated circuit
(Application Specific Integrated Circuit, ASIC), programmable gate array (Field-
Programmable Gate Array, FPGA), digital processing unit (Digital Signal Processor, DSP), insertion
Formula equipment etc..
The computer equipment can be the calculating such as desktop PC, notebook, palm PC and cloud server and set
It is standby.The computer equipment can carry out people by modes such as keyboard, mouse, remote controler, touch tablet or voice-operated devices with user
Machine interaction.
The memory 201 includes at least a type of readable storage medium storing program for executing, and the readable storage medium storing program for executing includes dodging
Deposit, hard disk, multimedia card, card-type memory (for example, SD or DX memory etc.), random access storage device (RAM), it is static with
Machine accesses memory (SRAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), programmable
Read memory (PROM), magnetic storage, disk, CD etc..In some embodiments, the memory 201 can be described
The internal storage unit of computer equipment 200, such as the hard disk or memory of the computer equipment 200.In other embodiments
In, the memory 201 is also possible to the External memory equipment of the computer equipment 200, such as the computer equipment 200
The plug-in type hard disk of upper outfit, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital,
SD) block, flash card (Flash Card) etc..Certainly, the memory 201 can also both include the computer equipment 200
Internal storage unit also includes its External memory equipment.In the present embodiment, the memory 201 is installed on commonly used in storage
The operating system and types of applications software of the computer equipment 200, such as the method for the multiple service clusters of above-mentioned login
Program code etc..It has exported or will export all kinds of in addition, the memory 201 can be also used for temporarily storing
Data.
The processor 202 can be in some embodiments central processing unit (Central Processing Unit,
CPU), controller, microcontroller, microprocessor or other data processing chips.The processor 202 is commonly used in described in control
The overall operation of computer equipment 200.In the present embodiment, the processor 202 is stored for running in the memory 201
Program code or processing data, such as run the program code of the method for the multiple service clusters of above-mentioned login.
The network interface 203 may include radio network interface or wired network interface, which usually uses
It is communicated to connect in being established between the computer equipment 200 and other electronic equipments.
Present invention also provides another embodiments, that is, provide a kind of computer readable storage medium, the computer
Readable storage medium storing program for executing is stored with the program for logging in multiple service clusters, and the multiple service cluster programs of login can be by least one
A processor executes, so that at least one described processor executes the method that any one of the above logs in multiple service clusters
Step.
Finally it should be noted that, it is clear that embodiments described above is only some embodiments of the present application, rather than
Whole embodiments gives the preferred embodiment of the application in attached drawing, but is not intended to limit the scope of the patents of the application.This Shen
It can please realize in many different forms, on the contrary, purpose of providing these embodiments is makes in disclosure herein
The understanding of appearance is more thorough and comprehensive.Although the application is described in detail with reference to the foregoing embodiments, for this field
For technical staff comes, it can still modify to technical solution documented by aforementioned each specific embodiment or right
Part of technical characteristic carries out equivalence replacement.All equivalent structures done using present specification and accompanying drawing content, directly
It connects or is used in other related technical areas indirectly, similarly within the application scope of patent protection.
Claims (10)
1. a kind of method for logging in multiple service clusters characterized by comprising
Interlock account set is created in the relevant database of Account Logon server, includes same in the interlock account set
The account information of at least one account of one user's registration;
When receiving the logging request for the terminal that first service cluster redirection comes, it is any to judge whether the terminal logs in
Service cluster;
The first authorization token is created when the terminal has logged in any service cluster;
The terminal is redirected to the first service cluster, and sends first authorization token to the first service
Cluster;
Verify the second authorization token that the first service cluster provides;When second authorization token passes through verification, confirmation
The terminal is successfully logged in the first service cluster.
2. logging in the method for multiple service clusters according to claim 1, which is characterized in that described in Account Logon server
Relevant database in create interlock account set the step of include:
Characteristic information is obtained in the account information of each account from least one dimension;
The same interlock account set will be included into the account for including the identical characteristic information with dimension.
3. logging in the method for multiple service clusters according to claim 2, which is characterized in that the dimension includes: User ID
Dimension, finger print information dimension, face information dimension, voiceprint dimension and iris information dimension.
4. logging in the method for multiple service clusters according to claim 1, which is characterized in that described whether to judge the terminal
Log in any service cluster further include:
When the terminal is not logged on any service cluster, Xiang Suoshu terminal sends login page;
Receive the logon form that the terminal is returned based on the login page;
The first account information in the logon form is verified in conjunction with the relevant database;
When first account information passes through verification, the terminal is redirected to the first service cluster.
5. logging in the method for multiple service clusters according to claim 4, which is characterized in that relationship type number described in the combination
The step of verifying according to library to the first account information in the logon form include:
First account information is compared one by one with the second account information of each account in the interlock account set;
When first account information is consistent with second account information of any account in the interlock account set, institute
It states the first account information and passes through verification.
6. the method according to claim 4 or 5 for logging in multiple service clusters, which is characterized in that when first account is believed
Third authorization token is created when breath passes through verification, and when the terminal is redirected to the first service cluster by described the
Three authorization token send the first service cluster to.
7. logging in the method for multiple service clusters according to claim 1, which is characterized in that the verification first service
Cluster provide the second authorization token the step of include:
Second authorization token is compared with first authorization token;
When second authorization token is consistent with first authorization token, second authorization token passes through verification.
8. a kind of device for logging in multiple service clusters characterized by comprising
Interlock account set creation module, for creating interlock account set, institute in the relevant database of login service device
State the account information of at least one account in interlock account set comprising same user's registration;
Judgment module is logged in, for judging institute when receiving the logging request for the terminal that first service cluster redirection comes
State whether terminal logs in any service cluster;
Token creation module, for creating the first authorization token when the terminal has logged in any service cluster;
First redirection module, for the terminal to be redirected to the first service cluster, and by first warrant
Board sends the first service cluster to;
Token correction verification module, the second authorization token provided for verifying the first service cluster;
Token check results feedback module, for confirming the terminal described when second authorization token passes through verification
First service cluster successfully logs in.
9. a kind of computer equipment, including memory and processor, which is characterized in that be stored with computer journey in the memory
Sequence, the processor is realized when executing the computer program logs in multiple services sets as described in any one of claims 1 to 7
The step of method of group.
10. a kind of computer readable storage medium, which is characterized in that be stored with computer on the computer readable storage medium
Program is realized when the computer program is executed by processor and logs in multiple services sets as described in any one of claims 1 to 7
The step of method of group.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910080752.6A CN109936565A (en) | 2019-01-28 | 2019-01-28 | Log in the method, apparatus, computer equipment and storage medium of multiple service clusters |
| PCT/CN2019/117705 WO2020155761A1 (en) | 2019-01-28 | 2019-11-12 | Method for logging into multiple service clusters, apparatus, computer device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910080752.6A CN109936565A (en) | 2019-01-28 | 2019-01-28 | Log in the method, apparatus, computer equipment and storage medium of multiple service clusters |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109936565A true CN109936565A (en) | 2019-06-25 |
Family
ID=66985271
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910080752.6A Pending CN109936565A (en) | 2019-01-28 | 2019-01-28 | Log in the method, apparatus, computer equipment and storage medium of multiple service clusters |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN109936565A (en) |
| WO (1) | WO2020155761A1 (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111147496A (en) * | 2019-12-27 | 2020-05-12 | 北京奇艺世纪科技有限公司 | Data processing method and device |
| WO2020155761A1 (en) * | 2019-01-28 | 2020-08-06 | 平安科技(深圳)有限公司 | Method for logging into multiple service clusters, apparatus, computer device and storage medium |
| CN112714166A (en) * | 2020-12-22 | 2021-04-27 | 新华三大数据技术有限公司 | Multi-cluster management method and device for distributed storage system |
| CN113127846A (en) * | 2021-05-17 | 2021-07-16 | 济南博观智能科技有限公司 | Software authorization method, device, equipment and storage medium |
| CN113395326A (en) * | 2021-05-20 | 2021-09-14 | 网易(杭州)网络有限公司 | Network service-based login method, device and computer-readable storage medium |
| CN113886800A (en) * | 2020-07-01 | 2022-01-04 | 杭州晨熹多媒体科技有限公司 | Account management system, method and device |
| CN113949710A (en) * | 2021-10-15 | 2022-01-18 | 北京奇艺世纪科技有限公司 | Data processing method and server cluster |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113259342A (en) * | 2021-05-11 | 2021-08-13 | 鸬鹚科技(深圳)有限公司 | Login verification method, device, computer equipment and medium |
| CN113810468B (en) * | 2021-08-13 | 2023-04-18 | 济南浪潮数据技术有限公司 | Method, system, equipment and storage medium for distributing requests by gateway under K8s architecture |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102065131A (en) * | 2010-12-03 | 2011-05-18 | 湖南大学 | Single-point logging way and logging authentication |
| CN102469075A (en) * | 2010-11-09 | 2012-05-23 | 中科正阳信息安全技术有限公司 | Integrated authentication method based on WEB single sign-on |
| EP2919435A1 (en) * | 2014-03-10 | 2015-09-16 | Fujitsu Limited | Communication terminal and secure log-in method and program |
| CN105024975A (en) * | 2014-04-23 | 2015-11-04 | 腾讯科技(北京)有限公司 | Account number login method, device and system |
| CN105577667A (en) * | 2015-12-28 | 2016-05-11 | 上海赞越软件服务中心 | Multi-account one-key login and authentication mechanism |
| US20160366119A1 (en) * | 2015-06-15 | 2016-12-15 | Airwatch Llc | Single sign-on for unmanaged mobile devices |
| CN106375259A (en) * | 2015-07-20 | 2017-02-01 | 阿里巴巴集团控股有限公司 | Same-user account identification method and apparatus |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105472052B (en) * | 2014-09-03 | 2019-12-31 | 阿里巴巴集团控股有限公司 | Cross-domain server login method and system |
| CN106375270B (en) * | 2015-07-24 | 2020-12-08 | 华为技术有限公司 | Token generation and authentication method and authentication server |
| US10846390B2 (en) * | 2016-09-14 | 2020-11-24 | Oracle International Corporation | Single sign-on functionality for a multi-tenant identity and data security management cloud service |
| CN109936565A (en) * | 2019-01-28 | 2019-06-25 | 平安科技(深圳)有限公司 | Log in the method, apparatus, computer equipment and storage medium of multiple service clusters |
-
2019
- 2019-01-28 CN CN201910080752.6A patent/CN109936565A/en active Pending
- 2019-11-12 WO PCT/CN2019/117705 patent/WO2020155761A1/en active Application Filing
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102469075A (en) * | 2010-11-09 | 2012-05-23 | 中科正阳信息安全技术有限公司 | Integrated authentication method based on WEB single sign-on |
| CN102065131A (en) * | 2010-12-03 | 2011-05-18 | 湖南大学 | Single-point logging way and logging authentication |
| EP2919435A1 (en) * | 2014-03-10 | 2015-09-16 | Fujitsu Limited | Communication terminal and secure log-in method and program |
| CN105024975A (en) * | 2014-04-23 | 2015-11-04 | 腾讯科技(北京)有限公司 | Account number login method, device and system |
| US20160366119A1 (en) * | 2015-06-15 | 2016-12-15 | Airwatch Llc | Single sign-on for unmanaged mobile devices |
| CN106375259A (en) * | 2015-07-20 | 2017-02-01 | 阿里巴巴集团控股有限公司 | Same-user account identification method and apparatus |
| CN105577667A (en) * | 2015-12-28 | 2016-05-11 | 上海赞越软件服务中心 | Multi-account one-key login and authentication mechanism |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020155761A1 (en) * | 2019-01-28 | 2020-08-06 | 平安科技(深圳)有限公司 | Method for logging into multiple service clusters, apparatus, computer device and storage medium |
| CN111147496A (en) * | 2019-12-27 | 2020-05-12 | 北京奇艺世纪科技有限公司 | Data processing method and device |
| CN111147496B (en) * | 2019-12-27 | 2022-04-08 | 北京奇艺世纪科技有限公司 | Data processing method and device |
| CN113886800A (en) * | 2020-07-01 | 2022-01-04 | 杭州晨熹多媒体科技有限公司 | Account management system, method and device |
| CN112714166A (en) * | 2020-12-22 | 2021-04-27 | 新华三大数据技术有限公司 | Multi-cluster management method and device for distributed storage system |
| CN112714166B (en) * | 2020-12-22 | 2022-03-29 | 新华三大数据技术有限公司 | Multi-cluster management method and device for distributed storage system |
| CN113127846A (en) * | 2021-05-17 | 2021-07-16 | 济南博观智能科技有限公司 | Software authorization method, device, equipment and storage medium |
| CN113395326A (en) * | 2021-05-20 | 2021-09-14 | 网易(杭州)网络有限公司 | Network service-based login method, device and computer-readable storage medium |
| CN113949710A (en) * | 2021-10-15 | 2022-01-18 | 北京奇艺世纪科技有限公司 | Data processing method and server cluster |
| CN113949710B (en) * | 2021-10-15 | 2024-04-05 | 北京奇艺世纪科技有限公司 | Data processing method and server cluster |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2020155761A1 (en) | 2020-08-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109936565A (en) | Log in the method, apparatus, computer equipment and storage medium of multiple service clusters | |
| KR100294969B1 (en) | Computer devices and methods that provide a common user interface for software applications accessed through the World Wide Web. | |
| CN108683604B (en) | Concurrent access control method, terminal device, and medium | |
| CN110310205B (en) | Block chain data monitoring method, device, equipment and medium | |
| US9680815B2 (en) | Method and system for transmitting authentication context information | |
| CN110401655A (en) | Access control right management system based on user and role | |
| CN108965480A (en) | Cloud desktop login management-control method, device and computer readable storage medium | |
| CN112651011B (en) | Login verification method, device and equipment for operation and maintenance system and computer storage medium | |
| US20130298212A1 (en) | Using windows authentication in a workgroup to manage application users | |
| CN111490981B (en) | Access management method and device, bastion machine and readable storage medium | |
| JP2001067315A (en) | Distributed authentication mechanism to handle plural different authentication system in enterprise computer system | |
| WO2021164459A1 (en) | Identity verification method and apparatus, computer device, and readable storage medium | |
| CN109446788A (en) | A kind of identity identifying method and device, computer storage medium of equipment | |
| CN110138767B (en) | Transaction request processing method, device, equipment and storage medium | |
| US10192262B2 (en) | System for periodically updating backings for resource requests | |
| CN102510338B (en) | System, device and method for security certificate for multi-organization interconnection system | |
| US10013237B2 (en) | Automated approval | |
| CN114567600A (en) | Traffic management method and related equipment | |
| CN110086826A (en) | Information processing method | |
| CN112953951B (en) | User login verification and security detection method and system based on domestic CPU | |
| CN110430211B (en) | Virtualization cloud desktop system and operation method | |
| CN113949578A (en) | Automatic detection method and device for unauthorized vulnerability based on flow and computer equipment | |
| CN110278248A (en) | Testament message distributing method, device and computer readable storage medium | |
| KR100639992B1 (en) | Security apparatus for distributing client module and method thereof | |
| CN109840693A (en) | It attends a banquet behavior safety monitoring method, device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190625 |