阅读说明：本技术 一种认证方法、装置、计算机系统及可读存储介质 (Authentication method, device, computer system and readable storage medium ) 是由 郑如刚 于 2019-10-12 设计创作，主要内容包括：本发明公开了一种认证方法、装置、计算机系统及可读存储介质,基于云技术领域,包括：基于预设的运行框架创设具有框架规则的认证节点,认证节点包含有权限数据库；通过认证节点接收客户端发送的登陆信息,在权限数据库中获取与登陆信息匹配的权限信息；通过认证节点依据框架规则对权限信息进行储存；通过认证节点接收客户端发送的访问信息和URL请求,利用框架规则将访问信息和URL请求分别与认证节点中的权限信息进行比对以获得权限结果,并将权限结果载入至URL请求,得到新的URL请求；通过认证节点根据新的URL请求获取系统信息,或生成失败提示框。本发明使客户端在访问不同系统时,只需通过权限结果即可实现有权访问和无权访问,提高了系统运算速度。(The invention discloses an authentication method, an authentication device, a computer system and a readable storage medium, which are based on the technical field of cloud and comprise the following steps: creating an authentication node with a frame rule based on a preset operation frame, wherein the authentication node comprises an authority database; receiving login information sent by a client through an authentication node, and acquiring authority information matched with the login information in an authority database; storing the authority information through the authentication node according to the framework rule; receiving access information and a URL request sent by a client through an authentication node, comparing the access information and the URL request with authority information in the authentication node respectively by using a framework rule to obtain an authority result, and loading the authority result into the URL request to obtain a new URL request; and obtaining system information according to the new URL request through the authentication node, or generating a failure prompt box. The invention can realize the access right and the access without the right only by the authority result when the client accesses different systems, thereby improving the operation speed of the system.)

1. An authentication method, comprising the steps of:

s1: creating an authentication node with a frame rule based on a preset operation frame, wherein the authentication node comprises an authority database, generates a creation success signal and outputs the creation success signal to a client;

s2: receiving login information sent by the client through the authentication node, and acquiring authority information matched with the login information in the authority database;

s3: storing the authority information according to the framework rule through the authentication node, generating a caching success signal and sending the caching success signal to a client;

s4: receiving access information and a URL request sent by the client through the authentication node, comparing the access information and the URL request with authority information in the authentication node respectively by using the framework rule to obtain an authority result, and loading the authority result into the URL request to obtain a new URL request;

s5: obtaining system information according to the new URL request through the authentication node, or generating a failure prompt box; and outputting the system information or the failure prompt box to the client.

2. The authentication method according to claim 1, wherein said S1 comprises the steps of:

s11: creating an operation frame and setting frame rules in the operation frame;

s12: creating an authentication node with the framework rule based on the operating framework;

s13: creating a rights database in the authentication node;

s14: and generating a creation success signal according to the creation authority database and outputting the creation success signal to the client.

3. The authentication method according to claim 2, wherein the authority database in S11 includes primary data, secondary data, and tertiary data;

the primary data comprises a primary information set and a primary access set, the primary information set is provided with at least one registration message, and the primary access set is provided with at least one standard resource address of a system server;

the secondary data comprises a secondary information set and a secondary access set, the secondary information set is provided with at least one registration message, and the secondary access set is provided with at least one standard resource address of a system server;

the tertiary data includes a tertiary access set having at least one standard resource address of a system server.

4. The authentication method according to claim 3, wherein said S2 comprises the steps of:

s21: receiving login information output by the client according to the creation success signal through the authentication node;

s22: comparing the login information with the primary information set and the secondary information set in sequence, and generating authority information; wherein the authority information comprises role information and role authority;

s23: and outputting the authority information to an operation framework.

5. The authentication method according to claim 4, wherein said S22 includes:

if the login information is consistent with certain registration information in the primary information set, generating role information as the login information, and role authority as authority information of the primary access set;

if the login information is consistent with certain registration information in the secondary information set, generating role information as the login information, and role authority as authority information of the secondary access set;

and if the login information is inconsistent with all the registration information in the primary information set and the secondary information set, generating role information as the login information, and generating role authority as the authority information of the tertiary access set.

6. The authentication method according to claim 5, wherein the framework rule in S4 is an admission rule; in S4, the operation is performed on the access information and the URL request by using the admission rule to obtain an authorization result, including the following steps:

s4-01: comparing the access information with the role information of the authority information stored in the operation frame in sequence to obtain the authority information with the role information consistent with the access information;

if the access information is inconsistent with the role information of all the authority information stored in the operation frame, generating an authority result with the content of no authority, and loading the authority result into a URL request;

s4-02: extracting the role authority of the authority information, and sequentially comparing the URL request with the standard resource address of the system server in the role authority;

s4-03: if the role authority has a standard resource address of the system server consistent with the URL request, generating an authority result with the content being authorized, and loading the authority result into the URL request;

and if the role authority does not have the standard resource address of the system server consistent with the URL request, generating an authority result with the content of no authority, and loading the authority result into the URL request.

7. The authentication method according to claim 5, wherein the framework rule in S4 is also an exclusion rule; in S4, the operation is performed on the access information and the URL request by using the exclusion rule to obtain an authority result, including the following steps:

s4-11: comparing the access information with the role information of the authority information stored in the operation frame in sequence to obtain the authority information with the role information consistent with the access information;

if the access information is inconsistent with the role information of all the authority information stored in the operation frame, generating an authority result with the content of no authority, and loading the authority result into a URL request;

s4-12: extracting the role authority of the authority information, and sequentially comparing the URL request with the standard resource address of the system server in the role authority;

s4-13: if the role authority has a standard resource address of a system server consistent with the URL request, generating an authority result with unauthorized content, and loading the authority result into the URL request;

and if the role authority does not have the standard resource address of the system server consistent with the URL request, generating an authority result with the content being authorized, and loading the authority result into the URL request.

8. An authentication apparatus, comprising:

the system comprises an establishing module, a sending module and a receiving module, wherein the establishing module is used for establishing an authentication node with a frame rule based on a preset operation frame, the authentication node comprises an authority database, and the authentication node is generated and output to a client;

the authority management module is used for receiving login information sent by the client through the authentication node and acquiring authority information matched with the login information in the authority database;

the cache module is used for storing the authority information according to the frame rule through the authentication node, generating a cache success signal and sending the cache success signal to a client;

the request judging module is used for receiving the access information and the URL request sent by the client through the authentication node, comparing the access information and the URL request with the authority information in the authentication node respectively by using the framework rule to obtain an authority result, and loading the authority result into the URL request to obtain a new URL request;

the feedback module is used for acquiring system information according to the new URL request through the authentication node or generating a failure prompt box; and outputting the system information or the failure prompt box to the client.

9. A computer system comprising a plurality of computer devices, each computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processors of the plurality of computer devices when executing the computer program collectively implement the steps of the authentication method of any one of claims 1 to 7.

10. A computer-readable storage medium comprising a plurality of storage media, each storage medium having a computer program stored thereon, wherein the computer programs stored in the plurality of storage media, when executed by a processor, collectively implement the steps of the authentication method of any one of claims 1 to 7.

Technical Field

The present invention relates to the field of communications technologies, and in particular, to an authentication method, an authentication device, a computer system, and a readable storage medium.

Background

The traditional virtual user authentication is realized by the following modes:

firstly, judging whether login information of a client is registered in a database, and then acquiring login authority of the client from the database, wherein the client can only access a system A if the login authority is the client; when a client needs to access the system A, the client can smoothly access the system A according to the login authority, however, when the client needs to access the system B, the client needs to return to the database again to confirm whether the client has the access authority, and if the client does not have the access authority, a page without the right to access is generated and output to the client; the method ensures that the client side returns to the database to confirm the authority once when accessing different systems every time, so that the client side and the database frequently interact, the system calculation amount is greatly increased, and the system calculation speed and the calculation efficiency are reduced.

Disclosure of Invention

The invention aims to provide an authentication method, an authentication device, a computer system and a readable storage medium, which are used for solving the problem that the operation speed and the operation efficiency of the system are reduced due to frequent interaction between a client and a database caused by returning to a database to confirm a right every time the client accesses different systems.

In order to achieve the above object, the present invention provides an authentication method, comprising the steps of:

s1: creating an authentication node with a frame rule based on a preset operation frame, wherein the authentication node comprises an authority database, generates a creation success signal and outputs the creation success signal to a client;

s2: receiving login information sent by the client through the authentication node, and acquiring authority information matched with the login information in the authority database;

s3: storing the authority information according to the framework rule through the authentication node, generating a caching success signal and sending the caching success signal to a client;

s4: receiving access information and a URL request sent by the client through the authentication node, comparing the access information and the URL request with authority information in the authentication node respectively by using the framework rule to obtain an authority result, and loading the authority result into the URL request to obtain a new URL request;

s5: obtaining system information according to the new URL request through the authentication node, or generating a failure prompt box; and outputting the system information or the failure prompt box to the client.

In the foregoing solution, the S1 includes the following steps:

s11: creating an operation frame and setting frame rules in the operation frame;

s12: creating an authentication node with the framework rule based on the operating framework;

s13: creating a rights database in the authentication node;

s14: and generating a creation success signal according to the creation authority database and outputting the creation success signal to the client.

In the above scheme, the authority database in S11 includes primary data, secondary data, and tertiary data;

the primary data comprises a primary information set and a primary access set, the primary information set is provided with at least one registration message, and the primary access set is provided with at least one standard resource address of a system server;

the secondary data comprises a secondary information set and a secondary access set, the secondary information set is provided with at least one registration message, and the secondary access set is provided with at least one standard resource address of a system server;

the tertiary data includes a tertiary access set having at least one standard resource address of a system server.

In the foregoing solution, the S2 includes the following steps:

s21: receiving login information output by the client according to the creation success signal through the authentication node;

s22: comparing the login information with the primary information set and the secondary information set in sequence, and generating authority information; wherein the authority information comprises role information and role authority;

s23: and outputting the authority information to an operation framework.

In the above scheme, the S22 includes:

if the login information is consistent with certain registration information in the primary information set, generating role information as the login information, and role authority as authority information of the primary access set;

if the login information is consistent with certain registration information in the secondary information set, generating role information as the login information, and role authority as authority information of the secondary access set;

and if the login information is inconsistent with all the registration information in the primary information set and the secondary information set, generating role information as the login information, and generating role authority as the authority information of the tertiary access set.

In the above solution, the framework rule in S4 may be an admission rule; in S4, the operation is performed on the access information and the URL request by using the admission rule to obtain an authorization result, including the following steps:

s4-01: comparing the access information with the role information of the authority information stored in the operation frame in sequence to obtain the authority information with the role information consistent with the access information;

if the access information is inconsistent with the role information of all the authority information stored in the operation frame, generating an authority result with the content of no authority, and loading the authority result into a URL request;

s4-02: extracting the role authority of the authority information, and sequentially comparing the URL request with the standard resource address of the system server in the role authority;

s4-03: if the role authority has a standard resource address of the system server consistent with the URL request, generating an authority result with the content being authorized, and loading the authority result into the URL request;

and if the role authority does not have the standard resource address of the system server consistent with the URL request, generating an authority result with the content of no authority, and loading the authority result into the URL request.

In the above solution, the framework rule in S4 may also be an exclusion rule; in S4, the operation is performed on the access information and the URL request by using the exclusion rule to obtain an authority result, including the following steps:

s4-11: comparing the access information with the role information of the authority information stored in the operation frame in sequence to obtain the authority information with the role information consistent with the access information;

if the access information is inconsistent with the role information of all the authority information stored in the operation frame, generating an authority result with the content of no authority, and loading the authority result into a URL request;

s4-12: extracting the role authority of the authority information, and sequentially comparing the URL request with the standard resource address of the system server in the role authority;

s4-13: if the role authority has a standard resource address of a system server consistent with the URL request, generating an authority result with unauthorized content, and loading the authority result into the URL request;

and if the role authority does not have the standard resource address of the system server consistent with the URL request, generating an authority result with the content being authorized, and loading the authority result into the URL request.

In order to achieve the above object, the present invention also provides an authentication apparatus comprising:

the system comprises an establishing module, a sending module and a receiving module, wherein the establishing module is used for establishing an authentication node with a frame rule based on a preset operation frame, the authentication node comprises an authority database, and the authentication node is generated and output to a client;

the authority management module is used for receiving login information sent by the client through the authentication node and acquiring authority information matched with the login information in the authority database;

the cache module is used for storing the authority information according to the frame rule through the authentication node, generating a cache success signal and sending the cache success signal to a client;

the request judging module is used for receiving the access information and the URL request sent by the client through the authentication node, comparing the access information and the URL request with the authority information in the authentication node respectively by using the framework rule to obtain an authority result, and loading the authority result into the URL request to obtain a new URL request;

the feedback module is used for acquiring system information according to the new URL request through the authentication node or generating a failure prompt box; and outputting the system information or the failure prompt box to the client.

To achieve the above object, the present invention further provides a computer system comprising a plurality of computer devices, each computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processors of the plurality of computer devices jointly implement the steps of the authentication method when executing the computer program.

In order to achieve the above object, the present invention further provides a computer-readable storage medium including a plurality of storage media, each storage medium having stored thereon a computer program, the computer programs stored in the plurality of storage media collectively implementing the steps of the above authentication method when executed by a processor.

According to the authentication method, the authentication device, the computer system and the readable storage medium, the authority database is created through the creation module, the operation frame is created, the authority information matched with the login information is obtained through the authority management module, and the authority information is stored through the cache module;

then, a request judging module is used for operating the login information to obtain an authority result, and the authority result is loaded into the URL request;

finally, accessing a system server and acquiring system information or generating a failure prompt box through a feedback module according to the permission result; outputting the system information or the failure prompt box to the client;

therefore, when the client accesses different system servers, the client only needs to obtain the permission result through the request judging module and then accesses the corresponding system server through the permission result or generates a failure prompt box;

by the method, when the client frequently accesses different systems, the access right and the access without the right can be realized only through the authority result, so that the system operation amount is greatly reduced, and the system operation speed and the operation efficiency are further improved.

Drawings

FIG. 1 is a flowchart of a first embodiment of an authentication method according to the present invention;

FIG. 2 is a block diagram of a second embodiment of an authentication device according to the present invention;

fig. 3 is a schematic diagram of a hardware structure of a computer device according to a third embodiment of the present invention.

Reference numerals:

1. authentication device 2, computer equipment 11, creation module 12, authority management module

13. Cache module 14, request judgment module 15, feedback module 21 and memory

22. Processor with a memory having a plurality of memory cells

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

The invention provides an authentication method, an authentication device, a computer system and a readable storage medium, which are suitable for the field of communication and are used for providing an authentication method based on an establishment module, an authority management module, a cache module, a request judgment module and a feedback module. According to the invention, a permission database is created through a creation module, an operation frame is created, permission information matched with login information is obtained through a permission management module, and the permission information is stored through a cache module; then, a request judging module is used for operating the login information to obtain an authority result, and the authority result is loaded into the URL request; finally, accessing a system server and acquiring system information or generating a failure prompt box through a feedback module according to the permission result; outputting the system information or the failure prompt box to the client; when the client accesses different system servers, the client only needs to obtain the permission result through the request judging module and then accesses the corresponding system server through the permission result or generates a failure prompt box.