阅读说明：本技术 一种微服务架构的客户端信息认证方法及系统 (Client information authentication method and system of micro-service architecture ) 是由 吴昊 王嘉超 于 2021-08-03 设计创作，主要内容包括：本发明属于互联网WEB应用用户身份安全核验及权限认证技术领域,公开了一种微服务架构的客户端信息认证方法及系统,过程为客户端发出访问请求,首先通过负载均衡将请求转发至服务端集群,请求若未携带JWTtoken令牌则将其转发至微服务认证中心模块进行信息注册并将信息存储于服务端关系数据库中做持久化存储后用户进行客户端登录操作,用户登录时对比核验,核验信息无误后微服务认证中心通过加密私钥将用户信息封装JWTtoken令牌,服务端返回处理结果；客户端设置拦截器,用户携带令牌继续访问,服务端各个子微服务模块核验令牌时效性后使用解密公钥对令牌信息解密,获取用户信息并将服务端解密公钥缓存于Redis数据库中,提升系统时效性与安全性。(The invention belongs to the technical field of identity security verification and authority authentication of internet WEB application users, and discloses a client information authentication method and a client information authentication system of a micro-service architecture, wherein the process is that a client sends an access request, firstly, the request is forwarded to a server cluster through load balancing, if the request does not carry a JWToken token, the request is forwarded to a micro-service authentication center module for information registration, the information is stored in a server relational database for persistent storage, then the user performs client login operation, the user is compared and verified during login, after the verification of the information is correct, the micro-service authentication center encapsulates the user information into the JWToken token through an encryption private key, and the server returns a processing result; the client sets an interceptor, the user carries the token to continue accessing, each sub-micro-service module of the server verifies the timeliness of the token and then decrypts the token information by using the decryption public key, the user information is obtained, and the server decryption public key is cached in a Redis database, so that the timeliness and the safety of the system are improved.)

1. A client information authentication method of a micro service architecture is characterized by comprising the following steps:

a user sends an access request through a client and forwards the request to a server unified entry micro-service gateway through Nginx load balancing;

the micro service gateway judges whether the request carries a JWT token or not, if not, the micro service gateway forwards the request to a micro service user authentication center for user information registration, stores the user information in a relational database of a server side, and then performs login operation;

when a user logs in, comparing user information filled in a client with data stored in a server relational database in advance, verifying that the information is correct, and then packaging the user information into a JWT TOKEN by using an encryption private key through an information authentication module according to JSON WEB TOKEN standard, wherein the expression style is in a JSON form;

the client sets an interceptor, an access user must carry the JWT token for service access, an access request is forwarded to a service module of the server through a micro service gateway, the JWT token is analyzed by using a decryption public key through the server to obtain user information of the client, the user information and the token information are stored in a client cookie or a localstorage, and the decryption public key is cached in a server Redis database, so that the subsequent access of the user is facilitated.

2. The method for authenticating client information in micro-service architecture as claimed in claim 1, wherein the micro-service gateway forwards the request to the micro-service user authentication center for user information registration, which includes a user name, a mobile phone number, and user password information when the user logs in.

3. The method for authenticating client information of a micro-service architecture as claimed in claim 1, wherein the server obtains user information and access request submitted by the user, the micro-service gateway forwards the request to the information authentication module, encapsulates the collected user information through JSON WEB TOKEN standard protocol, encrypts the information through asymmetric encryption algorithm to finally generate JWT TOKEN user TOKEN, and forwards the information to the specific server micro-service module according to the request after logging in.

4. The method of claim 3, wherein the parsing JWT token information by the information authentication module comprises:

(1) carrying a JWT token generated by a microservice authentication module when a user accesses each time;

(2) the server side decrypts the carried JWT token information by using the decryption public key, and obtains effective user information in the Payload load after verifying the validity of the signature and the validity of the token information;

(3) the server side processes the request and returns a corresponding result;

the information authentication module completes the generation and verification work of the token by writing a JWT tool class.

5. The method for authenticating client information in a micro-service architecture according to claim 1, wherein the data storage is completed by using a relational database Mysql and a non-relational database Redis combined storage, specifically: storing basic information of the user in Mysql, such as a user name, a user password, a user mobile phone number, a user head portrait and the like; the decryption public key information of the server-side micro service is cached in the Redis in a key-value key value pair mode, the key stores tokens to decrypt specific character strings, and the value stores specific decryption public key information, so that the response time and the availability of the system are improved.

6. The method for authenticating the information of the client of the micro-service architecture as claimed in claim 1, wherein the server firstly completes information verification through the relational database after acquiring the information filled by the client, generates a unique JWT token containing user information through the micro-service authentication module after verification by using an encryption private key, and the token communication between the client and the server is realized through Axios (a premium-based lightweight http library); and storing the token into a local cookie according to the request sent by the client, forwarding the token to the corresponding micro-service module of the server through the gateway to complete request processing, and finally returning a corresponding result.

7. The method of claim 1, wherein generating the JWT token comprises:

(1) setting a corresponding encryption private key and token valid time in a JWT tool class;

(2) compiling related logic codes, verifying the input information such as user name, user password, mobile phone verification code and the like, and packaging the information according to a Json Web Token protocol and code logic combined encryption private key to generate a JWT Token containing user information;

the process of verifying the JWT token is:

(1) firstly, acquiring specific JWT token information according to a request sent by a client;

(2) secondly, checking whether the token is available according to the valid time of the token preset in the tool class;

(3) analyzing effective client access information in the JWT token by using a decryption public key cached in a redis database;

the token information transmission between the client and the server uses Axios (a premium-based lightweight http library) to realize the interactive communication between the client and the server.

8. The method of claim 1, wherein the authentication module uses a private encryption key that matches a public decryption key used for the access request and requires an irregular update.

9. A client information authentication system of a micro service architecture for implementing the client information authentication method of the micro service architecture according to any one of claims 1 to 7, wherein the client information authentication system of the micro service architecture comprises:

the client is used for being responsible for user login and effective information acquisition;

and the server is used for taking charge of functions of login user authentication, effective information encryption, demand service provision and the like.

10. A method for authenticating client information according to any one of claims 1 to 7, applied in the separation of a client and a server.

Technical Field

The invention belongs to the technical field of identity security verification and authority authentication of internet WEB users, and particularly relates to a client information authentication method and system of a micro-service architecture.

Background

At present: with the rapid development of social technologies, the business requirements of people on the internet are improved, and the traditional single application is gradually subjected to the problems of high code coupling, difficulty in expansion, difficulty in maintenance and the like. Under the premise, the micro service architecture gradually becomes the current mainstream information system architecture mode due to the advantages of low code redundancy, easy later maintenance and expansion and the like, but the efficient authentication of the access information of the communication between the services becomes the current important problem due to the fact that the whole system is divided into a plurality of sub service modules.

The traditional single application keeps the information security and consistency of system users by using session communication, but since the session is a session communication mode of a server, the session is very dependent on the server and user information is temporarily stored in the server in a hash table form, when access users increase, the memory occupied by the user information stored in the server is larger and larger, and the service performance of the whole system is influenced finally. In addition, in the distributed micro-service system, the server is deployed in a cluster mode, when a user information authentication scheme based on session is adopted, only the server which provides response in the server cluster can temporarily store the user information, and when the user continues to access other services, the other servers in the cluster do not store the user information, and service providing is refused; if the subsequent service access is continued, the other sub-micro service modules are required to re-authenticate for multiple times or the session information copy is completed in the server cluster, the communication efficiency is low, and the user experience of the client is influenced, so that the session is not suitable for the information authentication between the sub-modules of the micro service architecture system with the separated client and server.

Through the above analysis, the problems and the defects of the user authentication information technology of the traditional single architecture system are as follows: and completing information authentication in a session-based mode. In the method, multiple re-authentications or session copies are required in the micro-service architecture system, so that the communication efficiency is low, and the use experience of a client user is influenced.

The difficulty in solving the above problems and defects is: the session is used as an information authentication medium of the micro-service architecture system, the session storage address is at the server, when the user access amount is increased, the server stores too many sessions, the performance of the server is affected, and the server is paralyzed and cannot be used normally when the user access amount is increased.

The significance of solving the problems and the defects is as follows: the single body bearing pressure of the server can be reduced, the service response speed and performance of the server are accelerated, the user access experience of the client is improved, and the robustness and stability of the server cluster and the whole system are maintained.

Disclosure of Invention

Aiming at the problems in the prior art, the invention discloses a client information authentication method and a client information authentication system of a micro-service architecture.

The invention is realized in this way, a method for authenticating client information of a micro-service architecture, the method for authenticating client information of the micro-service architecture comprises:

a user sends an access request through a client and firstly forwards the request to a server unified entry micro-service gateway through Nginx load balancing; positive effects of Nginx: and completing the first forwarding of the client access request, reducing the bearing pressure of the server cluster when the concurrent access amount is high, and completing the processing of the first high concurrent access.

The micro service gateway judges the request, if the JWT token information is not carried, the micro service gateway forwards the JWT token information to a micro service user authentication center for user information registration, and stores the user information in a relational database of a server side to finish persistent storage; the micro service gateway has the positive effects: the micro service gateway is the only entrance of each service sub-micro service module of the server, so that the client is isolated from the server, the coupling between the client and the server is reduced, and the independence and the safety of the server are ensured.

When a user logs in, comparing user information filled in a client with data stored in a server relational database in advance, verifying that the information is correct, and then packaging the user information into a JWT TOKEN through an information authentication module by using an encryption private key according to JSON WEB TOKEN standard, wherein the expression style is in a JSON form; checking user information and a database to check whether a user has the right to complete a subsequent service access request, finishing checking if the user information exists in the database, and packaging the user information into a JWT TOKEN containing the user information by using a pre-designed private key through an information authentication module in a JSON WEB TOKEN protocol after the checking is finished, wherein the representation form of the TOKEN is a JSON style. The JWT token is the unique identifier requested by the client, and the client carries out subsequent service access by carrying the JWT token.

The client sets an interceptor, an access user must carry the JWT token for service access, an access request forwards an access server service module through a micro service gateway, the JWT token is analyzed by using a decryption public key through a server to obtain client user information, the user information and the token information are stored in a client cookie or a localStorage, and the decryption public key is stored in a Redis database of the micro service server to complete data caching, so that the user access efficiency is improved, and the subsequent access of the user is facilitated. The function of the interceptor: and when the client access request does not carry the JWT token generated in the last step, the access of the request is prevented. If the access request carries JWT token information, the access request is firstly forwarded to a sub-service module of the server through a gateway entrance, and the purpose is as follows: verifying the validity of the carried token and analyzing the user information contained in the token, and the process comprises the following steps: and decrypting the JWT token by using the public key, and storing the user information and the JWT token in a client cookie or localstorage after decryption is successful for subsequent client user information display and service access.

Further, the micro service gateway forwards the request without carrying the user token information to the micro service user authentication center for user information registration, wherein the user information registration includes information such as a user name, a mobile phone number, a user password and the like when the user logs in.

Further, the server side obtains user information and an access request submitted by the user side, the micro service gateway forwards the request to the information authentication module, the module uses an encryption private key to complete encryption operation on the user information by adopting an asymmetric encryption algorithm according to a JSON WEB TOKEN protocol, and finally forwards a generated JWT TOKEN user information TOKEN to a specific server side service business module according to the request.

Further, the parsing process of the JWT token information by the information authentication module includes:

(1) carrying JWT token information generated during login when a user accesses each time;

(2) the server decrypts the token information by using the decryption public key, verifies the validity of the signature and the token information, acquires user information from the Payload and stores the decryption key in a server redis database;

(3) the server finishes processing according to the access request and returns a corresponding result;

the information authentication module completes the generation and verification work of the token by writing a JWT tool class.

Further, in the system, data storage is completed by using a relational database Mysql and a non-relational database Redis in a combined storage manner, and the data storage method specifically comprises the following steps: storing user basic information such as a user name, a user password, a user mobile phone number, a user head portrait and the like in the Mysql to finish data persistence storage; the decryption public key of the server-side micro-service module is stored in Redis in a key-value key value pair mode, the server-side specific name character string is stored in a key, and specific decryption public key information is stored in a value.

Further, the server side firstly completes information verification through the database after acquiring information filled by the client side, generates a unique JWT token containing user information through an information authentication module after verification by using an encryption private key, and realizes interactive communication between the client side and the server side specifically by using Axios (a premium-based lightweight http library). And then storing the user information and the token into a local cookie or a localstorage, forwarding the user information and the token to a corresponding micro-service business module of the server through a gateway to complete request processing, and finally returning a corresponding result of the processing.

Further, the process of generating the JWT token is:

(1) setting a corresponding encryption private key and token valid time in a JWT tool class;

(2) writing related logic codes, and packaging the verified information such as the user name, the user password, the user head portrait and the like according to a Json Web Token protocol and code logic combined encryption private key to generate a JWT Token containing user information;

the process of verifying the JWT token is:

(1) the JWT token information generated by the information authentication module is carried by the user at each access.

(2) And the server analyzes the carried JWT token information by using the decryption public key cached in the redis, and acquires the effective user information in the Payload load after verifying the validity of the token information.

(3) And the server processes the access request and returns a corresponding result.

The interactive communication between the client and the server is realized by using Axios (a premium-based lightweight http library) to execute http requests.

Another object of the present invention is to provide a client information authentication system of a micro service architecture implementing the client information authentication method of the micro service architecture, the client information authentication system of the micro service architecture comprising:

the client is used for being responsible for user login and effective information acquisition;

and the server is used for taking charge of functions of login user authentication, effective information encryption, demand service provision and the like.

The invention also aims to provide a method for authenticating the client information of the micro service architecture, which is applied in the separation of the client and the server.

By combining all the technical schemes, the invention has the advantages and positive effects that: the server side acquires effective information input by the client side to generate a JWT token, and information communication is completed by carrying out information transmission through http. The effective information of the user acquired by the server is input through the client, and mainly comprises effective information such as a login user name, a user password, a login mobile phone number, a user head portrait and the like. And after the user clicks login at the client, information comparison is carried out through an interface written by the server, whether the user information is correct or not is judged, if the information verification fails, the login home page is directly returned, otherwise, if the authentication succeeds, a JWT token containing the user information is generated. The server side encapsulates information data according to user information by taking a JSON WEB TOKEN protocol as a standard, the information authentication module generates specific TOKEN information by using an encryption private key and a logic code written by the server side, and effective time is set to verify the timeliness of the TOKEN. The access request of the service module of the access server carried by the JWT token at the client is firstly processed by load balancing and then is uniformly forwarded through the micro service gateway. The client side carries the generated JWT token to send out an access request, the access request is firstly forwarded by the micro service gateway, the effective time of the token is verified through the server side data verification module, the information verification is completed by using a decryption public key, the information verification is forwarded to the target service micro service module through the micro service gateway, and the target micro service module returns a final result to the client side after completing logic processing. Each JWT token generated from different user information has unique identification. And after the client generates the JWT token, when the service access is carried out on the server, the user information and the token are stored in the cookie or the localstorage of the client. In order to further improve the availability of the micro-service architecture system, the decryption public key of the server is stored in a non-relational database redis in a key-value key value pair form, so that information caching processing is completed, and the timeliness of data processing is improved.

The invention can be used for the client information authentication scheme of the micro-service architecture system with the separation of the client and the server, can ensure the information authentication and communication among all sub-micro-service modules among the systems, and improves the communication efficiency and reliability.

Drawings

Fig. 1 is a flowchart of a method for authenticating client information of a microservice architecture according to an embodiment of the present invention.

Fig. 2 is a schematic structural diagram of a client information authentication system of a microservice architecture according to an embodiment of the present invention;

in fig. 2: 1. a client; 2. and a server side.

Fig. 3 is a schematic diagram of a client information authentication system of a microservice architecture according to an embodiment of the present invention.

Fig. 4 is a flowchart of an implementation of a method for authenticating client information of a micro service architecture according to an embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.

Aiming at the problems in the prior art, the invention discloses a client information authentication method and a client information authentication system of a micro service architecture, and the invention is described in detail below with reference to the accompanying drawings.

As shown in fig. 1, the method for authenticating client information of a micro service architecture disclosed by the present invention includes the following steps:

s101: and the user sends an access request through the client and forwards the request to the server-side micro service gateway through the Nginx load balancer.

S102: the micro service gateway forwards the request to a micro service user authentication center for user information registration, mainly comprising information such as a user name, a mobile phone number, a user password and the like which are necessary during login, and stores the information in a relational database of the server.

S103: when a user logs in, user information filled in a client side is compared with data stored in a server side relational database in advance for verification, after the verification information is correct, the user information is packaged into a JWT TOKEN through a microservice authentication module by using an encryption key according to the JSON WEB TOKEN standard, and the expression style is in a JSON form.

S104: the client sets an interceptor, an access user must carry a token to perform service access, an access request accesses a service module of the server through a micro service gateway, a decryption public key is used for analyzing a JWT token to acquire user information of the client, the user information and the token information are stored in a cookie of the client, and the decryption public key is cached in a redis database of the server, so that the subsequent access of the user is facilitated.

In a specific embodiment of the present invention: the client side is constructed and realized through an Vue progressive JavaScript framework (a high-performance and light-weight single-page service rendering framework), the client side accesses the first batch of concurrent requests to finish load balancing processing by using Nginx (a light-weight and high-performance reverse proxy server), and the server side specifically constructs a micro-service body framework through a Spring Cloud framework and finishes specific tool and service module development work by using Spring Boot.

In an embodiment of the invention: the method comprises the steps that a user fills relevant user information at a client side and sends an access request, a server side obtains the user information and the access request and then forwards the request to a micro service gateway through Nginx load balance, the micro service gateway serves as a unique entrance of the server side and forwards the request to an information authentication module, the module completes encapsulation on the collected user information through a JSON WEB TOKEN standard protocol, encrypts the information through an encryption private key through an asymmetric encryption algorithm to finally generate a JWT TOKEN user TOKEN, and then the JWT TOKEN user TOKEN is forwarded to a specific server side micro service module according to the request.

In an embodiment of the invention: the user information acquired by the server mainly comprises information such as a user login name, a user password, a user mobile phone number, a user head portrait and the like.

In an embodiment of the invention: the process of analyzing the JWT token information by the information authentication module mainly comprises the following steps:

(1) the JWT token information generated at login is carried by the user at each access.

(2) And after the service end checks the validity period of the token information, analyzing the carried JWT token information by using a decryption public key cached in the redis, and acquiring the valid user information in the Payload load.

(3) The server side processes the request and returns a corresponding result.

In an embodiment of the invention: the system information storage uses the relational database Mysql and the non-relational database Redis to combine and store to complete data storage, and improves the effectiveness and response time of the system, and specifically comprises the following steps: the Mysql stores basic information of the user, such as a user name, a user password, a user mobile phone number, a user head portrait and the like. The public key used for decrypting JWT token information is stored in Redis in the form of a key-value key value pair, the key stores a specific name character string of the decryption public key, and the value stores specific decryption public key information of a server.

In an embodiment of the invention: the server side firstly completes information verification through the database after acquiring information filled by the client side, a unique JWT token containing user information is generated through an information authentication module after verification by using an encryption private key, and http communication between the client side and the server side is realized by using Axios (a premium-based lightweight http library) to execute a request. And storing the token into a local cookie according to the request sent by the client, forwarding the token to a corresponding micro-service module of the server through the gateway to complete request processing, and returning a final processing result.

In an embodiment of the invention: the information authentication center module completes the generation and verification of the token mainly by writing JWT tool classes.

In an embodiment of the invention: the process of generating the JWT token is:

(1) and setting a corresponding encryption private key and token valid time in the JWT tool class.

(2) And writing related logic codes, and packaging the input information such as the user name, the user password, the user head portrait and the like according to a Json Web Token protocol and code logic combined encryption private key to generate a JWT Token containing user information.

In an embodiment of the invention: the process of verifying the JWT token is:

(1) the JWT token information generated at login is carried by the user at each access.

(2) And after the service end checks the validity period of the token information, analyzing the carried JWT token information by using a decryption public key cached in the redis, and acquiring the valid user information in the Payload load.

(3) The server side processes the request and returns a corresponding result.

In an embodiment of the invention: information transmission between the client and the server realizes interactive communication between the server and the client by using Axios (premium-based lightweight http library) to execute requests.

The user of the client information authentication method of the micro service architecture sends an access request through a client entrance, the request is firstly forwarded to a server micro service gateway cluster through nginx load balance and then is secondarily forwarded to a corresponding rear-end module by a gateway for registration, the server automatically acquires user information and stores the user information into a database, the user checks the client input information and the information stored in the server database during login, and the information is encapsulated into a JWT TOKEN for subsequent access by using an encryption private key according to the JSON WEB TOKEN standard after no error. The client side is provided with an interceptor, when a user accesses, the client side calls a server side method to obtain JWT token information and stores the JWT token information and the user information in a client side cookie or a localstorage, the client side and the server side communicate by using Axios (a premium-based lightweight http library) execution request, the subsequent access of the client side carries the JWT token information, and if the access request does not carry a token, the access interception is directly carried out; the server side conducts time efficiency verification on the token according to preset effective time, after the time efficiency verification is passed, a public decryption key cached in the redis is obtained, the token is analyzed, effective data accessed by the client side are obtained, the analyzed effective data are recorded in a client side cookie or a localstorage, relevant logic processing is conducted according to an access destination request, and a final result is returned.

A person skilled in the art can also use other steps to implement the method for authenticating client information in the micro service architecture provided by the present invention, and the method for authenticating client information in the micro service architecture provided by the present invention shown in fig. 1 is only a specific embodiment.

As shown in fig. 2, the client information authentication system of the microservice architecture provided by the present invention includes:

and the client 1 is used for being responsible for user login and effective information acquisition.

And the server 2 is used for taking charge of functions of login user authentication, effective information encryption, demand service provision and the like.

The technical solution of the present invention is further described below with reference to the accompanying drawings.

Json Web Token (JWT), is an open standard based on JSON. The token is compact and safe, and is particularly suitable for a micro-service architecture client information authentication and single sign-on (SSO) scene with a client and a server separated.

As shown in fig. 3 and 4, the present invention mainly applies to the field of Web user information authentication of micro service architecture separated from client and server; the method specifically comprises the following steps:

the client module is responsible for user login and access authentication interception, and the client module can use vue progressive framework to construct a corresponding interactive information page of the client.

The server is responsible for logging in functions of user authentication, effective information encryption, demand service provision and the like, and particularly, a system server main body framework can be constructed through a Spring Cloud framework set, and related server development is completed by using a Spring Boot framework as a business model base.

The token information transmission between the client and the server uses Axios (a premium-based lightweight http library) to realize the interactive communication between the client and the server.

The specific implementation process of the invention is as follows:

firstly, a user sends a target access request through a client, and the target access request is transmitted to a micro service gateway of a server cluster through Nginx load balance allocation to complete flow allocation processing and reduce concurrency pressure of the server.

Secondly, the user access information is forwarded to the micro service gateway module through nginx, and the server side authentication module calls corresponding database information to check and verify the user information.

Thirdly, after the user information is successfully verified, the server side firstly obtains the user information and then uses an encryption private key to package the user information according to JSON Web Token standard to generate a JWT Token information Token, and the user subsequently carries Token information to continue relevant access.

Fourthly, after the server target micro-service module acquires the access request transmitted by the unified entry gateway, the token information is analyzed by using the decryption public key to acquire the user information, then the user identity information is arranged in the client cookie or the localstorage, the server decryption public key is cached in a redis database to facilitate subsequent access and use of the client, and finally, the result is returned to the client after relevant logic processing is carried out according to the access purpose.

And the client side is provided with an access interceptor, and when the user information transmitted by the client side fails to be verified, the interceptor intercepts the subsequent access request of the user according to the configuration information and returns a home page of the client side, so that the safety and the usability of the system are improved.

The above description is only for the purpose of illustrating the present invention and the appended claims are not to be construed as limiting the scope of the invention, which is intended to cover all modifications, equivalents and improvements that are within the spirit and scope of the invention as defined by the appended claims.