CN1332322C - Interface integration method of two-layer and three-layer mixed mode - Google Patents
Interface integration method of two-layer and three-layer mixed mode Download PDFInfo
- Publication number
- CN1332322C CN1332322C CNB031433464A CN03143346A CN1332322C CN 1332322 C CN1332322 C CN 1332322C CN B031433464 A CNB031433464 A CN B031433464A CN 03143346 A CN03143346 A CN 03143346A CN 1332322 C CN1332322 C CN 1332322C
- Authority
- CN
- China
- Prior art keywords
- layer
- user
- client
- account
- database
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Abstract
The present invention relates to a user interface integration method of a two-layer and three-layer mixed system. Under the condition of ensuring the safety, a two-layer application client end directly invokes a three-layer application web page. Invoking parameters do not contain sensitive information, such as user passwords, etc. An application server verifies the validity of a user by the conversation of a verification client end in a data base. The system uses a two-layer application data base account and a three-layer application coincidence relation between the role and the authority to realize the unified management of the identity and the authority of the user in the mixed system.
Description
Technical field
The present invention relates to integrated field, computer software industry user interface, under the prerequisite that guarantees security, provide two-layer and three layers of technical method that the mixed mode user interface is integrated, and made user account obtain unified management.
Background technology
Because the characteristics difference of historical reasons and technology itself, often there is the application system of two-layer (C/S) and three layers (B/S) in a lot of enterprises, and this two classes application system often adopts independently control of authority, need open application program separately, login is difficult to directly transmit information between the two respectively.
Some present single-sign-on technology have provided a such framework basically, and by this framework, system can help the user in the login automatically respectively of a plurality of systems, but still lacks organic connections between several system.
Summary of the invention
For solving the interface integration problem under two-layer and the shellring border, the invention provides a kind of technology that a kind of client from two layer system jumps to the Web webpage of three-tier system, the core of this technology is unified identity authentication and the rights management that has solved two-layer and three layers of mixed system.
The technical solution adopted in the present invention is as follows:
1, the licensing scheme of database account in three-tier system of two layer system.
In two layer system, there is the user account of quite a few application system directly to adopt the number of the account of database; And in three-tier system, database account generally only is used for the login of application server to database server, and number of the account quantity is generally one or several, and quantity is far smaller than the user account of application system.General three-tier system has the rights management mechanism of oneself, and these rights management mechanism all are to control to the such process of visit authority at last to user's group (post or role) by user account substantially.
In order to accomplish the integrated of in mixed system user interface, the integrated of account management and empowerment management certainly will will be accomplished on internal mechanism.This programme is to adopt the corresponding relation realization account of following link and the unified management of authority:
The user account of two-layer environment (database account)---user's group (post or role) in the shellring border---access rights in shellring border
Perhaps:
The user account of two-layer environment (database the account)---post of two-layer environment (role)---user's group (post or role) in shellring border---access rights in shellring border
2, the ID authentication mechanism during two layer system client call three-tier system Web webpage.
During two layer system client call three-tier system Web webpage, need carry out the authentication of client identity, and classic method can utilize Post or Get method to transmit correlation parameter by browser at the Web server end.But this can bring two problems:
(1) user account and password are meaned that by the parameter transmission two-layer client must preserve the user when logining first
Password, when invoking web page, transmit this password to server as parameter.
(2) the parameter transmittance process causes divulging a secret of sensitive information easily, and the password of Get method transmission will show in URL,
And the parameter of Post method transmission is also intercepted by intercepting of network easily.
The method that the present invention adopts is, avoids transmitting sensitive information between the client and server end, comes the login situation of checking client on database server by application server.Its step is as follows:
(1) client is transmitted the webpage of three layers of application system of required visit by browser to Web server, transmits
Parameter in comprise the parameter relevant with the current database session, as the database account name of this login.
(2) after Web server is received the request of access of client, according to the parameter of being transmitted (as the database account name),
The address of client (IP address or computer name), inquiry and current database session in database
Relevant table or view, thus the legitimacy of this database session verified.
(3) if above-mentioned checking pass through, then in Session object (referring to the session between client and the Web server) phase
Insert the relevant information of user identity in the dependent variable.
(4), just can provide user requests webpage according to this user account number and the 1st described licensing scheme
Access rights control.
By this method, can avoid the unauthorized access of the URL of unauthorized user by appointment to the related Web page.At some Web webpages that two-tier client called, call on other client computer or on the same client computer but two-tier client do not login during the visit all be invalid.Because parameter does not comprise sensitive informations such as user password when transmitting, therefore, also be invalid to the network intercepting of Post method.
For the further security of raising system, can increase the parameter item that is transmitted when two-tier client calls the Web webpage, as the creation-time of database session, session ID number etc.; Relevant parameter can also be transmitted with encrypting the back someway.
The invention has the beneficial effects as follows, guaranteeing under the prerequisite of security,, and make the user account of hybird environment obtain unified management client organic integration on user interface of client and three layers of application system of two-layer application system.This integrated, make a plurality of infosystems of enterprise on user interface, become a system, improved the convenience of operation greatly.
Claims (1)
1. the client secure from two layer system jumps to the method for the Web webpage of three-tier system, it is characterized in that: when the client of two layer system is quoted the Web webpage of three-tier system, with the correlation parameter of going up session between this client and the database, but do not comprise password, to these sensitive informations of ciphertext after the password encryption; User identity is verified in database according to the address and the above-mentioned parameter of client by Web server.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB031433464A CN1332322C (en) | 2003-09-26 | 2003-09-26 | Interface integration method of two-layer and three-layer mixed mode |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB031433464A CN1332322C (en) | 2003-09-26 | 2003-09-26 | Interface integration method of two-layer and three-layer mixed mode |
Publications (2)
Publication Number | Publication Date |
---|---|
CN1601491A CN1601491A (en) | 2005-03-30 |
CN1332322C true CN1332322C (en) | 2007-08-15 |
Family
ID=34659385
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNB031433464A Expired - Fee Related CN1332322C (en) | 2003-09-26 | 2003-09-26 | Interface integration method of two-layer and three-layer mixed mode |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN1332322C (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1138177A (en) * | 1995-06-07 | 1996-12-18 | 国际商业机器公司 | Computer network for www server data access over internet |
US6094655A (en) * | 1995-06-07 | 2000-07-25 | International Business Machines Corporation | Method of creating and using notes decision capsules |
US6289371B1 (en) * | 1998-09-30 | 2001-09-11 | Hewlett-Packard Company | Network scan server support method using a web browser |
-
2003
- 2003-09-26 CN CNB031433464A patent/CN1332322C/en not_active Expired - Fee Related
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1138177A (en) * | 1995-06-07 | 1996-12-18 | 国际商业机器公司 | Computer network for www server data access over internet |
US6094655A (en) * | 1995-06-07 | 2000-07-25 | International Business Machines Corporation | Method of creating and using notes decision capsules |
US6289371B1 (en) * | 1998-09-30 | 2001-09-11 | Hewlett-Packard Company | Network scan server support method using a web browser |
Non-Patent Citations (1)
Title |
---|
基于C/S和B/S混合模式的电能管理信息系统 李一宁,汪泉弟,何为,重庆大学学报,第26卷第6期 2003 * |
Also Published As
Publication number | Publication date |
---|---|
CN1601491A (en) | 2005-03-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102638454B (en) | Plug-in type SSO (single signon) integration method oriented to HTTP (hypertext transfer protocol) identity authentication protocol | |
CN101207485B (en) | System and method of unification identification safety authentication for users | |
CN106341429B (en) | A kind of authentication method for protecting server data safety | |
US7082532B1 (en) | Method and system for providing distributed web server authentication | |
CN101399671B (en) | Cross-domain authentication method and system thereof | |
US7334254B1 (en) | Business-to-business security integration | |
US8578465B2 (en) | Token-based control of permitted sub-sessions for online collaborative computing sessions | |
CN100574193C (en) | Method, system and third party website, service server that the switching third party lands | |
US6823452B1 (en) | Providing end-to-end user authentication for host access using digital certificates | |
US9172541B2 (en) | System and method for pool-based identity generation and use for service access | |
CN101453458B (en) | Personal identification process for dynamic cipher password bidirectional authentication based on multiple variables | |
US20090094383A1 (en) | User Enrollment in an E-Community | |
CN107122674B (en) | Access method of oracle database applied to operation and maintenance auditing system | |
JP2005516533A (en) | Single sign-on on the Internet using public key cryptography | |
JP2000347994A (en) | Single sign-on used for network system including plural individually controlled limited access resources | |
US20080271121A1 (en) | External user lifecycle management for federated environments | |
JP2003527672A (en) | Method and apparatus for providing secure authentication of a portable device via an internet host server | |
JP2005538434A (en) | Method and system for user-based authentication in a federated environment | |
WO2007125180A1 (en) | Authentication | |
CA2514004A1 (en) | System and method for controlling network access | |
WO2005036304A2 (en) | Mobility device server | |
US10601809B2 (en) | System and method for providing a certificate by way of a browser extension | |
EP1749389A1 (en) | Method and system for authentication in a computer network | |
WO2005114946A1 (en) | An apparatus, computer-readable memory and method for authenticating and authorizing a service request sent from a service client to a service provider | |
CN102209046A (en) | Network resource integration system and method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
C19 | Lapse of patent right due to non-payment of the annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |